From b01ce7bdd916b0a9bc60904450aeb3f46d2c7810 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 12 Dec 2019 23:29:19 +0100 Subject: [PATCH 01/82] move filebitch.r from makefu to krebs namespace --- krebs/3modules/krebs/default.nix | 23 ++++++++++++++++++++ krebs/3modules/makefu/default.nix | 8 ------- krebs/3modules/makefu/retiolum/filebitch.pub | 8 ------- 3 files changed, 23 insertions(+), 16 deletions(-) delete mode 100644 krebs/3modules/makefu/retiolum/filebitch.pub diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 72c16711c..1b7d971f9 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -34,6 +34,29 @@ with import ; }); in { hosts = mapAttrs hostDefaults ({ + filebitch = { + ci = true; + cores = 4; + nets = { + retiolum = { + ip4.addr = "10.243.189.130"; + aliases = [ "filebitch.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA8ZSLsOlPy9Vd8XdEcIoP8H3rztsbB0McTYPGhUaZ6/aqcD/MBSQa + FT9NZS0+N0Pev7y90As6Rj5Wrom92xlThcFPaX0Dzmzz+7363M4qtlrtmmWkx2FX + VDrPOYbe4hGGOCsPNOTNJkcW4zs2Ym5YKbZeXHfnuqCW+yuhKBCgO9slc740jkHZ + 5xuv5zbU3ZMRk1H8xi4+cQcHqh+1PY75lJxVSNvrbe5pvGxm9yVdp235b49ohDRU + UfUjXmymPlnfJgTOMxmHwl+UmwYR4Yw2CZKXTjbJe5HjbykleTwUb1qyijM8suJf + eXRyma8VGILcY6K/HmE4nz7ESAlI1c+QlwIDAQAB + -----END RSA PUBLIC KEY----- + Ed25519PublicKey = NPjEmo1dkxNS2Xm7qUyWhLKdFYF4MnhIM79NPQELWHC + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRpjW68lSlTL8jBQcXKOTdGa+olQw5ghaU5df2yAE64"; + }; hotdog = { ci = true; nets = { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index f9e8d485c..dcfee59b3 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -283,14 +283,6 @@ in { }; }; - filebitch = rec { - cores = 4; - nets = { - retiolum = { - ip4.addr = "10.243.189.130"; - }; - }; - }; shackdev = rec { # router@shack cores = 1; diff --git a/krebs/3modules/makefu/retiolum/filebitch.pub b/krebs/3modules/makefu/retiolum/filebitch.pub deleted file mode 100644 index fe31accda..000000000 --- a/krebs/3modules/makefu/retiolum/filebitch.pub +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN RSA PUBLIC KEY----- -MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d -fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs -e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1 -KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99 -oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf -wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB ------END RSA PUBLIC KEY----- From 262c350bae84d73ca48b2371fb9403113e097abd Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 29 Dec 2019 13:35:33 +0100 Subject: [PATCH 02/82] ma pkgs.studio-link: use autoPatchelfHook --- makefu/5pkgs/studio-link/default.nix | 64 +++++++++------------------- 1 file changed, 19 insertions(+), 45 deletions(-) diff --git a/makefu/5pkgs/studio-link/default.nix b/makefu/5pkgs/studio-link/default.nix index 6fa40139b..8c796b43b 100644 --- a/makefu/5pkgs/studio-link/default.nix +++ b/makefu/5pkgs/studio-link/default.nix @@ -1,44 +1,13 @@ -{ stdenv, fetchurl, buildFHSUserEnv, writeTextFile, alsaLib, atk, cairo, cups -, dbus, expat, fontconfig, freetype, gcc, gdk_pixbuf, glib, gnome2, gtk2, nspr -, nss, pango, systemd, xorg, utillinuxMinimal, unzip, openssl, zlib, libjack2 }: +{ stdenv +, fetchurl +, alsaLib +, unzip +, openssl_1_0_2 +, zlib +, libjack2 +, autoPatchelfHook +}: -let - libPath = stdenv.lib.makeLibraryPath [ - alsaLib - atk - cairo - cups - dbus - expat - fontconfig - freetype - gcc.cc - gdk_pixbuf - glib - gnome2.GConf - gtk2 - nspr - nss - pango - - openssl - zlib - libjack2 - - systemd - xorg.libX11 - xorg.libXScrnSaver - xorg.libXcomposite - xorg.libXcursor - xorg.libXdamage - xorg.libXext - xorg.libXfixes - xorg.libXi - xorg.libXrandr - xorg.libXrender - xorg.libXtst - ]; -in stdenv.mkDerivation rec { name = "studio-link-${version}"; version = "17.03.1-beta"; @@ -46,19 +15,24 @@ stdenv.mkDerivation rec { url = "https://github.com/Studio-Link-v2/backend/releases/download/v${version}/studio-link-standalone-linux.zip"; sha256 = "1y21nymin7iy64hcffc8g37fv305b1nvmh944hkf7ipb06kcx6r9"; }; - buildInputs = [ unzip ]; - phases = ["unpackPhase" "installPhase" "fixupPhase"]; + nativeBuildInputs = [ unzip autoPatchelfHook ]; + buildInputs = [ + alsaLib + + openssl_1_0_2 + zlib + libjack2 + ]; + unpackPhase = '' unzip $src ''; + installPhase = '' mkdir -p $out/bin cp studio-link-standalone $out/bin/studio-link chmod +x $out/bin/studio-link ''; - postFixup = '' - patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) --set-rpath "${libPath}:\$ORIGIN" "$out/bin/studio-link" - ''; meta = with stdenv.lib; { homepage = https://studio-link.com; From e91943a34b9777d5e69dfecb186f2e1cd9203b90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 3 Jan 2020 10:25:06 +0000 Subject: [PATCH 03/82] move mic92's hosts to external files --- krebs/3modules/default.nix | 1 + krebs/3modules/external/default.nix | 331 -------------------------- krebs/3modules/external/mic92.nix | 347 ++++++++++++++++++++++++++++ 3 files changed, 348 insertions(+), 331 deletions(-) create mode 100644 krebs/3modules/external/mic92.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index fcdbcbc19..6f06f4510 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -105,6 +105,7 @@ let { krebs = import ./makefu { inherit config; }; } { krebs = import ./nin { inherit config; }; } { krebs = import ./external/palo.nix { inherit config; }; } + { krebs = import ./external/mic92.nix { inherit config; }; } { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 821859f3c..6e3ac9f5c 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -68,103 +68,6 @@ in { }; }; }; - dpdkm = { - owner = config.krebs.users.Mic92; - nets = rec { - retiolum = { - ip4.addr = "10.243.29.173"; - aliases = [ "dpdkm.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj - NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp - qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP - X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn - f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa - bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL - Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T - B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w - tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n - dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls - mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - eddie = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - # eddie.thalheim.io - ip4.addr = "129.215.197.11"; - aliases = [ "eddie.i" ]; - }; - retiolum = { - via = internet; - addrs = [ - config.krebs.hosts.eddie.nets.retiolum.ip4.addr - config.krebs.hosts.eddie.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.170"; - aliases = [ "eddie.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d - j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm - 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF - 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua - KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq - iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t - 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD - kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u - hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay - pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ - lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.subnets = [ - # edinburgh university - "129.215.0.0/16" - ]; - }; - }; - }; - eve = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - # eve.thalheim.io - ip4.addr = "95.216.112.61"; - ip6.addr = "2a01:4f9:2b:1605::1"; - aliases = [ "eve.i" ]; - }; - retiolum = { - via = internet; - addrs = [ - config.krebs.hosts.eve.nets.retiolum.ip4.addr - config.krebs.hosts.eve.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.174"; - aliases = [ "eve.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH - XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 - 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk - 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI - +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 - dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW - pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP - c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi - YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI - 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 - Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; homeros = { owner = config.krebs.users.kmein; nets = { @@ -255,190 +158,6 @@ in { }; }; }; - rose = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - ip4.addr = "129.215.165.52"; - aliases = [ "rose.i" ]; - }; - retiolum = { - via = internet; - addrs = [ - config.krebs.hosts.rose.nets.retiolum.ip4.addr - config.krebs.hosts.rose.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.178"; - aliases = [ "rose.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA0h88uEcgVFhggGh3xqHySt8T+oDdoSN8ve4ZPmMzrGCD4dnlWcUO - 6uMiwE7XG667wvjB0J2RbCJ8n8/r6eQgp6sRfPzSQL/Mc74J+py+sOVOjjjL5wJX - btrYmASO3GKUSMhGmM0IiwHMIPrmUViaREDrweF3bUwK45d/ocqpBkc+nF27kksd - DMYjHMWRIkKuQaj592zo/kY1pAJ/yAvDPess0x1CLL6uDNbjTr2S/L7JHdzZs9Xq - 1+SGdVtqD0sWgSBKA0PC/Mi+Divd4PC1SoSL7wZRWD0Y2DNgj3+xUc7hAWRCw2Gs - 5wofK+qiwnyYAmeNYcyQfDLosKZF9hOM8U3UbxptkPLsOK3cfZoGoLQCuOryVDBe - 6GfJkJ49WfuSSNWs3WPWL6/6zmVPeGR0TvoMt02VQ3cKTmeIkWyTIzSVoC7wYv5D - Dl8Xt3aFr9UFI2GxenesViyuDLi8cy2fOsM3r+gowXQtgEKoXc9W2vyPwIIlcWUJ - QrKVsyNlkKKL0YjsnGazaEvqdiE30/Iq7f7VBnXnWXRLnZhr85HbTdDQnpT4GcEv - W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ - 0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - martha = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - ip4.addr = "129.215.165.53"; - aliases = [ "martha.i" ]; - }; - retiolum = { - via = internet; - addrs = [ - config.krebs.hosts.martha.nets.retiolum.ip4.addr - config.krebs.hosts.martha.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.179"; - aliases = [ "martha.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA3lR3Wup2yd9SYs9n9a7lq/jXxlKdwjgp9gPEirLn3/XCFM7NpLIp - LRm3Wdplv0NWim4zI3AsdGmUBrV3y0Ugj48Td4RpXlOiFjS8NHnvRbamCZF7m/pJ - 3T/QpQx98+QEKXb3gZ5aDGgcHLRbUYUBuwFOxAKaikuDe2qJxqXqOmA7RXZDkEqe - FrQE/H1/+8HqJ1vhgZKi3Vu7zLRB1EV8nggWFjQKR8o0AeViLwM3OxFtGyKTaXuK - WAQrvSdKQDpQwqAPogyeftGesOfW7z0xrelkux10p42YM9epYvZDFRG97/nupw/S - iYGiTTFDBDTzpyT3zl1uwhmQ3re/nJXf5e4fgnZEcsweU8ysHtDhbimqrm9impVn - XdKnnuNa9F8VlyHCT2pVC9+WDKDNtA2M8f+8lG8/hoJ7hhp5HhBZ3ncROyQqOg4F - e6YtaFidi+fYXjQkdUXHv5FCkqFJnoxZdI2vwqU2DumltG/o+qsksI2WSsLsuMVs - sa4KUq0+5OsmCJnIAKWV2YwbLVf1tJMjPGA0jQECrHPL6SKobRefqav6MPuTbytC - 4frtEIGbfdKqQ6nNTvTpCrAo+WAm3NE3khTYqGe4LqX/JMoGtWXp/Ex9IdG+sflM - mESMjuHp9vPY4aZGPtYPP93Cxv3q7gm+EfIGebajISpaG28J+XjiNNsCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - donna = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - ip4.addr = "129.215.165.54"; - aliases = [ "donna.i" ]; - }; - retiolum = { - via = internet; - addrs = [ - config.krebs.hosts.donna.nets.retiolum.ip4.addr - config.krebs.hosts.donna.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.180"; - aliases = [ "donna.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAnv5zVPwjHk5Q72D3tv2rlQkp7SOsZD7Wvz8l1yI/mWkxoriJ9MVa - x8RziSB3KF8sF1lRWIKmuynkgLI3w0X/YFs/fAvtayxk6Qf8DOl23Vd8Is0h/i3I - 0fCmCEIHhHboKsREW6NxY7w5WAI2+SFNmGef1P7vzrAv7iLyPbo9nQ8wlrAmc+PJ - Ao3BOf4U7kP778fhsPA4dlGtF2v9CBhygeGVI/DQR8jcvzeiPd2Dr0k/JvrVMYtf - wJW4xUwZkIpws/yfI8b4VJOFl2X/Yw9712Z8Jvga0rR32OG4YbnggvuCMum1g94k - YwMjaSckv1XTalvPQuf1Od96XzwL2hjPFpEK3Tdl4AitMnArgj9HNzhcRL+eGonf - U24zk52OToHnoP3palNpodi7DziIBeXIaIMl7VMXku2ymbOUJsI6zeew+uZahJkv - QIWjxveQ8N40BoTc8Yg6pea1AId3l4f3brtwJbQOVbb3bVQ5VcrxM9Q/TBvyADYR - Knwszxw3uBw5Za1FMbwCPwd8/y/Ar19qGCx25xK0QnsyqZZT/cHsbBOTzh6BBWwI - IzbYu49VO/B1rktYzZ2l2ENQy6OILXWbvFjC8Pt8f1ZZQ4A21PyNA1AdyJ/rbVj7 - awm3OnnvKSvMCXWnwHPFHjksb3qMx96Aep1cw3ZBx0sQQ41UWBoOsi8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - amy = { - owner = config.krebs.users.Mic92; - nets = rec { - retiolum = { - addrs = [ - config.krebs.hosts.amy.nets.retiolum.ip4.addr - config.krebs.hosts.amy.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.181"; - aliases = [ "amy.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAr3jQRA1+hLKYVgHJA2ax5W8J3GVMTnaGpYw9Q2xXXrX/jxLZ6Ia8 - hBjIcCBDVL5Q3FnyrKB9NJeeIvCOKg8WG+8O0+wKcePKd0Vhbsx4Whog/6PWs6qh - q2sURs2tp1hjHks4kZo2WtiYD7Ue9HHdV6FlUO6yuBV0bW2RzHdLPCDSGxnQVkBM - tSwAvMCZwvVBiv4m6RyMXqmpdbAPBzgJcmJS0FY+zGxpiwsR/AdoVvnzYyFMCVpG - iFl5+k9OGhUJq72MwAXzjW5ZdCPrG+2Dd+QBhhtIMJGA2sJiJteT8vdvpTNCiHJ/ - HnW7movliN2mW86qwo7QqB5v0c9f9TjfpOld7sS/4vE3zlGi/Stf6SQWaoXez/u3 - /P9GzupcYgj76m8Z3j7BMHXCBw8iwP2pZpL9hnLdIyCcyLrzXDIzq4hlt60DPhSU - klTDBUA/cUdSJGcSn2N+WHLOTfI6qeBNKqcTk70OQsa69jAJeAtA+I9OprNYOXqb - MmQakNNlrTaNtGQxfQqEL+wqHlo8CVDGm3O9pQSNF309P4TLNU1EYm+ItScNiVCE - DKhcgvE6xHCwZnVyJN8MMy1CVyDmnHVYoaTEZ2cCvNi/hXIXgO9KWjSpAv5tP764 - UkOE4dlDpEW6G1pNf84BERfRYGDj29A/Jk9LJC/6D09QJXNu18HR0sUCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - clara = { - owner = config.krebs.users.Mic92; - nets = rec { - retiolum = { - addrs = [ - config.krebs.hosts.clara.nets.retiolum.ip4.addr - config.krebs.hosts.clara.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.182"; - aliases = [ "clara.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA07G1n2sA804nnjWQzq0Fi9i6kxJUo+jVJjtkm5unw3hjflAAd/3d - WN+01GdJCk/gr7DfU/Xr5KnR39Z3ADoT1tbUb+i5AJZ5/8VHUwWM8D8mQAam6LBf - UEeLxhVH8rG6lHaKwVi9oe4gPhgptUOzX/YIlJOMYDlYRxc7Wbj7YQOAKlPuTAjY - Z5bLswfkqTMO0cioJNwwMCNWSMJf3jbKi3eTQ36sf7TDMEneNGSBUpeSjGddoNT/ - rrVIDDT8tGmtACKr+3Y0H+EA2K5IxdQKKfnPRR31RBWiTkEXBbaJzYO/ZV5/xlbN - wmblskwq9d9IwDY7qeMctci+ZUZ3epG8MUwYa4faOrgmmkQpa5B+6UOMzw/WDJEc - jTfvSzfPo4anoj8C+MOQYzRvYmp60YEZKomv2BQdBvpGIpUul8WAR2aV0K+wz66e - mUamljAXmLiPxgGKduX5VFVuXzYxeMiBBujQCLTjc+xTB2EdwihxNX1rkxz10BDc - WrgPV+/VVyThKhOvVCifWARHtT2VGcZazfQOW/y3ZmEPOYuc5ZvrSEiMeG3f64+v - UU8cQZ3yBLIhTtC+38pRlsdBQHt526q0j0rrnd30JXVAUdWBunP2UJ5QGtA8/mWn - cWSlvRf5sfbyrISz6+mLPM2qGHnCkKwORNxmv/1DY07O3Rn6hX0OY4ECAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - inspector = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - ip4.addr = "141.76.44.154"; - aliases = [ "inspector.i" ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.29.172"; - aliases = [ "inspector.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG - EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ - 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF - m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw - WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd - eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 - OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau - ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x - B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG - q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj - 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; justraute = { owner = config.krebs.users.raute; # laptop nets = { @@ -451,30 +170,6 @@ in { }; }; }; - matchbox = { - owner = config.krebs.users.Mic92; - nets = { - retiolum = { - ip4.addr = "10.243.29.176"; - aliases = [ "matchbox.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m - VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w - nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u - TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE - TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1 - yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO - 4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4 - Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/ - bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4 - nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR - /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; qubasa = { owner = config.krebs.users.qubasa; nets = { @@ -618,32 +313,6 @@ in { }; }; }; - turingmachine = { - owner = config.krebs.users.Mic92; - nets = { - retiolum = { - ip4.addr = "10.243.29.168"; - aliases = [ - "turingmachine.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C - t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9 - 6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8 - ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g - nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06 - 5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT - 1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1 - gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl - DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL - W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW - OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; uppreisn = { owner = config.krebs.users.ilmu; nets = { diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix new file mode 100644 index 000000000..6b409aa7b --- /dev/null +++ b/krebs/3modules/external/mic92.nix @@ -0,0 +1,347 @@ +with import ; +{ config, ... }: let + hostDefaults = hostName: host: flip recursiveUpdate host ({ + ci = false; + external = true; + monitoring = false; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + }); +in { + hosts = mapAttrs hostDefaults { + amy = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.amy.nets.retiolum.ip4.addr + config.krebs.hosts.amy.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.181"; + aliases = [ "amy.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAr3jQRA1+hLKYVgHJA2ax5W8J3GVMTnaGpYw9Q2xXXrX/jxLZ6Ia8 + hBjIcCBDVL5Q3FnyrKB9NJeeIvCOKg8WG+8O0+wKcePKd0Vhbsx4Whog/6PWs6qh + q2sURs2tp1hjHks4kZo2WtiYD7Ue9HHdV6FlUO6yuBV0bW2RzHdLPCDSGxnQVkBM + tSwAvMCZwvVBiv4m6RyMXqmpdbAPBzgJcmJS0FY+zGxpiwsR/AdoVvnzYyFMCVpG + iFl5+k9OGhUJq72MwAXzjW5ZdCPrG+2Dd+QBhhtIMJGA2sJiJteT8vdvpTNCiHJ/ + HnW7movliN2mW86qwo7QqB5v0c9f9TjfpOld7sS/4vE3zlGi/Stf6SQWaoXez/u3 + /P9GzupcYgj76m8Z3j7BMHXCBw8iwP2pZpL9hnLdIyCcyLrzXDIzq4hlt60DPhSU + klTDBUA/cUdSJGcSn2N+WHLOTfI6qeBNKqcTk70OQsa69jAJeAtA+I9OprNYOXqb + MmQakNNlrTaNtGQxfQqEL+wqHlo8CVDGm3O9pQSNF309P4TLNU1EYm+ItScNiVCE + DKhcgvE6xHCwZnVyJN8MMy1CVyDmnHVYoaTEZ2cCvNi/hXIXgO9KWjSpAv5tP764 + UkOE4dlDpEW6G1pNf84BERfRYGDj29A/Jk9LJC/6D09QJXNu18HR0sUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + clara = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.clara.nets.retiolum.ip4.addr + config.krebs.hosts.clara.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.182"; + aliases = [ "clara.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA07G1n2sA804nnjWQzq0Fi9i6kxJUo+jVJjtkm5unw3hjflAAd/3d + WN+01GdJCk/gr7DfU/Xr5KnR39Z3ADoT1tbUb+i5AJZ5/8VHUwWM8D8mQAam6LBf + UEeLxhVH8rG6lHaKwVi9oe4gPhgptUOzX/YIlJOMYDlYRxc7Wbj7YQOAKlPuTAjY + Z5bLswfkqTMO0cioJNwwMCNWSMJf3jbKi3eTQ36sf7TDMEneNGSBUpeSjGddoNT/ + rrVIDDT8tGmtACKr+3Y0H+EA2K5IxdQKKfnPRR31RBWiTkEXBbaJzYO/ZV5/xlbN + wmblskwq9d9IwDY7qeMctci+ZUZ3epG8MUwYa4faOrgmmkQpa5B+6UOMzw/WDJEc + jTfvSzfPo4anoj8C+MOQYzRvYmp60YEZKomv2BQdBvpGIpUul8WAR2aV0K+wz66e + mUamljAXmLiPxgGKduX5VFVuXzYxeMiBBujQCLTjc+xTB2EdwihxNX1rkxz10BDc + WrgPV+/VVyThKhOvVCifWARHtT2VGcZazfQOW/y3ZmEPOYuc5ZvrSEiMeG3f64+v + UU8cQZ3yBLIhTtC+38pRlsdBQHt526q0j0rrnd30JXVAUdWBunP2UJ5QGtA8/mWn + cWSlvRf5sfbyrISz6+mLPM2qGHnCkKwORNxmv/1DY07O3Rn6hX0OY4ECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + donna = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + ip4.addr = "129.215.165.54"; + aliases = [ "donna.i" ]; + }; + retiolum = { + via = internet; + addrs = [ + config.krebs.hosts.donna.nets.retiolum.ip4.addr + config.krebs.hosts.donna.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.180"; + aliases = [ "donna.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAnv5zVPwjHk5Q72D3tv2rlQkp7SOsZD7Wvz8l1yI/mWkxoriJ9MVa + x8RziSB3KF8sF1lRWIKmuynkgLI3w0X/YFs/fAvtayxk6Qf8DOl23Vd8Is0h/i3I + 0fCmCEIHhHboKsREW6NxY7w5WAI2+SFNmGef1P7vzrAv7iLyPbo9nQ8wlrAmc+PJ + Ao3BOf4U7kP778fhsPA4dlGtF2v9CBhygeGVI/DQR8jcvzeiPd2Dr0k/JvrVMYtf + wJW4xUwZkIpws/yfI8b4VJOFl2X/Yw9712Z8Jvga0rR32OG4YbnggvuCMum1g94k + YwMjaSckv1XTalvPQuf1Od96XzwL2hjPFpEK3Tdl4AitMnArgj9HNzhcRL+eGonf + U24zk52OToHnoP3palNpodi7DziIBeXIaIMl7VMXku2ymbOUJsI6zeew+uZahJkv + QIWjxveQ8N40BoTc8Yg6pea1AId3l4f3brtwJbQOVbb3bVQ5VcrxM9Q/TBvyADYR + Knwszxw3uBw5Za1FMbwCPwd8/y/Ar19qGCx25xK0QnsyqZZT/cHsbBOTzh6BBWwI + IzbYu49VO/B1rktYzZ2l2ENQy6OILXWbvFjC8Pt8f1ZZQ4A21PyNA1AdyJ/rbVj7 + awm3OnnvKSvMCXWnwHPFHjksb3qMx96Aep1cw3ZBx0sQQ41UWBoOsi8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + dpdkm = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + ip4.addr = "10.243.29.173"; + aliases = [ "dpdkm.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj + NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp + qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP + X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn + f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa + bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL + Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T + B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w + tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n + dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls + mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + inspector = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + ip4.addr = "141.76.44.154"; + aliases = [ "inspector.i" ]; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.29.172"; + aliases = [ "inspector.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG + EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ + 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF + m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw + WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd + eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 + OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau + ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x + B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG + q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj + 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + eddie = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + # eddie.thalheim.io + ip4.addr = "129.215.197.11"; + aliases = [ "eddie.i" ]; + }; + retiolum = { + via = internet; + addrs = [ + config.krebs.hosts.eddie.nets.retiolum.ip4.addr + config.krebs.hosts.eddie.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.170"; + aliases = [ "eddie.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d + j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm + 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF + 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua + KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq + iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t + 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD + kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u + hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay + pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ + lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + eve = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + # eve.thalheim.io + ip4.addr = "95.216.112.61"; + ip6.addr = "2a01:4f9:2b:1605::1"; + aliases = [ "eve.i" ]; + }; + retiolum = { + via = internet; + addrs = [ + config.krebs.hosts.eve.nets.retiolum.ip4.addr + config.krebs.hosts.eve.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.174"; + aliases = [ "eve.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH + XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 + 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk + 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI + +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 + dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW + pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP + c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi + YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI + 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 + Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + # ohorn lan + tinc.subnets = [ "fd42:4492:6a6d:500:8526:2adf:7451:8bbb" ]; + }; + }; + }; + martha = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + ip4.addr = "129.215.165.53"; + aliases = [ "martha.i" ]; + }; + retiolum = { + via = internet; + addrs = [ + config.krebs.hosts.martha.nets.retiolum.ip4.addr + config.krebs.hosts.martha.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.179"; + aliases = [ "martha.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA3lR3Wup2yd9SYs9n9a7lq/jXxlKdwjgp9gPEirLn3/XCFM7NpLIp + LRm3Wdplv0NWim4zI3AsdGmUBrV3y0Ugj48Td4RpXlOiFjS8NHnvRbamCZF7m/pJ + 3T/QpQx98+QEKXb3gZ5aDGgcHLRbUYUBuwFOxAKaikuDe2qJxqXqOmA7RXZDkEqe + FrQE/H1/+8HqJ1vhgZKi3Vu7zLRB1EV8nggWFjQKR8o0AeViLwM3OxFtGyKTaXuK + WAQrvSdKQDpQwqAPogyeftGesOfW7z0xrelkux10p42YM9epYvZDFRG97/nupw/S + iYGiTTFDBDTzpyT3zl1uwhmQ3re/nJXf5e4fgnZEcsweU8ysHtDhbimqrm9impVn + XdKnnuNa9F8VlyHCT2pVC9+WDKDNtA2M8f+8lG8/hoJ7hhp5HhBZ3ncROyQqOg4F + e6YtaFidi+fYXjQkdUXHv5FCkqFJnoxZdI2vwqU2DumltG/o+qsksI2WSsLsuMVs + sa4KUq0+5OsmCJnIAKWV2YwbLVf1tJMjPGA0jQECrHPL6SKobRefqav6MPuTbytC + 4frtEIGbfdKqQ6nNTvTpCrAo+WAm3NE3khTYqGe4LqX/JMoGtWXp/Ex9IdG+sflM + mESMjuHp9vPY4aZGPtYPP93Cxv3q7gm+EfIGebajISpaG28J+XjiNNsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + matchbox = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.176"; + aliases = [ "matchbox.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m + VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w + nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u + TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE + TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1 + yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO + 4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4 + Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/ + bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4 + nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR + /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + # ohorn lan + tinc.subnets = [ "fd42:4492:6a6d:500::/64" ]; + }; + }; + }; + rose = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + ip4.addr = "129.215.165.52"; + aliases = [ "rose.i" ]; + }; + retiolum = { + via = internet; + addrs = [ + config.krebs.hosts.rose.nets.retiolum.ip4.addr + config.krebs.hosts.rose.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.178"; + aliases = [ "rose.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA0h88uEcgVFhggGh3xqHySt8T+oDdoSN8ve4ZPmMzrGCD4dnlWcUO + 6uMiwE7XG667wvjB0J2RbCJ8n8/r6eQgp6sRfPzSQL/Mc74J+py+sOVOjjjL5wJX + btrYmASO3GKUSMhGmM0IiwHMIPrmUViaREDrweF3bUwK45d/ocqpBkc+nF27kksd + DMYjHMWRIkKuQaj592zo/kY1pAJ/yAvDPess0x1CLL6uDNbjTr2S/L7JHdzZs9Xq + 1+SGdVtqD0sWgSBKA0PC/Mi+Divd4PC1SoSL7wZRWD0Y2DNgj3+xUc7hAWRCw2Gs + 5wofK+qiwnyYAmeNYcyQfDLosKZF9hOM8U3UbxptkPLsOK3cfZoGoLQCuOryVDBe + 6GfJkJ49WfuSSNWs3WPWL6/6zmVPeGR0TvoMt02VQ3cKTmeIkWyTIzSVoC7wYv5D + Dl8Xt3aFr9UFI2GxenesViyuDLi8cy2fOsM3r+gowXQtgEKoXc9W2vyPwIIlcWUJ + QrKVsyNlkKKL0YjsnGazaEvqdiE30/Iq7f7VBnXnWXRLnZhr85HbTdDQnpT4GcEv + W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ + 0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + turingmachine = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.168"; + aliases = [ + "turingmachine.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C + t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9 + 6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8 + ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g + nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06 + 5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT + 1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1 + gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl + DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL + W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW + OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + # ohorn lan + tinc.subnets = [ "fd42:4492:6a6d:500:f610:15d1:27a3:674b" ]; + }; + }; + }; + }; +} From f2b70dd6ecefea526023c34a3780f25eb2bdba03 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Jan 2020 16:36:02 +0100 Subject: [PATCH 04/82] nixpkgs: 45ea609 -> 2d94547 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 446f27007..964ebdea7 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "45ea60922036b7be302b95d107595f6eb5cd0675", - "date": "2019-12-10T12:38:05+01:00", - "sha256": "11wm7af6ab2979z8yrpcprb6d99kbrjq44a48ayi4a7c58a2xb6q", + "rev": "2d9454702e57a9f07020c0e5d0b81412ae2eded1", + "date": "2020-01-03T15:36:44-05:00", + "sha256": "0ifj1z21dbcpyc791k5sa93897w5ni0j0241bxddlgfnlikr7jh9", "fetchSubmodules": false } From 35a075153516e7cd38aacc6d5700622073b79411 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Jan 2020 16:38:23 +0100 Subject: [PATCH 05/82] nixpkgs-unstable: 3140fa8 -> e0470e1 --- krebs/nixpkgs-unstable.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index fa22e2747..43e764e9a 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "3140fa89c51233397f496f49014f6b23216667c2", - "date": "2019-12-05T01:28:43+01:00", - "sha256": "18p0d5lnfvzsyfah02mf6bi249990pfwnylwhqdh8qi70ncrk3f8", + "rev": "e0470e11c7a02f9e6e70f5ec5e1d9470c742b396", + "date": "2020-01-03T11:40:57-05:00", + "sha256": "1amczhr8m7lvxnxzwhfamz4ga78sgnyzdfr759iq26azkh6fa03a", "fetchSubmodules": false } From 5d360afeace33a1e83e44b5ff0b9e0da408a6b2f Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 4 Jan 2020 21:31:05 +0100 Subject: [PATCH 06/82] ma homeautomation: remove python3 pinning --- makefu/2configs/homeautomation/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/makefu/2configs/homeautomation/default.nix b/makefu/2configs/homeautomation/default.nix index c4fef1bfc..4e9ac0ee3 100644 --- a/makefu/2configs/homeautomation/default.nix +++ b/makefu/2configs/homeautomation/default.nix @@ -108,7 +108,6 @@ in { ]; services.home-assistant = { - package = pkgs.home-assistant.override { python3 = pkgs.python36; }; config = { homeassistant = { name = "Home"; time_zone = "Europe/Berlin"; From f491fac2025b2e99788be8e26181da1b26995e84 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Jan 2020 12:40:44 +0100 Subject: [PATCH 07/82] l gg23: remove deprecated hass override --- lass/2configs/gg23.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix index 2ec7b94d3..b23494b28 100644 --- a/lass/2configs/gg23.nix +++ b/lass/2configs/gg23.nix @@ -75,7 +75,6 @@ with import ; in { enable = true; package = pkgs.home-assistant.override { - python3 = pkgs.python36; #extraComponents = [ # (pkgs.fetchgit { # url = "https://github.com/marcschumacher/dwd_pollen"; From 1c6fafdaa0f43af0384d460ca8b47d15a30bec41 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 27 Nov 2019 09:52:53 +0100 Subject: [PATCH 08/82] krebs exim-smarthost: RIP slash16 --- krebs/2configs/exim-smarthost.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix index 698e20da1..224a38ac3 100644 --- a/krebs/2configs/exim-smarthost.nix +++ b/krebs/2configs/exim-smarthost.nix @@ -15,13 +15,12 @@ in { makefu tv ]; - eloop-ml = spam-ml ++ [ ciko ]; + eloop-ml = spam-ml; spam-ml = [ lass makefu tv ]; - ciko.mail = "ciko@slash16.net"; in { "anmeldung@eloop.org" = eloop-ml; "brain@krebsco.de" = brain-ml; From 20e44b103dc7d4bf1c5b68486c235c481b9c9587 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 29 Nov 2019 13:42:44 +0100 Subject: [PATCH 09/82] krops: 1.17.0 -> 1.18.0 --- submodules/krops | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/krops b/submodules/krops index 2dc172530..53dfb30af 160000 --- a/submodules/krops +++ b/submodules/krops @@ -1 +1 @@ -Subproject commit 2dc172530965ea4f1ead8ff166004c5734daee1f +Subproject commit 53dfb30af324408c34fc7f664a05992e186ca4e9 From e6d2e5d2033e4f53ede7006f1d8b20920e12cc87 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 29 Nov 2019 14:11:18 +0100 Subject: [PATCH 10/82] ci: redownload all repos --- krebs/3modules/ci.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index cbf24effe..7695667fd 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -135,6 +135,7 @@ let f_${name} = util.BuildFactory() f_${name}.addStep(steps.Git( repourl=util.Property('repository', '${head repo.urls}'), + method='clobber', mode='full', submodules=True, )) From e913c83c3a89f5299a426cade0df2b0513a58ecc Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Dec 2019 16:16:17 +0100 Subject: [PATCH 11/82] bepasty-server use python3 --- krebs/3modules/bepasty-server.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 4892a8723..ffa9a29e9 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -2,10 +2,10 @@ with import ; let - gunicorn = pkgs.python27Packages.gunicorn; - bepasty = pkgs.bepasty.override { python3Packages = pkgs.python27Packages; }; - gevent = pkgs.python27Packages.gevent; - python = pkgs.python27Packages.python; + gunicorn = pkgs.python3Packages.gunicorn; + bepasty = pkgs.bepasty; + gevent = pkgs.python3Packages.gevent; + python = pkgs.python3Packages.python; cfg = config.krebs.bepasty; out = { From c16e9c1cc847aa20b41684a11ab73c67829998d3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Dec 2019 16:23:19 +0100 Subject: [PATCH 12/82] l: remove archprism --- krebs/3modules/lass/default.nix | 38 --------------------------------- 1 file changed, 38 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 30c7b085f..00847071a 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -111,44 +111,6 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU"; }; - archprism = { - cores = 1; - nets = rec { - internet = { - ip4.addr = "46.4.114.247"; - aliases = [ - "archprism.i" - ]; - ssh.port = 45621; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.0.123"; - aliases = [ - "archprism.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6dK0jsPSb7kWMGjfyWbG - wQYYt8vi5pY/1/Ohk0iy84+mfb1SCJdm5IOC4WXgHtmfd468OluUpU5etAu13D3n - f0iDeCuohH0uTjP+EojnKrAXYTiTRpySqXjVmhaWwFyMAACFdzKFb9cgMoByrP0U - 5qruBcupK8Zwxt+Pe8IadRpPuOmz/bMYS7r+NKwybttoIX+YVm4myNzqdtMT77+H - BYR2mzW99T5YI54YZoCe0+XiIEQsosd6IL/9dP0+6vku6nHLD4qb81Q9AgaT+hte - s/ivHL+Fe2GULEQUi8aoEfXrPwnGFVY+QYxLw2G9A0Gfe9KnYBXDn99HXUGcFu2l - x7duN6mnT3WNC6VReh9m5+rPMnih/3l82W0tH1lBWUtdKcxx6yhkyUFgKOvkm4UP - gf1+EIpxf+bM7jlWylKGc+bD+dTMFV+tzHE6qHlcnzdZQrhYd0zjOXGnm4Kl1ec5 - GSlpmqTcjgR+42l6frAENo3fndqYw1WkDtswImDz3Wjuco7BiOULHTJvQN+Ao1DI - l2MQDOWJoN4eYIE4XPqLSvdOSavHQB2WGv+dFDDpWOxnDLNi19aubtynIfpGJXxV - L8s9kUTG00Hdv08BG06hGt0+2Sy1PTVniDcTftHKmEOPS6Y5rJzQih7JdakSUQCc - 6j/HwgWTf85Io/tbVMTNtkECAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; - }; - uriel = { monitoring = false; cores = 1; From 4a1ab9bf6516f455de30b782ab5fc0c3c55e983f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Dec 2019 16:26:04 +0100 Subject: [PATCH 13/82] update-nixpkgs-unstable: fix commit msg --- krebs/update-nixpkgs-unstable.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/update-nixpkgs-unstable.sh b/krebs/update-nixpkgs-unstable.sh index 068da5f6f..592023f20 100755 --- a/krebs/update-nixpkgs-unstable.sh +++ b/krebs/update-nixpkgs-unstable.sh @@ -6,4 +6,4 @@ nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --rev refs/heads/nixos-unstable' \ > $dir/nixpkgs-unstable.json newrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') -git commit $dir/nixpkgs.json -m "nixpkgs-unstable: $oldrev -> $newrev" +git commit $dir/nixpkgs-unstable.json -m "nixpkgs-unstable: $oldrev -> $newrev" From b77df86da81d20040d9a2c5bd1dee4ad750fa851 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 2 Dec 2019 01:11:37 +0100 Subject: [PATCH 14/82] iana-etc module: allow adding new services This fixes a bug which only allowed modifying existing services. --- krebs/3modules/iana-etc.nix | 40 +++++++++++++------------------------ 1 file changed, 14 insertions(+), 26 deletions(-) diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix index f6d47f27e..e8037128d 100644 --- a/krebs/3modules/iana-etc.nix +++ b/krebs/3modules/iana-etc.nix @@ -23,32 +23,20 @@ with import ; }; config.environment.etc = mkIf (config.krebs.iana-etc.services != {}) { - services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} '' - exec < ${pkgs.iana_etc}/etc/services - exec > $out - awk -F '[ /]+' ' - BEGIN { - port=0 - } - ${concatMapStringsSep "\n" (entry: '' - $2 == ${entry.port} { - port=$2 - next - } - port == ${entry.port} { - ${concatMapStringsSep "\n" - (proto: let - s = "${entry.${proto}.name} ${entry.port}/${proto}"; - in - "print ${toJSON s}") - (filter (proto: entry.${proto} != null) ["tcp" "udp"])} - port=0 - } - '') (attrValues config.krebs.iana-etc.services)} - { - print $0 - } - ' + services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} /* sh */ '' + { + ${concatMapStringsSep "\n" (entry: /* sh */ '' + ${concatMapStringsSep "\n" + (proto: let + line = "${entry.${proto}.name} ${entry.port}/${proto}"; + in /* sh */ '' + echo ${shell.escape line} + '') + (filter (proto: entry.${proto} != null) ["tcp" "udp"])} + '') (attrValues config.krebs.iana-etc.services)} + cat ${pkgs.iana_etc}/etc/services + } | + sort -b -k 2,2 -u > $out ''); }; From 02a134b019d00b94c29beaf6ce1fdf30dcec93dd Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 2 Dec 2019 01:15:57 +0100 Subject: [PATCH 15/82] tv im: configs -> modules --- tv/1systems/nomic/config.nix | 1 - tv/2configs/im.nix | 24 ------------ tv/3modules/default.nix | 1 + tv/3modules/im.nix | 72 ++++++++++++++++++++++++++++++++++++ 4 files changed, 73 insertions(+), 25 deletions(-) delete mode 100644 tv/2configs/im.nix create mode 100644 tv/3modules/im.nix diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix index a89f07e8a..86f9b7ec2 100644 --- a/tv/1systems/nomic/config.nix +++ b/tv/1systems/nomic/config.nix @@ -8,7 +8,6 @@ with import ; - diff --git a/tv/2configs/im.nix b/tv/2configs/im.nix deleted file mode 100644 index 82f1be042..000000000 --- a/tv/2configs/im.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; -{ - environment.systemPackages = with pkgs; [ - (pkgs.writeDashBin "im" '' - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') - ]; - services.bitlbee = { - enable = true; - plugins = [ - pkgs.bitlbee-facebook - ]; - }; -} diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index db2cdcd1f..5be1beef8 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -5,6 +5,7 @@ ./ejabberd ./focus.nix ./hosts.nix + ./im.nix ./iptables.nix ./slock.nix ./x0vncserver.nix diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix new file mode 100644 index 000000000..830c4baef --- /dev/null +++ b/tv/3modules/im.nix @@ -0,0 +1,72 @@ +{ config, pkgs, ... }: let + im = config.tv.im; + lib = import ; +in { + options = { + tv.im.client.enable = lib.mkEnableOption "tv.im.client" // { + default = config.krebs.build.host.name == im.client.host.name; + }; + tv.im.client.term = lib.mkOption { + default = "rxvt-unicode-256color"; + type = lib.types.filename; + }; + tv.im.client.useIPv6 = lib.mkEnableOption "tv.im.client.useIPv6" // { + default = true; + }; + tv.im.client.host = lib.mkOption { + default = config.krebs.hosts.xu; + type = lib.types.host; + }; + tv.im.client.user = lib.mkOption { + default = config.krebs.users.tv; + type = lib.types.user; + }; + + tv.im.server.enable = lib.mkEnableOption "tv.im.server" // { + default = config.krebs.build.host.name == im.server.host.name; + }; + tv.im.server.host = lib.mkOption { + default = config.krebs.hosts.nomic; + type = lib.types.host; + }; + tv.im.server.user = lib.mkOption { + default = config.krebs.users.tv; + type = lib.types.user; + }; + }; + imports = [ + (lib.mkIf im.client.enable { + users.users.${im.client.user.name}.packages = [ + (pkgs.writeDashBin "im" '' + exec ${pkgs.openssh}/bin/ssh \ + ${lib.optionalString im.client.useIPv6 "-6"} \ + ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \ + -t \ + im + '') + ]; + }) + (lib.mkIf im.server.enable { + services.bitlbee = { + enable = true; + plugins = [ + pkgs.bitlbee-facebook + ]; + }; + users.users.${im.server.user.name}.packages = [ + (pkgs.writeDashBin "im" '' + export PATH=${lib.makeSearchPath "bin" [ + pkgs.tmux + pkgs.gnugrep + pkgs.weechat + ]} + if tmux list-sessions -F\#S | grep -q '^im''$'; then + exec tmux attach -t im + else + exec tmux new -s im weechat + fi + '') + ]; + }) + ]; +} From 25c98596737ed085cc6297572c521434526bcc4e Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 2 Dec 2019 01:27:22 +0100 Subject: [PATCH 16/82] tv im: add mosh support --- tv/3modules/im.nix | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix index 830c4baef..905b7803b 100644 --- a/tv/3modules/im.nix +++ b/tv/3modules/im.nix @@ -29,6 +29,9 @@ in { default = config.krebs.hosts.nomic; type = lib.types.host; }; + tv.im.server.mosh.enable = lib.mkEnableOption "tv.im.server.mosh" // { + default = true; + }; tv.im.server.user = lib.mkOption { default = config.krebs.users.tv; type = lib.types.user; @@ -38,11 +41,18 @@ in { (lib.mkIf im.client.enable { users.users.${im.client.user.name}.packages = [ (pkgs.writeDashBin "im" '' - exec ${pkgs.openssh}/bin/ssh \ - ${lib.optionalString im.client.useIPv6 "-6"} \ - ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \ - -t \ - im + ${if im.server.mosh.enable then /* sh */ '' + exec ${pkgs.mosh}/bin/mosh \ + ${lib.optionalString im.client.useIPv6 "-6"} \ + ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \ + env TERM=${im.client.term} im + '' else /* sh */ '' + exec ${pkgs.openssh}/bin/ssh \ + ${lib.optionalString im.client.useIPv6 "-6"} \ + ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \ + -t \ + im + ''} '') ]; }) @@ -54,6 +64,7 @@ in { ]; }; users.users.${im.server.user.name}.packages = [ + pkgs.mosh (pkgs.writeDashBin "im" '' export PATH=${lib.makeSearchPath "bin" [ pkgs.tmux @@ -68,5 +79,19 @@ in { '') ]; }) + (lib.mkIf im.server.mosh.enable { + krebs.setuid.utempter = { + filename = "${pkgs.libutempter}/lib/utempter/utempter"; + owner = "nobody"; + group = "utmp"; + mode = "2111"; + }; + tv.iptables.extra4.filter.Retiolum = [ + "-s ${im.client.host.nets.retiolum.ip4.addr} -p udp --dport 60000:61000 -j ACCEPT" + ]; + tv.iptables.extra6.filter.Retiolum = [ + "-s ${im.client.host.nets.retiolum.ip6.addr} -p udp --dport 60000:61000 -j ACCEPT" + ]; + }) ]; } From 227c4b1aacda5715eea0a0627e1eac6349f6badd Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 2 Dec 2019 01:29:07 +0100 Subject: [PATCH 17/82] tv im: add weechat relay support --- tv/3modules/im.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix index 905b7803b..8cb137510 100644 --- a/tv/3modules/im.nix +++ b/tv/3modules/im.nix @@ -32,6 +32,8 @@ in { tv.im.server.mosh.enable = lib.mkEnableOption "tv.im.server.mosh" // { default = true; }; + tv.im.server.weechat.relay.enable = + lib.mkEnableOption "tv.im.server.weechat.relay"; tv.im.server.user = lib.mkOption { default = config.krebs.users.tv; type = lib.types.user; @@ -93,5 +95,16 @@ in { "-s ${im.client.host.nets.retiolum.ip6.addr} -p udp --dport 60000:61000 -j ACCEPT" ]; }) + (lib.mkIf im.server.weechat.relay.enable { + krebs.iana-etc.services = { + "9001".tcp.name = "weechat-ssl"; + }; + tv.iptables.extra4.filter.Retiolum = [ + "-s ${im.client.host.nets.retiolum.ip4.addr} -p tcp -m tcp --dport 9001 -j ACCEPT" + ]; + tv.iptables.extra6.filter.Retiolum = [ + "-s ${im.client.host.nets.retiolum.ip6.addr} -p tcp -m tcp --dport 9001 -j ACCEPT" + ]; + }) ]; } From b1d8a913d0b69f4d6dde7f793642527525e1cc55 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 2 Dec 2019 14:32:19 +0100 Subject: [PATCH 18/82] krops: 1.18.0 -> 1.18.1 --- submodules/krops | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/krops b/submodules/krops index 53dfb30af..f2f8cbf1a 160000 --- a/submodules/krops +++ b/submodules/krops @@ -1 +1 @@ -Subproject commit 53dfb30af324408c34fc7f664a05992e186ca4e9 +Subproject commit f2f8cbf1afcb2c26d11e5f82c0b523b2cb10205c From 285ad95f8a1916b365b7a1bd511154203c5bb0b3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:52:32 +0100 Subject: [PATCH 19/82] l blue.r: dont populate nixpkgs-unstable --- lass/1systems/blue/source.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index 1a98fc058..2b4158211 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -11,4 +11,7 @@ useChecksum = true; }; }); + nixpkgs-unstable = lib.mkForce { + file.path = "/var/empty"; + }; } From 16913ecb10bae9efb91a4fb82ebdaae860fb3f05 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:53:34 +0100 Subject: [PATCH 20/82] l hilum.r: mount nfs-dl --- lass/1systems/hilum/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix index f57d275d8..d4a389a4a 100644 --- a/lass/1systems/hilum/config.nix +++ b/lass/1systems/hilum/config.nix @@ -10,6 +10,7 @@ + ]; krebs.build.host = config.krebs.hosts.hilum; From 0addc58c4b7459927972e06f650fd067101affe5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:54:07 +0100 Subject: [PATCH 21/82] l icarus.r: add media center --- lass/1systems/icarus/config.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 86727700f..46f0892a2 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -1,5 +1,6 @@ { config, lib, pkgs, ... }: +with import ; { imports = [ @@ -21,6 +22,18 @@ ]; + #media center + users.users.media = { + isNormalUser = true; + uid = genid_uint31 "media"; + extraGroups = [ "video" "audio" ]; + }; + + services.xserver.displayManager.lightdm.autoLogin = { + enable = true; + user = "media"; + }; + krebs.build.host = config.krebs.hosts.icarus; programs.adb.enable = true; } From c592f64e4c81225edde5aff95a4d20c7f399f25e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:55:24 +0100 Subject: [PATCH 22/82] l prism.r: don't rebuild hotdog onchange --- lass/1systems/prism/config.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index f4c011dcf..3dd194436 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -110,14 +110,13 @@ with import ; systemd.services."container@hotdog".reloadIfChanged = mkForce false; containers.hotdog = { config = { ... }: { - imports = [ ]; environment.systemPackages = [ pkgs.git ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey ]; }; - autoStart = true; + autoStart = false; enableTun = true; privateNetwork = true; hostAddress = "10.233.2.1"; From 32e1b0abef28def0a11903409f4e90acc517185f Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:56:06 +0100 Subject: [PATCH 23/82] l prism.r: merge palos keys --- lass/1systems/prism/config.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 3dd194436..a8d409d7f 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -264,13 +264,9 @@ with import ; { users.users.download.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbsRjUwOMnxAt/K6A2M/33PbwQCEYVfqfmkXBwkw/L+ZLCnVxfdxJ79ds1k6kyUVcxfHcvxGvUCcM0wr4T7aaP79fsfSf3lcOgySeAtkQjfQL+IdMk0FQVz612cTPg2uWhMFvHGkGSBvSbKNw72RnUaw9qlF8fBx22FozrlmnbY4APTXeqwiF0VeBMq8qr4H9NdIoIFIcq398jn/Na8gYLUfmuDw18AWCt+u7Eg0B/qIU0hi/gK40Lk9+g8Nn19SCad1YOgNDG7aNpEwgT7I7BNXC5oLD31QKKuXmBa/mCLqRLAGW2sJ2ZhBR4tPLMgNrxtn2jxzVVjY+v3bWQnPocB9H9PsdtdNrULLfeJ4y9a3p3kfOzOgYMrnPAjasrkiIyOBBNEFAn/bbvpH01glbF8tVMcPOSD+W89oxTBEgqk6w34QAfySDMW34dIUHeq82v+X0wN9SK6xbBRBsjSpAC4ZcNyzl1JLIMcdZ5mbQXakD3kzDFs5kfjxlkrp3S5gqiSmCp5w/osykjxSH6wnPPCcgzpCBNGRULKw5vbzDSnLAQ3nSYB9tIj4Hp62XymsxVnY+6MsVVy206BYAXrKJomK7sIeLL2wIMYNnAUdSBjqQ5IEE2m+5+YaK0NMNsk2munNrN96ZE3r5xe/BDqfaLMpPfosOTXBtT7tLMlV6zkQ== palo@workout" + config.krebs.users.palo.pubkey ]; } - { - } { lass.nichtparasoup.enable = true; services.nginx = { From f45ef3f7303c582f829b2ff815eb6e5f661dcaa9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:57:00 +0100 Subject: [PATCH 24/82] l prism.r: open udp for murmur --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index a8d409d7f..e7330c359 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -317,6 +317,7 @@ with import ; services.murmur.registerName = "lassul.us"; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} + { predicate = "-p udp --dport 64738"; target = "ACCEPT";} ]; } From b493bc2e7ca8a544559acbfe8a23551c41f12bb9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:57:25 +0100 Subject: [PATCH 25/82] l prism.r: add flix endpoint --- lass/1systems/prism/config.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index e7330c359..9028843dd 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -338,6 +338,19 @@ with import ; localAddress = "10.233.2.14"; }; + services.nginx.virtualHosts."lassul.us".locations."^~ /flix/".extraConfig = '' + if ($scheme != "https") { + rewrite ^ https://$host$request_uri permanent; + } + auth_basic "Restricted Content"; + auth_basic_user_file ${pkgs.writeText "flix-user-pass" '' + krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0 + ''}; + proxy_pass http://10.233.2.14:80/; + proxy_set_header Accept-Encoding ""; + sub_filter "https://lassul.us/" "https://lassul.us/flix/"; + sub_filter_once off; + ''; services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = '' if ($scheme != "https") { rewrite ^ https://$host$request_uri permanent; From 6f3a35b5e2d4b023636589894e75131646321ded Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:57:50 +0100 Subject: [PATCH 26/82] l prism.r: add transmission session id header --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 9028843dd..cde65ea6c 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -359,6 +359,7 @@ with import ; auth_basic_user_file ${pkgs.writeText "transmission-user-pass" '' krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0 ''}; + proxy_pass_header X-Transmission-Session-Id; proxy_pass http://10.233.2.14:9091; ''; From 38af8ac094bbb93c980c62da4ef3a6c10313af5f Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:58:40 +0100 Subject: [PATCH 27/82] l shodan.r: add gg23 config --- lass/1systems/shodan/config.nix | 79 +----------------- lass/1systems/shodan/physical.nix | 1 + lass/2configs/gg23.nix | 134 ++++++++++++++++++++++++++++++ 3 files changed, 138 insertions(+), 76 deletions(-) create mode 100644 lass/2configs/gg23.nix diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index ad510283f..b3de15837 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -18,14 +18,11 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - #media center users.users.media = { isNormalUser = true; @@ -38,77 +35,7 @@ with import ; user = "media"; }; - #hass - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 1883"; target = "ACCEPT"; } - # zerotierone - { predicate = "-p udp --dport 9993"; target = "ACCEPT"; } - ]; + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; - services.home-assistant = let - tasmota_s20 = name: topic: { - platform = "mqtt"; - inherit name; - state_topic = "stat/${topic}/POWER"; - command_topic = "cmnd/${topic}/POWER"; - payload_on = "ON"; - payload_off = "OFF"; - }; - in { - enable = true; - package = pkgs.home-assistant.override { - python3 = pkgs.python36; - #extraComponents = [ - # (pkgs.fetchgit { - # url = "https://github.com/marcschumacher/dwd_pollen"; - # rev = "0.1"; - # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p"; - # }) - #]; - }; - config = { - homeassistant = { - name = "Home"; time_zone = "Europe/Berlin"; - latitude = "48.7687"; - longitude = "9.2478"; - elevation = 247; - }; - sun.elevation = 66; - discovery = {}; - frontend = { }; - mqtt = { - broker = "localhost"; - port = 1883; - client_id = "home-assistant"; - username = "gg23"; - password = "gg23-mqtt"; - keepalive = 60; - protocol = 3.1; - }; - sensor = [ - ]; - switch = [ - (tasmota_s20 "Drucker Strom" "drucker") - (tasmota_s20 "Bett Licht" "bett") - ]; - device_tracker = [ - { - platform = "luci"; - } - ]; - }; - }; - - services.mosquitto = { - enable = true; - host = "0.0.0.0"; - allowAnonymous = false; - checkPasswords = true; - users.gg23 = { - password = "gg23-mqtt"; - acl = [ "topic readwrite #" ]; - }; - }; - environment.systemPackages = [ pkgs.mosquitto ]; } diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix index 7cfeba932..39a4d9661 100644 --- a/lass/1systems/shodan/physical.nix +++ b/lass/1systems/shodan/physical.nix @@ -46,5 +46,6 @@ services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="00:e0:4c:69:ea:71", NAME="int0" ''; } diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix new file mode 100644 index 000000000..2ec7b94d3 --- /dev/null +++ b/lass/2configs/gg23.nix @@ -0,0 +1,134 @@ +{ config, pkgs, ... }: +with import ; + +{ + networking.networkmanager.unmanaged = [ "int0" ]; + networking.interfaces.int0.ipv4.addresses = [{ + address = "10.42.0.1"; + prefixLength = 24; + }]; + + services.dhcpd4 = { + enable = true; + interfaces = [ "int0" ]; + extraConfig = '' + option subnet-mask 255.255.255.0; + option routers 10.42.0.1; + option domain-name-servers 10.42.0.1; + subnet 10.42.0.0 netmask 255.255.255.0 { + range 10.42.0.100 10.42.0.200; + } + ''; + machines = [ + { ethernetAddress = "c8:3d:d4:2c:40:ae"; hostName = "tv"; ipAddress = "10.42.0.3"; } + { ethernetAddress = "3c:2a:f4:22:28:37"; hostName = "drucker"; ipAddress = "10.42.0.4"; } + { ethernetAddress = "80:7d:3a:67:b7:01"; hostName = "s20-bett"; ipAddress = "10.42.0.10"; } + { ethernetAddress = "80:7d:3a:68:04:f0"; hostName = "s20-drucker"; ipAddress = "10.42.0.11"; } + { ethernetAddress = "80:7d:3a:68:11:a5"; hostName = "s20-kueche"; ipAddress = "10.42.0.12"; } + { ethernetAddress = "80:7d:3a:67:bb:69"; hostName = "s20-stereo"; ipAddress = "10.42.0.13"; } + { ethernetAddress = "80:8d:b7:c5:80:dc"; hostName = "arubaAP"; ipAddress = "10.42.0.99"; } + ]; + }; + + services.dnsmasq = { + enable = true; + resolveLocalQueries = false; + + extraConfig = '' + local=/gg23/ + domain=gg23 + expand-hosts + listen-address=10.42.0.1 + interface=int0 + ''; + }; + + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i int0 -p tcp --dport 8123"; target = "ACCEPT"; } # hass + { predicate = "-i retiolum -p tcp --dport 8123"; target = "ACCEPT"; } # hass + { predicate = "-i int0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto + { predicate = "-i int0 -p udp --dport 53"; target = "ACCEPT"; } # dns + ]; + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; predicate = "-d 10.42.0.0/24 -o int0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; } + { v6 = false; predicate = "-s 10.42.0.0/24 -i int0"; target = "ACCEPT"; } + { v6 = false; predicate = "-o int0"; target = "REJECT --reject-with icmp-port-unreachable"; } + { v6 = false; predicate = "-i int0"; target = "REJECT --reject-with icmp-port-unreachable"; } + ]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; precedence = 1000; } + ]; + krebs.iptables.tables.nat.POSTROUTING.rules = [ + { v6 = false; predicate = "-s 10.42.0.0/24 ! -d 10.42.0.0/24"; target = "MASQUERADE"; } + ]; + + services.home-assistant = let + tasmota_s20 = name: topic: { + platform = "mqtt"; + inherit name; + state_topic = "stat/${topic}/POWER"; + command_topic = "cmnd/${topic}/POWER"; + payload_on = "ON"; + payload_off = "OFF"; + }; + in { + enable = true; + package = pkgs.home-assistant.override { + python3 = pkgs.python36; + #extraComponents = [ + # (pkgs.fetchgit { + # url = "https://github.com/marcschumacher/dwd_pollen"; + # rev = "0.1"; + # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p"; + # }) + #]; + }; + config = { + homeassistant = { + name = "Home"; time_zone = "Europe/Berlin"; + latitude = "48.7687"; + longitude = "9.2478"; + elevation = 247; + }; + sun.elevation = 66; + discovery = {}; + frontend = { }; + mqtt = { + broker = "localhost"; + port = 1883; + client_id = "home-assistant"; + username = "gg23"; + password = "gg23-mqtt"; + keepalive = 60; + protocol = 3.1; + }; + sensor = [ + ]; + switch = [ + (tasmota_s20 "Drucker Strom" "drucker") + (tasmota_s20 "Bett Licht" "bett") + (tasmota_s20 "Kueche Licht" "kueche") + ]; + device_tracker = [ + { + platform = "luci"; + } + ]; + }; + }; + + services.mosquitto = { + enable = true; + host = "0.0.0.0"; + allowAnonymous = false; + checkPasswords = true; + users.gg23 = { + password = "gg23-mqtt"; + acl = [ "topic readwrite #" ]; + }; + }; + environment.systemPackages = [ pkgs.mosquitto ]; + +} + From 188ead755948e84365a050ec1c33bcf004447a97 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 7 Dec 2019 22:43:59 +0100 Subject: [PATCH 28/82] l br: set new ip --- lass/2configs/br.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix index e4ccffe23..6e0a2385c 100644 --- a/lass/2configs/br.nix +++ b/lass/2configs/br.nix @@ -19,7 +19,7 @@ with import ; netDevices = { bra = { model = "MFCL2700DN"; - ip = "10.42.23.221"; + ip = "10.42.0.4"; }; }; }; From d4fba7ce28327c8bba9b90173b17e4a93a863b3a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 8 Dec 2019 23:13:04 +0100 Subject: [PATCH 29/82] realwallpaper: use working cloudmap --- krebs/3modules/realwallpaper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index a0c00c20d..c09bb008d 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -29,7 +29,7 @@ let cloudmap = mkOption { type = types.str; - default = "http://xplanetclouds.com/free/local/clouds_2048.jpg"; + default = "http://home.megapass.co.kr/~holywatr/cloud_data/clouds_2048.jpg"; }; marker = mkOption { From 8695290fdf408d5c6f784875036641f0a837deda Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 14 Dec 2019 12:46:01 +0100 Subject: [PATCH 30/82] nixpkgs: 4ad6f14 -> 45ea609 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index bb35a51b0..446f27007 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "4ad6f1404a8cd69a11f16edba09cc569e5012e42", - "date": "2019-11-23T00:42:36+01:00", - "sha256": "1pclh0hvma66g3yxrrh9rlzpscqk5ylypnmiczz1bwwrl8n21q3h", + "rev": "45ea60922036b7be302b95d107595f6eb5cd0675", + "date": "2019-12-10T12:38:05+01:00", + "sha256": "11wm7af6ab2979z8yrpcprb6d99kbrjq44a48ayi4a7c58a2xb6q", "fetchSubmodules": false } From 8988e7d4f72149831b4c20453efdf65805c798bc Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 14 Dec 2019 12:47:00 +0100 Subject: [PATCH 31/82] nixpkgs-unstable: e89b215 -> 3140fa8 --- krebs/nixpkgs-unstable.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index d77432258..fa22e2747 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "e89b21504f3e61e535229afa0b121defb52d2a50", - "date": "2019-11-19T07:59:43-05:00", - "sha256": "0jqcv3rfki3mwda00g66d27k6q2y7ca5mslrnshfpbdm7j8ya0kj", + "rev": "3140fa89c51233397f496f49014f6b23216667c2", + "date": "2019-12-05T01:28:43+01:00", + "sha256": "18p0d5lnfvzsyfah02mf6bi249990pfwnylwhqdh8qi70ncrk3f8", "fetchSubmodules": false } From 49005e66c9a486019cfa037f99398d721cf83f27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 3 Jan 2020 10:25:06 +0000 Subject: [PATCH 32/82] move mic92's hosts to external files --- krebs/3modules/default.nix | 1 + krebs/3modules/external/default.nix | 331 -------------------------- krebs/3modules/external/mic92.nix | 347 ++++++++++++++++++++++++++++ 3 files changed, 348 insertions(+), 331 deletions(-) create mode 100644 krebs/3modules/external/mic92.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index fcdbcbc19..6f06f4510 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -105,6 +105,7 @@ let { krebs = import ./makefu { inherit config; }; } { krebs = import ./nin { inherit config; }; } { krebs = import ./external/palo.nix { inherit config; }; } + { krebs = import ./external/mic92.nix { inherit config; }; } { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 821859f3c..6e3ac9f5c 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -68,103 +68,6 @@ in { }; }; }; - dpdkm = { - owner = config.krebs.users.Mic92; - nets = rec { - retiolum = { - ip4.addr = "10.243.29.173"; - aliases = [ "dpdkm.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj - NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp - qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP - X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn - f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa - bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL - Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T - B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w - tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n - dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls - mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - eddie = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - # eddie.thalheim.io - ip4.addr = "129.215.197.11"; - aliases = [ "eddie.i" ]; - }; - retiolum = { - via = internet; - addrs = [ - config.krebs.hosts.eddie.nets.retiolum.ip4.addr - config.krebs.hosts.eddie.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.170"; - aliases = [ "eddie.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d - j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm - 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF - 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua - KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq - iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t - 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD - kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u - hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay - pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ - lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.subnets = [ - # edinburgh university - "129.215.0.0/16" - ]; - }; - }; - }; - eve = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - # eve.thalheim.io - ip4.addr = "95.216.112.61"; - ip6.addr = "2a01:4f9:2b:1605::1"; - aliases = [ "eve.i" ]; - }; - retiolum = { - via = internet; - addrs = [ - config.krebs.hosts.eve.nets.retiolum.ip4.addr - config.krebs.hosts.eve.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.174"; - aliases = [ "eve.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH - XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 - 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk - 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI - +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 - dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW - pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP - c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi - YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI - 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 - Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; homeros = { owner = config.krebs.users.kmein; nets = { @@ -255,190 +158,6 @@ in { }; }; }; - rose = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - ip4.addr = "129.215.165.52"; - aliases = [ "rose.i" ]; - }; - retiolum = { - via = internet; - addrs = [ - config.krebs.hosts.rose.nets.retiolum.ip4.addr - config.krebs.hosts.rose.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.178"; - aliases = [ "rose.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA0h88uEcgVFhggGh3xqHySt8T+oDdoSN8ve4ZPmMzrGCD4dnlWcUO - 6uMiwE7XG667wvjB0J2RbCJ8n8/r6eQgp6sRfPzSQL/Mc74J+py+sOVOjjjL5wJX - btrYmASO3GKUSMhGmM0IiwHMIPrmUViaREDrweF3bUwK45d/ocqpBkc+nF27kksd - DMYjHMWRIkKuQaj592zo/kY1pAJ/yAvDPess0x1CLL6uDNbjTr2S/L7JHdzZs9Xq - 1+SGdVtqD0sWgSBKA0PC/Mi+Divd4PC1SoSL7wZRWD0Y2DNgj3+xUc7hAWRCw2Gs - 5wofK+qiwnyYAmeNYcyQfDLosKZF9hOM8U3UbxptkPLsOK3cfZoGoLQCuOryVDBe - 6GfJkJ49WfuSSNWs3WPWL6/6zmVPeGR0TvoMt02VQ3cKTmeIkWyTIzSVoC7wYv5D - Dl8Xt3aFr9UFI2GxenesViyuDLi8cy2fOsM3r+gowXQtgEKoXc9W2vyPwIIlcWUJ - QrKVsyNlkKKL0YjsnGazaEvqdiE30/Iq7f7VBnXnWXRLnZhr85HbTdDQnpT4GcEv - W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ - 0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - martha = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - ip4.addr = "129.215.165.53"; - aliases = [ "martha.i" ]; - }; - retiolum = { - via = internet; - addrs = [ - config.krebs.hosts.martha.nets.retiolum.ip4.addr - config.krebs.hosts.martha.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.179"; - aliases = [ "martha.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA3lR3Wup2yd9SYs9n9a7lq/jXxlKdwjgp9gPEirLn3/XCFM7NpLIp - LRm3Wdplv0NWim4zI3AsdGmUBrV3y0Ugj48Td4RpXlOiFjS8NHnvRbamCZF7m/pJ - 3T/QpQx98+QEKXb3gZ5aDGgcHLRbUYUBuwFOxAKaikuDe2qJxqXqOmA7RXZDkEqe - FrQE/H1/+8HqJ1vhgZKi3Vu7zLRB1EV8nggWFjQKR8o0AeViLwM3OxFtGyKTaXuK - WAQrvSdKQDpQwqAPogyeftGesOfW7z0xrelkux10p42YM9epYvZDFRG97/nupw/S - iYGiTTFDBDTzpyT3zl1uwhmQ3re/nJXf5e4fgnZEcsweU8ysHtDhbimqrm9impVn - XdKnnuNa9F8VlyHCT2pVC9+WDKDNtA2M8f+8lG8/hoJ7hhp5HhBZ3ncROyQqOg4F - e6YtaFidi+fYXjQkdUXHv5FCkqFJnoxZdI2vwqU2DumltG/o+qsksI2WSsLsuMVs - sa4KUq0+5OsmCJnIAKWV2YwbLVf1tJMjPGA0jQECrHPL6SKobRefqav6MPuTbytC - 4frtEIGbfdKqQ6nNTvTpCrAo+WAm3NE3khTYqGe4LqX/JMoGtWXp/Ex9IdG+sflM - mESMjuHp9vPY4aZGPtYPP93Cxv3q7gm+EfIGebajISpaG28J+XjiNNsCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - donna = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - ip4.addr = "129.215.165.54"; - aliases = [ "donna.i" ]; - }; - retiolum = { - via = internet; - addrs = [ - config.krebs.hosts.donna.nets.retiolum.ip4.addr - config.krebs.hosts.donna.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.180"; - aliases = [ "donna.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAnv5zVPwjHk5Q72D3tv2rlQkp7SOsZD7Wvz8l1yI/mWkxoriJ9MVa - x8RziSB3KF8sF1lRWIKmuynkgLI3w0X/YFs/fAvtayxk6Qf8DOl23Vd8Is0h/i3I - 0fCmCEIHhHboKsREW6NxY7w5WAI2+SFNmGef1P7vzrAv7iLyPbo9nQ8wlrAmc+PJ - Ao3BOf4U7kP778fhsPA4dlGtF2v9CBhygeGVI/DQR8jcvzeiPd2Dr0k/JvrVMYtf - wJW4xUwZkIpws/yfI8b4VJOFl2X/Yw9712Z8Jvga0rR32OG4YbnggvuCMum1g94k - YwMjaSckv1XTalvPQuf1Od96XzwL2hjPFpEK3Tdl4AitMnArgj9HNzhcRL+eGonf - U24zk52OToHnoP3palNpodi7DziIBeXIaIMl7VMXku2ymbOUJsI6zeew+uZahJkv - QIWjxveQ8N40BoTc8Yg6pea1AId3l4f3brtwJbQOVbb3bVQ5VcrxM9Q/TBvyADYR - Knwszxw3uBw5Za1FMbwCPwd8/y/Ar19qGCx25xK0QnsyqZZT/cHsbBOTzh6BBWwI - IzbYu49VO/B1rktYzZ2l2ENQy6OILXWbvFjC8Pt8f1ZZQ4A21PyNA1AdyJ/rbVj7 - awm3OnnvKSvMCXWnwHPFHjksb3qMx96Aep1cw3ZBx0sQQ41UWBoOsi8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - amy = { - owner = config.krebs.users.Mic92; - nets = rec { - retiolum = { - addrs = [ - config.krebs.hosts.amy.nets.retiolum.ip4.addr - config.krebs.hosts.amy.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.181"; - aliases = [ "amy.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAr3jQRA1+hLKYVgHJA2ax5W8J3GVMTnaGpYw9Q2xXXrX/jxLZ6Ia8 - hBjIcCBDVL5Q3FnyrKB9NJeeIvCOKg8WG+8O0+wKcePKd0Vhbsx4Whog/6PWs6qh - q2sURs2tp1hjHks4kZo2WtiYD7Ue9HHdV6FlUO6yuBV0bW2RzHdLPCDSGxnQVkBM - tSwAvMCZwvVBiv4m6RyMXqmpdbAPBzgJcmJS0FY+zGxpiwsR/AdoVvnzYyFMCVpG - iFl5+k9OGhUJq72MwAXzjW5ZdCPrG+2Dd+QBhhtIMJGA2sJiJteT8vdvpTNCiHJ/ - HnW7movliN2mW86qwo7QqB5v0c9f9TjfpOld7sS/4vE3zlGi/Stf6SQWaoXez/u3 - /P9GzupcYgj76m8Z3j7BMHXCBw8iwP2pZpL9hnLdIyCcyLrzXDIzq4hlt60DPhSU - klTDBUA/cUdSJGcSn2N+WHLOTfI6qeBNKqcTk70OQsa69jAJeAtA+I9OprNYOXqb - MmQakNNlrTaNtGQxfQqEL+wqHlo8CVDGm3O9pQSNF309P4TLNU1EYm+ItScNiVCE - DKhcgvE6xHCwZnVyJN8MMy1CVyDmnHVYoaTEZ2cCvNi/hXIXgO9KWjSpAv5tP764 - UkOE4dlDpEW6G1pNf84BERfRYGDj29A/Jk9LJC/6D09QJXNu18HR0sUCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - clara = { - owner = config.krebs.users.Mic92; - nets = rec { - retiolum = { - addrs = [ - config.krebs.hosts.clara.nets.retiolum.ip4.addr - config.krebs.hosts.clara.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.182"; - aliases = [ "clara.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA07G1n2sA804nnjWQzq0Fi9i6kxJUo+jVJjtkm5unw3hjflAAd/3d - WN+01GdJCk/gr7DfU/Xr5KnR39Z3ADoT1tbUb+i5AJZ5/8VHUwWM8D8mQAam6LBf - UEeLxhVH8rG6lHaKwVi9oe4gPhgptUOzX/YIlJOMYDlYRxc7Wbj7YQOAKlPuTAjY - Z5bLswfkqTMO0cioJNwwMCNWSMJf3jbKi3eTQ36sf7TDMEneNGSBUpeSjGddoNT/ - rrVIDDT8tGmtACKr+3Y0H+EA2K5IxdQKKfnPRR31RBWiTkEXBbaJzYO/ZV5/xlbN - wmblskwq9d9IwDY7qeMctci+ZUZ3epG8MUwYa4faOrgmmkQpa5B+6UOMzw/WDJEc - jTfvSzfPo4anoj8C+MOQYzRvYmp60YEZKomv2BQdBvpGIpUul8WAR2aV0K+wz66e - mUamljAXmLiPxgGKduX5VFVuXzYxeMiBBujQCLTjc+xTB2EdwihxNX1rkxz10BDc - WrgPV+/VVyThKhOvVCifWARHtT2VGcZazfQOW/y3ZmEPOYuc5ZvrSEiMeG3f64+v - UU8cQZ3yBLIhTtC+38pRlsdBQHt526q0j0rrnd30JXVAUdWBunP2UJ5QGtA8/mWn - cWSlvRf5sfbyrISz6+mLPM2qGHnCkKwORNxmv/1DY07O3Rn6hX0OY4ECAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - inspector = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - ip4.addr = "141.76.44.154"; - aliases = [ "inspector.i" ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.29.172"; - aliases = [ "inspector.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG - EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ - 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF - m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw - WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd - eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 - OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau - ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x - B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG - q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj - 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; justraute = { owner = config.krebs.users.raute; # laptop nets = { @@ -451,30 +170,6 @@ in { }; }; }; - matchbox = { - owner = config.krebs.users.Mic92; - nets = { - retiolum = { - ip4.addr = "10.243.29.176"; - aliases = [ "matchbox.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m - VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w - nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u - TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE - TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1 - yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO - 4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4 - Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/ - bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4 - nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR - /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; qubasa = { owner = config.krebs.users.qubasa; nets = { @@ -618,32 +313,6 @@ in { }; }; }; - turingmachine = { - owner = config.krebs.users.Mic92; - nets = { - retiolum = { - ip4.addr = "10.243.29.168"; - aliases = [ - "turingmachine.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C - t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9 - 6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8 - ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g - nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06 - 5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT - 1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1 - gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl - DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL - W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW - OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; uppreisn = { owner = config.krebs.users.ilmu; nets = { diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix new file mode 100644 index 000000000..6b409aa7b --- /dev/null +++ b/krebs/3modules/external/mic92.nix @@ -0,0 +1,347 @@ +with import ; +{ config, ... }: let + hostDefaults = hostName: host: flip recursiveUpdate host ({ + ci = false; + external = true; + monitoring = false; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + }); +in { + hosts = mapAttrs hostDefaults { + amy = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.amy.nets.retiolum.ip4.addr + config.krebs.hosts.amy.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.181"; + aliases = [ "amy.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAr3jQRA1+hLKYVgHJA2ax5W8J3GVMTnaGpYw9Q2xXXrX/jxLZ6Ia8 + hBjIcCBDVL5Q3FnyrKB9NJeeIvCOKg8WG+8O0+wKcePKd0Vhbsx4Whog/6PWs6qh + q2sURs2tp1hjHks4kZo2WtiYD7Ue9HHdV6FlUO6yuBV0bW2RzHdLPCDSGxnQVkBM + tSwAvMCZwvVBiv4m6RyMXqmpdbAPBzgJcmJS0FY+zGxpiwsR/AdoVvnzYyFMCVpG + iFl5+k9OGhUJq72MwAXzjW5ZdCPrG+2Dd+QBhhtIMJGA2sJiJteT8vdvpTNCiHJ/ + HnW7movliN2mW86qwo7QqB5v0c9f9TjfpOld7sS/4vE3zlGi/Stf6SQWaoXez/u3 + /P9GzupcYgj76m8Z3j7BMHXCBw8iwP2pZpL9hnLdIyCcyLrzXDIzq4hlt60DPhSU + klTDBUA/cUdSJGcSn2N+WHLOTfI6qeBNKqcTk70OQsa69jAJeAtA+I9OprNYOXqb + MmQakNNlrTaNtGQxfQqEL+wqHlo8CVDGm3O9pQSNF309P4TLNU1EYm+ItScNiVCE + DKhcgvE6xHCwZnVyJN8MMy1CVyDmnHVYoaTEZ2cCvNi/hXIXgO9KWjSpAv5tP764 + UkOE4dlDpEW6G1pNf84BERfRYGDj29A/Jk9LJC/6D09QJXNu18HR0sUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + clara = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.clara.nets.retiolum.ip4.addr + config.krebs.hosts.clara.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.182"; + aliases = [ "clara.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA07G1n2sA804nnjWQzq0Fi9i6kxJUo+jVJjtkm5unw3hjflAAd/3d + WN+01GdJCk/gr7DfU/Xr5KnR39Z3ADoT1tbUb+i5AJZ5/8VHUwWM8D8mQAam6LBf + UEeLxhVH8rG6lHaKwVi9oe4gPhgptUOzX/YIlJOMYDlYRxc7Wbj7YQOAKlPuTAjY + Z5bLswfkqTMO0cioJNwwMCNWSMJf3jbKi3eTQ36sf7TDMEneNGSBUpeSjGddoNT/ + rrVIDDT8tGmtACKr+3Y0H+EA2K5IxdQKKfnPRR31RBWiTkEXBbaJzYO/ZV5/xlbN + wmblskwq9d9IwDY7qeMctci+ZUZ3epG8MUwYa4faOrgmmkQpa5B+6UOMzw/WDJEc + jTfvSzfPo4anoj8C+MOQYzRvYmp60YEZKomv2BQdBvpGIpUul8WAR2aV0K+wz66e + mUamljAXmLiPxgGKduX5VFVuXzYxeMiBBujQCLTjc+xTB2EdwihxNX1rkxz10BDc + WrgPV+/VVyThKhOvVCifWARHtT2VGcZazfQOW/y3ZmEPOYuc5ZvrSEiMeG3f64+v + UU8cQZ3yBLIhTtC+38pRlsdBQHt526q0j0rrnd30JXVAUdWBunP2UJ5QGtA8/mWn + cWSlvRf5sfbyrISz6+mLPM2qGHnCkKwORNxmv/1DY07O3Rn6hX0OY4ECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + donna = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + ip4.addr = "129.215.165.54"; + aliases = [ "donna.i" ]; + }; + retiolum = { + via = internet; + addrs = [ + config.krebs.hosts.donna.nets.retiolum.ip4.addr + config.krebs.hosts.donna.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.180"; + aliases = [ "donna.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAnv5zVPwjHk5Q72D3tv2rlQkp7SOsZD7Wvz8l1yI/mWkxoriJ9MVa + x8RziSB3KF8sF1lRWIKmuynkgLI3w0X/YFs/fAvtayxk6Qf8DOl23Vd8Is0h/i3I + 0fCmCEIHhHboKsREW6NxY7w5WAI2+SFNmGef1P7vzrAv7iLyPbo9nQ8wlrAmc+PJ + Ao3BOf4U7kP778fhsPA4dlGtF2v9CBhygeGVI/DQR8jcvzeiPd2Dr0k/JvrVMYtf + wJW4xUwZkIpws/yfI8b4VJOFl2X/Yw9712Z8Jvga0rR32OG4YbnggvuCMum1g94k + YwMjaSckv1XTalvPQuf1Od96XzwL2hjPFpEK3Tdl4AitMnArgj9HNzhcRL+eGonf + U24zk52OToHnoP3palNpodi7DziIBeXIaIMl7VMXku2ymbOUJsI6zeew+uZahJkv + QIWjxveQ8N40BoTc8Yg6pea1AId3l4f3brtwJbQOVbb3bVQ5VcrxM9Q/TBvyADYR + Knwszxw3uBw5Za1FMbwCPwd8/y/Ar19qGCx25xK0QnsyqZZT/cHsbBOTzh6BBWwI + IzbYu49VO/B1rktYzZ2l2ENQy6OILXWbvFjC8Pt8f1ZZQ4A21PyNA1AdyJ/rbVj7 + awm3OnnvKSvMCXWnwHPFHjksb3qMx96Aep1cw3ZBx0sQQ41UWBoOsi8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + dpdkm = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + ip4.addr = "10.243.29.173"; + aliases = [ "dpdkm.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj + NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp + qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP + X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn + f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa + bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL + Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T + B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w + tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n + dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls + mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + inspector = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + ip4.addr = "141.76.44.154"; + aliases = [ "inspector.i" ]; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.29.172"; + aliases = [ "inspector.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG + EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ + 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF + m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw + WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd + eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 + OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau + ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x + B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG + q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj + 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + eddie = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + # eddie.thalheim.io + ip4.addr = "129.215.197.11"; + aliases = [ "eddie.i" ]; + }; + retiolum = { + via = internet; + addrs = [ + config.krebs.hosts.eddie.nets.retiolum.ip4.addr + config.krebs.hosts.eddie.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.170"; + aliases = [ "eddie.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d + j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm + 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF + 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua + KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq + iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t + 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD + kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u + hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay + pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ + lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + eve = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + # eve.thalheim.io + ip4.addr = "95.216.112.61"; + ip6.addr = "2a01:4f9:2b:1605::1"; + aliases = [ "eve.i" ]; + }; + retiolum = { + via = internet; + addrs = [ + config.krebs.hosts.eve.nets.retiolum.ip4.addr + config.krebs.hosts.eve.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.174"; + aliases = [ "eve.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH + XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 + 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk + 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI + +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 + dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW + pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP + c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi + YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI + 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 + Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + # ohorn lan + tinc.subnets = [ "fd42:4492:6a6d:500:8526:2adf:7451:8bbb" ]; + }; + }; + }; + martha = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + ip4.addr = "129.215.165.53"; + aliases = [ "martha.i" ]; + }; + retiolum = { + via = internet; + addrs = [ + config.krebs.hosts.martha.nets.retiolum.ip4.addr + config.krebs.hosts.martha.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.179"; + aliases = [ "martha.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA3lR3Wup2yd9SYs9n9a7lq/jXxlKdwjgp9gPEirLn3/XCFM7NpLIp + LRm3Wdplv0NWim4zI3AsdGmUBrV3y0Ugj48Td4RpXlOiFjS8NHnvRbamCZF7m/pJ + 3T/QpQx98+QEKXb3gZ5aDGgcHLRbUYUBuwFOxAKaikuDe2qJxqXqOmA7RXZDkEqe + FrQE/H1/+8HqJ1vhgZKi3Vu7zLRB1EV8nggWFjQKR8o0AeViLwM3OxFtGyKTaXuK + WAQrvSdKQDpQwqAPogyeftGesOfW7z0xrelkux10p42YM9epYvZDFRG97/nupw/S + iYGiTTFDBDTzpyT3zl1uwhmQ3re/nJXf5e4fgnZEcsweU8ysHtDhbimqrm9impVn + XdKnnuNa9F8VlyHCT2pVC9+WDKDNtA2M8f+8lG8/hoJ7hhp5HhBZ3ncROyQqOg4F + e6YtaFidi+fYXjQkdUXHv5FCkqFJnoxZdI2vwqU2DumltG/o+qsksI2WSsLsuMVs + sa4KUq0+5OsmCJnIAKWV2YwbLVf1tJMjPGA0jQECrHPL6SKobRefqav6MPuTbytC + 4frtEIGbfdKqQ6nNTvTpCrAo+WAm3NE3khTYqGe4LqX/JMoGtWXp/Ex9IdG+sflM + mESMjuHp9vPY4aZGPtYPP93Cxv3q7gm+EfIGebajISpaG28J+XjiNNsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + matchbox = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.176"; + aliases = [ "matchbox.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m + VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w + nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u + TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE + TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1 + yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO + 4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4 + Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/ + bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4 + nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR + /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + # ohorn lan + tinc.subnets = [ "fd42:4492:6a6d:500::/64" ]; + }; + }; + }; + rose = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + ip4.addr = "129.215.165.52"; + aliases = [ "rose.i" ]; + }; + retiolum = { + via = internet; + addrs = [ + config.krebs.hosts.rose.nets.retiolum.ip4.addr + config.krebs.hosts.rose.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.178"; + aliases = [ "rose.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA0h88uEcgVFhggGh3xqHySt8T+oDdoSN8ve4ZPmMzrGCD4dnlWcUO + 6uMiwE7XG667wvjB0J2RbCJ8n8/r6eQgp6sRfPzSQL/Mc74J+py+sOVOjjjL5wJX + btrYmASO3GKUSMhGmM0IiwHMIPrmUViaREDrweF3bUwK45d/ocqpBkc+nF27kksd + DMYjHMWRIkKuQaj592zo/kY1pAJ/yAvDPess0x1CLL6uDNbjTr2S/L7JHdzZs9Xq + 1+SGdVtqD0sWgSBKA0PC/Mi+Divd4PC1SoSL7wZRWD0Y2DNgj3+xUc7hAWRCw2Gs + 5wofK+qiwnyYAmeNYcyQfDLosKZF9hOM8U3UbxptkPLsOK3cfZoGoLQCuOryVDBe + 6GfJkJ49WfuSSNWs3WPWL6/6zmVPeGR0TvoMt02VQ3cKTmeIkWyTIzSVoC7wYv5D + Dl8Xt3aFr9UFI2GxenesViyuDLi8cy2fOsM3r+gowXQtgEKoXc9W2vyPwIIlcWUJ + QrKVsyNlkKKL0YjsnGazaEvqdiE30/Iq7f7VBnXnWXRLnZhr85HbTdDQnpT4GcEv + W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ + 0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + turingmachine = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.168"; + aliases = [ + "turingmachine.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C + t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9 + 6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8 + ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g + nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06 + 5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT + 1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1 + gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl + DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL + W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW + OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + # ohorn lan + tinc.subnets = [ "fd42:4492:6a6d:500:f610:15d1:27a3:674b" ]; + }; + }; + }; + }; +} From 318cfd6c09928287a8d892e772a02593731645ad Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Jan 2020 16:36:02 +0100 Subject: [PATCH 33/82] nixpkgs: 45ea609 -> 2d94547 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 446f27007..964ebdea7 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "45ea60922036b7be302b95d107595f6eb5cd0675", - "date": "2019-12-10T12:38:05+01:00", - "sha256": "11wm7af6ab2979z8yrpcprb6d99kbrjq44a48ayi4a7c58a2xb6q", + "rev": "2d9454702e57a9f07020c0e5d0b81412ae2eded1", + "date": "2020-01-03T15:36:44-05:00", + "sha256": "0ifj1z21dbcpyc791k5sa93897w5ni0j0241bxddlgfnlikr7jh9", "fetchSubmodules": false } From 5ef0f087f54a164ee8b74af666dcf2b9334b130b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Jan 2020 16:38:23 +0100 Subject: [PATCH 34/82] nixpkgs-unstable: 3140fa8 -> e0470e1 --- krebs/nixpkgs-unstable.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index fa22e2747..43e764e9a 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "3140fa89c51233397f496f49014f6b23216667c2", - "date": "2019-12-05T01:28:43+01:00", - "sha256": "18p0d5lnfvzsyfah02mf6bi249990pfwnylwhqdh8qi70ncrk3f8", + "rev": "e0470e11c7a02f9e6e70f5ec5e1d9470c742b396", + "date": "2020-01-03T11:40:57-05:00", + "sha256": "1amczhr8m7lvxnxzwhfamz4ga78sgnyzdfr759iq26azkh6fa03a", "fetchSubmodules": false } From 5cc8e8869f343043cbf7e96082a1667bb05bf531 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 5 Jan 2020 21:55:28 +0100 Subject: [PATCH 35/82] external: add xq --- krebs/3modules/external/default.nix | 4 ++++ krebs/3modules/external/ssh/xq.pub | 1 + 2 files changed, 5 insertions(+) create mode 100644 krebs/3modules/external/ssh/xq.pub diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 6e3ac9f5c..059e22866 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -464,6 +464,10 @@ in { mail = "0x4a6f@shackspace.de"; pubkey = ssh-for "0x4A6F"; }; + xq = { + mail = "xq@shackspace.de"; + pubkey = ssh-for "xq"; + }; miaoski = { }; filly = { diff --git a/krebs/3modules/external/ssh/xq.pub b/krebs/3modules/external/ssh/xq.pub new file mode 100644 index 000000000..2c23970e3 --- /dev/null +++ b/krebs/3modules/external/ssh/xq.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZR8LsswO/5f9/jc+tKNHHWtty5HTs13Vytbyz8DzJZrGJgOKeVA6OFPgWtaAKvxL/DUTVVVvqpOng2vACTC+CoPaCxE8yJchitkVQNg3zwsf8a8RdWsJAvZklfPz9qmmz+tM37yLpowiMNmCR5vrteRDso6GK4pUjikS5YvjT+vsvRWcVQpmjnAVYsBPgS9NIBjMDR3etoJgpSaF/oU4rDE2JElm/qOQ04W45JiJKVB2BkFomQ1EFl8oORYiMQzvaYA2BCsciBb6X+Jf0RZkVChErfawPzABhAcYpyNRhamaqiSWirw5o4l+ZaDkgezUf3ue6QuHjzuS02+3qIwXP felix@denkplatte From 79daf8e73bf6fc58a9b1a0e77ea77ebba1631757 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Jan 2020 12:40:44 +0100 Subject: [PATCH 36/82] l gg23: remove deprecated hass override --- lass/2configs/gg23.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix index 2ec7b94d3..b23494b28 100644 --- a/lass/2configs/gg23.nix +++ b/lass/2configs/gg23.nix @@ -75,7 +75,6 @@ with import ; in { enable = true; package = pkgs.home-assistant.override { - python3 = pkgs.python36; #extraComponents = [ # (pkgs.fetchgit { # url = "https://github.com/marcschumacher/dwd_pollen"; From 1270ea945a0c78b753e73a6a2249bb15b15128bc Mon Sep 17 00:00:00 2001 From: ulrich Date: Tue, 17 Dec 2019 20:53:53 +0100 Subject: [PATCH 37/82] shack: update muellshack --- krebs/2configs/shack/muellshack.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index c1c957da3..c67d8f523 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -4,8 +4,8 @@ let pkg = pkgs.callPackage ( pkgs.fetchgit { url = "https://git.shackspace.de/rz/muellshack"; - rev = "4601f59787de090c83be6dbae6ca72d7fc84ab9f"; - sha256 = "1cshbd6ipvynbm3gmnsm58ccc1m5xc87cpd3b6jx0s6pr2j19g9j"; + rev = "c3d1f70325e5b90f280c5be60110e14f4de653ae"; + sha256 = "1dd4kqwdr4v413rmkvmyjzzvw8id9747nifp96pg0c2cy6bhzj24"; }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; home = "/var/lib/muellshack"; port = "8081"; From 479ce8c4c5747d6da60d2d907d662e7a5708bfd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20=28xq=29=20Quei=C3=9Fner?= Date: Fri, 3 Jan 2020 00:15:01 +0100 Subject: [PATCH 38/82] shack: init shackDNS --- krebs/1systems/wolf/config.nix | 4 ++ krebs/2configs/shack/shackDNS.nix | 63 +++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+) create mode 100644 krebs/2configs/shack/shackDNS.nix diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 059e09ac1..7a096cecf 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -69,6 +69,10 @@ in # grafana.shack + # shackdns.shack + # replacement for leases.shack and shackles.shack + + ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix new file mode 100644 index 000000000..807bb7e65 --- /dev/null +++ b/krebs/2configs/shack/shackDNS.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, ... }: + +let + pkg = + pkgs.fetchgit { + url = "https://git.shackspace.de/rz/shackdns"; + rev = "e55cc906c734b398683f9607b93f1ad6435d8575"; + sha256 = "1hkwhf3hqb4fz06b1ckh7sl0zcyi4da5fgdlksian8lxyd19n8sq"; + }; + home = "/var/lib/shackDNS"; + port = "8083"; + config_file = pkgs.writeText "config" '' + # Points to a bind configuration file + dns-db = ${home}/db.shack + + # Points to a shackles configuration file + # See `shackles.json` in repo + shackles-db = ${home}/shackles.json + + # Points to a REST service with the DHCP leases + leases-api = http://dhcp.shack/dhcpd.leases + + # Wrap this binding with https proxy or similar + binding = http://localhost:${port}/ + ''; +in { + # receive response from light.shack / standby.shack + networking.firewall.allowedTCPPorts = [ ]; + + users.users.shackDNS = { + inherit home; + createHome = true; + }; + services.nginx.virtualHosts."leases.shack" = { + locations."/" = { + proxyPass = "http://localhost:${port}/"; + }; + }; + services.nginx.virtualHosts."shackdns.shack" = { + locations."/" = { + proxyPass = "http://localhost:${port}/"; + }; + }; + services.nginx.virtualHosts."shackles.shack" = { + locations."/" = { + proxyPass = "http://localhost:${port}/"; + }; + }; + + systemd.services.shackDNS = { + description = "shackDNS provides an overview over DHCP and DNS as well as a replacement for shackles"; + wantedBy = [ "multi-user.target" ]; + environment.PORT = port; + serviceConfig = { + User = "shackDNS"; + WorkingDirectory = home; + ExecStart = "${pkgs.mono6}/bin/mono ${pkg}/shackDNS.exe ${config_file}"; + PrivateTmp = true; + Restart = "always"; + RestartSec = "15"; + }; + }; +} From 4ad85faacedc755fd25b7edd0df41234c98876f0 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 7 Jan 2020 16:52:31 +0100 Subject: [PATCH 39/82] shack/glados: init hass config --- krebs/2configs/shack/glados/default.nix | 1 + krebs/2configs/shack/glados/lib/default.nix | 46 +++++++++++++++++++ .../shack/glados/multi/schlechte_luft.nix | 19 ++++++++ krebs/2configs/shack/glados/multi/wasser.nix | 17 ++----- krebs/2configs/shack/glados/sensors/hass.nix | 23 ++-------- 5 files changed, 72 insertions(+), 34 deletions(-) create mode 100644 krebs/2configs/shack/glados/lib/default.nix create mode 100644 krebs/2configs/shack/glados/multi/schlechte_luft.nix diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index d000af397..2c9a01af3 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -2,6 +2,7 @@ let shackopen = import ./multi/shackopen.nix; wasser = import ./multi/wasser.nix; + badair = import ./multi/schlechte_luft.nix; in { services.nginx.virtualHosts."hass.shack" = { serverAliases = [ "glados.shack" ]; diff --git a/krebs/2configs/shack/glados/lib/default.nix b/krebs/2configs/shack/glados/lib/default.nix new file mode 100644 index 000000000..debe8e5c2 --- /dev/null +++ b/krebs/2configs/shack/glados/lib/default.nix @@ -0,0 +1,46 @@ +let + lib = import ; + prefix = "glados"; +in +{ + esphome = + { + temp = name: + { + platform = "mqtt"; + name = "${name} Temperature"; + device_class = "temperature"; + state_topic = "${prefix}/${name}/sensor/temperature/state"; + availability_topic = "${prefix}/${name}/status"; + payload_available = "online"; + payload_not_available = "offline"; + }; + hum = name: + { + platform = "mqtt"; + device_class = "humidity"; + name = "${name} Humidity"; + state_topic = "${prefix}/${name}/sensor/humidity/state"; + availability_topic = "${prefix}/${name}/status"; + payload_available = "online"; + payload_not_available = "offline"; + }; + }; + tasmota = + { + plug = name: topic: + { + platform = "mqtt"; + inherit name; + state_topic = "sonoff/stat/${topic}/POWER1"; + command_topic = "sonoff/cmnd/${topic}/POWER1"; + availability_topic = "sonoff/tele/${topic}/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + retain = false; + qos = 1; + }; + }; +} diff --git a/krebs/2configs/shack/glados/multi/schlechte_luft.nix b/krebs/2configs/shack/glados/multi/schlechte_luft.nix new file mode 100644 index 000000000..94cb768b9 --- /dev/null +++ b/krebs/2configs/shack/glados/multi/schlechte_luft.nix @@ -0,0 +1,19 @@ +let + airlevel = name: threshold: color: + { alias = "${name} Air trigger ${color}"; + trigger = [ + ]; + action = + [ + # create spark effect with color + ]; + }; +in +{ + # LED + switch = [ + ]; + automation = + [ + ]; +} diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix index 578bb0750..e3e7eb2a0 100644 --- a/krebs/2configs/shack/glados/multi/wasser.nix +++ b/krebs/2configs/shack/glados/multi/wasser.nix @@ -1,23 +1,12 @@ let - tasmota_plug = name: topic: - { platform = "mqtt"; - inherit name; - state_topic = "sonoff/stat/${topic}/POWER1"; - command_topic = "sonoff/cmnd/${topic}/POWER1"; - availability_topic = "sonoff/tele/${topic}/LWT"; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - retain = false; - qos = 1; - }; + glados = import ../lib; seconds = 20; in { switch = [ - (tasmota_plug "Wasser" "plug") + (glados.tasmota.plug "Wasser" "plug") ]; + automation = [ { alias = "Water the plant for ${toString seconds} seconds"; diff --git a/krebs/2configs/shack/glados/sensors/hass.nix b/krebs/2configs/shack/glados/sensors/hass.nix index 634758701..ced6d9752 100644 --- a/krebs/2configs/shack/glados/sensors/hass.nix +++ b/krebs/2configs/shack/glados/sensors/hass.nix @@ -1,22 +1,5 @@ let - esphome_temp = name: - { platform = "mqtt"; - name = "${name} Temperature"; - device_class = "temperature"; - state_topic = "glados/${name}/sensor/temperature/state"; - availability_topic = "glados/${name}/status"; - payload_available = "online"; - payload_not_available = "offline"; - }; - esphome_hum = name: - { platform = "mqtt"; - device_class = "humidity"; - name = "${name} Humidity"; - state_topic = "glados/${name}/sensor/humidity/state"; - availability_topic = "glados/${name}/status"; - payload_available = "online"; - payload_not_available = "offline"; - }; + glados = import ../lib; in - (map esphome_temp [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) - ++ (map esphome_hum [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) + (map glados.esphome.temp [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) + ++ (map glados.esphome.hum [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) From 5d2e66eb2c0cb5c4c6a5592e53d1baad21721430 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 Jan 2020 10:16:21 +0100 Subject: [PATCH 40/82] shack/glados: enable schlechte_luft --- krebs/2configs/shack/glados/default.nix | 7 +- krebs/2configs/shack/glados/lib/default.nix | 73 ++++++++++++++-- .../shack/glados/multi/schlechte_luft.nix | 87 ++++++++++++++++--- krebs/2configs/shack/glados/multi/wasser.nix | 2 +- krebs/2configs/shack/glados/sensors/hass.nix | 4 +- 5 files changed, 150 insertions(+), 23 deletions(-) diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index 2c9a01af3..59b636697 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -90,7 +90,7 @@ in { }; }; switch = wasser.switch; - light = []; + light = badair.light; media_player = [ { platform = "mpd"; host = "lounge.mpd.shack"; @@ -100,7 +100,8 @@ in { sensor = (import ./sensors/hass.nix) ++ (import ./sensors/power.nix) - ++ shackopen.sensor; + ++ shackopen.sensor + ++ badair.sensor; binary_sensor = shackopen.binary_sensor; @@ -127,7 +128,7 @@ in { #recorder = {}; sun = {}; - automation = wasser.automation; + automation = wasser.automation ++ badair.automation; device_tracker = []; }; }; diff --git a/krebs/2configs/shack/glados/lib/default.nix b/krebs/2configs/shack/glados/lib/default.nix index debe8e5c2..19c657e64 100644 --- a/krebs/2configs/shack/glados/lib/default.nix +++ b/krebs/2configs/shack/glados/lib/default.nix @@ -1,34 +1,95 @@ let - lib = import ; prefix = "glados"; in { esphome = { - temp = name: + temp = {name, topic ? "temperature" }: { platform = "mqtt"; name = "${name} Temperature"; device_class = "temperature"; - state_topic = "${prefix}/${name}/sensor/temperature/state"; + unit_of_measurement = "°C"; + icon = "mdi:thermometer"; + state_topic = "${prefix}/${name}/sensor/${topic}/state"; availability_topic = "${prefix}/${name}/status"; payload_available = "online"; payload_not_available = "offline"; }; - hum = name: + hum = {name, topic ? "humidity" }: { platform = "mqtt"; + unit_of_measurement = "%"; + icon = "mdi:water-percent"; device_class = "humidity"; name = "${name} Humidity"; - state_topic = "${prefix}/${name}/sensor/humidity/state"; + state_topic = "${prefix}/${name}/sensor/${topic}/state"; availability_topic = "${prefix}/${name}/status"; payload_available = "online"; payload_not_available = "offline"; }; + # copied from "homeassistant/light/fablab_led/led_ring/config" + led = {name, topic ? "led", host ? name }: + { # name: fablab_led + # topic: led_ring + platform = "mqtt"; + inherit name; + schema = "json"; + brightness = true; + rgb = true; + effect = true; + effect_list = [ # TODO: may be different + "Random" + "Strobe" + "Rainbow" + "Color Wipe" + "Scan" + "Twinkle" + "Fireworks" + "Addressable Flicker" + "None" + ]; + state_topic = "${prefix}/${host}/light/${topic}/state"; + command_topic = "${prefix}/${host}/light/${topic}/command"; + availability_topic = "${prefix}/${host}/status"; + payload_available = "online"; + payload_not_available = "offline"; + qos = 1; + }; + # Feinstaub + dust_25m = { host, name ? "${host} < 2.5µm", topic ? "particulate_matter_25m_concentration" }: + { + platform = "mqtt"; + unit_of_measurement = "µg/m³"; + icon = "mdi:chemical-weapon"; + inherit name; + state_topic = "${prefix}/${host}/sensor/${topic}/state"; + availability_topic = "${prefix}/${name}/status"; + }; + dust_100m = {host, name ? "${host} < 10µm", topic ? "particulate_matter_100m_concentration" }: + { + platform = "mqtt"; + unit_of_measurement = "µg/m³"; + icon = "mdi:chemical-weapon"; + inherit name; + state_topic = "${prefix}/${name}/sensor/${topic}/state"; + availability_topic = "${prefix}/${name}/status"; + }; + switch = {host, name ? "${host} Button", topic ? "btn" }: + # host: ampel + # name: Button 1 + # topic: btn1 + { + inherit name; + platform = "mqtt"; + state_topic = "${prefix}/${host}/sensor/${topic}/state"; + command_topic = "${prefix}/${host}/switch/${topic}/state"; + availability_topic = "${prefix}/${host}/status"; + }; }; tasmota = { - plug = name: topic: + plug = {name, topic ? name }: { platform = "mqtt"; inherit name; diff --git a/krebs/2configs/shack/glados/multi/schlechte_luft.nix b/krebs/2configs/shack/glados/multi/schlechte_luft.nix index 94cb768b9..95ea60c04 100644 --- a/krebs/2configs/shack/glados/multi/schlechte_luft.nix +++ b/krebs/2configs/shack/glados/multi/schlechte_luft.nix @@ -1,19 +1,84 @@ let - airlevel = name: threshold: color: - { alias = "${name} Air trigger ${color}"; - trigger = [ - ]; - action = - [ - # create spark effect with color - ]; - }; + glados = import ../lib; in { # LED - switch = [ + light = [ + (glados.esphome.led { name = "Fablab LED"; host = "fablab_led"; topic = "led_ring"; }) + + (glados.esphome.led { name = "Fablab LED Part A"; host = "fablab_led"; topic = "A";}) + (glados.esphome.led { name = "Fablab LED Part B"; host = "fablab_led"; topic = "B";}) + (glados.esphome.led { name = "Fablab LED Part C"; host = "fablab_led"; topic = "C";}) + (glados.esphome.led { name = "Fablab LED Part D"; host = "fablab_led"; topic = "D";}) + ]; + sensor = [ + (glados.esphome.dust_25m { host = "fablab_feinstaub";}) + (glados.esphome.dust_100m { host = "fablab_feinstaub";}) ]; automation = - [ + [ + { alias = "Gute Luft Fablab"; + trigger = [ + { + platform = "numeric_state"; + below = 25; + entity_id = "sensor.fablab_feinstaub_25m"; + } + ]; + action = + [ + { service = "light.turn_on"; + data = { + entity = "fablab_led"; + effect = "Twinkle"; + color_name = "green"; + }; + } + ]; + } + { alias = "mäßige Luft Fablab"; + trigger = [ + #{ + # platform = "numeric_state"; + # above = 25; + # entity_id = "sensor.fablab_feinstaub_25m"; + #} + { + platform = "numeric_state"; + above = 25; + below = 50; + entity_id = "sensor.fablab_feinstaub_25m"; + } + ]; + action = + [ + { service = "light.turn_on"; + data = { + entity = "fablab_led"; + effect = "Twinkle"; + color_name = "yellow"; + }; + } + ]; + } + { alias = "schlechte Luft Fablab"; + trigger = [ + { + platform = "numeric_state"; + above = 50; + entity_id = "sensor.fablab_feinstaub_25m"; + } + ]; + action = + [ + { service = "light.turn_on"; + data = { + entity = "fablab_led"; + effect = "Twinkle"; + color_name = "red"; + }; + } + ]; + } ]; } diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix index e3e7eb2a0..e909cce74 100644 --- a/krebs/2configs/shack/glados/multi/wasser.nix +++ b/krebs/2configs/shack/glados/multi/wasser.nix @@ -4,7 +4,7 @@ let in { switch = [ - (glados.tasmota.plug "Wasser" "plug") + (glados.tasmota.plug { name = "Wasser"; topic = "plug";} ) ]; automation = diff --git a/krebs/2configs/shack/glados/sensors/hass.nix b/krebs/2configs/shack/glados/sensors/hass.nix index ced6d9752..997344366 100644 --- a/krebs/2configs/shack/glados/sensors/hass.nix +++ b/krebs/2configs/shack/glados/sensors/hass.nix @@ -1,5 +1,5 @@ let glados = import ../lib; in - (map glados.esphome.temp [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) - ++ (map glados.esphome.hum [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) + (map (name: glados.esphome.temp {inherit name;}) [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) + ++ (map (name: glados.esphome.hum {inherit name;}) [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) From c5d90459230c806771b0265788494a3fa52108c9 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 Jan 2020 18:42:09 +0100 Subject: [PATCH 41/82] filebitch.r: init;shack/glados: fix schlechte_luft automation, add hass-restart --- krebs/1systems/filebitch/config.nix | 48 ++++++++++ .../filebitch/hardware-configuration.nix | 96 +++++++++++++++++++ .../shack/glados/automation/hass-restart.nix | 19 ++++ krebs/2configs/shack/glados/default.nix | 7 +- .../shack/glados/multi/schlechte_luft.nix | 6 +- 5 files changed, 171 insertions(+), 5 deletions(-) create mode 100644 krebs/1systems/filebitch/config.nix create mode 100644 krebs/1systems/filebitch/hardware-configuration.nix create mode 100644 krebs/2configs/shack/glados/automation/hass-restart.nix diff --git a/krebs/1systems/filebitch/config.nix b/krebs/1systems/filebitch/config.nix new file mode 100644 index 000000000..9c6a9da08 --- /dev/null +++ b/krebs/1systems/filebitch/config.nix @@ -0,0 +1,48 @@ +{ config, pkgs, ... }: +let + shack-ip = config.krebs.build.host.nets.shack.ip4.addr; +in +{ + imports = [ + ./hardware-configuration.nix + + + # + + # + # + + + # provides access to /home/share for smbuser via smb + + { + fileSystems."/home/share" = + { device = "/serve"; + options = [ "bind" "nofail" ]; + }; + } + + ## Collect local statistics via collectd and send to collectd + + + ]; + + krebs.build.host = config.krebs.hosts.filebitch; + sound.enable = false; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="60:a4:4c:3d:52:cf", NAME="et0" + ''; + networking = { + firewall.enable = true; + interfaces.et0.ipv4.addresses = [ + { + address = shack-ip; + prefixLength = 20; + } + ]; + + defaultGateway = "10.42.0.1"; + nameservers = [ "10.42.0.100" "10.42.0.200" ]; + }; +} diff --git a/krebs/1systems/filebitch/hardware-configuration.nix b/krebs/1systems/filebitch/hardware-configuration.nix new file mode 100644 index 000000000..574618e39 --- /dev/null +++ b/krebs/1systems/filebitch/hardware-configuration.nix @@ -0,0 +1,96 @@ +{ config, lib, pkgs, ... }: +let + byid = dev: "/dev/disk/by-id/" + dev; + keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0"; +in +{ + imports = + [ + ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues + boot.zfs.forceImportRoot = false; + boot.zfs.forceImportAll = false; + boot.kernelParams = [ + "boot.shell_on_fail" + "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues + ]; + boot.tmpOnTmpfs = true; + + + boot.initrd.availableKernelModules = [ + "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" + "raid456" + "usbhid" + "usb_storage" + ]; + boot.initrd.kernelModules = [ + "sata_sil" + "megaraid_sas" + ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "tank/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "tank/home"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "tank/nix"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/5266-931D"; + fsType = "vfat"; + }; + fileSystems."/serve" = + { device = "/dev/cryptvg/serve"; + fsType = "ext4"; + options = [ "nofail" ]; + }; + fileSystems."/serve/incoming" = + { device = "/dev/cryptvg/incoming"; + fsType = "ext4"; + options = [ "nofail" ]; + + }; + fileSystems."/serve/movies" = + { device = "/dev/cryptvg/servemovies"; + fsType = "ext4"; + options = [ "nofail" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/3353c76f-50e4-471d-84bc-ff922d22b271"; } + ]; + + nix.maxJobs = lib.mkDefault 4; + boot.loader.grub.device = byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN"; + + networking.hostId = "54d97450"; # required for zfs use + boot.initrd.luks.devices = let + usbkey = name: device: { + inherit name device keyFile; + keyFileSize = 2048; + preLVM = true; + }; + in [ + ((usbkey "swap" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2")) + // { allowDiscards = true; } ) + ((usbkey "root" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3")) + // { allowDiscards = true; } ) + (usbkey "125" "/dev/md125") + (usbkey "126" "/dev/md126") + (usbkey "127" "/dev/md127") + ]; + + +} diff --git a/krebs/2configs/shack/glados/automation/hass-restart.nix b/krebs/2configs/shack/glados/automation/hass-restart.nix new file mode 100644 index 000000000..0b4439d97 --- /dev/null +++ b/krebs/2configs/shack/glados/automation/hass-restart.nix @@ -0,0 +1,19 @@ +# needs: +# light.fablab_led +[ + { alias = "State on HA start-up"; + trigger = { + platform = "homeassistant"; + event = "start"; + }; + action = [ + { service = "light.turn_on"; + data = { + entity_id = "light.fablab_led"; + effect = "Rainbow"; + }; + } + ]; + } +] + diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index 59b636697..bdbfa02f9 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -45,7 +45,7 @@ in { autoExtraComponents = true; config = { homeassistant = { - name = "Bureautomation"; + name = "Glados"; time_zone = "Europe/Berlin"; latitude = "48.8265"; longitude = "9.0676"; @@ -128,7 +128,10 @@ in { #recorder = {}; sun = {}; - automation = wasser.automation ++ badair.automation; + automation = wasser.automation + ++ badair.automation + ++ (import ./automation/hass-restart.nix); + device_tracker = []; }; }; diff --git a/krebs/2configs/shack/glados/multi/schlechte_luft.nix b/krebs/2configs/shack/glados/multi/schlechte_luft.nix index 95ea60c04..a72d32d96 100644 --- a/krebs/2configs/shack/glados/multi/schlechte_luft.nix +++ b/krebs/2configs/shack/glados/multi/schlechte_luft.nix @@ -29,7 +29,7 @@ in [ { service = "light.turn_on"; data = { - entity = "fablab_led"; + entity_id = "light.fablab_led"; effect = "Twinkle"; color_name = "green"; }; @@ -54,7 +54,7 @@ in [ { service = "light.turn_on"; data = { - entity = "fablab_led"; + entity_id = "light.fablab_led"; effect = "Twinkle"; color_name = "yellow"; }; @@ -73,7 +73,7 @@ in [ { service = "light.turn_on"; data = { - entity = "fablab_led"; + entity_id = "light.fablab_led"; effect = "Twinkle"; color_name = "red"; }; From bf80be669fd57a9be70bc6fbecf9cb5dbd793519 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 9 Jan 2020 16:50:47 +0100 Subject: [PATCH 42/82] shack/ssh-keys: add xq --- krebs/2configs/shack/ssh-keys.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/2configs/shack/ssh-keys.nix b/krebs/2configs/shack/ssh-keys.nix index 9c7f507f1..95c869bc9 100644 --- a/krebs/2configs/shack/ssh-keys.nix +++ b/krebs/2configs/shack/ssh-keys.nix @@ -4,6 +4,7 @@ config.krebs.users."0x4A6F".pubkey config.krebs.users.ulrich.pubkey config.krebs.users.raute.pubkey + config.krebs.users.xq.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci ]; From dddc3e4f6ffd4aff8aed1c18c0fa7053cb3a1185 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 9 Jan 2020 22:42:39 +0100 Subject: [PATCH 43/82] shack/glados/schlechte_luft: add fallbacks, fix sensor naming --- .../shack/glados/multi/schlechte_luft.nix | 45 +++++++++++++++++-- 1 file changed, 42 insertions(+), 3 deletions(-) diff --git a/krebs/2configs/shack/glados/multi/schlechte_luft.nix b/krebs/2configs/shack/glados/multi/schlechte_luft.nix index a72d32d96..9cd2c56f4 100644 --- a/krebs/2configs/shack/glados/multi/schlechte_luft.nix +++ b/krebs/2configs/shack/glados/multi/schlechte_luft.nix @@ -12,6 +12,7 @@ in (glados.esphome.led { name = "Fablab LED Part D"; host = "fablab_led"; topic = "D";}) ]; sensor = [ + (glados.esphome.temp { host = "fablab_feinstaub";}) (glados.esphome.dust_25m { host = "fablab_feinstaub";}) (glados.esphome.dust_100m { host = "fablab_feinstaub";}) ]; @@ -22,7 +23,7 @@ in { platform = "numeric_state"; below = 25; - entity_id = "sensor.fablab_feinstaub_25m"; + entity_id = "sensor.fablab_feinstaub_2_5um"; } ]; action = @@ -47,7 +48,7 @@ in platform = "numeric_state"; above = 25; below = 50; - entity_id = "sensor.fablab_feinstaub_25m"; + entity_id = "sensor.fablab_feinstaub_2_5um"; } ]; action = @@ -66,7 +67,7 @@ in { platform = "numeric_state"; above = 50; - entity_id = "sensor.fablab_feinstaub_25m"; + entity_id = "sensor.fablab_feinstaub_2_5um"; } ]; action = @@ -80,5 +81,43 @@ in } ]; } + { alias = "Luft Sensor nicht verfügbar"; + trigger = [ + { + platform = "state"; + to = "unavailable"; + entity_id = "sensor.fablab_feinstaub_2_5um"; + } + ]; + action = + [ + { service = "light.turn_on"; + data = { + entity_id = "light.fablab_led"; + effect = "Rainbow"; + color_name = "blue"; + }; + } + ]; + } + { alias = "Fablab Licht Reboot"; + trigger = [ + { + platform = "state"; + from = "unavailable"; + entity_id = "light.fablab_led"; + } + ]; + action = + [ + { service = "light.turn_on"; + data = { + entity_id = "light.fablab_led"; + effect = "Rainbow"; + color_name = "orange"; + }; + } + ]; + } ]; } From 6cbfc2514f6ab54829f9aac41ccf0f887b03ffb4 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 10 Jan 2020 08:41:33 +0100 Subject: [PATCH 44/82] ma hw/network-manager: use iwd --- makefu/2configs/hw/network-manager.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix index d7b262b91..1004ea06e 100644 --- a/makefu/2configs/hw/network-manager.nix +++ b/makefu/2configs/hw/network-manager.nix @@ -20,13 +20,17 @@ RestartSec = "5"; }; }; - networking.networkmanager.enable = true; # nixOSUnstable + networking.networkmanager.enable = true; networking.networkmanager.wifi = { powersave = true; scanRandMacAddress = true; + backend = "iwd"; }; + services.gnome3.gnome-keyring.enable = true; + networking.wireless.iwd.enable = true; + state = [ "/etc/NetworkManager/system-connections" #NM stateful config files ]; From 8c0cf30a2d271c3360d356209350774e634a4543 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 10 Jan 2020 09:35:45 +0100 Subject: [PATCH 45/82] krebs module: add shack network to filebitch --- krebs/3modules/krebs/default.nix | 6 ++++++ makefu/2configs/hw/bluetooth.nix | 10 +++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 1b7d971f9..de09b4251 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -38,6 +38,12 @@ in { ci = true; cores = 4; nets = { + shack = { + ip4.addr = "10.42.0.50" ; + aliases = [ + "filebitch.shack" + ]; + }; retiolum = { ip4.addr = "10.243.189.130"; aliases = [ "filebitch.r" ]; diff --git a/makefu/2configs/hw/bluetooth.nix b/makefu/2configs/hw/bluetooth.nix index e556b43c0..972753080 100644 --- a/makefu/2configs/hw/bluetooth.nix +++ b/makefu/2configs/hw/bluetooth.nix @@ -5,6 +5,7 @@ hardware.pulseaudio = { enable = true; package = pkgs.pulseaudioFull; + extraModules = [ pkgs.pulseaudio-modules-bt ]; # systemWide = true; support32Bit = true; configFile = pkgs.writeText "default.pa" '' @@ -23,7 +24,7 @@ load-module module-switch-on-port-available ''; }; - + services.blueman.enable = true; # presumably a2dp Sink # Enable profile: ## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink @@ -32,10 +33,17 @@ hardware.bluetooth = { enable = true; powerOnBoot = false; + extraConfig = '' [general] Enable=Source,Sink,Media,Socket ''; }; services.dbus.packages = [ pkgs.blueman ]; + nixpkgs.overlays = [ + (self: super: { + blueman = super.blueman.overrideAttrs (oldAttrs: { + buildInputs = oldAttrs.buildInputs ++ [ self.gnome3.adwaita-icon-theme ]; + }); + })]; } From 5f3dcaa95810e1729a884df1d999b236c6eaaccc Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 10 Jan 2020 09:59:11 +0100 Subject: [PATCH 46/82] shack/glados: use host consistently --- .../shack/glados/automation/hass-restart.nix | 1 + krebs/2configs/shack/glados/lib/default.nix | 26 +++++++++---------- krebs/2configs/shack/glados/multi/wasser.nix | 2 +- krebs/2configs/shack/glados/sensors/hass.nix | 4 +-- 4 files changed, 17 insertions(+), 16 deletions(-) diff --git a/krebs/2configs/shack/glados/automation/hass-restart.nix b/krebs/2configs/shack/glados/automation/hass-restart.nix index 0b4439d97..e87354978 100644 --- a/krebs/2configs/shack/glados/automation/hass-restart.nix +++ b/krebs/2configs/shack/glados/automation/hass-restart.nix @@ -11,6 +11,7 @@ data = { entity_id = "light.fablab_led"; effect = "Rainbow"; + color_name = "yellow"; }; } ]; diff --git a/krebs/2configs/shack/glados/lib/default.nix b/krebs/2configs/shack/glados/lib/default.nix index 19c657e64..6737af842 100644 --- a/krebs/2configs/shack/glados/lib/default.nix +++ b/krebs/2configs/shack/glados/lib/default.nix @@ -4,32 +4,32 @@ in { esphome = { - temp = {name, topic ? "temperature" }: + temp = {host, topic ? "temperature" }: { platform = "mqtt"; - name = "${name} Temperature"; + name = "${host} Temperature"; device_class = "temperature"; unit_of_measurement = "°C"; icon = "mdi:thermometer"; - state_topic = "${prefix}/${name}/sensor/${topic}/state"; - availability_topic = "${prefix}/${name}/status"; + state_topic = "${prefix}/${host}/sensor/${topic}/state"; + availability_topic = "${prefix}/${host}/status"; payload_available = "online"; payload_not_available = "offline"; }; - hum = {name, topic ? "humidity" }: + hum = {host, topic ? "humidity" }: { platform = "mqtt"; unit_of_measurement = "%"; icon = "mdi:water-percent"; device_class = "humidity"; - name = "${name} Humidity"; - state_topic = "${prefix}/${name}/sensor/${topic}/state"; - availability_topic = "${prefix}/${name}/status"; + name = "${host} Humidity"; + state_topic = "${prefix}/${host}/sensor/${topic}/state"; + availability_topic = "${prefix}/${host}/status"; payload_available = "online"; payload_not_available = "offline"; }; # copied from "homeassistant/light/fablab_led/led_ring/config" - led = {name, topic ? "led", host ? name }: + led = {host, topic ? "led", name ? host}: { # name: fablab_led # topic: led_ring platform = "mqtt"; @@ -64,7 +64,7 @@ in icon = "mdi:chemical-weapon"; inherit name; state_topic = "${prefix}/${host}/sensor/${topic}/state"; - availability_topic = "${prefix}/${name}/status"; + availability_topic = "${prefix}/${host}/status"; }; dust_100m = {host, name ? "${host} < 10µm", topic ? "particulate_matter_100m_concentration" }: { @@ -72,8 +72,8 @@ in unit_of_measurement = "µg/m³"; icon = "mdi:chemical-weapon"; inherit name; - state_topic = "${prefix}/${name}/sensor/${topic}/state"; - availability_topic = "${prefix}/${name}/status"; + state_topic = "${prefix}/${host}/sensor/${topic}/state"; + availability_topic = "${prefix}/${host}/status"; }; switch = {host, name ? "${host} Button", topic ? "btn" }: # host: ampel @@ -89,7 +89,7 @@ in }; tasmota = { - plug = {name, topic ? name }: + plug = {host, name ? host, topic ? host}: { platform = "mqtt"; inherit name; diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix index e909cce74..cdfe01405 100644 --- a/krebs/2configs/shack/glados/multi/wasser.nix +++ b/krebs/2configs/shack/glados/multi/wasser.nix @@ -4,7 +4,7 @@ let in { switch = [ - (glados.tasmota.plug { name = "Wasser"; topic = "plug";} ) + (glados.tasmota.plug { host = "Wasser"; topic = "plug";} ) ]; automation = diff --git a/krebs/2configs/shack/glados/sensors/hass.nix b/krebs/2configs/shack/glados/sensors/hass.nix index 997344366..8de0ef391 100644 --- a/krebs/2configs/shack/glados/sensors/hass.nix +++ b/krebs/2configs/shack/glados/sensors/hass.nix @@ -1,5 +1,5 @@ let glados = import ../lib; in - (map (name: glados.esphome.temp {inherit name;}) [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) - ++ (map (name: glados.esphome.hum {inherit name;}) [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) + (map (host: glados.esphome.temp {inherit host;}) [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) + ++ (map (host: glados.esphome.hum {inherit host;}) [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) From 5d3fbb2af9c1c7d166ca45cd9d119bd77a3acd80 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 10 Jan 2020 10:18:39 +0100 Subject: [PATCH 47/82] shack/glados: enable logbook,recorder,history --- krebs/2configs/shack/glados/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index bdbfa02f9..e48a54551 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -115,8 +115,9 @@ in { trusted_proxies = "127.0.0.1"; }; #conversation = {}; - #history = {}; - #logbook = {}; + history = {}; + logbook = {}; + recorder = {}; tts = [ { platform = "google_translate"; language = "de"; @@ -125,7 +126,6 @@ in { # language = "de-DE"; #} ]; - #recorder = {}; sun = {}; automation = wasser.automation From de29302d6366b903491ddb84ab1a3590be1af5b4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Jan 2020 19:38:18 +0100 Subject: [PATCH 48/82] nixpkgs: -> caad1a7 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 964ebdea7..d80cd64eb 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "2d9454702e57a9f07020c0e5d0b81412ae2eded1", - "date": "2020-01-03T15:36:44-05:00", - "sha256": "0ifj1z21dbcpyc791k5sa93897w5ni0j0241bxddlgfnlikr7jh9", + "rev": "caad1a78c47cc9f2c8bd4d0785a07c62e98c03c9", + "date": "2020-01-09T17:49:36+01:00", + "sha256": "1nk7a1vz0kzdwh36qdj73fkv9nnjylk8q8rrsgls4rbr3pxz7801", "fetchSubmodules": false } From a8f4eb1f7c832713b451293520f9b295197e17ef Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Jan 2020 19:39:01 +0100 Subject: [PATCH 49/82] nixpkgs-unstable: e0470e1 -> e1eedf2 --- krebs/nixpkgs-unstable.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 43e764e9a..227929043 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "e0470e11c7a02f9e6e70f5ec5e1d9470c742b396", - "date": "2020-01-03T11:40:57-05:00", - "sha256": "1amczhr8m7lvxnxzwhfamz4ga78sgnyzdfr759iq26azkh6fa03a", + "rev": "e1eedf29e5d22e6824e614d75449b75a2e3455d6", + "date": "2020-01-07T12:32:18+01:00", + "sha256": "1v237cgfkd8sb5f1r08sms1rxygjav8a1i1jjjxyqgiszzpiwdx7", "fetchSubmodules": false } From c9df2a58d2492567872a6e69115b5b01ee4feeb9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:25:32 +0100 Subject: [PATCH 50/82] buildbot: check github krops --- krebs/2configs/buildbot-stockholm.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index 5784f2cdc..ca6e0922a 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -27,6 +27,7 @@ "http://cgit.ni.r/krops" "http://cgit.prism.r/krops" "https://git.ingolf-wagner.de/krebs/krops.git" + "https://github.com/krebs/krops.git" ]; nix_writers.urls = [ "http://cgit.hotdog.r/nix-writers" From b9bebf55f9e25d1624dd1e9bf897f50ef62c5ee7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:25:56 +0100 Subject: [PATCH 51/82] hidden-ssh: make channel & server configurable --- krebs/3modules/hidden-ssh.nix | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix index 304049b4e..2d697e497 100644 --- a/krebs/3modules/hidden-ssh.nix +++ b/krebs/3modules/hidden-ssh.nix @@ -11,6 +11,14 @@ let api = { enable = mkEnableOption "hidden SSH announce"; + channel = mkOption { + type = types.str; + default = "#krebs-announce"; + }; + server = mkOption { + type = types.str; + default = "irc.freenode.org"; + }; }; imp = let @@ -38,10 +46,10 @@ let echo "still waiting for ${hiddenServiceDir}/hostname" sleep 1 done - ${pkgs.untilport}/bin/untilport irc.freenode.org 6667 && \ + ${pkgs.untilport}/bin/untilport ${cfg.server} 6667 && \ ${pkgs.irc-announce}/bin/irc-announce \ - irc.freenode.org 6667 ${config.krebs.build.host.name}-ssh \ - \#krebs-announce \ + ${cfg.server} 6667 ${config.krebs.build.host.name}-ssh \ + \${cfg.channel} \ "SSH Hidden Service at $(cat ${hiddenServiceDir}/hostname)" ''; PrivateTmp = "true"; From 5642a076dea5e87604753adb82705f675db76e09 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:26:24 +0100 Subject: [PATCH 52/82] realwallpaper: move script to pkgs --- krebs/3modules/realwallpaper.nix | 185 +------------------ krebs/5pkgs/simple/realwallpaper/default.nix | 185 +++++++++++++++++++ 2 files changed, 186 insertions(+), 184 deletions(-) create mode 100644 krebs/5pkgs/simple/realwallpaper/default.nix diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index c09bb008d..a83758ccd 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -77,190 +77,7 @@ let serviceConfig = { Type = "simple"; - ExecStart = pkgs.writeDash "generate-wallpaper" '' - set -euf - - # usage: getimg FILENAME URL - fetch() { - echo "fetch $1" - curl -LsS -z "$1" -o "$1" "$2" - } - - # usage: check_type FILENAME TYPE - check_type() { - if ! file -ib "$1" | grep -q "^$2/"; then - echo "$1 is not of type $2" >&2 - rm "$1" - return 1 - fi - } - - # usage: image_size FILENAME - image_size() { - identify "$1" | awk '{print$3}' - } - - # usage: make_mask DST SRC MASK - make_layer() { - if needs_rebuild "$@"; then - echo "make $1 (apply mask)" >&2 - convert "$2" "$3" -alpha off -compose copy_opacity -composite "$1" - fi - } - - # usage: flatten DST HILAYER LOLAYER - flatten() { - if needs_rebuild "$@"; then - echo "make $1 (flatten)" >&2 - composite "$2" "$3" "$1" - fi - } - - # usage: needs_rebuild DST SRC... - needs_rebuild() { - a="$1" - shift - if ! test -e "$a"; then - #echo " $a does not exist" >&2 - result=0 - else - result=1 - for b; do - if test "$b" -nt "$a"; then - #echo " $b is newer than $a" >&2 - result=0 - fi - done - fi - #case $result in - # 0) echo "$a needs rebuild" >&2;; - #esac - return $result - } - - main() { - cd ${cfg.workingDir} - - # fetch source images in parallel - fetch nightmap-raw.jpg \ - ${cfg.nightmap} & - fetch daymap-raw.png \ - ${cfg.daymap} & - fetch clouds-raw.jpg \ - ${cfg.cloudmap} & - fetch marker.json \ - ${cfg.marker} & - wait - - check_type nightmap-raw.jpg image - check_type daymap-raw.png image - check_type clouds-raw.jpg image - - in_size=2048x1024 - xplanet_out_size=1466x1200 - out_geometry=1366x768+100+160 - - nightsnow_color='#0c1a49' # nightmap - - for raw in \ - nightmap-raw.jpg \ - daymap-raw.png \ - clouds-raw.jpg \ - ; - do - normal=''${raw%-raw.*}.png - if needs_rebuild $normal $raw; then - echo "make $normal; normalize $raw" >&2 - convert $raw -scale $in_size $normal - fi - done - - # create nightmap-fullsnow - if needs_rebuild nightmap-fullsnow.png; then - convert -size $in_size xc:$nightsnow_color nightmap-fullsnow.png - fi - - # extract daymap-snowmask from daymap-final - if needs_rebuild daymap-snowmask.png daymap.png; then - convert daymap.png -threshold 95% daymap-snowmask.png - fi - - # extract nightmap-lightmask from nightmap - if needs_rebuild nightmap-lightmask.png nightmap.png; then - convert nightmap.png -threshold 25% nightmap-lightmask.png - fi - - # create layers - make_layer nightmap-snowlayer.png nightmap-fullsnow.png daymap-snowmask.png - make_layer nightmap-lightlayer.png nightmap.png nightmap-lightmask.png - - # apply layers - flatten nightmap-lightsnowlayer.png \ - nightmap-lightlayer.png \ - nightmap-snowlayer.png - - flatten nightmap-final.png \ - nightmap-lightsnowlayer.png \ - nightmap.png - - # create marker file from json - if [ -s marker.json ]; then - jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude)"' marker.json > marker_file - fi - - # make all unmodified files as final - for normal in \ - daymap.png \ - clouds.png \ - ; - do - final=''${normal%.png}-final.png - needs_rebuild $final && - ln $normal $final - done - - # rebuild every time to update shadow - xplanet --num_times 1 --geometry $xplanet_out_size \ - --output xplanet-output.png --projection merc \ - -config ${pkgs.writeText "xplanet.config" '' - [earth] - "Earth" - map=daymap-final.png - night_map=nightmap-final.png - cloud_map=clouds-final.png - cloud_threshold=10 - shade=15 - ''} - - xplanet --num_times 1 --geometry $xplanet_out_size \ - --output xplanet-krebs-output.png --projection merc \ - -config ${pkgs.writeText "xplanet-krebs.config" '' - [earth] - "Earth" - map=daymap-final.png - night_map=nightmap-final.png - cloud_map=clouds-final.png - cloud_threshold=10 - marker_file=marker_file - shade=15 - ''} - - # trim xplanet output - if needs_rebuild realwallpaper.png xplanet-output.png; then - convert xplanet-output.png -crop $out_geometry \ - realwallpaper-tmp.png - mv realwallpaper-tmp.png realwallpaper.png - fi - - if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then - convert xplanet-krebs-output.png -crop $out_geometry \ - realwallpaper-krebs-tmp.png - mv realwallpaper-krebs-tmp.png realwallpaper-krebs.png - fi - } - - main "$@" - ''; + ExecStart = "${pkgs.realwallpaper}/bin/generate-wallpaper"; User = "realwallpaper"; }; }; diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix new file mode 100644 index 000000000..ef83d2e59 --- /dev/null +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -0,0 +1,185 @@ +{ pkgs, ... }: +pkgs.writeDashBin "generate-wallpaper" '' + set -euf + + # usage: getimg FILENAME URL + fetch() { + echo "fetch $1" + curl -LsS -z "$1" -o "$1" "$2" + } + + # usage: check_type FILENAME TYPE + check_type() { + if ! file -ib "$1" | grep -q "^$2/"; then + echo "$1 is not of type $2" >&2 + rm "$1" + return 1 + fi + } + + # usage: image_size FILENAME + image_size() { + identify "$1" | awk '{print$3}' + } + + # usage: make_mask DST SRC MASK + make_layer() { + if needs_rebuild "$@"; then + echo "make $1 (apply mask)" >&2 + convert "$2" "$3" -alpha off -compose copy_opacity -composite "$1" + fi + } + + # usage: flatten DST HILAYER LOLAYER + flatten() { + if needs_rebuild "$@"; then + echo "make $1 (flatten)" >&2 + composite "$2" "$3" "$1" + fi + } + + # usage: needs_rebuild DST SRC... + needs_rebuild() { + a="$1" + shift + if ! test -e "$a"; then + #echo " $a does not exist" >&2 + result=0 + else + result=1 + for b; do + if test "$b" -nt "$a"; then + #echo " $b is newer than $a" >&2 + result=0 + fi + done + fi + #case $result in + # 0) echo "$a needs rebuild" >&2;; + #esac + return $result + } + + main() { + cd "$working_dir" + + # fetch source images in parallel + fetch nightmap-raw.jpg \ + "$nightmap_url" & + fetch daymap-raw.png \ + "$daymap_url" & + fetch clouds-raw.jpg \ + "$cloudmap_url" & + fetch marker.json \ + "$marker_url" & + wait + + check_type nightmap-raw.jpg image + check_type daymap-raw.png image + check_type clouds-raw.jpg image + + in_size=2048x1024 + xplanet_out_size=1466x1200 + out_geometry=1366x768+100+160 + + nightsnow_color='#0c1a49' # nightmap + + for raw in \ + nightmap-raw.jpg \ + daymap-raw.png \ + clouds-raw.jpg \ + ; + do + normal=''${raw%-raw.*}.png + if needs_rebuild $normal $raw; then + echo "make $normal; normalize $raw" >&2 + convert $raw -scale $in_size $normal + fi + done + + # create nightmap-fullsnow + if needs_rebuild nightmap-fullsnow.png; then + convert -size $in_size xc:$nightsnow_color nightmap-fullsnow.png + fi + + # extract daymap-snowmask from daymap-final + if needs_rebuild daymap-snowmask.png daymap.png; then + convert daymap.png -threshold 95% daymap-snowmask.png + fi + + # extract nightmap-lightmask from nightmap + if needs_rebuild nightmap-lightmask.png nightmap.png; then + convert nightmap.png -threshold 25% nightmap-lightmask.png + fi + + # create layers + make_layer nightmap-snowlayer.png nightmap-fullsnow.png daymap-snowmask.png + make_layer nightmap-lightlayer.png nightmap.png nightmap-lightmask.png + + # apply layers + flatten nightmap-lightsnowlayer.png \ + nightmap-lightlayer.png \ + nightmap-snowlayer.png + + flatten nightmap-final.png \ + nightmap-lightsnowlayer.png \ + nightmap.png + + # create marker file from json + if [ -s marker.json ]; then + jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude)"' marker.json > marker_file + fi + + # make all unmodified files as final + for normal in \ + daymap.png \ + clouds.png \ + ; + do + final=''${normal%.png}-final.png + needs_rebuild $final && + ln $normal $final + done + + # rebuild every time to update shadow + xplanet --num_times 1 --geometry $xplanet_out_size \ + --output xplanet-output.png --projection merc \ + -config ${pkgs.writeText "xplanet.config" '' + [earth] + "Earth" + map=daymap-final.png + night_map=nightmap-final.png + cloud_map=clouds-final.png + cloud_threshold=10 + shade=15 + ''} + + xplanet --num_times 1 --geometry $xplanet_out_size \ + --output xplanet-krebs-output.png --projection merc \ + -config ${pkgs.writeText "xplanet-krebs.config" '' + [earth] + "Earth" + map=daymap-final.png + night_map=nightmap-final.png + cloud_map=clouds-final.png + cloud_threshold=10 + marker_file=marker_file + shade=15 + ''} + + # trim xplanet output + if needs_rebuild realwallpaper.png xplanet-output.png; then + convert xplanet-output.png -crop $out_geometry \ + realwallpaper-tmp.png + mv realwallpaper-tmp.png realwallpaper.png + fi + + if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then + convert xplanet-krebs-output.png -crop $out_geometry \ + realwallpaper-krebs-tmp.png + mv realwallpaper-krebs-tmp.png realwallpaper-krebs.png + fi + } + + main "$@" +'' From da62791e105eda4f28aa41a56c16c7084697c803 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:27:01 +0100 Subject: [PATCH 53/82] tinc_graphs: add default config value --- krebs/3modules/tinc_graphs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 486a0c9cc..33a24871f 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -37,6 +37,7 @@ let anonymous = mkOption { type = types.attrsOf types.unspecified; + default = {}; description = '' nginx virtualHost options to be merged into the anonymous graphs vhost entry. From 5281ea110297a40707a4b94855d5d3da04c71e37 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:28:15 +0100 Subject: [PATCH 54/82] irc-announce: make cat2 more portable: https://github.com/poettering/systemd/commit/c9cc1a2d0c591e571f0e27dff1e9c03d341a0d7d --- krebs/5pkgs/simple/irc-announce/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/irc-announce/default.nix b/krebs/5pkgs/simple/irc-announce/default.nix index b22e67535..dea30a056 100644 --- a/krebs/5pkgs/simple/irc-announce/default.nix +++ b/krebs/5pkgs/simple/irc-announce/default.nix @@ -24,7 +24,7 @@ pkgs.writeDashBin "irc-announce" '' # echo2 and cat2 are used output to both, stdout and stderr # This is used to see what we send to the irc server. (debug output) echo2() { echo "$*"; echo "$*" >&2; } - cat2() { tee /dev/stderr; } + cat2() { (read x ; echo "$x" ; echo "$x" >&2) } # privmsg_cat transforms stdin to a privmsg privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } From 472b52e98a2d36604c7f090b6e73fb2ee5b83796 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:29:21 +0100 Subject: [PATCH 55/82] l hilum.r: get autoiso.cfg easier via git --- lass/1systems/hilum/config.nix | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix index d4a389a4a..f66a0abe9 100644 --- a/lass/1systems/hilum/config.nix +++ b/lass/1systems/hilum/config.nix @@ -21,13 +21,6 @@ source /grub/autoiso.cfg } ''; - extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation { - name = "autoiso.cfg"; - src = pkgs.grub2.src; - phases = [ "unpackPhase" "installPhase" ]; - installPhase = '' - cp docs/autoiso.cfg $out - ''; - }); + extraFiles."/grub/autoiso.cfg" = "${pkgs.grub2.src}/docs/autoiso.cfg"; }; } From 18f073cecfdb596e553cae4b81df006fddb08f70 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:30:04 +0100 Subject: [PATCH 56/82] l hilum.r: don't suspend on lid close --- lass/1systems/hilum/config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix index f66a0abe9..470dd3aff 100644 --- a/lass/1systems/hilum/config.nix +++ b/lass/1systems/hilum/config.nix @@ -23,4 +23,7 @@ ''; extraFiles."/grub/autoiso.cfg" = "${pkgs.grub2.src}/docs/autoiso.cfg"; }; + + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; } From 1a73dffbddb934355b7994bb3558441bbeed9abd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:30:32 +0100 Subject: [PATCH 57/82] l icarus.r: reinstall after 36c3 --- lass/1systems/icarus/config.nix | 1 + lass/1systems/icarus/physical.nix | 47 +++++++++++++++++++++++++------ 2 files changed, 40 insertions(+), 8 deletions(-) diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 46f0892a2..5e16052ad 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -20,6 +20,7 @@ with import ; # + ]; #media center diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix index d764dabc1..861bd8b0b 100644 --- a/lass/1systems/icarus/physical.nix +++ b/lass/1systems/icarus/physical.nix @@ -1,22 +1,53 @@ +{ config, lib, pkgs, ... }: { imports = [ ./config.nix - - + # + # + + ]; - fileSystems = { - "/bku" = { - device = "/dev/mapper/pool-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6"; + boot.initrd.luks.devices.ssd.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6-part3"; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/298eb635-8db2-4c15-a73d-2e0d6afa10e8"; + fsType = "xfs"; }; + fileSystems."/home" = { + device = "/dev/disk/by-uuid/eec94bef-e745-4d95-ad17-4df728f5fd31"; + fsType = "xfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/D975-2CAB"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; services.thinkfan.enable = true; + + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; + } From 919b0ad48e39ff78d90342383d010c08cc0b28c5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:39:18 +0100 Subject: [PATCH 58/82] l iso: rework for wizard magic --- lass/1systems/iso.nix | 193 --------------------------- lass/1systems/iso/default.nix | 212 ++++++++++++++++++++++++++++++ lass/1systems/iso/generate-iso.sh | 7 + 3 files changed, 219 insertions(+), 193 deletions(-) delete mode 100644 lass/1systems/iso.nix create mode 100644 lass/1systems/iso/default.nix create mode 100755 lass/1systems/iso/generate-iso.sh diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix deleted file mode 100644 index a7b9f21b3..000000000 --- a/lass/1systems/iso.nix +++ /dev/null @@ -1,193 +0,0 @@ -{ config, pkgs, ... }: - -with import ; -{ - imports = [ - - - - - - { - # /dev/stderr doesn't work. I don't know why - # /proc/self doesn't seem to work correctly - # /dev/pts is empty except for 1 file - # my life sucks - nixpkgs.config.packageOverrides = super: { - irc-announce = super.callPackage { - pkgs = pkgs // { - coreutils = pkgs.symlinkJoin { - name = "coreutils-hack"; - paths = [ - (pkgs.writeDashBin "tee" '' - if test "$1" = /dev/stderr; then - while read -r line; do - echo "$line" - echo "$line" >&2 - done - else - ${super.coreutils}/bin/tee "$@" - fi - '') - pkgs.coreutils - ]; - }; - }; - }; - }; - boot.kernelParams = [ "copytoram" ]; - networking.hostName = "lass-iso"; - } - { - nixpkgs.config.packageOverrides = import pkgs; - krebs.enable = true; - krebs.build.user = config.krebs.users.lass; - krebs.build.host = {}; - } - { - nixpkgs.config.allowUnfree = true; - } - { - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - }; - } - { - environment.extraInit = '' - EDITOR=vim - ''; - } - { - environment.systemPackages = with pkgs; [ - #stockholm - git - gnumake - jq - parallel - proot - populate - - #style - most - rxvt_unicode.terminfo - - #monitoring tools - htop - iotop - - #network - iptables - iftop - - #stuff for dl - aria2 - - #neat utils - hashPassword - krebspaste - pciutils - pop - psmisc - q - rs - tmux - untilport - usbutils - - #unpack stuff - p7zip - unzip - unrar - - #data recovery - ddrescue - ntfs3g - dosfstools - ]; - } - { - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=65536 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - ''; - promptInit = '' - if test $UID = 0; then - PS1='\[\033[1;31m\]\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' - elif test $UID = 1337; then - PS1='\[\033[1;32m\]\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"' - else - PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' - fi - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"' - fi - ''; - }; - } - { - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ]; - } - { - networking.firewall = { - enable = true; - allowedTCPPorts = [ 22 ]; - }; - } - { - krebs.hidden-ssh.enable = true; - } - { - services.xserver = { - enable = true; - #videoDrivers = mkForce [ "ati_unfree" ]; - - desktopManager.xterm.enable = false; - desktopManager.default = "none"; - displayManager.lightdm.enable = true; - displayManager.lightdm.autoLogin = { - enable = true; - user = "lass"; - }; - windowManager.default = "xmonad"; - windowManager.session = let - xmonad-lass = pkgs.callPackage { inherit config; }; - in [{ - name = "xmonad"; - start = '' - ${pkgs.xorg.xhost}/bin/xhost +LOCAL: - ${xmonad-lass}/bin/xmonad & - waitPID=$! - ''; - }]; - - layout = "us"; - xkbModel = "evdev"; - xkbVariant = "altgr-intl"; - xkbOptions = "caps:backspace"; - }; - } - ]; -} diff --git a/lass/1systems/iso/default.nix b/lass/1systems/iso/default.nix new file mode 100644 index 000000000..ba483f5f0 --- /dev/null +++ b/lass/1systems/iso/default.nix @@ -0,0 +1,212 @@ +{ config, pkgs, ... }: +with import ; + +let + + wizard = pkgs.writers.writeBash "wizard" '' + set -x + shopt -s extglob + + echo -n ' + welcome to the computer wizard + first we will check for internet connectivity + (press enter to continue) + ' + read -n 1 -s + if ! ping -c1 lassul.us; then + echo 'no internet detectio, you will have to provide credentials' + read -n 1 -s + nmtui + fi + + # ping -c1 lassuls.us || ${pkgs.writeDash "nm-dmenu" '' + # set -x + # export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin + # exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@" + # ''} + + mode=$(echo -n ' + 1. help of the wizard + 2. let the wizard watch and help if needed + 3. I will do it alone + ' | ${pkgs.fzf}/bin/fzf --reverse) + case "$mode" in + 1*) + echo 'mode_1' > /tmp/mode + systemctl start hidden-ssh-announce.service + tmux new -s help + ;; + 2*) + echo 'mode_2' > /tmp/mode + ;; + 3*) + echo 'mode_3' > /tmp/mode + ;; + *) + echo 'no mode selected' + ;; + esac + ''; + +in { + imports = [ + + + + { + nixpkgs.config.packageOverrides = import pkgs; + krebs.enable = true; + krebs.build.user = config.krebs.users.lass; + krebs.build.host = {}; + } + # { + # systemd.services.wizard = { + # description = "Computer Wizard"; + # wantedBy = [ "multi-user.target" ]; + # serviceConfig = { + # ExecStart = pkgs.writers.writeDash "wizard" '' + # set -efu + # cat < Date: Sat, 11 Jan 2020 20:40:38 +0100 Subject: [PATCH 59/82] l xerxes.r: reinstall with xfs --- lass/1systems/xerxes/physical.nix | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix index 77cf2206b..2e9e62a87 100644 --- a/lass/1systems/xerxes/physical.nix +++ b/lass/1systems/xerxes/physical.nix @@ -5,40 +5,32 @@ ]; - boot.zfs.enableUnstable = true; boot.loader.grub = { enable = true; device = "/dev/sda"; efiSupport = true; + efiInstallAsRemovable = true; }; - boot.loader.efi.canTouchEfiVariables = true; boot.blacklistedKernelModules = [ "sdhci_pci" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; boot.initrd.luks.devices.crypted.device = "/dev/sda3"; boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; boot.kernelParams = [ "fbcon=rotate:1" "boot.shell_on_fail" ]; fileSystems."/" = { - device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "rpool/home"; - fsType = "zfs"; + device = "/dev/disk/by-uuid/8efd0c22-f712-46bf-baad-1fbf19d9ec25"; + fsType = "xfs"; }; fileSystems."/boot" = { - device = "/dev/disk/by-uuid/E749-784C"; + device = "/dev/disk/by-uuid/7F23-DDB4"; fsType = "vfat"; }; From 3367cc374a6739331681032427b2f53197537251 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:41:03 +0100 Subject: [PATCH 60/82] l xerxes.r: remove debug output --- lass/1systems/xerxes/physical.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix index 2e9e62a87..5a6f07215 100644 --- a/lass/1systems/xerxes/physical.nix +++ b/lass/1systems/xerxes/physical.nix @@ -66,7 +66,6 @@ services.xserver = { videoDrivers = [ "intel" ]; displayManager.sessionCommands = '' - echo nonono > /tmp/xxyy (sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP1 --rotate right) (sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop "pointer:Goodix Capacitive TouchScreen" --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1) ''; From 88e7821ed2ae331082ad3cad6d2885c3125316ea Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:41:28 +0100 Subject: [PATCH 61/82] l yellow.r: remove broken fancyindex theme --- lass/1systems/yellow/config.nix | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index d049bdee6..abbc0045b 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -47,17 +47,6 @@ with import ; }; virtualHosts.default = { default = true; - locations."=/Nginx-Fancyindex-Theme-dark" = { - extraConfig = '' - alias ${pkgs.fetchFromGitHub { - owner = "Naereen"; - repo = "Nginx-Fancyindex-Theme"; - rev = "e84f7d6a32085c2b6238f85f5fdebe9ceb710fc4"; - sha256 = "0wzl4ws2w8f0749vxfd1c8c21p3jw463wishgfcmaljbh4dwplg6"; - }}/Nginx-Fancyindex-Theme-dark; - autoindex on; - ''; - }; locations."/dl".extraConfig = '' return 301 /; ''; @@ -65,8 +54,6 @@ with import ; root = "/var/download/finished"; extraConfig = '' fancyindex on; - fancyindex_header "/Nginx-Fancyindex-Theme-dark/header.html"; - fancyindex_footer "/Nginx-Fancyindex-Theme-dark/footer.html"; dav_methods PUT DELETE MKCOL COPY MOVE; create_full_put_path on; From c2d0a98038f98bad03f7cd7982029aa07a17073f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:42:09 +0100 Subject: [PATCH 62/82] l ciko: remove slash16.net mail --- lass/2configs/ciko.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix index 6818db460..3d87fb620 100644 --- a/lass/2configs/ciko.nix +++ b/lass/2configs/ciko.nix @@ -11,14 +11,6 @@ with import ; "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr" ]; }; - krebs.exim-smarthost = { - internet-aliases = [ - { from = "*@slash16.net"; to = "ciko"; } - ]; - sender_domains = [ - "slash16.net" - ]; - }; system.activationScripts.user-shadow = '' ${pkgs.coreutils}/bin/chmod +x /home/ciko From eeb1c6004d96dfc781648a40f3a20b759c51d0cf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:42:43 +0100 Subject: [PATCH 63/82] l: add/remove some pkgs --- lass/2configs/default.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index dcae2f3eb..b0d7ff23b 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -96,9 +96,6 @@ with import ; git gnumake jq - parallel - proot - populate #style most @@ -118,6 +115,7 @@ with import ; #neat utils file + hashPassword kpaste krebspaste mosh From 82cd863f9e6f88539f9bda33bd2a27243866a45c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:43:56 +0100 Subject: [PATCH 64/82] l exim-smarthost: simplify mailboxes --- lass/2configs/exim-smarthost.nix | 204 ++++++++++++++++--------------- 1 file changed, 106 insertions(+), 98 deletions(-) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index a82672998..565608633 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -1,8 +1,110 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: with import ; let -with import ; + to = concatStringsSep "," [ + "lass@blue.r" + "lass@xerxes.r" + "lass@mors.r" + ]; -{ + mails = [ + "postmaster@lassul.us" + "lass@lassul.us" + "lassulus@lassul.us" + "test@lassul.us" + "outlook@lassul.us" + "steuer@aidsballs.de" + "lass@aidsballs.de" + "wordpress@ubikmedia.de" + "finanzamt@lassul.us" + "netzclub@lassul.us" + "nebenan@lassul.us" + "feed@lassul.us" + "art@lassul.us" + "irgendwas@lassul.us" + "polo@lassul.us" + "shack@lassul.us" + "nix@lassul.us" + "c-base@lassul.us" + "paypal@lassul.us" + "patreon@lassul.us" + "steam@lassul.us" + "securityfocus@lassul.us" + "radio@lassul.us" + "btce@lassul.us" + "raf@lassul.us" + "apple@lassul.us" + "coinbase@lassul.us" + "tomtop@lassul.us" + "aliexpress@lassul.us" + "business@lassul.us" + "payeer@lassul.us" + "github@lassul.us" + "bitwala@lassul.us" + "bitstamp@lassul.us" + "bitcoin.de@lassul.us" + "ableton@lassul.us" + "dhl@lassul.us" + "sipgate@lassul.us" + "coinexchange@lassul.us" + "verwaltung@lassul.us" + "gearbest@lassul.us" + "binance@lassul.us" + "bitfinex@lassul.us" + "alternate@lassul.us" + "redacted@lassul.us" + "mytaxi@lassul.us" + "pizza@lassul.us" + "robinhood@lassul.us" + "drivenow@lassul.us" + "aws@lassul.us" + "reddit@lassul.us" + "banggood@lassul.us" + "immoscout@lassul.us" + "gmail@lassul.us" + "amazon@lassul.us" + "humblebundle@lassul.us" + "meetup@lassul.us" + "gebfrei@lassul.us" + "github@lassul.us" + "ovh@lassul.us" + "hetzner@lassul.us" + "allygator@lassul.us" + "immoscout@lassul.us" + "elitedangerous@lassul.us" + "boardgamegeek@lassul.us" + "qwertee@lassul.us" + "zazzle@lassul.us" + "hackbeach@lassul.us" + "transferwise@lassul.us" + "cis@lassul.us" + "afra@lassul.us" + "ksp@lassul.us" + "ccc@lassul.us" + "neocron@lassul.us" + "osmocom@lassul.us" + "lesswrong@lassul.us" + "nordvpn@lassul.us" + "csv-direct@lassul.us" + "nintendo@lassul.us" + "overleaf@lassul.us" + "box@lassul.us" + "paloalto@lassul.us" + "subtitles@lassul.us" + "lobsters@lassul.us" + "fysitech@lassul.us" + "threema@lassul.us" + "ubisoft@lassul.us" + "kottezeller@lassul.us" + "pie@lassul.us" + "vebit@lassul.us" + "vcvrack@lassul.us" + "epic@lassul.us" + "microsoft@lassul.us" + "stickers@lassul.us" + "nextbike@lassul.us" + ]; + +in { krebs.exim-smarthost = { enable = true; dkim = [ @@ -17,101 +119,7 @@ with import ; config.krebs.hosts.blue config.krebs.hosts.xerxes ]; - internet-aliases = with config.krebs.users; [ - { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822 - { from = "lass@lassul.us"; to = lass.mail; } - { from = "lassulus@lassul.us"; to = lass.mail; } - { from = "test@lassul.us"; to = lass.mail; } - { from = "outlook@lassul.us"; to = lass.mail; } - { from = "steuer@aidsballs.de"; to = lass.mail; } - { from = "lass@aidsballs.de"; to = lass.mail; } - { from = "wordpress@ubikmedia.de"; to = lass.mail; } - { from = "finanzamt@lassul.us"; to = lass.mail; } - { from = "netzclub@lassul.us"; to = lass.mail; } - { from = "nebenan@lassul.us"; to = lass.mail; } - { from = "feed@lassul.us"; to = lass.mail; } - { from = "art@lassul.us"; to = lass.mail; } - { from = "irgendwas@lassul.us"; to = lass.mail; } - { from = "polo@lassul.us"; to = lass.mail; } - { from = "shack@lassul.us"; to = lass.mail; } - { from = "nix@lassul.us"; to = lass.mail; } - { from = "c-base@lassul.us"; to = lass.mail; } - { from = "paypal@lassul.us"; to = lass.mail; } - { from = "patreon@lassul.us"; to = lass.mail; } - { from = "steam@lassul.us"; to = lass.mail; } - { from = "securityfocus@lassul.us"; to = lass.mail; } - { from = "radio@lassul.us"; to = lass.mail; } - { from = "btce@lassul.us"; to = lass.mail; } - { from = "raf@lassul.us"; to = lass.mail; } - { from = "apple@lassul.us"; to = lass.mail; } - { from = "coinbase@lassul.us"; to = lass.mail; } - { from = "tomtop@lassul.us"; to = lass.mail; } - { from = "aliexpress@lassul.us"; to = lass.mail; } - { from = "business@lassul.us"; to = lass.mail; } - { from = "payeer@lassul.us"; to = lass.mail; } - { from = "github@lassul.us"; to = lass.mail; } - { from = "bitwala@lassul.us"; to = lass.mail; } - { from = "bitstamp@lassul.us"; to = lass.mail; } - { from = "bitcoin.de@lassul.us"; to = lass.mail; } - { from = "ableton@lassul.us"; to = lass.mail; } - { from = "dhl@lassul.us"; to = lass.mail; } - { from = "sipgate@lassul.us"; to = lass.mail; } - { from = "coinexchange@lassul.us"; to = lass.mail; } - { from = "verwaltung@lassul.us"; to = lass.mail; } - { from = "gearbest@lassul.us"; to = lass.mail; } - { from = "binance@lassul.us"; to = lass.mail; } - { from = "bitfinex@lassul.us"; to = lass.mail; } - { from = "alternate@lassul.us"; to = lass.mail; } - { from = "redacted@lassul.us"; to = lass.mail; } - { from = "mytaxi@lassul.us"; to = lass.mail; } - { from = "pizza@lassul.us"; to = lass.mail; } - { from = "robinhood@lassul.us"; to = lass.mail; } - { from = "drivenow@lassul.us"; to = lass.mail; } - { from = "aws@lassul.us"; to = lass.mail; } - { from = "reddit@lassul.us"; to = lass.mail; } - { from = "banggood@lassul.us"; to = lass.mail; } - { from = "immoscout@lassul.us"; to = lass.mail; } - { from = "gmail@lassul.us"; to = lass.mail; } - { from = "amazon@lassul.us"; to = lass.mail; } - { from = "humblebundle@lassul.us"; to = lass.mail; } - { from = "meetup@lassul.us"; to = lass.mail; } - { from = "gebfrei@lassul.us"; to = lass.mail; } - { from = "github@lassul.us"; to = lass.mail; } - { from = "ovh@lassul.us"; to = lass.mail; } - { from = "hetzner@lassul.us"; to = lass.mail; } - { from = "allygator@lassul.us"; to = lass.mail; } - { from = "immoscout@lassul.us"; to = lass.mail; } - { from = "elitedangerous@lassul.us"; to = lass.mail; } - { from = "boardgamegeek@lassul.us"; to = lass.mail; } - { from = "qwertee@lassul.us"; to = lass.mail; } - { from = "zazzle@lassul.us"; to = lass.mail; } - { from = "hackbeach@lassul.us"; to = lass.mail; } - { from = "transferwise@lassul.us"; to = lass.mail; } - { from = "cis@lassul.us"; to = lass.mail; } - { from = "afra@lassul.us"; to = lass.mail; } - { from = "ksp@lassul.us"; to = lass.mail; } - { from = "ccc@lassul.us"; to = lass.mail; } - { from = "neocron@lassul.us"; to = lass.mail; } - { from = "osmocom@lassul.us"; to = lass.mail; } - { from = "lesswrong@lassul.us"; to = lass.mail; } - { from = "nordvpn@lassul.us"; to = lass.mail; } - { from = "csv-direct@lassul.us"; to = lass.mail; } - { from = "nintendo@lassul.us"; to = lass.mail; } - { from = "overleaf@lassul.us"; to = lass.mail; } - { from = "box@lassul.us"; to = lass.mail; } - { from = "paloalto@lassul.us"; to = lass.mail; } - { from = "subtitles@lassul.us"; to = lass.mail; } - { from = "lobsters@lassul.us"; to = lass.mail; } - { from = "fysitech@lassul.us"; to = lass.mail; } - { from = "threema@lassul.us"; to = lass.mail; } - { from = "ubisoft@lassul.us"; to = lass.mail; } - { from = "kottezeller@lassul.us"; to = lass.mail; } - { from = "pie@lassul.us"; to = lass.mail; } - { from = "vebit@lassul.us"; to = lass.mail; } - { from = "vcvrack@lassul.us"; to = lass.mail; } - { from = "epic@lassul.us"; to = lass.mail; } - { from = "microsoft@lassul.us"; to = lass.mail; } - ]; + internet-aliases = map (from: { inherit from to; }) mails; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } { from = "postmaster"; to = "root"; } From 7fa23f4d3104b36632b941f6502fbf25387ba99c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:44:39 +0100 Subject: [PATCH 65/82] l mail: add new c-base tls fingerprint --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 6de111ba8..035e79dd5 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -14,7 +14,7 @@ let port 465 tls on tls_starttls off - tls_fingerprint 8C:10:A6:AB:1F:82:C4:8F:B1:B4:22:D5:8B:8B:49:9B:59:0B:22:A4 + tls_fingerprint 9C:82:3B:0F:31:CE:1B:8E:96:00:CC:C9:FF:E7:BE:66:95:92:4F:22:DD:D6:2E:0E:1D:90:76:BE:8E:9E:8E:16 auth on user lassulus passwordeval pass show c-base/pass From 2bc2b6ac77244c797e0b7d67283a5619d85b0b64 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:45:20 +0100 Subject: [PATCH 66/82] l mail: pass arguments correctly to neomutt --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 035e79dd5..174c1ab5e 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -217,7 +217,7 @@ let name = "mutt"; paths = [ (pkgs.writeDashBin "mutt" '' - exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} $@ + exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} "$@" '') pkgs.neomutt ]; From e0fb96d07276cba145f8a415d8a641d00d7e19a3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:48:37 +0100 Subject: [PATCH 67/82] l mc: open rmvb as video --- lass/2configs/mc.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix index eb457b7d3..f5de04616 100644 --- a/lass/2configs/mc.nix +++ b/lass/2configs/mc.nix @@ -228,6 +228,9 @@ let shell/i/.divx Include=video + shell/i/.rmvb + Include=video + shell/i/.mkv Include=video From ded0441e2582bd511ae2bdf45cbca8b0f4ae1796 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:49:10 +0100 Subject: [PATCH 68/82] l paste: add ssl support for p.krebsco.de --- lass/2configs/paste.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix index 3c3d8e636..23cab8e6e 100644 --- a/lass/2configs/paste.nix +++ b/lass/2configs/paste.nix @@ -10,7 +10,9 @@ with import ; proxy_pass http://localhost:9081; ''; }; - services.nginx.virtualHosts.paste-readonly = { + services.nginx.virtualHosts."p.krebsco.de" = { + enableACME = true; + addSSL = true; serverAliases = [ "p.krebsco.de" ]; locations."/".extraConfig = '' if ($request_method != GET) { From aea96c36727aaa1918a92a5f700a0a58642ce593 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:49:33 +0100 Subject: [PATCH 69/82] l steam: add libva as dependency --- lass/2configs/steam.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix index 701e5047e..eae31aec4 100644 --- a/lass/2configs/steam.nix +++ b/lass/2configs/steam.nix @@ -11,6 +11,7 @@ # ##TODO: make steam module nixpkgs.config.steam.java = true; + hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; users.users.games.packages = [ pkgs.steam ]; From 1e5eaeaac41db3f38b422180a97d1880fb1a8649 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:50:25 +0100 Subject: [PATCH 70/82] l urxvt: refactor --- lass/2configs/urxvt.nix | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/lass/2configs/urxvt.nix b/lass/2configs/urxvt.nix index 82f3fb2e6..7dd59e0c3 100644 --- a/lass/2configs/urxvt.nix +++ b/lass/2configs/urxvt.nix @@ -5,19 +5,18 @@ with import ; services.urxvtd.enable = true; krebs.xresources.resources.urxvt = '' - URxvt.saveLines: 100000 - URxvt*scrollBar: false - URxvt*urgentOnBell: true - URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select + URxvt.saveLines: 10000 + URxvt.scrollBar: false + URxvt.urgentOnBell: true + URxvt.perl-ext: default,matcher - ${optionalString (hasAttr "browser" config.lass) - "URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select" - } + URxvt.url-launcher: /run/current-system/sw/bin/browser-select + URxvt.matcher.pattern.1: \\bwww\\.[\\w-]+\\.[\\w./?&@#-]*[\\w/-] - URxvt.url-select.underline: true - URxvt.keysym.M-u: perl:url-select:select_next - URxvt.keysym.M-Escape: perl:keyboard-select:activate - URxvt.keysym.M-s: perl:keyboard-select:search + URxvt.keysym.M-Escape: perl:keyboard-select:activate + URxvt.keysym.M-s: perl:keyboard-select:search + URxvt.keysym.M-u: matcher:select + URxvt.keysym.M-i: matcher:list URxvt.keysym.M-F1: command:\033]710;${config.lass.fonts.regular}\007\033]711;${config.lass.fonts.bold}\007 URxvt.keysym.M-F2: command:\033]710;xft:Monospace:size=12\007\033]711;xft:Monospace:size=15:bold\007 @@ -25,14 +24,14 @@ with import ; URxvt.keysym.M-F4: command:\033]710;xft:Monospace:size=25\007\033]711;xft:Monospace:size=25:bold\007 URxvt.keysym.M-F5: command:\033]710;xft:Monospace:size=30\007\033]711;xft:Monospace:size=30:bold\007 - URxvt.intensityStyles: false + URxvt.intensityStyles: false - URxvt*background: #000000 - URxvt*foreground: #ffffff + URxvt*background: #000000 + URxvt*foreground: #ffffff !change unreadable blue - URxvt*color4: #268bd2 + URxvt*color4: #268bd2 - URxvt*color0: #232342 + URxvt*color0: #232342 ''; } From 088c3786308919eb07e9546a838dac554692a3f9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:51:00 +0100 Subject: [PATCH 71/82] l websites domsen: make aldonasiech.com static --- lass/2configs/websites/domsen.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index b9673de70..80ed12edc 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -25,6 +25,7 @@ in { imports = [ ./default.nix ./sqlBackup.nix + (servePage [ "aldonasiech.com" "www.aldonasiech.com" ]) (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) (servePage [ "freemonkey.art" @@ -35,7 +36,6 @@ in { "ubikmedia.de" "apanowicz.de" "nirwanabluete.de" - "aldonasiech.com" "ubikmedia.eu" "youthtube.xyz" "joemisch.com" @@ -44,7 +44,6 @@ in { "www.apanowicz.de" "www.nirwanabluete.de" - "www.aldonasiech.com" "www.ubikmedia.eu" "www.youthtube.xyz" "www.ubikmedia.de" From 6c260f6fc47059af8ae6ffa25ce954ac0e8d813c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:51:33 +0100 Subject: [PATCH 72/82] l websites lassulus: fix /tinc locaton --- lass/2configs/websites/lassulus.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index f04f312d0..248334be2 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -47,7 +47,8 @@ in { alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey}; ''; locations."/tinc/".extraConfig = '' - alias ${config.krebs.tinc_graphs.workingDir}/external; + index index.html; + alias ${config.krebs.tinc_graphs.workingDir}/external/; ''; locations."= /krebspage".extraConfig = '' default_type "text/html"; From fd542aa6919fa07f543da1aa7d451ba606ff0027 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:51:53 +0100 Subject: [PATCH 73/82] l websites lassulus: rename pubkeys --- lass/2configs/websites/lassulus.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 248334be2..aa3a4862b 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -61,10 +61,10 @@ in { in '' alias ${initscript}; ''; - locations."= /pub".extraConfig = '' + locations."= /blue.pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey}; ''; - locations."= /pub1".extraConfig = '' + locations."= /mors.pub".extraConfig = '' alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey}; ''; }; From 666af374b4aefef7375e88bc31768cadabf77773 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:53:03 +0100 Subject: [PATCH 74/82] l websites lassulus: add blog user to nginx group --- lass/2configs/websites/lassulus.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index aa3a4862b..901fecfb2 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -94,6 +94,7 @@ in { users.users.blog = { uid = genid_uint31 "blog"; + group = "nginx"; description = "lassul.us blog deployment"; home = "/srv/http/lassul.us"; useDefaultShell = true; From 2e4c0684cc9b5696222d2c3e807dda6b3c4a45a1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:57:45 +0100 Subject: [PATCH 75/82] l iso: remove debug output --- lass/1systems/iso/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/iso/default.nix b/lass/1systems/iso/default.nix index ba483f5f0..a77a74fbe 100644 --- a/lass/1systems/iso/default.nix +++ b/lass/1systems/iso/default.nix @@ -4,7 +4,6 @@ with import ; let wizard = pkgs.writers.writeBash "wizard" '' - set -x shopt -s extglob echo -n ' From 9ff12837cd1f84e24a211f896a01a70602b09746 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 20:59:06 +0100 Subject: [PATCH 76/82] l xdg-open: allow firefox --- lass/2configs/xdg-open.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/xdg-open.nix b/lass/2configs/xdg-open.nix index 824c36dc7..88ea7ba59 100644 --- a/lass/2configs/xdg-open.nix +++ b/lass/2configs/xdg-open.nix @@ -62,5 +62,6 @@ in { security.sudo.extraConfig = '' cr ALL=(lass) NOPASSWD: ${xdg-open} * + ff ALL=(lass) NOPASSWD: ${xdg-open} * ''; } From 6b5c205e6b4d5e904bc3f0d0090ec0d9fcbdc0d9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 21:00:01 +0100 Subject: [PATCH 77/82] l yubikey: make more robust, add some hacks --- lass/2configs/yubikey.nix | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/lass/2configs/yubikey.nix b/lass/2configs/yubikey.nix index e6482c58c..9ab6b6ccb 100644 --- a/lass/2configs/yubikey.nix +++ b/lass/2configs/yubikey.nix @@ -2,16 +2,29 @@ { environment.systemPackages = with pkgs; [ yubikey-personalization + yubikey-manager ]; services.udev.packages = with pkgs; [ yubikey-personalization ]; services.pcscd.enable = true; + systemd.user.sockets.gpg-agent-ssh.wantedBy = [ "sockets.target" ]; + + ##restart pcscd if yubikey is plugged in + #services.udev.extraRules = '' + # ACTION=="add", ATTRS{idVendor}=="04d9", ATTRS{idProduct}=="2013", RUN+="${pkgs.writeDash "restart_pcscd" '' + # ${pkgs.systemd}/bin/systemctl restart pcscd.service + # ''}" + #''; environment.shellInit = '' - if [ "$UID" -eq 1337 ]; then + if [ "$UID" -eq 1337 ] && [ -z "$SSH_CONNECTION" ]; then export GPG_TTY="$(tty)" - gpg-connect-agent /bye + gpg-connect-agent --quiet updatestartuptty /bye > /dev/null export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" + if [ -z "$SSH_AUTH_SOCK" ]; then + export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket) + fi + fi ''; @@ -19,7 +32,7 @@ ssh.startAgent = false; gnupg.agent = { enable = true; - enableSSHSupport = true; + # enableSSHSupport = true; }; }; } From c07ba2d80874b9f669377ce15e6992a67400a80d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 21:00:57 +0100 Subject: [PATCH 78/82] l fzfmenu: fix no match behaviour --- lass/5pkgs/fzfmenu/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/5pkgs/fzfmenu/default.nix b/lass/5pkgs/fzfmenu/default.nix index 905a5ce6b..bdae8ceed 100644 --- a/lass/5pkgs/fzfmenu/default.nix +++ b/lass/5pkgs/fzfmenu/default.nix @@ -37,9 +37,9 @@ pkgs.writeDashBin "fzfmenu" '' -e ${pkgs.dash}/bin/dash -c \ "echo \"$INPUT\" | ${pkgs.fzf}/bin/fzf \ --history=/dev/null \ - --no-sort \ + --print-query \ --prompt=\"$PROMPT\" \ > \"$OUTPUT\"" 2>/dev/null - ${pkgs.coreutils}/bin/cat "$OUTPUT" + ${pkgs.coreutils}/bin/tail -1 "$OUTPUT" ${pkgs.coreutils}/bin/rm "$OUTPUT" '' From f1a507bb48cca25ec89d3657098f4f9034823a4d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 21:01:13 +0100 Subject: [PATCH 79/82] l shodan.r: add scanner support --- lass/1systems/shodan/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index b3de15837..9bb31191c 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -19,6 +19,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; From 1774a149f944345ac409226ec09fdfa9da970ef2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 21:02:26 +0100 Subject: [PATCH 80/82] l init: rework with xfs and luksPassword --- lass/5pkgs/init/default.nix | 49 ++++++++++++------------------------- 1 file changed, 15 insertions(+), 34 deletions(-) diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix index b386fa94b..cbcfe2c00 100644 --- a/lass/5pkgs/init/default.nix +++ b/lass/5pkgs/init/default.nix @@ -1,25 +1,20 @@ -{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "pool", luksmap ? "luksmap", keyfile ? "/root/keyfile", ... }: +{ pkgs, lib, vgname ? "vgname", luksmap ? "luksmap", ... }: with lib; -pkgs.writeText "init" '' - #! /bin/sh - # usage: curl xu/~tv/init | sh +pkgs.writeScript "init" '' + #!/usr/bin/env nix-shell + #! nix-shell -i bash -p jq parted libxfs set -efu - # TODO nix-env -f '' -iA jq # if not exists (also version) - # install at tmp location + disk=$1 - case $(cat /proc/cmdline) in - *' root=LABEL=NIXOS_ISO '*) :;; - *) echo Error: unknown operating system >&2; exit 1;; - esac + if mount | grep -q "$disk"; then + echo "target device is already mounted, bailout" + exit 2 + fi - keyfile=${keyfile} - - disk=${disk} - - luksdev=${disk}3 + luksdev="$disk"3 luksmap=/dev/mapper/${luksmap} vgname=${vgname} @@ -29,13 +24,7 @@ pkgs.writeText "init" '' rootdev=/dev/mapper/${vgname}-root homedev=/dev/mapper/${vgname}-home - # - #generate keyfile - # - - if ! test -e "$keyfile"; then - dd if=/dev/urandom bs=512 count=2048 of=$keyfile - fi + read -p "LUKS Password: " lukspw # # partitioning @@ -61,14 +50,13 @@ pkgs.writeText "init" '' if ! cryptsetup isLuks "$luksdev"; then # aes xts-plain64 - cryptsetup luksFormat "$luksdev" "$keyfile" \ + echo -n "$lukspw" | cryptsetup luksFormat "$luksdev" - \ -h sha512 \ --iter-time 5000 fi if ! test -e "$luksmap"; then - cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" \ - --key-file "$keyfile" + echo "$lukspw" | cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" - fi # cryptsetup close @@ -95,11 +83,11 @@ pkgs.writeText "init" '' fi if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then - mkfs.btrfs "$rootdev" + mkfs.xfs "$rootdev" fi if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then - mkfs.btrfs "$homedev" + mkfs.xfs "$homedev" fi @@ -134,12 +122,5 @@ pkgs.writeText "init" '' parted "$disk" print lsblk "$disk" - key='${pubkey}' - if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then - mkdir -p /root/.ssh - echo "$key" > /root/.ssh/authorized_keys - fi - systemctl start sshd - ip route echo READY. '' From 4ffb0073ff42fa8722960461171171748d86ad54 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 21:03:08 +0100 Subject: [PATCH 81/82] l krops: add nixpkgs-unstable --- lass/krops.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/krops.nix b/lass/krops.nix index da5933df3..cb6bbe84e 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -10,6 +10,10 @@ (krebs-source { test = test; }) { nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; + nixpkgs-unstable.git = { + url = "https://github.com/nixos/nixpkgs-channels"; + ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev; + }; secrets = if test then { file = toString ./2configs/tests/dummy-secrets; } else { From a01e3174e04fc946e7dfaf3569919aacf5a6763d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jan 2020 21:03:42 +0100 Subject: [PATCH 82/82] l krops: use new pwstore location --- lass/krops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/krops.nix b/lass/krops.nix index cb6bbe84e..5927b0062 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -18,7 +18,7 @@ file = toString ./2configs/tests/dummy-secrets; } else { pass = { - dir = "${lib.getEnv "HOME"}/.password-store"; + dir = "${lib.getEnv "HOME"}/sync/pwstore"; name = "hosts/${name}"; }; };