From 8b5a7fb02cb8fd76efa0e96fa6dc219fd35144b3 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 3 May 2018 18:41:08 +0200
Subject: [PATCH 01/65] tv gitrepos: kops -> krops
---
tv/2configs/gitrepos.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index c3418e7ee..a4e3aafca 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -42,7 +42,7 @@ let {
kirk = {
cgit.desc = "IRC tools";
};
- kops = {
+ krops = {
cgit.desc = "deployment tools";
};
load-env = {};
From 6e35be71f64dbb6d83bfd1d6fd8a2d8e1c9eb842 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 3 May 2018 18:49:46 +0200
Subject: [PATCH 02/65] kops 1.1.0 -> krops 1.0.0
---
krebs/5pkgs/simple/kops.nix | 7 -------
krebs/5pkgs/simple/krops.nix | 7 +++++++
2 files changed, 7 insertions(+), 7 deletions(-)
delete mode 100644 krebs/5pkgs/simple/kops.nix
create mode 100644 krebs/5pkgs/simple/krops.nix
diff --git a/krebs/5pkgs/simple/kops.nix b/krebs/5pkgs/simple/kops.nix
deleted file mode 100644
index 8db4b8ddd..000000000
--- a/krebs/5pkgs/simple/kops.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ fetchgit, ... }:
-
-fetchgit {
- url = https://cgit.krebsco.de/kops;
- rev = "refs/tags/v1.1.0";
- sha256 = "0k3zhv2830z4bljcdvf6ciwjihk2zzcn9y23p49c6sba5hbsd6jb";
-}
diff --git a/krebs/5pkgs/simple/krops.nix b/krebs/5pkgs/simple/krops.nix
new file mode 100644
index 000000000..29bfb52f5
--- /dev/null
+++ b/krebs/5pkgs/simple/krops.nix
@@ -0,0 +1,7 @@
+{ fetchgit, ... }:
+
+fetchgit {
+ url = https://cgit.krebsco.de/krops;
+ rev = "refs/tags/v1.0.0";
+ sha256 = "0ahp3fxb3l1vcjylxw0cd0f4hfp98bxskkf3z9d37hl3m7v4pcb4";
+}
From b81fe57e3e137a2449fb8cc5e627e484d84bb00e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 3 May 2018 22:49:27 +0200
Subject: [PATCH 03/65] all hope is lost. RIP
---
krebs/1systems/hope/config.nix | 41 --------------------------------
krebs/1systems/hope/source.nix | 3 ---
krebs/3modules/krebs/default.nix | 32 -------------------------
3 files changed, 76 deletions(-)
delete mode 100644 krebs/1systems/hope/config.nix
delete mode 100644 krebs/1systems/hope/source.nix
diff --git a/krebs/1systems/hope/config.nix b/krebs/1systems/hope/config.nix
deleted file mode 100644
index c19b210c5..000000000
--- a/krebs/1systems/hope/config.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }: let
-
- ip = config.krebs.build.host.nets.internet.ip4.addr;
- bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1";
-
-in {
- imports = [
- <stockholm/krebs>
- <stockholm/krebs/2configs>
- <stockholm/krebs/2configs/os-templates/CAC-CentOS-7-64bit.nix>
-
- <stockholm/krebs/2configs/secret-passwords.nix>
- {
- users.extraUsers = {
- satan = {
- name = "satan";
- uid = 1338;
- home = "/home/satan";
- group = "users";
- createHome = true;
- useDefaultShell = true;
- initialPassword = "test";
- };
- };
- }
- ];
-
- krebs.build.host = config.krebs.hosts.hope;
-
- networking = let
- address = config.krebs.build.host.nets.internet.ip4.addr;
- in {
- defaultGateway = bestGuessGateway address;
- interfaces.enp2s1.ip4 = singleton {
- inherit address;
- prefixLength = 24;
- };
- nameservers = ["8.8.8.8"];
- };
-}
diff --git a/krebs/1systems/hope/source.nix b/krebs/1systems/hope/source.nix
deleted file mode 100644
index 7121d1d9d..000000000
--- a/krebs/1systems/hope/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "hope";
-}
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index a916c1873..a938f8ec9 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -30,38 +30,6 @@ let
});
in {
hosts = {
- hope = {
- ci = true;
- owner = config.krebs.users.krebs;
- nets = {
- internet = {
- ip4.addr = "45.62.225.18";
- aliases = [
- "hope.i"
- ];
- ssh.port = 45621;
- };
- retiolum = {
- ip4.addr = "10.243.77.4";
- ip6.addr = "42:0:0:0:0:0:77:4";
- aliases = [
- "hope.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAsQVWCoNZZd77tYw1qEDlUsfcF0ld+jVorq2uR5il1D8sqER644l5
- uaWxPQjSl27xdq5kvzIH24Ab6/xF2EDgE2fUTwpO5coBYafeiGyi5AwURQmYMp2a
- 2CV7uUAagFQaSzD0Aj796r1BXPn1IeE+uRSBmmc/+/7L0hweRGLiha34NOMZkq+4
- A0pwI/CjnyRXdV4AqfORHXkelykJPATm+m3bC+KYogPBeNMP2AV2aYgY8a0UJPMK
- fjAJCzxYJjiYxm8faJlm2U1bWytZODQa8pRZOrYQa4he2UoU6x78CNcrQkYLPOFC
- K2Q7+B5WJNKV6CqYztXuU/6LTHJRmV0FiwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdLHRI29xJj1jmfSidE2Dh7EsDNszm+WH3Kj4zYBkP/";
- };
hotdog = {
ci = true;
owner = config.krebs.users.krebs;
From 4f2bf83ff906b9ee0421dabba4ff7e9dab5b7802 Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 4 May 2018 16:51:08 +0200
Subject: [PATCH 04/65] j conflicts resolve. dirty commit
---
jeschli/1systems/bln/config.nix | 25 ++++++++-----------
.../1systems/bln/hardware-configuration.nix | 2 ++
jeschli/2configs/xserver/Xresources.nix | 4 +++
jeschli/2configs/xserver/default.nix | 2 ++
4 files changed, 18 insertions(+), 15 deletions(-)
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix
index c9a7a34e2..ad397728d 100644
--- a/jeschli/1systems/bln/config.nix
+++ b/jeschli/1systems/bln/config.nix
@@ -1,13 +1,15 @@
{ config, lib, pkgs, ... }:
# bln config file
{
- imports =
- [ <stockholm/jeschli>
- <stockholm/jeschli/2configs/virtualbox.nix>
- <stockholm/jeschli/2configs/urxvt.nix>
- <stockholm/jeschli/2configs/emacs.nix>
- ./hardware-configuration.nix
- ];
+ imports = [
+ ./hardware-configuration.nix
+ <stockholm/jeschli>
+ <stockholm/jeschli/2configs/virtualbox.nix>
+ <stockholm/jeschli/2configs/urxvt.nix>
+ <stockholm/jeschli/2configs/emacs.nix>
+ <stockholm/jeschli/2configs/xdg.nix>
+ <stockholm/jeschli/2configs/xserver>
+ ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
@@ -91,18 +93,11 @@
services.printing.drivers = [ pkgs.postscript-lexmark ];
# Enable the X11 windowing system.
- services.xserver.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
- services.xserver.windowManager.xmonad.enable = true;
- services.xserver.windowManager.xmonad.enableContribAndExtras = true;
- services.xserver.displayManager.sddm.enable = true;
- services.xserver.dpi = 100;
- fonts.fontconfig.dpi = 100;
-
users.extraUsers.jeschli = {
isNormalUser = true;
- extraGroups = ["docker" "vboxusers"];
+ extraGroups = ["docker" "vboxusers" "audio"];
uid = 1000;
};
diff --git a/jeschli/1systems/bln/hardware-configuration.nix b/jeschli/1systems/bln/hardware-configuration.nix
index b774bfc19..35f0b3bca 100644
--- a/jeschli/1systems/bln/hardware-configuration.nix
+++ b/jeschli/1systems/bln/hardware-configuration.nix
@@ -30,4 +30,6 @@
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = "powersave";
+
+ hardware.pulseaudio.enable = true;
}
diff --git a/jeschli/2configs/xserver/Xresources.nix b/jeschli/2configs/xserver/Xresources.nix
index e433a855e..e8154912c 100644
--- a/jeschli/2configs/xserver/Xresources.nix
+++ b/jeschli/2configs/xserver/Xresources.nix
@@ -3,6 +3,10 @@
with import <stockholm/lib>;
pkgs.writeText "Xresources" /* xdefaults */ ''
+ Xcursor.theme: aero-large-drop
+ Xcursor.size: 128
+ Xft.dpi: 144
+
URxvt*cutchars: "\\`\"'&()*,;<=>?@[]^{|}‘’"
URxvt*eightBitInput: false
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
diff --git a/jeschli/2configs/xserver/default.nix b/jeschli/2configs/xserver/default.nix
index df06000f3..4e646811d 100644
--- a/jeschli/2configs/xserver/default.nix
+++ b/jeschli/2configs/xserver/default.nix
@@ -43,6 +43,8 @@ in {
enable = true;
display = 11;
tty = 11;
+
+ dpi = 200;
synaptics = {
enable = true;
From 6cd3f1607b3c0e9b42fc41f5e3545e324d0fe43a Mon Sep 17 00:00:00 2001
From: jeschli <jeschli@gmail.com>
Date: Fri, 4 May 2018 16:58:43 +0200
Subject: [PATCH 05/65] j: changed cert hashes
---
jeschli/1systems/bln/config.nix | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix
index 190f6f539..c5f8101ea 100644
--- a/jeschli/1systems/bln/config.nix
+++ b/jeschli/1systems/bln/config.nix
@@ -123,15 +123,17 @@
# DCSO Certificates
security.pki.certificateFiles = [
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })
+
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })
];
+
hardware.bluetooth.enable = true;
krebs.build.host = config.krebs.hosts.bln;
}
From 3b6c1b0efcfb848a3e3c380664dcc5315169549a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 4 May 2018 17:15:50 +0200
Subject: [PATCH 06/65] j zsh: pin LS_COLORS rev
---
jeschli/2configs/zsh.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jeschli/2configs/zsh.nix b/jeschli/2configs/zsh.nix
index be5b661b4..0f6775efb 100644
--- a/jeschli/2configs/zsh.nix
+++ b/jeschli/2configs/zsh.nix
@@ -53,8 +53,8 @@
eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r";
repo = "LS_COLORS";
- rev = "master";
- sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
+ rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
+ sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
}}/LS_COLORS)
#beautiful colors
From c1e6915ccf9dbdd38c35f4849fd2a8a89c35a62d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 4 May 2018 20:28:15 +0200
Subject: [PATCH 07/65] l: add lol.lassul.us
---
krebs/3modules/lass/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 48df04bcb..36fd5fc63 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -65,6 +65,7 @@ with import <stockholm/lib>;
io 60 IN NS ions.lassul.us.
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
nets = rec {
From f4c7c3ebdce7c4a248140d20464fbdf65ea0c921 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 4 May 2018 20:30:19 +0200
Subject: [PATCH 08/65] l mors: open chromecast ports
---
lass/1systems/mors/config.nix | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index f8a16ad2e..586a957cf 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -35,9 +35,11 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/rtl-sdr.nix>
<stockholm/lass/2configs/backup.nix>
{
- #risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
+ #risk of rain
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
+ #chromecast
+ { predicate = "-p udp -m multiport --sports 32768:61000 -m multiport --dports 32768:61000"; target = "ACCEPT"; }
];
}
{
From 5fe30a149d649b24cb0c55e398064adfce51614c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 4 May 2018 20:30:51 +0200
Subject: [PATCH 09/65] l: init nichtparasoup
---
lass/5pkgs/nichtparasoup/default.nix | 25 ++++++++++++++++++++++++
lass/5pkgs/nichtparasoup/exception.patch | 13 ++++++++++++
2 files changed, 38 insertions(+)
create mode 100644 lass/5pkgs/nichtparasoup/default.nix
create mode 100644 lass/5pkgs/nichtparasoup/exception.patch
diff --git a/lass/5pkgs/nichtparasoup/default.nix b/lass/5pkgs/nichtparasoup/default.nix
new file mode 100644
index 000000000..cf34c683f
--- /dev/null
+++ b/lass/5pkgs/nichtparasoup/default.nix
@@ -0,0 +1,25 @@
+{ stdenv, pkgs, ... }:
+let
+ py = pkgs.python3Packages.python.withPackages (p: [
+ p.werkzeug
+ p.beautifulsoup4
+ ]);
+ src = pkgs.fetchFromGitHub {
+ owner = "k4cg";
+ repo = "nichtparasoup";
+ rev = "cf164b5";
+ sha256 = "09bwh76agp14j8rv7bp47jcwhffc1b0bak0ikvzxyphph5lyidk9";
+ };
+ patchedSrc = stdenv.mkDerivation {
+ name = "nichtparasoup";
+ inherit src;
+ patches = [ ./exception.patch ];
+ phases = [ "unpackPhase" "patchPhase" "installPhase" ];
+ installPhase = ''
+ mkdir -p $out
+ cp -r * $out/
+ '';
+ };
+in pkgs.writeDashBin "nichtparasoup" ''
+ ${py}/bin/python ${patchedSrc}/nichtparasoup.py "$@"
+''
diff --git a/lass/5pkgs/nichtparasoup/exception.patch b/lass/5pkgs/nichtparasoup/exception.patch
new file mode 100644
index 000000000..34c177de0
--- /dev/null
+++ b/lass/5pkgs/nichtparasoup/exception.patch
@@ -0,0 +1,13 @@
+diff --git a/nichtparasoup.py b/nichtparasoup.py
+index 9da9a2b..833ca71 100755
+--- a/nichtparasoup.py
++++ b/nichtparasoup.py
+@@ -211,7 +211,7 @@ def cache_fill_loop():
+ try:
+ sources[crawler][site].crawl()
+ info = Crawler.info()
+- except Exception, e:
++ except Exception as e:
+ logger.error("Error in crawler %s - %s: %s" % (crawler, site, e))
+ break
+
From 80cb62753405364cedb40f7591704dde56593de3 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 4 May 2018 20:31:12 +0200
Subject: [PATCH 10/65] l: add nichtparasoup module
---
lass/3modules/default.nix | 1 +
lass/3modules/nichtparasoup.nix | 48 +++++++++++++++++++++++++++++++++
2 files changed, 49 insertions(+)
create mode 100644 lass/3modules/nichtparasoup.nix
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 5e7e6dff3..2cf6a66b9 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -7,6 +7,7 @@ _:
./hosts.nix
./mysql-backup.nix
./news.nix
+ ./nichtparasoup.nix
./pyload.nix
./restic.nix
./screenlock.nix
diff --git a/lass/3modules/nichtparasoup.nix b/lass/3modules/nichtparasoup.nix
new file mode 100644
index 000000000..dd1419f24
--- /dev/null
+++ b/lass/3modules/nichtparasoup.nix
@@ -0,0 +1,48 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+{
+ options.lass.nichtparasoup = {
+ enable = mkEnableOption "nichtparasoup funny image page";
+ config = mkOption {
+ type = types.str;
+ default = ''
+ [General]
+ Port: 5001
+ IP: 0.0.0.0
+ Useragent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25
+
+ [Cache]
+ Images_min_limit: 15
+
+ [Logging]
+ ;; possible destinations: file syslog
+ Destination: syslog
+ Verbosity: ERROR
+
+ [Sites]
+ SoupIO: everyone
+ Pr0gramm: new,top
+ Reddit: gifs,pics,aww,aww_gifs,reactiongifs,wtf,FoodPorn,cats,StarWars,ANormalDayInRussia,perfectloops,reallifedoodles
+ NineGag: geeky,wtf,hot,trending
+ Instagram: cats,animals,nerdy_gaming_art,nature,wtf
+ Fourchan: sci
+ '';
+ };
+ };
+
+ config = mkIf config.lass.nichtparasoup.enable {
+ systemd.services.nichtparasoup = {
+ description = "nichtparasoup";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ restartIfChanged = true;
+ serviceConfig = {
+ Restart = "always";
+ ExecStart = "${pkgs.nichtparasoup}/bin/nichtparasoup -c ${pkgs.writeText "config.ini"config.lass.nichtparasoup.config}";
+ };
+ };
+ };
+}
From 67047f9e8dc18e43ce37927b19a6aae62c2ab4a1 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 4 May 2018 20:32:23 +0200
Subject: [PATCH 11/65] l prism.r: add pubkey to download
---
lass/1systems/prism/config.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 564315e8f..76aaf0cdc 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -358,6 +358,11 @@ in {
};
});
}
+ {
+ users.users.download.openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.prism;
From 24a3d64301ccbc39bdc6e46d5b6201b48311ed80 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 4 May 2018 20:37:21 +0200
Subject: [PATCH 12/65] l prism.r: enable nichtparasoup
---
lass/1systems/prism/config.nix | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 76aaf0cdc..90decc35e 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -363,6 +363,22 @@ in {
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
];
}
+ {
+ lass.nichtparasoup.enable = true;
+ services.nginx = {
+ enable = true;
+ virtualHosts.lol = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/".extraConfig = ''
+ proxy_pass http://localhost:5001;
+ '';
+ serverAliases = [
+ "lol.lassul.us"
+ ];
+ };
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;
From e1a0d9409d7f7e1c60f98ef2ee69cfecc445aa08 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 4 May 2018 20:59:08 +0200
Subject: [PATCH 13/65] l nichtparasoup: cf164b5 -> c6dcd0d
---
lass/5pkgs/nichtparasoup/default.nix | 16 +++-------------
1 file changed, 3 insertions(+), 13 deletions(-)
diff --git a/lass/5pkgs/nichtparasoup/default.nix b/lass/5pkgs/nichtparasoup/default.nix
index cf34c683f..fcff7ad54 100644
--- a/lass/5pkgs/nichtparasoup/default.nix
+++ b/lass/5pkgs/nichtparasoup/default.nix
@@ -7,19 +7,9 @@ let
src = pkgs.fetchFromGitHub {
owner = "k4cg";
repo = "nichtparasoup";
- rev = "cf164b5";
- sha256 = "09bwh76agp14j8rv7bp47jcwhffc1b0bak0ikvzxyphph5lyidk9";
- };
- patchedSrc = stdenv.mkDerivation {
- name = "nichtparasoup";
- inherit src;
- patches = [ ./exception.patch ];
- phases = [ "unpackPhase" "patchPhase" "installPhase" ];
- installPhase = ''
- mkdir -p $out
- cp -r * $out/
- '';
+ rev = "c6dcd0d";
+ sha256 = "10xy20bjdnd5bjv2hf6v5y5wi0mc9555awxkjqf57rk6ngc5w6ss";
};
in pkgs.writeDashBin "nichtparasoup" ''
- ${py}/bin/python ${patchedSrc}/nichtparasoup.py "$@"
+ ${py}/bin/python ${src}/nichtparasoup.py "$@"
''
From 8d6ab1e0bb0be7f779b721c797b937be8e452e02 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 7 May 2018 00:35:28 +0200
Subject: [PATCH 14/65] l: add icarus.pgp
---
krebs/3modules/lass/default.nix | 1 +
krebs/3modules/lass/pgp/icarus.pgp | 51 ++++++++++++++++++++++++++++++
2 files changed, 52 insertions(+)
create mode 100644 krebs/3modules/lass/pgp/icarus.pgp
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 36fd5fc63..aa0b43f9a 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -698,6 +698,7 @@ with import <stockholm/lib>;
lass-icarus = {
mail = "lass@icarus.r";
pubkey = builtins.readFile ./ssh/icarus.rsa;
+ pgp.pubkeys.default = builtins.readFile ./pgp/icarus.pgp;
};
lass-xerxes = {
mail = "lass@xerxes.r";
diff --git a/krebs/3modules/lass/pgp/icarus.pgp b/krebs/3modules/lass/pgp/icarus.pgp
new file mode 100644
index 000000000..f41478a09
--- /dev/null
+++ b/krebs/3modules/lass/pgp/icarus.pgp
@@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFpqAGEBEADWiwVYVFXuK9kM7Y1XFL70jb2ZAZBRIpcZF81URMDFhm6ulvHq
+fEhXTpiKKmfnv5Mz6r6wAWLJFKOKZuEvg8NwplRrlBHMkR3iEx4+7sP/dVey7U6f
++gI61ytFHTOKr52gstPVdXO3xhNmdrAI1hFuF2DxoXKloz8tPP92dZcCdm7+5C+2
+KSYEBrIp/Zv1cjkbAFwek5y4ut65sBh/VM+RhSLbqwzyCxwfBE9QAJdIEiSmChql
+Lcz6CToYrdXhOY0ykx+QhT092k/6Xh66JeZ63WVHGrF+SSabq5NNcbWi7EISioHd
+N6JXZmbXMpS/BxgMe145e3mWnd3KOSeOxaiORqev8VOycjRQJfSm8Ky+GtWIyxp7
+rwEHbY8vlG2X9RMW5UxVmSRPWLykZoX0Xvmnrpwcohb5WdkuCp9NjqF0gDswU8do
+bCqASfeWBvJAQkoAlMLU7YH+ymmeQcSVdLy4Jpv1fk5FocQBihTBnC1+ztt7Rm8m
+8VGEpH1h174/z4Xn+bCkRZqopl9GlvpilLT8m8N8jdL7QLZJlQwrHVtima8Rg3XZ
+TriW1Ha/NxHZ8nN7pbisqXHCrJB0szzu++yVeQ7Ebr7HA0tIHqDhqVR0s6a1g5AX
+JYI8vCErowhvPf+BVCUYfmh5dJAY6tt9zrvCneaZ7ogPzOH9kRnZXYi7ZQARAQAB
+tBZpY2FydXMgPGxhc3NAaWNhcnVzLnI+iQJOBBMBCAA4FiEEbimq9dgDayT9DrQy
+FSODpr2bDFMFAlpqAGECGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQFSOD
+pr2bDFNVohAAiY6Pp4whrAIKwNkzqLkUl2SyQCVSGOce906jthKSixdfaUORZPdD
+AnyYUmPyVpWxKYjZl7IfmDDo7D6m21tP8FxCRK8/oYAtz3uRK5b5sb0/5YR77O9+
+s65sNhU8jiHetUEHQ0Z9UJKfm1DpanJ37uIhVcye8BC8OuSD0v0s+hZ+2ZaN1qdn
+qqCkujAILxOWo1ZDqpXfHaV11AotzlgyYmxlXzClsLB0SGhU7HUZesKETn3JUmrV
+88kkpug8gn9MpTSPDIWsTeNUWpNhqdDRA+2TUygtpQSKzJC8sdkFaWkMrH3cF6wA
+BZ+4tS2mRMQWq9BNMK+xnkWPvYO9e6v4ddXtlcVgGTUhSo+opCXza3dcXE5Xbv8x
+a1T5HJSV0HQPTrlAUoXZveu7ZgYVO5SOTCm1jBNKX8WCmvO6yJRalxo9N/d6gswq
+tKAGm9tlXpTXnG6tvebmSxjzjVwjbQMDJGy4Cj4bw0GGCdapDFrPidUDY/INmU7D
+TWtNsAJlJRuu7ddxIVTspZ7rmDBAOhYzXxGuU3ntZFTiFm9BpCmHYWpeQ5EKuxhJ
+mgxzC9wKDoS8NRKwt5ak/mX0vpXkJjF2Lrza0wCAZ1ZYWFNaehEwhNT51s9kZIi3
+w1v2z8xmu7VDq/n2sMRtMe7MVIOh1Nu7l/5Uqeb+EYnEc1NGZsFxcYK5Ag0EWmoA
+YQEQALMaaF9HeDpeqDjDpxanjjIz4YXMZoMkXwrLS/Rn2mobG5lJzxU+1AkwXxTD
+K45A0YHWsnAH1S8V9Gx+NlUMS/S/m9BruSXNohUKARIJLbltEM/EufOThjgfhW0Y
+cLorZ1kOSZvORR9+Ctuq/RcvGFwyLB/4OpcGHUezTIcAkLUo0lKPS4HtT2ogSUIx
+UstAMwEOSQIDR6sDDiS0BXNdlkKK6daLpH+snQMGP+ILAyRHGu1MlYkACDQZa5aP
+9vpany7zC9Ls7vaewCevZCUJfs00VF72pdCRdBV8oPQqwPfhS+uSCV58WwWCqHTq
+8PtxCVVzQdngOvScRvjrijtzlseyyTW3w9DPoDsQ16oM3y0kcnnv2hdfTVuv4+YK
+9fVRIrWEAlU3cxud7iws9+vUO9GwyWy+epFLiCgNgJR/RVIIjcHUExn/XAcFStjw
+QtW+3BxjYmdJpsh5wvmMJSMZDJFMEdKYPm4RI7ZfKVwl6yFeJt3hNkLxxF7k2fXB
+84pIvl03hXA3tRQ5t46wS7L2EPlWT00+MCraczvbIS+SX1nCp4ZXLBs0YmicioBS
+Os0zEtVs+80eWMf86MTT7YLwre4t+QRbM/RyIvJFTqBT3ad7/7ZMyEuVJBwDJlpx
+LGwZGa6zwnbzcf8Us4kAIRzQoK8VOg/xC/ymJYCk3oJCKD9RABEBAAGJAjYEGAEI
+ACAWIQRuKar12ANrJP0OtDIVI4OmvZsMUwUCWmoAYQIbDAAKCRAVI4OmvZsMU1vw
+EACDJDmZR5BIPxwr9+1Z5ZgT7XcBUbu4F2w84J3xqCUYqcti6I4lSMtxfw94crMp
+HoexOVOhvoTneIliv0a4ZSu84u4CGoFn4M7RA0Ka1SVvbuasXf57sVwRptXjr3LL
+f/0olra5rkIyZbsvKm0g2N/bfmCfmtOClFDst2yK/FovW5PJBRx2mT38qBhHG8j2
+P7zG0/vO846FxjAGvOMGlEVGmN+R9BeecomOKsKgvUbsycAwzZi/2vWAUGbJBYjx
+Yd+K8wjPE8g5CumxaLSH/dlY/0BOZygjank+aHLrwMtNnplYVJmmqDhdbgwN6DDk
+cCQNLQyk61IdhtZ7UzJyFTkXnXiirrO4WzL6GJjunNzvcTUAU5vNiG+2he1GdxZF
+WiLRrcC+oIMWVST8fNRwJZU+Ibw/UIfEV/rHau0fJlxZatks7Qd8gjxSHIyElUVj
+CYrizbFPZ85IhkCirX2tvhycK/nseAYjDuJkJIp3Io0sl3cQ9M8Kx790LUbYzNC4
+bZn8vA1YwTr1ny3+vEhMhaaVSTeVrWYV8023kwzcLRWra7F1hJcc9+LNmqHvXR67
+uBW2KPIrXKrjJmGkMVBSrf9PJu5jNfvCWOntck7C7xOWoUcgyt3uTpP7FkHVdolh
+HFNPouS3w0HoB20zdCpmyFNs6Rjhey2r5JIttd6ATVRVYA==
+=gJia
+-----END PGP PUBLIC KEY BLOCK-----
From 4b9ad61e03c18ae2687d49a365fb4e95ac2dbeec Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 7 May 2018 19:51:21 +0200
Subject: [PATCH 15/65] l icarus.r: add dpass & macchanger
---
lass/1systems/icarus/config.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index b6a0822b9..f9754ee92 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -33,4 +33,9 @@
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
+
+ environment.systemPackages = with pkgs; [
+ macchanger
+ dpass
+ ];
}
From 2dc18fb83a0c8fcd9c4cb04de9470e73c29fcedd Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 7 May 2018 19:55:38 +0200
Subject: [PATCH 16/65] l prism.r: simplify lol.lassul.us nginx
---
lass/1systems/prism/config.nix | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 90decc35e..d4be2faaf 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -367,15 +367,12 @@ in {
lass.nichtparasoup.enable = true;
services.nginx = {
enable = true;
- virtualHosts.lol = {
+ virtualHosts."lol.lassul.us" = {
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
proxy_pass http://localhost:5001;
'';
- serverAliases = [
- "lol.lassul.us"
- ];
};
};
}
From c0f7f7bab5447ebf95f4873f7ff9679938ff6d27 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 7 May 2018 19:56:26 +0200
Subject: [PATCH 17/65] l baseX: add dconf
---
lass/2configs/baseX.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index e2e44b6fc..809297655 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -74,6 +74,7 @@ in {
gi
git-preview
gitAndTools.qgit
+ gnome3.dconf
lm_sensors
mpv-poll
much
From e8c4f7c0e40a1612731ad9f68ef7f5bb1ec7ce1c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 7 May 2018 19:57:44 +0200
Subject: [PATCH 18/65] l websites utils: forceSSL
---
lass/2configs/websites/util.nix | 16 +++-------------
1 file changed, 3 insertions(+), 13 deletions(-)
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index 61b5543ce..a11e8e692 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -16,11 +16,7 @@ rec {
in {
services.nginx.virtualHosts.${domain} = {
enableACME = true;
- onlySSL = true;
- extraConfig = ''
- listen 80;
- listen [::]:80;
- '';
+ forceSSL = true;
serverAliases = domains;
locations."/".extraConfig = ''
root /srv/http/${domain};
@@ -87,12 +83,9 @@ rec {
in {
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
- onlySSL = true;
+ forceSSL = true;
serverAliases = domains;
extraConfig = ''
- listen 80;
- listen [::]:80;
-
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
@@ -201,12 +194,9 @@ rec {
in {
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
- onlySSL = true;
+ forceSSL = true;
serverAliases = domains;
extraConfig = ''
- listen 80;
- listen [::]:80;
-
root /srv/http/${domain}/;
index index.php;
access_log /tmp/nginx_acc.log;
From 06402dba84c42396a911ceff56c15a26b9f5ee9c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 8 May 2018 08:28:21 +0200
Subject: [PATCH 19/65] l icarus.r: import wine.nix
---
lass/1systems/icarus/config.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index f9754ee92..eb2be5869 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -17,6 +17,7 @@
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/backup.nix>
+ <stockholm/lass/2configs/wine.nix>
];
krebs.build.host = config.krebs.hosts.icarus;
@@ -38,4 +39,8 @@
macchanger
dpass
];
+ services.redshift = {
+ enable = true;
+ provider = "geoclue2";
+ };
}
From 603db72c0d4bb98ca0b56aa94fa69299123d784c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 8 May 2018 08:30:10 +0200
Subject: [PATCH 20/65] l nichtparasoup: update default feeds
---
lass/3modules/nichtparasoup.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lass/3modules/nichtparasoup.nix b/lass/3modules/nichtparasoup.nix
index dd1419f24..14f4fffc8 100644
--- a/lass/3modules/nichtparasoup.nix
+++ b/lass/3modules/nichtparasoup.nix
@@ -24,9 +24,9 @@ with import <stockholm/lib>;
[Sites]
SoupIO: everyone
Pr0gramm: new,top
- Reddit: gifs,pics,aww,aww_gifs,reactiongifs,wtf,FoodPorn,cats,StarWars,ANormalDayInRussia,perfectloops,reallifedoodles
+ Reddit: gifs,reactiongifs,ANormalDayInRussia,perfectloops,reallifedoodles,bizarrebuildings,cablefail,cableporn,cableporn,cableporn,educationalgifs,EngineeringPorn,forbiddensnacks,holdmybeer,itsaunixsystem,loadingicon,michaelbaygifs,nononoyesno,oddlysatisfying,ofcoursethatsathing,OSHA,PeopleFuckingDying,PerfectTiming,PixelArt,RetroFuturism,robotsbeingjerks,scriptedasiangifs,shittyrobots,startrekstabilized,ThingsCutInHalfPorn,totallynotrobots,Unexpected
NineGag: geeky,wtf,hot,trending
- Instagram: cats,animals,nerdy_gaming_art,nature,wtf
+ Instagram: nature,wtf
Fourchan: sci
'';
};
From af75b96fbe412527c4bf9129de850bcab3e7c7cb Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 8 May 2018 08:31:53 +0200
Subject: [PATCH 21/65] l xmonad: change default layout order
---
lass/5pkgs/custom/xmonad-lass/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix
index 18cb25b5b..868c1072a 100644
--- a/lass/5pkgs/custom/xmonad-lass/default.nix
+++ b/lass/5pkgs/custom/xmonad-lass/default.nix
@@ -90,7 +90,7 @@ main' = do
myLayoutHook = defLayout
where
- defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
+ defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
floatHooks :: Query (Endo WindowSet)
floatHooks = composeAll . concat $
From edafe24e94252e2be936a760ce47485c8e4fa0af Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 8 May 2018 19:25:59 +0200
Subject: [PATCH 22/65] tv nixpkgs: 53e6d67 -> 7cbf6ca
---
tv/source.nix | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/tv/source.nix b/tv/source.nix
index e5e5e0413..14527d956 100644
--- a/tv/source.nix
+++ b/tv/source.nix
@@ -16,8 +16,7 @@ in
{
nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix";
nixpkgs.git = {
- # nixos-17.09
- ref = mkDefault "53e6d671a9662922080635482b7e1c418d2cdc72";
+ ref = mkDefault "7cbf6ca1c84dfc917c1a99524e082fb677501844";
url = https://github.com/NixOS/nixpkgs;
};
secrets.file = getAttr builder {
From 47c0b0261eabdf230bfc7a375a3a008a04b61c4a Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 9 May 2018 11:11:50 +0200
Subject: [PATCH 23/65] krebs: 6tests -> 0tests
---
krebs/{6tests => 0tests}/data/secrets/grafana_security.nix | 0
krebs/{6tests => 0tests}/data/secrets/hashedPasswords.nix | 0
krebs/{6tests => 0tests}/data/secrets/retiolum.rsa_key.priv | 0
.../data/secrets/shackspace-gitlab-ci-token.nix | 0
krebs/{6tests => 0tests}/data/secrets/ssh.id_ed25519 | 0
krebs/{6tests => 0tests}/data/test-config.nix | 0
krebs/{6tests => 0tests}/data/test-source.nix | 0
krebs/{6tests => 0tests}/default.nix | 0
krebs/{6tests => 0tests}/deploy.nix | 2 +-
krebs/3modules/ci.nix | 2 +-
krebs/kops.nix | 2 +-
krebs/source.nix | 2 +-
makefu/{6tests => 0tests}/data/secrets/auth.nix | 0
makefu/{6tests => 0tests}/data/secrets/bepasty-secret.nix | 0
.../data/secrets/bgt_cyberwar_hidden_service/hostname | 0
makefu/{6tests => 0tests}/data/secrets/daemon-pw | 0
.../data/secrets/dl.euer.krebsco.de-auth.nix | 0
makefu/{6tests => 0tests}/data/secrets/extra-hosts.nix | 0
makefu/{6tests => 0tests}/data/secrets/grafana_security.nix | 0
makefu/{6tests => 0tests}/data/secrets/hashedPasswords.nix | 0
makefu/{6tests => 0tests}/data/secrets/iodinepw.nix | 0
makefu/{6tests => 0tests}/data/secrets/kibana-auth.nix | 0
makefu/{6tests => 0tests}/data/secrets/nsupdate-data.nix | 0
makefu/{6tests => 0tests}/data/secrets/nsupdate-search.nix | 0
.../{6tests => 0tests}/data/secrets/retiolum-ci.rsa_key.priv | 0
makefu/{6tests => 0tests}/data/secrets/retiolum.rsa_key.priv | 0
makefu/{6tests => 0tests}/data/secrets/retiolum.rsa_key.pub | 0
makefu/{6tests => 0tests}/data/secrets/sambacred | 0
.../data/secrets/shackspace-gitlab-ci-token.nix | 0
makefu/{6tests => 0tests}/data/secrets/ssh.id_ed25519 | 0
makefu/{6tests => 0tests}/data/secrets/ssh.makefu.id_rsa | 0
makefu/{6tests => 0tests}/data/secrets/ssh.makefu.id_rsa.pub | 0
makefu/{6tests => 0tests}/data/secrets/ssh_host_ed25519_key | 0
makefu/{6tests => 0tests}/data/secrets/ssh_host_rsa_key | 0
makefu/{6tests => 0tests}/data/secrets/tinc.krebsco.de.crt | 0
makefu/{6tests => 0tests}/data/secrets/tinc.krebsco.de.key | 0
makefu/{6tests => 0tests}/data/secrets/tw-pass.ini | 0
.../{6tests => 0tests}/data/secrets/wildcard.krebsco.de.crt | 0
.../{6tests => 0tests}/data/secrets/wildcard.krebsco.de.key | 0
makefu/source.nix | 4 ++--
nin/{6tests => 0tests}/dummysecrets/hashedPasswords.nix | 0
nin/{6tests => 0tests}/dummysecrets/ssh.id_ed25519 | 0
nin/source.nix | 2 +-
43 files changed, 7 insertions(+), 7 deletions(-)
rename krebs/{6tests => 0tests}/data/secrets/grafana_security.nix (100%)
rename krebs/{6tests => 0tests}/data/secrets/hashedPasswords.nix (100%)
rename krebs/{6tests => 0tests}/data/secrets/retiolum.rsa_key.priv (100%)
rename krebs/{6tests => 0tests}/data/secrets/shackspace-gitlab-ci-token.nix (100%)
rename krebs/{6tests => 0tests}/data/secrets/ssh.id_ed25519 (100%)
rename krebs/{6tests => 0tests}/data/test-config.nix (100%)
rename krebs/{6tests => 0tests}/data/test-source.nix (100%)
rename krebs/{6tests => 0tests}/default.nix (100%)
rename krebs/{6tests => 0tests}/deploy.nix (97%)
rename makefu/{6tests => 0tests}/data/secrets/auth.nix (100%)
rename makefu/{6tests => 0tests}/data/secrets/bepasty-secret.nix (100%)
rename makefu/{6tests => 0tests}/data/secrets/bgt_cyberwar_hidden_service/hostname (100%)
rename makefu/{6tests => 0tests}/data/secrets/daemon-pw (100%)
rename makefu/{6tests => 0tests}/data/secrets/dl.euer.krebsco.de-auth.nix (100%)
rename makefu/{6tests => 0tests}/data/secrets/extra-hosts.nix (100%)
rename makefu/{6tests => 0tests}/data/secrets/grafana_security.nix (100%)
rename makefu/{6tests => 0tests}/data/secrets/hashedPasswords.nix (100%)
rename makefu/{6tests => 0tests}/data/secrets/iodinepw.nix (100%)
rename makefu/{6tests => 0tests}/data/secrets/kibana-auth.nix (100%)
rename makefu/{6tests => 0tests}/data/secrets/nsupdate-data.nix (100%)
rename makefu/{6tests => 0tests}/data/secrets/nsupdate-search.nix (100%)
rename makefu/{6tests => 0tests}/data/secrets/retiolum-ci.rsa_key.priv (100%)
rename makefu/{6tests => 0tests}/data/secrets/retiolum.rsa_key.priv (100%)
rename makefu/{6tests => 0tests}/data/secrets/retiolum.rsa_key.pub (100%)
rename makefu/{6tests => 0tests}/data/secrets/sambacred (100%)
rename makefu/{6tests => 0tests}/data/secrets/shackspace-gitlab-ci-token.nix (100%)
rename makefu/{6tests => 0tests}/data/secrets/ssh.id_ed25519 (100%)
rename makefu/{6tests => 0tests}/data/secrets/ssh.makefu.id_rsa (100%)
rename makefu/{6tests => 0tests}/data/secrets/ssh.makefu.id_rsa.pub (100%)
rename makefu/{6tests => 0tests}/data/secrets/ssh_host_ed25519_key (100%)
rename makefu/{6tests => 0tests}/data/secrets/ssh_host_rsa_key (100%)
rename makefu/{6tests => 0tests}/data/secrets/tinc.krebsco.de.crt (100%)
rename makefu/{6tests => 0tests}/data/secrets/tinc.krebsco.de.key (100%)
rename makefu/{6tests => 0tests}/data/secrets/tw-pass.ini (100%)
rename makefu/{6tests => 0tests}/data/secrets/wildcard.krebsco.de.crt (100%)
rename makefu/{6tests => 0tests}/data/secrets/wildcard.krebsco.de.key (100%)
rename nin/{6tests => 0tests}/dummysecrets/hashedPasswords.nix (100%)
rename nin/{6tests => 0tests}/dummysecrets/ssh.id_ed25519 (100%)
diff --git a/krebs/6tests/data/secrets/grafana_security.nix b/krebs/0tests/data/secrets/grafana_security.nix
similarity index 100%
rename from krebs/6tests/data/secrets/grafana_security.nix
rename to krebs/0tests/data/secrets/grafana_security.nix
diff --git a/krebs/6tests/data/secrets/hashedPasswords.nix b/krebs/0tests/data/secrets/hashedPasswords.nix
similarity index 100%
rename from krebs/6tests/data/secrets/hashedPasswords.nix
rename to krebs/0tests/data/secrets/hashedPasswords.nix
diff --git a/krebs/6tests/data/secrets/retiolum.rsa_key.priv b/krebs/0tests/data/secrets/retiolum.rsa_key.priv
similarity index 100%
rename from krebs/6tests/data/secrets/retiolum.rsa_key.priv
rename to krebs/0tests/data/secrets/retiolum.rsa_key.priv
diff --git a/krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix b/krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix
similarity index 100%
rename from krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix
rename to krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix
diff --git a/krebs/6tests/data/secrets/ssh.id_ed25519 b/krebs/0tests/data/secrets/ssh.id_ed25519
similarity index 100%
rename from krebs/6tests/data/secrets/ssh.id_ed25519
rename to krebs/0tests/data/secrets/ssh.id_ed25519
diff --git a/krebs/6tests/data/test-config.nix b/krebs/0tests/data/test-config.nix
similarity index 100%
rename from krebs/6tests/data/test-config.nix
rename to krebs/0tests/data/test-config.nix
diff --git a/krebs/6tests/data/test-source.nix b/krebs/0tests/data/test-source.nix
similarity index 100%
rename from krebs/6tests/data/test-source.nix
rename to krebs/0tests/data/test-source.nix
diff --git a/krebs/6tests/default.nix b/krebs/0tests/default.nix
similarity index 100%
rename from krebs/6tests/default.nix
rename to krebs/0tests/default.nix
diff --git a/krebs/6tests/deploy.nix b/krebs/0tests/deploy.nix
similarity index 97%
rename from krebs/6tests/deploy.nix
rename to krebs/0tests/deploy.nix
index 156e9239f..d96963500 100644
--- a/krebs/6tests/deploy.nix
+++ b/krebs/0tests/deploy.nix
@@ -3,7 +3,7 @@ import <nixpkgs/nixos/tests/make-test.nix> ({ ... }:
let
pkgs = import <nixpkgs> { overlays = [(import ../5pkgs)]; };
- test-config = <stockholm/krebs/6tests/data/test-config.nix>;
+ test-config = <stockholm/krebs/0tests/data/test-config.nix>;
privKey = ''
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index bb19f0602..e97aa16eb 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -147,7 +147,7 @@ in
"dummy_secrets": "true",
},
command=[
- "nix-build", "-I", "stockholm=.", "krebs/6tests",
+ "nix-build", "-I", "stockholm=.", "krebs/0tests",
"-A", "{}".format(test)
],
timeout=90001
diff --git a/krebs/kops.nix b/krebs/kops.nix
index abd60ee5a..561b017b9 100644
--- a/krebs/kops.nix
+++ b/krebs/kops.nix
@@ -38,7 +38,7 @@
secrets =
if test
then {
- file = toString <stockholm/krebs/6tests/data/secrets>;
+ file = toString <stockholm/krebs/0tests/data/secrets>;
}
else {
pass = {
diff --git a/krebs/source.nix b/krebs/source.nix
index 3ee12b37f..49f464f61 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -14,7 +14,7 @@ in
{
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
secrets = getAttr builder {
- buildbot.file = toString <stockholm/krebs/6tests/data/secrets>;
+ buildbot.file = toString <stockholm/krebs/0tests/data/secrets>;
krebs.pass = {
dir = "${getEnv "HOME"}/brain";
name = "krebs-secrets/${name}";
diff --git a/makefu/6tests/data/secrets/auth.nix b/makefu/0tests/data/secrets/auth.nix
similarity index 100%
rename from makefu/6tests/data/secrets/auth.nix
rename to makefu/0tests/data/secrets/auth.nix
diff --git a/makefu/6tests/data/secrets/bepasty-secret.nix b/makefu/0tests/data/secrets/bepasty-secret.nix
similarity index 100%
rename from makefu/6tests/data/secrets/bepasty-secret.nix
rename to makefu/0tests/data/secrets/bepasty-secret.nix
diff --git a/makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname b/makefu/0tests/data/secrets/bgt_cyberwar_hidden_service/hostname
similarity index 100%
rename from makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname
rename to makefu/0tests/data/secrets/bgt_cyberwar_hidden_service/hostname
diff --git a/makefu/6tests/data/secrets/daemon-pw b/makefu/0tests/data/secrets/daemon-pw
similarity index 100%
rename from makefu/6tests/data/secrets/daemon-pw
rename to makefu/0tests/data/secrets/daemon-pw
diff --git a/makefu/6tests/data/secrets/dl.euer.krebsco.de-auth.nix b/makefu/0tests/data/secrets/dl.euer.krebsco.de-auth.nix
similarity index 100%
rename from makefu/6tests/data/secrets/dl.euer.krebsco.de-auth.nix
rename to makefu/0tests/data/secrets/dl.euer.krebsco.de-auth.nix
diff --git a/makefu/6tests/data/secrets/extra-hosts.nix b/makefu/0tests/data/secrets/extra-hosts.nix
similarity index 100%
rename from makefu/6tests/data/secrets/extra-hosts.nix
rename to makefu/0tests/data/secrets/extra-hosts.nix
diff --git a/makefu/6tests/data/secrets/grafana_security.nix b/makefu/0tests/data/secrets/grafana_security.nix
similarity index 100%
rename from makefu/6tests/data/secrets/grafana_security.nix
rename to makefu/0tests/data/secrets/grafana_security.nix
diff --git a/makefu/6tests/data/secrets/hashedPasswords.nix b/makefu/0tests/data/secrets/hashedPasswords.nix
similarity index 100%
rename from makefu/6tests/data/secrets/hashedPasswords.nix
rename to makefu/0tests/data/secrets/hashedPasswords.nix
diff --git a/makefu/6tests/data/secrets/iodinepw.nix b/makefu/0tests/data/secrets/iodinepw.nix
similarity index 100%
rename from makefu/6tests/data/secrets/iodinepw.nix
rename to makefu/0tests/data/secrets/iodinepw.nix
diff --git a/makefu/6tests/data/secrets/kibana-auth.nix b/makefu/0tests/data/secrets/kibana-auth.nix
similarity index 100%
rename from makefu/6tests/data/secrets/kibana-auth.nix
rename to makefu/0tests/data/secrets/kibana-auth.nix
diff --git a/makefu/6tests/data/secrets/nsupdate-data.nix b/makefu/0tests/data/secrets/nsupdate-data.nix
similarity index 100%
rename from makefu/6tests/data/secrets/nsupdate-data.nix
rename to makefu/0tests/data/secrets/nsupdate-data.nix
diff --git a/makefu/6tests/data/secrets/nsupdate-search.nix b/makefu/0tests/data/secrets/nsupdate-search.nix
similarity index 100%
rename from makefu/6tests/data/secrets/nsupdate-search.nix
rename to makefu/0tests/data/secrets/nsupdate-search.nix
diff --git a/makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv b/makefu/0tests/data/secrets/retiolum-ci.rsa_key.priv
similarity index 100%
rename from makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv
rename to makefu/0tests/data/secrets/retiolum-ci.rsa_key.priv
diff --git a/makefu/6tests/data/secrets/retiolum.rsa_key.priv b/makefu/0tests/data/secrets/retiolum.rsa_key.priv
similarity index 100%
rename from makefu/6tests/data/secrets/retiolum.rsa_key.priv
rename to makefu/0tests/data/secrets/retiolum.rsa_key.priv
diff --git a/makefu/6tests/data/secrets/retiolum.rsa_key.pub b/makefu/0tests/data/secrets/retiolum.rsa_key.pub
similarity index 100%
rename from makefu/6tests/data/secrets/retiolum.rsa_key.pub
rename to makefu/0tests/data/secrets/retiolum.rsa_key.pub
diff --git a/makefu/6tests/data/secrets/sambacred b/makefu/0tests/data/secrets/sambacred
similarity index 100%
rename from makefu/6tests/data/secrets/sambacred
rename to makefu/0tests/data/secrets/sambacred
diff --git a/makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix b/makefu/0tests/data/secrets/shackspace-gitlab-ci-token.nix
similarity index 100%
rename from makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix
rename to makefu/0tests/data/secrets/shackspace-gitlab-ci-token.nix
diff --git a/makefu/6tests/data/secrets/ssh.id_ed25519 b/makefu/0tests/data/secrets/ssh.id_ed25519
similarity index 100%
rename from makefu/6tests/data/secrets/ssh.id_ed25519
rename to makefu/0tests/data/secrets/ssh.id_ed25519
diff --git a/makefu/6tests/data/secrets/ssh.makefu.id_rsa b/makefu/0tests/data/secrets/ssh.makefu.id_rsa
similarity index 100%
rename from makefu/6tests/data/secrets/ssh.makefu.id_rsa
rename to makefu/0tests/data/secrets/ssh.makefu.id_rsa
diff --git a/makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub b/makefu/0tests/data/secrets/ssh.makefu.id_rsa.pub
similarity index 100%
rename from makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub
rename to makefu/0tests/data/secrets/ssh.makefu.id_rsa.pub
diff --git a/makefu/6tests/data/secrets/ssh_host_ed25519_key b/makefu/0tests/data/secrets/ssh_host_ed25519_key
similarity index 100%
rename from makefu/6tests/data/secrets/ssh_host_ed25519_key
rename to makefu/0tests/data/secrets/ssh_host_ed25519_key
diff --git a/makefu/6tests/data/secrets/ssh_host_rsa_key b/makefu/0tests/data/secrets/ssh_host_rsa_key
similarity index 100%
rename from makefu/6tests/data/secrets/ssh_host_rsa_key
rename to makefu/0tests/data/secrets/ssh_host_rsa_key
diff --git a/makefu/6tests/data/secrets/tinc.krebsco.de.crt b/makefu/0tests/data/secrets/tinc.krebsco.de.crt
similarity index 100%
rename from makefu/6tests/data/secrets/tinc.krebsco.de.crt
rename to makefu/0tests/data/secrets/tinc.krebsco.de.crt
diff --git a/makefu/6tests/data/secrets/tinc.krebsco.de.key b/makefu/0tests/data/secrets/tinc.krebsco.de.key
similarity index 100%
rename from makefu/6tests/data/secrets/tinc.krebsco.de.key
rename to makefu/0tests/data/secrets/tinc.krebsco.de.key
diff --git a/makefu/6tests/data/secrets/tw-pass.ini b/makefu/0tests/data/secrets/tw-pass.ini
similarity index 100%
rename from makefu/6tests/data/secrets/tw-pass.ini
rename to makefu/0tests/data/secrets/tw-pass.ini
diff --git a/makefu/6tests/data/secrets/wildcard.krebsco.de.crt b/makefu/0tests/data/secrets/wildcard.krebsco.de.crt
similarity index 100%
rename from makefu/6tests/data/secrets/wildcard.krebsco.de.crt
rename to makefu/0tests/data/secrets/wildcard.krebsco.de.crt
diff --git a/makefu/6tests/data/secrets/wildcard.krebsco.de.key b/makefu/0tests/data/secrets/wildcard.krebsco.de.key
similarity index 100%
rename from makefu/6tests/data/secrets/wildcard.krebsco.de.key
rename to makefu/0tests/data/secrets/wildcard.krebsco.de.key
diff --git a/makefu/source.nix b/makefu/source.nix
index 40aeac8b6..1039ba654 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -45,7 +45,7 @@ in
};
secrets = getAttr builder {
- buildbot.file = toString <stockholm/makefu/6tests/data/secrets>;
+ buildbot.file = toString <stockholm/makefu/0tests/data/secrets>;
makefu.pass = {
inherit name;
dir = "${getEnv "HOME"}/.secrets-pass";
@@ -79,7 +79,7 @@ in
(mkIf ( torrent ) {
torrent-secrets = getAttr builder {
- buildbot.file = toString <stockholm/makefu/6tests/data/secrets>;
+ buildbot.file = toString <stockholm/makefu/0tests/data/secrets>;
makefu.pass = {
name = "torrent";
dir = "${getEnv "HOME"}/.secrets-pass";
diff --git a/nin/6tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix
similarity index 100%
rename from nin/6tests/dummysecrets/hashedPasswords.nix
rename to nin/0tests/dummysecrets/hashedPasswords.nix
diff --git a/nin/6tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519
similarity index 100%
rename from nin/6tests/dummysecrets/ssh.id_ed25519
rename to nin/0tests/dummysecrets/ssh.id_ed25519
diff --git a/nin/source.nix b/nin/source.nix
index 9fb2cb390..ae13c5583 100644
--- a/nin/source.nix
+++ b/nin/source.nix
@@ -13,7 +13,7 @@ in
evalSource (toString _file) {
nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix";
secrets.file = getAttr builder {
- buildbot = toString <stockholm/nin/6tests/dummysecrets>;
+ buildbot = toString <stockholm/nin/0tests/dummysecrets>;
nin = "/home/nin/secrets/${name}";
};
stockholm.file = toString <stockholm>;
From ce3a38dab187cbe085f83ea92771aa47bcdf709b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 10 May 2018 10:50:29 +0200
Subject: [PATCH 24/65] thesauron: init
---
krebs/5pkgs/simple/thesauron/default.nix | 7 +++++++
1 file changed, 7 insertions(+)
create mode 100644 krebs/5pkgs/simple/thesauron/default.nix
diff --git a/krebs/5pkgs/simple/thesauron/default.nix b/krebs/5pkgs/simple/thesauron/default.nix
new file mode 100644
index 000000000..99ab2b728
--- /dev/null
+++ b/krebs/5pkgs/simple/thesauron/default.nix
@@ -0,0 +1,7 @@
+{ fetchgit, callPackage }: let
+ src = fetchgit {
+ url = "https://github.com/krebscode/thesauron";
+ rev = "8ac22588cf2c20465e3c9348e7ce04885599c2a5";
+ "sha256"= "1ivkjl235dnm5aaqqvarnxkz7zh0gvah22b0fqwlsflrcd5wmgva";
+ };
+in callPackage src {}
From 079396f9e11573228bd6cf498f161c49660a7549 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 12 May 2018 15:18:15 +0200
Subject: [PATCH 25/65] l icarus.r: enable adb
---
lass/1systems/icarus/config.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index eb2be5869..59cd12afb 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -43,4 +43,5 @@
enable = true;
provider = "geoclue2";
};
+ programs.adb.enable = true;
}
From 0c0d527bec3a6a3d6435203253edb2ef27f9655b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 12 May 2018 15:51:24 +0200
Subject: [PATCH 26/65] l: hw config into physical.nix
---
lass/1systems/cabal/config.nix | 15 -----
lass/1systems/cabal/physical.nix | 12 ++++
lass/1systems/daedalus/config.nix | 15 -----
lass/1systems/daedalus/physical.nix | 20 +++++++
lass/1systems/dishfire/config.nix | 34 ------------
lass/1systems/dishfire/physical.nix | 39 +++++++++++++
lass/1systems/helios/config.nix | 56 +------------------
lass/1systems/helios/physical.nix | 65 ++++++++++++++++++++++
lass/1systems/icarus/config.nix | 15 -----
lass/1systems/icarus/physical.nix | 20 +++++++
lass/1systems/littleT/config.nix | 15 -----
lass/1systems/littleT/physical.nix | 7 +++
lass/1systems/mors/config.nix | 39 -------------
lass/1systems/mors/physical.nix | 44 +++++++++++++++
lass/1systems/prism/config.nix | 83 +---------------------------
lass/1systems/prism/physical.nix | 85 +++++++++++++++++++++++++++++
lass/1systems/red/config.nix | 2 -
lass/1systems/red/physical.nix | 7 +++
lass/1systems/shodan/config.nix | 42 --------------
lass/1systems/shodan/physical.nix | 47 ++++++++++++++++
lass/1systems/skynet/config.nix | 15 -----
lass/1systems/skynet/physical.nix | 12 ++++
lass/1systems/uriel/config.nix | 55 -------------------
lass/1systems/uriel/physical.nix | 59 ++++++++++++++++++++
lass/1systems/xerxes/config.nix | 24 --------
lass/1systems/xerxes/physical.nix | 29 ++++++++++
26 files changed, 448 insertions(+), 408 deletions(-)
create mode 100644 lass/1systems/cabal/physical.nix
create mode 100644 lass/1systems/daedalus/physical.nix
create mode 100644 lass/1systems/dishfire/physical.nix
create mode 100644 lass/1systems/helios/physical.nix
create mode 100644 lass/1systems/icarus/physical.nix
create mode 100644 lass/1systems/littleT/physical.nix
create mode 100644 lass/1systems/mors/physical.nix
create mode 100644 lass/1systems/prism/physical.nix
create mode 100644 lass/1systems/red/physical.nix
create mode 100644 lass/1systems/shodan/physical.nix
create mode 100644 lass/1systems/skynet/physical.nix
create mode 100644 lass/1systems/uriel/physical.nix
create mode 100644 lass/1systems/xerxes/physical.nix
diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix
index 9ac3cb681..b117b5116 100644
--- a/lass/1systems/cabal/config.nix
+++ b/lass/1systems/cabal/config.nix
@@ -3,8 +3,6 @@
{
imports = [
<stockholm/lass>
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
@@ -19,17 +17,4 @@
];
krebs.build.host = config.krebs.hosts.cabal;
-
- #fileSystems = {
- # "/bku" = {
- # device = "/dev/mapper/pool-bku";
- # fsType = "btrfs";
- # options = ["defaults" "noatime" "ssd" "compress=lzo"];
- # };
- #};
-
- #services.udev.extraRules = ''
- # SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
- # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
- #'';
}
diff --git a/lass/1systems/cabal/physical.nix b/lass/1systems/cabal/physical.nix
new file mode 100644
index 000000000..3cc4af03b
--- /dev/null
+++ b/lass/1systems/cabal/physical.nix
@@ -0,0 +1,12 @@
+{
+ imports = [
+ ./config.nix
+ <stockholm/lass/2configs/hw/x220.nix>
+ <stockholm/lass/2configs/boot/stock-x220.nix>
+ ];
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0"
+ '';
+}
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index c15fcdc21..eafc0d06c 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -4,8 +4,6 @@ with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/coreboot.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/games.nix>
@@ -94,17 +92,4 @@ with import <stockholm/lib>;
'';
krebs.build.host = config.krebs.hosts.daedalus;
-
- fileSystems = {
- "/bku" = {
- device = "/dev/mapper/pool-bku";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
- '';
}
diff --git a/lass/1systems/daedalus/physical.nix b/lass/1systems/daedalus/physical.nix
new file mode 100644
index 000000000..33a0cb473
--- /dev/null
+++ b/lass/1systems/daedalus/physical.nix
@@ -0,0 +1,20 @@
+{
+ imports = [
+ ./config.nix
+ <stockholm/lass/2configs/hw/x220.nix>
+ <stockholm/lass/2configs/boot/coreboot.nix>
+ ];
+
+ fileSystems = {
+ "/bku" = {
+ device = "/dev/mapper/pool-bku";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ };
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
+ '';
+}
diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix
index 7993c763e..3d5f32180 100644
--- a/lass/1systems/dishfire/config.nix
+++ b/lass/1systems/dishfire/config.nix
@@ -4,41 +4,7 @@
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
- <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
<stockholm/lass/2configs/git.nix>
- {
- boot.loader.grub = {
- device = "/dev/vda";
- splashImage = null;
- };
-
- boot.initrd.availableKernelModules = [
- "ata_piix"
- "ehci_pci"
- "uhci_hcd"
- "virtio_pci"
- "virtio_blk"
- ];
-
- fileSystems."/" = {
- device = "/dev/mapper/pool-nix";
- fsType = "ext4";
- };
-
- fileSystems."/srv/http" = {
- device = "/dev/pool/srv_http";
- fsType = "ext4";
- };
-
- fileSystems."/boot" = {
- device = "/dev/vda1";
- fsType = "ext4";
- };
- fileSystems."/bku" = {
- device = "/dev/pool/bku";
- fsType = "ext4";
- };
- }
{
networking.dhcpcd.allowInterfaces = [
"enp*"
diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix
new file mode 100644
index 000000000..64e3904e0
--- /dev/null
+++ b/lass/1systems/dishfire/physical.nix
@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+{
+ imports = [
+ ./config.nix
+ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+ ];
+
+ boot.loader.grub = {
+ device = "/dev/vda";
+ splashImage = null;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "ehci_pci"
+ "uhci_hcd"
+ "virtio_pci"
+ "virtio_blk"
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/mapper/pool-nix";
+ fsType = "ext4";
+ };
+
+ fileSystems."/srv/http" = {
+ device = "/dev/pool/srv_http";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/vda1";
+ fsType = "ext4";
+ };
+ fileSystems."/bku" = {
+ device = "/dev/pool/bku";
+ fsType = "ext4";
+ };
+}
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index 759bb6d06..bd7f75c3e 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -12,48 +12,12 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/otp-ssh.nix>
# TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined
#<stockholm/lass/2configs/git.nix>
- <stockholm/lass/2configs/dcso-vpn.nix>
+ #<stockholm/lass/2configs/dcso-vpn.nix>
<stockholm/lass/2configs/virtualbox.nix>
<stockholm/lass/2configs/dcso-dev.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
<stockholm/lass/2configs/backup.nix>
- { # automatic hardware detection
- boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
-
- fileSystems."/" = {
- device = "/dev/pool/root";
- fsType = "btrfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/1F60-17C6";
- fsType = "vfat";
- };
-
- fileSystems."/home" = {
- device = "/dev/pool/home";
- fsType = "btrfs";
- };
-
- fileSystems."/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = ["nosuid" "nodev" "noatime"];
- };
-
- nix.maxJobs = lib.mkDefault 8;
- }
- { # crypto stuff
- boot.initrd.luks = {
- cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
- devices = [{
- name = "luksroot";
- device = "/dev/nvme0n1p3";
- }];
- };
- }
{
services.xserver.dpi = 200;
fonts.fontconfig.dpi = 200;
@@ -99,13 +63,6 @@ with import <stockholm/lib>;
}
];
- # Use the systemd-boot EFI boot loader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- networking.wireless.enable = true;
- hardware.enableRedistributableFirmware = true;
-
environment.systemPackages = with pkgs; [
ag
vim
@@ -124,17 +81,6 @@ with import <stockholm/lib>;
services.tlp.enable = true;
- services.xserver.videoDrivers = [ "nvidia" ];
- services.xserver.xrandrHeads = [
- { output = "DP-2"; primary = true; }
- { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; }
- { output = "DP-0"; }
- ];
-
- services.xserver.displayManager.sessionCommands = ''
- ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
- '';
-
networking.hostName = lib.mkForce "BLN02NB0162";
security.pki.certificateFiles = [
diff --git a/lass/1systems/helios/physical.nix b/lass/1systems/helios/physical.nix
new file mode 100644
index 000000000..549506c29
--- /dev/null
+++ b/lass/1systems/helios/physical.nix
@@ -0,0 +1,65 @@
+{
+ imports = [
+ ./config.nix
+ { # automatic hardware detection
+ boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+ boot.kernelModules = [ "kvm-intel" ];
+
+ fileSystems."/" = {
+ device = "/dev/pool/root";
+ fsType = "btrfs";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/1F60-17C6";
+ fsType = "vfat";
+ };
+
+ fileSystems."/home" = {
+ device = "/dev/pool/home";
+ fsType = "btrfs";
+ };
+
+ fileSystems."/tmp" = {
+ device = "tmpfs";
+ fsType = "tmpfs";
+ options = ["nosuid" "nodev" "noatime"];
+ };
+
+ nix.maxJobs = lib.mkDefault 8;
+ }
+ { # crypto stuff
+ boot.initrd.luks = {
+ cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+ devices = [{
+ name = "luksroot";
+ device = "/dev/nvme0n1p3";
+ }];
+ };
+ }
+ ];
+
+ # Use the systemd-boot EFI boot loader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ networking.wireless.enable = true;
+ hardware.enableRedistributableFirmware = true;
+
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0"
+ '';
+
+ services.xserver.videoDrivers = [ "nvidia" ];
+ services.xserver.xrandrHeads = [
+ { output = "DP-2"; primary = true; }
+ { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; }
+ { output = "DP-0"; }
+ ];
+
+ services.xserver.displayManager.sessionCommands = ''
+ ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
+ '';
+}
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index 59cd12afb..d54bd3e9e 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -3,8 +3,6 @@
{
imports = [
<stockholm/lass>
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/coreboot.nix>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
@@ -22,19 +20,6 @@
krebs.build.host = config.krebs.hosts.icarus;
- fileSystems = {
- "/bku" = {
- device = "/dev/mapper/pool-bku";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
- '';
-
environment.systemPackages = with pkgs; [
macchanger
dpass
diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix
new file mode 100644
index 000000000..6cc77a47d
--- /dev/null
+++ b/lass/1systems/icarus/physical.nix
@@ -0,0 +1,20 @@
+{
+ imports = [
+ ./config.nix
+ <stockholm/lass/2configs/hw/x220.nix>
+ <stockholm/lass/2configs/boot/coreboot.nix>
+ ];
+
+ fileSystems = {
+ "/bku" = {
+ device = "/dev/mapper/pool-bku";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ };
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
+ '';
+}
diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix
index ef19e8d16..44617d3e7 100644
--- a/lass/1systems/littleT/config.nix
+++ b/lass/1systems/littleT/config.nix
@@ -4,8 +4,6 @@ with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/backup.nix>
@@ -68,17 +66,4 @@ with import <stockholm/lib>;
'';
krebs.build.host = config.krebs.hosts.littleT;
-
- #fileSystems = {
- # "/bku" = {
- # device = "/dev/mapper/pool-bku";
- # fsType = "btrfs";
- # options = ["defaults" "noatime" "ssd" "compress=lzo"];
- # };
- #};
-
- #services.udev.extraRules = ''
- # SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
- # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
- #'';
}
diff --git a/lass/1systems/littleT/physical.nix b/lass/1systems/littleT/physical.nix
new file mode 100644
index 000000000..9776211ae
--- /dev/null
+++ b/lass/1systems/littleT/physical.nix
@@ -0,0 +1,7 @@
+{
+ imports = [
+ ./config.nix
+ <stockholm/lass/2configs/hw/x220.nix>
+ <stockholm/lass/2configs/boot/stock-x220.nix>
+ ];
+}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 586a957cf..2e6c8bc8a 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -4,8 +4,6 @@ with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
@@ -88,43 +86,6 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.mors;
- fileSystems = {
- "/bku" = {
- device = "/dev/mapper/pool-bku";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- "/home/virtual" = {
- device = "/dev/mapper/pool-virtual";
- fsType = "ext4";
- };
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0"
- '';
-
- #TODO activationScripts seem broken, fix them!
- #activationScripts
- #split up and move into base
- system.activationScripts.powertopTunables = ''
- #Runtime PMs
- echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
- '';
-
environment.systemPackages = with pkgs; [
acronym
brain
diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix
new file mode 100644
index 000000000..f99d6bd52
--- /dev/null
+++ b/lass/1systems/mors/physical.nix
@@ -0,0 +1,44 @@
+{
+ imports = [
+ ./config.nix
+ <stockholm/lass/2configs/hw/x220.nix>
+ <stockholm/lass/2configs/boot/stock-x220.nix>
+ ];
+
+ fileSystems = {
+ "/bku" = {
+ device = "/dev/mapper/pool-bku";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/home/virtual" = {
+ device = "/dev/mapper/pool-virtual";
+ fsType = "ext4";
+ };
+ };
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0"
+ '';
+
+ #TODO activationScripts seem broken, fix them!
+ #activationScripts
+ #split up and move into base
+ system.activationScripts.powertopTunables = ''
+ #Runtime PMs
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control'
+ echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
+ '';
+}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index d4be2faaf..c7b877deb 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -1,90 +1,9 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
-let
- ip = config.krebs.build.host.nets.internet.ip4.addr;
-
-in {
+{
imports = [
<stockholm/lass>
- {
- networking.interfaces.et0.ipv4.addresses = [
- {
- address = ip;
- prefixLength = 27;
- }
- {
- address = "46.4.114.243";
- prefixLength = 27;
- }
- ];
- networking.defaultGateway = "46.4.114.225";
- networking.nameservers = [
- "8.8.8.8"
- ];
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
- '';
- }
- {
- imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
-
- boot.loader.grub = {
- devices = [
- "/dev/sda"
- "/dev/sdb"
- ];
- splashImage = null;
- };
-
- boot.initrd.availableKernelModules = [
- "ata_piix"
- "vmw_pvscsi"
- "ahci" "sd_mod"
- ];
-
- boot.kernelModules = [ "kvm-intel" ];
-
- fileSystems."/" = {
- device = "/dev/pool/nix_root";
- fsType = "ext4";
- };
-
- fileSystems."/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = ["nosuid" "nodev" "noatime"];
- };
-
- fileSystems."/var/download" = {
- device = "/dev/pool/download";
- fsType = "ext4";
- };
-
- fileSystems."/srv/http" = {
- device = "/dev/pool/http";
- fsType = "ext4";
- };
-
- fileSystems."/home" = {
- device = "/dev/pool/home";
- fsType = "ext4";
- };
-
- fileSystems."/bku" = {
- device = "/dev/pool/bku";
- fsType = "ext4";
- };
-
- swapDevices = [
- { label = "swap1"; }
- { label = "swap2"; }
- ];
-
- sound.enable = false;
- nixpkgs.config.allowUnfree = true;
- time.timeZone = "Europe/Berlin";
- }
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/libvirt.nix>
{
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
new file mode 100644
index 000000000..83f127c22
--- /dev/null
+++ b/lass/1systems/prism/physical.nix
@@ -0,0 +1,85 @@
+{ config, lib, pkgs, ... }:
+{
+ imports = [
+ ./config.nix
+ {
+ networking.interfaces.et0.ipv4.addresses = [
+ {
+ address = config.krebs.build.host.nets.internet.ip4.addr;
+ prefixLength = 27;
+ }
+ {
+ address = "46.4.114.243";
+ prefixLength = 27;
+ }
+ ];
+ networking.defaultGateway = "46.4.114.225";
+ networking.nameservers = [
+ "8.8.8.8"
+ ];
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
+ '';
+ }
+ {
+ imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
+
+ boot.loader.grub = {
+ devices = [
+ "/dev/sda"
+ "/dev/sdb"
+ ];
+ splashImage = null;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "vmw_pvscsi"
+ "ahci" "sd_mod"
+ ];
+
+ boot.kernelModules = [ "kvm-intel" ];
+
+ fileSystems."/" = {
+ device = "/dev/pool/nix_root";
+ fsType = "ext4";
+ };
+
+ fileSystems."/tmp" = {
+ device = "tmpfs";
+ fsType = "tmpfs";
+ options = ["nosuid" "nodev" "noatime"];
+ };
+
+ fileSystems."/var/download" = {
+ device = "/dev/pool/download";
+ fsType = "ext4";
+ };
+
+ fileSystems."/srv/http" = {
+ device = "/dev/pool/http";
+ fsType = "ext4";
+ };
+
+ fileSystems."/home" = {
+ device = "/dev/pool/home";
+ fsType = "ext4";
+ };
+
+ fileSystems."/bku" = {
+ device = "/dev/pool/bku";
+ fsType = "ext4";
+ };
+
+ swapDevices = [
+ { label = "swap1"; }
+ { label = "swap2"; }
+ ];
+
+ sound.enable = false;
+ nixpkgs.config.allowUnfree = true;
+ time.timeZone = "Europe/Berlin";
+ }
+ ];
+
+}
diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix
index 31e2de966..04bbf1ee8 100644
--- a/lass/1systems/red/config.nix
+++ b/lass/1systems/red/config.nix
@@ -20,8 +20,6 @@ in
];
krebs.build.host = config.krebs.hosts.red;
- boot.isContainer = true;
- networking.useDHCP = false;
services.nginx.enable = true;
environment.variables.NIX_REMOTE = "daemon";
diff --git a/lass/1systems/red/physical.nix b/lass/1systems/red/physical.nix
new file mode 100644
index 000000000..b6aa3a894
--- /dev/null
+++ b/lass/1systems/red/physical.nix
@@ -0,0 +1,7 @@
+{
+ imports = [
+ ./config.nix
+ ];
+ boot.isContainer = true;
+ networking.useDHCP = false;
+}
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index 42a46c5f5..8405b0f1f 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -4,8 +4,6 @@ with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
- #TODO reinstall with correct layout and use lass/hw/x220
- <stockholm/krebs/2configs/hw/x220.nix>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
@@ -22,46 +20,6 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.shodan;
- boot = {
- loader.grub.enable = true;
- loader.grub.version = 2;
- loader.grub.device = "/dev/sda";
-
- initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
- initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
- initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- #kernelModules = [ "kvm-intel" "msr" ];
- };
- fileSystems = {
- "/" = {
- device = "/dev/pool/nix";
- fsType = "btrfs";
- };
-
- "/boot" = {
- device = "/dev/sda1";
- };
- "/home" = {
- device = "/dev/mapper/pool-home";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- "/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = ["nosuid" "nodev" "noatime"];
- };
- "/bku" = {
- device = "/dev/pool/bku";
- fsType = "btrfs";
- };
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
- '';
-
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix
new file mode 100644
index 000000000..4a550d0a4
--- /dev/null
+++ b/lass/1systems/shodan/physical.nix
@@ -0,0 +1,47 @@
+{
+ #TODO reinstall with correct layout and use lass/hw/x220
+ imports = [
+ ./config.nix
+ <stockholm/krebs/2configs/hw/x220.nix>
+ ];
+
+ boot = {
+ loader.grub.enable = true;
+ loader.grub.version = 2;
+ loader.grub.device = "/dev/sda";
+
+ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+ initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ #kernelModules = [ "kvm-intel" "msr" ];
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/pool/nix";
+ fsType = "btrfs";
+ };
+
+ "/boot" = {
+ device = "/dev/sda1";
+ };
+ "/home" = {
+ device = "/dev/mapper/pool-home";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/tmp" = {
+ device = "tmpfs";
+ fsType = "tmpfs";
+ options = ["nosuid" "nodev" "noatime"];
+ };
+ "/bku" = {
+ device = "/dev/pool/bku";
+ fsType = "btrfs";
+ };
+ };
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+ '';
+}
diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
index b2210282f..b6c08f797 100644
--- a/lass/1systems/skynet/config.nix
+++ b/lass/1systems/skynet/config.nix
@@ -3,8 +3,6 @@ with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/retiolum.nix>
#<stockholm/lass/2configs/exim-retiolum.nix>
@@ -46,17 +44,4 @@ with import <stockholm/lib>;
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
-
- #fileSystems = {
- # "/bku" = {
- # device = "/dev/mapper/pool-bku";
- # fsType = "btrfs";
- # options = ["defaults" "noatime" "ssd" "compress=lzo"];
- # };
- #};
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0"
- '';
}
diff --git a/lass/1systems/skynet/physical.nix b/lass/1systems/skynet/physical.nix
new file mode 100644
index 000000000..358e1f511
--- /dev/null
+++ b/lass/1systems/skynet/physical.nix
@@ -0,0 +1,12 @@
+{
+ imports = [
+ ./config.nix
+ <stockholm/lass/2configs/hw/x220.nix>
+ <stockholm/lass/2configs/boot/stock-x220.nix>
+ ];
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0"
+ '';
+}
diff --git a/lass/1systems/uriel/config.nix b/lass/1systems/uriel/config.nix
index 70bef9883..3eddcfc52 100644
--- a/lass/1systems/uriel/config.nix
+++ b/lass/1systems/uriel/config.nix
@@ -41,60 +41,5 @@ with import <stockholm/lib>;
];
krebs.build.host = config.krebs.hosts.uriel;
-
- hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
-
- boot = {
- #kernelParams = [
- # "acpi.brightness_switch_enabled=0"
- #];
- #loader.grub.enable = true;
- #loader.grub.version = 2;
- #loader.grub.device = "/dev/sda";
-
- loader.systemd-boot.enable = true;
- loader.timeout = 5;
-
- initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
- initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
- initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- #kernelModules = [ "kvm-intel" "msr" ];
- kernelModules = [ "msr" ];
- };
- fileSystems = {
- "/" = {
- device = "/dev/pool/root";
- fsType = "ext4";
- };
-
- "/bku" = {
- device = "/dev/pool/bku";
- fsType = "ext4";
- };
-
- "/boot" = {
- device = "/dev/sda1";
- };
- "/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = ["nosuid" "nodev" "noatime"];
- };
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
- '';
-
- services.xserver.synaptics = {
- enable = true;
- twoFingerScroll = true;
- accelFactor = "0.035";
- additionalOptions = ''
- Option "FingerHigh" "60"
- Option "FingerLow" "60"
- '';
- };
}
diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix
new file mode 100644
index 000000000..9ac3468a8
--- /dev/null
+++ b/lass/1systems/uriel/physical.nix
@@ -0,0 +1,59 @@
+{
+ imports = [
+ ./config.nix
+ ];
+
+ hardware.enableAllFirmware = true;
+ boot = {
+ #kernelParams = [
+ # "acpi.brightness_switch_enabled=0"
+ #];
+ #loader.grub.enable = true;
+ #loader.grub.version = 2;
+ #loader.grub.device = "/dev/sda";
+
+ loader.systemd-boot.enable = true;
+ loader.timeout = 5;
+
+ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+ initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ #kernelModules = [ "kvm-intel" "msr" ];
+ kernelModules = [ "msr" ];
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/pool/root";
+ fsType = "ext4";
+ };
+
+ "/bku" = {
+ device = "/dev/pool/bku";
+ fsType = "ext4";
+ };
+
+ "/boot" = {
+ device = "/dev/sda1";
+ };
+ "/tmp" = {
+ device = "tmpfs";
+ fsType = "tmpfs";
+ options = ["nosuid" "nodev" "noatime"];
+ };
+ };
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
+ '';
+
+ services.xserver.synaptics = {
+ enable = true;
+ twoFingerScroll = true;
+ accelFactor = "0.035";
+ additionalOptions = ''
+ Option "FingerHigh" "60"
+ Option "FingerLow" "60"
+ '';
+ };
+}
diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix
index 0669748f5..1bd6cf2c5 100644
--- a/lass/1systems/xerxes/config.nix
+++ b/lass/1systems/xerxes/config.nix
@@ -3,8 +3,6 @@
{
imports = [
<stockholm/lass>
- <stockholm/lass/2configs/hw/gpd-pocket.nix>
- <stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
@@ -15,26 +13,4 @@
];
krebs.build.host = config.krebs.hosts.xerxes;
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0"
- '';
-
- fileSystems."/" = {
- device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437";
- fsType = "btrfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/16C8-D053";
- fsType = "vfat";
- };
-
- fileSystems."/home" = {
- device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358";
- fsType = "btrfs";
- };
-
- boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ];
- networking.wireless.enable = true;
}
diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix
new file mode 100644
index 000000000..17caccfe6
--- /dev/null
+++ b/lass/1systems/xerxes/physical.nix
@@ -0,0 +1,29 @@
+{
+ imports = [
+ ./config.nix
+ <stockholm/lass/2configs/hw/gpd-pocket.nix>
+ <stockholm/lass/2configs/boot/stock-x220.nix>
+ ];
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0"
+ '';
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437";
+ fsType = "btrfs";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/16C8-D053";
+ fsType = "vfat";
+ };
+
+ fileSystems."/home" = {
+ device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358";
+ fsType = "btrfs";
+ };
+
+ boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ];
+
+ networking.wireless.enable = true;
+}
From 178ee92dcab1955b06c19ddb941957c098716ec0 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 12 May 2018 15:53:04 +0200
Subject: [PATCH 27/65] l kops: nix-config is physical.nix
---
lass/kops.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/kops.nix b/lass/kops.nix
index 9d0ab911a..2dda0e8fb 100644
--- a/lass/kops.nix
+++ b/lass/kops.nix
@@ -8,7 +8,7 @@
source = { test }: lib.evalSource [
krebs-source
{
- nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
+ nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
secrets = if test then {
file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets";
} else {
From 8b1d1b8d913004951e0c2fd46c6b7d2a3c27148a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 13 May 2018 19:35:28 +0200
Subject: [PATCH 28/65] l git: don't announce nixos-aws
---
lass/2configs/git.nix | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 43085ba5e..f9e326333 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -57,17 +57,17 @@ let
cgit.desc = "Fork of nix-user-chroot my lethalman";
cgit.section = "software";
};
+ krops = {
+ cgit.desc = "krebs deployment";
+ cgit.section = "software";
+ };
+ } // mapAttrs make-public-repo-silent {
nixos-aws = {
collaborators = [ {
name = "fabio";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada";
} ];
};
- krops = {
- cgit.desc = "krebs deployment";
- cgit.section = "software";
- };
- } // mapAttrs make-public-repo-silent {
};
restricted-repos = mapAttrs make-restricted-repo (
From 3d815f1becbc5c9c4a7e6d40a644bc18f69af5ee Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 13 May 2018 19:39:19 +0200
Subject: [PATCH 29/65] l source: nix-config is physical.nix
---
lass/source.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/source.nix b/lass/source.nix
index 1d840f38f..e7991da2a 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -12,7 +12,7 @@ host@{ name, secure ? false, override ? {} }: let
in
evalSource (toString _file) [
{
- nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
+ nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
secrets = getAttr builder {
buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;
From 8642d7c3bcd6edcfc63a3837b4985dd7380bfdb2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 13 May 2018 19:52:22 +0200
Subject: [PATCH 30/65] l helios.r: remove maxJobs
---
lass/1systems/helios/physical.nix | 2 --
1 file changed, 2 deletions(-)
diff --git a/lass/1systems/helios/physical.nix b/lass/1systems/helios/physical.nix
index 549506c29..a224f81df 100644
--- a/lass/1systems/helios/physical.nix
+++ b/lass/1systems/helios/physical.nix
@@ -25,8 +25,6 @@
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
-
- nix.maxJobs = lib.mkDefault 8;
}
{ # crypto stuff
boot.initrd.luks = {
From 364c99bd295e2a44170991cd94d39a1cd546a128 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 13 May 2018 20:38:10 +0200
Subject: [PATCH 31/65] l helios.r: import pkgs
---
lass/1systems/helios/physical.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/helios/physical.nix b/lass/1systems/helios/physical.nix
index a224f81df..a5212454f 100644
--- a/lass/1systems/helios/physical.nix
+++ b/lass/1systems/helios/physical.nix
@@ -1,3 +1,4 @@
+{ pkgs, ... }:
{
imports = [
./config.nix
From 619131d246ead21ba001644be82686ce31138773 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 13 May 2018 22:27:15 +0200
Subject: [PATCH 32/65] l git: add icarus to admin users
---
lass/2configs/git.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index f9e326333..712a15342 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -121,7 +121,7 @@ let
with git // config.krebs.users;
repo:
singleton {
- user = [ lass lass-shodan ];
+ user = [ lass lass-shodan lass-icarus ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
From aa1fef9f93027aaa3ee074821e82002d81dcf712 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 09:36:37 +0200
Subject: [PATCH 33/65] nixpkgs: b50443b -> ef74caf
---
krebs/kops.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/kops.nix b/krebs/kops.nix
index 561b017b9..add1a359c 100644
--- a/krebs/kops.nix
+++ b/krebs/kops.nix
@@ -13,7 +13,7 @@
krebs-source = {
nixpkgs.git = {
- ref = "b50443b5c4ac0f382c49352a892b9d5d970eb4e7";
+ ref = "ef74cafd3e5914fdadd08bf20303328d72d65d6c";
url = https://github.com/NixOS/nixpkgs;
};
stockholm.file = toString ../.;
From 91b1eec4162bf16ce3c4ae698cebd7236b968f9f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:04:59 +0200
Subject: [PATCH 34/65] l: set 32bit dri in games.nix
---
lass/2configs/games.nix | 1 +
lass/2configs/steam.nix | 2 --
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 3ee3a98a5..81f53bf69 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -80,6 +80,7 @@ in {
};
};
+ hardware.opengl.driSupport32Bit = true;
hardware.pulseaudio.support32Bit = true;
security.sudo.extraConfig = ''
diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix
index 225ddd308..e1b523e3a 100644
--- a/lass/2configs/steam.nix
+++ b/lass/2configs/steam.nix
@@ -10,8 +10,6 @@
# source: https://nixos.org/wiki/Talk:Steam
#
##TODO: make steam module
- hardware.opengl.driSupport32Bit = true;
-
nixpkgs.config.steam.java = true;
environment.systemPackages = with pkgs; [
steam
From 9e95c2b2d12cf18fcda266cc3b69d685d288b77f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:05:49 +0200
Subject: [PATCH 35/65] l baseX: add thesauron
---
lass/2configs/baseX.nix | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 809297655..a387f2c5d 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -69,11 +69,12 @@ in {
environment.systemPackages = with pkgs; [
acpi
bank
+ cabal2nix
dic
dmenu
gi
- git-preview
gitAndTools.qgit
+ git-preview
gnome3.dconf
lm_sensors
mpv-poll
@@ -87,19 +88,18 @@ in {
rxvt_unicode_with-plugins
slock
sxiv
- timewarrior
taskwarrior
termite
+ thesauron
+ timewarrior
xclip
+ xephyrify
xorg.xbacklight
xorg.xhost
xsel
youtube-tools
yt-next
zathura
-
- cabal2nix
- xephyrify
];
fonts.fonts = with pkgs; [
From aecf06a8bfa5e5d444bff6d5c4430250a2684d34 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:06:50 +0200
Subject: [PATCH 36/65] l websites domsen: remove old, add new
---
lass/2configs/websites/domsen.nix | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 7a72499c9..c75cc81fc 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -26,12 +26,7 @@ in {
./default.nix
./sqlBackup.nix
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
- (servePage [
- "habsys.de"
- "habsys.eu"
- "www.habsys.de"
- "www.habsys.eu"
- ])
+ (servePage [ "freemonkey.art" ])
(serveOwncloud [ "o.ubikmedia.de" ])
(serveWordpress [
"ubikmedia.de"
From cb41b35641eba3c0e88c87604072405ecc8fc5f7 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:09:50 +0200
Subject: [PATCH 37/65] l websites domsen: add akayguen
---
lass/2configs/websites/domsen.nix | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index c75cc81fc..4e8361a17 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -115,6 +115,7 @@ in {
{ from = "jms@ubikmedia.eu"; to = "jms"; }
{ from = "ms@ubikmedia.eu"; to = "ms"; }
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
+ { from = "akayguen@freemonkey.art"; to ="akayguen"; }
{ from = "testuser@lassul.us"; to = "testuser"; }
{ from = "testuser@ubikmedia.eu"; to = "testuser"; }
@@ -172,5 +173,12 @@ in {
createHome = true;
};
+ users.users.akayguen = {
+ uid = genid_signed "akayguen";
+ home = "/home/akayguen";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
}
From 3fc6ff613ff9a1c5e439d6061a2580271dcfc368 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:15:54 +0200
Subject: [PATCH 38/65] l mails: add elitedangerous@lassul.us
---
lass/2configs/exim-smarthost.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index e05ed2427..fe79ce82b 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -80,6 +80,7 @@ with import <stockholm/lib>;
{ from = "hetzner@lassul.us"; to = lass.mail; }
{ from = "allygator@lassul.us"; to = lass.mail; }
{ from = "immoscout@lassul.us"; to = lass.mail; }
+ { from = "elitedangerous@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
From efb7452a0c5f0d4109ae188dc6abda46a20e394c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:20:08 +0200
Subject: [PATCH 39/65] l websites util: make ssl optional again
---
lass/2configs/websites/util.nix | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index a11e8e692..816449c14 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -16,7 +16,7 @@ rec {
in {
services.nginx.virtualHosts.${domain} = {
enableACME = true;
- forceSSL = true;
+ addSSL = true;
serverAliases = domains;
locations."/".extraConfig = ''
root /srv/http/${domain};
@@ -83,7 +83,7 @@ rec {
in {
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
- forceSSL = true;
+ addSSL = true;
serverAliases = domains;
extraConfig = ''
# Add headers to serve security related headers
@@ -194,7 +194,7 @@ rec {
in {
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
- forceSSL = true;
+ addSSL = true;
serverAliases = domains;
extraConfig = ''
root /srv/http/${domain}/;
From 4cdffe8351ecc47b5b34797660f7644935004c95 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 14 May 2018 22:25:26 +0200
Subject: [PATCH 40/65] l nichtparasoup: remove some feeds
---
lass/3modules/nichtparasoup.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/3modules/nichtparasoup.nix b/lass/3modules/nichtparasoup.nix
index 14f4fffc8..632481b69 100644
--- a/lass/3modules/nichtparasoup.nix
+++ b/lass/3modules/nichtparasoup.nix
@@ -24,7 +24,7 @@ with import <stockholm/lib>;
[Sites]
SoupIO: everyone
Pr0gramm: new,top
- Reddit: gifs,reactiongifs,ANormalDayInRussia,perfectloops,reallifedoodles,bizarrebuildings,cablefail,cableporn,cableporn,cableporn,educationalgifs,EngineeringPorn,forbiddensnacks,holdmybeer,itsaunixsystem,loadingicon,michaelbaygifs,nononoyesno,oddlysatisfying,ofcoursethatsathing,OSHA,PeopleFuckingDying,PerfectTiming,PixelArt,RetroFuturism,robotsbeingjerks,scriptedasiangifs,shittyrobots,startrekstabilized,ThingsCutInHalfPorn,totallynotrobots,Unexpected
+ Reddit: gifs,reactiongifs,ANormalDayInRussia,perfectloops,reallifedoodles,bizarrebuildings,cablefail,cableporn,educationalgifs,EngineeringPorn,holdmybeer,itsaunixsystem,loadingicon,michaelbaygifs,nononoyesno,oddlysatisfying,ofcoursethatsathing,OSHA,PeopleFuckingDying,PerfectTiming,PixelArt,RetroFuturism,robotsbeingjerks,scriptedasiangifs,shittyrobots,startrekstabilized,ThingsCutInHalfPorn,totallynotrobots,Unexpected
NineGag: geeky,wtf,hot,trending
Instagram: nature,wtf
Fourchan: sci
From 942375e134fd70876ee81924ff83955473883cad Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 May 2018 17:26:19 +0200
Subject: [PATCH 41/65] l: add blue.r
---
krebs/3modules/lass/default.nix | 30 ++++++++++++++++++++++++++++++
lass/1systems/blue/config.nix | 11 +++++++++++
lass/1systems/blue/physical.nix | 8 ++++++++
lass/1systems/blue/source.nix | 4 ++++
4 files changed, 53 insertions(+)
create mode 100644 lass/1systems/blue/config.nix
create mode 100644 lass/1systems/blue/physical.nix
create mode 100644 lass/1systems/blue/source.nix
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index aa0b43f9a..029a0a890 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -671,6 +671,36 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
};
+ blue = {
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.77";
+ ip6.addr = "42:0:0:0:0:0:0:77";
+ aliases = [
+ "blue.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA28b+WMiQaWbwUPcJlacd
+ QwyX4PvVm9WItPmmNy+RE2y0Mf04LxZ7RLm5+e0wPuhXXQyhZ06CNd6tjeaKfXUc
+ sNeC1Vjuh1hsyYJLR5Xf/YRNJQKoaHjbkXGt+rSK7PPuCcsUPOSZSEAgHYVvcFzM
+ wWE4kTDcBZeISB4+yLmPIZXhnDImRRMEurFNRiocoMmEIu/zyYVq8rnlTl972Agu
+ PMGo1HqVxCouEWstRvtX5tJmV8yruRbH4tADAruLXErLLwUAx/AYDNRjY1TYYetJ
+ RoaxejmZVVIvR+hWaDLkHZO89+to6wS5IVChs1anFxMNN6Chq2v8Bb2Nyy1oG/H/
+ HzXxj1Rn7CN9es5Wl0UX4h9Zg+hfspoI75lQ509GLusYOyFwgmFF02eMpxgHBiWm
+ khSJzPkFdYJKUKaZI0nQEGGsFJOe/Se5jj70x3Q5XEuUoQqyahAqwQIYh6uwhbuP
+ 49RBPHpE+ry6smhUPLTitrRsqeBU4RZRNsUAYyCbwyAH1i+K3Q5PSovgPtlHVr2N
+ w+VZCzsrtOY2fxXw0e+mncrx/Qga62s4m6a/dyukA5RytA9f6bBsvSTqr7/EQTs6
+ ZEBoPudk7ULNEbfjmJtBkeG7wKIlpgzVg/JaCAwMuSgVjrpIHrZmjOVvmOwB8W6J
+ Ch/o7chVljAwW4JmyRnhZbMCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
+ };
};
users = {
lass = {
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
new file mode 100644
index 000000000..b068c34b0
--- /dev/null
+++ b/lass/1systems/blue/config.nix
@@ -0,0 +1,11 @@
+with import <stockholm/lib>;
+{ config, lib, pkgs, ... }:
+{
+ imports = [
+ <stockholm/lass>
+ <stockholm/lass/2configs>
+ <stockholm/lass/2configs/retiolum.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.blue;
+}
diff --git a/lass/1systems/blue/physical.nix b/lass/1systems/blue/physical.nix
new file mode 100644
index 000000000..7499ff723
--- /dev/null
+++ b/lass/1systems/blue/physical.nix
@@ -0,0 +1,8 @@
+{
+ imports = [
+ ./config.nix
+ ];
+ boot.isContainer = true;
+ networking.useDHCP = false;
+ environment.variables.NIX_REMOTE = "daemon";
+}
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
new file mode 100644
index 000000000..d8b979812
--- /dev/null
+++ b/lass/1systems/blue/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/lass/source.nix> {
+ name = "blue";
+ secure = true;
+}
From b39efc716232405abf3cfaa95f77e7025f6d3d1d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 May 2018 17:29:32 +0200
Subject: [PATCH 42/65] l mors.r: enable libvirtd
---
lass/1systems/mors/config.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 2e6c8bc8a..de6963eb5 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -186,4 +186,5 @@ with import <stockholm/lib>;
RandomizedDelaySec = "5h";
};
});
+ virtualisation.libvirtd.enable = true;
}
From f1349ff0bb4c12fd57076d31eaf634568ec1f818 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 May 2018 17:30:17 +0200
Subject: [PATCH 43/65] l mors.r: new hardware
---
lass/1systems/mors/physical.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix
index f99d6bd52..580252000 100644
--- a/lass/1systems/mors/physical.nix
+++ b/lass/1systems/mors/physical.nix
@@ -18,8 +18,8 @@
};
services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0"
+ SUBSYSTEM=="net", ATTR{address}=="5a:37:e4:6e:1f:9d", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:c4:7a:f1", NAME="et0"
'';
#TODO activationScripts seem broken, fix them!
From dbcdae5e38bddcb7683ae115c222c098d8e3c6a5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 May 2018 17:31:13 +0200
Subject: [PATCH 44/65] l red: NIX_REMOTE should be in physical.nix
---
lass/1systems/red/config.nix | 1 -
lass/1systems/red/physical.nix | 1 +
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix
index 04bbf1ee8..3139e94a2 100644
--- a/lass/1systems/red/config.nix
+++ b/lass/1systems/red/config.nix
@@ -22,7 +22,6 @@ in
krebs.build.host = config.krebs.hosts.red;
services.nginx.enable = true;
- environment.variables.NIX_REMOTE = "daemon";
environment.systemPackages = [
pkgs.mk_sql_pair
];
diff --git a/lass/1systems/red/physical.nix b/lass/1systems/red/physical.nix
index b6aa3a894..7499ff723 100644
--- a/lass/1systems/red/physical.nix
+++ b/lass/1systems/red/physical.nix
@@ -4,4 +4,5 @@
];
boot.isContainer = true;
networking.useDHCP = false;
+ environment.variables.NIX_REMOTE = "daemon";
}
From 2e7bcebfd07080db071f07c3ad8e42e136857c31 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 May 2018 17:32:00 +0200
Subject: [PATCH 45/65] l container-networking: set ipv4.ip_forward
---
lass/2configs/container-networking.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lass/2configs/container-networking.nix b/lass/2configs/container-networking.nix
index 3dae3420d..98b56bd41 100644
--- a/lass/2configs/container-networking.nix
+++ b/lass/2configs/container-networking.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ lib, ... }:
{
#krebs.iptables.tables.filter.INPUT.rules = [
@@ -24,4 +24,5 @@
{ v6 = false; predicate = "-s 10.233.2.0/24 ! -d 10.233.2.0/24 -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
{ v6 = false; predicate = "-s 10.233.2.0/24 ! -d 10.233.2.0/24 -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
];
+ boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault 1;
}
From dca292c905b09eff69e0219472c7846a55a0bb72 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 May 2018 17:32:29 +0200
Subject: [PATCH 46/65] l l-gen-secrets: fix secret paths
---
lass/5pkgs/l-gen-secrets/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix
index 4b25fbd4c..b6cb2ec7e 100644
--- a/lass/5pkgs/l-gen-secrets/default.nix
+++ b/lass/5pkgs/l-gen-secrets/default.nix
@@ -17,9 +17,9 @@ pkgs.writeDashBin "l-gen-secrets" ''
cd $TMPDIR
for x in *; do
- ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m krebs-secrets/$HOSTNAME/$x > /dev/null
+ ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null
done
- echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/pass > /dev/null
+ echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/pass > /dev/null
cat <<EOF
$HOSTNAME = {
From 7722df3587a51a08fcd0ad8e367c97106d938432 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 May 2018 20:19:08 +0200
Subject: [PATCH 47/65] l: add lass-blue user
---
krebs/3modules/lass/default.nix | 9 +++++++--
krebs/3modules/lass/ssh/blue.rsa | 1 +
2 files changed, 8 insertions(+), 2 deletions(-)
create mode 100644 krebs/3modules/lass/ssh/blue.rsa
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 029a0a890..4aae26e13 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -702,8 +702,13 @@ with import <stockholm/lib>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
};
};
- users = {
- lass = {
+ users = rec {
+ lass = lass-mors;
+ lass-blue = {
+ mail = "lass@blue.r";
+ pubkey = builtins.readFile ./ssh/blue.rsa;
+ };
+ lass-mors = {
mail = "lass@mors.r";
pubkey = builtins.readFile ./ssh/mors.rsa;
pgp.pubkeys.default = builtins.readFile ./pgp/mors.pgp;
diff --git a/krebs/3modules/lass/ssh/blue.rsa b/krebs/3modules/lass/ssh/blue.rsa
new file mode 100644
index 000000000..c0bf9b817
--- /dev/null
+++ b/krebs/3modules/lass/ssh/blue.rsa
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHYLHcHSumTUr0jTu1XmmwRMqjLHYvo4AYuEg1QdishDbwU5KCqarSf7sxLTjeBgOugHP/oJZclin+e9GTQ5hlBEtc26IVQqirNVD1BCZrt/y5ok0p8p+2Rhzh89kfRI6Etp+8cPbot4h3Vg6tY57icKn3visaMdH0cI2pAQbPWwSY+cmyXU5cfcFC8ahcZpEgth4ycC5yM/qdHxZek2wN+58ApgjEjuvTD6y4iXqdWmqHVoGaeNV7OFiiKVaYoJND1igHLNw2VEQR5aPsmc8gadBtGIQb43YqObNBDWwMjvozmQVFPycMmMTDwA1n+IWxvwz34KEzyw5jQShUTCRDji4vK58WfC16fPLbW+ohCe+9Yyg7TRdjDFA5jTA3rFM7tZS8EhpLgyHupNi1GbUVmeyhqTdWp+H66u5zTzC5Q/PYOk1M0D/X/C6dXyIcB4lLr9mDTGvS1aOZVZJuDF4pLyI2oZzaySALjcofCJyNpBBUtUXHsiT4VNuJExl4XEXjvQKnPKojEzpTsK1rm/ZSa3vBCv0gBbjQ8uU1q86ODIDy35q2GQvsLMkAbduBLeA9m1EdZXLYComSfVLalArw3Q+4vd/FHhoOicVkrwIzcPiYg9uQZm2NrjiBkYlWCdXTFc49ghIDrPXLnwwWqPuZcs430u6Somk8XzuRZBC7ZDdjbiS5D8vQkDThQrmmFPRs+bp1N9VkC+LaBtFnbFaYARF6i2yFUD9YNSEEu2r14u+KGlg5P7ndIkE+BhAOIp4XcHejVFWfvKvYpMRZ4LDVkPIJdmZ4gIIfGbdBNMv1zRsX6O0NOhiEP1pNYb+HdY5R2YYIvtxn1sC/TrjoN3ELAQA9YBszHEaYjvmqHh08/CWCEpgHIagCccYdSzbtM9GsoAcePL4E7kqSZxIfbNjrYQEBEQbu16pj7bMxVhH8QaouOdjiioqr2tBr5HwA05HP1poGProOzsmJxdph7pb4hJ1P+OEeuwTRIVLudYYl6iBajGW2IdsUo+xGANpuPBpQyB4RajJ4XcXP8K3xVY6x7DfH3DwKfCFAc6KzyADa2xw7/uwBRi2HOyKazkPe5ESYLWY29krqH2tO+IYkgm5tAEkf79j4R9aCeZe/HyjPDlSPZ2NwAZpWKJFkBTveiwoe2noZSAeVKrcblFN5ic0or+ci+CSbmctce8mbqB7QHEJJh5flLDzBMIuh4eroH/Dp5MBbDqxu/T8yCCRHFz70KXpaIFSGlSIebTRt1Om9+CWTgTp95cM0HrAhZDnN/W9FRdAFsA/IjEJ2Eh3tHpdvFZ3XgIq52MrHJdopQo7KUoOVhJiFCo5L0PcKNRVpMbcCKVk1i9k8jqyM9AVgwGrnijiaafUaFmBIlC/U2FZZ+KRtIyDcIRrnGGKE7DEyhBQ9YavxpOFDDSXuC5aPjMNcSGydGArtDd5+5Yp0YraY0oe6UTuzypsxdI8W6IbePryvEeOXG5b/6YayC2sq+7wRconaa9DU= lass@blue
From 2ed1a763c8db130262394649a0cc0ca3eb6cf8f2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 May 2018 20:19:57 +0200
Subject: [PATCH 48/65] l: don't redirect ssh port from inner networks
---
lass/2configs/container-networking.nix | 12 +++---------
lass/2configs/libvirt.nix | 3 +++
2 files changed, 6 insertions(+), 9 deletions(-)
diff --git a/lass/2configs/container-networking.nix b/lass/2configs/container-networking.nix
index 98b56bd41..f04e4342d 100644
--- a/lass/2configs/container-networking.nix
+++ b/lass/2configs/container-networking.nix
@@ -1,12 +1,6 @@
{ lib, ... }:
{
- #krebs.iptables.tables.filter.INPUT.rules = [
- # { v6 = false; predicate = "-i ve-+ -p udp -m udp --dport 53"; target = "ACCEPT"; }
- # { v6 = false; predicate = "-i ve-+ -p tcp -m tcp --dport 53"; target = "ACCEPT"; }
- # { v6 = false; predicate = "-i ve-+ -p udp -m udp --dport 67"; target = "ACCEPT"; }
- # { v6 = false; predicate = "-i ve-+ -p tcp -m tcp --dport 67"; target = "ACCEPT"; }
- #];
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; predicate = "-d 10.233.2.0/24 -o ve-+ -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
{ v6 = false; predicate = "-s 10.233.2.0/24 -i ve-+"; target = "ACCEPT"; }
@@ -14,9 +8,9 @@
{ v6 = false; predicate = "-o ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
{ v6 = false; predicate = "-i ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
];
- #krebs.iptables.tables.filter.OUTPUT.rules = [
- # { v6 = false; predicate = "-o ve-+ -p udp -m udp --dport 68"; target = "ACCEPT"; }
- #];
+ krebs.iptables.tables.nat.PREROUTING.rules = [
+ { v6 = false; predicate = "-s 10.233.2.0/24"; target = "ACCEPT"; precedence = 1000; }
+ ];
krebs.iptables.tables.nat.POSTROUTING.rules = [
{ v6 = false; predicate = "-s 10.233.2.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
{ v6 = false; predicate = "-s 10.233.2.0/24 -d 255.255.255.255"; target = "RETURN"; }
diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix
index a71638323..78d5ae0e9 100644
--- a/lass/2configs/libvirt.nix
+++ b/lass/2configs/libvirt.nix
@@ -20,6 +20,9 @@
krebs.iptables.tables.filter.OUTPUT.rules = [
{ v6 = false; predicate = "-o virbr0 -p udp -m udp --dport 68"; target = "ACCEPT"; }
];
+ krebs.iptables.tables.nat.PREROUTING.rules = [
+ { v6 = false; predicate = "-s 192.168.122.0/24"; target = "ACCEPT"; precedence = 1000; }
+ ];
krebs.iptables.tables.nat.POSTROUTING.rules = [
{ v6 = false; predicate = "-s 192.168.122.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
{ v6 = false; predicate = "-s 192.168.122.0/24 -d 255.255.255.255"; target = "RETURN"; }
From 82704cb35cd74f58c3246f39f89d3e13267b716b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 May 2018 23:07:27 +0200
Subject: [PATCH 49/65] l AP: use network bridge
---
lass/2configs/AP.nix | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)
diff --git a/lass/2configs/AP.nix b/lass/2configs/AP.nix
index 5ce7cfff8..dfffbfdf9 100644
--- a/lass/2configs/AP.nix
+++ b/lass/2configs/AP.nix
@@ -6,7 +6,7 @@ in {
boot.extraModulePackages = [
pkgs.linuxPackages.rtl8814au
];
- networking.networkmanager.unmanaged = [ wifi ];
+ networking.networkmanager.unmanaged = [ wifi "et0" ];
systemd.services.hostapd = {
description = "hostapd wireless AP";
@@ -38,12 +38,17 @@ in {
};
};
- networking.interfaces.${wifi}.ipv4.addresses = [
+ networking.bridges.br0.interfaces = [
+ wifi
+ "et0"
+ ];
+
+ networking.interfaces.br0.ipv4.addresses = [
{ address = "10.99.0.1"; prefixLength = 24; }
];
services.dhcpd4 = {
enable = true;
- interfaces = [ wifi ];
+ interfaces = [ "br0" ];
extraConfig = ''
option subnet-mask 255.255.255.0;
option routers 10.99.0.1;
@@ -56,11 +61,12 @@ in {
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; predicate = "-d 10.99.0.0/24 -o ${wifi} -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
- { v6 = false; predicate = "-s 10.99.0.0/24 -i ${wifi}"; target = "ACCEPT"; }
- { v6 = false; predicate = "-i ${wifi} -o ${wifi}"; target = "ACCEPT"; }
- { v6 = false; predicate = "-o ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
- { v6 = false; predicate = "-i ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
+ { v6 = false; predicate = "-d 10.99.0.0/24 -o br0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
+ { v6 = false; predicate = "-s 10.99.0.0/24 -i br0"; target = "ACCEPT"; }
+ { v6 = false; predicate = "-i br0 -o br0"; target = "ACCEPT"; }
+ { v6 = false; predicate = "-i br0 -o br0"; target = "ACCEPT"; }
+ { v6 = false; predicate = "-o br0"; target = "REJECT --reject-with icmp-port-unreachable"; }
+ { v6 = false; predicate = "-i br0"; target = "REJECT --reject-with icmp-port-unreachable"; }
];
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; predicate = "-s 10.99.0.0/24"; target = "ACCEPT"; precedence = 1000; }
From 72a094546e6a934fa57950ebc0d5f0bdaa21bd49 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 16 May 2018 23:08:00 +0200
Subject: [PATCH 50/65] l: add blue to authorizedKeys
---
lass/2configs/default.nix | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 12a814605..ed97b4897 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -19,7 +19,8 @@ with import <stockholm/lib>;
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
+ config.krebs.users.lass-mors.pubkey
+ config.krebs.users.lass-blue.pubkey
config.krebs.users.lass-shodan.pubkey
config.krebs.users.lass-icarus.pubkey
config.krebs.users.lass-xerxes.pubkey
@@ -38,7 +39,8 @@ with import <stockholm/lib>;
"wheel"
];
openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
+ config.krebs.users.lass-mors.pubkey
+ config.krebs.users.lass-blue.pubkey
config.krebs.users.lass-shodan.pubkey
config.krebs.users.lass-icarus.pubkey
];
From e437f49a1b604f92d875a1209b4e4f9f5b46c893 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 17 May 2018 18:54:51 +0200
Subject: [PATCH 51/65] l: add blue.pgp
---
krebs/3modules/lass/default.nix | 1 +
krebs/3modules/lass/pgp/blue.pgp | 51 ++++++++++++++++++++++++++++++++
2 files changed, 52 insertions(+)
create mode 100644 krebs/3modules/lass/pgp/blue.pgp
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 4aae26e13..e921b1ec4 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -707,6 +707,7 @@ with import <stockholm/lib>;
lass-blue = {
mail = "lass@blue.r";
pubkey = builtins.readFile ./ssh/blue.rsa;
+ pgp.pubkeys.default = builtins.readFile ./pgp/blue.pgp;
};
lass-mors = {
mail = "lass@mors.r";
diff --git a/krebs/3modules/lass/pgp/blue.pgp b/krebs/3modules/lass/pgp/blue.pgp
new file mode 100644
index 000000000..e7a1ac0e1
--- /dev/null
+++ b/krebs/3modules/lass/pgp/blue.pgp
@@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFr9fAEBEACz2E2E7uBulVBBtPmk9IR2yB+uAWSe8Hi7vNiGc1Dbs40jzWuy
+AqouqyC5xnVw66+cQaYOsgXiwencmu/cFEV2x2uRLDVh1E/fvc8yxAOizEIY0jm/
+WZ/4IWvTZLVPF3BOhM4p/HGNbdZhRc4RoljLTB34VuY1KSMhs3Vx7n3HgZzdbD7D
+itUFU4oY5CnkQp4yl1Htat08cZmbD51VTZB1hDw2Uea+VuMQ/ImRtTqW+Ss4xyPA
+DwUE/vRM3CKwBvcjbNL3uUqc5dtZuvruuFeK3ScmdNLytcgXqJzLlwuzHmSt/Tnc
+DQZWKGiHnMvrAOkMEvsmiKhboWSAq4sRUPhISqZ7MSvPfhaH5Gcmhi+hL8FZhGY0
+qF7MNLHoimw6MBV6FIIA0vCDn2p5Vwc7L+LqLjWqAvxdfVoeUJjUWbWWNNWg4Tw7
+9e7rAR86e4AvhCZRubRn1aOfKGF5vg/El98OeIwBFQHpr7uznKfjmAEpoGveV+vG
+amptMCBAr4Hw76U708XWOQkZ2GDY9cfdxUllhAmmPrNQ/OcT2b4x0xKvMi4nA5G8
+PBOFErkS61zNxsHgpFe2isG+VDqYLfeQhOdB101Qn6IHw3KxyW85CwImUpdRLMUi
+0wtcA7M5GB94HRZ8qW6LtFBjwqm2NGudB0alfIWIq7KuRMXus3sJKQ2gDQARAQAB
+tBlsYXNzQGJsdWUuciA8bGFzc0BibHVlLnI+iQJOBBMBCAA4FiEEuOpc8JA44Pd5
+NXyK8UJeZkL6H7wFAlr9fAECGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ
+8UJeZkL6H7ygPQ/+JydbB0IX64ojm34YaeWKVdM5D7JFBdNuKgbAMf0Uhcja6YcU
+0YRvuOPpw4lNZqV/1yxDXGHJrVfGolq6uz28oWr+9VUD8QXH9ODm1EMLsU8Jb1Nh
+SE+rWSAhEmdw8l9Bi12wq4v/z/JC93/VJLnBGOL8LDEsJ9OatUw71KIt/a50ERoz
+uCZbMeLPym8WqSK1kjQehL5pj97BzxmBNpFYwqaniTAuqTN6bhs2ws+k89vjaWIP
+T+bEqsJV/vR9KZcNlmKlTQwbsjQ1BZ9EuV4EBL6IAMrqxDeY3mFnT+EpkabfIVSh
+38KmG+4PZDXaj6rCsrsH2pUKaZ/Z6Mr3lmFb/1aaK3xKiQyxcMrbcixIIVI8ihTM
+HUC3DFFlA7+02b67QomWFLRiZid4gCry7xhZyryQJkN2l20fzRjWf0myzcPO0qxc
+y39gUyEqy1oeaffCc1QgDJH2Hvf+P9StyMZIulNuCKJ9tfQR5nkkDAy/2p405Lmf
+mdKOMha6bZ+mA5HbmjMqwyFPHEtU6t/mUhlh7mYqNYAJikuqV00N6nTKVrBb2IfK
+atoHeUcmvMWBGL7+x3zxwf2pnum6a5iDES2ir87ltOGKGDeMt2Y/Ap30P+uZGnn1
+AiRu2bGkCiQ/WH1StJhAhJeleUfdbOa7/voc14nl3rewqyhqYd8dlI+TWAu5Ag0E
+Wv18AQEQAOFMwY2ky5TyRrDqJosq0y/9+8D6RiXlyOnyTQ+bqu4mDEaVu3xNcKLH
+CQsTM7gDR9pivapoDo84CK8w519DHCA2EpNGTDO4twcQ3jKqPth809LnibwdKJCe
+qsfxsIfN8LbpKDOygZ2av11gcT0ye9uOMkiiRSE2MMGDU/50sskecavUAExDgwFs
+v72ReU3fXRfTqYT6p/i/qMB7GbS8PlKFz61JKHDceS5GJUZJ5OWOoq7ZMCz6zrLW
+2mQIJ7kblGCJKUnx/lZ5y9nqSCk7jer2qENxWNPOCwD48A78u1Bz8xSN5D1gFO3f
+YSKh60kK5UljwkvRD7NvAcg2ifwL1e+/7v8WV9OsHDUBEiJO05tsjJ76QwHnEq6j
+4peArcTAHWZ4uGncAgYN/Uii+0vs3oVDsZ9d2uLJxuR3h6T4XVejeuZ3j3o/XX/E
+aZwcdH3VpKqEjdG4c4TMz96bN7ZN2DbgTf40rwPFKgWnvhCA9dWlmfy9pW2z2hyg
+rJaRGXd/4znj5YlMliDrL4/Yp9j1J1CsoZM68er6/zMU1SA9U/y+MVqMoPCPlczx
+mbwWQm1JH6fZv2SzHbZOrZYWKVWX+jPZQV6SjKwSiVrLlZJ0Z8u00HBRRRzXLwXa
+OLL/dGP1v+msMv1oCJT1AsMcBEE3bY1efnDP1XK8vBLzoMKGS1RtABEBAAGJAjYE
+GAEIACAWIQS46lzwkDjg93k1fIrxQl5mQvofvAUCWv18AQIbDAAKCRDxQl5mQvof
+vOC1D/wO+tGKz/y5dc/ifJGTndxoHnU8tarboDll0kcdpTGU7It+ReNustqJZj5v
+HK4V/ZXUw5+y6ZasNa/mFYY8oACOI40SlMdyt708XfPqYKXOpnM0oGRGfALi+oKg
+iIzYtXsqYk5ZYSFWpgxajHef9HMmHNJ8riSVRugUPubPMKPR65DOXl+BdVIlQw7o
+2g3s4Lii0IRKov3BvB51oJMhRK2Ne55VDBid32oIoqXLXS2E2gJQegioAiDUA5J4
+1f96RCeYfxOgaPj/o4eiXK0H3owA3W78/tIjq5218PCIYFsOKPhrSqJ7ZF/5yGwW
+ppVzsaz1sE9oULR0VOFUwjpYmyH32WwKkLF6mKumb8Q7Pd/FJq0I3/kxD/OrlNVZ
+8UCX0CzxMyfEeSUfScunKLMfopEGxXTR4l8jew7CwxX08H0nkqyegDZSN8MjYxQL
+V/zoL+aPjYh1WYf1L8wyBZjQbA6khHwYRZPaHrGfGaCGC8MHiSjPb/nt54+vZXtt
+17LcX4VvHwWIBf88JpZO9eyTFPdYIZANSyo6ltbRoomuAywuA5IibCwh/BXi/aVa
+Jro4UvbiwMqbVgSAt15VAwEK1Re/NNLBTcVVMHsWr5WNmo0s2C7+j+iIMPEOwhRs
+ZFj74cztyOF/dGeCv9ycW29g+ejXaPpFOYQz0A9bBdkEdTGWhQ==
+=D854
+-----END PGP PUBLIC KEY BLOCK-----
From e1fec918a64a6c0aff0b758b4ea8a5e228623012 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:04:05 +0200
Subject: [PATCH 52/65] l cabal.r: provice host for blue.r
---
lass/1systems/cabal/config.nix | 1 +
lass/2configs/blue-host.nix | 22 ++++++++++++++++++++++
2 files changed, 23 insertions(+)
create mode 100644 lass/2configs/blue-host.nix
diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix
index b117b5116..64c179e67 100644
--- a/lass/1systems/cabal/config.nix
+++ b/lass/1systems/cabal/config.nix
@@ -14,6 +14,7 @@
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/AP.nix>
+ <stockholm/lass/2configs/blue-host.nix>
];
krebs.build.host = config.krebs.hosts.cabal;
diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix
new file mode 100644
index 000000000..657234bc1
--- /dev/null
+++ b/lass/2configs/blue-host.nix
@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+ imports = [
+ <stockholm/lass/2configs/container-networking.nix>
+ ];
+ containers.blue = {
+ config = { ... }: {
+ environment.systemPackages = [ pkgs.git ];
+ services.openssh.enable = true;
+ users.users.root.openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ ];
+ };
+ autoStart = true;
+ enableTun = true;
+ privateNetwork = true;
+ hostAddress = "10.233.2.9";
+ localAddress = "10.233.2.10";
+ };
+}
From 32b66b6def41a6d33718e14b09135b234a4036b8 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:06:29 +0200
Subject: [PATCH 53/65] l mors.r: use correct wifi mac
---
lass/1systems/mors/physical.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix
index 580252000..680dc9bde 100644
--- a/lass/1systems/mors/physical.nix
+++ b/lass/1systems/mors/physical.nix
@@ -18,7 +18,7 @@
};
services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="5a:37:e4:6e:1f:9d", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:72:f4:88", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:c4:7a:f1", NAME="et0"
'';
From c7a49e7ac91eef1833992d9801b11febad726afe Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:09:54 +0200
Subject: [PATCH 54/65] l prism.r: forward weechat port to blue.r
---
lass/1systems/prism/config.nix | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index c7b877deb..9bfd90c14 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -295,6 +295,21 @@ with import <stockholm/lib>;
};
};
}
+ { #weechat port forwarding to blue
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 9998"; target = "ACCEPT";}
+ ];
+ krebs.iptables.tables.nat.PREROUTING.rules = [
+ { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.prism.nets.internet.ip4.addr} -p tcp --dport 9998"; target = "DNAT --to-destination ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}:9999"; }
+ ];
+ krebs.iptables.tables.filter.FORWARD.rules = [
+ { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "ACCEPT"; }
+ { v6 = false; precedence = 1000; predicate = "-s ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}"; target = "ACCEPT"; }
+ ];
+ krebs.iptables.tables.nat.POSTROUTING.rules = [
+ { v6 = false; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "MASQUERADE"; }
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.prism;
From d72657a57be63ff6eeeaa0b84cd7761b2d38c8b4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:20:10 +0200
Subject: [PATCH 55/65] l blue.r: add weechat, backups & mail
---
lass/1systems/blue/config.nix | 30 +++++++++++++++++++
lass/2configs/blue.nix | 55 +++++++++++++++++++++++++++++++++++
2 files changed, 85 insertions(+)
create mode 100644 lass/2configs/blue.nix
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
index b068c34b0..aef055cf0 100644
--- a/lass/1systems/blue/config.nix
+++ b/lass/1systems/blue/config.nix
@@ -5,7 +5,37 @@ with import <stockholm/lib>;
<stockholm/lass>
<stockholm/lass/2configs>
<stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/exim-retiolum.nix>
+
+ <stockholm/lass/2configs/blue.nix>
];
krebs.build.host = config.krebs.hosts.blue;
+
+ networking.nameservers = [ "1.1.1.1" ];
+
+ lass.restic = genAttrs [
+ "daedalus"
+ "icarus"
+ "littleT"
+ "prism"
+ "shodan"
+ "skynet"
+ ] (dest: {
+ dirs = [
+ "/home/"
+ "/var/lib"
+ ];
+ passwordFile = (toString <secrets>) + "/restic/${dest}";
+ repo = "sftp:backup@${dest}.r:/backups/blue";
+ extraArguments = [
+ "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
+ ];
+ timerConfig = {
+ OnCalendar = "00:05";
+ RandomizedDelaySec = "5h";
+ };
+ });
+ time.timeZone = "Europe/Berlin";
+ users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
}
diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
new file mode 100644
index 000000000..c0417b865
--- /dev/null
+++ b/lass/2configs/blue.nix
@@ -0,0 +1,55 @@
+with (import <stockholm/lib>);
+{ config, lib, pkgs, ... }:
+
+{
+
+ imports = [
+ ./bitlbee.nix
+ ./mail.nix
+ ./pass.nix
+ ];
+
+ services.tor.enable = true;
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
+ { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";}
+ ];
+
+ systemd.services.chat = let
+ tmux = pkgs.writeDash "tmux" ''
+ exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
+ set-option -g prefix `
+ unbind-key C-b
+ bind ` send-prefix
+
+ set-option -g status off
+ set-option -g default-terminal screen-256color
+
+ #use session instead of windows
+ bind-key c new-session
+ bind-key p switch-client -p
+ bind-key n switch-client -n
+ bind-key C-s switch-client -l
+ ''} "$@"
+ '';
+ in {
+ description = "chat environment setup";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ restartIfChanged = false;
+
+ path = [
+ pkgs.rxvt_unicode.terminfo
+ ];
+
+ serviceConfig = {
+ User = "lass";
+ RemainAfterExit = true;
+ Type = "oneshot";
+ ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
+ ExecStop = "${tmux} kill-session -t IM";
+ };
+ };
+}
From f0ff6a61e6ae48c893b8d8a56d80a3d03f13dc35 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:21:40 +0200
Subject: [PATCH 56/65] l: lass is now lass@blue.r
---
krebs/3modules/lass/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index e921b1ec4..fd74983fa 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -703,7 +703,7 @@ with import <stockholm/lib>;
};
};
users = rec {
- lass = lass-mors;
+ lass = lass-blue;
lass-blue = {
mail = "lass@blue.r";
pubkey = builtins.readFile ./ssh/blue.rsa;
From c7d373f814fb18c0ced8da1a4c364b3aadd9d450 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:28:49 +0200
Subject: [PATCH 57/65] l exim: allow sending from blue.r
---
lass/2configs/exim-smarthost.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index fe79ce82b..5248f4d63 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -14,7 +14,7 @@ with import <stockholm/lib>;
];
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors
- config.krebs.hosts.uriel
+ config.krebs.hosts.blue
];
internet-aliases = with config.krebs.users; [
{ from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822
From cd145bb426bef35aecaf5e2f86be300241606c1b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:32:07 +0200
Subject: [PATCH 58/65] l backup: add blue to authorizedKeys
---
lass/2configs/backup.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/backup.nix b/lass/2configs/backup.nix
index 27adf6d2a..d23cf9a43 100644
--- a/lass/2configs/backup.nix
+++ b/lass/2configs/backup.nix
@@ -15,6 +15,7 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = with config.krebs.hosts; [
mors.ssh.pubkey
prism.ssh.pubkey
+ blue.ssh.pubkey
];
};
}
From 141fa0117c0aaa994a7b0776976631044afc193b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:32:47 +0200
Subject: [PATCH 59/65] l exim: add new mail addresses
---
lass/2configs/exim-smarthost.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 5248f4d63..371f20885 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -81,6 +81,8 @@ with import <stockholm/lib>;
{ from = "allygator@lassul.us"; to = lass.mail; }
{ from = "immoscout@lassul.us"; to = lass.mail; }
{ from = "elitedangerous@lassul.us"; to = lass.mail; }
+ { from = "boardgamegeek@lassul.us"; to = lass.mail; }
+ { from = "qwertee@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
From de7ee966dfb6923e9b9ebab55eb4f6f17a88ed43 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:33:42 +0200
Subject: [PATCH 60/65] l monitoring: don't send resolved status
---
lass/2configs/monitoring/prometheus-server.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix
index e16d421a0..aef671636 100644
--- a/lass/2configs/monitoring/prometheus-server.nix
+++ b/lass/2configs/monitoring/prometheus-server.nix
@@ -159,7 +159,6 @@
"email_configs" = [
{
"to" = "devnull@example.com";
- "send_resolved" = true;
}
];
"webhook_configs" = [
From 3277fac9b6941ece359efed2884c440d2e03837c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 20 May 2018 10:42:46 +0200
Subject: [PATCH 61/65] l git: add blue & mors to allowed users
---
lass/2configs/git.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 712a15342..e41ff606f 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -121,7 +121,7 @@ let
with git // config.krebs.users;
repo:
singleton {
- user = [ lass lass-shodan lass-icarus ];
+ user = [ lass-mors lass-shodan lass-icarus lass-blue ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
From 5af3134c0084ac98fbd504865925aeba61f06d94 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 21 May 2018 08:25:11 +0200
Subject: [PATCH 62/65] l red: forceSSL
---
lass/1systems/prism/config.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 9bfd90c14..b2669c4ac 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -243,7 +243,7 @@ with import <stockholm/lib>;
};
services.nginx.virtualHosts."rote-allez-fraktion.de" = {
enableACME = true;
- addSSL = true;
+ forceSSL = true;
locations."/" = {
extraConfig = ''
proxy_set_header Host rote-allez-fraktion.de;
From 4829b6b9d7ce2b19e84473ecb254e68219b1d0b6 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 21 May 2018 08:25:53 +0200
Subject: [PATCH 63/65] l: add bitlbee.nix
---
lass/2configs/bitlbee.nix | 15 +++++++++++++++
1 file changed, 15 insertions(+)
create mode 100644 lass/2configs/bitlbee.nix
diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix
new file mode 100644
index 000000000..1220fa0cd
--- /dev/null
+++ b/lass/2configs/bitlbee.nix
@@ -0,0 +1,15 @@
+with (import <stockholm/lib>);
+{ config, lib, pkgs, ... }:
+
+{
+ services.bitlbee = {
+ enable = true;
+ portNumber = 6666;
+ plugins = [
+ pkgs.bitlbee-facebook
+ pkgs.bitlbee-steam
+ pkgs.bitlbee-discord
+ ];
+ libpurple_plugins = [ pkgs.telegram-purple ];
+ };
+}
From 9173c08145836c1ee34674a15a488c7099f203af Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 21 May 2018 08:26:20 +0200
Subject: [PATCH 64/65] l: remove IM.nix
---
lass/1systems/prism/config.nix | 1 -
lass/2configs/IM.nix | 73 ----------------------------------
2 files changed, 74 deletions(-)
delete mode 100644 lass/2configs/IM.nix
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index b2669c4ac..6d03a2694 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -131,7 +131,6 @@ with import <stockholm/lib>;
}
<stockholm/lass/2configs/exim-smarthost.nix>
<stockholm/lass/2configs/ts3.nix>
- <stockholm/lass/2configs/IM.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
<stockholm/lass/2configs/radio.nix>
<stockholm/lass/2configs/repo-sync.nix>
diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix
deleted file mode 100644
index 7d3dfd428..000000000
--- a/lass/2configs/IM.nix
+++ /dev/null
@@ -1,73 +0,0 @@
-with (import <stockholm/lib>);
-{ config, lib, pkgs, ... }:
-
-let
- tmux = pkgs.writeDash "tmux" ''
- exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
- set-option -g prefix `
- unbind-key C-b
- bind ` send-prefix
-
- set-option -g status off
- set-option -g default-terminal screen-256color
-
- #use session instead of windows
- bind-key c new-session
- bind-key p switch-client -p
- bind-key n switch-client -n
- bind-key C-s switch-client -l
- ''} "$@"
- '';
-in {
-
- services.bitlbee = {
- enable = true;
- portNumber = 6666;
- plugins = [
- pkgs.bitlbee-facebook
- pkgs.bitlbee-steam
- pkgs.bitlbee-discord
- ];
- libpurple_plugins = [ pkgs.telegram-purple ];
- };
-
- users.extraUsers.chat = {
- home = "/home/chat";
- uid = genid "chat";
- useDefaultShell = true;
- createHome = true;
- openssh.authorizedKeys.keys = with config.krebs.users; [
- lass.pubkey
- lass-shodan.pubkey
- lass-icarus.pubkey
- lass-android.pubkey
- lass-helios.pubkey
- ];
- };
-
- # mosh
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
- { predicate = "-p tcp --dport 9999"; target = "ACCEPT";}
- ];
-
- systemd.services.chat = {
- description = "chat environment setup";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- restartIfChanged = false;
-
- path = [
- pkgs.rxvt_unicode.terminfo
- ];
-
- serviceConfig = {
- User = "chat";
- RemainAfterExit = true;
- Type = "oneshot";
- ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
- ExecStop = "${tmux} kill-session -t IM";
- };
- };
-}
From 4277c251906100bc103808af7a674fe2fbb3851b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 21 May 2018 08:28:08 +0200
Subject: [PATCH 65/65] l prism.r: add wireguard config
---
lass/1systems/prism/config.nix | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 6d03a2694..7a9537b64 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -309,6 +309,34 @@ with import <stockholm/lib>;
{ v6 = false; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "MASQUERADE"; }
];
}
+ {
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p udp --dport 51820"; target = "ACCEPT"; }
+ ];
+ krebs.iptables.tables.nat.PREROUTING.rules = [
+ { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+ ];
+ krebs.iptables.tables.filter.FORWARD.rules = [
+ { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+ { v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
+ ];
+ krebs.iptables.tables.nat.POSTROUTING.rules = [
+ { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
+ ];
+ networking.wireguard.interfaces.wg0 = {
+ ips = [ "10.244.1.1/24" ];
+ listenPort = 51820;
+ privateKeyFile = (toString <secrets>) + "/wireguard.key";
+ allowedIPsAsRoutes = true;
+ peers = [
+ {
+ # lass-android
+ allowedIPs = [ "10.244.1.2/32" ];
+ publicKey = "63+ns9AGv6e6a8WgxiZNFEt1xQT0YKFlEHzRaYJWtmk=";
+ }
+ ];
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;