From 559be7d0267580f271342318e928ae858aa2b26b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Thu, 5 Nov 2020 20:37:23 +0100 Subject: external: fix zaatar --- krebs/3modules/external/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 49cf7c9de..0f4604578 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -281,7 +281,7 @@ in { }; }; }; - scardanelli = { + zaatar = { owner = config.krebs.users.kmein; nets = { retiolum = { -- cgit v1.2.3 From effa0c765c3d24b1732fe07c27a0b9ef99b988c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Thu, 5 Nov 2020 20:39:33 +0100 Subject: external: add manakish.r (kmein) --- krebs/3modules/external/default.nix | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 0f4604578..490c0ae56 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -224,6 +224,33 @@ in { }; }; }; + manakish = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.85"; + aliases = [ + "manakish.r" + "manakish.kmein.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAtZcWwm1tTFoMcO0EOwNdSrZW9m2tSNWzwTGjlfuNFQKPnHiKdFFH + Hym72+WtaIZmffermGTfYdMoB/lWgOB0glqH9oSBFvrLVDgdQL2il589EXBd/1Qy + 7Ye5EVy2/xEA7iZGg3j0i+q1ic48tt6ePd4+QR0LmLEa8+Gz5X0Tp9TTf7gdv+lB + dVA6p7LJixKcBsC5W0jY5oTGUP0fM844AtWbpflmlz0JZNWrkJhCksOnfhUzeIsF + 1m9rCsyK+3jGMV6ZxhEbwaOt99Wlv0N0ouPePw+xLnnGTu0rJ/RKWceYnWnrHIyb + GgGIHnm9GbMd4mAfyp63emRYDMclSQSrddpDUL2GK8TCTttr6bZm4M/pFuXQGJsQ + EG0iaE8FM+nCrhmCRnX8dRWcNmHybd34UoVGCDJ6u+ksLIivqgWeY41CauqN0vQw + U4zqp6XMXRB6vlVcyLzdTASxVKaLJt+BuvHcyqz/YslJ97z4yoLE3d7s/9gZkM// + +FD970bsyvKpKRx72rNRCO9tQJNgPsaMiW5nuHUFw71XxX8o0w//5a0h5cdbiT64 + I4ISySa4ynmHI1/v0a937/sFS0IvRI1Va0Efh2VxasNIqpDmM3hA8auPDj0Js/4c + qVnWMbvqqYlY9l//HCNxUXIhi0vcOr2PoCxBtcP5pHY8nNphQrPjRrcCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; qubasa = { owner = config.krebs.users.qubasa; nets = { -- cgit v1.2.3 From 4b2c5a5f4864812761ea76a6f633faec3a5aacc3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Nov 2020 22:53:08 +0100 Subject: l: delete legacy green-host --- lass/2configs/green-host.nix | 99 -------------------------------------------- 1 file changed, 99 deletions(-) delete mode 100644 lass/2configs/green-host.nix diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix deleted file mode 100644 index 6cccab4b3..000000000 --- a/lass/2configs/green-host.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; - -let - - cname = "green"; - cryfs = pkgs.cryfs.overrideAttrs (old: { - patches = [ - (pkgs.writeText "file_mode.patch" '' - --- a/src/cryfs/filesystem/CryNode.cpp - +++ b/src/cryfs/filesystem/CryNode.cpp - @@ -171,7 +171,7 @@ CryNode::stat_info CryNode::stat() const { - result.uid = fspp::uid_t(getuid()); - result.gid = fspp::gid_t(getgid()); - #endif - - result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag(); - + result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag().addGroupReadFlag().addGroupExecFlag().addOtherReadFlag().addOtherExecFlag();; - result.size = fsblobstore::DirBlob::DIR_LSTAT_SIZE; - //TODO If possible without performance loss, then for a directory, st_nlink should return number of dir entries (including "." and "..") - result.nlink = 1; - '') - ] ++ old.patches; - }); - -in { - imports = [ - - - ]; - - programs.fuse.userAllowOther = true; - - services.syncthing.declarative.folders."/var/lib/sync-containers/${cname}".devices = [ "icarus" "skynet" "littleT" "shodan" ]; - # krebs.permown."/var/lib/sync-containers/${cname}" = { - # owner = "root"; - # group = "syncthing"; - # umask = "0007"; - # }; - - systemd.services."container@green".reloadIfChanged = mkForce false; - containers.${cname} = { - config = { ... }: { - environment.systemPackages = [ - pkgs.git - pkgs.rxvt_unicode.terminfo - ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - system.activationScripts.fuse = { - text = '' - ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229 - ''; - deps = []; - }; - }; - allowedDevices = [ - { modifier = "rwm"; node = "/dev/fuse"; } - ]; - autoStart = false; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.15"; # TODO find way to automatically calculate IPs - localAddress = "10.233.2.16"; # TODO find way to automatically calculate IPs - }; - - environment.systemPackages = [ - (pkgs.writeDashBin "start-${cname}" '' - set -euf - - mkdir -p /var/lib/containers/${cname}/var/state - chown ${config.services.syncthing.user}: /var/lib/containers/${cname}/var/state - if ! ${pkgs.mount}/bin/mount | grep -q '^cryfs@/var/lib/sync-containers/${cname} on /var/lib/containers/${cname}/var/state '; then - /run/wrappers/bin/sudo -u "${config.services.syncthing.user}" \ - ${cryfs}/bin/cryfs /var/lib/sync-containers/${cname} /var/lib/containers/${cname}/var/state -o allow_other -o default_permissions - fi - - STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${cname}) - if [ "$STATE" = 'down' ]; then - ${pkgs.nixos-container}/bin/nixos-container start ${cname} - fi - - if ! ping -c1 -q -w5 ${cname}.r && [ -d /var/lib/containers/${cname}/var/src ]; then - ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- ${pkgs.writeDash "deploy-${cname}" '' - mkdir -p /var/state/var_src - ln -sf state/var_Src /var/src - nixos-rebuild -I /var/src switch - ''} - fi - '') - (pkgs.writeDashBin "stop-${cname}" '' - set -euf - - ${pkgs.nixos-container}/bin/nixos-container stop ${cname} - ${cryfs}/bin/cryfs-unmount /var/lib/containers/${cname}/var/state - '') - ]; -} -- cgit v1.2.3 From 6b4cae9bb091df738c3952839b36f81dfcdcc481 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Thu, 5 Nov 2020 22:21:01 +0100 Subject: external: change zaatar.r (kmein) ip and key --- krebs/3modules/external/default.nix | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 490c0ae56..70acabe8e 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -312,26 +312,25 @@ in { owner = config.krebs.users.kmein; nets = { retiolum = { - ip4.addr = "10.243.2.2"; + ip4.addr = "10.243.2.34"; aliases = [ "zaatar.r" "zaatar.kmein.r" ]; tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/ - MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge - UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi - kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0 - gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx - we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY - QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm - SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL - 2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f - m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q - FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5 - lM61fOMcVW1KREdWypiDtu8CAwEAAQ== - -----END PUBLIC KEY----- + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAn1L8LaoLuvHnN39Vz/8Mu/G20+z2DdWeG8XCX53seG2R+Nv4K/Fb + PikALazrN5TIxjRSRL4HEOsYAHWrHyMyRiK0RTuVZxYX4ArilpWz6+5dyt9CkPDg + mpUqhkpHuWO7zXnCcMVkn2ESzJaDIClLaaZP9klrGoaOJLGSJhfF/y4z8p6C/HlR + AjxI4z+90ReRWHWj+adSd3FZnN9yfeVQwUyqohGM0tIHvLCiDVewigLOI3IWjPom + MyUFV/UPVn0/A81C2eADgKbwn6EiJnxDtlPZWBrEJ9vd8lNWBCyGTxTcD0DuDVCe + yP5+r3uV2OYgQPYFrmWwCZJDu7qBdR4MpPP974iPFZ7WCHrvqQQNPYNZ78zBVA4x + YPNpXxp7i3Q10Vnp5fDQlxy+tfE9deeS3vk15Ydyc6gC2D9YClch720cAtPemgs3 + F1O9Uc1PfJkUS5T0t9dpxH/0k6GZ9RQyJGCW7nupWTXmnDW7+TTjszLX3KYmG7XO + pQiic0oMvSCHwEPygnHTLWSt7rroje84htbatzplpQo8GS2tffieOEsgOaHp8TNr + QkRQnNbkAermVod6yK7wtutOk55f7WtYSCw+Kdo/pdQQQpcayKpTBikUQgdGwtTV + z9V1ZlEoLaaRxqisT4DB8279Bzy3QRV+eSHMMqw3+ePjxn7NbJxFn3sCAwEAAQ== + -----END RSA PUBLIC KEY----- ''; }; }; -- cgit v1.2.3 From 10820c80f891b0364546b627f289a1442c130a77 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Nov 2020 23:08:49 +0100 Subject: l: remove legacy green-host imports --- lass/1systems/littleT/config.nix | 1 - lass/1systems/shodan/config.nix | 1 - lass/1systems/skynet/config.nix | 1 - 3 files changed, 3 deletions(-) diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index d44e62053..eee23ee60 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -8,7 +8,6 @@ with import ; - ]; networking.networkmanager.enable = true; diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index e41c9bd1e..d7b43f2cd 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -15,7 +15,6 @@ with import ; - diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 1bc440a98..507ccd14d 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -8,7 +8,6 @@ with import ; - { services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; -- cgit v1.2.3 From 72da38efa6612dbca96cac2c001831287e3af205 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 8 Nov 2020 11:02:16 +0100 Subject: nixpkgs-unstable: 007126e -> 34ad166 --- krebs/nixpkgs-unstable.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 22c33bd66..9ea1d4141 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "007126eef72271480cb7670e19e501a1ad2c1ff2", - "date": "2020-10-20T10:30:15+10:00", - "sha256": "1rfvw560vp2wn3dxdhqn1rk1fgk0ak9lnqm2dqpnsrkl4b8ay9mq", + "rev": "34ad166a830d3ac1541dcce571c52231f2f0865a", + "date": "2020-11-02T21:18:15-05:00", + "sha256": "1jvi1562x3kq65w642vfimpszv65zbc7c2nv8gakhzcx4n3f47xq", "fetchSubmodules": false } -- cgit v1.2.3 From 60cc3b8eee64b6a9b116fc146b3e0993ebac2922 Mon Sep 17 00:00:00 2001 From: rtjure Date: Mon, 9 Nov 2020 09:56:46 +0100 Subject: external: add nxrm.r --- krebs/3modules/external/default.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 70acabe8e..d4858c67f 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -511,6 +511,32 @@ in { }; }; }; + nxrm = { + owner = config.krebs.users.rtjure; + nets = { + retiolum = { + ip4.addr = "10.243.122.124"; + aliases = [ + "nxrm.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxPg9J+cpmazp8ZH2eCQwbq6GdU22Nhd/ySm+K/aN+x55C4QN6gMM + cBW2o0nfHi4JtvqDtdw0s9pGh0GsLHHoQlFD/lGr1oCMAe0FeN4cSAwbUH1DYFPw + KsyiXpXLVYCqt42JjzCM8HNUMBNDlnZ60z2Ashxj79PbYJ+i3oPEIE//Vf6MPOta + vaDUXCbqsWKKEqG8t+rM4WRrqzVVpASq6Avs2x+eijVe0Yeq4tkHcO0z3SrV2TM1 + nAPYDL0QlHHBVtAt0tAfo4CC+HAwZJz8yZ0sWPzz/fJj/K3HwuFDBKZSrsIgSPBc + +JCFefuI3aNc1fKTYIu0XqCqgdB0Xu2g/AkJcqXSvJQaNPFuyk5n79C2INHcpLrp + s8NWwaUAH7XhNUGYnzevan3hiuSgIsT0T2cfERmEGyMn90fioYWN7TW9txfEX9qL + I4mkmh1xqt8ipdpfGxYmUAAj9KoHEhAnDElblIXRWY3KLdY6gT4sO80K+hTbK/J+ + oyhU0nYcAnrFJNlSNjNucM/4UlCXqs4TaCM9cRggT6PmHy+M7vLebI4JGoOpCuYw + W1fiyXCrzlTP0vidDtv9mr0vTTK78Nc8oGc46Yu3K1kFSQYS/pRCjnOin35sYe/K + ahpclNJjom6tHxcwTriT0w6Yh/fCei7WCqpWtK2m4Qho/+WA3rFc3WUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; ada = { owner = config.krebs.users.filly; nets = { -- cgit v1.2.3 From 32b9762495f44c0869f623c569fcb1cbea03c486 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 11 Nov 2020 18:12:22 +0100 Subject: l: delete legacy secrets --- lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem | 0 lass/2configs/tests/dummy-secrets/dcsovpn/cert.key | 0 lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem | 0 lass/2configs/tests/dummy-secrets/dcsovpn/login.txt | 0 4 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem delete mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/cert.key delete mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem delete mode 100644 lass/2configs/tests/dummy-secrets/dcsovpn/login.txt diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem deleted file mode 100644 index e69de29bb..000000000 diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key deleted file mode 100644 index e69de29bb..000000000 diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem b/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem deleted file mode 100644 index e69de29bb..000000000 diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt b/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt deleted file mode 100644 index e69de29bb..000000000 -- cgit v1.2.3