summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/echelon.nix17
-rw-r--r--lass/1systems/mors.nix1
-rw-r--r--lass/1systems/prism.nix93
-rw-r--r--lass/2configs/base.nix12
-rw-r--r--lass/2configs/baseX.nix2
-rw-r--r--lass/2configs/downloading.nix18
-rw-r--r--lass/2configs/git.nix2
-rw-r--r--lass/2configs/retiolum.nix2
-rw-r--r--lass/2configs/ts3.nix19
9 files changed, 154 insertions, 12 deletions
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
index 94c793b08..dc0ca0274 100644
--- a/lass/1systems/echelon.nix
+++ b/lass/1systems/echelon.nix
@@ -47,6 +47,23 @@ in {
{ predicate = "-i retiolum -p udp --dport 53"; target = "ACCEPT"; }
];
}
+ {
+ users.extraUsers = {
+ satan = {
+ name = "satan";
+ uid = 1338;
+ home = "/home/satan";
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ extraGroups = [
+ ];
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com"
+ ];
+ };
+ };
+ }
];
krebs.build.host = config.krebs.hosts.echelon;
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index b0b8ff573..7db3f8333 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -156,6 +156,7 @@
get
genid
teamspeak_client
+ hashPassword
];
#TODO: fix this shit
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
new file mode 100644
index 000000000..87334c3c2
--- /dev/null
+++ b/lass/1systems/prism.nix
@@ -0,0 +1,93 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (lib) head;
+
+ ip = (head config.krebs.build.host.nets.internet.addrs4);
+in {
+ imports = [
+ ../2configs/base.nix
+ ../2configs/downloading.nix
+ ../2configs/git.nix
+ ../2configs/ts3.nix
+ {
+ users.extraGroups = {
+ # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
+ # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
+ # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
+ # Docs: man:tmpfiles.d(5)
+ # man:systemd-tmpfiles(8)
+ # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
+ # Main PID: 19272 (code=exited, status=1/FAILURE)
+ #
+ # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
+ # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
+ # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
+ # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
+ # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
+ # warning: error(s) occured while switching to the new configuration
+ lock.gid = 10001;
+ };
+ }
+ {
+ networking.interfaces.et0.ip4 = [
+ {
+ address = ip;
+ prefixLength = 24;
+ }
+ ];
+ networking.defaultGateway = "213.239.205.225";
+ networking.nameservers = [
+ "8.8.8.8"
+ ];
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
+ '';
+
+ }
+ {
+ #boot.loader.gummiboot.enable = true;
+ #boot.loader.efi.canTouchEfiVariables = true;
+ boot.loader.grub = {
+ devices = [
+ "/dev/sda"
+ "/dev/sdb"
+ ];
+ splashImage = null;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "vmw_pvscsi"
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/pool/nix";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36";
+ };
+
+ fileSystems."/var/download" = {
+ device = "/dev/pool/download";
+ };
+
+ }
+ {
+ sound.enable = false;
+ }
+ {
+ #workaround for server dying after 6-7h
+ boot.kernelPackages = pkgs.linuxPackages_4_2;
+ }
+ {
+ nixpkgs.config.allowUnfree = true;
+ }
+ ];
+
+ krebs.build.host = config.krebs.hosts.prism;
+}
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 6fa9c5b2d..11bc4f089 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -15,8 +15,8 @@ with lib;
{
users.extraUsers = {
root = {
- openssh.authorizedKeys.keys = map readFile [
- ../../krebs/Zpubkeys/lass.ssh.pub
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
];
};
mainUser = {
@@ -27,11 +27,9 @@ with lib;
createHome = true;
useDefaultShell = true;
extraGroups = [
- "audio"
- "wheel"
];
- openssh.authorizedKeys.keys = map readFile [
- ../../krebs/Zpubkeys/lass.ssh.pub
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
];
};
};
@@ -50,7 +48,7 @@ with lib;
source = {
git.nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
- rev = "33bdc011f5360288cd10b9fda90da2950442b2ab";
+ rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
};
dir.secrets = {
host = config.krebs.hosts.mors;
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 1f5c3de55..3be3676aa 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -8,6 +8,8 @@ in {
./urxvt.nix
];
+ users.extraUsers.mainUser.extraGroups = [ "audio" ];
+
time.timeZone = "Europe/Berlin";
virtualisation.libvirtd.enable = true;
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 5052da5c8..e80b74007 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -1,6 +1,10 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
-{
+with lib;
+
+let
+ rpc-password = import <secrets/transmission-pw.nix>;
+in {
imports = [
../3modules/folderPerms.nix
];
@@ -10,9 +14,13 @@
name = "download";
home = "/var/download";
createHome = true;
+ useDefaultShell = true;
extraGroups = [
"download"
];
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ ];
};
transmission = {
@@ -41,8 +49,8 @@
rpc-authentication-required = true;
rpc-whitelist-enabled = false;
rpc-username = "download";
- #add rpc-password in secrets
- rpc-password = "test123";
+ inherit rpc-password;
+ peer-port = 51413;
};
};
@@ -50,6 +58,8 @@
enable = true;
tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
];
};
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 2164b2e33..7e8fc03c7 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -33,6 +33,8 @@ let
web-routes-wai-custom = {};
go = {};
newsbot-js = {};
+ kimsufi-check = {};
+ realwallpaper = {};
};
restricted-repos = mapAttrs make-restricted-repo (
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index 7f0bcc5e8..d26a2f4c4 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -16,7 +16,7 @@
enable = true;
hosts = ../../krebs/Zhosts;
connectTo = [
- "fastpoke"
+ "prism"
"cloudkrebs"
"echelon"
"pigstarter"
diff --git a/lass/2configs/ts3.nix b/lass/2configs/ts3.nix
new file mode 100644
index 000000000..5b92d0919
--- /dev/null
+++ b/lass/2configs/ts3.nix
@@ -0,0 +1,19 @@
+{ config, ... }:
+
+{
+ services.teamspeak3 = {
+ enable = true;
+ };
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ #voice port
+ { predicate = "-p tcp --dport 9987"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport 9987"; target = "ACCEPT"; }
+ ##file transfer port
+ #{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; }
+ #{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; }
+ ##query port
+ #{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; }
+ #{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; }
+ ];
+}