From 1f943991347be375cb29f764628999c184c064f9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 23 Oct 2015 16:36:05 +0200 Subject: l 2 git: add kimsufi-check & realwallpaper --- lass/2configs/git.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass') diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 2164b2e33..7e8fc03c7 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -33,6 +33,8 @@ let web-routes-wai-custom = {}; go = {}; newsbot-js = {}; + kimsufi-check = {}; + realwallpaper = {}; }; restricted-repos = mapAttrs make-restricted-repo ( -- cgit v1.2.3 From beca36faf241f610b05379295801a102c696273d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 23 Oct 2015 16:37:25 +0200 Subject: lass 2 base: nixpkgs rev 33bdc01 -> 0da65a5 --- lass/2configs/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 6fa9c5b2d..c4c817ab6 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -50,7 +50,7 @@ with lib; source = { git.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "33bdc011f5360288cd10b9fda90da2950442b2ab"; + rev = "0da65a5324b1e25d323f982bb0ef2c7fcab9f057"; }; dir.secrets = { host = config.krebs.hosts.mors; -- cgit v1.2.3 From e6d08eeeb6e7737e8a2594efd579d40525fb21dc Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 24 Oct 2015 16:04:22 +0200 Subject: l 2 base: nixpkgs rev 0da65a5 -> 763ad33 --- lass/2configs/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index c4c817ab6..0685a85dc 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -50,7 +50,7 @@ with lib; source = { git.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "0da65a5324b1e25d323f982bb0ef2c7fcab9f057"; + rev = "763ad3372a9719f1187d800edbbb21a82180b143"; }; dir.secrets = { host = config.krebs.hosts.mors; -- cgit v1.2.3 From ace11d79badafce313b17c968701739513e95982 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 25 Oct 2015 21:13:45 +0100 Subject: l 2 base: nixpkgs 763ad33 -> 6d31e9b --- lass/2configs/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 0685a85dc..fe6aa8361 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -50,7 +50,7 @@ with lib; source = { git.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "763ad3372a9719f1187d800edbbb21a82180b143"; + rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80"; }; dir.secrets = { host = config.krebs.hosts.mors; -- cgit v1.2.3 From 8dd8ddb27dd7504e80a145a41a631be1a305e9ad Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Oct 2015 16:05:51 +0100 Subject: lass: add prism host --- lass/1systems/prism.nix | 88 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 lass/1systems/prism.nix (limited to 'lass') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix new file mode 100644 index 000000000..570cdfb7c --- /dev/null +++ b/lass/1systems/prism.nix @@ -0,0 +1,88 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) head; + + ip = (head config.krebs.build.host.nets.internet.addrs4); +in { + imports = [ + ../2configs/base.nix + ../2configs/downloading.nix + { + users.extraGroups = { + # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories + # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) + # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago + # Docs: man:tmpfiles.d(5) + # man:systemd-tmpfiles(8) + # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) + # Main PID: 19272 (code=exited, status=1/FAILURE) + # + # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE + # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. + # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. + # warning: error(s) occured while switching to the new configuration + lock.gid = 10001; + }; + } + { + networking.interfaces.et0.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = "213.239.205.225"; + networking.nameservers = [ + "8.8.8.8" + ]; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" + ''; + + } + { + #boot.loader.gummiboot.enable = true; + #boot.loader.efi.canTouchEfiVariables = true; + boot.loader.grub = { + devices = [ + "/dev/sda" + "/dev/sdb" + ]; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + + fileSystems."/" = { + device = "/dev/pool/nix"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36"; + }; + + fileSystems."/var/download" = { + device = "/dev/pool/download"; + }; + + } + { + sound.enable = false; + } + { + #workaround for server dying after 6-7h + boot.kernelPackages = pkgs.linuxPackages_4_2; + } + ]; + + krebs.build.host = config.krebs.hosts.prism; +} -- cgit v1.2.3 From 6b30265be2b954317262c046bd1c53787ee3984a Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Oct 2015 18:28:52 +0100 Subject: l 1 echelon: add user satan --- lass/1systems/echelon.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'lass') diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index 94c793b08..dc0ca0274 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -47,6 +47,23 @@ in { { predicate = "-i retiolum -p udp --dport 53"; target = "ACCEPT"; } ]; } + { + users.extraUsers = { + satan = { + name = "satan"; + uid = 1338; + home = "/home/satan"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com" + ]; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.echelon; -- cgit v1.2.3 From db889e085d8b4b15cab83116562085ab27bc0acb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Oct 2015 18:35:21 +0100 Subject: lass 2 base*: reorganize groups --- lass/2configs/base.nix | 2 -- lass/2configs/baseX.nix | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index fe6aa8361..057af7bc4 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -27,8 +27,6 @@ with lib; createHome = true; useDefaultShell = true; extraGroups = [ - "audio" - "wheel" ]; openssh.authorizedKeys.keys = map readFile [ ../../krebs/Zpubkeys/lass.ssh.pub diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1f5c3de55..3be3676aa 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -8,6 +8,8 @@ in { ./urxvt.nix ]; + users.extraUsers.mainUser.extraGroups = [ "audio" ]; + time.timeZone = "Europe/Berlin"; virtualisation.libvirtd.enable = true; -- cgit v1.2.3 From 6bf12a65f534103771f51e74b7d750dd1ce42d29 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 31 Oct 2015 00:10:43 +0100 Subject: l 2 downloading: allow login via ssh --- lass/2configs/downloading.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 5052da5c8..b8b20d0ed 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -1,5 +1,6 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: +with lib; { imports = [ ../3modules/folderPerms.nix @@ -10,9 +11,13 @@ name = "download"; home = "/var/download"; createHome = true; + useDefaultShell = true; extraGroups = [ "download" ]; + openssh.authorizedKeys.keys = map readFile [ + ../../krebs/Zpubkeys/lass.ssh.pub + ]; }; transmission = { -- cgit v1.2.3 From 7fc5c721f41869bf45a2da776db63950f905b7a0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 31 Oct 2015 00:11:45 +0100 Subject: l 2 downloading: open ports for transmission --- lass/2configs/downloading.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass') diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index b8b20d0ed..553a3a557 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -48,6 +48,7 @@ with lib; rpc-username = "download"; #add rpc-password in secrets rpc-password = "test123"; + peer-port = 51413; }; }; @@ -55,6 +56,8 @@ with lib; enable = true; tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } + { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } ]; }; -- cgit v1.2.3 From 611f8ef25b4c3984f2f7de7362c4869d1f2f124f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 31 Oct 2015 00:12:15 +0100 Subject: l 2 retiolum: connect to prism instead of fastpoke --- lass/2configs/retiolum.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 7f0bcc5e8..d26a2f4c4 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -16,7 +16,7 @@ enable = true; hosts = ../../krebs/Zhosts; connectTo = [ - "fastpoke" + "prism" "cloudkrebs" "echelon" "pigstarter" -- cgit v1.2.3 From 95999d2ef4b426c68c5d4875554ff8c3e10669e0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 31 Oct 2015 15:09:11 +0100 Subject: l 1 prism: add git.nix --- lass/1systems/prism.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 570cdfb7c..bb22b471f 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -8,6 +8,7 @@ in { imports = [ ../2configs/base.nix ../2configs/downloading.nix + ../2configs/git.nix { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories -- cgit v1.2.3 From 10fc9eb4ee5151bee86026cd81a73d333551b612 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 31 Oct 2015 15:09:43 +0100 Subject: l 2: get ssh-keys via api --- lass/2configs/base.nix | 8 ++++---- lass/2configs/downloading.nix | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'lass') diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 057af7bc4..11bc4f089 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -15,8 +15,8 @@ with lib; { users.extraUsers = { root = { - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/lass.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey ]; }; mainUser = { @@ -28,8 +28,8 @@ with lib; useDefaultShell = true; extraGroups = [ ]; - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/lass.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey ]; }; }; diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 553a3a557..b9f3449e4 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -15,8 +15,8 @@ with lib; extraGroups = [ "download" ]; - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/lass.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey ]; }; -- cgit v1.2.3 From e8d41346d34cf24652e8e77fab6bb0a0dd86a199 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 31 Oct 2015 15:11:15 +0100 Subject: l 2 downloading: get rpc-password from secrets --- lass/2configs/downloading.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'lass') diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index b9f3449e4..e80b74007 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -1,7 +1,10 @@ { config, lib, pkgs, ... }: with lib; -{ + +let + rpc-password = import ; +in { imports = [ ../3modules/folderPerms.nix ]; @@ -46,8 +49,7 @@ with lib; rpc-authentication-required = true; rpc-whitelist-enabled = false; rpc-username = "download"; - #add rpc-password in secrets - rpc-password = "test123"; + inherit rpc-password; peer-port = 51413; }; }; -- cgit v1.2.3 From f18a958ce57d2a91af9ba547cbf8cb21e19b99f8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Nov 2015 19:57:05 +0100 Subject: l 2: add ts3.nix --- lass/2configs/ts3.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 lass/2configs/ts3.nix (limited to 'lass') diff --git a/lass/2configs/ts3.nix b/lass/2configs/ts3.nix new file mode 100644 index 000000000..5b92d0919 --- /dev/null +++ b/lass/2configs/ts3.nix @@ -0,0 +1,19 @@ +{ config, ... }: + +{ + services.teamspeak3 = { + enable = true; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + #voice port + { predicate = "-p tcp --dport 9987"; target = "ACCEPT"; } + { predicate = "-p udp --dport 9987"; target = "ACCEPT"; } + ##file transfer port + #{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; } + #{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; } + ##query port + #{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; } + #{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; } + ]; +} -- cgit v1.2.3 From a7621594563dc92684e0b9cc31a85645a4b8d3fd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Nov 2015 19:58:59 +0100 Subject: l 1 prism: activate ts3 server --- lass/1systems/prism.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index bb22b471f..ae90251cc 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -9,6 +9,7 @@ in { ../2configs/base.nix ../2configs/downloading.nix ../2configs/git.nix + ../2configs/ts3.nix { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories -- cgit v1.2.3 From cb5e5f452c320d0f75bd46a82fd6afc96e11d73e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Nov 2015 20:00:19 +0100 Subject: l 1 mors: add hashPassword to systemPackages --- lass/1systems/mors.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index b0b8ff573..7db3f8333 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -156,6 +156,7 @@ get genid teamspeak_client + hashPassword ]; #TODO: fix this shit -- cgit v1.2.3 From fd42a107a517d0f67005efcd9ed4f1400ffdb154 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Nov 2015 20:00:43 +0100 Subject: l 1 prism: allowUnfree for ts3 --- lass/1systems/prism.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index ae90251cc..87334c3c2 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -84,6 +84,9 @@ in { #workaround for server dying after 6-7h boot.kernelPackages = pkgs.linuxPackages_4_2; } + { + nixpkgs.config.allowUnfree = true; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3