summaryrefslogtreecommitdiffstats
path: root/lass/1systems
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2017-01-25 23:23:29 +0100
committermakefu <github@syntax-fehler.de>2017-01-25 23:23:29 +0100
commitbf405736962fd20df738f84665e5fc7f8d74e72d (patch)
treeae01054fe88089d6476b3c1b1952066fd6c79092 /lass/1systems
parent7e1bd2729e11e5c63749c69093359de0bb3329b2 (diff)
parent89c5b22129d3cb875d16a3171a4e3ab3bee9cb0a (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/1systems')
-rw-r--r--lass/1systems/icarus.nix30
-rw-r--r--lass/1systems/mors.nix7
-rw-r--r--lass/1systems/prism.nix156
-rw-r--r--lass/1systems/shodan.nix8
4 files changed, 157 insertions, 44 deletions
diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus.nix
index 3998fc177..b869a67a7 100644
--- a/lass/1systems/icarus.nix
+++ b/lass/1systems/icarus.nix
@@ -14,15 +14,6 @@ with import <stockholm/lib>;
../2configs/fetchWallpaper.nix
../2configs/backups.nix
../2configs/games.nix
- #{
- # users.extraUsers = {
- # root = {
- # openssh.authorizedKeys.keys = map readFile [
- # ../../krebs/Zpubkeys/uriel.ssh.pub
- # ];
- # };
- # };
- #}
];
krebs.build.host = config.krebs.hosts.icarus;
@@ -31,20 +22,27 @@ with import <stockholm/lib>;
loader.grub.enable = true;
loader.grub.version = 2;
loader.grub.device = "/dev/sda";
+ loader.grub.enableCryptodisk = true;
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- #kernelModules = [ "kvm-intel" "msr" ];
};
fileSystems = {
"/" = {
- device = "/dev/pool/nix";
+ device = "/dev/mapper/pool-root";
fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
-
- "/boot" = {
- device = "/dev/sda1";
+ "/bku" = {
+ device = "/dev/mapper/pool-bku";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/home" = {
+ device = "/dev/mapper/pool-home";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/tmp" = {
device = "tmpfs";
@@ -54,7 +52,7 @@ with import <stockholm/lib>;
};
services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+ SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
}
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 012bd359f..dde867eb3 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -256,11 +256,6 @@ with import <stockholm/lib>;
fsType = "ext4";
};
- "/bku" = {
- device = "/dev/big/backups";
- fsType = "ext4";
- };
-
"/home/games/.local/share/Steam" = {
device = "/dev/big/steam";
fsType = "ext4";
@@ -289,7 +284,7 @@ with import <stockholm/lib>;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
#TODO activationScripts seem broken, fix them!
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 854c98f46..d8980a10c 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -12,6 +12,22 @@ let
in {
imports = [
../.
+ {
+ networking.interfaces.et0.ip4 = [
+ {
+ address = ip;
+ prefixLength = 24;
+ }
+ ];
+ networking.defaultGateway = "213.239.205.225";
+ networking.nameservers = [
+ "8.8.8.8"
+ ];
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
+ '';
+
+ }
../2configs/retiolum.nix
../2configs/exim-smarthost.nix
../2configs/downloading.nix
@@ -49,22 +65,6 @@ in {
};
}
{
- networking.interfaces.et0.ip4 = [
- {
- address = ip;
- prefixLength = 24;
- }
- ];
- networking.defaultGateway = "213.239.205.225";
- networking.nameservers = [
- "8.8.8.8"
- ];
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
- '';
-
- }
- {
boot.loader.grub = {
devices = [
"/dev/sda"
@@ -226,6 +226,130 @@ in {
enable = true;
};
}
+ {
+ users.users.nin = {
+ uid = genid "nin";
+ inherit (config.krebs.users.nin) home;
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.nin.pubkey
+ ];
+ extraGroups = [
+ "libvirtd"
+ ];
+ };
+ krebs.git.rules = [
+ {
+ user = [ config.krebs.users.nin ];
+ repo = [ config.krebs.git.repos.stockholm ];
+ perm = with git; push "refs/heads/nin" [ fast-forward non-fast-forward create delete merge ];
+ }
+ ];
+ krebs.repo-sync.repos.stockholm.nin = {
+ origin.url = "http://cgit.prism/stockholm";
+ origin.ref = "heads/nin";
+ mirror.url = "git@${config.networking.hostName}:stockholm";
+ };
+ krebs.iptables.tables.nat.PREROUTING.rules = [
+ { v6 = false; precedence = 1000; predicate = "-d 213.239.205.240 -p tcp --dport 1337"; target = "DNAT --to-destination 192.168.122.24:22"; }
+ ];
+ krebs.iptables.tables.filter.FORWARD.rules = [
+ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
+ ];
+ }
+ {
+ krebs.Reaktor.coders = {
+ nickname = "reaktor-lass";
+ channels = [ "#coders" ];
+ extraEnviron = {
+ REAKTOR_HOST = "irc.hackint.org";
+ };
+ plugins = with pkgs.ReaktorPlugins; let
+ lambdabotflags = ''
+ -XStandaloneDeriving -XGADTs -XFlexibleContexts \
+ -XFlexibleInstances -XMultiParamTypeClasses \
+ -XOverloadedStrings -XFunctionalDependencies \'';
+ in [
+ sed-plugin
+ url-title
+ (buildSimpleReaktorPlugin "lambdabot-pl" {
+ pattern = "^@pl (?P<args>.*)$$";
+ script = pkgs.writeDash "lambda-pl" ''
+ exec ${pkgs.lambdabot}/bin/lambdabot \
+ ${indent lambdabotflags}
+ -e "@pl $1"
+ '';
+ })
+ (buildSimpleReaktorPlugin "lambdabot-type" {
+ pattern = "^@type (?P<args>.*)$$";
+ script = pkgs.writeDash "lambda-type" ''
+ exec ${pkgs.lambdabot}/bin/lambdabot \
+ ${indent lambdabotflags}
+ -e "@type $1"
+ '';
+ })
+ (buildSimpleReaktorPlugin "lambdabot-let" {
+ pattern = "^@let (?P<args>.*)$$";
+ script = pkgs.writeDash "lambda-let" ''
+ exec ${pkgs.lambdabot}/bin/lambdabot \
+ ${indent lambdabotflags}
+ -e "@let $1"
+ '';
+ })
+ (buildSimpleReaktorPlugin "lambdabot-run" {
+ pattern = "^@run (?P<args>.*)$$";
+ script = pkgs.writeDash "lambda-run" ''
+ exec ${pkgs.lambdabot}/bin/lambdabot \
+ ${indent lambdabotflags}
+ -e "@run $1"
+ '';
+ })
+ (buildSimpleReaktorPlugin "lambdabot-kind" {
+ pattern = "^@kind (?P<args>.*)$$";
+ script = pkgs.writeDash "lambda-kind" ''
+ exec ${pkgs.lambdabot}/bin/lambdabot \
+ ${indent lambdabotflags}
+ -e "@kind $1"
+ '';
+ })
+ (buildSimpleReaktorPlugin "lambdabot-kind" {
+ pattern = "^@kind (?P<args>.*)$$";
+ script = pkgs.writeDash "lambda-kind" ''
+ exec ${pkgs.lambdabot}/bin/lambdabot \
+ ${indent lambdabotflags}
+ -e "@kind $1"
+ '';
+ })
+ (buildSimpleReaktorPlugin "random-unicorn-porn" {
+ pattern = "^!rup$$";
+ script = pkgs.writePython2 "rup" ''
+ #!${pkgs.python2}/bin/python
+ t1 = """
+ _.
+ ;=',_ ()
+ 8===D~~ S" .--`||
+ sS \__ ||
+ __.' ( \-->||
+ _=/ _./-\/ ||
+ 8===D~~ ((\( /-' -'l ||
+ ) |/ \\ (_))
+ \\ \\
+ '~ '~
+ """
+ print(t1)
+ '';
+ })
+ (buildSimpleReaktorPlugin "ping" {
+ pattern = "^!ping (?P<args>.*)$$";
+ script = pkgs.writeDash "ping" ''
+ exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1
+ '';
+ })
+ ];
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 095898380..232e91d90 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -59,17 +59,13 @@ with import <stockholm/lib>;
fileSystems = {
"/" = {
device = "/dev/pool/nix";
- fsType = "ext4";
+ fsType = "btrfs";
};
"/boot" = {
device = "/dev/sda1";
};
- "/home/lass" = {
- device = "/dev/pool/home-lass";
- fsType = "ext4";
- };
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
@@ -77,7 +73,7 @@ with import <stockholm/lib>;
};
"/bku" = {
device = "/dev/pool/bku";
- fsType = "ext4";
+ fsType = "btrfs";
};
};