makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions 1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse source
This commit is contained in:
tv 2020-01-14 21:35:10 +01:00
parent 525c955b5f a01e3174e0
commit 67cda2940f
56 changed files with 1546 additions and 1041 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
krebs/1systems/filebitch/config.nix Normal file
View file

@ -0,0 +1,48 @@
{ config, pkgs, ... }:
let
shack-ip = config.krebs.build.host.nets.shack.ip4.addr;
in
{
imports = [
./hardware-configuration.nix
<stockholm/krebs>
<stockholm/krebs/2configs>
# <stockholm/krebs/2configs/secret-passwords.nix>
# <stockholm/krebs/2configs/binary-cache/nixos.nix>
# <stockholm/krebs/2configs/binary-cache/prism.nix>
<stockholm/krebs/2configs/shack/ssh-keys.nix>
<stockholm/krebs/2configs/shack/prometheus/node.nix>
# provides access to /home/share for smbuser via smb
<stockholm/krebs/2configs/shack/share.nix>
{
fileSystems."/home/share" =
{ device = "/serve";
options = [ "bind" "nofail" ];
};
}
## Collect local statistics via collectd and send to collectd
<stockholm/krebs/2configs/stats/shack-client.nix>
<stockholm/krebs/2configs/stats/shack-debugging.nix>
];
krebs.build.host = config.krebs.hosts.filebitch;
sound.enable = false;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="60:a4:4c:3d:52:cf", NAME="et0"
'';
networking = {
firewall.enable = true;
interfaces.et0.ipv4.addresses = [
{
address = shack-ip;
prefixLength = 20;
}
];
defaultGateway = "10.42.0.1";
nameservers = [ "10.42.0.100" "10.42.0.200" ];
};
}

96
krebs/1systems/filebitch/hardware-configuration.nix Normal file
View file

@ -0,0 +1,96 @@
{ config, lib, pkgs, ... }:
let
byid = dev: "/dev/disk/by-id/" + dev;
keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0";
in
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
boot.zfs.forceImportRoot = false;
boot.zfs.forceImportAll = false;
boot.kernelParams = [
"boot.shell_on_fail"
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
];
boot.tmpOnTmpfs = true;
boot.initrd.availableKernelModules = [
"xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod"
"raid456"
"usbhid"
"usb_storage"
];
boot.initrd.kernelModules = [
"sata_sil"
"megaraid_sas"
];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "tank/root";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "tank/home";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "tank/nix";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/5266-931D";
fsType = "vfat";
};
fileSystems."/serve" =
{ device = "/dev/cryptvg/serve";
fsType = "ext4";
options = [ "nofail" ];
};
fileSystems."/serve/incoming" =
{ device = "/dev/cryptvg/incoming";
fsType = "ext4";
options = [ "nofail" ];
};
fileSystems."/serve/movies" =
{ device = "/dev/cryptvg/servemovies";
fsType = "ext4";
options = [ "nofail" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/3353c76f-50e4-471d-84bc-ff922d22b271"; }
];
nix.maxJobs = lib.mkDefault 4;
boot.loader.grub.device = byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN";
networking.hostId = "54d97450"; # required for zfs use
boot.initrd.luks.devices = let
usbkey = name: device: {
inherit name device keyFile;
keyFileSize = 2048;
preLVM = true;
};
in [
((usbkey "swap" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2"))
// { allowDiscards = true; } )
((usbkey "root" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3"))
// { allowDiscards = true; } )
(usbkey "125" "/dev/md125")
(usbkey "126" "/dev/md126")
(usbkey "127" "/dev/md127")
];
}

4
krebs/1systems/wolf/config.nix
View file

@ -69,6 +69,10 @@ in
# grafana.shack
<stockholm/krebs/2configs/shack/grafana.nix>
# shackdns.shack
# replacement for leases.shack and shackles.shack
<stockholm/krebs/2configs/shack/shackDNS.nix>
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)

1
krebs/2configs/buildbot-stockholm.nix
View file

@ -27,6 +27,7 @@
"http://cgit.ni.r/krops"
"http://cgit.prism.r/krops"
"https://git.ingolf-wagner.de/krebs/krops.git"
"https://github.com/krebs/krops.git"
];
nix_writers.urls = [
"http://cgit.hotdog.r/nix-writers"

20
krebs/2configs/shack/glados/automation/hass-restart.nix Normal file
View file

@ -0,0 +1,20 @@
# needs:
# light.fablab_led
[
{ alias = "State on HA start-up";
trigger = {
platform = "homeassistant";
event = "start";
};
action = [
{ service = "light.turn_on";
data = {
entity_id = "light.fablab_led";
effect = "Rainbow";
color_name = "yellow";
};
}
];
}
]

19
krebs/2configs/shack/glados/default.nix
View file

@ -2,6 +2,7 @@
let
shackopen = import ./multi/shackopen.nix;
wasser = import ./multi/wasser.nix;
badair = import ./multi/schlechte_luft.nix;
in {
services.nginx.virtualHosts."hass.shack" = {
serverAliases = [ "glados.shack" ];
@ -44,7 +45,7 @@ in {
autoExtraComponents = true;
config = {
homeassistant = {
name = "Bureautomation";
name = "Glados";
time_zone = "Europe/Berlin";
latitude = "48.8265";
longitude = "9.0676";
@ -89,7 +90,7 @@ in {
};
};
switch = wasser.switch;
light = [];
light = badair.light;
media_player = [
{ platform = "mpd";
host = "lounge.mpd.shack";
@ -99,7 +100,8 @@ in {
sensor =
(import ./sensors/hass.nix)
++ (import ./sensors/power.nix)
++ shackopen.sensor;
++ shackopen.sensor
++ badair.sensor;
binary_sensor = shackopen.binary_sensor;
@ -113,8 +115,9 @@ in {
trusted_proxies = "127.0.0.1";
};
#conversation = {};
#history = {};
#logbook = {};
history = {};
logbook = {};
recorder = {};
tts = [
{ platform = "google_translate";
language = "de";
@ -123,10 +126,12 @@ in {
# language = "de-DE";
#}
];
#recorder = {};
sun = {};
automation = wasser.automation;
automation = wasser.automation
++ badair.automation
++ (import ./automation/hass-restart.nix);
device_tracker = [];
};
};

107
krebs/2configs/shack/glados/lib/default.nix Normal file
View file

@ -0,0 +1,107 @@
let
prefix = "glados";
in
{
esphome =
{
temp = {host, topic ? "temperature" }:
{
platform = "mqtt";
name = "${host} Temperature";
device_class = "temperature";
unit_of_measurement = "°C";
icon = "mdi:thermometer";
state_topic = "${prefix}/${host}/sensor/${topic}/state";
availability_topic = "${prefix}/${host}/status";
payload_available = "online";
payload_not_available = "offline";
};
hum = {host, topic ? "humidity" }:
{
platform = "mqtt";
unit_of_measurement = "%";
icon = "mdi:water-percent";
device_class = "humidity";
name = "${host} Humidity";
state_topic = "${prefix}/${host}/sensor/${topic}/state";
availability_topic = "${prefix}/${host}/status";
payload_available = "online";
payload_not_available = "offline";
};
# copied from "homeassistant/light/fablab_led/led_ring/config"
led = {host, topic ? "led", name ? host}:
{ # name: fablab_led
# topic: led_ring
platform = "mqtt";
inherit name;
schema = "json";
brightness = true;
rgb = true;
effect = true;
effect_list = [ # TODO: may be different
"Random"
"Strobe"
"Rainbow"
"Color Wipe"
"Scan"
"Twinkle"
"Fireworks"
"Addressable Flicker"
"None"
];
state_topic = "${prefix}/${host}/light/${topic}/state";
command_topic = "${prefix}/${host}/light/${topic}/command";
availability_topic = "${prefix}/${host}/status";
payload_available = "online";
payload_not_available = "offline";
qos = 1;
};
# Feinstaub
dust_25m = { host, name ? "${host} < 2.5µm", topic ? "particulate_matter_25m_concentration" }:
{
platform = "mqtt";
unit_of_measurement = "µg/m³";
icon = "mdi:chemical-weapon";
inherit name;
state_topic = "${prefix}/${host}/sensor/${topic}/state";
availability_topic = "${prefix}/${host}/status";
};
dust_100m = {host, name ? "${host} < 10µm", topic ? "particulate_matter_100m_concentration" }:
{
platform = "mqtt";
unit_of_measurement = "µg/m³";
icon = "mdi:chemical-weapon";
inherit name;
state_topic = "${prefix}/${host}/sensor/${topic}/state";
availability_topic = "${prefix}/${host}/status";
};
switch = {host, name ? "${host} Button", topic ? "btn" }:
# host: ampel
# name: Button 1
# topic: btn1
{
inherit name;
platform = "mqtt";
state_topic = "${prefix}/${host}/sensor/${topic}/state";
command_topic = "${prefix}/${host}/switch/${topic}/state";
availability_topic = "${prefix}/${host}/status";
};
};
tasmota =
{
plug = {host, name ? host, topic ? host}:
{
platform = "mqtt";
inherit name;
state_topic = "sonoff/stat/${topic}/POWER1";
command_topic = "sonoff/cmnd/${topic}/POWER1";
availability_topic = "sonoff/tele/${topic}/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
retain = false;
qos = 1;
};
};
}

123
krebs/2configs/shack/glados/multi/schlechte_luft.nix Normal file
View file

@ -0,0 +1,123 @@
let
glados = import ../lib;
in
{
# LED
light = [
(glados.esphome.led { name = "Fablab LED"; host = "fablab_led"; topic = "led_ring"; })
(glados.esphome.led { name = "Fablab LED Part A"; host = "fablab_led"; topic = "A";})
(glados.esphome.led { name = "Fablab LED Part B"; host = "fablab_led"; topic = "B";})
(glados.esphome.led { name = "Fablab LED Part C"; host = "fablab_led"; topic = "C";})
(glados.esphome.led { name = "Fablab LED Part D"; host = "fablab_led"; topic = "D";})
];
sensor = [
(glados.esphome.temp { host = "fablab_feinstaub";})
(glados.esphome.dust_25m { host = "fablab_feinstaub";})
(glados.esphome.dust_100m { host = "fablab_feinstaub";})
];
automation =
[
{ alias = "Gute Luft Fablab";
trigger = [
{
platform = "numeric_state";
below = 25;
entity_id = "sensor.fablab_feinstaub_2_5um";
}
];
action =
[
{ service = "light.turn_on";
data = {
entity_id = "light.fablab_led";
effect = "Twinkle";
color_name = "green";
};
}
];
}
{ alias = "mäßige Luft Fablab";
trigger = [
#{
# platform = "numeric_state";
# above = 25;
# entity_id = "sensor.fablab_feinstaub_25m";
#}
{
platform = "numeric_state";
above = 25;
below = 50;
entity_id = "sensor.fablab_feinstaub_2_5um";
}
];
action =
[
{ service = "light.turn_on";
data = {
entity_id = "light.fablab_led";
effect = "Twinkle";
color_name = "yellow";
};
}
];
}
{ alias = "schlechte Luft Fablab";
trigger = [
{
platform = "numeric_state";
above = 50;
entity_id = "sensor.fablab_feinstaub_2_5um";
}
];
action =
[
{ service = "light.turn_on";
data = {
entity_id = "light.fablab_led";
effect = "Twinkle";
color_name = "red";
};
}
];
}
{ alias = "Luft Sensor nicht verfügbar";
trigger = [
{
platform = "state";
to = "unavailable";
entity_id = "sensor.fablab_feinstaub_2_5um";
}
];
action =
[
{ service = "light.turn_on";
data = {
entity_id = "light.fablab_led";
effect = "Rainbow";
color_name = "blue";
};
}
];
}
{ alias = "Fablab Licht Reboot";
trigger = [
{
platform = "state";
from = "unavailable";
entity_id = "light.fablab_led";
}
];
action =
[
{ service = "light.turn_on";
data = {
entity_id = "light.fablab_led";
effect = "Rainbow";
color_name = "orange";
};
}
];
}
];
}

17
krebs/2configs/shack/glados/multi/wasser.nix
View file

@ -1,23 +1,12 @@
let
tasmota_plug = name: topic:
{ platform = "mqtt";
inherit name;
state_topic = "sonoff/stat/${topic}/POWER1";
command_topic = "sonoff/cmnd/${topic}/POWER1";
availability_topic = "sonoff/tele/${topic}/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
retain = false;
qos = 1;
};
glados = import ../lib;
seconds = 20;
in
{
switch = [
(tasmota_plug "Wasser" "plug")
(glados.tasmota.plug { host = "Wasser"; topic = "plug";} )
];
automation =
[
{ alias = "Water the plant for ${toString seconds} seconds";

23
krebs/2configs/shack/glados/sensors/hass.nix
View file

@ -1,22 +1,5 @@
let
esphome_temp = name:
{ platform = "mqtt";
name = "${name} Temperature";
device_class = "temperature";
state_topic = "glados/${name}/sensor/temperature/state";
availability_topic = "glados/${name}/status";
payload_available = "online";
payload_not_available = "offline";
};
esphome_hum = name:
{ platform = "mqtt";
device_class = "humidity";
name = "${name} Humidity";
state_topic = "glados/${name}/sensor/humidity/state";
availability_topic = "glados/${name}/status";
payload_available = "online";
payload_not_available = "offline";
};
glados = import ../lib;
in
(map esphome_temp [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ])
++ (map esphome_hum [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ])
(map (host: glados.esphome.temp {inherit host;}) [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ])
++ (map (host: glados.esphome.hum {inherit host;}) [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ])

4
krebs/2configs/shack/muellshack.nix
View file

@ -4,8 +4,8 @@ let
pkg = pkgs.callPackage (
pkgs.fetchgit {
url = "https://git.shackspace.de/rz/muellshack";
rev = "4601f59787de090c83be6dbae6ca72d7fc84ab9f";
sha256 = "1cshbd6ipvynbm3gmnsm58ccc1m5xc87cpd3b6jx0s6pr2j19g9j";
rev = "c3d1f70325e5b90f280c5be60110e14f4de653ae";
sha256 = "1dd4kqwdr4v413rmkvmyjzzvw8id9747nifp96pg0c2cy6bhzj24";
}) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; };
home = "/var/lib/muellshack";
port = "8081";

63
krebs/2configs/shack/shackDNS.nix Normal file
View file

@ -0,0 +1,63 @@
{ config, lib, pkgs, ... }:
let
pkg =
pkgs.fetchgit {
url = "https://git.shackspace.de/rz/shackdns";
rev = "e55cc906c734b398683f9607b93f1ad6435d8575";
sha256 = "1hkwhf3hqb4fz06b1ckh7sl0zcyi4da5fgdlksian8lxyd19n8sq";
};
home = "/var/lib/shackDNS";
port = "8083";
config_file = pkgs.writeText "config" ''
# Points to a bind configuration file
dns-db = ${home}/db.shack
# Points to a shackles configuration file
# See `shackles.json` in repo
shackles-db = ${home}/shackles.json
# Points to a REST service with the DHCP leases
leases-api = http://dhcp.shack/dhcpd.leases
# Wrap this binding with https proxy or similar
binding = http://localhost:${port}/
'';
in {
# receive response from light.shack / standby.shack
networking.firewall.allowedTCPPorts = [ ];
users.users.shackDNS = {
inherit home;
createHome = true;
};
services.nginx.virtualHosts."leases.shack" = {
locations."/" = {
proxyPass = "http://localhost:${port}/";
};
};
services.nginx.virtualHosts."shackdns.shack" = {
locations."/" = {
proxyPass = "http://localhost:${port}/";
};
};
services.nginx.virtualHosts."shackles.shack" = {
locations."/" = {
proxyPass = "http://localhost:${port}/";
};
};
systemd.services.shackDNS = {
description = "shackDNS provides an overview over DHCP and DNS as well as a replacement for shackles";
wantedBy = [ "multi-user.target" ];
environment.PORT = port;
serviceConfig = {
User = "shackDNS";
WorkingDirectory = home;
ExecStart = "${pkgs.mono6}/bin/mono ${pkg}/shackDNS.exe ${config_file}";
PrivateTmp = true;
Restart = "always";
RestartSec = "15";
};
};
}

1
krebs/2configs/shack/ssh-keys.nix
View file

@ -4,6 +4,7 @@
config.krebs.users."0x4A6F".pubkey
config.krebs.users.ulrich.pubkey
config.krebs.users.raute.pubkey
config.krebs.users.xq.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci
];

1
krebs/3modules/default.nix
View file

@ -105,6 +105,7 @@ let
{ krebs = import ./makefu { inherit config; }; }
{ krebs = import ./nin { inherit config; }; }
{ krebs = import ./external/palo.nix { inherit config; }; }
{ krebs = import ./external/mic92.nix { inherit config; }; }
{ krebs = import ./tv { inherit config; }; }
{
krebs.dns.providers = {

335
krebs/3modules/external/default.nix vendored
View file

@ -68,103 +68,6 @@ in {
};
};
};
dpdkm = {
owner = config.krebs.users.Mic92;
nets = rec {
retiolum = {
ip4.addr = "10.243.29.173";
aliases = [ "dpdkm.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
eddie = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
# eddie.thalheim.io
ip4.addr = "129.215.197.11";
aliases = [ "eddie.i" ];
};
retiolum = {
via = internet;
addrs = [
config.krebs.hosts.eddie.nets.retiolum.ip4.addr
config.krebs.hosts.eddie.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.170";
aliases = [ "eddie.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d
j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm
3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF
2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua
KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq
iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t
6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD
kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u
hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay
pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ
lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.subnets = [
# edinburgh university
"129.215.0.0/16"
];
};
};
};
eve = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
# eve.thalheim.io
ip4.addr = "95.216.112.61";
ip6.addr = "2a01:4f9:2b:1605::1";
aliases = [ "eve.i" ];
};
retiolum = {
via = internet;
addrs = [
config.krebs.hosts.eve.nets.retiolum.ip4.addr
config.krebs.hosts.eve.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.174";
aliases = [ "eve.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH
XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82
08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk
6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI
+xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3
dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW
pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP
c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi
YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI
61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13
Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
homeros = {
owner = config.krebs.users.kmein;
nets = {
@ -255,190 +158,6 @@ in {
};
};
};
rose = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.52";
aliases = [ "rose.i" ];
};
retiolum = {
via = internet;
addrs = [
config.krebs.hosts.rose.nets.retiolum.ip4.addr
config.krebs.hosts.rose.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.178";
aliases = [ "rose.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA0h88uEcgVFhggGh3xqHySt8T+oDdoSN8ve4ZPmMzrGCD4dnlWcUO
6uMiwE7XG667wvjB0J2RbCJ8n8/r6eQgp6sRfPzSQL/Mc74J+py+sOVOjjjL5wJX
btrYmASO3GKUSMhGmM0IiwHMIPrmUViaREDrweF3bUwK45d/ocqpBkc+nF27kksd
DMYjHMWRIkKuQaj592zo/kY1pAJ/yAvDPess0x1CLL6uDNbjTr2S/L7JHdzZs9Xq
1+SGdVtqD0sWgSBKA0PC/Mi+Divd4PC1SoSL7wZRWD0Y2DNgj3+xUc7hAWRCw2Gs
5wofK+qiwnyYAmeNYcyQfDLosKZF9hOM8U3UbxptkPLsOK3cfZoGoLQCuOryVDBe
6GfJkJ49WfuSSNWs3WPWL6/6zmVPeGR0TvoMt02VQ3cKTmeIkWyTIzSVoC7wYv5D
Dl8Xt3aFr9UFI2GxenesViyuDLi8cy2fOsM3r+gowXQtgEKoXc9W2vyPwIIlcWUJ
QrKVsyNlkKKL0YjsnGazaEvqdiE30/Iq7f7VBnXnWXRLnZhr85HbTdDQnpT4GcEv
W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ
0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
martha = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.53";
aliases = [ "martha.i" ];
};
retiolum = {
via = internet;
addrs = [
config.krebs.hosts.martha.nets.retiolum.ip4.addr
config.krebs.hosts.martha.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.179";
aliases = [ "martha.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA3lR3Wup2yd9SYs9n9a7lq/jXxlKdwjgp9gPEirLn3/XCFM7NpLIp
LRm3Wdplv0NWim4zI3AsdGmUBrV3y0Ugj48Td4RpXlOiFjS8NHnvRbamCZF7m/pJ
3T/QpQx98+QEKXb3gZ5aDGgcHLRbUYUBuwFOxAKaikuDe2qJxqXqOmA7RXZDkEqe
FrQE/H1/+8HqJ1vhgZKi3Vu7zLRB1EV8nggWFjQKR8o0AeViLwM3OxFtGyKTaXuK
WAQrvSdKQDpQwqAPogyeftGesOfW7z0xrelkux10p42YM9epYvZDFRG97/nupw/S
iYGiTTFDBDTzpyT3zl1uwhmQ3re/nJXf5e4fgnZEcsweU8ysHtDhbimqrm9impVn
XdKnnuNa9F8VlyHCT2pVC9+WDKDNtA2M8f+8lG8/hoJ7hhp5HhBZ3ncROyQqOg4F
e6YtaFidi+fYXjQkdUXHv5FCkqFJnoxZdI2vwqU2DumltG/o+qsksI2WSsLsuMVs
sa4KUq0+5OsmCJnIAKWV2YwbLVf1tJMjPGA0jQECrHPL6SKobRefqav6MPuTbytC
4frtEIGbfdKqQ6nNTvTpCrAo+WAm3NE3khTYqGe4LqX/JMoGtWXp/Ex9IdG+sflM
mESMjuHp9vPY4aZGPtYPP93Cxv3q7gm+EfIGebajISpaG28J+XjiNNsCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
donna = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.54";
aliases = [ "donna.i" ];
};
retiolum = {
via = internet;
addrs = [
config.krebs.hosts.donna.nets.retiolum.ip4.addr
config.krebs.hosts.donna.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.180";
aliases = [ "donna.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAnv5zVPwjHk5Q72D3tv2rlQkp7SOsZD7Wvz8l1yI/mWkxoriJ9MVa
x8RziSB3KF8sF1lRWIKmuynkgLI3w0X/YFs/fAvtayxk6Qf8DOl23Vd8Is0h/i3I
0fCmCEIHhHboKsREW6NxY7w5WAI2+SFNmGef1P7vzrAv7iLyPbo9nQ8wlrAmc+PJ
Ao3BOf4U7kP778fhsPA4dlGtF2v9CBhygeGVI/DQR8jcvzeiPd2Dr0k/JvrVMYtf
wJW4xUwZkIpws/yfI8b4VJOFl2X/Yw9712Z8Jvga0rR32OG4YbnggvuCMum1g94k
YwMjaSckv1XTalvPQuf1Od96XzwL2hjPFpEK3Tdl4AitMnArgj9HNzhcRL+eGonf
U24zk52OToHnoP3palNpodi7DziIBeXIaIMl7VMXku2ymbOUJsI6zeew+uZahJkv
QIWjxveQ8N40BoTc8Yg6pea1AId3l4f3brtwJbQOVbb3bVQ5VcrxM9Q/TBvyADYR
Knwszxw3uBw5Za1FMbwCPwd8/y/Ar19qGCx25xK0QnsyqZZT/cHsbBOTzh6BBWwI
IzbYu49VO/B1rktYzZ2l2ENQy6OILXWbvFjC8Pt8f1ZZQ4A21PyNA1AdyJ/rbVj7
awm3OnnvKSvMCXWnwHPFHjksb3qMx96Aep1cw3ZBx0sQQ41UWBoOsi8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
amy = {
owner = config.krebs.users.Mic92;
nets = rec {
retiolum = {
addrs = [
config.krebs.hosts.amy.nets.retiolum.ip4.addr
config.krebs.hosts.amy.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.181";
aliases = [ "amy.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAr3jQRA1+hLKYVgHJA2ax5W8J3GVMTnaGpYw9Q2xXXrX/jxLZ6Ia8
hBjIcCBDVL5Q3FnyrKB9NJeeIvCOKg8WG+8O0+wKcePKd0Vhbsx4Whog/6PWs6qh
q2sURs2tp1hjHks4kZo2WtiYD7Ue9HHdV6FlUO6yuBV0bW2RzHdLPCDSGxnQVkBM
tSwAvMCZwvVBiv4m6RyMXqmpdbAPBzgJcmJS0FY+zGxpiwsR/AdoVvnzYyFMCVpG
iFl5+k9OGhUJq72MwAXzjW5ZdCPrG+2Dd+QBhhtIMJGA2sJiJteT8vdvpTNCiHJ/
HnW7movliN2mW86qwo7QqB5v0c9f9TjfpOld7sS/4vE3zlGi/Stf6SQWaoXez/u3
/P9GzupcYgj76m8Z3j7BMHXCBw8iwP2pZpL9hnLdIyCcyLrzXDIzq4hlt60DPhSU
klTDBUA/cUdSJGcSn2N+WHLOTfI6qeBNKqcTk70OQsa69jAJeAtA+I9OprNYOXqb
MmQakNNlrTaNtGQxfQqEL+wqHlo8CVDGm3O9pQSNF309P4TLNU1EYm+ItScNiVCE
DKhcgvE6xHCwZnVyJN8MMy1CVyDmnHVYoaTEZ2cCvNi/hXIXgO9KWjSpAv5tP764
UkOE4dlDpEW6G1pNf84BERfRYGDj29A/Jk9LJC/6D09QJXNu18HR0sUCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
clara = {
owner = config.krebs.users.Mic92;
nets = rec {
retiolum = {
addrs = [
config.krebs.hosts.clara.nets.retiolum.ip4.addr
config.krebs.hosts.clara.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.182";
aliases = [ "clara.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA07G1n2sA804nnjWQzq0Fi9i6kxJUo+jVJjtkm5unw3hjflAAd/3d
WN+01GdJCk/gr7DfU/Xr5KnR39Z3ADoT1tbUb+i5AJZ5/8VHUwWM8D8mQAam6LBf
UEeLxhVH8rG6lHaKwVi9oe4gPhgptUOzX/YIlJOMYDlYRxc7Wbj7YQOAKlPuTAjY
Z5bLswfkqTMO0cioJNwwMCNWSMJf3jbKi3eTQ36sf7TDMEneNGSBUpeSjGddoNT/
rrVIDDT8tGmtACKr+3Y0H+EA2K5IxdQKKfnPRR31RBWiTkEXBbaJzYO/ZV5/xlbN
wmblskwq9d9IwDY7qeMctci+ZUZ3epG8MUwYa4faOrgmmkQpa5B+6UOMzw/WDJEc
jTfvSzfPo4anoj8C+MOQYzRvYmp60YEZKomv2BQdBvpGIpUul8WAR2aV0K+wz66e
mUamljAXmLiPxgGKduX5VFVuXzYxeMiBBujQCLTjc+xTB2EdwihxNX1rkxz10BDc
WrgPV+/VVyThKhOvVCifWARHtT2VGcZazfQOW/y3ZmEPOYuc5ZvrSEiMeG3f64+v
UU8cQZ3yBLIhTtC+38pRlsdBQHt526q0j0rrnd30JXVAUdWBunP2UJ5QGtA8/mWn
cWSlvRf5sfbyrISz6+mLPM2qGHnCkKwORNxmv/1DY07O3Rn6hX0OY4ECAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
inspector = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
ip4.addr = "141.76.44.154";
aliases = [ "inspector.i" ];
};
retiolum = {
via = internet;
ip4.addr = "10.243.29.172";
aliases = [ "inspector.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
justraute = {
owner = config.krebs.users.raute; # laptop
nets = {
@ -451,30 +170,6 @@ in {
};
};
};
matchbox = {
owner = config.krebs.users.Mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.176";
aliases = [ "matchbox.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m
VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w
nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u
TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE
TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1
yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO
4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4
Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/
bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4
nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR
/vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
qubasa = {
owner = config.krebs.users.qubasa;
nets = {
@ -618,32 +313,6 @@ in {
};
};
};
turingmachine = {
owner = config.krebs.users.Mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.168";
aliases = [
"turingmachine.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C
t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9
6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8
ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g
nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06
5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT
1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1
gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl
DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL
W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW
OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
uppreisn = {
owner = config.krebs.users.ilmu;
nets = {
@ -795,6 +464,10 @@ in {
mail = "0x4a6f@shackspace.de";
pubkey = ssh-for "0x4A6F";
};
xq = {
mail = "xq@shackspace.de";
pubkey = ssh-for "xq";
};
miaoski = {
};
filly = {

347
krebs/3modules/external/mic92.nix vendored Normal file
View file

@ -0,0 +1,347 @@
with import <stockholm/lib>;
{ config, ... }: let
hostDefaults = hostName: host: flip recursiveUpdate host ({
ci = false;
external = true;
monitoring = false;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum.ip6.addr =
(krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
});
in {
hosts = mapAttrs hostDefaults {
amy = {
owner = config.krebs.users.Mic92;
nets = rec {
retiolum = {
addrs = [
config.krebs.hosts.amy.nets.retiolum.ip4.addr
config.krebs.hosts.amy.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.181";
aliases = [ "amy.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAr3jQRA1+hLKYVgHJA2ax5W8J3GVMTnaGpYw9Q2xXXrX/jxLZ6Ia8
hBjIcCBDVL5Q3FnyrKB9NJeeIvCOKg8WG+8O0+wKcePKd0Vhbsx4Whog/6PWs6qh
q2sURs2tp1hjHks4kZo2WtiYD7Ue9HHdV6FlUO6yuBV0bW2RzHdLPCDSGxnQVkBM
tSwAvMCZwvVBiv4m6RyMXqmpdbAPBzgJcmJS0FY+zGxpiwsR/AdoVvnzYyFMCVpG
iFl5+k9OGhUJq72MwAXzjW5ZdCPrG+2Dd+QBhhtIMJGA2sJiJteT8vdvpTNCiHJ/
HnW7movliN2mW86qwo7QqB5v0c9f9TjfpOld7sS/4vE3zlGi/Stf6SQWaoXez/u3
/P9GzupcYgj76m8Z3j7BMHXCBw8iwP2pZpL9hnLdIyCcyLrzXDIzq4hlt60DPhSU
klTDBUA/cUdSJGcSn2N+WHLOTfI6qeBNKqcTk70OQsa69jAJeAtA+I9OprNYOXqb
MmQakNNlrTaNtGQxfQqEL+wqHlo8CVDGm3O9pQSNF309P4TLNU1EYm+ItScNiVCE
DKhcgvE6xHCwZnVyJN8MMy1CVyDmnHVYoaTEZ2cCvNi/hXIXgO9KWjSpAv5tP764
UkOE4dlDpEW6G1pNf84BERfRYGDj29A/Jk9LJC/6D09QJXNu18HR0sUCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
clara = {
owner = config.krebs.users.Mic92;
nets = rec {
retiolum = {
addrs = [
config.krebs.hosts.clara.nets.retiolum.ip4.addr
config.krebs.hosts.clara.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.182";
aliases = [ "clara.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA07G1n2sA804nnjWQzq0Fi9i6kxJUo+jVJjtkm5unw3hjflAAd/3d
WN+01GdJCk/gr7DfU/Xr5KnR39Z3ADoT1tbUb+i5AJZ5/8VHUwWM8D8mQAam6LBf
UEeLxhVH8rG6lHaKwVi9oe4gPhgptUOzX/YIlJOMYDlYRxc7Wbj7YQOAKlPuTAjY
Z5bLswfkqTMO0cioJNwwMCNWSMJf3jbKi3eTQ36sf7TDMEneNGSBUpeSjGddoNT/
rrVIDDT8tGmtACKr+3Y0H+EA2K5IxdQKKfnPRR31RBWiTkEXBbaJzYO/ZV5/xlbN
wmblskwq9d9IwDY7qeMctci+ZUZ3epG8MUwYa4faOrgmmkQpa5B+6UOMzw/WDJEc
jTfvSzfPo4anoj8C+MOQYzRvYmp60YEZKomv2BQdBvpGIpUul8WAR2aV0K+wz66e
mUamljAXmLiPxgGKduX5VFVuXzYxeMiBBujQCLTjc+xTB2EdwihxNX1rkxz10BDc
WrgPV+/VVyThKhOvVCifWARHtT2VGcZazfQOW/y3ZmEPOYuc5ZvrSEiMeG3f64+v
UU8cQZ3yBLIhTtC+38pRlsdBQHt526q0j0rrnd30JXVAUdWBunP2UJ5QGtA8/mWn
cWSlvRf5sfbyrISz6+mLPM2qGHnCkKwORNxmv/1DY07O3Rn6hX0OY4ECAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
donna = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.54";
aliases = [ "donna.i" ];
};
retiolum = {
via = internet;
addrs = [
config.krebs.hosts.donna.nets.retiolum.ip4.addr
config.krebs.hosts.donna.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.180";
aliases = [ "donna.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAnv5zVPwjHk5Q72D3tv2rlQkp7SOsZD7Wvz8l1yI/mWkxoriJ9MVa
x8RziSB3KF8sF1lRWIKmuynkgLI3w0X/YFs/fAvtayxk6Qf8DOl23Vd8Is0h/i3I
0fCmCEIHhHboKsREW6NxY7w5WAI2+SFNmGef1P7vzrAv7iLyPbo9nQ8wlrAmc+PJ
Ao3BOf4U7kP778fhsPA4dlGtF2v9CBhygeGVI/DQR8jcvzeiPd2Dr0k/JvrVMYtf
wJW4xUwZkIpws/yfI8b4VJOFl2X/Yw9712Z8Jvga0rR32OG4YbnggvuCMum1g94k
YwMjaSckv1XTalvPQuf1Od96XzwL2hjPFpEK3Tdl4AitMnArgj9HNzhcRL+eGonf
U24zk52OToHnoP3palNpodi7DziIBeXIaIMl7VMXku2ymbOUJsI6zeew+uZahJkv
QIWjxveQ8N40BoTc8Yg6pea1AId3l4f3brtwJbQOVbb3bVQ5VcrxM9Q/TBvyADYR
Knwszxw3uBw5Za1FMbwCPwd8/y/Ar19qGCx25xK0QnsyqZZT/cHsbBOTzh6BBWwI
IzbYu49VO/B1rktYzZ2l2ENQy6OILXWbvFjC8Pt8f1ZZQ4A21PyNA1AdyJ/rbVj7
awm3OnnvKSvMCXWnwHPFHjksb3qMx96Aep1cw3ZBx0sQQ41UWBoOsi8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
dpdkm = {
owner = config.krebs.users.Mic92;
nets = rec {
retiolum = {
ip4.addr = "10.243.29.173";
aliases = [ "dpdkm.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
inspector = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
ip4.addr = "141.76.44.154";
aliases = [ "inspector.i" ];
};
retiolum = {
via = internet;
ip4.addr = "10.243.29.172";
aliases = [ "inspector.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
eddie = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
# eddie.thalheim.io
ip4.addr = "129.215.197.11";
aliases = [ "eddie.i" ];
};
retiolum = {
via = internet;
addrs = [
config.krebs.hosts.eddie.nets.retiolum.ip4.addr
config.krebs.hosts.eddie.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.170";
aliases = [ "eddie.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d
j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm
3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF
2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua
KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq
iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t
6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD
kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u
hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay
pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ
lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
eve = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
# eve.thalheim.io
ip4.addr = "95.216.112.61";
ip6.addr = "2a01:4f9:2b:1605::1";
aliases = [ "eve.i" ];
};
retiolum = {
via = internet;
addrs = [
config.krebs.hosts.eve.nets.retiolum.ip4.addr
config.krebs.hosts.eve.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.174";
aliases = [ "eve.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH
XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82
08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk
6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI
+xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3
dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW
pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP
c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi
YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI
61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13
Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
# ohorn lan
tinc.subnets = [ "fd42:4492:6a6d:500:8526:2adf:7451:8bbb" ];
};
};
};
martha = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.53";
aliases = [ "martha.i" ];
};
retiolum = {
via = internet;
addrs = [
config.krebs.hosts.martha.nets.retiolum.ip4.addr
config.krebs.hosts.martha.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.179";
aliases = [ "martha.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA3lR3Wup2yd9SYs9n9a7lq/jXxlKdwjgp9gPEirLn3/XCFM7NpLIp
LRm3Wdplv0NWim4zI3AsdGmUBrV3y0Ugj48Td4RpXlOiFjS8NHnvRbamCZF7m/pJ
3T/QpQx98+QEKXb3gZ5aDGgcHLRbUYUBuwFOxAKaikuDe2qJxqXqOmA7RXZDkEqe
FrQE/H1/+8HqJ1vhgZKi3Vu7zLRB1EV8nggWFjQKR8o0AeViLwM3OxFtGyKTaXuK
WAQrvSdKQDpQwqAPogyeftGesOfW7z0xrelkux10p42YM9epYvZDFRG97/nupw/S
iYGiTTFDBDTzpyT3zl1uwhmQ3re/nJXf5e4fgnZEcsweU8ysHtDhbimqrm9impVn
XdKnnuNa9F8VlyHCT2pVC9+WDKDNtA2M8f+8lG8/hoJ7hhp5HhBZ3ncROyQqOg4F
e6YtaFidi+fYXjQkdUXHv5FCkqFJnoxZdI2vwqU2DumltG/o+qsksI2WSsLsuMVs
sa4KUq0+5OsmCJnIAKWV2YwbLVf1tJMjPGA0jQECrHPL6SKobRefqav6MPuTbytC
4frtEIGbfdKqQ6nNTvTpCrAo+WAm3NE3khTYqGe4LqX/JMoGtWXp/Ex9IdG+sflM
mESMjuHp9vPY4aZGPtYPP93Cxv3q7gm+EfIGebajISpaG28J+XjiNNsCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
matchbox = {
owner = config.krebs.users.Mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.176";
aliases = [ "matchbox.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m
VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w
nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u
TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE
TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1
yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO
4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4
Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/
bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4
nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR
/vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
# ohorn lan
tinc.subnets = [ "fd42:4492:6a6d:500::/64" ];
};
};
};
rose = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
ip4.addr = "129.215.165.52";
aliases = [ "rose.i" ];
};
retiolum = {
via = internet;
addrs = [
config.krebs.hosts.rose.nets.retiolum.ip4.addr
config.krebs.hosts.rose.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.178";
aliases = [ "rose.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA0h88uEcgVFhggGh3xqHySt8T+oDdoSN8ve4ZPmMzrGCD4dnlWcUO
6uMiwE7XG667wvjB0J2RbCJ8n8/r6eQgp6sRfPzSQL/Mc74J+py+sOVOjjjL5wJX
btrYmASO3GKUSMhGmM0IiwHMIPrmUViaREDrweF3bUwK45d/ocqpBkc+nF27kksd
DMYjHMWRIkKuQaj592zo/kY1pAJ/yAvDPess0x1CLL6uDNbjTr2S/L7JHdzZs9Xq
1+SGdVtqD0sWgSBKA0PC/Mi+Divd4PC1SoSL7wZRWD0Y2DNgj3+xUc7hAWRCw2Gs
5wofK+qiwnyYAmeNYcyQfDLosKZF9hOM8U3UbxptkPLsOK3cfZoGoLQCuOryVDBe
6GfJkJ49WfuSSNWs3WPWL6/6zmVPeGR0TvoMt02VQ3cKTmeIkWyTIzSVoC7wYv5D
Dl8Xt3aFr9UFI2GxenesViyuDLi8cy2fOsM3r+gowXQtgEKoXc9W2vyPwIIlcWUJ
QrKVsyNlkKKL0YjsnGazaEvqdiE30/Iq7f7VBnXnWXRLnZhr85HbTdDQnpT4GcEv
W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ
0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
turingmachine = {
owner = config.krebs.users.Mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.168";
aliases = [
"turingmachine.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C
t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9
6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8
ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g
nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06
5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT
1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1
gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl
DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL
W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW
OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
# ohorn lan
tinc.subnets = [ "fd42:4492:6a6d:500:f610:15d1:27a3:674b" ];
};
};
};
};
}

1
krebs/3modules/external/ssh/xq.pub vendored Normal file
View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZR8LsswO/5f9/jc+tKNHHWtty5HTs13Vytbyz8DzJZrGJgOKeVA6OFPgWtaAKvxL/DUTVVVvqpOng2vACTC+CoPaCxE8yJchitkVQNg3zwsf8a8RdWsJAvZklfPz9qmmz+tM37yLpowiMNmCR5vrteRDso6GK4pUjikS5YvjT+vsvRWcVQpmjnAVYsBPgS9NIBjMDR3etoJgpSaF/oU4rDE2JElm/qOQ04W45JiJKVB2BkFomQ1EFl8oORYiMQzvaYA2BCsciBb6X+Jf0RZkVChErfawPzABhAcYpyNRhamaqiSWirw5o4l+ZaDkgezUf3ue6QuHjzuS02+3qIwXP felix@denkplatte

14
krebs/3modules/hidden-ssh.nix
View file

@ -11,6 +11,14 @@ let
api = {
enable = mkEnableOption "hidden SSH announce";
channel = mkOption {
type = types.str;
default = "#krebs-announce";
};
server = mkOption {
type = types.str;
default = "irc.freenode.org";
};
};
imp = let
@ -38,10 +46,10 @@ let
echo "still waiting for ${hiddenServiceDir}/hostname"
sleep 1
done
${pkgs.untilport}/bin/untilport irc.freenode.org 6667 && \
${pkgs.untilport}/bin/untilport ${cfg.server} 6667 && \
${pkgs.irc-announce}/bin/irc-announce \
irc.freenode.org 6667 ${config.krebs.build.host.name}-ssh \
\#krebs-announce \
${cfg.server} 6667 ${config.krebs.build.host.name}-ssh \
\${cfg.channel} \
"SSH Hidden Service at $(cat ${hiddenServiceDir}/hostname)"
'';
PrivateTmp = "true";

29
krebs/3modules/krebs/default.nix
View file

@ -34,6 +34,35 @@ with import <stockholm/lib>;
});
in {
hosts = mapAttrs hostDefaults ({
filebitch = {
ci = true;
cores = 4;
nets = {
shack = {
ip4.addr = "10.42.0.50" ;
aliases = [
"filebitch.shack"
];
};
retiolum = {
ip4.addr = "10.243.189.130";
aliases = [ "filebitch.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA8ZSLsOlPy9Vd8XdEcIoP8H3rztsbB0McTYPGhUaZ6/aqcD/MBSQa
FT9NZS0+N0Pev7y90As6Rj5Wrom92xlThcFPaX0Dzmzz+7363M4qtlrtmmWkx2FX
VDrPOYbe4hGGOCsPNOTNJkcW4zs2Ym5YKbZeXHfnuqCW+yuhKBCgO9slc740jkHZ
5xuv5zbU3ZMRk1H8xi4+cQcHqh+1PY75lJxVSNvrbe5pvGxm9yVdp235b49ohDRU
UfUjXmymPlnfJgTOMxmHwl+UmwYR4Yw2CZKXTjbJe5HjbykleTwUb1qyijM8suJf
eXRyma8VGILcY6K/HmE4nz7ESAlI1c+QlwIDAQAB
-----END RSA PUBLIC KEY-----
Ed25519PublicKey = NPjEmo1dkxNS2Xm7qUyWhLKdFYF4MnhIM79NPQELWHC
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRpjW68lSlTL8jBQcXKOTdGa+olQw5ghaU5df2yAE64";
};
hotdog = {
ci = true;
nets = {

8
krebs/3modules/makefu/default.nix
View file

@ -283,14 +283,6 @@ in {
};
};
filebitch = rec {
cores = 4;
nets = {
retiolum = {
ip4.addr = "10.243.189.130";
};
};
};
shackdev = rec { # router@shack
cores = 1;

8
krebs/3modules/makefu/retiolum/filebitch.pub
View file

@ -1,8 +0,0 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d
fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs
e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1
KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99
oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf
wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB
-----END RSA PUBLIC KEY-----

185
krebs/3modules/realwallpaper.nix
View file

@ -77,190 +77,7 @@ let
serviceConfig = {
Type = "simple";
ExecStart = pkgs.writeDash "generate-wallpaper" ''
set -euf
# usage: getimg FILENAME URL
fetch() {
echo "fetch $1"
curl -LsS -z "$1" -o "$1" "$2"
}
# usage: check_type FILENAME TYPE
check_type() {
if ! file -ib "$1" | grep -q "^$2/"; then
echo "$1 is not of type $2" >&2
rm "$1"
return 1
fi
}
# usage: image_size FILENAME
image_size() {
identify "$1" | awk '{print$3}'
}
# usage: make_mask DST SRC MASK
make_layer() {
if needs_rebuild "$@"; then
echo "make $1 (apply mask)" >&2
convert "$2" "$3" -alpha off -compose copy_opacity -composite "$1"
fi
}
# usage: flatten DST HILAYER LOLAYER
flatten() {
if needs_rebuild "$@"; then
echo "make $1 (flatten)" >&2
composite "$2" "$3" "$1"
fi
}
# usage: needs_rebuild DST SRC...
needs_rebuild() {
a="$1"
shift
if ! test -e "$a"; then
#echo " $a does not exist" >&2
result=0
else
result=1
for b; do
if test "$b" -nt "$a"; then
#echo " $b is newer than $a" >&2
result=0
fi
done
fi
#case $result in
# 0) echo "$a needs rebuild" >&2;;
#esac
return $result
}
main() {
cd ${cfg.workingDir}
# fetch source images in parallel
fetch nightmap-raw.jpg \
${cfg.nightmap} &
fetch daymap-raw.png \
${cfg.daymap} &
fetch clouds-raw.jpg \
${cfg.cloudmap} &
fetch marker.json \
${cfg.marker} &
wait
check_type nightmap-raw.jpg image
check_type daymap-raw.png image
check_type clouds-raw.jpg image
in_size=2048x1024
xplanet_out_size=1466x1200
out_geometry=1366x768+100+160
nightsnow_color='#0c1a49' # nightmap
for raw in \
nightmap-raw.jpg \
daymap-raw.png \
clouds-raw.jpg \
;
do
normal=''${raw%-raw.*}.png
if needs_rebuild $normal $raw; then
echo "make $normal; normalize $raw" >&2
convert $raw -scale $in_size $normal
fi
done
# create nightmap-fullsnow
if needs_rebuild nightmap-fullsnow.png; then
convert -size $in_size xc:$nightsnow_color nightmap-fullsnow.png
fi
# extract daymap-snowmask from daymap-final
if needs_rebuild daymap-snowmask.png daymap.png; then
convert daymap.png -threshold 95% daymap-snowmask.png
fi
# extract nightmap-lightmask from nightmap
if needs_rebuild nightmap-lightmask.png nightmap.png; then
convert nightmap.png -threshold 25% nightmap-lightmask.png
fi
# create layers
make_layer nightmap-snowlayer.png nightmap-fullsnow.png daymap-snowmask.png
make_layer nightmap-lightlayer.png nightmap.png nightmap-lightmask.png
# apply layers
flatten nightmap-lightsnowlayer.png \
nightmap-lightlayer.png \
nightmap-snowlayer.png
flatten nightmap-final.png \
nightmap-lightsnowlayer.png \
nightmap.png
# create marker file from json
if [ -s marker.json ]; then
jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude)"' marker.json > marker_file
fi
# make all unmodified files as final
for normal in \
daymap.png \
clouds.png \
;
do
final=''${normal%.png}-final.png
needs_rebuild $final &&
ln $normal $final
done
# rebuild every time to update shadow
xplanet --num_times 1 --geometry $xplanet_out_size \
--output xplanet-output.png --projection merc \
-config ${pkgs.writeText "xplanet.config" ''
[earth]
"Earth"
map=daymap-final.png
night_map=nightmap-final.png
cloud_map=clouds-final.png
cloud_threshold=10
shade=15
''}
xplanet --num_times 1 --geometry $xplanet_out_size \
--output xplanet-krebs-output.png --projection merc \
-config ${pkgs.writeText "xplanet-krebs.config" ''
[earth]
"Earth"
map=daymap-final.png
night_map=nightmap-final.png
cloud_map=clouds-final.png
cloud_threshold=10
marker_file=marker_file
shade=15
''}
# trim xplanet output
if needs_rebuild realwallpaper.png xplanet-output.png; then
convert xplanet-output.png -crop $out_geometry \
realwallpaper-tmp.png
mv realwallpaper-tmp.png realwallpaper.png
fi
if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then
convert xplanet-krebs-output.png -crop $out_geometry \
realwallpaper-krebs-tmp.png
mv realwallpaper-krebs-tmp.png realwallpaper-krebs.png
fi
}
main "$@"
'';
ExecStart = "${pkgs.realwallpaper}/bin/generate-wallpaper";
User = "realwallpaper";
};
};

1
krebs/3modules/tinc_graphs.nix
View file

@ -37,6 +37,7 @@ let
anonymous = mkOption {
type = types.attrsOf types.unspecified;
default = {};
description = ''
nginx virtualHost options to be merged into the anonymous graphs
vhost entry.

2
krebs/5pkgs/simple/irc-announce/default.nix
View file

@ -24,7 +24,7 @@ pkgs.writeDashBin "irc-announce" ''
# echo2 and cat2 are used output to both, stdout and stderr
# This is used to see what we send to the irc server. (debug output)
echo2() { echo "$*"; echo "$*" >&2; }
cat2() { tee /dev/stderr; }
cat2() { (read x ; echo "$x" ; echo "$x" >&2) }
# privmsg_cat transforms stdin to a privmsg
privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }

185
krebs/5pkgs/simple/realwallpaper/default.nix Normal file
View file

@ -0,0 +1,185 @@
{ pkgs, ... }:
pkgs.writeDashBin "generate-wallpaper" ''
set -euf
# usage: getimg FILENAME URL
fetch() {
echo "fetch $1"
curl -LsS -z "$1" -o "$1" "$2"
}
# usage: check_type FILENAME TYPE
check_type() {
if ! file -ib "$1" | grep -q "^$2/"; then
echo "$1 is not of type $2" >&2
rm "$1"
return 1
fi
}
# usage: image_size FILENAME
image_size() {
identify "$1" | awk '{print$3}'
}
# usage: make_mask DST SRC MASK
make_layer() {
if needs_rebuild "$@"; then
echo "make $1 (apply mask)" >&2
convert "$2" "$3" -alpha off -compose copy_opacity -composite "$1"
fi
}
# usage: flatten DST HILAYER LOLAYER
flatten() {
if needs_rebuild "$@"; then
echo "make $1 (flatten)" >&2
composite "$2" "$3" "$1"
fi
}
# usage: needs_rebuild DST SRC...
needs_rebuild() {
a="$1"
shift
if ! test -e "$a"; then
#echo " $a does not exist" >&2
result=0
else
result=1
for b; do
if test "$b" -nt "$a"; then
#echo " $b is newer than $a" >&2
result=0
fi
done
fi
#case $result in
# 0) echo "$a needs rebuild" >&2;;
#esac
return $result
}
main() {
cd "$working_dir"
# fetch source images in parallel
fetch nightmap-raw.jpg \
"$nightmap_url" &
fetch daymap-raw.png \
"$daymap_url" &
fetch clouds-raw.jpg \
"$cloudmap_url" &
fetch marker.json \
"$marker_url" &
wait
check_type nightmap-raw.jpg image
check_type daymap-raw.png image
check_type clouds-raw.jpg image
in_size=2048x1024
xplanet_out_size=1466x1200
out_geometry=1366x768+100+160
nightsnow_color='#0c1a49' # nightmap
for raw in \
nightmap-raw.jpg \
daymap-raw.png \
clouds-raw.jpg \
;
do
normal=''${raw%-raw.*}.png
if needs_rebuild $normal $raw; then
echo "make $normal; normalize $raw" >&2
convert $raw -scale $in_size $normal
fi
done
# create nightmap-fullsnow
if needs_rebuild nightmap-fullsnow.png; then
convert -size $in_size xc:$nightsnow_color nightmap-fullsnow.png
fi
# extract daymap-snowmask from daymap-final
if needs_rebuild daymap-snowmask.png daymap.png; then
convert daymap.png -threshold 95% daymap-snowmask.png
fi
# extract nightmap-lightmask from nightmap
if needs_rebuild nightmap-lightmask.png nightmap.png; then
convert nightmap.png -threshold 25% nightmap-lightmask.png
fi
# create layers
make_layer nightmap-snowlayer.png nightmap-fullsnow.png daymap-snowmask.png
make_layer nightmap-lightlayer.png nightmap.png nightmap-lightmask.png
# apply layers
flatten nightmap-lightsnowlayer.png \
nightmap-lightlayer.png \
nightmap-snowlayer.png
flatten nightmap-final.png \
nightmap-lightsnowlayer.png \
nightmap.png
# create marker file from json
if [ -s marker.json ]; then
jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude)"' marker.json > marker_file
fi
# make all unmodified files as final
for normal in \
daymap.png \
clouds.png \
;
do
final=''${normal%.png}-final.png
needs_rebuild $final &&
ln $normal $final
done
# rebuild every time to update shadow
xplanet --num_times 1 --geometry $xplanet_out_size \
--output xplanet-output.png --projection merc \
-config ${pkgs.writeText "xplanet.config" ''
[earth]
"Earth"
map=daymap-final.png
night_map=nightmap-final.png
cloud_map=clouds-final.png
cloud_threshold=10
shade=15
''}
xplanet --num_times 1 --geometry $xplanet_out_size \
--output xplanet-krebs-output.png --projection merc \
-config ${pkgs.writeText "xplanet-krebs.config" ''
[earth]
"Earth"
map=daymap-final.png
night_map=nightmap-final.png
cloud_map=clouds-final.png
cloud_threshold=10
marker_file=marker_file
shade=15
''}
# trim xplanet output
if needs_rebuild realwallpaper.png xplanet-output.png; then
convert xplanet-output.png -crop $out_geometry \
realwallpaper-tmp.png
mv realwallpaper-tmp.png realwallpaper.png
fi
if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then
convert xplanet-krebs-output.png -crop $out_geometry \
realwallpaper-krebs-tmp.png
mv realwallpaper-krebs-tmp.png realwallpaper-krebs.png
fi
}
main "$@"
''

6
krebs/nixpkgs-unstable.json
View file

@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
"rev": "3140fa89c51233397f496f49014f6b23216667c2",
"date": "2019-12-05T01:28:43+01:00",
"sha256": "18p0d5lnfvzsyfah02mf6bi249990pfwnylwhqdh8qi70ncrk3f8",
"rev": "e1eedf29e5d22e6824e614d75449b75a2e3455d6",
"date": "2020-01-07T12:32:18+01:00",
"sha256": "1v237cgfkd8sb5f1r08sms1rxygjav8a1i1jjjxyqgiszzpiwdx7",
"fetchSubmodules": false
}

6
krebs/nixpkgs.json
View file

@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
"rev": "45ea60922036b7be302b95d107595f6eb5cd0675",
"date": "2019-12-10T12:38:05+01:00",
"sha256": "11wm7af6ab2979z8yrpcprb6d99kbrjq44a48ayi4a7c58a2xb6q",
"rev": "caad1a78c47cc9f2c8bd4d0785a07c62e98c03c9",
"date": "2020-01-09T17:49:36+01:00",
"sha256": "1nk7a1vz0kzdwh36qdj73fkv9nnjylk8q8rrsgls4rbr3pxz7801",
"fetchSubmodules": false
}

12
lass/1systems/hilum/config.nix
View file

@ -21,13 +21,9 @@
source /grub/autoiso.cfg
}
'';
extraFiles."/grub/autoiso.cfg" = (pkgs.stdenv.mkDerivation {
name = "autoiso.cfg";
src = pkgs.grub2.src;
phases = [ "unpackPhase" "installPhase" ];
installPhase = ''
cp docs/autoiso.cfg $out
'';
});
extraFiles."/grub/autoiso.cfg" = "${pkgs.grub2.src}/docs/autoiso.cfg";
};
services.logind.lidSwitch = "ignore";
services.logind.lidSwitchDocked = "ignore";
}

1
lass/1systems/icarus/config.nix
View file

@ -20,6 +20,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/nfs-dl.nix>
#<stockholm/lass/2configs/prism-share.nix>
<stockholm/lass/2configs/ssh-cryptsetup.nix>
<stockholm/lass/2configs/network-manager.nix>
];
#media center

47
lass/1systems/icarus/physical.nix
View file

@ -1,22 +1,53 @@
{ config, lib, pkgs, ... }:
{
imports = [
./config.nix
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/coreboot.nix>
#<stockholm/lass/2configs/hw/x220.nix>
#<stockholm/lass/2configs/boot/universal.nix>
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
<stockholm/krebs/2configs/hw/x220.nix>
];
fileSystems = {
"/bku" = {
device = "/dev/mapper/pool-bku";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true;
boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6";
boot.initrd.luks.devices.ssd.device = "/dev/disk/by-id/wwn-0x5002538d702f5ac6-part3";
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/298eb635-8db2-4c15-a73d-2e0d6afa10e8";
fsType = "xfs";
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/eec94bef-e745-4d95-ad17-4df728f5fd31";
fsType = "xfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D975-2CAB";
fsType = "vfat";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
services.thinkfan.enable = true;
services.logind.lidSwitch = "ignore";
services.logind.lidSwitchDocked = "ignore";
}

193
lass/1systems/iso.nix
View file

@ -1,193 +0,0 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
<stockholm/krebs>
<stockholm/lass/3modules>
<stockholm/lass/2configs/mc.nix>
<stockholm/lass/2configs/vim.nix>
{
# /dev/stderr doesn't work. I don't know why
# /proc/self doesn't seem to work correctly
# /dev/pts is empty except for 1 file
# my life sucks
nixpkgs.config.packageOverrides = super: {
irc-announce = super.callPackage <stockholm/krebs/5pkgs/simple/irc-announce> {
pkgs = pkgs // {
coreutils = pkgs.symlinkJoin {
name = "coreutils-hack";
paths = [
(pkgs.writeDashBin "tee" ''
if test "$1" = /dev/stderr; then
while read -r line; do
echo "$line"
echo "$line" >&2
done
else
${super.coreutils}/bin/tee "$@"
fi
'')
pkgs.coreutils
];
};
};
};
};
boot.kernelParams = [ "copytoram" ];
networking.hostName = "lass-iso";
}
{
nixpkgs.config.packageOverrides = import <stockholm/lass/5pkgs> pkgs;
krebs.enable = true;
krebs.build.user = config.krebs.users.lass;
krebs.build.host = {};
}
{
nixpkgs.config.allowUnfree = true;
}
{
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
};
}
{
environment.extraInit = ''
EDITOR=vim
'';
}
{
environment.systemPackages = with pkgs; [
#stockholm
git
gnumake
jq
parallel
proot
populate
#style
most
rxvt_unicode.terminfo
#monitoring tools
htop
iotop
#network
iptables
iftop
#stuff for dl
aria2
#neat utils
hashPassword
krebspaste
pciutils
pop
psmisc
q
rs
tmux
untilport
usbutils
#unpack stuff
p7zip
unzip
unrar
#data recovery
ddrescue
ntfs3g
dosfstools
];
}
{
programs.bash = {
enableCompletion = true;
interactiveShellInit = ''
HISTCONTROL='erasedups:ignorespace'
HISTSIZE=65536
HISTFILESIZE=$HISTSIZE
shopt -s checkhash
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
complete -d cd
'';
promptInit = ''
if test $UID = 0; then
PS1='\[\033[1;31m\]\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
elif test $UID = 1337; then
PS1='\[\033[1;32m\]\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
else
PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
fi
if test -n "$SSH_CLIENT"; then
PS1='\[\033[35m\]\h'" $PS1"
PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
fi
'';
};
}
{
services.openssh = {
enable = true;
hostKeys = [
# XXX bits here make no science
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ];
}
{
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 ];
};
}
{
krebs.hidden-ssh.enable = true;
}
{
services.xserver = {
enable = true;
#videoDrivers = mkForce [ "ati_unfree" ];
desktopManager.xterm.enable = false;
desktopManager.default = "none";
displayManager.lightdm.enable = true;
displayManager.lightdm.autoLogin = {
enable = true;
user = "lass";
};
windowManager.default = "xmonad";
windowManager.session = let
xmonad-lass = pkgs.callPackage <stockholm/lass/5pkgs/custom/xmonad-lass> { inherit config; };
in [{
name = "xmonad";
start = ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
${xmonad-lass}/bin/xmonad &
waitPID=$!
'';
}];
layout = "us";
xkbModel = "evdev";
xkbVariant = "altgr-intl";
xkbOptions = "caps:backspace";
};
}
];
}

211
lass/1systems/iso/default.nix Normal file
View file

@ -0,0 +1,211 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
wizard = pkgs.writers.writeBash "wizard" ''
shopt -s extglob
echo -n '
welcome to the computer wizard
first we will check for internet connectivity
(press enter to continue)
'
read -n 1 -s
if ! ping -c1 lassul.us; then
echo 'no internet detectio, you will have to provide credentials'
read -n 1 -s
nmtui
fi
# ping -c1 lassuls.us || ${pkgs.writeDash "nm-dmenu" ''
# set -x
# export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin
# exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"
# ''}
mode=$(echo -n '
1. help of the wizard
2. let the wizard watch and help if needed
3. I will do it alone
' | ${pkgs.fzf}/bin/fzf --reverse)
case "$mode" in
1*)
echo 'mode_1' > /tmp/mode
systemctl start hidden-ssh-announce.service
tmux new -s help
;;
2*)
echo 'mode_2' > /tmp/mode
;;
3*)
echo 'mode_3' > /tmp/mode
;;
*)
echo 'no mode selected'
;;
esac
'';
in {
imports = [
<stockholm/krebs>
<stockholm/lass/3modules>
<stockholm/lass/2configs/vim.nix>
{
nixpkgs.config.packageOverrides = import <stockholm/lass/5pkgs> pkgs;
krebs.enable = true;
krebs.build.user = config.krebs.users.lass;
krebs.build.host = {};
}
# {
# systemd.services.wizard = {
# description = "Computer Wizard";
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# ExecStart = pkgs.writers.writeDash "wizard" ''
# set -efu
# cat <<EOF
# welcome to the computer wizard
# you can choose between the following modes
# echo -n '1\n2\n3' | ${pkgs.fzf}/bin/fzf
# EOF
# '';
# StandardInput = "tty";
# StandardOutput = "tty";
# # TTYPath = "/dev/tty1";
# TTYPath = "/dev/ttyS0";
# TTYReset = true;
# TTYVTDisallocate = true;
# Restart = "always";
# };
# };
# }
];
networking.hostName = "wizard";
nixpkgs.config.allowUnfree = true;
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-mors.pubkey
];
};
};
environment.systemPackages = with pkgs; [
#stockholm
git
gnumake
jq
parallel
proot
populate
#style
most
rxvt_unicode.terminfo
#monitoring tools
htop
iotop
#network
iptables
iftop
#stuff for dl
aria2
#neat utils
dmenu
hashPassword
krebspaste
pciutils
pop
psmisc
q
rs
tmux
untilport
usbutils
#unpack stuff
p7zip
unzip
unrar
#data recovery
ddrescue
ntfs3g
dosfstools
];
environment.extraInit = ''
EDITOR=vim
'';
programs.bash = {
enableCompletion = true;
interactiveShellInit = ''
HISTCONTROL='erasedups:ignorespace'
HISTSIZE=65536
HISTFILESIZE=$HISTSIZE
shopt -s checkhash
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
complete -d cd
'';
promptInit = ''
if test $UID = 0; then
PS1='\[\033[1;31m\]\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
elif test $UID = 1337; then
PS1='\[\033[1;32m\]\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
else
PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
fi
if test -n "$SSH_CLIENT"; then
PS1='\[\033[35m\]\h'" $PS1"
PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
fi
if ! test -e /tmp/mode; then
${wizard}
fi
'';
};
services.openssh.enable = true;
systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ];
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 ];
};
networking.networkmanager.enable = true;
networking.wireless.enable = mkForce false;
krebs.hidden-ssh = {
enable = true;
channel = "##lassulus-wizard";
};
systemd.services.hidden-ssh-announce.wantedBy = mkForce [];
services.mingetty.autologinUser = "root";
nixpkgs.config.packageOverrides = super: {
dmenu = pkgs.writeDashBin "dmenu" ''
${pkgs.fzf}/bin/fzf \
--history=/dev/null \
--print-query \
--prompt=\"$PROMPT\"
'';
};
boot.tmpOnTmpfs = true;
}

7
lass/1systems/iso/generate-iso.sh Executable file
View file

@ -0,0 +1,7 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p nixos-generators
set -xefu
WD=$(dirname "$0")
nixos-generate -I stockholm="$WD"/../../.. -c "$WD"/default.nix -f install-iso

1
lass/1systems/shodan/config.nix
View file

@ -19,6 +19,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/ssh-cryptsetup.nix>
<stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/gg23.nix>
<stockholm/lass/2configs/br.nix>
];
krebs.build.host = config.krebs.hosts.shodan;

17
lass/1systems/xerxes/physical.nix
View file

@ -5,40 +5,32 @@
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.zfs.enableUnstable = true;
boot.loader.grub = {
enable = true;
device = "/dev/sda";
efiSupport = true;
efiInstallAsRemovable = true;
};
boot.loader.efi.canTouchEfiVariables = true;
boot.blacklistedKernelModules = [
"sdhci_pci"
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.initrd.luks.devices.crypted.device = "/dev/sda3";
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [
"fbcon=rotate:1"
"boot.shell_on_fail"
];
fileSystems."/" = {
device = "rpool/root";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/home";
fsType = "zfs";
device = "/dev/disk/by-uuid/8efd0c22-f712-46bf-baad-1fbf19d9ec25";
fsType = "xfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/E749-784C";
device = "/dev/disk/by-uuid/7F23-DDB4";
fsType = "vfat";
};
@ -74,7 +66,6 @@
services.xserver = {
videoDrivers = [ "intel" ];
displayManager.sessionCommands = ''
echo nonono > /tmp/xxyy
(sleep 2 && ${pkgs.xorg.xrandr}/bin/xrandr --output eDP1 --rotate right)
(sleep 2 && ${pkgs.xorg.xinput}/bin/xinput set-prop "pointer:Goodix Capacitive TouchScreen" --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1)
'';

13
lass/1systems/yellow/config.nix
View file

@ -47,17 +47,6 @@ with import <stockholm/lib>;
};
virtualHosts.default = {
default = true;
locations."=/Nginx-Fancyindex-Theme-dark" = {
extraConfig = ''
alias ${pkgs.fetchFromGitHub {
owner = "Naereen";
repo = "Nginx-Fancyindex-Theme";
rev = "e84f7d6a32085c2b6238f85f5fdebe9ceb710fc4";
sha256 = "0wzl4ws2w8f0749vxfd1c8c21p3jw463wishgfcmaljbh4dwplg6";
}}/Nginx-Fancyindex-Theme-dark;
autoindex on;
'';
};
locations."/dl".extraConfig = ''
return 301 /;
'';
@ -65,8 +54,6 @@ with import <stockholm/lib>;
root = "/var/download/finished";
extraConfig = ''
fancyindex on;
fancyindex_header "/Nginx-Fancyindex-Theme-dark/header.html";
fancyindex_footer "/Nginx-Fancyindex-Theme-dark/footer.html";
dav_methods PUT DELETE MKCOL COPY MOVE;
create_full_put_path on;

8
lass/2configs/ciko.nix
View file

@ -11,14 +11,6 @@ with import <stockholm/lib>;
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr"
];
};
krebs.exim-smarthost = {
internet-aliases = [
{ from = "*@slash16.net"; to = "ciko"; }
];
sender_domains = [
"slash16.net"
];
};
system.activationScripts.user-shadow = ''
${pkgs.coreutils}/bin/chmod +x /home/ciko

4
lass/2configs/default.nix
View file

@ -96,9 +96,6 @@ with import <stockholm/lib>;
git
gnumake
jq
parallel
proot
populate
#style
most
@ -118,6 +115,7 @@ with import <stockholm/lib>;
#neat utils
file
hashPassword
kpaste
krebspaste
mosh

204
lass/2configs/exim-smarthost.nix
View file

@ -1,8 +1,110 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, ... }: with import <stockholm/lib>; let
with import <stockholm/lib>;
to = concatStringsSep "," [
"lass@blue.r"
"lass@xerxes.r"
"lass@mors.r"
];
{
mails = [
"postmaster@lassul.us"
"lass@lassul.us"
"lassulus@lassul.us"
"test@lassul.us"
"outlook@lassul.us"
"steuer@aidsballs.de"
"lass@aidsballs.de"
"wordpress@ubikmedia.de"
"finanzamt@lassul.us"
"netzclub@lassul.us"
"nebenan@lassul.us"
"feed@lassul.us"
"art@lassul.us"
"irgendwas@lassul.us"
"polo@lassul.us"
"shack@lassul.us"
"nix@lassul.us"
"c-base@lassul.us"
"paypal@lassul.us"
"patreon@lassul.us"
"steam@lassul.us"
"securityfocus@lassul.us"
"radio@lassul.us"
"btce@lassul.us"
"raf@lassul.us"
"apple@lassul.us"
"coinbase@lassul.us"
"tomtop@lassul.us"
"aliexpress@lassul.us"
"business@lassul.us"
"payeer@lassul.us"
"github@lassul.us"
"bitwala@lassul.us"
"bitstamp@lassul.us"
"bitcoin.de@lassul.us"
"ableton@lassul.us"
"dhl@lassul.us"
"sipgate@lassul.us"
"coinexchange@lassul.us"
"verwaltung@lassul.us"
"gearbest@lassul.us"
"binance@lassul.us"
"bitfinex@lassul.us"
"alternate@lassul.us"
"redacted@lassul.us"
"mytaxi@lassul.us"
"pizza@lassul.us"
"robinhood@lassul.us"
"drivenow@lassul.us"
"aws@lassul.us"
"reddit@lassul.us"
"banggood@lassul.us"
"immoscout@lassul.us"
"gmail@lassul.us"
"amazon@lassul.us"
"humblebundle@lassul.us"
"meetup@lassul.us"
"gebfrei@lassul.us"
"github@lassul.us"
"ovh@lassul.us"
"hetzner@lassul.us"
"allygator@lassul.us"
"immoscout@lassul.us"
"elitedangerous@lassul.us"
"boardgamegeek@lassul.us"
"qwertee@lassul.us"
"zazzle@lassul.us"
"hackbeach@lassul.us"
"transferwise@lassul.us"
"cis@lassul.us"
"afra@lassul.us"
"ksp@lassul.us"
"ccc@lassul.us"
"neocron@lassul.us"
"osmocom@lassul.us"
"lesswrong@lassul.us"
"nordvpn@lassul.us"
"csv-direct@lassul.us"
"nintendo@lassul.us"
"overleaf@lassul.us"
"box@lassul.us"
"paloalto@lassul.us"
"subtitles@lassul.us"
"lobsters@lassul.us"
"fysitech@lassul.us"
"threema@lassul.us"
"ubisoft@lassul.us"
"kottezeller@lassul.us"
"pie@lassul.us"
"vebit@lassul.us"
"vcvrack@lassul.us"
"epic@lassul.us"
"microsoft@lassul.us"
"stickers@lassul.us"
"nextbike@lassul.us"
];
in {
krebs.exim-smarthost = {
enable = true;
dkim = [
@ -17,101 +119,7 @@ with import <stockholm/lib>;
config.krebs.hosts.blue
config.krebs.hosts.xerxes
];
internet-aliases = with config.krebs.users; [
{ from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822
{ from = "lass@lassul.us"; to = lass.mail; }
{ from = "lassulus@lassul.us"; to = lass.mail; }
{ from = "test@lassul.us"; to = lass.mail; }
{ from = "outlook@lassul.us"; to = lass.mail; }
{ from = "steuer@aidsballs.de"; to = lass.mail; }
{ from = "lass@aidsballs.de"; to = lass.mail; }
{ from = "wordpress@ubikmedia.de"; to = lass.mail; }
{ from = "finanzamt@lassul.us"; to = lass.mail; }
{ from = "netzclub@lassul.us"; to = lass.mail; }
{ from = "nebenan@lassul.us"; to = lass.mail; }
{ from = "feed@lassul.us"; to = lass.mail; }
{ from = "art@lassul.us"; to = lass.mail; }
{ from = "irgendwas@lassul.us"; to = lass.mail; }
{ from = "polo@lassul.us"; to = lass.mail; }
{ from = "shack@lassul.us"; to = lass.mail; }
{ from = "nix@lassul.us"; to = lass.mail; }
{ from = "c-base@lassul.us"; to = lass.mail; }
{ from = "paypal@lassul.us"; to = lass.mail; }
{ from = "patreon@lassul.us"; to = lass.mail; }
{ from = "steam@lassul.us"; to = lass.mail; }
{ from = "securityfocus@lassul.us"; to = lass.mail; }
{ from = "radio@lassul.us"; to = lass.mail; }
{ from = "btce@lassul.us"; to = lass.mail; }
{ from = "raf@lassul.us"; to = lass.mail; }
{ from = "apple@lassul.us"; to = lass.mail; }
{ from = "coinbase@lassul.us"; to = lass.mail; }
{ from = "tomtop@lassul.us"; to = lass.mail; }
{ from = "aliexpress@lassul.us"; to = lass.mail; }
{ from = "business@lassul.us"; to = lass.mail; }
{ from = "payeer@lassul.us"; to = lass.mail; }
{ from = "github@lassul.us"; to = lass.mail; }
{ from = "bitwala@lassul.us"; to = lass.mail; }
{ from = "bitstamp@lassul.us"; to = lass.mail; }
{ from = "bitcoin.de@lassul.us"; to = lass.mail; }
{ from = "ableton@lassul.us"; to = lass.mail; }
{ from = "dhl@lassul.us"; to = lass.mail; }
{ from = "sipgate@lassul.us"; to = lass.mail; }
{ from = "coinexchange@lassul.us"; to = lass.mail; }
{ from = "verwaltung@lassul.us"; to = lass.mail; }
{ from = "gearbest@lassul.us"; to = lass.mail; }
{ from = "binance@lassul.us"; to = lass.mail; }
{ from = "bitfinex@lassul.us"; to = lass.mail; }
{ from = "alternate@lassul.us"; to = lass.mail; }
{ from = "redacted@lassul.us"; to = lass.mail; }
{ from = "mytaxi@lassul.us"; to = lass.mail; }
{ from = "pizza@lassul.us"; to = lass.mail; }
{ from = "robinhood@lassul.us"; to = lass.mail; }
{ from = "drivenow@lassul.us"; to = lass.mail; }
{ from = "aws@lassul.us"; to = lass.mail; }
{ from = "reddit@lassul.us"; to = lass.mail; }
{ from = "banggood@lassul.us"; to = lass.mail; }
{ from = "immoscout@lassul.us"; to = lass.mail; }
{ from = "gmail@lassul.us"; to = lass.mail; }
{ from = "amazon@lassul.us"; to = lass.mail; }
{ from = "humblebundle@lassul.us"; to = lass.mail; }
{ from = "meetup@lassul.us"; to = lass.mail; }
{ from = "gebfrei@lassul.us"; to = lass.mail; }
{ from = "github@lassul.us"; to = lass.mail; }
{ from = "ovh@lassul.us"; to = lass.mail; }
{ from = "hetzner@lassul.us"; to = lass.mail; }
{ from = "allygator@lassul.us"; to = lass.mail; }
{ from = "immoscout@lassul.us"; to = lass.mail; }
{ from = "elitedangerous@lassul.us"; to = lass.mail; }
{ from = "boardgamegeek@lassul.us"; to = lass.mail; }
{ from = "qwertee@lassul.us"; to = lass.mail; }
{ from = "zazzle@lassul.us"; to = lass.mail; }
{ from = "hackbeach@lassul.us"; to = lass.mail; }
{ from = "transferwise@lassul.us"; to = lass.mail; }
{ from = "cis@lassul.us"; to = lass.mail; }
{ from = "afra@lassul.us"; to = lass.mail; }
{ from = "ksp@lassul.us"; to = lass.mail; }
{ from = "ccc@lassul.us"; to = lass.mail; }
{ from = "neocron@lassul.us"; to = lass.mail; }
{ from = "osmocom@lassul.us"; to = lass.mail; }
{ from = "lesswrong@lassul.us"; to = lass.mail; }
{ from = "nordvpn@lassul.us"; to = lass.mail; }
{ from = "csv-direct@lassul.us"; to = lass.mail; }
{ from = "nintendo@lassul.us"; to = lass.mail; }
{ from = "overleaf@lassul.us"; to = lass.mail; }
{ from = "box@lassul.us"; to = lass.mail; }
{ from = "paloalto@lassul.us"; to = lass.mail; }
{ from = "subtitles@lassul.us"; to = lass.mail; }
{ from = "lobsters@lassul.us"; to = lass.mail; }
{ from = "fysitech@lassul.us"; to = lass.mail; }
{ from = "threema@lassul.us"; to = lass.mail; }
{ from = "ubisoft@lassul.us"; to = lass.mail; }
{ from = "kottezeller@lassul.us"; to = lass.mail; }
{ from = "pie@lassul.us"; to = lass.mail; }
{ from = "vebit@lassul.us"; to = lass.mail; }
{ from = "vcvrack@lassul.us"; to = lass.mail; }
{ from = "epic@lassul.us"; to = lass.mail; }
{ from = "microsoft@lassul.us"; to = lass.mail; }
];
internet-aliases = map (from: { inherit from to; }) mails;
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
{ from = "postmaster"; to = "root"; }

1
lass/2configs/gg23.nix
View file

@ -75,7 +75,6 @@ with import <stockholm/lib>;
in {
enable = true;
package = pkgs.home-assistant.override {
python3 = pkgs.python36;
#extraComponents = [
# (pkgs.fetchgit {
# url = "https://github.com/marcschumacher/dwd_pollen";

4
lass/2configs/mail.nix
View file

@ -14,7 +14,7 @@ let
port 465
tls on
tls_starttls off
tls_fingerprint 8C:10:A6:AB:1F:82:C4:8F:B1:B4:22:D5:8B:8B:49:9B:59:0B:22:A4
tls_fingerprint 9C:82:3B:0F:31:CE:1B:8E:96:00:CC:C9:FF:E7:BE:66:95:92:4F:22:DD:D6:2E:0E:1D:90:76:BE:8E:9E:8E:16
auth on
user lassulus
passwordeval pass show c-base/pass
@ -217,7 +217,7 @@ let
name = "mutt";
paths = [
(pkgs.writeDashBin "mutt" ''
exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} $@
exec ${pkgs.neomutt}/bin/neomutt -F ${muttrc} "$@"
'')
pkgs.neomutt
];

3
lass/2configs/mc.nix
View file

@ -228,6 +228,9 @@ let
shell/i/.divx
Include=video
shell/i/.rmvb
Include=video
shell/i/.mkv
Include=video

4
lass/2configs/paste.nix
View file

@ -10,7 +10,9 @@ with import <stockholm/lib>;
proxy_pass http://localhost:9081;
'';
};
services.nginx.virtualHosts.paste-readonly = {
services.nginx.virtualHosts."p.krebsco.de" = {
enableACME = true;
addSSL = true;
serverAliases = [ "p.krebsco.de" ];
locations."/".extraConfig = ''
if ($request_method != GET) {

1
lass/2configs/steam.nix
View file

@ -11,6 +11,7 @@
#
##TODO: make steam module
nixpkgs.config.steam.java = true;
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
users.users.games.packages = [ pkgs.steam ];

31
lass/2configs/urxvt.nix
View file

@ -5,19 +5,18 @@ with import <stockholm/lib>;
services.urxvtd.enable = true;
krebs.xresources.resources.urxvt = ''
URxvt.saveLines: 100000
URxvt*scrollBar: false
URxvt*urgentOnBell: true
URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
URxvt.saveLines: 10000
URxvt.scrollBar: false
URxvt.urgentOnBell: true
URxvt.perl-ext: default,matcher
${optionalString (hasAttr "browser" config.lass)
"URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select"
}
URxvt.url-launcher: /run/current-system/sw/bin/browser-select
URxvt.matcher.pattern.1: \\bwww\\.[\\w-]+\\.[\\w./?&@#-]*[\\w/-]
URxvt.url-select.underline: true
URxvt.keysym.M-u: perl:url-select:select_next
URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.keysym.M-Escape: perl:keyboard-select:activate
URxvt.keysym.M-s: perl:keyboard-select:search
URxvt.keysym.M-u: matcher:select
URxvt.keysym.M-i: matcher:list
URxvt.keysym.M-F1: command:\033]710;${config.lass.fonts.regular}\007\033]711;${config.lass.fonts.bold}\007
URxvt.keysym.M-F2: command:\033]710;xft:Monospace:size=12\007\033]711;xft:Monospace:size=15:bold\007
@ -25,14 +24,14 @@ with import <stockholm/lib>;
URxvt.keysym.M-F4: command:\033]710;xft:Monospace:size=25\007\033]711;xft:Monospace:size=25:bold\007
URxvt.keysym.M-F5: command:\033]710;xft:Monospace:size=30\007\033]711;xft:Monospace:size=30:bold\007
URxvt.intensityStyles: false
URxvt.intensityStyles: false
URxvt*background: #000000
URxvt*foreground: #ffffff
URxvt*background: #000000
URxvt*foreground: #ffffff
!change unreadable blue
URxvt*color4: #268bd2
URxvt*color4: #268bd2
URxvt*color0: #232342
URxvt*color0: #232342
'';
}

3
lass/2configs/websites/domsen.nix
View file

@ -25,6 +25,7 @@ in {
imports = [
./default.nix
./sqlBackup.nix
(servePage [ "aldonasiech.com" "www.aldonasiech.com" ])
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
(servePage [
"freemonkey.art"
@ -35,7 +36,6 @@ in {
"ubikmedia.de"
"apanowicz.de"
"nirwanabluete.de"
"aldonasiech.com"
"ubikmedia.eu"
"youthtube.xyz"
"joemisch.com"
@ -44,7 +44,6 @@ in {
"www.apanowicz.de"
"www.nirwanabluete.de"
"www.aldonasiech.com"
"www.ubikmedia.eu"
"www.youthtube.xyz"
"www.ubikmedia.de"

8
lass/2configs/websites/lassulus.nix
View file

@ -47,7 +47,8 @@ in {
alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey};
'';
locations."/tinc/".extraConfig = ''
alias ${config.krebs.tinc_graphs.workingDir}/external;
index index.html;
alias ${config.krebs.tinc_graphs.workingDir}/external/;
'';
locations."= /krebspage".extraConfig = ''
default_type "text/html";
@ -60,10 +61,10 @@ in {
in ''
alias ${initscript};
'';
locations."= /pub".extraConfig = ''
locations."= /blue.pub".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
'';
locations."= /pub1".extraConfig = ''
locations."= /mors.pub".extraConfig = ''
alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey};
'';
};
@ -93,6 +94,7 @@ in {
users.users.blog = {
uid = genid_uint31 "blog";
group = "nginx";
description = "lassul.us blog deployment";
home = "/srv/http/lassul.us";
useDefaultShell = true;

1
lass/2configs/xdg-open.nix
View file

@ -62,5 +62,6 @@ in {
security.sudo.extraConfig = ''
cr ALL=(lass) NOPASSWD: ${xdg-open} *
ff ALL=(lass) NOPASSWD: ${xdg-open} *
'';
}

19
lass/2configs/yubikey.nix
View file

@ -2,16 +2,29 @@
{
environment.systemPackages = with pkgs; [
yubikey-personalization
yubikey-manager
];
services.udev.packages = with pkgs; [ yubikey-personalization ];
services.pcscd.enable = true;
systemd.user.sockets.gpg-agent-ssh.wantedBy = [ "sockets.target" ];
##restart pcscd if yubikey is plugged in
#services.udev.extraRules = ''
# ACTION=="add", ATTRS{idVendor}=="04d9", ATTRS{idProduct}=="2013", RUN+="${pkgs.writeDash "restart_pcscd" ''
# ${pkgs.systemd}/bin/systemctl restart pcscd.service
# ''}"
#'';
environment.shellInit = ''
if [ "$UID" -eq 1337 ]; then
if [ "$UID" -eq 1337 ] && [ -z "$SSH_CONNECTION" ]; then
export GPG_TTY="$(tty)"
gpg-connect-agent /bye
gpg-connect-agent --quiet updatestartuptty /bye > /dev/null
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
if [ -z "$SSH_AUTH_SOCK" ]; then
export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
fi
fi
'';
@ -19,7 +32,7 @@
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
# enableSSHSupport = true;
};
};
}

4
lass/5pkgs/fzfmenu/default.nix
View file

@ -37,9 +37,9 @@ pkgs.writeDashBin "fzfmenu" ''
-e ${pkgs.dash}/bin/dash -c \
"echo \"$INPUT\" | ${pkgs.fzf}/bin/fzf \
--history=/dev/null \
--no-sort \
--print-query \
--prompt=\"$PROMPT\" \
> \"$OUTPUT\"" 2>/dev/null
${pkgs.coreutils}/bin/cat "$OUTPUT"
${pkgs.coreutils}/bin/tail -1 "$OUTPUT"
${pkgs.coreutils}/bin/rm "$OUTPUT"
''

49
lass/5pkgs/init/default.nix
View file

@ -1,25 +1,20 @@
{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "pool", luksmap ? "luksmap", keyfile ? "/root/keyfile", ... }:
{ pkgs, lib, vgname ? "vgname", luksmap ? "luksmap", ... }:
with lib;
pkgs.writeText "init" ''
#! /bin/sh
# usage: curl xu/~tv/init | sh
pkgs.writeScript "init" ''
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p jq parted libxfs
set -efu
# TODO nix-env -f '<nixpkgs>' -iA jq # if not exists (also version)
# install at tmp location
disk=$1
case $(cat /proc/cmdline) in
*' root=LABEL=NIXOS_ISO '*) :;;
*) echo Error: unknown operating system >&2; exit 1;;
esac
if mount | grep -q "$disk"; then
echo "target device is already mounted, bailout"
exit 2
fi
keyfile=${keyfile}
disk=${disk}
luksdev=${disk}3
luksdev="$disk"3
luksmap=/dev/mapper/${luksmap}
vgname=${vgname}
@ -29,13 +24,7 @@ pkgs.writeText "init" ''
rootdev=/dev/mapper/${vgname}-root
homedev=/dev/mapper/${vgname}-home
#
#generate keyfile
#
if ! test -e "$keyfile"; then
dd if=/dev/urandom bs=512 count=2048 of=$keyfile
fi
read -p "LUKS Password: " lukspw
#
# partitioning
@ -61,14 +50,13 @@ pkgs.writeText "init" ''
if ! cryptsetup isLuks "$luksdev"; then
# aes xts-plain64
cryptsetup luksFormat "$luksdev" "$keyfile" \
echo -n "$lukspw" | cryptsetup luksFormat "$luksdev" - \
-h sha512 \
--iter-time 5000
fi
if ! test -e "$luksmap"; then
cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" \
--key-file "$keyfile"
echo "$lukspw" | cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" -
fi
# cryptsetup close
@ -95,11 +83,11 @@ pkgs.writeText "init" ''
fi
if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then
mkfs.btrfs "$rootdev"
mkfs.xfs "$rootdev"
fi
if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then
mkfs.btrfs "$homedev"
mkfs.xfs "$homedev"
fi
@ -134,12 +122,5 @@ pkgs.writeText "init" ''
parted "$disk" print
lsblk "$disk"
key='${pubkey}'
if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then
mkdir -p /root/.ssh
echo "$key" > /root/.ssh/authorized_keys
fi
systemctl start sshd
ip route
echo READY.
''

6
lass/krops.nix
View file

@ -10,11 +10,15 @@
(krebs-source { test = test; })
{
nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
nixpkgs-unstable.git = {
url = "https://github.com/nixos/nixpkgs-channels";
ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev;
};
secrets = if test then {
file = toString ./2configs/tests/dummy-secrets;
} else {
pass = {
dir = "${lib.getEnv "HOME"}/.password-store";
dir = "${lib.getEnv "HOME"}/sync/pwstore";
name = "hosts/${name}";
};
};

1
makefu/2configs/homeautomation/default.nix
View file

@ -108,7 +108,6 @@ in {
];
services.home-assistant = {
package = pkgs.home-assistant.override { python3 = pkgs.python36; };
config = {
homeassistant = {
name = "Home"; time_zone = "Europe/Berlin";

10
makefu/2configs/hw/bluetooth.nix
View file

@ -5,6 +5,7 @@
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
extraModules = [ pkgs.pulseaudio-modules-bt ];
# systemWide = true;
support32Bit = true;
configFile = pkgs.writeText "default.pa" ''
@ -23,7 +24,7 @@
load-module module-switch-on-port-available
'';
};
services.blueman.enable = true;
# presumably a2dp Sink
# Enable profile:
## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink
@ -32,10 +33,17 @@
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
extraConfig = ''
[general]
Enable=Source,Sink,Media,Socket
'';
};
services.dbus.packages = [ pkgs.blueman ];
nixpkgs.overlays = [
(self: super: {
blueman = super.blueman.overrideAttrs (oldAttrs: {
buildInputs = oldAttrs.buildInputs ++ [ self.gnome3.adwaita-icon-theme ];
});
})];
}

6
makefu/2configs/hw/network-manager.nix
View file

@ -20,13 +20,17 @@
RestartSec = "5";
};
};
networking.networkmanager.enable = true;
# nixOSUnstable
networking.networkmanager.enable = true;
networking.networkmanager.wifi = {
powersave = true;
scanRandMacAddress = true;
backend = "iwd";
};
services.gnome3.gnome-keyring.enable = true;
networking.wireless.iwd.enable = true;
state = [
"/etc/NetworkManager/system-connections" #NM stateful config files
];

64
makefu/5pkgs/studio-link/default.nix
View file

@ -1,44 +1,13 @@
{ stdenv, fetchurl, buildFHSUserEnv, writeTextFile, alsaLib, atk, cairo, cups
, dbus, expat, fontconfig, freetype, gcc, gdk_pixbuf, glib, gnome2, gtk2, nspr
, nss, pango, systemd, xorg, utillinuxMinimal, unzip, openssl, zlib, libjack2 }:
{ stdenv
, fetchurl
, alsaLib
, unzip
, openssl_1_0_2
, zlib
, libjack2
, autoPatchelfHook
}:
let
libPath = stdenv.lib.makeLibraryPath [
alsaLib
atk
cairo
cups
dbus
expat
fontconfig
freetype
gcc.cc
gdk_pixbuf
glib
gnome2.GConf
gtk2
nspr
nss
pango
openssl
zlib
libjack2
systemd
xorg.libX11
xorg.libXScrnSaver
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXi
xorg.libXrandr
xorg.libXrender
xorg.libXtst
];
in
stdenv.mkDerivation rec {
name = "studio-link-${version}";
version = "17.03.1-beta";
@ -46,19 +15,24 @@ stdenv.mkDerivation rec {
url = "https://github.com/Studio-Link-v2/backend/releases/download/v${version}/studio-link-standalone-linux.zip";
sha256 = "1y21nymin7iy64hcffc8g37fv305b1nvmh944hkf7ipb06kcx6r9";
};
buildInputs = [ unzip ];
phases = ["unpackPhase" "installPhase" "fixupPhase"];
nativeBuildInputs = [ unzip autoPatchelfHook ];
buildInputs = [
alsaLib
openssl_1_0_2
zlib
libjack2
];
unpackPhase = ''
unzip $src
'';
installPhase = ''
mkdir -p $out/bin
cp studio-link-standalone $out/bin/studio-link
chmod +x $out/bin/studio-link
'';
postFixup = ''
patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) --set-rpath "${libPath}:\$ORIGIN" "$out/bin/studio-link"
'';
meta = with stdenv.lib; {
homepage = https://studio-link.com;