summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/2configs/exim-smarthost.nix3
-rw-r--r--krebs/3modules/bepasty-server.nix8
-rw-r--r--krebs/3modules/ci.nix1
-rw-r--r--krebs/3modules/iana-etc.nix40
-rw-r--r--krebs/3modules/lass/default.nix38
-rw-r--r--krebs/3modules/realwallpaper.nix2
-rwxr-xr-xkrebs/update-nixpkgs-unstable.sh2
-rw-r--r--lass/1systems/blue/source.nix3
-rw-r--r--lass/1systems/hilum/config.nix1
-rw-r--r--lass/1systems/icarus/config.nix13
-rw-r--r--lass/1systems/prism/config.nix24
-rw-r--r--lass/1systems/shodan/config.nix79
-rw-r--r--lass/1systems/shodan/physical.nix1
-rw-r--r--lass/2configs/br.nix2
-rw-r--r--lass/2configs/gg23.nix134
m---------submodules/krops0
-rw-r--r--tv/1systems/nomic/config.nix1
-rw-r--r--tv/2configs/im.nix24
-rw-r--r--tv/3modules/default.nix1
-rw-r--r--tv/3modules/im.nix110
20 files changed, 306 insertions, 181 deletions
diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix
index 698e20da1..224a38ac3 100644
--- a/krebs/2configs/exim-smarthost.nix
+++ b/krebs/2configs/exim-smarthost.nix
@@ -15,13 +15,12 @@ in {
makefu
tv
];
- eloop-ml = spam-ml ++ [ ciko ];
+ eloop-ml = spam-ml;
spam-ml = [
lass
makefu
tv
];
- ciko.mail = "ciko@slash16.net";
in {
"anmeldung@eloop.org" = eloop-ml;
"brain@krebsco.de" = brain-ml;
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index 4892a8723..ffa9a29e9 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -2,10 +2,10 @@
with import <stockholm/lib>;
let
- gunicorn = pkgs.python27Packages.gunicorn;
- bepasty = pkgs.bepasty.override { python3Packages = pkgs.python27Packages; };
- gevent = pkgs.python27Packages.gevent;
- python = pkgs.python27Packages.python;
+ gunicorn = pkgs.python3Packages.gunicorn;
+ bepasty = pkgs.bepasty;
+ gevent = pkgs.python3Packages.gevent;
+ python = pkgs.python3Packages.python;
cfg = config.krebs.bepasty;
out = {
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index cbf24effe..7695667fd 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -135,6 +135,7 @@ let
f_${name} = util.BuildFactory()
f_${name}.addStep(steps.Git(
repourl=util.Property('repository', '${head repo.urls}'),
+ method='clobber',
mode='full',
submodules=True,
))
diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix
index f6d47f27e..e8037128d 100644
--- a/krebs/3modules/iana-etc.nix
+++ b/krebs/3modules/iana-etc.nix
@@ -23,32 +23,20 @@ with import <stockholm/lib>;
};
config.environment.etc = mkIf (config.krebs.iana-etc.services != {}) {
- services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} ''
- exec < ${pkgs.iana_etc}/etc/services
- exec > $out
- awk -F '[ /]+' '
- BEGIN {
- port=0
- }
- ${concatMapStringsSep "\n" (entry: ''
- $2 == ${entry.port} {
- port=$2
- next
- }
- port == ${entry.port} {
- ${concatMapStringsSep "\n"
- (proto: let
- s = "${entry.${proto}.name} ${entry.port}/${proto}";
- in
- "print ${toJSON s}")
- (filter (proto: entry.${proto} != null) ["tcp" "udp"])}
- port=0
- }
- '') (attrValues config.krebs.iana-etc.services)}
- {
- print $0
- }
- '
+ services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} /* sh */ ''
+ {
+ ${concatMapStringsSep "\n" (entry: /* sh */ ''
+ ${concatMapStringsSep "\n"
+ (proto: let
+ line = "${entry.${proto}.name} ${entry.port}/${proto}";
+ in /* sh */ ''
+ echo ${shell.escape line}
+ '')
+ (filter (proto: entry.${proto} != null) ["tcp" "udp"])}
+ '') (attrValues config.krebs.iana-etc.services)}
+ cat ${pkgs.iana_etc}/etc/services
+ } |
+ sort -b -k 2,2 -u > $out
'');
};
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 30c7b085f..00847071a 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -111,44 +111,6 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU";
};
- archprism = {
- cores = 1;
- nets = rec {
- internet = {
- ip4.addr = "46.4.114.247";
- aliases = [
- "archprism.i"
- ];
- ssh.port = 45621;
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.0.123";
- aliases = [
- "archprism.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6dK0jsPSb7kWMGjfyWbG
- wQYYt8vi5pY/1/Ohk0iy84+mfb1SCJdm5IOC4WXgHtmfd468OluUpU5etAu13D3n
- f0iDeCuohH0uTjP+EojnKrAXYTiTRpySqXjVmhaWwFyMAACFdzKFb9cgMoByrP0U
- 5qruBcupK8Zwxt+Pe8IadRpPuOmz/bMYS7r+NKwybttoIX+YVm4myNzqdtMT77+H
- BYR2mzW99T5YI54YZoCe0+XiIEQsosd6IL/9dP0+6vku6nHLD4qb81Q9AgaT+hte
- s/ivHL+Fe2GULEQUi8aoEfXrPwnGFVY+QYxLw2G9A0Gfe9KnYBXDn99HXUGcFu2l
- x7duN6mnT3WNC6VReh9m5+rPMnih/3l82W0tH1lBWUtdKcxx6yhkyUFgKOvkm4UP
- gf1+EIpxf+bM7jlWylKGc+bD+dTMFV+tzHE6qHlcnzdZQrhYd0zjOXGnm4Kl1ec5
- GSlpmqTcjgR+42l6frAENo3fndqYw1WkDtswImDz3Wjuco7BiOULHTJvQN+Ao1DI
- l2MQDOWJoN4eYIE4XPqLSvdOSavHQB2WGv+dFDDpWOxnDLNi19aubtynIfpGJXxV
- L8s9kUTG00Hdv08BG06hGt0+2Sy1PTVniDcTftHKmEOPS6Y5rJzQih7JdakSUQCc
- 6j/HwgWTf85Io/tbVMTNtkECAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
- };
-
uriel = {
monitoring = false;
cores = 1;
diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix
index a0c00c20d..c09bb008d 100644
--- a/krebs/3modules/realwallpaper.nix
+++ b/krebs/3modules/realwallpaper.nix
@@ -29,7 +29,7 @@ let
cloudmap = mkOption {
type = types.str;
- default = "http://xplanetclouds.com/free/local/clouds_2048.jpg";
+ default = "http://home.megapass.co.kr/~holywatr/cloud_data/clouds_2048.jpg";
};
marker = mkOption {
diff --git a/krebs/update-nixpkgs-unstable.sh b/krebs/update-nixpkgs-unstable.sh
index 068da5f6f..592023f20 100755
--- a/krebs/update-nixpkgs-unstable.sh
+++ b/krebs/update-nixpkgs-unstable.sh
@@ -6,4 +6,4 @@ nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--rev refs/heads/nixos-unstable' \
> $dir/nixpkgs-unstable.json
newrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
-git commit $dir/nixpkgs.json -m "nixpkgs-unstable: $oldrev -> $newrev"
+git commit $dir/nixpkgs-unstable.json -m "nixpkgs-unstable: $oldrev -> $newrev"
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
index 1a98fc058..2b4158211 100644
--- a/lass/1systems/blue/source.nix
+++ b/lass/1systems/blue/source.nix
@@ -11,4 +11,7 @@
useChecksum = true;
};
});
+ nixpkgs-unstable = lib.mkForce {
+ file.path = "/var/empty";
+ };
}
diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix
index f57d275d8..d4a389a4a 100644
--- a/lass/1systems/hilum/config.nix
+++ b/lass/1systems/hilum/config.nix
@@ -10,6 +10,7 @@
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/mail.nix>
<stockholm/lass/2configs/syncthing.nix>
+ <stockholm/lass/2configs/nfs-dl.nix>
];
krebs.build.host = config.krebs.hosts.hilum;
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index 86727700f..46f0892a2 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -1,5 +1,6 @@
{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
@@ -21,6 +22,18 @@
<stockholm/lass/2configs/ssh-cryptsetup.nix>
];
+ #media center
+ users.users.media = {
+ isNormalUser = true;
+ uid = genid_uint31 "media";
+ extraGroups = [ "video" "audio" ];
+ };
+
+ services.xserver.displayManager.lightdm.autoLogin = {
+ enable = true;
+ user = "media";
+ };
+
krebs.build.host = config.krebs.hosts.icarus;
programs.adb.enable = true;
}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index f4c011dcf..cde65ea6c 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -110,14 +110,13 @@ with import <stockholm/lib>;
systemd.services."container@hotdog".reloadIfChanged = mkForce false;
containers.hotdog = {
config = { ... }: {
- imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
- autoStart = true;
+ autoStart = false;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.1";
@@ -265,14 +264,10 @@ with import <stockholm/lib>;
{
users.users.download.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbsRjUwOMnxAt/K6A2M/33PbwQCEYVfqfmkXBwkw/L+ZLCnVxfdxJ79ds1k6kyUVcxfHcvxGvUCcM0wr4T7aaP79fsfSf3lcOgySeAtkQjfQL+IdMk0FQVz612cTPg2uWhMFvHGkGSBvSbKNw72RnUaw9qlF8fBx22FozrlmnbY4APTXeqwiF0VeBMq8qr4H9NdIoIFIcq398jn/Na8gYLUfmuDw18AWCt+u7Eg0B/qIU0hi/gK40Lk9+g8Nn19SCad1YOgNDG7aNpEwgT7I7BNXC5oLD31QKKuXmBa/mCLqRLAGW2sJ2ZhBR4tPLMgNrxtn2jxzVVjY+v3bWQnPocB9H9PsdtdNrULLfeJ4y9a3p3kfOzOgYMrnPAjasrkiIyOBBNEFAn/bbvpH01glbF8tVMcPOSD+W89oxTBEgqk6w34QAfySDMW34dIUHeq82v+X0wN9SK6xbBRBsjSpAC4ZcNyzl1JLIMcdZ5mbQXakD3kzDFs5kfjxlkrp3S5gqiSmCp5w/osykjxSH6wnPPCcgzpCBNGRULKw5vbzDSnLAQ3nSYB9tIj4Hp62XymsxVnY+6MsVVy206BYAXrKJomK7sIeLL2wIMYNnAUdSBjqQ5IEE2m+5+YaK0NMNsk2munNrN96ZE3r5xe/BDqfaLMpPfosOTXBtT7tLMlV6zkQ== palo@workout"
+ config.krebs.users.palo.pubkey
];
}
{
- }
- {
lass.nichtparasoup.enable = true;
services.nginx = {
enable = true;
@@ -322,6 +317,7 @@ with import <stockholm/lib>;
services.murmur.registerName = "lassul.us";
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
+ { predicate = "-p udp --dport 64738"; target = "ACCEPT";}
];
}
@@ -342,6 +338,19 @@ with import <stockholm/lib>;
localAddress = "10.233.2.14";
};
+ services.nginx.virtualHosts."lassul.us".locations."^~ /flix/".extraConfig = ''
+ if ($scheme != "https") {
+ rewrite ^ https://$host$request_uri permanent;
+ }
+ auth_basic "Restricted Content";
+ auth_basic_user_file ${pkgs.writeText "flix-user-pass" ''
+ krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
+ ''};
+ proxy_pass http://10.233.2.14:80/;
+ proxy_set_header Accept-Encoding "";
+ sub_filter "https://lassul.us/" "https://lassul.us/flix/";
+ sub_filter_once off;
+ '';
services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = ''
if ($scheme != "https") {
rewrite ^ https://$host$request_uri permanent;
@@ -350,6 +359,7 @@ with import <stockholm/lib>;
auth_basic_user_file ${pkgs.writeText "transmission-user-pass" ''
krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
''};
+ proxy_pass_header X-Transmission-Session-Id;
proxy_pass http://10.233.2.14:9091;
'';
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index ad510283f..b3de15837 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -18,14 +18,11 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/green-host.nix>
<stockholm/lass/2configs/ssh-cryptsetup.nix>
<stockholm/lass/2configs/nfs-dl.nix>
+ <stockholm/lass/2configs/gg23.nix>
];
krebs.build.host = config.krebs.hosts.shodan;
- services.logind.extraConfig = ''
- HandleLidSwitch=ignore
- '';
-
#media center
users.users.media = {
isNormalUser = true;
@@ -38,77 +35,7 @@ with import <stockholm/lib>;
user = "media";
};
- #hass
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 1883"; target = "ACCEPT"; }
- # zerotierone
- { predicate = "-p udp --dport 9993"; target = "ACCEPT"; }
- ];
+ services.logind.lidSwitch = "ignore";
+ services.logind.lidSwitchDocked = "ignore";
- services.home-assistant = let
- tasmota_s20 = name: topic: {
- platform = "mqtt";
- inherit name;
- state_topic = "stat/${topic}/POWER";
- command_topic = "cmnd/${topic}/POWER";
- payload_on = "ON";
- payload_off = "OFF";
- };
- in {
- enable = true;
- package = pkgs.home-assistant.override {
- python3 = pkgs.python36;
- #extraComponents = [
- # (pkgs.fetchgit {
- # url = "https://github.com/marcschumacher/dwd_pollen";
- # rev = "0.1";
- # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p";
- # })
- #];
- };
- config = {
- homeassistant = {
- name = "Home"; time_zone = "Europe/Berlin";
- latitude = "48.7687";
- longitude = "9.2478";
- elevation = 247;
- };
- sun.elevation = 66;
- discovery = {};
- frontend = { };
- mqtt = {
- broker = "localhost";
- port = 1883;
- client_id = "home-assistant";
- username = "gg23";
- password = "gg23-mqtt";
- keepalive = 60;
- protocol = 3.1;
- };
- sensor = [
- ];
- switch = [
- (tasmota_s20 "Drucker Strom" "drucker")
- (tasmota_s20 "Bett Licht" "bett")
- ];
- device_tracker = [
- {
- platform = "luci";
- }
- ];
- };
- };
-
- services.mosquitto = {
- enable = true;
- host = "0.0.0.0";
- allowAnonymous = false;
- checkPasswords = true;
- users.gg23 = {
- password = "gg23-mqtt";
- acl = [ "topic readwrite #" ];
- };
- };
- environment.systemPackages = [ pkgs.mosquitto ];
}
diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix
index 7cfeba932..39a4d9661 100644
--- a/lass/1systems/shodan/physical.nix
+++ b/lass/1systems/shodan/physical.nix
@@ -46,5 +46,6 @@
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+ SUBSYSTEM=="net", ATTR{address}=="00:e0:4c:69:ea:71", NAME="int0"
'';
}
diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix
index e4ccffe23..6e0a2385c 100644
--- a/lass/2configs/br.nix
+++ b/lass/2configs/br.nix
@@ -19,7 +19,7 @@ with import <stockholm/lib>;
netDevices = {
bra = {
model = "MFCL2700DN";
- ip = "10.42.23.221";
+ ip = "10.42.0.4";
};
};
};
diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix
new file mode 100644
index 000000000..2ec7b94d3
--- /dev/null
+++ b/lass/2configs/gg23.nix
@@ -0,0 +1,134 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+ networking.networkmanager.unmanaged = [ "int0" ];
+ networking.interfaces.int0.ipv4.addresses = [{
+ address = "10.42.0.1";
+ prefixLength = 24;
+ }];
+
+ services.dhcpd4 = {
+ enable = true;
+ interfaces = [ "int0" ];
+ extraConfig = ''
+ option subnet-mask 255.255.255.0;
+ option routers 10.42.0.1;
+ option domain-name-servers 10.42.0.1;
+ subnet 10.42.0.0 netmask 255.255.255.0 {
+ range 10.42.0.100 10.42.0.200;
+ }
+ '';
+ machines = [
+ { ethernetAddress = "c8:3d:d4:2c:40:ae"; hostName = "tv"; ipAddress = "10.42.0.3"; }
+ { ethernetAddress = "3c:2a:f4:22:28:37"; hostName = "drucker"; ipAddress = "10.42.0.4"; }
+ { ethernetAddress = "80:7d:3a:67:b7:01"; hostName = "s20-bett"; ipAddress = "10.42.0.10"; }
+ { ethernetAddress = "80:7d:3a:68:04:f0"; hostName = "s20-drucker"; ipAddress = "10.42.0.11"; }
+ { ethernetAddress = "80:7d:3a:68:11:a5"; hostName = "s20-kueche"; ipAddress = "10.42.0.12"; }
+ { ethernetAddress = "80:7d:3a:67:bb:69"; hostName = "s20-stereo"; ipAddress = "10.42.0.13"; }
+ { ethernetAddress = "80:8d:b7:c5:80:dc"; hostName = "arubaAP"; ipAddress = "10.42.0.99"; }
+ ];
+ };
+
+ services.dnsmasq = {
+ enable = true;
+ resolveLocalQueries = false;
+
+ extraConfig = ''
+ local=/gg23/
+ domain=gg23
+ expand-hosts
+ listen-address=10.42.0.1
+ interface=int0
+ '';
+ };
+
+ boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i int0 -p tcp --dport 8123"; target = "ACCEPT"; } # hass
+ { predicate = "-i retiolum -p tcp --dport 8123"; target = "ACCEPT"; } # hass
+ { predicate = "-i int0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto
+ { predicate = "-i int0 -p udp --dport 53"; target = "ACCEPT"; } # dns
+ ];
+ krebs.iptables.tables.filter.FORWARD.rules = [
+ { v6 = false; predicate = "-d 10.42.0.0/24 -o int0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
+ { v6 = false; predicate = "-s 10.42.0.0/24 -i int0"; target = "ACCEPT"; }
+ { v6 = false; predicate = "-o int0"; target = "REJECT --reject-with icmp-port-unreachable"; }
+ { v6 = false; predicate = "-i int0"; target = "REJECT --reject-with icmp-port-unreachable"; }
+ ];
+ krebs.iptables.tables.nat.PREROUTING.rules = [
+ { v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; precedence = 1000; }
+ ];
+ krebs.iptables.tables.nat.POSTROUTING.rules = [
+ { v6 = false; predicate = "-s 10.42.0.0/24 ! -d 10.42.0.0/24"; target = "MASQUERADE"; }
+ ];
+
+ services.home-assistant = let
+ tasmota_s20 = name: topic: {
+ platform = "mqtt";
+ inherit name;
+ state_topic = "stat/${topic}/POWER";
+ command_topic = "cmnd/${topic}/POWER";
+ payload_on = "ON";
+ payload_off = "OFF";
+ };
+ in {
+ enable = true;
+ package = pkgs.home-assistant.override {
+ python3 = pkgs.python36;
+ #extraComponents = [
+ # (pkgs.fetchgit {
+ # url = "https://github.com/marcschumacher/dwd_pollen";
+ # rev = "0.1";
+ # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p";
+ # })
+ #];
+ };
+ config = {
+ homeassistant = {
+ name = "Home"; time_zone = "Europe/Berlin";
+ latitude = "48.7687";
+ longitude = "9.2478";
+ elevation = 247;
+ };
+ sun.elevation = 66;
+ discovery = {};
+ frontend = { };
+ mqtt = {
+ broker = "localhost";
+ port = 1883;
+ client_id = "home-assistant";
+ username = "gg23";
+ password = "gg23-mqtt";
+ keepalive = 60;
+ protocol = 3.1;
+ };
+ sensor = [
+ ];
+ switch = [
+ (tasmota_s20 "Drucker Strom" "drucker")
+ (tasmota_s20 "Bett Licht" "bett")
+ (tasmota_s20 "Kueche Licht" "kueche")
+ ];
+ device_tracker = [
+ {
+ platform = "luci";
+ }
+ ];
+ };
+ };
+
+ services.mosquitto = {
+ enable = true;
+ host = "0.0.0.0";
+ allowAnonymous = false;
+ checkPasswords = true;
+ users.gg23 = {
+ password = "gg23-mqtt";
+ acl = [ "topic readwrite #" ];
+ };
+ };
+ environment.systemPackages = [ pkgs.mosquitto ];
+
+}
+
diff --git a/submodules/krops b/submodules/krops
-Subproject 2dc172530965ea4f1ead8ff166004c5734daee1
+Subproject f2f8cbf1afcb2c26d11e5f82c0b523b2cb10205
diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix
index a89f07e8a..86f9b7ec2 100644
--- a/tv/1systems/nomic/config.nix
+++ b/tv/1systems/nomic/config.nix
@@ -8,7 +8,6 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/hw/x220.nix>
<stockholm/tv/2configs/exim-retiolum.nix>
<stockholm/tv/2configs/gitrepos.nix>
- <stockholm/tv/2configs/im.nix>
<stockholm/tv/2configs/mail-client.nix>
<stockholm/tv/2configs/nginx/public_html.nix>
<stockholm/tv/2configs/pulse.nix>
diff --git a/tv/2configs/im.nix b/tv/2configs/im.nix
deleted file mode 100644
index 82f1be042..000000000
--- a/tv/2configs/im.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-{
- environment.systemPackages = with pkgs; [
- (pkgs.writeDashBin "im" ''
- export PATH=${makeSearchPath "bin" (with pkgs; [
- tmux
- gnugrep
- weechat
- ])}
- if tmux list-sessions -F\#S | grep -q '^im''$'; then
- exec tmux attach -t im
- else
- exec tmux new -s im weechat
- fi
- '')
- ];
- services.bitlbee = {
- enable = true;
- plugins = [
- pkgs.bitlbee-facebook
- ];
- };
-}
diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix
index db2cdcd1f..5be1beef8 100644
--- a/tv/3modules/default.nix
+++ b/tv/3modules/default.nix
@@ -5,6 +5,7 @@
./ejabberd
./focus.nix
./hosts.nix
+ ./im.nix
./iptables.nix
./slock.nix
./x0vncserver.nix
diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix
new file mode 100644
index 000000000..8cb137510
--- /dev/null
+++ b/tv/3modules/im.nix
@@ -0,0 +1,110 @@
+{ config, pkgs, ... }: let
+ im = config.tv.im;
+ lib = import <stockholm/lib>;
+in {
+ options = {
+ tv.im.client.enable = lib.mkEnableOption "tv.im.client" // {
+ default = config.krebs.build.host.name == im.client.host.name;
+ };
+ tv.im.client.term = lib.mkOption {
+ default = "rxvt-unicode-256color";
+ type = lib.types.filename;
+ };
+ tv.im.client.useIPv6 = lib.mkEnableOption "tv.im.client.useIPv6" // {
+ default = true;
+ };
+ tv.im.client.host = lib.mkOption {
+ default = config.krebs.hosts.xu;
+ type = lib.types.host;
+ };
+ tv.im.client.user = lib.mkOption {
+ default = config.krebs.users.tv;
+ type = lib.types.user;
+ };
+
+ tv.im.server.enable = lib.mkEnableOption "tv.im.server" // {
+ default = config.krebs.build.host.name == im.server.host.name;
+ };
+ tv.im.server.host = lib.mkOption {
+ default = config.krebs.hosts.nomic;
+ type = lib.types.host;
+ };
+ tv.im.server.mosh.enable = lib.mkEnableOption "tv.im.server.mosh" // {
+ default = true;
+ };
+ tv.im.server.weechat.relay.enable =
+ lib.mkEnableOption "tv.im.server.weechat.relay";
+ tv.im.server.user = lib.mkOption {
+ default = config.krebs.users.tv;
+ type = lib.types.user;
+ };
+ };
+ imports = [
+ (lib.mkIf im.client.enable {
+ users.users.${im.client.user.name}.packages = [
+ (pkgs.writeDashBin "im" ''
+ ${if im.server.mosh.enable then /* sh */ ''
+ exec ${pkgs.mosh}/bin/mosh \
+ ${lib.optionalString im.client.useIPv6 "-6"} \
+ ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \
+ env TERM=${im.client.term} im
+ '' else /* sh */ ''
+ exec ${pkgs.openssh}/bin/ssh \
+ ${lib.optionalString im.client.useIPv6 "-6"} \
+ ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \
+ -t \
+ im
+ ''}
+ '')
+ ];
+ })
+ (lib.mkIf im.server.enable {
+ services.bitlbee = {
+ enable = true;
+ plugins = [
+ pkgs.bitlbee-facebook
+ ];
+ };
+ users.users.${im.server.user.name}.packages = [
+ pkgs.mosh
+ (pkgs.writeDashBin "im" ''
+ export PATH=${lib.makeSearchPath "bin" [
+ pkgs.tmux
+ pkgs.gnugrep
+ pkgs.weechat
+ ]}
+ if tmux list-sessions -F\#S | grep -q '^im''$'; then
+ exec tmux attach -t im
+ else
+ exec tmux new -s im weechat
+ fi
+ '')
+ ];
+ })
+ (lib.mkIf im.server.mosh.enable {
+ krebs.setuid.utempter = {
+ filename = "${pkgs.libutempter}/lib/utempter/utempter";
+ owner = "nobody";
+ group = "utmp";
+ mode = "2111";
+ };
+ tv.iptables.extra4.filter.Retiolum = [
+ "-s ${im.client.host.nets.retiolum.ip4.addr} -p udp --dport 60000:61000 -j ACCEPT"
+ ];
+ tv.iptables.extra6.filter.Retiolum = [
+ "-s ${im.client.host.nets.retiolum.ip6.addr} -p udp --dport 60000:61000 -j ACCEPT"
+ ];
+ })
+ (lib.mkIf im.server.weechat.relay.enable {
+ krebs.iana-etc.services = {
+ "9001".tcp.name = "weechat-ssl";
+ };
+ tv.iptables.extra4.filter.Retiolum = [
+ "-s ${im.client.host.nets.retiolum.ip4.addr} -p tcp -m tcp --dport 9001 -j ACCEPT"
+ ];
+ tv.iptables.extra6.filter.Retiolum = [
+ "-s ${im.client.host.nets.retiolum.ip6.addr} -p tcp -m tcp --dport 9001 -j ACCEPT"
+ ];
+ })
+ ];
+}