Merge remote-tracking branch 'prism/master'
This commit is contained in:
commit
38d2ff961f
|
@ -21,6 +21,7 @@ let
|
|||
./git.nix
|
||||
./go.nix
|
||||
./iptables.nix
|
||||
./kapacitor.nix
|
||||
./newsbot-js.nix
|
||||
./nginx.nix
|
||||
./nixpkgs.nix
|
||||
|
|
173
krebs/3modules/kapacitor.nix
Normal file
173
krebs/3modules/kapacitor.nix
Normal file
|
@ -0,0 +1,173 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with builtins;
|
||||
with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
cfg = config.krebs.kapacitor;
|
||||
|
||||
out = {
|
||||
options.krebs.kapacitor = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
configOptions = recursiveUpdate {
|
||||
hostname = "localhost";
|
||||
data_dir = cfg.dataDir;
|
||||
http = {
|
||||
bind-address = ":9092";
|
||||
auth-enabled = false;
|
||||
log-enabled = false;
|
||||
gtgwrite-tracing = false;
|
||||
pprof-enabled = false;
|
||||
https-enabled = false;
|
||||
https-certificate = "/etc/ssl/kapacitor.pem";
|
||||
shutdown-timeout = "10s";
|
||||
shared-secret = "";
|
||||
};
|
||||
|
||||
replay ={
|
||||
dir = "${cfg.dataDir}/replay";
|
||||
};
|
||||
|
||||
storage = {
|
||||
boltdb = "${cfg.dataDir}/kapacitor.db";
|
||||
};
|
||||
|
||||
task = {
|
||||
dir = "${cfg.dataDir}/tasks";
|
||||
snapshot-interval = "1m0s";
|
||||
};
|
||||
|
||||
influxdb = [{
|
||||
enabled = true;
|
||||
name = "default";
|
||||
default = false;
|
||||
urls = ["http://localhost:8086"];
|
||||
username = "";
|
||||
password = "";
|
||||
ssl-ca = "";
|
||||
ssl-cert = "";
|
||||
ssl-key = "";
|
||||
insecure-skip-verify = false;
|
||||
timeout = "0s";
|
||||
disable-subscriptions = false;
|
||||
subscription-protocol = "http";
|
||||
udp-bind = "";
|
||||
udp-buffer = 1000;
|
||||
udp-read-buffer = 0;
|
||||
startup-timeout = "5m0s";
|
||||
subscriptions-sync-interval = "1m0s";
|
||||
influxdb.excluded-subscriptions = {
|
||||
_kapacitor = ["autogen"];
|
||||
};
|
||||
}];
|
||||
|
||||
logging = {
|
||||
file = "STDERR";
|
||||
level = "INFO";
|
||||
};
|
||||
|
||||
deadman = {
|
||||
interval = "10s";
|
||||
id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'";
|
||||
message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL.";
|
||||
global = false;
|
||||
};
|
||||
} cfg.extraConfig;
|
||||
|
||||
api = {
|
||||
enable = mkEnableOption "kapacitor";
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/kapacitor";
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.user;
|
||||
default = {
|
||||
name = "kapacitor";
|
||||
home = cfg.dataDir;
|
||||
};
|
||||
};
|
||||
group = mkOption {
|
||||
type = types.group;
|
||||
default = {
|
||||
name = "kapacitor";
|
||||
};
|
||||
};
|
||||
extraConfig = mkOption {
|
||||
type = types.attrs;
|
||||
default = {};
|
||||
};
|
||||
alarms = mkOption {
|
||||
type = with types; attrsOf (submodule {
|
||||
options = {
|
||||
database = mkOption {
|
||||
type = str;
|
||||
};
|
||||
text = mkOption {
|
||||
type = str;
|
||||
};
|
||||
};
|
||||
});
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
|
||||
configFile = pkgs.runCommand "kapacitor.toml" {} ''
|
||||
${pkgs.remarshal}/bin/remarshal -if json -of toml \
|
||||
< ${pkgs.writeText "kapacitor.json" (builtins.toJSON configOptions)} \
|
||||
> $out
|
||||
'';
|
||||
|
||||
imp = {
|
||||
users = {
|
||||
groups.${cfg.group.name} = {
|
||||
inherit (cfg.group) name gid;
|
||||
};
|
||||
users.${cfg.user.name} = {
|
||||
inherit (cfg.user) home name uid;
|
||||
createHome = true;
|
||||
group = cfg.group.name;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.kapacitor = {
|
||||
description = "kapacitor";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
restartIfChanged = true;
|
||||
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
User = cfg.user.name;
|
||||
ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${configFile}";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.kapacitor-alarms = {
|
||||
description = "kapacitor-alarms";
|
||||
after = [ "kapacitor.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
restartIfChanged = true;
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = cfg.user.name;
|
||||
ExecStart = pkgs.writeDash "add_alarms" ''
|
||||
${pkgs.kapacitor}/bin/kapacitor delete tasks \*
|
||||
${concatStrings (mapAttrsToList (name: alarm: ''
|
||||
${pkgs.kapacitor}/bin/kapacitor define ${name} \
|
||||
-type batch \
|
||||
-tick ${pkgs.writeText "${name}.tick" alarm.text} \
|
||||
-dbrp ${alarm.database}.default
|
||||
${pkgs.kapacitor}/bin/kapacitor enable ${name}
|
||||
'') cfg.alarms)}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
in out
|
|
@ -302,7 +302,9 @@ with import <stockholm/lib>;
|
|||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
|
||||
};
|
||||
|
||||
iso = {
|
||||
cores = 1;
|
||||
};
|
||||
};
|
||||
users = {
|
||||
lass = {
|
||||
|
|
|
@ -118,7 +118,7 @@ rec {
|
|||
};
|
||||
|
||||
url-title = (buildSimpleReaktorPlugin "url-title" {
|
||||
pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+)$$";
|
||||
pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$";
|
||||
path = with pkgs; [ curl perl ];
|
||||
script = pkgs.writeDash "lambda-pl" ''
|
||||
if [ "$#" -gt 0 ]; then
|
||||
|
|
|
@ -45,12 +45,11 @@ with import <stockholm/lib>;
|
|||
buildbot-worker = callPackage ./buildbot/worker.nix {};
|
||||
|
||||
# https://github.com/proot-me/PRoot/issues/106
|
||||
proot = overrideDerivation pkgs.proot (oldAttrs: {
|
||||
patches = singleton (pkgs.fetchurl {
|
||||
url = https://github.com/openmole/PRoot/commit/10119a1f1fd7dea012464ae176c2b5fc3eb18928.diff;
|
||||
sha256 = "0cmd95mz8p5ifjvfvi4g9zzyxqddbscxin2j3a9zbmbjl2wi458g";
|
||||
});
|
||||
});
|
||||
proot = pkgs.writeScriptBin "proot" ''
|
||||
#!${pkgs.dash}/bin/dash
|
||||
export PROOT_NO_SECCOMP=1
|
||||
exec ${pkgs.proot}/bin/proot "$@"
|
||||
'';
|
||||
|
||||
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
|
||||
symlinkJoin = { name, paths, ... }@args: let
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ stdenv, lib, fetchurl, gtk, glib, libSM, gdk_pixbuf, libX11, libXinerama, iproute,
|
||||
{ stdenv, lib, fetchurl, gnome3, glib, libSM, gdk_pixbuf, libX11, libXinerama, iproute,
|
||||
makeWrapper, libredirect, ppp, coreutils, gawk, pango }:
|
||||
stdenv.mkDerivation rec {
|
||||
name = "forticlientsslvpn";
|
||||
|
@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
|
|||
];
|
||||
|
||||
guiLibPath = lib.makeLibraryPath [
|
||||
gtk
|
||||
gnome3.gtk
|
||||
glib
|
||||
libSM
|
||||
gdk_pixbuf
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
{ stdenv, lib, fetchFromGitHub, buildGoPackage }:
|
||||
|
||||
buildGoPackage rec {
|
||||
name = "kapacitor-${version}";
|
||||
version = "1.0.0";
|
||||
|
||||
goPackagePath = "github.com/influxdata/kapacitor";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "influxdata";
|
||||
repo = "kapacitor";
|
||||
rev = "v${version}";
|
||||
sha256 = "14l9bhj6qdif79s4dyqqbnjgj3m4iarvw0ckld1wdhpdgvl8w9qh";
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
description = "Open source framework for processing, monitoring, and alerting on time series data";
|
||||
license = licenses.mit;
|
||||
homepage = https://influxdata.com/time-series-platform/kapacitor/;
|
||||
maintainers = with maintainers; [offline];
|
||||
platforms = with platforms; linux;
|
||||
};
|
||||
}
|
File diff suppressed because it is too large
Load diff
|
@ -1,27 +0,0 @@
|
|||
{ lib, buildGoPackage, fetchFromGitHub }:
|
||||
|
||||
buildGoPackage rec {
|
||||
name = "telegraf-${version}";
|
||||
version = "1.1.2";
|
||||
|
||||
goPackagePath = "github.com/influxdata/telegraf";
|
||||
|
||||
excludedPackages = "test";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "influxdata";
|
||||
repo = "telegraf";
|
||||
rev = "${version}";
|
||||
sha256 = "0dgrbdyz261j28wcq636125ha4xmfgh4y9shlg8m1y6jqdqd2zf2";
|
||||
};
|
||||
|
||||
goDeps = ./. + builtins.toPath "/deps-${version}.nix";
|
||||
|
||||
meta = with lib; {
|
||||
description = "The plugin-driven server agent for collecting & reporting metrics.";
|
||||
license = licenses.mit;
|
||||
homepage = https://www.influxdata.com/time-series-platform/telegraf/;
|
||||
maintainers = with maintainers; [ mic92 roblabla ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
|
@ -1,588 +0,0 @@
|
|||
# This file was generated by go2nix.
|
||||
[
|
||||
{
|
||||
goPackagePath = "github.com/Shopify/sarama";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/Shopify/sarama";
|
||||
rev = "8aadb476e66ca998f2f6bb3c993e9a2daa3666b9";
|
||||
sha256 = "1ndaddqcll9r22jg9x36acanxv5ds3xwahrm4b6nmmg06670gksv";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/Sirupsen/logrus";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/Sirupsen/logrus";
|
||||
rev = "219c8cb75c258c552e999735be6df753ffc7afdc";
|
||||
sha256 = "04v55846v1535dplldyjhr0yqxl6n1mr4kiy2vz3ragv92xpshr6";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/aerospike/aerospike-client-go";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/aerospike/aerospike-client-go";
|
||||
rev = "7f3a312c3b2a60ac083ec6da296091c52c795c63";
|
||||
sha256 = "05ancqplckvni9xp6xd4bv2pgkfa4v23svfcg27m8xinzi4ry219";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/amir/raidman";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/amir/raidman";
|
||||
rev = "53c1b967405155bfc8758557863bf2e14f814687";
|
||||
sha256 = "08a6zz4akkm7lk02w53vfhkxdf0ikv32x41rc4jyi2qaf0wyw6b4";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/aws/aws-sdk-go";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/aws/aws-sdk-go";
|
||||
rev = "13a12060f716145019378a10e2806c174356b857";
|
||||
sha256 = "09yl85kk2y4ayk44af5rbnkq4vy82vbh2z5ac4vpl2vgv7zyh46h";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/beorn7/perks";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/beorn7/perks";
|
||||
rev = "3ac7bf7a47d159a033b107610db8a1b6575507a4";
|
||||
sha256 = "1qc3l4r818xpvrhshh1sisc5lvl9479qspcfcdbivdyh0apah83r";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/cenkalti/backoff";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/cenkalti/backoff";
|
||||
rev = "4dc77674aceaabba2c7e3da25d4c823edfb73f99";
|
||||
sha256 = "0icf4vrgzksr0g8h6y00rd92h1mym6waf3mbqpf890bkw60gnm0w";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/couchbase/go-couchbase";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/couchbase/go-couchbase";
|
||||
rev = "cb664315a324d87d19c879d9cc67fda6be8c2ac1";
|
||||
sha256 = "1dfw1apwrlfwl7bahb6dy5g9z2vs431l4lpaj3k9bnm13p0awivr";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/couchbase/gomemcached";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/couchbase/gomemcached";
|
||||
rev = "a5ea6356f648fec6ab89add00edd09151455b4b2";
|
||||
sha256 = "00x57qqdv9ciyxiw2y6p4s65sfgi4cs6zi39qlqlw90nh133xnwi";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/couchbase/goutils";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/couchbase/goutils";
|
||||
rev = "5823a0cbaaa9008406021dc5daf80125ea30bba6";
|
||||
sha256 = "15v5ps2i2y2hczwxs2ci4c2w4p3pn3bl7vc5wlaqnc7i14f9285c";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/dancannon/gorethink";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/dancannon/gorethink";
|
||||
rev = "e7cac92ea2bc52638791a021f212145acfedb1fc";
|
||||
sha256 = "0f9gwsqf93qzvfpdwgam7vcfzrrkcj2s9ms4p056kcyxv9snwq3g";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/davecgh/go-spew";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/davecgh/go-spew";
|
||||
rev = "5215b55f46b2b919f50a1df0eaa5886afe4e3b3d";
|
||||
sha256 = "15h9kl73rdbzlfmsdxp13jja5gs7sknvqkpq2qizq3qv3nr1x8dk";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/docker/engine-api";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/docker/engine-api";
|
||||
rev = "8924d6900370b4c7e7984be5adc61f50a80d7537";
|
||||
sha256 = "1klimc3d1a2vfgl14a7js20ricpghq5jzvh8l46kf87ycjwc0q4n";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/docker/go-connections";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/docker/go-connections";
|
||||
rev = "f549a9393d05688dff0992ef3efd8bbe6c628aeb";
|
||||
sha256 = "0k1yf4bimmwxc0qiz997nagfmddbm8nwb0c1q16387m8lgw1gbwg";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/docker/go-units";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/docker/go-units";
|
||||
rev = "5d2041e26a699eaca682e2ea41c8f891e1060444";
|
||||
sha256 = "0hn8xdbaykp046inc4d2mwig5ir89ighma8hk18dfkm8rh1vvr8i";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/eapache/go-resiliency";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/eapache/go-resiliency";
|
||||
rev = "b86b1ec0dd4209a588dc1285cdd471e73525c0b3";
|
||||
sha256 = "1kzv95bh3nidm2cr7iv9lk3s2qiw1i17n8gyl2x6xk6qv8b0bc21";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/eapache/queue";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/eapache/queue";
|
||||
rev = "ded5959c0d4e360646dc9e9908cff48666781367";
|
||||
sha256 = "0inclypw0kln8hsn34c5ww34h0qa9fcqwak93lac5dp59rz5430n";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/eclipse/paho.mqtt.golang";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/eclipse/paho.mqtt.golang";
|
||||
rev = "0f7a459f04f13a41b7ed752d47944528d4bf9a86";
|
||||
sha256 = "13l6mrx9z859r4r7kpa9rsbf4ni7dn6xgz8iyv2xnz53pqffanjh";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/go-sql-driver/mysql";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/go-sql-driver/mysql";
|
||||
rev = "1fca743146605a172a266e1654e01e5cd5669bee";
|
||||
sha256 = "02vbq8j4r3skg3fmiv1wvjqh1542dr515w8f3d42b5lpwc1fsn38";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/gobwas/glob";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/gobwas/glob";
|
||||
rev = "49571a1557cd20e6a2410adc6421f85b66c730b5";
|
||||
sha256 = "16j7pdxajqrl20a737p7kgsngr2f7gkkpgqxxmfkrmgckgkc8cvk";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/golang/protobuf";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/golang/protobuf";
|
||||
rev = "552c7b9542c194800fd493123b3798ef0a832032";
|
||||
sha256 = "1zaw1xxnvgsvfcrv5xkn1f7p87vyh9i6mc44csl11fgc2hvqp6xm";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/golang/snappy";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/golang/snappy";
|
||||
rev = "d9eb7a3d35ec988b8585d4a0068e462c27d28380";
|
||||
sha256 = "0wynarlr1y8sm9y9l29pm9dgflxriiialpwn01066snzjxnpmbyn";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/gonuts/go-shellquote";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/gonuts/go-shellquote";
|
||||
rev = "e842a11b24c6abfb3dd27af69a17f482e4b483c2";
|
||||
sha256 = "19lbz7wl241bsyzsv2ai40b2vnj8c9nl107b6jf9gid3i6h0xydg";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/gorilla/context";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/gorilla/context";
|
||||
rev = "1ea25387ff6f684839d82767c1733ff4d4d15d0a";
|
||||
sha256 = "1nh1nzxcsgd215x4xn59wc4cbqfa8zvhvnnx5p8fkrn4bj1cgak4";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/gorilla/mux";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/gorilla/mux";
|
||||
rev = "c9e326e2bdec29039a3761c07bece13133863e1e";
|
||||
sha256 = "1bplp6v14isjdfpf8328k8bvkn35n451axkxlm822d9h5ccg47g6";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/hailocab/go-hostpool";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/hailocab/go-hostpool";
|
||||
rev = "e80d13ce29ede4452c43dea11e79b9bc8a15b478";
|
||||
sha256 = "05ld4wp3illkbgl043yf8jq9y1ld0zzvrcg8jdij129j50xgfxny";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/hashicorp/consul";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/hashicorp/consul";
|
||||
rev = "5aa90455ce78d4d41578bafc86305e6e6b28d7d2";
|
||||
sha256 = "1xas814kkhwnjg5ghhlkgygcgi5p7h6dczmpbrzzh3yygbfdzxgw";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/hpcloud/tail";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/hpcloud/tail";
|
||||
rev = "b2940955ab8b26e19d43a43c4da0475dd81bdb56";
|
||||
sha256 = "1x266pdfvcymsbdrdsns06qq5qfjb62z6h4512ylhakbm64qkn4s";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/influxdata/config";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/influxdata/config";
|
||||
rev = "b79f6829346b8d6e78ba73544b1e1038f1f1c9da";
|
||||
sha256 = "0k4iywy83n3kq2f58a41rjinj03wp1di67aacpf04p25qmf46c4z";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/influxdata/influxdb";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/influxdata/influxdb";
|
||||
rev = "fc57c0f7c635df3873f3d64f0ed2100ddc94d5ae";
|
||||
sha256 = "07cv1gryp4a84a2acgc8k8alr7jw4jwphf12cby8jjy1br35jrbq";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/influxdata/toml";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/influxdata/toml";
|
||||
rev = "af4df43894b16e3fd2b788d01bd27ad0776ef2d0";
|
||||
sha256 = "1faf51s89sk1z41qfsazmddgwll7jq9xna67k3h3vry86c4vs2j4";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/influxdata/wlog";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/influxdata/wlog";
|
||||
rev = "7c63b0a71ef8300adc255344d275e10e5c3a71ec";
|
||||
sha256 = "04kw4kivxvr3kkmghj3427b1xyhzbhnfr971qfn3lv2vvhs8kpfl";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/kardianos/osext";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/kardianos/osext";
|
||||
rev = "29ae4ffbc9a6fe9fb2bc5029050ce6996ea1d3bc";
|
||||
sha256 = "1mawalaz84i16njkz6f9fd5jxhcbxkbsjnav3cmqq2dncv2hyv8a";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/kardianos/service";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/kardianos/service";
|
||||
rev = "5e335590050d6d00f3aa270217d288dda1c94d0a";
|
||||
sha256 = "1g10qisgywfqj135yyiq63pnbjgr201gz929ydlgyzqq6yk3bn3h";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/klauspost/crc32";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/klauspost/crc32";
|
||||
rev = "19b0b332c9e4516a6370a0456e6182c3b5036720";
|
||||
sha256 = "0fcnsf1m0bzplgp28dz8skza6l7rc65s180x85rzbdl9l3zzi43r";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/lib/pq";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/lib/pq";
|
||||
rev = "e182dc4027e2ded4b19396d638610f2653295f36";
|
||||
sha256 = "1636v3snixapjf7rbjq0xn1sbym7hwckqfla0dm5cr4a5q4fw5cj";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/matttproud/golang_protobuf_extensions";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/matttproud/golang_protobuf_extensions";
|
||||
rev = "d0c3fe89de86839aecf2e0579c40ba3bb336a453";
|
||||
sha256 = "0jkjgpi1s8l9bdbf14fh8050757jqy36kn1l1hxxlb2fjn1pcg0r";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/miekg/dns";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/miekg/dns";
|
||||
rev = "cce6c130cdb92c752850880fd285bea1d64439dd";
|
||||
sha256 = "098gadhfjiijlgq497gbccvf26xrmjvln1fws56m0ljcgszq3jdx";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/mreiferson/go-snappystream";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/mreiferson/go-snappystream";
|
||||
rev = "028eae7ab5c4c9e2d1cb4c4ca1e53259bbe7e504";
|
||||
sha256 = "0jdd5whp74nvg35d9hzydsi3shnb1vrnd7shi9qz4wxap7gcrid6";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/naoina/go-stringutil";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/naoina/go-stringutil";
|
||||
rev = "6b638e95a32d0c1131db0e7fe83775cbea4a0d0b";
|
||||
sha256 = "00831p1wn3rimybk1z8l30787kn1akv5jax5wx743nn76qcmkmc6";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/nats-io/nats";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/nats-io/nats";
|
||||
rev = "ea8b4fd12ebb823073c0004b9f09ac8748f4f165";
|
||||
sha256 = "0i5f6n9k0d2vzdy20sqygmss5j45y72irxsi80grjsh7qkxa6vn1";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/nats-io/nuid";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/nats-io/nuid";
|
||||
rev = "a5152d67cf63cbfb5d992a395458722a45194715";
|
||||
sha256 = "0fphar5bz735wwa7549j31nxnm5a9dyw472gs9zafz0cv7g8np40";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/nsqio/go-nsq";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/nsqio/go-nsq";
|
||||
rev = "0b80d6f05e15ca1930e0c5e1d540ed627e299980";
|
||||
sha256 = "1zi9jazjfzilp2g0xy30dlx9nd9g47cjqrnqxallly97mz9n01xr";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/opencontainers/runc";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/opencontainers/runc";
|
||||
rev = "89ab7f2ccc1e45ddf6485eaa802c35dcf321dfc8";
|
||||
sha256 = "1rnaqcsww7plr430r4ksv9si4l91l25li0bwa1b03g3sn2shirk1";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/prometheus/client_golang";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/prometheus/client_golang";
|
||||
rev = "18acf9993a863f4c4b40612e19cdd243e7c86831";
|
||||
sha256 = "1gyjvwnvgyl0fs4hd2vp5hj1dsafhwb2h55w8zgzdpshvhwrpmhv";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/prometheus/client_model";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/prometheus/client_model";
|
||||
rev = "fa8ad6fec33561be4280a8f0514318c79d7f6cb6";
|
||||
sha256 = "11a7v1fjzhhwsl128znjcf5v7v6129xjgkdpym2lial4lac1dhm9";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/prometheus/common";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/prometheus/common";
|
||||
rev = "e8eabff8812b05acf522b45fdcd725a785188e37";
|
||||
sha256 = "08magd2aw7dqaa8bbv85404zvy120ify61msfpy75az5rdl5anxq";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/prometheus/procfs";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/prometheus/procfs";
|
||||
rev = "406e5b7bfd8201a36e2bb5f7bdae0b03380c2ce8";
|
||||
sha256 = "0yla9hz15pg63394ygs9iiwzsqyv29labl8p424hijwsc9z9nka8";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/samuel/go-zookeeper";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/samuel/go-zookeeper";
|
||||
rev = "218e9c81c0dd8b3b18172b2bbfad92cc7d6db55f";
|
||||
sha256 = "1v0m6wn83v4pbqz6hs7z1h5hbjk7k6npkpl7icvcxdcjd7rmyjp2";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/shirou/gopsutil";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/shirou/gopsutil";
|
||||
rev = "4d0c402af66c78735c5ccf820dc2ca7de5e4ff08";
|
||||
sha256 = "1wkp7chzpz6brq2y0k2mvsf0iaknns279wfsjn5gm6gvih49lqni";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/soniah/gosnmp";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/soniah/gosnmp";
|
||||
rev = "3fe3beb30fa9700988893c56a63b1df8e1b68c26";
|
||||
sha256 = "0a0vlxx1plqj9fi863wd8ajbzl705wgma4qk75v949azgn1yx9ib";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/streadway/amqp";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/streadway/amqp";
|
||||
rev = "b4f3ceab0337f013208d31348b578d83c0064744";
|
||||
sha256 = "1whcg2l6w2q7xrkk8q5y95i90ckq72bpgksii9ibrpyixbx7p5xp";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/stretchr/testify";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/stretchr/testify";
|
||||
rev = "1f4a1643a57e798696635ea4c126e9127adb7d3c";
|
||||
sha256 = "0nam9d68rn8ha8ldif22kkgv6k6ph3y88fp26159wdrs63ca3bzl";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/vjeantet/grok";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/vjeantet/grok";
|
||||
rev = "83bfdfdfd1a8146795b28e547a8e3c8b28a466c2";
|
||||
sha256 = "03zdcg9gy482gbasa7sw4cpw1k1n3dr2q06q80qnkqn268p7hp80";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/wvanbergen/kafka";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/wvanbergen/kafka";
|
||||
rev = "46f9a1cf3f670edec492029fadded9c2d9e18866";
|
||||
sha256 = "1czmbilprffdbwnrq4wcllaqknbq91l6p0ni6b55fkaggnwck694";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/wvanbergen/kazoo-go";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/wvanbergen/kazoo-go";
|
||||
rev = "0f768712ae6f76454f987c3356177e138df258f8";
|
||||
sha256 = "1paaayg03nknbnl3kdl0ybqv4llz7iwry7f29i0bh9srb6c87x16";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/yuin/gopher-lua";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/yuin/gopher-lua";
|
||||
rev = "bf3808abd44b1e55143a2d7f08571aaa80db1808";
|
||||
sha256 = "02m7ly5yzc3snvxlfl9j4ggwd7v0kpvy3pqgqbfr7scdjxdap4nm";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/zensqlmonitor/go-mssqldb";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/zensqlmonitor/go-mssqldb";
|
||||
rev = "ffe5510c6fa5e15e6d983210ab501c815b56b363";
|
||||
sha256 = "079x8ms8lv5p6253ppaxva37k6w04xnd38y8763rr2giswxqzlkl";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "golang.org/x/crypto";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://go.googlesource.com/crypto";
|
||||
rev = "c197bcf24cde29d3f73c7b4ac6fd41f4384e8af6";
|
||||
sha256 = "1y2bbghi594m8p4pcm9pwrzql06179xj6zvhaghwcc6y0l48rbgp";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "golang.org/x/net";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://go.googlesource.com/net";
|
||||
rev = "6acef71eb69611914f7a30939ea9f6e194c78172";
|
||||
sha256 = "1fcsv50sbq0lpzrhx3m9jw51wa255fsbqjwsx9iszq4d0gysnnvc";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "golang.org/x/text";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://go.googlesource.com/text";
|
||||
rev = "a71fd10341b064c10f4a81ceac72bcf70f26ea34";
|
||||
sha256 = "1igxqrgnnb6983fl0yck0xal2hwnkcgbslr7cxyrg7a65vawd0q1";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "gopkg.in/dancannon/gorethink.v1";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://gopkg.in/dancannon/gorethink.v1";
|
||||
rev = "7d1af5be49cb5ecc7b177bf387d232050299d6ef";
|
||||
sha256 = "0036hcadshka19bcqmq4mm9ssl9qhsx1n96lj1y24mh9g1api8fi";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "gopkg.in/fatih/pool.v2";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://gopkg.in/fatih/pool.v2";
|
||||
rev = "cba550ebf9bce999a02e963296d4bc7a486cb715";
|
||||
sha256 = "1jlrakgnpvhi2ny87yrsj1gyrcncfzdhypa9i2mlvvzqlj4r0dn0";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "gopkg.in/mgo.v2";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://gopkg.in/mgo.v2";
|
||||
rev = "d90005c5262a3463800497ea5a89aed5fe22c886";
|
||||
sha256 = "1z81k6mnfk07hkrkw31l16qycyiwa6wzyhysmywgkh58sm5dc9m7";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "gopkg.in/yaml.v2";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://gopkg.in/yaml.v2";
|
||||
rev = "a83829b6f1293c91addabc89d0571c246397bbf4";
|
||||
sha256 = "1m4dsmk90sbi17571h6pld44zxz7jc4lrnl4f27dpd1l8g5xvjhh";
|
||||
};
|
||||
}
|
||||
]
|
152
lass/1systems/iso.nix
Normal file
152
lass/1systems/iso.nix
Normal file
|
@ -0,0 +1,152 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
|
||||
../../krebs
|
||||
../3modules
|
||||
../5pkgs
|
||||
../2configs/binary-cache/client.nix
|
||||
../2configs/mc.nix
|
||||
../2configs/nixpkgs.nix
|
||||
../2configs/vim.nix
|
||||
{
|
||||
krebs.enable = true;
|
||||
krebs.build.user = config.krebs.users.lass;
|
||||
krebs.build.host = config.krebs.hosts.iso;
|
||||
krebs.build.source.nixos-config.symlink = "stockholm/lass/1systems/${config.krebs.buil.host.name}.nix";
|
||||
}
|
||||
{
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
}
|
||||
{
|
||||
users.extraUsers = {
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.lass-shodan.pubkey
|
||||
config.krebs.users.lass-icarus.pubkey
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
environment.extraInit = ''
|
||||
EDITOR=vim
|
||||
'';
|
||||
}
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
#stockholm
|
||||
git
|
||||
gnumake
|
||||
jq
|
||||
parallel
|
||||
proot
|
||||
populate
|
||||
|
||||
#style
|
||||
most
|
||||
rxvt_unicode.terminfo
|
||||
|
||||
#monitoring tools
|
||||
htop
|
||||
iotop
|
||||
|
||||
#network
|
||||
iptables
|
||||
iftop
|
||||
|
||||
#stuff for dl
|
||||
aria2
|
||||
|
||||
#neat utils
|
||||
krebspaste
|
||||
pciutils
|
||||
pop
|
||||
psmisc
|
||||
q
|
||||
rs
|
||||
tmux
|
||||
untilport
|
||||
usbutils
|
||||
|
||||
#unpack stuff
|
||||
p7zip
|
||||
unzip
|
||||
unrar
|
||||
|
||||
#data recovery
|
||||
ddrescue
|
||||
ntfs3g
|
||||
dosfstools
|
||||
];
|
||||
}
|
||||
{
|
||||
programs.bash = {
|
||||
enableCompletion = true;
|
||||
interactiveShellInit = ''
|
||||
HISTCONTROL='erasedups:ignorespace'
|
||||
HISTSIZE=65536
|
||||
HISTFILESIZE=$HISTSIZE
|
||||
|
||||
shopt -s checkhash
|
||||
shopt -s histappend histreedit histverify
|
||||
shopt -s no_empty_cmd_completion
|
||||
complete -d cd
|
||||
'';
|
||||
promptInit = ''
|
||||
if test $UID = 0; then
|
||||
PS1='\[\033[1;31m\]\w\[\033[0m\] '
|
||||
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
|
||||
elif test $UID = 1337; then
|
||||
PS1='\[\033[1;32m\]\w\[\033[0m\] '
|
||||
PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
|
||||
else
|
||||
PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
|
||||
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
|
||||
fi
|
||||
if test -n "$SSH_CLIENT"; then
|
||||
PS1='\[\033[35m\]\h'" $PS1"
|
||||
PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
|
||||
fi
|
||||
'';
|
||||
};
|
||||
}
|
||||
{
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
hostKeys = [
|
||||
# XXX bits here make no science
|
||||
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
krebs.iptables = {
|
||||
enable = true;
|
||||
tables = {
|
||||
nat.PREROUTING.rules = [
|
||||
{ predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
|
||||
{ predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
|
||||
];
|
||||
nat.OUTPUT.rules = [
|
||||
{ predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
|
||||
];
|
||||
filter.INPUT.policy = "DROP";
|
||||
filter.FORWARD.policy = "DROP";
|
||||
filter.INPUT.rules = [
|
||||
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
|
||||
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
|
||||
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
|
||||
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
|
||||
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
|
||||
{ predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
|
||||
{ predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
|
@ -215,7 +215,8 @@ in {
|
|||
}
|
||||
{
|
||||
krebs.repo-sync.timerConfig = {
|
||||
OnCalendar = "*:0/5";
|
||||
OnUnitInactiveSec = "5min";
|
||||
RandomizedDelaySec = "2min";
|
||||
};
|
||||
}
|
||||
{
|
||||
|
|
|
@ -66,7 +66,6 @@ in {
|
|||
youtube-tools
|
||||
|
||||
rxvt_unicode
|
||||
termite
|
||||
#window manager stuff
|
||||
#haskellPackages.xmobar
|
||||
#haskellPackages.yeganesh
|
||||
|
|
|
@ -11,7 +11,7 @@ let
|
|||
|
||||
in {
|
||||
config.krebs.buildbot.master = let
|
||||
stockholm-mirror-url = http://cgit.prism/stockholm ;
|
||||
stockholm-mirror-url = http://cgit.lassul.us/stockholm ;
|
||||
in {
|
||||
workers = {
|
||||
testworker = "lasspass";
|
||||
|
|
|
@ -17,7 +17,7 @@ let
|
|||
|
||||
muttrc = pkgs.writeText "muttrc" ''
|
||||
# gpg
|
||||
source ${pkgs.mutt-kz}/share/doc/mutt-kz/samples/gpg.rc
|
||||
source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
|
||||
set pgp_use_gpg_agent = yes
|
||||
set pgp_sign_as = 0x976A7E4D
|
||||
set crypt_autosign = yes
|
||||
|
@ -99,7 +99,7 @@ let
|
|||
'';
|
||||
|
||||
mutt = pkgs.writeDashBin "mutt" ''
|
||||
exec ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@
|
||||
exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@
|
||||
'';
|
||||
|
||||
in {
|
||||
|
|
|
@ -1,94 +1,35 @@
|
|||
{pkgs, config, ...}:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
lass.telegraf = {
|
||||
services.telegraf = {
|
||||
enable = true;
|
||||
interval = "1s";
|
||||
|
||||
|
||||
outputs = ''
|
||||
[outputs.influxdb]
|
||||
urls = ["http://prism:8086"]
|
||||
database = "telegraf_db"
|
||||
user_agent = "telegraf"
|
||||
'';
|
||||
inputs = [
|
||||
''
|
||||
[cpu]
|
||||
percpu = false
|
||||
totalcpu = true
|
||||
drop = ["cpu_time"]
|
||||
''
|
||||
''
|
||||
[[inputs.mem]]
|
||||
''
|
||||
''
|
||||
[[inputs.ping]]
|
||||
urls = ["8.8.8.8"]
|
||||
''
|
||||
''
|
||||
[[inputs.net]]
|
||||
''
|
||||
''
|
||||
[[inputs.dns_query]]
|
||||
servers = ["8.8.8.8"]
|
||||
''
|
||||
];
|
||||
extraConfig = {
|
||||
agent.interval = "1s";
|
||||
outputs = {
|
||||
influxdb = {
|
||||
urls = ["http://prism:8086"];
|
||||
database = "telegraf_db";
|
||||
user_agent = "telegraf";
|
||||
};
|
||||
};
|
||||
inputs = {
|
||||
cpu = {
|
||||
percpu = false;
|
||||
totalcpu = true;
|
||||
};
|
||||
mem = {};
|
||||
net = {};
|
||||
};
|
||||
};
|
||||
};
|
||||
systemd.services.telegraf.path = with pkgs; [
|
||||
iputils
|
||||
lm_sensors
|
||||
];
|
||||
|
||||
services.collectd = {
|
||||
services.journalbeat = {
|
||||
enable = true;
|
||||
autoLoadPlugin = true;
|
||||
extraConfig = ''
|
||||
Hostname ${config.krebs.build.host.name}
|
||||
LoadPlugin load
|
||||
LoadPlugin disk
|
||||
LoadPlugin memory
|
||||
Interval 30.0
|
||||
|
||||
LoadPlugin interface
|
||||
<Plugin "interface">
|
||||
Interface "*Link"
|
||||
Interface "lo"
|
||||
Interface "vboxnet*"
|
||||
Interface "virbr*"
|
||||
IgnoreSelected true
|
||||
</Plugin>
|
||||
|
||||
LoadPlugin df
|
||||
<Plugin "df">
|
||||
MountPoint "/nix/store"
|
||||
FSType "tmpfs"
|
||||
FSType "binfmt_misc"
|
||||
FSType "debugfs"
|
||||
FSType "mqueue"
|
||||
FSType "hugetlbfs"
|
||||
FSType "systemd-1"
|
||||
FSType "cgroup"
|
||||
FSType "securityfs"
|
||||
FSType "ramfs"
|
||||
FSType "proc"
|
||||
FSType "devpts"
|
||||
FSType "devtmpfs"
|
||||
MountPoint "/var/lib/docker/devicemapper"
|
||||
IgnoreSelected true
|
||||
</Plugin>
|
||||
|
||||
LoadPlugin cpu
|
||||
<Plugin cpu>
|
||||
ReportByCpu true
|
||||
ReportByState true
|
||||
ValuesPercentage true
|
||||
</Plugin>
|
||||
|
||||
LoadPlugin network
|
||||
<Plugin "network">
|
||||
Server "prism" "25826"
|
||||
</Plugin>
|
||||
output.elasticsearch:
|
||||
hosts: ["prism:9200"]
|
||||
template.enabled: false
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
{pkgs, config, ...}:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
services.influxdb = {
|
||||
enable = true;
|
||||
};
|
||||
services.influxdb.enable = true;
|
||||
|
||||
services.influxdb.extraConfig = {
|
||||
meta.hostname = config.krebs.build.host.name;
|
||||
# meta.logging-enabled = true;
|
||||
http.bind-address = ":8086";
|
||||
admin.bind-address = ":8083";
|
||||
http.log-enabled = false;
|
||||
monitoring = {
|
||||
enabled = false;
|
||||
# write-interval = "24h";
|
||||
|
@ -22,45 +21,79 @@ with import <stockholm/lib>;
|
|||
}];
|
||||
};
|
||||
|
||||
lass.kapacitor =
|
||||
krebs.kapacitor =
|
||||
let
|
||||
db = "telegraf_db";
|
||||
echoToIrc = pkgs.writeDash "echo_irc" ''
|
||||
set -euf
|
||||
data="$(${pkgs.jq}/bin/jq -r .message)"
|
||||
export LOGNAME=prism-alarm
|
||||
${pkgs.irc-announce}/bin/irc-announce \
|
||||
irc.freenode.org 6667 prism-alarm \#krebs-bots "$data" >/dev/null
|
||||
ni.r 6667 prism-alarm \#retiolum "$data" >/dev/null
|
||||
'';
|
||||
in {
|
||||
enable = true;
|
||||
alarms = {
|
||||
test2 = ''
|
||||
batch
|
||||
|query(${"'''"}
|
||||
SELECT mean("usage_user") AS mean
|
||||
FROM "${config.lass.kapacitor.check_db}"."default"."cpu"
|
||||
${"'''"})
|
||||
.every(3m)
|
||||
.period(1m)
|
||||
.groupBy('host')
|
||||
|alert()
|
||||
.crit(lambda: "mean" > 90)
|
||||
// Whenever we get an alert write it to a file.
|
||||
.log('/tmp/alerts.log')
|
||||
.exec('${echoToIrc}')
|
||||
'';
|
||||
cpu = {
|
||||
database = db;
|
||||
text = ''
|
||||
var data = batch
|
||||
|query(${"'''"}
|
||||
SELECT mean("usage_user") AS mean
|
||||
FROM "${db}"."default"."cpu"
|
||||
${"'''"})
|
||||
.period(10m)
|
||||
.every(1m)
|
||||
.groupBy('host')
|
||||
data |alert()
|
||||
.crit(lambda: "mean" > 90)
|
||||
.exec('${echoToIrc}')
|
||||
data |deadman(1.0,5m)
|
||||
.stateChangesOnly()
|
||||
.exec('${echoToIrc}')
|
||||
'';
|
||||
};
|
||||
ram = {
|
||||
database = db;
|
||||
text = ''
|
||||
var data = batch
|
||||
|query(${"'''"}
|
||||
SELECT mean("used_percent") AS mean
|
||||
FROM "${db}"."default"."mem"
|
||||
${"'''"})
|
||||
.period(10m)
|
||||
.every(1m)
|
||||
.groupBy('host')
|
||||
data |alert()
|
||||
.crit(lambda: "mean" > 90)
|
||||
.exec('${echoToIrc}')
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; }
|
||||
];
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
addr = "0.0.0.0";
|
||||
auth.anonymous.enable = true;
|
||||
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
|
||||
};
|
||||
|
||||
services.elasticsearch = {
|
||||
enable = true;
|
||||
listenAddress = "0.0.0.0";
|
||||
};
|
||||
|
||||
services.kibana = {
|
||||
enable = true;
|
||||
listenAddress = "0.0.0.0";
|
||||
};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp -i retiolum --dport 9200"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp -i retiolum --dport 5601"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
|
|
|
@ -10,10 +10,6 @@ let
|
|||
arbor|http://feeds2.feedburner.com/asert/|#news
|
||||
archlinux|http://www.archlinux.org/feeds/news/|#news
|
||||
ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news
|
||||
asiaone_asia|http://news.asiaone.com/rss/asia|#news
|
||||
asiaone_business|http://business.asiaone.com/rss.xml|#news
|
||||
asiaone_sci|http://news.asiaone.com/rss/science-and-tech|#news
|
||||
asiaone_world|http://news.asiaone.com/rss/world|#news
|
||||
augustl|http://augustl.com/atom.xml|#news
|
||||
bbc|http://feeds.bbci.co.uk/news/rss.xml|#news
|
||||
bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag
|
||||
|
@ -78,7 +74,6 @@ let
|
|||
heise|http://heise.de.feedsportal.com/c/35207/f/653902/index.rss|#news
|
||||
hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial
|
||||
hindu|http://www.thehindu.com/?service=rss|#news
|
||||
hintergrund|http://www.hintergrund.de/index.php?option=com_bca-rss-syndicator&feed_id=8|#news
|
||||
ign|http://feeds.ign.com/ign/all|#news
|
||||
independent|http://www.independent.com/rss/headlines/|#news
|
||||
indymedia|http://de.indymedia.org/RSS/newswire.xml|#news
|
||||
|
|
|
@ -3,6 +3,6 @@
|
|||
{
|
||||
krebs.build.source.nixpkgs.git = {
|
||||
url = https://github.com/nixos/nixpkgs;
|
||||
ref = "5fff5a902594b34471b613eb2babcec923e1e1f1";
|
||||
ref = "f7b7d8e";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -49,7 +49,7 @@ let
|
|||
mirror.url = "${mirror}${name}";
|
||||
};
|
||||
lassulus = {
|
||||
origin.url = "http://cgit.prism/${name}";
|
||||
origin.url = "http://cgit.lassul.us/${name}";
|
||||
mirror.url = "${mirror}${name}";
|
||||
};
|
||||
"@latest" = {
|
||||
|
@ -102,6 +102,7 @@ in {
|
|||
(sync-retiolum "go")
|
||||
(sync-retiolum "much")
|
||||
(sync-retiolum "newsbot-js")
|
||||
(sync-retiolum "populate")
|
||||
(sync-retiolum "stockholm")
|
||||
(sync-retiolum "wai-middleware-time")
|
||||
(sync-retiolum "web-routes-wai-custom")
|
||||
|
|
|
@ -118,8 +118,7 @@ in {
|
|||
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
|
||||
{ from = "jms@ubikmedia.eu"; to = "jms"; }
|
||||
{ from = "ms@ubikmedia.eu"; to = "ms"; }
|
||||
{ from = "nrg@ubikmedia.eu"; to = "nrg"; }
|
||||
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms, nrg"; }
|
||||
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
|
||||
|
||||
{ from = "testuser@lassul.us"; to = "testuser"; }
|
||||
];
|
||||
|
@ -161,13 +160,6 @@ in {
|
|||
createHome = true;
|
||||
};
|
||||
|
||||
users.users.nrg = {
|
||||
uid = genid_signed "nrg";
|
||||
home = "/home/nrg";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
users.users.testuser = {
|
||||
uid = genid_signed "testuser";
|
||||
home = "/home/testuser";
|
||||
|
|
|
@ -6,10 +6,7 @@ _:
|
|||
./hosts.nix
|
||||
./mysql-backup.nix
|
||||
./umts.nix
|
||||
./urxvtd.nix
|
||||
./usershadow.nix
|
||||
./xresources.nix
|
||||
./kapacitor.nix
|
||||
./telegraf.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,143 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with builtins;
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.lass.kapacitor;
|
||||
|
||||
out = {
|
||||
options.lass.kapacitor = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkEnableOption "kapacitor";
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/kapacitor";
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "kapacitor";
|
||||
};
|
||||
logLevel = mkOption {
|
||||
type = types.enum ["DEBUG" "INFO" "WARN" "ERROR" "OFF"];
|
||||
default = "INFO";
|
||||
};
|
||||
alarms = mkOption {
|
||||
type = with types; attrsOf str;
|
||||
default = {};
|
||||
};
|
||||
check_db = mkOption {
|
||||
type = types.str;
|
||||
default = "all_data";
|
||||
};
|
||||
config = mkOption {
|
||||
type = types.str;
|
||||
#TODO: find a good default
|
||||
default = ''
|
||||
hostname = "localhost"
|
||||
data_dir = "${cfg.dataDir}"
|
||||
|
||||
[http]
|
||||
bind-address = ":9092"
|
||||
auth-enabled = false
|
||||
log-enabled = true
|
||||
write-tracing = false
|
||||
pprof-enabled = false
|
||||
https-enabled = false
|
||||
https-certificate = "/etc/ssl/kapacitor.pem"
|
||||
shutdown-timeout = "10s"
|
||||
shared-secret = ""
|
||||
|
||||
[replay]
|
||||
dir = "${cfg.dataDir}/replay"
|
||||
|
||||
[storage]
|
||||
boltdb = "${cfg.dataDir}/kapacitor.db"
|
||||
|
||||
[task]
|
||||
dir = "${cfg.dataDir}/tasks"
|
||||
snapshot-interval = "1m0s"
|
||||
|
||||
[[influxdb]]
|
||||
enabled = true
|
||||
name = "default"
|
||||
default = false
|
||||
urls = ["http://localhost:8086"]
|
||||
username = ""
|
||||
password = ""
|
||||
ssl-ca = ""
|
||||
ssl-cert = ""
|
||||
ssl-key = ""
|
||||
insecure-skip-verify = false
|
||||
timeout = "0s"
|
||||
disable-subscriptions = false
|
||||
subscription-protocol = "http"
|
||||
udp-bind = ""
|
||||
udp-buffer = 1000
|
||||
udp-read-buffer = 0
|
||||
startup-timeout = "5m0s"
|
||||
subscriptions-sync-interval = "1m0s"
|
||||
[influxdb.subscriptions]
|
||||
[influxdb.excluded-subscriptions]
|
||||
_kapacitor = ["autogen"]
|
||||
|
||||
[logging]
|
||||
file = "STDERR"
|
||||
level = "${cfg.logLevel}"
|
||||
|
||||
[deadman]
|
||||
interval = "10s"
|
||||
threshold = 0.0
|
||||
id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'"
|
||||
message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL."
|
||||
global = false
|
||||
'';
|
||||
description = "configuration kapacitor is started with";
|
||||
};
|
||||
};
|
||||
|
||||
configFile = pkgs.writeText "kapacitor.conf" cfg.config;
|
||||
|
||||
imp = {
|
||||
|
||||
systemd.services.kapacitor = {
|
||||
description = "kapacitor";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
restartIfChanged = true;
|
||||
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${configFile}";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.kapacitor-alarms = {
|
||||
description = "kapacitor-alarms";
|
||||
after = [ "kapacitor.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
restartIfChanged = true;
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = pkgs.writeDash "add_alarms" ''
|
||||
${pkgs.kapacitor}/bin/kapacitor delete tasks \*
|
||||
${concatStrings (mapAttrsToList (name: alarm: ''
|
||||
${pkgs.kapacitor}/bin/kapacitor define ${name} \
|
||||
-type batch \
|
||||
-tick ${pkgs.writeText "${name}.tick" alarm} \
|
||||
-dbrp ${cfg.check_db}.default
|
||||
${pkgs.kapacitor}/bin/kapacitor enable ${name}
|
||||
'') cfg.alarms)}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
in out
|
|
@ -1,84 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with builtins;
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.lass.telegraf;
|
||||
|
||||
out = {
|
||||
options.lass.telegraf = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkEnableOption "telegraf";
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/telegraf";
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "telegraf";
|
||||
};
|
||||
outputs = mkOption {
|
||||
type = types.str;
|
||||
default = ''
|
||||
[outputs.influxdb]
|
||||
urls = ["http://localhost:8086"]
|
||||
database = "telegraf_db"
|
||||
user_agent = "telegraf"
|
||||
'';
|
||||
};
|
||||
inputs = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = [
|
||||
''
|
||||
[cpu]
|
||||
percpu = false
|
||||
totalcpu = true
|
||||
drop = ["cpu_time"]
|
||||
''
|
||||
];
|
||||
};
|
||||
interval = mkOption {
|
||||
type = types.str;
|
||||
default = "10s";
|
||||
};
|
||||
config = mkOption {
|
||||
type = types.str;
|
||||
#TODO: find a good default
|
||||
default = ''
|
||||
[agent]
|
||||
interval = "${cfg.interval}"
|
||||
|
||||
[outputs]
|
||||
|
||||
${cfg.outputs}
|
||||
|
||||
${concatStringsSep "\n" cfg.inputs}
|
||||
|
||||
'';
|
||||
description = "configuration telegraf is started with";
|
||||
};
|
||||
};
|
||||
|
||||
configFile = pkgs.writeText "telegraf.conf" cfg.config;
|
||||
|
||||
imp = {
|
||||
|
||||
systemd.services.telegraf = {
|
||||
description = "telegraf";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
restartIfChanged = true;
|
||||
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
ExecStart = "${pkgs.telegraf}/bin/telegraf -config ${configFile}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
in out
|
|
@ -1,55 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
in
|
||||
|
||||
with builtins;
|
||||
with lib;
|
||||
|
||||
{
|
||||
options = {
|
||||
services.urxvtd = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Enable urxvtd per user";
|
||||
};
|
||||
users = mkOption {
|
||||
type = types.listOf types.string;
|
||||
default = [];
|
||||
description = "users to run urxvtd for";
|
||||
};
|
||||
urxvtPackage = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.rxvt_unicode;
|
||||
description = "urxvt package to use";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config =
|
||||
let
|
||||
cfg = config.services.urxvtd;
|
||||
users = cfg.users;
|
||||
urxvt = cfg.urxvtPackage;
|
||||
mkService = user: {
|
||||
description = "urxvt terminal daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
restartIfChanged = false;
|
||||
path = [ pkgs.xlibs.xrdb ];
|
||||
environment = {
|
||||
DISPLAY = ":0";
|
||||
URXVT_PERL_LIB = "${urxvt}/lib/urxvt/perl";
|
||||
};
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
User = user;
|
||||
ExecStart = "${urxvt}/bin/urxvtd";
|
||||
};
|
||||
};
|
||||
in
|
||||
mkIf cfg.enable {
|
||||
environment.systemPackages = [ urxvt ];
|
||||
systemd.services = listToAttrs (map (u: { name = "${u}-urxvtd"; value = mkService u; }) users);
|
||||
};
|
||||
}
|
|
@ -129,7 +129,6 @@ myKeyMap =
|
|||
, ("M4-<Esc>", toggleWS)
|
||||
, ("M4-S-<Enter>", spawn urxvtcPath)
|
||||
, ("M4-x", floatNext True >> spawn urxvtcPath)
|
||||
, ("M4-z", floatNext True >> spawn "${pkgs.termite}/bin/termite")
|
||||
, ("M4-f", floatNext True)
|
||||
, ("M4-b", sendMessage ToggleStruts)
|
||||
|
||||
|
|
|
@ -143,7 +143,6 @@ with import <stockholm/lib>;
|
|||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
nano = pkgs.runCommand "empty" {} "mkdir -p $out";
|
||||
tinc = pkgs.tinc_pre;
|
||||
gnupg1compat = super.gnupg1compat.override { gnupg = self.gnupg21; };
|
||||
};
|
||||
|
||||
services.cron.enable = false;
|
||||
|
|
Loading…
Reference in a new issue