From 348018063ac93f36b145f5600af8be424863e460 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 8 Nov 2021 11:57:39 +0100 Subject: l restic: RIP --- lass/3modules/default.nix | 1 - lass/3modules/restic.nix | 119 ---------------------------------------------- 2 files changed, 120 deletions(-) delete mode 100644 lass/3modules/restic.nix (limited to 'lass') diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 1ce88b238..570bb45be 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -9,7 +9,6 @@ _: ./news.nix ./nichtparasoup.nix ./pyload.nix - ./restic.nix ./screenlock.nix ./usershadow.nix ./xjail.nix diff --git a/lass/3modules/restic.nix b/lass/3modules/restic.nix deleted file mode 100644 index c720793b1..000000000 --- a/lass/3modules/restic.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -{ - options.lass.restic = mkOption { - type = types.attrsOf (types.submodule ({ config, ... }: { - options = { - name = mkOption { - type = types.str; - default = config._module.args.name; - }; - passwordFile = mkOption { - type = types.str; - default = toString ; - description = '' - read the repository password from a file. - ''; - example = "/etc/nixos/restic-password"; - - }; - repo = mkOption { - type = types.str; - default = "sftp:backup@prism.r:/backups/${config.name}"; - description = '' - repository to backup to. - ''; - example = "sftp:backup@192.168.1.100:/backups/${config.name}"; - }; - dirs = mkOption { - type = types.listOf types.str; - default = []; - description = '' - which directories to backup. - ''; - example = [ - "/var/lib/postgresql" - "/home/user/backup" - ]; - }; - timerConfig = mkOption { - type = types.attrsOf types.str; - default = { - OnCalendar = "daily"; - }; - description = '' - When to run the backup. See man systemd.timer for details. - ''; - example = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; - }; - user = mkOption { - type = types.str; - default = "root"; - description = '' - As which user the backup should run. - ''; - example = "postgresql"; - }; - extraArguments = mkOption { - type = types.listOf types.str; - default = []; - description = '' - Extra arguments to append to the restic command. - ''; - example = [ - "sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp" - ]; - }; - initialize = mkOption { - type = types.bool; - default = false; - description = '' - Create the repository if it doesn't exist. - ''; - }; - }; - })); - default = {}; - }; - - config = { - systemd.services = - mapAttrs' (_: plan: - let - extraArguments = concatMapStringsSep " " (arg: "-o ${arg}") plan.extraArguments; - connectTo = elemAt (splitString ":" plan.repo) 1; - resticCmd = "${pkgs.restic}/bin/restic ${extraArguments}"; - in nameValuePair "backup.${plan.name}" { - environment = { - RESTIC_PASSWORD_FILE = plan.passwordFile; - RESTIC_REPOSITORY = plan.repo; - }; - path = with pkgs; [ - openssh - ]; - restartIfChanged = false; - serviceConfig = { - ExecStartPre = mkIf plan.initialize (pkgs.writeScript "rustic-${plan.name}-init" '' - #! ${pkgs.bash}/bin/bash - ${resticCmd} snapshots || ${resticCmd} init - ''); - ExecStart = pkgs.writeDash "rustic-${plan.name}" ( - "#! ${pkgs.bash}/bin/bash\n" + - concatMapStringsSep "\n" (dir: "${resticCmd} backup ${dir}") plan.dirs - ); - User = plan.user; - }; - } - ) config.lass.restic; - systemd.timers = - mapAttrs' (_: plan: nameValuePair "backup.${plan.name}" { - wantedBy = [ "timers.target" ]; - timerConfig = plan.timerConfig; - }) config.lass.restic; - }; -} -- cgit v1.2.3 From 0c32c00f0be6d95e191e80dc078f7aaa98e38419 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 14 Nov 2021 09:35:47 +0100 Subject: l: enable documentation for all modules --- lass/2configs/default.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 91922e5c9..c3fbc2093 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -215,6 +215,8 @@ with import ; noipv4ll ''; + documentation.nixos.includeAllModules = true; + # use 24:00 time format, the default got sneakily changed around 20.03 i18n.defaultLocale = mkDefault "C.UTF-8"; time.timeZone = mkDefault"Europe/Berlin"; -- cgit v1.2.3 From 8c942b148cc949cbc1f7c747303ab4d4cba3ed21 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 14 Nov 2021 09:48:08 +0100 Subject: l xjail: fix for manual --- lass/3modules/xjail.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index 526e12db7..f94e7ebbf 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -48,6 +48,7 @@ with import ; wm = mkOption { #TODO find type type = types.str; + defaultText = "‹script›"; default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" { executables.xmonad = { extra-depends = [ -- cgit v1.2.3 From b244950e5d0b7ce3ebaf4f63a00f93abab46a893 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 14 Nov 2021 17:13:08 +0100 Subject: l mors.r: remove deprecated restic setup --- lass/1systems/mors/config.nix | 29 ----------------------------- 1 file changed, 29 deletions(-) (limited to 'lass') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 95b688590..88ac90de4 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -183,35 +183,6 @@ with import ; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; - lass.restic = genAttrs [ - "daedalus" - "icarus" - "littleT" - "prism" - "shodan" - "skynet" - ] (dest: { - dirs = [ - "/home/lass/src" - "/home/lass/work" - "/home/lass/.gnupg" - "/home/lass/Maildir" - "/home/lass/stockholm" - "/home/lass/.password-store" - "/home/bitcoin" - "/home/bch" - ]; - passwordFile = (toString ) + "/restic/${dest}"; - repo = "sftp:backup@${dest}.r:/backups/mors"; - #sshPrivateKey = config.krebs.build.host.ssh.privkey.path; - extraArguments = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - ]; - timerConfig = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; - }); virtualisation.libvirtd.enable = true; services.earlyoom = { -- cgit v1.2.3 From 3d1544c785700777ca5e421094cdde930b0de126 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Nov 2021 11:43:25 +0100 Subject: Revert "l: rip dishfire.r" This reverts commit 61e6552da3c48256bf4d17ae691721b3a7d000f2. --- lass/1systems/dishfire/config.nix | 63 +++++++++++++++++++++++++++++++++++++ lass/1systems/dishfire/physical.nix | 39 +++++++++++++++++++++++ lass/1systems/dishfire/source.nix | 3 ++ 3 files changed, 105 insertions(+) create mode 100644 lass/1systems/dishfire/config.nix create mode 100644 lass/1systems/dishfire/physical.nix create mode 100644 lass/1systems/dishfire/source.nix (limited to 'lass') diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix new file mode 100644 index 000000000..3d5f32180 --- /dev/null +++ b/lass/1systems/dishfire/config.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + { + networking.dhcpcd.allowInterfaces = [ + "enp*" + "eth*" + "ens*" + ]; + } + { + sound.enable = false; + } + { + environment.systemPackages = with pkgs; [ + mk_sql_pair + ]; + } + { + imports = [ + + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport http"; target = "ACCEPT"; } + { predicate = "-p tcp --dport https"; target = "ACCEPT"; } + ]; + } + { + #TODO: abstract & move to own file + krebs.exim-smarthost = { + enable = true; + relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + config.krebs.hosts.mors + config.krebs.hosts.uriel + ]; + system-aliases = [ + { from = "mailer-daemon"; to = "postmaster"; } + { from = "postmaster"; to = "root"; } + { from = "nobody"; to = "root"; } + { from = "hostmaster"; to = "root"; } + { from = "usenet"; to = "root"; } + { from = "news"; to = "root"; } + { from = "webmaster"; to = "root"; } + { from = "www"; to = "root"; } + { from = "ftp"; to = "root"; } + { from = "abuse"; to = "root"; } + { from = "noc"; to = "root"; } + { from = "security"; to = "root"; } + { from = "root"; to = "lass"; } + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } + ]; + } + ]; + + krebs.build.host = config.krebs.hosts.dishfire; +} diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix new file mode 100644 index 000000000..64e3904e0 --- /dev/null +++ b/lass/1systems/dishfire/physical.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: +{ + imports = [ + ./config.nix + + ]; + + boot.loader.grub = { + device = "/dev/vda"; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "ehci_pci" + "uhci_hcd" + "virtio_pci" + "virtio_blk" + ]; + + fileSystems."/" = { + device = "/dev/mapper/pool-nix"; + fsType = "ext4"; + }; + + fileSystems."/srv/http" = { + device = "/dev/pool/srv_http"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + fileSystems."/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; +} diff --git a/lass/1systems/dishfire/source.nix b/lass/1systems/dishfire/source.nix new file mode 100644 index 000000000..2445af130 --- /dev/null +++ b/lass/1systems/dishfire/source.nix @@ -0,0 +1,3 @@ +import { + name = "dishfire"; +} -- cgit v1.2.3 From ff9a042e70779e860d7a07a24e3ffb1f40119c32 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Nov 2021 12:47:06 +0100 Subject: l dishfire.r: revive with minimal config --- lass/1systems/dishfire/config.nix | 53 ------------------------------------- lass/1systems/dishfire/physical.nix | 44 +++++++++--------------------- lass/1systems/dishfire/source.nix | 3 --- 3 files changed, 13 insertions(+), 87 deletions(-) delete mode 100644 lass/1systems/dishfire/source.nix (limited to 'lass') diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix index 3d5f32180..b814d7188 100644 --- a/lass/1systems/dishfire/config.nix +++ b/lass/1systems/dishfire/config.nix @@ -4,59 +4,6 @@ imports = [ - - { - networking.dhcpcd.allowInterfaces = [ - "enp*" - "eth*" - "ens*" - ]; - } - { - sound.enable = false; - } - { - environment.systemPackages = with pkgs; [ - mk_sql_pair - ]; - } - { - imports = [ - - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - { predicate = "-p tcp --dport https"; target = "ACCEPT"; } - ]; - } - { - #TODO: abstract & move to own file - krebs.exim-smarthost = { - enable = true; - relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ - config.krebs.hosts.mors - config.krebs.hosts.uriel - ]; - system-aliases = [ - { from = "mailer-daemon"; to = "postmaster"; } - { from = "postmaster"; to = "root"; } - { from = "nobody"; to = "root"; } - { from = "hostmaster"; to = "root"; } - { from = "usenet"; to = "root"; } - { from = "news"; to = "root"; } - { from = "webmaster"; to = "root"; } - { from = "www"; to = "root"; } - { from = "ftp"; to = "root"; } - { from = "abuse"; to = "root"; } - { from = "noc"; to = "root"; } - { from = "security"; to = "root"; } - { from = "root"; to = "lass"; } - ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } - ]; - } ]; krebs.build.host = config.krebs.hosts.dishfire; diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix index 64e3904e0..ca013132f 100644 --- a/lass/1systems/dishfire/physical.nix +++ b/lass/1systems/dishfire/physical.nix @@ -1,39 +1,21 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, modulesPath, ... }: + { imports = [ ./config.nix - - ]; - - boot.loader.grub = { - device = "/dev/vda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "ehci_pci" - "uhci_hcd" - "virtio_pci" - "virtio_blk" + (modulesPath + "/profiles/qemu-guest.nix") ]; - fileSystems."/" = { - device = "/dev/mapper/pool-nix"; - fsType = "ext4"; - }; + boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + boot.loader.grub.devices = [ "/dev/sda" ]; - fileSystems."/srv/http" = { - device = "/dev/pool/srv_http"; - fsType = "ext4"; - }; + fileSystems."/" = + { device = "/dev/disk/by-uuid/84053adc-49bc-4e02-8a19-3838bf3a43fd"; + fsType = "ext4"; + }; - fileSystems."/boot" = { - device = "/dev/vda1"; - fsType = "ext4"; - }; - fileSystems."/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; + swapDevices = [ ]; } diff --git a/lass/1systems/dishfire/source.nix b/lass/1systems/dishfire/source.nix deleted file mode 100644 index 2445af130..000000000 --- a/lass/1systems/dishfire/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "dishfire"; -} -- cgit v1.2.3