Merge remote-tracking branch 'origin/master'
This commit is contained in:
commit
74cab14502
|
@ -95,6 +95,12 @@
|
|||
# Enable the X11 windowing system.
|
||||
services.xserver.videoDrivers = [ "nvidia" ];
|
||||
|
||||
# services.xserver.windowManager.xmonad.enable = true;
|
||||
# services.xserver.windowManager.xmonad.enableContribAndExtras = true;
|
||||
# services.xserver.displayManager.sddm.enable = true;
|
||||
# services.xserver.dpi = 100;
|
||||
# fonts.fontconfig.dpi = 100;
|
||||
|
||||
users.extraUsers.jeschli = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["docker" "vboxusers" "audio"];
|
||||
|
|
|
@ -46,6 +46,7 @@ in {
|
|||
|
||||
dpi = 200;
|
||||
|
||||
videoDrivers = [ "nvidia" ];
|
||||
synaptics = {
|
||||
enable = true;
|
||||
twoFingerScroll = true;
|
||||
|
|
|
@ -44,6 +44,7 @@ import XMonad.Layout.Reflect (reflectVert)
|
|||
import XMonad.Layout.FixedColumn (FixedColumn(..))
|
||||
import XMonad.Hooks.Place (placeHook, smart)
|
||||
import XMonad.Hooks.FloatNext (floatNextHook)
|
||||
import XMonad.Hooks.SetWMName
|
||||
import XMonad.Actions.PerWorkspaceKeys (chooseAction)
|
||||
import XMonad.Layout.PerWorkspace (onWorkspace)
|
||||
--import XMonad.Layout.BinarySpacePartition
|
||||
|
@ -86,7 +87,8 @@ mainNoArgs = do
|
|||
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
|
||||
--, handleEventHook = handleTimerEvent
|
||||
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
|
||||
, startupHook =
|
||||
, startupHook = do
|
||||
setWMName "LG3D"
|
||||
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
|
||||
(\path -> forkFile path [] Nothing)
|
||||
, normalBorderColor = "#1c1c1c"
|
||||
|
@ -217,7 +219,7 @@ myKeys conf = Map.fromList $
|
|||
pagerConfig :: PagerConfig
|
||||
pagerConfig = def
|
||||
{ pc_font = myFont
|
||||
, pc_cellwidth = 64
|
||||
, pc_cellwidth = 256
|
||||
--, pc_cellheight = 36 -- TODO automatically keep screen aspect
|
||||
--, pc_borderwidth = 1
|
||||
--, pc_matchcolor = "#f0b000"
|
||||
|
|
|
@ -1,41 +0,0 @@
|
|||
with import <stockholm/lib>;
|
||||
{ config, pkgs, ... }: let
|
||||
|
||||
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1";
|
||||
|
||||
in {
|
||||
imports = [
|
||||
<stockholm/krebs>
|
||||
<stockholm/krebs/2configs>
|
||||
<stockholm/krebs/2configs/os-templates/CAC-CentOS-7-64bit.nix>
|
||||
|
||||
<stockholm/krebs/2configs/secret-passwords.nix>
|
||||
{
|
||||
users.extraUsers = {
|
||||
satan = {
|
||||
name = "satan";
|
||||
uid = 1338;
|
||||
home = "/home/satan";
|
||||
group = "users";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
initialPassword = "test";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.hope;
|
||||
|
||||
networking = let
|
||||
address = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
in {
|
||||
defaultGateway = bestGuessGateway address;
|
||||
interfaces.enp2s1.ip4 = singleton {
|
||||
inherit address;
|
||||
prefixLength = 24;
|
||||
};
|
||||
nameservers = ["8.8.8.8"];
|
||||
};
|
||||
}
|
|
@ -1,3 +0,0 @@
|
|||
import <stockholm/krebs/source.nix> {
|
||||
name = "hope";
|
||||
}
|
|
@ -21,4 +21,5 @@
|
|||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
|
||||
environment.variables.NIX_REMOTE = "daemon";
|
||||
}
|
||||
|
|
48
krebs/1systems/onebutton/config.nix
Normal file
48
krebs/1systems/onebutton/config.nix
Normal file
|
@ -0,0 +1,48 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
# :l <nixpkgs>
|
||||
# builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; })
|
||||
imports = [
|
||||
<stockholm/krebs>
|
||||
<stockholm/krebs/2configs>
|
||||
{ # flag to rebuild everything yourself:
|
||||
# environment.noXlibs = true;
|
||||
|
||||
# minimal disk usage
|
||||
nix.gc.automatic = true;
|
||||
nix.gc.dates = "03:10";
|
||||
documentation.man.enable = false;
|
||||
documentation.info.enable = false;
|
||||
services.nixosManual.enable = false;
|
||||
services.journald.extraConfig = "SystemMaxUse=50M";
|
||||
}
|
||||
];
|
||||
krebs.build.host = config.krebs.hosts.onebutton;
|
||||
# NixOS wants to enable GRUB by default
|
||||
boot.loader.grub.enable = false;
|
||||
|
||||
# Enables the generation of /boot/extlinux/extlinux.conf
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_rpi;
|
||||
|
||||
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
|
||||
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
|
||||
|
||||
fileSystems = {
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-label/NIXOS_BOOT";
|
||||
fsType = "vfat";
|
||||
};
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [ { device = "/swapfile"; size = 1024; } ];
|
||||
services.openssh.enable = true;
|
||||
|
||||
networking.wireless.enable = true;
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
}
|
16
krebs/1systems/onebutton/source.nix
Normal file
16
krebs/1systems/onebutton/source.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
with import <stockholm/lib>;
|
||||
let
|
||||
pkgs = import <nixpkgs> {};
|
||||
nixpkgs = pkgs.fetchFromGitHub {
|
||||
owner = "nixos";
|
||||
repo = "nixpkgs-channels";
|
||||
rev = "6c064e6b"; # only binary cache for unstable arm6
|
||||
sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd";
|
||||
};
|
||||
in import <stockholm/krebs/source.nix> {
|
||||
name = "onebutton";
|
||||
override.nixpkgs = mkForce {
|
||||
file = toString nixpkgs;
|
||||
};
|
||||
|
||||
}
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
{
|
||||
krebs.newsbot-js.news-spam = {
|
||||
urlShortenerHost = "go.lassul.us";
|
||||
feeds = pkgs.writeText "feeds" ''
|
||||
[SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
|
||||
[SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
|
||||
|
@ -120,7 +121,7 @@
|
|||
[SPAM]sciencemag|http://news.sciencemag.org/rss/current.xml|#snews
|
||||
[SPAM]scmp|http://www.scmp.com/rss/91/feed|#snews
|
||||
[SPAM]sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews
|
||||
[SPAM]shackspace|http://blog.shackspace.de/?feed=rss2|#snews
|
||||
[SPAM]shackspace|http://shackspace.de/atom.xml|#snews
|
||||
[SPAM]shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews
|
||||
[SPAM]sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews
|
||||
[SPAM]sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
painload|https://github.com/krebscode/painload/commits/master.atom|#news
|
||||
reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
|
||||
reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
|
||||
shackspace|http://blog.shackspace.de/?feed=rss2|#news
|
||||
shackspace|http://shackspace.de/atom.xml|#news
|
||||
tinc|http://tinc-vpn.org/news/index.rss|#news
|
||||
vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
|
||||
weechat|http://dev.weechat.org/feed/atom|#news
|
||||
|
|
|
@ -2,8 +2,56 @@
|
|||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
pkg = pkgs.stdenv.mkDerivation {
|
||||
name = "worlddomination-2018-04-21";
|
||||
src = pkgs.fetchgit {
|
||||
url = "https://github.com/shackspace/worlddomination/";
|
||||
rev = "1b32403b9";
|
||||
sha256 = "10x7aiil13k3x9wqy95mi1ys999d6fxg5sys3jwv7a1p930gkl1i";
|
||||
};
|
||||
buildInputs = [
|
||||
(pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
|
||||
docopt
|
||||
LinkHeader
|
||||
aiocoap
|
||||
grequests
|
||||
paramiko
|
||||
python
|
||||
]))
|
||||
];
|
||||
installPhase = ''
|
||||
install -m755 -D backend/push_led.py $out/bin/push-led
|
||||
install -m755 -D backend/loop_single.py $out/bin/loop-single
|
||||
# copy the provided file to the package
|
||||
install -m755 -D backend/wd.lst $out/${wdpath}
|
||||
'';
|
||||
};
|
||||
pythonPackages = pkgs.python3Packages;
|
||||
# https://github.com/chrysn/aiocoap
|
||||
grequests = pythonPackages.buildPythonPackage rec {
|
||||
pname = "grequests";
|
||||
version = "0.3.1";
|
||||
name = "${pname}-${version}";
|
||||
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "kennethreitz";
|
||||
repo = "grequests";
|
||||
rev = "d1e70eb";
|
||||
sha256 = "0drfx4fx65k0g5sj0pw8z3q1s0sp7idn2yz8xfb45nd6v82i37hc";
|
||||
};
|
||||
|
||||
doCheck = false;
|
||||
|
||||
propagatedBuildInputs = with pythonPackages; [ requests gevent ];
|
||||
|
||||
meta = with lib;{
|
||||
description = "Asynchronous HTTP requests";
|
||||
homepage = https://github.com/kennethreitz/grequests;
|
||||
license = with licenses; [ bsd2 ];
|
||||
maintainers = with maintainers; [ matejc ];
|
||||
};
|
||||
};
|
||||
|
||||
aiocoap = pythonPackages.buildPythonPackage {
|
||||
name = "aiocoap-0.3";
|
||||
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; };
|
||||
|
@ -25,32 +73,9 @@ let
|
|||
description = "Parse and format link headers according to RFC 5988 \"Web Linking\"";
|
||||
};
|
||||
};
|
||||
pkg = pkgs.stdenv.mkDerivation {
|
||||
name = "worlddomination-2017-06-10";
|
||||
src = pkgs.fetchgit {
|
||||
url = "https://github.com/shackspace/worlddomination/";
|
||||
rev = "72fc9b5";
|
||||
sha256 = "05h500rswzypcxy4i22qc1vkc8izbzfqa9m86xg289hjxh133xyf";
|
||||
};
|
||||
buildInputs = [
|
||||
(pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
|
||||
docopt
|
||||
LinkHeader
|
||||
aiocoap
|
||||
requests
|
||||
paramiko
|
||||
python
|
||||
]))
|
||||
];
|
||||
installPhase = ''
|
||||
install -m755 -D backend/push_led.py $out/bin/push-led
|
||||
install -m755 -D backend/loop_single.py $out/bin/loop-single
|
||||
# copy the provided file to the package
|
||||
install -m755 -D backend/wd.lst $out/${wdpath}
|
||||
'';
|
||||
};
|
||||
wdpath = "/usr/worlddomination/wd.lst";
|
||||
esphost = "10.42.24.7"; # esp8266
|
||||
afrihost = "10.42.25.201"; # africa
|
||||
timeout = 10; # minutes
|
||||
in {
|
||||
systemd.services.worlddomination = {
|
||||
|
@ -64,4 +89,16 @@ in {
|
|||
PermissionsStartOnly = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.worlddomination-africa = {
|
||||
description = "run worlddomination africa";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
User = "nobody"; # TODO separate user
|
||||
ExecStart = "${pkg}/bin/push-led ${afrihost} ${pkg}/${wdpath} loop ${toString timeout}";
|
||||
Restart = "always";
|
||||
PrivateTmp = true;
|
||||
PermissionsStartOnly = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -30,38 +30,6 @@ let
|
|||
});
|
||||
in {
|
||||
hosts = {
|
||||
hope = {
|
||||
ci = true;
|
||||
owner = config.krebs.users.krebs;
|
||||
nets = {
|
||||
internet = {
|
||||
ip4.addr = "45.62.225.18";
|
||||
aliases = [
|
||||
"hope.i"
|
||||
];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.77.4";
|
||||
ip6.addr = "42:0:0:0:0:0:77:4";
|
||||
aliases = [
|
||||
"hope.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAsQVWCoNZZd77tYw1qEDlUsfcF0ld+jVorq2uR5il1D8sqER644l5
|
||||
uaWxPQjSl27xdq5kvzIH24Ab6/xF2EDgE2fUTwpO5coBYafeiGyi5AwURQmYMp2a
|
||||
2CV7uUAagFQaSzD0Aj796r1BXPn1IeE+uRSBmmc/+/7L0hweRGLiha34NOMZkq+4
|
||||
A0pwI/CjnyRXdV4AqfORHXkelykJPATm+m3bC+KYogPBeNMP2AV2aYgY8a0UJPMK
|
||||
fjAJCzxYJjiYxm8faJlm2U1bWytZODQa8pRZOrYQa4he2UoU6x78CNcrQkYLPOFC
|
||||
K2Q7+B5WJNKV6CqYztXuU/6LTHJRmV0FiwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdLHRI29xJj1jmfSidE2Dh7EsDNszm+WH3Kj4zYBkP/";
|
||||
};
|
||||
hotdog = {
|
||||
ci = true;
|
||||
owner = config.krebs.users.krebs;
|
||||
|
@ -91,6 +59,37 @@ in {
|
|||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp";
|
||||
};
|
||||
onebutton = {
|
||||
cores = 1;
|
||||
owner = config.krebs.users.krebs;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.101";
|
||||
ip6.addr = "42:0:0:0:0:0:0:101";
|
||||
aliases = [
|
||||
"onebutton.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA11w6votRExwE0ZEiQmPa
|
||||
9WGNsMfNAZEd14iHaHCZH7UPQEH+cH/T6isGPpaysindroMnqFe9mUf/cdYChb6N
|
||||
aaFreApwGBQaJPUcdy4cfphrFpzmOClpOFuFbnV7ZvAk/wefBad3kUzsq/lK4HvB
|
||||
7nPKeOB9kljphLrkzuLL/h2yOenMpO2ZdvwxyWN8HKmUNgvpBQjIr+Hka6cgy7Gp
|
||||
pBVFHfSnad/eHeEvq91O/bHxrAxzH5N5DVagPDpkbiWYGl+0XVGP/h0CApr15Ael
|
||||
+j2pJYc0ZlaXIp4KmNRqbd/fLe52JLrWbnFX4rRuY/DhoMqK8kjECEZ7gLiNSpCC
|
||||
KlnlJ2LXX9c+d79ubzl5yLAJ3d6T4IJqkbAWJDuCrj821M9ZDk/qZwerayhrrvkF
|
||||
tMYkQoGSe8MvSOU0rTEoH5iSRwDC7M0XzUe4l8/yZLFyD4Prz/dq6coqANfk/tlE
|
||||
DnH3vDu9lmFvYrLcd6yDWzFfI3mWDJoUa6AKKoScCOaCkRfIM4Aew0i73+h1nJLO
|
||||
59AAbZIkDYyWs53QniIG4EQteI9y/9j/628nPAVj68V5oIN76RDXfFHWDWq4DxmU
|
||||
PpGVmoIKcKZmnl7RrDomRVpuGMdyQ+kCzIGH3XYe12v8Y5beHZBrd3OajgHZ/Tfp
|
||||
jP873cT6h0hsGm9glgOYho8CAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe ";
|
||||
};
|
||||
puyak = {
|
||||
ci = true;
|
||||
owner = config.krebs.users.krebs;
|
||||
|
|
|
@ -9,6 +9,7 @@ with import <stockholm/lib>;
|
|||
hosts = mapAttrs (_: recursiveUpdate {
|
||||
owner = config.krebs.users.lass;
|
||||
ci = true;
|
||||
monitoring = true;
|
||||
}) {
|
||||
dishfire = {
|
||||
cores = 4;
|
||||
|
@ -43,39 +44,6 @@ with import <stockholm/lib>;
|
|||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
|
||||
};
|
||||
echelon = {
|
||||
cores = 2;
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "64.137.242.41";
|
||||
aliases = [
|
||||
"echelon.i"
|
||||
];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.243.206.103";
|
||||
ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f763";
|
||||
aliases = [
|
||||
"echelon.r"
|
||||
"cgit.echelon.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ
|
||||
oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX
|
||||
MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f
|
||||
4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA
|
||||
n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p
|
||||
do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
|
||||
};
|
||||
prism = rec {
|
||||
cores = 4;
|
||||
extraZones = {
|
||||
|
@ -90,7 +58,10 @@ with import <stockholm/lib>;
|
|||
60 IN NS dns16.ovh.net.
|
||||
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
60 IN TXT v=spf1 mx a:lassul.us -all
|
||||
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
|
||||
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
|
||||
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
io 60 IN NS ions.lassul.us.
|
||||
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
|
@ -149,6 +120,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
domsen-nas = {
|
||||
ci = false;
|
||||
monitoring = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
internet = {
|
||||
|
@ -161,6 +133,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
uriel = {
|
||||
monitoring = false;
|
||||
cores = 1;
|
||||
nets = {
|
||||
gg23 = {
|
||||
|
@ -399,10 +372,12 @@ with import <stockholm/lib>;
|
|||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
|
||||
};
|
||||
iso = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
cores = 1;
|
||||
};
|
||||
sokrateslaptop = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = {
|
||||
|
@ -426,6 +401,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
turingmachine = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = {
|
||||
|
@ -454,6 +430,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
eddie = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
|
@ -494,6 +471,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
borg = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = {
|
||||
|
@ -521,6 +499,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
inspector = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
|
@ -552,6 +531,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
dpdkm = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
|
@ -659,6 +639,37 @@ with import <stockholm/lib>;
|
|||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
|
||||
};
|
||||
red = {
|
||||
monitoring = false;
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.13";
|
||||
ip6.addr = "42:0:0:0:0:0:0:12ed";
|
||||
aliases = [
|
||||
"red.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG
|
||||
4/cqsjvHlffAN8jYDq+GImgREvbiLlFhhHgxwKh0gcDTR8P1xX/00P3/fx/g5bRF
|
||||
Te7LZT2AFmVFFFfx1n9NBweN/gG2/hzB9J8epbWLNT+RzpzHuAoREvDZ+jweSXaI
|
||||
phdmQY2s36yrR3TAShqq0q4cwlXuHT00J+InDutM0mTftBQG/fvYkBhHOfq4WSY0
|
||||
FeMK7DTKNbsqQiKKQ/kvWi7KfTW0F0c7SDpi7BLwbQzP2WbogtGy9MIrw9ZhE6Ox
|
||||
TVdAksPKw0TlYdb16X/MkbzBqTYbxFlmWzpMJABMxIVwAfQx3ZGYvJDdDXmQS2qa
|
||||
mDN2xBb/5pj3fbfp4wbwWlRVSd/AJQtRvaNY24F+UsRJb0WinIguDI6oRZx7Xt8w
|
||||
oYirKqqq1leb3EYUt8TMIXQsOw0/Iq+JJCwB+ZyLLGVNB19XOxdR3RN1JYeZANpE
|
||||
cMSS3SdFGgZ//ZAdhIN5kw9yMeKo6Rnt+Vdz3vZWTuSVp/xYO3IMGXNGAdIWIwrJ
|
||||
7fwSl/rfXGG816h0sD46U0mxd+i68YOtHlzOKe+vMZ4/FJZYd/E5/IDQluV8HLwa
|
||||
5lODfZXUmfStdV+GDA9KVEGUP5xSkC3rMnir66NgHzKpIL002/g/HfGu7O3MrvpW
|
||||
ng7AMvRv5vbsYcJBj2HUhKUCAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
|
||||
};
|
||||
};
|
||||
users = {
|
||||
lass = {
|
||||
|
|
|
@ -539,6 +539,7 @@ with import <stockholm/lib>;
|
|||
dl.euer IN A ${nets.internet.ip4.addr}
|
||||
boot.euer IN A ${nets.internet.ip4.addr}
|
||||
wiki.euer IN A ${nets.internet.ip4.addr}
|
||||
mon.euer IN A ${nets.internet.ip4.addr}
|
||||
graph IN A ${nets.internet.ip4.addr}
|
||||
ghook IN A ${nets.internet.ip4.addr}
|
||||
dockerhub IN A ${nets.internet.ip4.addr}
|
||||
|
|
|
@ -93,6 +93,7 @@ let
|
|||
User = "newsbot-js";
|
||||
Restart = "always";
|
||||
ExecStart = "${newsbot.package}/bin/newsbot";
|
||||
WatchdogSec = "86400";
|
||||
};
|
||||
}
|
||||
) cfg;
|
||||
|
|
|
@ -120,11 +120,24 @@ rec {
|
|||
url-title = (buildSimpleReaktorPlugin "url-title" {
|
||||
pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$";
|
||||
path = with pkgs; [ curl perl ];
|
||||
script = pkgs.writeDash "lambda-pl" ''
|
||||
if [ "$#" -gt 0 ]; then
|
||||
curl -SsL --max-time 5 "$1" |
|
||||
perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si'
|
||||
fi
|
||||
script = pkgs.writePython3 [ "beautifulsoup4" "lxml" ] "url-title" ''
|
||||
import sys
|
||||
import urllib.request
|
||||
from bs4 import BeautifulSoup
|
||||
|
||||
try:
|
||||
soup = BeautifulSoup(urllib.request.urlopen(sys.argv[1]), "lxml")
|
||||
title = soup.find('title').string
|
||||
|
||||
if title:
|
||||
if len(title) > 512:
|
||||
print('message to long, skipped')
|
||||
elif len(title.split('\n')) > 5:
|
||||
print('to many lines, skipped')
|
||||
else:
|
||||
print(title)
|
||||
except: # noqa: E722
|
||||
pass
|
||||
'';
|
||||
});
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{ stdenv, writeScriptBin, lib, fetchurl, git, cacert
|
||||
, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps
|
||||
, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd
|
||||
, flock
|
||||
, withMysql ? false
|
||||
, withPgsql ? false
|
||||
, withSqlite ? false, sqlite
|
||||
|
@ -23,17 +24,17 @@ let
|
|||
ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ];
|
||||
|
||||
in stdenv.mkDerivation rec {
|
||||
version = "17.07";
|
||||
version = "18.01";
|
||||
name = "ejabberd-${version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz";
|
||||
sha256 = "1p8ppp2czjgnq8xnhyksd82npvvx99fwr0g3rrq1wvnwh2vgb8km";
|
||||
sha256 = "01i2n8mlgw293jdf4172f9q8ca8m35vysjws791p7nynpfdb4cn6";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ fakegit ];
|
||||
|
||||
buildInputs = [ erlang openssl expat libyaml ]
|
||||
buildInputs = [ erlang openssl expat libyaml gd ]
|
||||
++ lib.optional withSqlite sqlite
|
||||
++ lib.optional withPam pam
|
||||
++ lib.optional withZlib zlib
|
||||
|
@ -50,7 +51,7 @@ in stdenv.mkDerivation rec {
|
|||
|
||||
configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ];
|
||||
|
||||
buildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ];
|
||||
nativeBuildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ];
|
||||
|
||||
GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
|
@ -74,7 +75,7 @@ in stdenv.mkDerivation rec {
|
|||
|
||||
outputHashMode = "recursive";
|
||||
outputHashAlgo = "sha256";
|
||||
outputHash = "1q9yzccn4zf5i4hibq1r0i34q4986a93ph4792l1ph07aiisc8p7";
|
||||
outputHash = "1v3h0c7kfifb6wsfxyv5j1wc7rlxbb7r0pgd4s340wiyxnllzzhk";
|
||||
};
|
||||
|
||||
configureFlags =
|
||||
|
@ -92,6 +93,10 @@ in stdenv.mkDerivation rec {
|
|||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
patches = [
|
||||
./ejabberdctl.patch
|
||||
];
|
||||
|
||||
preBuild = ''
|
||||
cp -r $deps deps
|
||||
chmod -R +w deps
|
||||
|
@ -101,18 +106,18 @@ in stdenv.mkDerivation rec {
|
|||
postInstall = ''
|
||||
sed -i \
|
||||
-e '2iexport PATH=${ctlpath}:$PATH' \
|
||||
-e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \
|
||||
-e 's,\(^ *FLOCK=\).*,\1${flock}/bin/flock,' \
|
||||
-e 's,\(^ *JOT=\).*,\1,' \
|
||||
-e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \
|
||||
$out/sbin/ejabberdctl
|
||||
'';
|
||||
|
||||
meta = {
|
||||
meta = with stdenv.lib; {
|
||||
description = "Open-source XMPP application server written in Erlang";
|
||||
license = lib.licenses.gpl2;
|
||||
license = licenses.gpl2;
|
||||
homepage = http://www.ejabberd.im;
|
||||
platforms = lib.platforms.linux;
|
||||
maintainers = [ lib.maintainers.sander lib.maintainers.abbradar ];
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ sander abbradar ];
|
||||
broken = withElixir;
|
||||
};
|
||||
}
|
||||
|
|
32
krebs/5pkgs/simple/ejabberd/ejabberdctl.patch
Normal file
32
krebs/5pkgs/simple/ejabberd/ejabberdctl.patch
Normal file
|
@ -0,0 +1,32 @@
|
|||
--- a/ejabberdctl.template 1970-01-01 01:00:01.000000000 +0100
|
||||
+++ b/ejabberdctl.template 2018-04-24 23:06:54.127715441 +0200
|
||||
@@ -42,19 +42,18 @@
|
||||
esac
|
||||
|
||||
# parse command line parameters
|
||||
-for arg; do
|
||||
- case $arg in
|
||||
- -n|--node) ERLANG_NODE_ARG=$2; shift;;
|
||||
- -s|--spool) SPOOL_DIR=$2; shift;;
|
||||
- -l|--logs) LOGS_DIR=$2; shift;;
|
||||
- -f|--config) EJABBERD_CONFIG_PATH=$2; shift;;
|
||||
- -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift;;
|
||||
- -d|--config-dir) ETC_DIR=$2; shift;;
|
||||
- -t|--no-timeout) NO_TIMEOUT="--no-timeout";;
|
||||
- --) :;;
|
||||
+while test $# -gt 0; do
|
||||
+ case $1 in
|
||||
+ -n|--node) ERLANG_NODE_ARG=$2; shift 2;;
|
||||
+ -s|--spool) SPOOL_DIR=$2; shift 2;;
|
||||
+ -l|--logs) LOGS_DIR=$2; shift 2;;
|
||||
+ -f|--config) EJABBERD_CONFIG_PATH=$2; shift 2;;
|
||||
+ -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift 2;;
|
||||
+ -d|--config-dir) ETC_DIR=$2; shift 2;;
|
||||
+ -t|--no-timeout) NO_TIMEOUT="--no-timeout"; shift 1;;
|
||||
+ # --) :;; what is this for?
|
||||
*) break;;
|
||||
esac
|
||||
- shift
|
||||
done
|
||||
|
||||
# define ejabberd variables if not already defined from the command line
|
46
krebs/5pkgs/simple/generate-secrets/default.nix
Normal file
46
krebs/5pkgs/simple/generate-secrets/default.nix
Normal file
|
@ -0,0 +1,46 @@
|
|||
{ pkgs }:
|
||||
pkgs.writeDashBin "generate-secrets" ''
|
||||
HOSTNAME="$1"
|
||||
TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
|
||||
PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1)
|
||||
HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null
|
||||
|
||||
${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
|
||||
${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
|
||||
${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
|
||||
cat <<EOF > $TMPDIR/hashedPasswords.nix
|
||||
{
|
||||
root = "$HASHED_PASSWORD";
|
||||
}
|
||||
EOF
|
||||
|
||||
cd $TMPDIR
|
||||
for x in *; do
|
||||
${pkgs.coreutils}/bin/cat $x | ${pkgs.brain}/bin/brain insert -m krebs-secrets/$HOSTNAME/$x > /dev/null
|
||||
done
|
||||
echo $PASSWORD | ${pkgs.brain}/bin/brain insert -m hosts/$HOSTNAME/root > /dev/null
|
||||
|
||||
cat <<EOF
|
||||
$HOSTNAME = {
|
||||
cores = 1;
|
||||
owner = config.krebs.users.krebs;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.changeme";
|
||||
ip6.addr = "42:0:0:0:0:0:0:changeme";
|
||||
aliases = [
|
||||
"$HOSTNAME.r"
|
||||
];
|
||||
tinc.pubkey = ${"''"}
|
||||
$(cat $TMPDIR/retiolum.rsa_key.pub)
|
||||
${"''"};
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)";
|
||||
};
|
||||
EOF
|
||||
|
||||
rm -rf $TMPDIR
|
||||
''
|
||||
|
|
@ -2,6 +2,6 @@
|
|||
|
||||
fetchgit {
|
||||
url = https://cgit.krebsco.de/kops;
|
||||
rev = "refs/tags/v1.0.0";
|
||||
sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb";
|
||||
rev = "refs/tags/v1.1.0";
|
||||
sha256 = "0k3zhv2830z4bljcdvf6ciwjihk2zzcn9y23p49c6sba5hbsd6jb";
|
||||
}
|
||||
|
|
|
@ -1,36 +0,0 @@
|
|||
{ writeDashBin }:
|
||||
|
||||
writeDashBin "pssh" ''
|
||||
set -efu
|
||||
case ''${1-} in
|
||||
|
||||
# TODO create plog with -o json | jq ... | map date
|
||||
|
||||
# usage: pssh {-j,--journal} host...
|
||||
# Follow journal at each host.
|
||||
-j|--journal)
|
||||
shift
|
||||
"$0" journalctl -n0 -ocat --follow --all ::: "$@" \
|
||||
| while read line; do
|
||||
printf '%s %s\n' "$(date --rfc-3339=s)" "$line"
|
||||
done
|
||||
;;
|
||||
|
||||
-*)
|
||||
echo $0: unknown option: $1 >&2
|
||||
exit 1
|
||||
;;
|
||||
|
||||
# usage: pssh command [arg...] ::: host...
|
||||
# Run command at each host.
|
||||
*)
|
||||
exec parallel \
|
||||
--line-buffer \
|
||||
-j0 \
|
||||
--no-notice \
|
||||
--tagstring {} \
|
||||
ssh -T {} "$@"
|
||||
;;
|
||||
|
||||
esac
|
||||
''
|
|
@ -1,15 +0,0 @@
|
|||
diff --git a/hier.c b/hier.c
|
||||
index 5663ada..1d73b84 100644
|
||||
--- a/hier.c
|
||||
+++ b/hier.c
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
void hier()
|
||||
{
|
||||
- h(auto_home,-1,-1,02755);
|
||||
- d(auto_home,"bin",-1,-1,02755);
|
||||
+ h(auto_home,-1,-1,0755);
|
||||
+ d(auto_home,"bin",-1,-1,0755);
|
||||
|
||||
c(auto_home,"bin","tcpserver",-1,-1,0755);
|
||||
c(auto_home,"bin","tcprules",-1,-1,0755);
|
|
@ -1,86 +0,0 @@
|
|||
{ stdenv, fetchurl }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "ucspi-tcp-0.88";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://cr.yp.to/ucspi-tcp/${name}.tar.gz";
|
||||
sha256 = "171yl9kfm8w7l17dfxild99mbf877a9k5zg8yysgb1j8nz51a1ja";
|
||||
};
|
||||
|
||||
# Plain upstream tarball doesn't build, get patches from Debian
|
||||
patches = [
|
||||
(fetchurl {
|
||||
url = "http://ftp.de.debian.org/debian/pool/main/u/ucspi-tcp/ucspi-tcp_0.88-3.diff.gz";
|
||||
sha256 = "0mzmhz8hjkrs0khmkzs5i0s1kgmgaqz07h493bd5jj5fm5njxln6";
|
||||
})
|
||||
./chmod.patch
|
||||
];
|
||||
|
||||
# Apply Debian patches
|
||||
postPatch = ''
|
||||
for fname in debian/diff/*.diff; do
|
||||
echo "Applying patch $fname"
|
||||
patch < "$fname"
|
||||
done
|
||||
'';
|
||||
|
||||
# The build system is weird; 'make install' doesn't install anything, instead
|
||||
# it builds an executable called ./install (from C code) which installs
|
||||
# binaries to the directory given on line 1 in ./conf-home.
|
||||
#
|
||||
# Also, assume getgroups and setgroups work, instead of doing a build time
|
||||
# test that breaks on NixOS (I think because nixbld users lack CAP_SETGID
|
||||
# capability).
|
||||
preBuild = ''
|
||||
echo "$out" > conf-home
|
||||
|
||||
echo "main() { return 0; }" > chkshsgr.c
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p "$out/bin"
|
||||
mkdir -p "$out/share/man/man1"
|
||||
|
||||
# run the newly built installer
|
||||
./install
|
||||
|
||||
# Install Debian man pages (upstream has none)
|
||||
cp debian/ucspi-tcp-man/*.1 "$out/share/man/man1"
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Command-line tools for building TCP client-server applications";
|
||||
longDescription = ''
|
||||
tcpserver waits for incoming connections and, for each connection, runs a
|
||||
program of your choice. Your program receives environment variables
|
||||
showing the local and remote host names, IP addresses, and port numbers.
|
||||
|
||||
tcpserver offers a concurrency limit to protect you from running out of
|
||||
processes and memory. When you are handling 40 (by default) simultaneous
|
||||
connections, tcpserver smoothly defers acceptance of new connections.
|
||||
|
||||
tcpserver also provides TCP access control features, similar to
|
||||
tcp-wrappers/tcpd's hosts.allow but much faster. Its access control rules
|
||||
are compiled into a hashed format with cdb, so it can easily deal with
|
||||
thousands of different hosts.
|
||||
|
||||
This package includes a recordio tool that monitors all the input and
|
||||
output of a server.
|
||||
|
||||
tcpclient makes a TCP connection and runs a program of your choice. It
|
||||
sets up the same environment variables as tcpserver.
|
||||
|
||||
This package includes several sample clients built on top of tcpclient:
|
||||
who@, date@, finger@, http@, tcpcat, and mconnect.
|
||||
|
||||
tcpserver and tcpclient conform to UCSPI, the UNIX Client-Server Program
|
||||
Interface, using the TCP protocol. UCSPI tools are available for several
|
||||
different networks.
|
||||
'';
|
||||
homepage = http://cr.yp.to/ucspi-tcp.html;
|
||||
license = licenses.publicDomain;
|
||||
platforms = platforms.linux;
|
||||
maintainers = [ maintainers.bjornfor ];
|
||||
};
|
||||
}
|
|
@ -1,29 +0,0 @@
|
|||
{ stdenv, fetchFromGitHub, python3Packages }:
|
||||
|
||||
python3Packages.buildPythonApplication rec {
|
||||
name = "urlwatch-${version}";
|
||||
version = "2.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "thp";
|
||||
repo = "urlwatch";
|
||||
rev = version;
|
||||
sha256 = "1nja7n6pc45azd3l1xyvav89855lvcgwabrvf34rps81dbl8cnl4";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = with python3Packages; [
|
||||
appdirs
|
||||
keyring
|
||||
minidb
|
||||
pycodestyle
|
||||
pyyaml
|
||||
requests
|
||||
];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A tool for monitoring webpages for updates";
|
||||
homepage = https://thp.io/2008/urlwatch/;
|
||||
license = licenses.bsd3;
|
||||
maintainers = with maintainers; [ tv ];
|
||||
};
|
||||
}
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
krebs-source = {
|
||||
nixpkgs.git = {
|
||||
ref = "4b4bbce199d3b3a8001ee93495604289b01aaad3";
|
||||
ref = "b50443b5c4ac0f382c49352a892b9d5d970eb4e7";
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
};
|
||||
stockholm.file = toString ../.;
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
<stockholm/lass/2configs/browsers.nix>
|
||||
<stockholm/lass/2configs/programs.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
<stockholm/lass/2configs/games.nix>
|
||||
<stockholm/lass/2configs/bitcoin.nix>
|
||||
<stockholm/lass/2configs/AP.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.cabal;
|
||||
|
|
|
@ -8,9 +8,9 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/boot/coreboot.nix>
|
||||
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
<stockholm/lass/2configs/games.nix>
|
||||
<stockholm/lass/2configs/steam.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
{
|
||||
# bubsy config
|
||||
users.users.bubsy = {
|
||||
|
|
|
@ -1,50 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (import <stockholm/lass/4lib> { inherit pkgs lib; }) getDefaultGateway;
|
||||
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
in {
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix>
|
||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
||||
<stockholm/lass/2configs/git.nix>
|
||||
{
|
||||
networking.interfaces.enp2s1.ip4 = [
|
||||
{
|
||||
address = ip;
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
networking.defaultGateway = getDefaultGateway ip;
|
||||
networking.nameservers = [
|
||||
"8.8.8.8"
|
||||
];
|
||||
|
||||
}
|
||||
{
|
||||
sound.enable = false;
|
||||
}
|
||||
{
|
||||
users.extraUsers = {
|
||||
satan = {
|
||||
name = "satan";
|
||||
uid = 1338;
|
||||
home = "/home/satan";
|
||||
group = "users";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
extraGroups = [
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.echelon;
|
||||
}
|
|
@ -17,6 +17,7 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/dcso-dev.nix>
|
||||
<stockholm/lass/2configs/steam.nix>
|
||||
<stockholm/lass/2configs/rtl-sdr.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
{ # automatic hardware detection
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
|
@ -137,35 +138,14 @@ with import <stockholm/lib>;
|
|||
networking.hostName = lib.mkForce "BLN02NB0162";
|
||||
|
||||
security.pki.certificateFiles = [
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })
|
||||
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
|
||||
(pkgs.writeText "minio.cert" ''
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS
|
||||
MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1
|
||||
OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
|
||||
AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL
|
||||
8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV
|
||||
YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C
|
||||
ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM
|
||||
CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw
|
||||
hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk
|
||||
MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw
|
||||
I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB
|
||||
CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30
|
||||
hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox
|
||||
jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY
|
||||
EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM
|
||||
zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a
|
||||
qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa
|
||||
-----END CERTIFICATE-----
|
||||
'')
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })
|
||||
];
|
||||
|
||||
programs.adb.enable = true;
|
||||
|
|
|
@ -14,9 +14,9 @@
|
|||
<stockholm/lass/2configs/browsers.nix>
|
||||
<stockholm/lass/2configs/programs.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
<stockholm/lass/2configs/games.nix>
|
||||
<stockholm/lass/2configs/bitcoin.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.icarus;
|
||||
|
|
|
@ -8,7 +8,7 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
||||
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
<stockholm/lass/2configs/steam.nix>
|
||||
{
|
||||
users.users.blacky = {
|
||||
|
|
|
@ -33,6 +33,7 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/ableton.nix>
|
||||
<stockholm/lass/2configs/dunst.nix>
|
||||
<stockholm/lass/2configs/rtl-sdr.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
{
|
||||
#risk of rain port
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
|
@ -140,7 +141,18 @@ with import <stockholm/lib>;
|
|||
dpass
|
||||
|
||||
dnsutils
|
||||
woeusb
|
||||
l-gen-secrets
|
||||
generate-secrets
|
||||
(pkgs.writeDashBin "btc-coinbase" ''
|
||||
${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount'
|
||||
'')
|
||||
(pkgs.writeDashBin "btc-wex" ''
|
||||
${pkgs.curl}/bin/curl -Ss 'https://wex.nz/api/3/ticker/btc_eur' | ${pkgs.jq}/bin/jq '.btc_eur.avg'
|
||||
'')
|
||||
(pkgs.writeDashBin "btc-kraken" ''
|
||||
${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]'
|
||||
'')
|
||||
];
|
||||
|
||||
#TODO: fix this shit
|
||||
|
@ -177,4 +189,38 @@ with import <stockholm/lib>;
|
|||
programs.adb.enable = true;
|
||||
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
|
||||
virtualisation.docker.enable = true;
|
||||
services.redshift = {
|
||||
enable = true;
|
||||
provider = "geoclue2";
|
||||
};
|
||||
|
||||
lass.restic = genAttrs [
|
||||
"daedalus"
|
||||
"icarus"
|
||||
"littleT"
|
||||
"prism"
|
||||
"shodan"
|
||||
"skynet"
|
||||
] (dest: {
|
||||
dirs = [
|
||||
"/home/lass/src"
|
||||
"/home/lass/work"
|
||||
"/home/lass/.gnupg"
|
||||
"/home/lass/Maildir"
|
||||
"/home/lass/stockholm"
|
||||
"/home/lass/.password-store"
|
||||
"/home/bitcoin"
|
||||
"/home/bch"
|
||||
];
|
||||
passwordFile = (toString <secrets>) + "/restic/${dest}";
|
||||
repo = "sftp:backup@${dest}.r:/backups/mors";
|
||||
#sshPrivateKey = config.krebs.build.host.ssh.privkey.path;
|
||||
extraArguments = [
|
||||
"sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
|
||||
];
|
||||
timerConfig = {
|
||||
OnCalendar = "00:05";
|
||||
RandomizedDelaySec = "5h";
|
||||
};
|
||||
});
|
||||
}
|
||||
|
|
|
@ -8,11 +8,15 @@ in {
|
|||
imports = [
|
||||
<stockholm/lass>
|
||||
{
|
||||
networking.interfaces.et0.ip4 = [
|
||||
networking.interfaces.et0.ipv4.addresses = [
|
||||
{
|
||||
address = ip;
|
||||
prefixLength = 27;
|
||||
}
|
||||
{
|
||||
address = "46.4.114.243";
|
||||
prefixLength = 27;
|
||||
}
|
||||
];
|
||||
networking.defaultGateway = "46.4.114.225";
|
||||
networking.nameservers = [
|
||||
|
@ -100,6 +104,7 @@ in {
|
|||
];
|
||||
}
|
||||
{ # TODO make new hfos.nix out of this vv
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
users.users.riot = {
|
||||
uid = genid "riot";
|
||||
isNormalUser = true;
|
||||
|
@ -110,29 +115,13 @@ in {
|
|||
};
|
||||
|
||||
# TODO write function for proxy_pass (ssl/nonssl)
|
||||
services.nginx.virtualHosts."hackerfleet.de" = {
|
||||
serverAliases = [
|
||||
"*.hackerfleet.de"
|
||||
|
||||
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; }
|
||||
];
|
||||
locations."/".extraConfig = ''
|
||||
proxy_pass http://192.168.122.92:80;
|
||||
'';
|
||||
};
|
||||
services.nginx.virtualHosts."hackerfleet.de-s" = {
|
||||
serverName = "hackerfleet.de";
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 443;
|
||||
}
|
||||
krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||
{ v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; }
|
||||
];
|
||||
serverAliases = [
|
||||
"*.hackerfleet.de"
|
||||
];
|
||||
locations."/".extraConfig = ''
|
||||
proxy_pass http://192.168.122.92:443;
|
||||
'';
|
||||
};
|
||||
}
|
||||
{
|
||||
users.users.tv = {
|
||||
|
@ -201,26 +190,6 @@ in {
|
|||
localAddress = "10.233.2.2";
|
||||
};
|
||||
}
|
||||
{
|
||||
#kaepsele
|
||||
systemd.services."container@kaepsele".reloadIfChanged = mkForce false;
|
||||
containers.kaepsele = {
|
||||
config = { ... }: {
|
||||
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||
lass.pubkey
|
||||
tv.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = true;
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.3";
|
||||
localAddress = "10.233.2.4";
|
||||
};
|
||||
}
|
||||
{
|
||||
#onondaga
|
||||
systemd.services."container@onondaga".reloadIfChanged = mkForce false;
|
||||
|
@ -249,13 +218,12 @@ in {
|
|||
<stockholm/lass/2configs/repo-sync.nix>
|
||||
<stockholm/lass/2configs/binary-cache/server.nix>
|
||||
<stockholm/lass/2configs/iodined.nix>
|
||||
<stockholm/lass/2configs/monitoring/server.nix>
|
||||
<stockholm/lass/2configs/monitoring/monit-alarms.nix>
|
||||
<stockholm/lass/2configs/paste.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
<stockholm/lass/2configs/reaktor-coders.nix>
|
||||
<stockholm/lass/2configs/ciko.nix>
|
||||
<stockholm/lass/2configs/container-networking.nix>
|
||||
<stockholm/lass/2configs/monitoring/prometheus-server.nix>
|
||||
{ # quasi bepasty.nix
|
||||
imports = [
|
||||
<stockholm/lass/2configs/bepasty.nix>
|
||||
|
@ -336,6 +304,60 @@ in {
|
|||
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
<stockholm/lass/2configs/go.nix>
|
||||
{
|
||||
environment.systemPackages = [ pkgs.cryptsetup ];
|
||||
systemd.services."container@red".reloadIfChanged = mkForce false;
|
||||
containers.red = {
|
||||
config = { ... }: {
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = false;
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.3";
|
||||
localAddress = "10.233.2.4";
|
||||
};
|
||||
services.nginx.virtualHosts."rote-allez-fraktion.de" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
proxy_set_header Host rote-allez-fraktion.de;
|
||||
proxy_pass http://10.233.2.4;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [ <stockholm/lass/2configs/backup.nix> ];
|
||||
lass.restic = genAttrs [
|
||||
"daedalus"
|
||||
"icarus"
|
||||
"littleT"
|
||||
"mors"
|
||||
"shodan"
|
||||
"skynet"
|
||||
] (dest: {
|
||||
dirs = [
|
||||
"/home/chat/.weechat"
|
||||
"/bku/sql_dumps"
|
||||
];
|
||||
passwordFile = (toString <secrets>) + "/restic/${dest}";
|
||||
repo = "sftp:backup@${dest}.r:/backups/prism";
|
||||
extraArguments = [
|
||||
"sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
|
||||
];
|
||||
timerConfig = {
|
||||
OnCalendar = "00:05";
|
||||
RandomizedDelaySec = "5h";
|
||||
};
|
||||
});
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.prism;
|
||||
|
|
31
lass/1systems/red/config.nix
Normal file
31
lass/1systems/red/config.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
with import <stockholm/lib>;
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
|
||||
servephpBB
|
||||
;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/websites>
|
||||
<stockholm/lass/2configs/websites/sqlBackup.nix>
|
||||
(servephpBB [ "rote-allez-fraktion.de" ])
|
||||
];
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.red;
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
|
||||
services.nginx.enable = true;
|
||||
environment.variables.NIX_REMOTE = "daemon";
|
||||
environment.systemPackages = [
|
||||
pkgs.mk_sql_pair
|
||||
];
|
||||
}
|
|
@ -1,3 +1,4 @@
|
|||
import <stockholm/lass/source.nix> {
|
||||
name = "echelon";
|
||||
name = "red";
|
||||
secure = true;
|
||||
}
|
|
@ -15,9 +15,9 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/browsers.nix>
|
||||
<stockholm/lass/2configs/programs.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
<stockholm/lass/2configs/wine.nix>
|
||||
<stockholm/lass/2configs/bitcoin.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.shodan;
|
||||
|
|
|
@ -9,7 +9,6 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/retiolum.nix>
|
||||
#<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
{
|
||||
# discordius config
|
||||
services.xserver.enable = true;
|
||||
|
|
|
@ -2,10 +2,4 @@ with import <stockholm/lib>;
|
|||
import <stockholm/lass/source.nix> {
|
||||
name = "xerxes";
|
||||
secure = true;
|
||||
override = {
|
||||
nixpkgs.git = mkForce {
|
||||
url = https://github.com/lassulus/nixpkgs;
|
||||
ref = "3eccd0b";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
77
lass/2configs/AP.nix
Normal file
77
lass/2configs/AP.nix
Normal file
|
@ -0,0 +1,77 @@
|
|||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
wifi = "wlp0s29u1u2";
|
||||
in {
|
||||
boot.extraModulePackages = [
|
||||
pkgs.linuxPackages.rtl8814au
|
||||
];
|
||||
networking.networkmanager.unmanaged = [ wifi ];
|
||||
|
||||
systemd.services.hostapd = {
|
||||
description = "hostapd wireless AP";
|
||||
path = [ pkgs.hostapd ];
|
||||
wantedBy = [ "network.target" ];
|
||||
|
||||
after = [ "${wifi}-cfg.service" "nat.service" "bind.service" "dhcpd.service" "sys-subsystem-net-devices-${wifi}.device" ];
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.hostapd}/bin/hostapd ${pkgs.writeText "hostapd.conf" ''
|
||||
interface=${wifi}
|
||||
hw_mode=a
|
||||
channel=36
|
||||
ieee80211d=1
|
||||
country_code=DE
|
||||
ieee80211n=1
|
||||
ieee80211ac=1
|
||||
wmm_enabled=1
|
||||
|
||||
# 5ghz
|
||||
ssid=krebsing
|
||||
auth_algs=1
|
||||
wpa=2
|
||||
wpa_key_mgmt=WPA-PSK
|
||||
rsn_pairwise=CCMP
|
||||
wpa_passphrase=aidsballz
|
||||
''}";
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
|
||||
networking.interfaces.${wifi}.ipv4.addresses = [
|
||||
{ address = "10.99.0.1"; prefixLength = 24; }
|
||||
];
|
||||
services.dhcpd4 = {
|
||||
enable = true;
|
||||
interfaces = [ wifi ];
|
||||
extraConfig = ''
|
||||
option subnet-mask 255.255.255.0;
|
||||
option routers 10.99.0.1;
|
||||
option domain-name-servers 1.1.1.1, 8.8.8.8;
|
||||
subnet 10.99.0.0 netmask 255.255.255.0 {
|
||||
range 10.99.0.100 10.99.0.200;
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||
{ v6 = false; predicate = "-d 10.99.0.0/24 -o ${wifi} -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 -i ${wifi}"; target = "ACCEPT"; }
|
||||
{ v6 = false; predicate = "-i ${wifi} -o ${wifi}"; target = "ACCEPT"; }
|
||||
{ v6 = false; predicate = "-o ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
||||
{ v6 = false; predicate = "-i ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
||||
];
|
||||
krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24"; target = "ACCEPT"; precedence = 1000; }
|
||||
];
|
||||
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
||||
#TODO find out what this is about?
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 -d 255.255.255.255"; target = "RETURN"; }
|
||||
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24"; target = "MASQUERADE"; }
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24 -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24 -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
|
||||
];
|
||||
}
|
20
lass/2configs/backup.nix
Normal file
20
lass/2configs/backup.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{ config, lib, ... }:
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
fileSystems = {
|
||||
"/backups" = {
|
||||
device = "/dev/pool/backup";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
users.users.backup = {
|
||||
useDefaultShell = true;
|
||||
home = "/backups";
|
||||
createHome = true;
|
||||
openssh.authorizedKeys.keys = with config.krebs.hosts; [
|
||||
mors.ssh.pubkey
|
||||
prism.ssh.pubkey
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,173 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
|
||||
# TODO add timerConfig to krebs.backup and randomize startup
|
||||
# TODO define plans more abstract
|
||||
krebs.backup.plans = {
|
||||
} // mapAttrs (_: recursiveUpdate {
|
||||
snapshots = {
|
||||
daily = { format = "%Y-%m-%d"; retain = 7; };
|
||||
weekly = { format = "%YW%W"; retain = 4; };
|
||||
monthly = { format = "%Y-%m"; retain = 12; };
|
||||
yearly = { format = "%Y"; };
|
||||
};
|
||||
}) {
|
||||
dishfire-http-prism = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; };
|
||||
startAt = "03:00";
|
||||
};
|
||||
dishfire-http-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-http"; };
|
||||
startAt = "03:10";
|
||||
};
|
||||
dishfire-http-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; };
|
||||
startAt = "03:05";
|
||||
};
|
||||
dishfire-http-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-http"; };
|
||||
startAt = "03:10";
|
||||
};
|
||||
dishfire-sql-prism = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; };
|
||||
startAt = "03:15";
|
||||
};
|
||||
dishfire-sql-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-sql"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
dishfire-sql-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; };
|
||||
startAt = "03:20";
|
||||
};
|
||||
dishfire-sql-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-sql"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
prism-bitlbee-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-bitlbee"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
prism-bitlbee-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
prism-bitlbee-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-bitlbee"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
prism-chat-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-chat"; };
|
||||
startAt = "03:35";
|
||||
};
|
||||
prism-chat-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; };
|
||||
startAt = "03:30";
|
||||
};
|
||||
prism-chat-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-chat"; };
|
||||
startAt = "03:35";
|
||||
};
|
||||
prism-sql-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-sql_dumps"; };
|
||||
startAt = "03:45";
|
||||
};
|
||||
prism-sql-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; };
|
||||
startAt = "03:40";
|
||||
};
|
||||
prism-sql-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-sql_dumps"; };
|
||||
startAt = "03:45";
|
||||
};
|
||||
prism-http-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-http"; };
|
||||
startAt = "03:55";
|
||||
};
|
||||
prism-http-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; };
|
||||
startAt = "03:50";
|
||||
};
|
||||
prism-http-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-http"; };
|
||||
startAt = "03:55";
|
||||
};
|
||||
icarus-home-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.icarus; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/icarus-home"; };
|
||||
startAt = "05:00";
|
||||
};
|
||||
icarus-home-shodan = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.icarus; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/icarus-home"; };
|
||||
startAt = "05:00";
|
||||
};
|
||||
mors-home-icarus = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.mors; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/mors-home"; };
|
||||
startAt = "05:00";
|
||||
};
|
||||
mors-home-shodan = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.mors; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/mors-home"; };
|
||||
startAt = "05:00";
|
||||
};
|
||||
shodan-home-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.shodan; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/shodan-home"; };
|
||||
startAt = "04:00";
|
||||
};
|
||||
shodan-home-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.shodan; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/shodan-home"; };
|
||||
startAt = "04:00";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -9,7 +9,6 @@ in {
|
|||
./power-action.nix
|
||||
./copyq.nix
|
||||
./livestream.nix
|
||||
./dns-stuff.nix
|
||||
./urxvt.nix
|
||||
./network-manager.nix
|
||||
{
|
||||
|
|
|
@ -10,9 +10,6 @@ in {
|
|||
krebs.per-user.bitcoin.packages = [
|
||||
pkgs.electrum
|
||||
];
|
||||
krebs.per-user.ethereum.packages = [
|
||||
pkgs.go-ethereum
|
||||
];
|
||||
users.extraUsers = {
|
||||
bch = {
|
||||
name = "bch";
|
||||
|
@ -28,13 +25,6 @@ in {
|
|||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
};
|
||||
ethereum = {
|
||||
name = "ethereum";
|
||||
description = "user for ethereum stuff";
|
||||
home = "/home/ethereum";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL
|
||||
|
|
|
@ -9,6 +9,7 @@ in {
|
|||
dev = {
|
||||
name = "dev";
|
||||
uid = genid "dev";
|
||||
extraGroups = [ "docker" ];
|
||||
description = "user for collaborative development";
|
||||
home = "/home/dev";
|
||||
useDefaultShell = true;
|
||||
|
|
|
@ -6,10 +6,9 @@ with import <stockholm/lib>;
|
|||
./gc.nix
|
||||
./mc.nix
|
||||
./vim.nix
|
||||
./monitoring/client.nix
|
||||
./monitoring/node-exporter.nix
|
||||
./zsh.nix
|
||||
./htop.nix
|
||||
./backups.nix
|
||||
./security-workarounds.nix
|
||||
{
|
||||
users.extraUsers =
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
services.dnscrypt-proxy = {
|
||||
enable = true;
|
||||
localAddress = "127.1.0.1";
|
||||
customResolver = {
|
||||
address = config.krebs.hosts.gum.nets.internet.ip4.addr;
|
||||
port = 15251;
|
||||
name = "2.dnscrypt-cert.euer.krebsco.de";
|
||||
key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C";
|
||||
};
|
||||
};
|
||||
services.resolved.enable = true;
|
||||
services.resolved.fallbackDns = [ "127.1.0.1" ];
|
||||
}
|
|
@ -79,6 +79,7 @@ with import <stockholm/lib>;
|
|||
{ from = "ovh@lassul.us"; to = lass.mail; }
|
||||
{ from = "hetzner@lassul.us"; to = lass.mail; }
|
||||
{ from = "allygator@lassul.us"; to = lass.mail; }
|
||||
{ from = "immoscout@lassul.us"; to = lass.mail; }
|
||||
];
|
||||
system-aliases = [
|
||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||
|
|
|
@ -3,6 +3,6 @@
|
|||
with import <stockholm/lib>;
|
||||
{
|
||||
nix.gc = {
|
||||
automatic = ! elem config.krebs.build.host.name [ "prism" "mors" "helios" ];
|
||||
automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer);
|
||||
};
|
||||
}
|
||||
|
|
|
@ -57,6 +57,16 @@ let
|
|||
cgit.desc = "Fork of nix-user-chroot my lethalman";
|
||||
cgit.section = "software";
|
||||
};
|
||||
nixos-aws = {
|
||||
collaborators = [ {
|
||||
name = "fabio";
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada";
|
||||
} ];
|
||||
};
|
||||
krops = {
|
||||
cgit.desc = "krebs deployment";
|
||||
cgit.section = "software";
|
||||
};
|
||||
} // mapAttrs make-public-repo-silent {
|
||||
};
|
||||
|
||||
|
@ -70,8 +80,8 @@ let
|
|||
import <secrets/repos.nix> { inherit config lib pkgs; }
|
||||
);
|
||||
|
||||
make-public-repo = name: { cgit ? {}, ... }: {
|
||||
inherit cgit name;
|
||||
make-public-repo = name: { cgit ? {}, collaborators ? [], ... }: {
|
||||
inherit cgit collaborators name;
|
||||
public = true;
|
||||
hooks = {
|
||||
post-receive = pkgs.git-hooks.irc-announce {
|
||||
|
|
19
lass/2configs/go.nix
Normal file
19
lass/2configs/go.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
krebs.go = {
|
||||
enable = true;
|
||||
};
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts.go = {
|
||||
locations."/".extraConfig = ''
|
||||
proxy_set_header Host go.lassul.us;
|
||||
proxy_pass http://localhost:1337;
|
||||
'';
|
||||
serverAliases = [
|
||||
"go.lassul.us"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -206,8 +206,11 @@ in {
|
|||
msmtp
|
||||
mutt
|
||||
pkgs.much
|
||||
pkgs.notmuch
|
||||
tag-new-mails
|
||||
tag-old-mails
|
||||
];
|
||||
|
||||
nixpkgs.config.packageOverrides = opkgs: {
|
||||
notmuch = (opkgs.notmuch.overrideAttrs (o: { doCheck = false; }));
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,26 +0,0 @@
|
|||
{pkgs, config, ...}:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
services.telegraf = {
|
||||
enable = true;
|
||||
|
||||
extraConfig = {
|
||||
agent.interval = "1s";
|
||||
outputs = {
|
||||
influxdb = {
|
||||
urls = ["http://prism:8086"];
|
||||
database = "telegraf_db";
|
||||
user_agent = "telegraf";
|
||||
};
|
||||
};
|
||||
inputs = {
|
||||
cpu = {
|
||||
percpu = false;
|
||||
totalcpu = true;
|
||||
};
|
||||
mem = {};
|
||||
net = {};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,44 +0,0 @@
|
|||
{pkgs, config, ...}:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
echoToIrc = msg:
|
||||
pkgs.writeDash "echo_irc" ''
|
||||
set -euf
|
||||
export LOGNAME=prism-alarm
|
||||
${pkgs.irc-announce}/bin/irc-announce \
|
||||
irc.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
|
||||
'';
|
||||
|
||||
in {
|
||||
krebs.monit = {
|
||||
enable = true;
|
||||
http.enable = true;
|
||||
alarms = {
|
||||
nirwanabluete = {
|
||||
test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'";
|
||||
alarm = echoToIrc "test nirwanabluete failed";
|
||||
};
|
||||
ubik = {
|
||||
test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'";
|
||||
alarm = echoToIrc "test ubik failed";
|
||||
};
|
||||
cac-panel = {
|
||||
test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'";
|
||||
alarm = echoToIrc "test cac-panel failed";
|
||||
};
|
||||
radio = {
|
||||
test = pkgs.writeBash "check_stream" ''
|
||||
${pkgs.curl}/bin/curl -sif http://lassul.us:8000/radio.ogg \
|
||||
| ${pkgs.gawk}/bin/awk '/^\r$/{exit}{print $0}' \
|
||||
| ${pkgs.gnugrep}/bin/grep -q "200 OK" || exit "''${PIPESTATUS[0]}"
|
||||
'';
|
||||
alarm = echoToIrc "test radio failed";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
|
15
lass/2configs/monitoring/node-exporter.nix
Normal file
15
lass/2configs/monitoring/node-exporter.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; }
|
||||
{ predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; }
|
||||
];
|
||||
services.prometheus.exporters = {
|
||||
node = {
|
||||
enable = true;
|
||||
enabledCollectors = [
|
||||
"systemd"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
217
lass/2configs/monitoring/prometheus-server.nix
Normal file
217
lass/2configs/monitoring/prometheus-server.nix
Normal file
|
@ -0,0 +1,217 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
{
|
||||
#networking = {
|
||||
# firewall.allowedTCPPorts = [
|
||||
# 3000 # grafana
|
||||
# 9090 # prometheus
|
||||
# 9093 # alertmanager
|
||||
# ];
|
||||
# useDHCP = true;
|
||||
#};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; }
|
||||
{ predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; }
|
||||
{ predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; }
|
||||
];
|
||||
|
||||
services = {
|
||||
prometheus = {
|
||||
enable = true;
|
||||
extraFlags = [
|
||||
"-storage.local.retention 8760h"
|
||||
"-storage.local.series-file-shrink-ratio 0.3"
|
||||
"-storage.local.memory-chunks 2097152"
|
||||
"-storage.local.max-chunks-to-persist 1048576"
|
||||
"-storage.local.index-cache-size.fingerprint-to-metric 2097152"
|
||||
"-storage.local.index-cache-size.fingerprint-to-timerange 1048576"
|
||||
"-storage.local.index-cache-size.label-name-to-label-values 2097152"
|
||||
"-storage.local.index-cache-size.label-pair-to-fingerprints 41943040"
|
||||
];
|
||||
alertmanagerURL = [ "http://localhost:9093" ];
|
||||
rules = [
|
||||
''
|
||||
ALERT node_down
|
||||
IF up == 0
|
||||
FOR 5m
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary = "{{$labels.alias}}: Node is down.",
|
||||
description = "{{$labels.alias}} has been down for more than 5 minutes."
|
||||
}
|
||||
ALERT node_systemd_service_failed
|
||||
IF node_systemd_unit_state{state="failed"} == 1
|
||||
FOR 4m
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.",
|
||||
description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."
|
||||
}
|
||||
ALERT node_filesystem_full_90percent
|
||||
IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3
|
||||
FOR 5m
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary = "{{$labels.alias}}: Filesystem is running out of space soon.",
|
||||
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."
|
||||
}
|
||||
ALERT node_filesystem_full_in_4h
|
||||
IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0
|
||||
FOR 5m
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.",
|
||||
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"
|
||||
}
|
||||
ALERT node_filedescriptors_full_in_3h
|
||||
IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum
|
||||
FOR 20m
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.",
|
||||
description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"
|
||||
}
|
||||
ALERT node_load1_90percent
|
||||
IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9
|
||||
FOR 1h
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary = "{{$labels.alias}}: Running on high load.",
|
||||
description = "{{$labels.alias}} is running with > 90% total load for at least 1h."
|
||||
}
|
||||
ALERT node_cpu_util_90percent
|
||||
IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90
|
||||
FOR 1h
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary = "{{$labels.alias}}: High CPU utilization.",
|
||||
description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."
|
||||
}
|
||||
ALERT node_ram_using_90percent
|
||||
IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1
|
||||
FOR 30m
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary="{{$labels.alias}}: Using lots of RAM.",
|
||||
description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.",
|
||||
}
|
||||
ALERT node_swap_using_80percent
|
||||
IF node_memory_SwapTotal - (node_memory_SwapFree + node_memory_SwapCached) > node_memory_SwapTotal * 0.8
|
||||
FOR 10m
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary="{{$labels.alias}}: Running out of swap soon.",
|
||||
description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."
|
||||
}
|
||||
''
|
||||
];
|
||||
scrapeConfigs = [
|
||||
{
|
||||
job_name = "node";
|
||||
scrape_interval = "10s";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [
|
||||
] ++ map (host: "${host}:9100") (lib.attrNames (lib.filterAttrs (_: host: host.owner.name == "lass" && host.monitoring) config.krebs.hosts));
|
||||
#labels = {
|
||||
# alias = "prometheus.example.com";
|
||||
#};
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
alertmanager = {
|
||||
enable = true;
|
||||
listenAddress = "0.0.0.0";
|
||||
configuration = {
|
||||
"global" = {
|
||||
"smtp_smarthost" = "smtp.example.com:587";
|
||||
"smtp_from" = "alertmanager@example.com";
|
||||
};
|
||||
"route" = {
|
||||
"group_by" = [ "alertname" "alias" ];
|
||||
"group_wait" = "30s";
|
||||
"group_interval" = "2m";
|
||||
"repeat_interval" = "4h";
|
||||
"receiver" = "team-admins";
|
||||
};
|
||||
"receivers" = [
|
||||
{
|
||||
"name" = "team-admins";
|
||||
"email_configs" = [
|
||||
{
|
||||
"to" = "devnull@example.com";
|
||||
"send_resolved" = true;
|
||||
}
|
||||
];
|
||||
"webhook_configs" = [
|
||||
{
|
||||
"url" = "http://127.0.0.1:14813/prometheus-alerts";
|
||||
"send_resolved" = true;
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
grafana = {
|
||||
enable = true;
|
||||
addr = "0.0.0.0";
|
||||
domain = "grafana.example.com";
|
||||
rootUrl = "https://grafana.example.com/";
|
||||
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
|
||||
};
|
||||
};
|
||||
services.logstash = {
|
||||
enable = true;
|
||||
inputConfig = ''
|
||||
http {
|
||||
port => 14813
|
||||
host => "127.0.0.1"
|
||||
}
|
||||
'';
|
||||
filterConfig = ''
|
||||
if ([alerts]) {
|
||||
ruby {
|
||||
code => '
|
||||
lines = []
|
||||
event["alerts"].each {|p|
|
||||
lines << "#{p["labels"]["instance"]}#{p["annotations"]["summary"]} #{p["status"]}"
|
||||
}
|
||||
event["output"] = lines.join("\n")
|
||||
'
|
||||
}
|
||||
}
|
||||
'';
|
||||
outputConfig = ''
|
||||
file { path => "/tmp/logs.json" codec => "json_lines" }
|
||||
irc {
|
||||
channels => [ "#noise" ]
|
||||
host => "irc.r"
|
||||
nick => "alarm"
|
||||
codec => "json_lines"
|
||||
format => "%{output}"
|
||||
}
|
||||
'';
|
||||
#plugins = [ ];
|
||||
};
|
||||
}
|
|
@ -1,87 +0,0 @@
|
|||
{pkgs, config, ...}:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
services.influxdb.enable = true;
|
||||
|
||||
services.influxdb.extraConfig = {
|
||||
meta.hostname = config.krebs.build.host.name;
|
||||
# meta.logging-enabled = true;
|
||||
http.bind-address = ":8086";
|
||||
admin.bind-address = ":8083";
|
||||
http.log-enabled = false;
|
||||
monitoring = {
|
||||
enabled = false;
|
||||
# write-interval = "24h";
|
||||
};
|
||||
collectd = [{
|
||||
enabled = true;
|
||||
typesdb = "${pkgs.collectd}/share/collectd/types.db";
|
||||
database = "collectd_db";
|
||||
port = 25826;
|
||||
}];
|
||||
};
|
||||
|
||||
krebs.kapacitor =
|
||||
let
|
||||
db = "telegraf_db";
|
||||
echoToIrc = pkgs.writeDash "echo_irc" ''
|
||||
set -euf
|
||||
data="$(${pkgs.jq}/bin/jq -r .message)"
|
||||
export LOGNAME=prism-alarm
|
||||
${pkgs.irc-announce}/bin/irc-announce \
|
||||
irc.r 6667 prism-alarm \#noise "$data" >/dev/null
|
||||
'';
|
||||
in {
|
||||
enable = true;
|
||||
alarms = {
|
||||
cpu = {
|
||||
database = db;
|
||||
text = ''
|
||||
var data = batch
|
||||
|query(${"'''"}
|
||||
SELECT mean("usage_user") AS mean
|
||||
FROM "${db}"."default"."cpu"
|
||||
${"'''"})
|
||||
.period(10m)
|
||||
.every(1m)
|
||||
.groupBy('host')
|
||||
data |alert()
|
||||
.crit(lambda: "mean" > 90)
|
||||
.exec('${echoToIrc}')
|
||||
data |deadman(1.0,5m)
|
||||
.stateChangesOnly()
|
||||
.exec('${echoToIrc}')
|
||||
'';
|
||||
};
|
||||
ram = {
|
||||
database = db;
|
||||
text = ''
|
||||
var data = batch
|
||||
|query(${"'''"}
|
||||
SELECT mean("used_percent") AS mean
|
||||
FROM "${db}"."default"."mem"
|
||||
${"'''"})
|
||||
.period(10m)
|
||||
.every(1m)
|
||||
.groupBy('host')
|
||||
data |alert()
|
||||
.crit(lambda: "mean" > 90)
|
||||
.exec('${echoToIrc}')
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
addr = "0.0.0.0";
|
||||
auth.anonymous.enable = true;
|
||||
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
|
||||
};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
|
@ -4,7 +4,7 @@ with import <stockholm/lib>;
|
|||
{
|
||||
krebs.Reaktor.coders = {
|
||||
nickname = "Reaktor|lass";
|
||||
channels = [ "#coders" "#germany" ];
|
||||
channels = [ "#coders" "#germany" "#panthermoderns" ];
|
||||
extraEnviron = {
|
||||
REAKTOR_HOST = "irc.hackint.org";
|
||||
};
|
||||
|
@ -87,6 +87,19 @@ with import <stockholm/lib>;
|
|||
exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1
|
||||
'';
|
||||
})
|
||||
(buildSimpleReaktorPlugin "google" {
|
||||
pattern = "^!g (?P<args>.*)$$";
|
||||
script = pkgs.writeDash "google" ''
|
||||
exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \
|
||||
${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"'
|
||||
'';
|
||||
})
|
||||
(buildSimpleReaktorPlugin "blockchain" {
|
||||
pattern = ".*[Bb]lockchain.*$$";
|
||||
script = pkgs.writeDash "blockchain" ''
|
||||
exec echo 'DID SOMEBODY SAY BLOCKCHAIN? https://paste.krebsco.de/r99pMoQq/+inline'
|
||||
'';
|
||||
})
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -135,7 +135,6 @@ in {
|
|||
(sync-retiolum "populate")
|
||||
(sync-retiolum "stockholm")
|
||||
(sync-retiolum "wai-middleware-time")
|
||||
(sync-retiolum "web-routes-wai-custom")
|
||||
(sync-retiolum "xmonad-stockholm")
|
||||
];
|
||||
}
|
||||
|
|
|
@ -3,7 +3,6 @@ with import <stockholm/lib>;
|
|||
{
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
useInotify = true;
|
||||
};
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
|
||||
|
|
|
@ -6,66 +6,10 @@ let
|
|||
genid
|
||||
;
|
||||
|
||||
servephpBB = domains:
|
||||
let
|
||||
domain = head domains;
|
||||
|
||||
in {
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
serverAliases = domains;
|
||||
extraConfig = ''
|
||||
index index.php;
|
||||
root /srv/http/${domain}/;
|
||||
access_log /tmp/nginx_acc.log;
|
||||
error_log /tmp/nginx_err.log;
|
||||
error_page 404 /404.html;
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
client_max_body_size 100m;
|
||||
'';
|
||||
locations."/".extraConfig = ''
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
'';
|
||||
locations."~ \.php(?:$|/)".extraConfig = ''
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
|
||||
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
|
||||
fastcgi_intercept_errors on;
|
||||
'';
|
||||
#Directives to send expires headers and turn off 404 error logging.
|
||||
locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
'';
|
||||
};
|
||||
services.phpfpm.poolConfigs."${domain}" = ''
|
||||
listen = /srv/http/${domain}/phpfpm.pool
|
||||
user = nginx
|
||||
group = nginx
|
||||
pm = dynamic
|
||||
pm.max_children = 25
|
||||
pm.start_servers = 5
|
||||
pm.min_spare_servers = 3
|
||||
pm.max_spare_servers = 20
|
||||
listen.owner = nginx
|
||||
listen.group = nginx
|
||||
php_admin_value[error_log] = 'stderr'
|
||||
php_admin_flag[log_errors] = on
|
||||
catch_workers_output = yes
|
||||
'';
|
||||
};
|
||||
|
||||
in {
|
||||
imports = [
|
||||
./default.nix
|
||||
../git.nix
|
||||
(servephpBB [ "rote-allez-fraktion.de" ])
|
||||
];
|
||||
|
||||
security.acme = {
|
||||
|
|
|
@ -16,7 +16,7 @@ rec {
|
|||
in {
|
||||
services.nginx.virtualHosts.${domain} = {
|
||||
enableACME = true;
|
||||
enableSSL = true;
|
||||
onlySSL = true;
|
||||
extraConfig = ''
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
@ -28,13 +28,66 @@ rec {
|
|||
};
|
||||
};
|
||||
|
||||
servephpBB = domains:
|
||||
let
|
||||
domain = head domains;
|
||||
|
||||
in {
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
serverAliases = domains;
|
||||
extraConfig = ''
|
||||
index index.php;
|
||||
root /srv/http/${domain}/;
|
||||
access_log /tmp/nginx_acc.log;
|
||||
error_log /tmp/nginx_err.log;
|
||||
error_page 404 /404.html;
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
client_max_body_size 100m;
|
||||
'';
|
||||
locations."/".extraConfig = ''
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
'';
|
||||
locations."~ \.php(?:$|/)".extraConfig = ''
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
|
||||
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
|
||||
fastcgi_intercept_errors on;
|
||||
'';
|
||||
#Directives to send expires headers and turn off 404 error logging.
|
||||
locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
'';
|
||||
};
|
||||
services.phpfpm.poolConfigs."${domain}" = ''
|
||||
listen = /srv/http/${domain}/phpfpm.pool
|
||||
user = nginx
|
||||
group = nginx
|
||||
pm = dynamic
|
||||
pm.max_children = 25
|
||||
pm.start_servers = 5
|
||||
pm.min_spare_servers = 3
|
||||
pm.max_spare_servers = 20
|
||||
listen.owner = nginx
|
||||
listen.group = nginx
|
||||
php_admin_value[error_log] = 'stderr'
|
||||
php_admin_flag[log_errors] = on
|
||||
catch_workers_output = yes
|
||||
'';
|
||||
};
|
||||
|
||||
serveOwncloud = domains:
|
||||
let
|
||||
domain = head domains;
|
||||
in {
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
enableACME = true;
|
||||
enableSSL = true;
|
||||
onlySSL = true;
|
||||
serverAliases = domains;
|
||||
extraConfig = ''
|
||||
listen 80;
|
||||
|
@ -148,7 +201,7 @@ rec {
|
|||
in {
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
enableACME = true;
|
||||
enableSSL = true;
|
||||
onlySSL = true;
|
||||
serverAliases = domains;
|
||||
extraConfig = ''
|
||||
listen 80;
|
||||
|
|
|
@ -54,8 +54,8 @@
|
|||
eval $(dircolors -b ${pkgs.fetchFromGitHub {
|
||||
owner = "trapd00r";
|
||||
repo = "LS_COLORS";
|
||||
rev = "master";
|
||||
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
|
||||
rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
|
||||
sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
|
||||
}}/LS_COLORS)
|
||||
alias ls='ls --color'
|
||||
zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
|
||||
|
|
|
@ -8,6 +8,7 @@ _:
|
|||
./mysql-backup.nix
|
||||
./news.nix
|
||||
./pyload.nix
|
||||
./restic.nix
|
||||
./screenlock.nix
|
||||
./umts.nix
|
||||
./usershadow.nix
|
||||
|
|
119
lass/3modules/restic.nix
Normal file
119
lass/3modules/restic.nix
Normal file
|
@ -0,0 +1,119 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
options.lass.restic = mkOption {
|
||||
type = types.attrsOf (types.submodule ({ config, ... }: {
|
||||
options = {
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = config._module.args.name;
|
||||
};
|
||||
passwordFile = mkOption {
|
||||
type = types.str;
|
||||
default = toString <secrets/restic-password>;
|
||||
description = ''
|
||||
read the repository password from a file.
|
||||
'';
|
||||
example = "/etc/nixos/restic-password";
|
||||
|
||||
};
|
||||
repo = mkOption {
|
||||
type = types.str;
|
||||
default = "sftp:backup@prism.r:/backups/${config.name}";
|
||||
description = ''
|
||||
repository to backup to.
|
||||
'';
|
||||
example = "sftp:backup@192.168.1.100:/backups/${config.name}";
|
||||
};
|
||||
dirs = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
which directories to backup.
|
||||
'';
|
||||
example = [
|
||||
"/var/lib/postgresql"
|
||||
"/home/user/backup"
|
||||
];
|
||||
};
|
||||
timerConfig = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
default = {
|
||||
OnCalendar = "daily";
|
||||
};
|
||||
description = ''
|
||||
When to run the backup. See man systemd.timer for details.
|
||||
'';
|
||||
example = {
|
||||
OnCalendar = "00:05";
|
||||
RandomizedDelaySec = "5h";
|
||||
};
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "root";
|
||||
description = ''
|
||||
As which user the backup should run.
|
||||
'';
|
||||
example = "postgresql";
|
||||
};
|
||||
extraArguments = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Extra arguments to append to the restic command.
|
||||
'';
|
||||
example = [
|
||||
"sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp"
|
||||
];
|
||||
};
|
||||
initialize = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Create the repository if it doesn't exist.
|
||||
'';
|
||||
};
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
};
|
||||
|
||||
config = {
|
||||
systemd.services =
|
||||
mapAttrs' (_: plan:
|
||||
let
|
||||
extraArguments = concatMapStringsSep " " (arg: "-o ${arg}") plan.extraArguments;
|
||||
connectTo = elemAt (splitString ":" plan.repo) 1;
|
||||
resticCmd = "${pkgs.restic}/bin/restic ${extraArguments}";
|
||||
in nameValuePair "backup.${plan.name}" {
|
||||
environment = {
|
||||
RESTIC_PASSWORD_FILE = plan.passwordFile;
|
||||
RESTIC_REPOSITORY = plan.repo;
|
||||
};
|
||||
path = with pkgs; [
|
||||
openssh
|
||||
];
|
||||
restartIfChanged = false;
|
||||
serviceConfig = {
|
||||
ExecStartPre = mkIf plan.initialize (pkgs.writeScript "rustic-${plan.name}-init" ''
|
||||
#! ${pkgs.bash}/bin/bash
|
||||
${resticCmd} snapshots || ${resticCmd} init
|
||||
'');
|
||||
ExecStart = pkgs.writeDash "rustic-${plan.name}" (
|
||||
"#! ${pkgs.bash}/bin/bash\n" +
|
||||
concatMapStringsSep "\n" (dir: "${resticCmd} backup ${dir}") plan.dirs
|
||||
);
|
||||
User = plan.user;
|
||||
};
|
||||
}
|
||||
) config.lass.restic;
|
||||
systemd.timers =
|
||||
mapAttrs' (_: plan: nameValuePair "backup.${plan.name}" {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = plan.timerConfig;
|
||||
}) config.lass.restic;
|
||||
};
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
{ pkgs }:
|
||||
pkgs.writeDashBin "generate-secrets" ''
|
||||
pkgs.writeDashBin "l-gen-secrets" ''
|
||||
HOSTNAME="$1"
|
||||
TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
|
||||
PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1)
|
||||
|
@ -17,9 +17,9 @@ pkgs.writeDashBin "generate-secrets" ''
|
|||
|
||||
cd $TMPDIR
|
||||
for x in *; do
|
||||
${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null
|
||||
${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m krebs-secrets/$HOSTNAME/$x > /dev/null
|
||||
done
|
||||
echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/hosts/$HOSTNAME/pass > /dev/null
|
||||
echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/pass > /dev/null
|
||||
|
||||
cat <<EOF
|
||||
$HOSTNAME = {
|
|
@ -50,6 +50,14 @@ rec {
|
|||
default = false;
|
||||
};
|
||||
|
||||
monitoring = mkOption {
|
||||
description = ''
|
||||
Whether the host should be monitored by monitoring tools like Prometheus.
|
||||
'';
|
||||
type = bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
owner = mkOption {
|
||||
type = user;
|
||||
};
|
||||
|
|
|
@ -62,10 +62,13 @@ in {
|
|||
## Web
|
||||
<stockholm/makefu/2configs/nginx/share-download.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.test.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.mon.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.blog.nix>
|
||||
# <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
|
||||
<stockholm/makefu/2configs/nginx/public_html.nix>
|
||||
<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
||||
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
|
||||
|
||||
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
|
||||
<stockholm/makefu/2configs/deployment/graphs.nix>
|
||||
|
@ -222,6 +225,8 @@ in {
|
|||
25
|
||||
# http
|
||||
80 443
|
||||
# httptunnel
|
||||
8080 8443
|
||||
# tinc
|
||||
655
|
||||
# tinc-shack
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="gum";
|
||||
torrent = true;
|
||||
clever_kexec = true;
|
||||
}
|
||||
|
|
|
@ -50,6 +50,7 @@ in {
|
|||
<stockholm/makefu/2configs/smart-monitor.nix>
|
||||
<stockholm/makefu/2configs/mail-client.nix>
|
||||
<stockholm/makefu/2configs/mosh.nix>
|
||||
<stockholm/makefu/2configs/tools/mobility.nix>
|
||||
# <stockholm/makefu/2configs/disable_v6.nix>
|
||||
#<stockholm/makefu/2configs/graphite-standalone.nix>
|
||||
#<stockholm/makefu/2configs/share-user-sftp.nix>
|
||||
|
@ -85,7 +86,7 @@ in {
|
|||
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||
# <stockholm/makefu/2configs/logging/central-logging-client.nix>
|
||||
|
||||
# <stockholm/makefu/2configs/torrent.nix>
|
||||
<stockholm/makefu/2configs/torrent.nix>
|
||||
|
||||
# <stockholm/makefu/2configs/elchos/search.nix>
|
||||
# <stockholm/makefu/2configs/elchos/log.nix>
|
||||
|
@ -100,7 +101,7 @@ in {
|
|||
makefu.full-populate = true;
|
||||
makefu.server.primary-itf = primaryInterface;
|
||||
krebs.rtorrent = {
|
||||
downloadDir = lib.mkForce "/media/crypt0/torrent";
|
||||
downloadDir = lib.mkForce "/media/cryptX/torrent";
|
||||
extraConfig = ''
|
||||
upload_rate = 200
|
||||
'';
|
||||
|
|
|
@ -33,6 +33,9 @@ in {
|
|||
|
||||
<stockholm/makefu/2configs/share/wbob.nix>
|
||||
<stockholm/makefu/2configs/bluetooth-mpd.nix>
|
||||
{
|
||||
users.users.makefu.extraGroups = [ "pulse" ];
|
||||
}
|
||||
|
||||
# Sensors
|
||||
<stockholm/makefu/2configs/stats/telegraf>
|
||||
|
@ -49,9 +52,10 @@ in {
|
|||
db = "collectd_db";
|
||||
logging-interface = "enp0s25";
|
||||
in {
|
||||
networking.firewall.allowedTCPPorts = [ 3000 ];
|
||||
|
||||
services.grafana.enable = true;
|
||||
services.grafana.addr = "0.0.0.0";
|
||||
|
||||
services.influxdb.enable = true;
|
||||
services.influxdb.extraConfig = {
|
||||
meta.hostname = config.krebs.build.host.name;
|
||||
|
@ -121,6 +125,7 @@ in {
|
|||
networking.firewall.allowedTCPPorts = [
|
||||
655
|
||||
8081 #smokeping
|
||||
8086 #influx
|
||||
49152
|
||||
];
|
||||
networking.firewall.trustedInterfaces = [ "enp0s25" ];
|
||||
|
|
|
@ -141,15 +141,6 @@ with import <stockholm/lib>;
|
|||
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
|
||||
hardware.bluetooth.enable = true;
|
||||
}
|
||||
{ # auto-mounting
|
||||
services.udisks2.enable = true;
|
||||
services.devmon.enable = true;
|
||||
# services.gnome3.gvfs.enable = true;
|
||||
users.users.makefu.packages = with pkgs;[
|
||||
gvfs pcmanfm lxmenu-data
|
||||
];
|
||||
environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
|
||||
}
|
||||
|
||||
];
|
||||
|
||||
|
@ -170,6 +161,7 @@ with import <stockholm/lib>;
|
|||
|
||||
networking.extraHosts = ''
|
||||
192.168.1.11 omo.local
|
||||
80.92.65.53 www.wifionice.de wifionice.de
|
||||
'';
|
||||
# hard dependency because otherwise the device will not be unlocked
|
||||
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
|
||||
|
|
|
@ -42,12 +42,13 @@ in {
|
|||
enable = true;
|
||||
# PULSE_SERVER=192.168.1.11 pavucontrol
|
||||
anonymousClients.allowAll = true;
|
||||
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.0.0/16" ];
|
||||
};
|
||||
configFile = pkgs.writeText "default.pa" ''
|
||||
load-module module-udev-detect
|
||||
load-module module-bluetooth-policy
|
||||
load-module module-bluetooth-discover
|
||||
load-module module-native-protocol-unix
|
||||
load-module module-native-protocol-unix auth-anonymous=1
|
||||
load-module module-always-sink
|
||||
load-module module-console-kit
|
||||
load-module module-systemd-login
|
||||
|
@ -56,13 +57,15 @@ in {
|
|||
load-module module-filter-heuristics
|
||||
load-module module-filter-apply
|
||||
load-module module-switch-on-connect
|
||||
#load-module module-bluez5-device
|
||||
#load-module module-bluez5-discover
|
||||
'';
|
||||
};
|
||||
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
|
||||
hardware.bluetooth.enable = true;
|
||||
#hardware.bluetooth.extraConfig = ''
|
||||
# [general]
|
||||
# Enable=Source,Sink,Media,Socket
|
||||
#'';
|
||||
# environment.etc."bluetooth/audio.conf".text = ''
|
||||
# [General]
|
||||
# Enable = Source,Sink,Media,Socket
|
||||
# '';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -30,6 +30,7 @@ let
|
|||
euer_blog = { };
|
||||
ampel = { };
|
||||
europastats = { };
|
||||
arafetch = { };
|
||||
init-stockholm = {
|
||||
cgit.desc = "Init stuff for stockholm";
|
||||
};
|
||||
|
|
44
makefu/2configs/gui/automatic-diskmount.nix
Normal file
44
makefu/2configs/gui/automatic-diskmount.nix
Normal file
|
@ -0,0 +1,44 @@
|
|||
{ pkgs, ... }:
|
||||
with import <stockholm/lib>; #genid
|
||||
{ # auto-mounting via polkit
|
||||
services.udisks2.enable = true;
|
||||
## automount all disks:
|
||||
# services.devmon.enable = true;
|
||||
# services.gnome3.gvfs.enable = true;
|
||||
users.groups.storage = {
|
||||
gid = genid "storage";
|
||||
members = [ "makefu" ];
|
||||
};
|
||||
users.users.makefu.packages = with pkgs;[
|
||||
gvfs pcmanfm lxmenu-data
|
||||
];
|
||||
environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
|
||||
|
||||
## allow users in group "storage" to mount disk
|
||||
# https://github.com/coldfix/udiskie/wiki/Permissions
|
||||
security.polkit.extraConfig =
|
||||
''
|
||||
polkit.addRule(function(action, subject) {
|
||||
var YES = polkit.Result.YES;
|
||||
var permission = {
|
||||
"org.freedesktop.udisks.filesystem-mount": YES,
|
||||
"org.freedesktop.udisks.luks-unlock": YES,
|
||||
"org.freedesktop.udisks.drive-eject": YES,
|
||||
"org.freedesktop.udisks.drive-detach": YES,
|
||||
"org.freedesktop.udisks2.filesystem-mount": YES,
|
||||
"org.freedesktop.udisks2.encrypted-unlock": YES,
|
||||
"org.freedesktop.udisks2.eject-media": YES,
|
||||
"org.freedesktop.udisks2.power-off-drive": YES,
|
||||
"org.freedesktop.udisks2.filesystem-mount-other-seat": YES,
|
||||
"org.freedesktop.udisks2.filesystem-unmount-others": YES,
|
||||
"org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
|
||||
"org.freedesktop.udisks2.eject-media-other-seat": YES,
|
||||
"org.freedesktop.udisks2.power-off-drive-other-seat": YES
|
||||
};
|
||||
if (subject.isInGroup("storage")) {
|
||||
return permission[action.id];
|
||||
}
|
||||
});
|
||||
'';
|
||||
|
||||
}
|
|
@ -11,9 +11,8 @@
|
|||
|
||||
systemd.services.modemmanager = {
|
||||
description = "ModemManager";
|
||||
after = [ "network-manager.service" ];
|
||||
bindsTo = [ "network-manager.service" ];
|
||||
wantedBy = [ "network-manager.service" ];
|
||||
wantedBy = [ "network-manager.service" "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
|
||||
PrivateTmp = true;
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
{
|
||||
|
||||
# TODO postgres backup
|
||||
services.postgresql.enable = true;
|
||||
|
||||
services.hydra = {
|
||||
enable = true;
|
||||
|
|
|
@ -16,6 +16,7 @@ in {
|
|||
./zsh-user.nix
|
||||
./tools/core.nix
|
||||
./tools/core-gui.nix
|
||||
./gui/automatic-diskmount.nix
|
||||
];
|
||||
|
||||
users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ];
|
||||
|
|
26
makefu/2configs/nginx/euer.mon.nix
Normal file
26
makefu/2configs/nginx/euer.mon.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
hostname = config.krebs.build.host.name;
|
||||
user = config.services.nginx.user;
|
||||
group = config.services.nginx.group;
|
||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
in {
|
||||
services.nginx = {
|
||||
enable = mkDefault true;
|
||||
virtualHosts."mon.euer.krebsco.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://wbob.r:3000/";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
17
makefu/2configs/nginx/misa-felix-hochzeit.ml.nix
Normal file
17
makefu/2configs/nginx/misa-felix-hochzeit.ml.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
services.nginx = {
|
||||
enable = lib.mkDefault true;
|
||||
virtualHosts."misa-felix-hochzeit.ml" = {
|
||||
serverAliases = [ "www.misa-felix-hochzeit.ml" "misa-felix.ml" "www.misa-felix.ml" ];
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
index = "index.html";
|
||||
root = "/var/www/misa-felix-hochzeit.ml";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,14 +0,0 @@
|
|||
{ pkgs, ...}:
|
||||
let
|
||||
sshKey = (toString <secrets>) + "/id_nixBuild";
|
||||
in {
|
||||
nix.distributedBuilds = true;
|
||||
# TODO: iterate over krebs.hosts
|
||||
nix.buildMachines = map ( hostName:
|
||||
{ inherit hostName sshKey;
|
||||
sshUser = "nixBuild";
|
||||
system = "x86_64-linux";
|
||||
maxJobs = 8;
|
||||
}) [ "hotdog.r" ];
|
||||
# puyak.r "wbob.r" "omo.r" "gum.r" "latte.r"
|
||||
}
|
|
@ -3,7 +3,7 @@ with import <stockholm/lib>;
|
|||
let
|
||||
pkg = with pkgs.python3Packages;buildPythonPackage rec {
|
||||
rev = "762d747";
|
||||
name = "europastats-${rev}";
|
||||
name = "arafetch-${rev}";
|
||||
propagatedBuildInputs = [
|
||||
requests
|
||||
docopt
|
||||
|
@ -25,12 +25,25 @@ in {
|
|||
};
|
||||
|
||||
systemd.services.arafetch = {
|
||||
startAt = "Mon 09:15:00";
|
||||
startAt = "Mon,Wed,Fri 09:15:00";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = {
|
||||
OUTDIR = home;
|
||||
};
|
||||
path = [ pkg pkgs.git pkgs.wget ];
|
||||
script = "${pkg}/bin/weekrun";
|
||||
serviceConfig = {
|
||||
User = "arafetch";
|
||||
WorkingDirectory = home;
|
||||
PrivateTmp = true;
|
||||
ExecStart = pkgs.writeDash "start-weekrun" ''
|
||||
set -x
|
||||
weekrun || echo "weekrun failed!"
|
||||
find $OUTDIR/db -name \*.json | while read path;do
|
||||
file=''${path##*/}
|
||||
cantine=''${file%%.json}
|
||||
ara2influx $path --cantine $cantine --host wbob.r
|
||||
done
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,10 +1,6 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
nixpkgs.config.firefox = {
|
||||
enableAdobeFlash = true;
|
||||
};
|
||||
|
||||
krebs.per-user.makefu.packages = with pkgs; [
|
||||
chromium
|
||||
clipit
|
||||
|
|
|
@ -25,7 +25,6 @@ in {
|
|||
# pypi
|
||||
https://pypi.python.org/simple/bepasty/
|
||||
https://pypi.python.org/simple/devpi-client/
|
||||
https://pypi.python.org/simple/oslo.config/
|
||||
https://pypi.python.org/simple/sqlalchemy_migrate/
|
||||
https://pypi.python.org/simple/xstatic/
|
||||
https://pypi.python.org/simple/pyserial/
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
with pkgs.python3Packages;buildPythonPackage rec {
|
||||
name = "ampel-${version}";
|
||||
version = "0.2";
|
||||
version = "0.2.1";
|
||||
|
||||
propagatedBuildInputs = [
|
||||
docopt
|
||||
|
@ -16,8 +16,8 @@ with pkgs.python3Packages;buildPythonPackage rec {
|
|||
|
||||
src = pkgs.fetchgit {
|
||||
url = "http://cgit.euer.krebsco.de/ampel";
|
||||
rev = "d8a0250";
|
||||
sha256 = "0n36lc17ca5db6pl6dswdqd5w9f881rfqck9yc4w33a5qpsxj85f";
|
||||
rev = "92321d7";
|
||||
sha256 = "0mvpbpf1rx8sc589qjb73gl8z6fir2zs3gl3br1pbhg5jgn0ij4n";
|
||||
};
|
||||
meta = {
|
||||
homepage = http://cgit.euer.krebsco.de/ampel;
|
||||
|
|
|
@ -412,8 +412,7 @@ clientkeys = awful.util.table.join(
|
|||
end),
|
||||
awful.key({ modkey, }, "m",
|
||||
function (c)
|
||||
c.maximized_horizontal = not c.maximized_horizontal
|
||||
c.maximized_vertical = not c.maximized_vertical
|
||||
c.maximized = not c.maximized
|
||||
end)
|
||||
)
|
||||
|
||||
|
|
|
@ -16,16 +16,17 @@ let
|
|||
};
|
||||
devpi-web = pkgs.python3Packages.buildPythonPackage rec {
|
||||
name = "devpi-web";
|
||||
version = "3.1.1";
|
||||
version = "3.2.2";
|
||||
|
||||
|
||||
src = pkgs.fetchurl {
|
||||
url = "mirror://pypi/d/devpi-web/devpi-web-${version}.tar.gz";
|
||||
sha256 = "0bvqv52jmasfm4sdyccwsgvk9a663d3grj7zjw8r9x7xm7l3svqv";
|
||||
sha256 = "1mwg2fcw88rn47ypnhg5f4s1r066129z922113shyinwrwfddhay";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = with pkgs.python3Packages;
|
||||
[ pkgs.devpi-server pyramid_chameleon beautifulsoup4 defusedxml readme-renderer ];
|
||||
propagatedBuildInputs = with pkgs.python3Packages; builtins.trace pkgs.devpi-server.version
|
||||
[ pkgs.devpi-server pyramid_chameleon pygments docutils devpi-common
|
||||
whoosh beautifulsoup4 defusedxml readme-renderer ];
|
||||
|
||||
meta = {
|
||||
homepage = https://bitbucket.org/hpk42/devpi;
|
||||
|
@ -37,6 +38,6 @@ let
|
|||
|
||||
in {
|
||||
devpi-web = pkgs.python3.buildEnv.override {
|
||||
extraLibs = [ devpi-web devpi-server ];
|
||||
extraLibs = [ devpi-web pkgs.devpi-server ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -9,6 +9,8 @@ host@{ name,
|
|||
, python ? false
|
||||
, unstable ? false #unstable channel checked out
|
||||
, mic92 ? false
|
||||
, nms ? false
|
||||
, clever_kexec ?false
|
||||
}:
|
||||
let
|
||||
builder = if getEnv "dummy_secrets" == "true"
|
||||
|
@ -21,9 +23,8 @@ let
|
|||
];
|
||||
};
|
||||
# TODO: automate updating of this ref + cherry-picks
|
||||
ref = "6583793"; # nixos-17.09 @ 2018-03-07
|
||||
ref = "a09afbfb8a4"; # nixos-18.03 @ 2018-04-04
|
||||
# + do_sqlite3 ruby: 55a952be5b5
|
||||
# + signal: 0f19beef3, 50ad913, 9449782, b7046ab2
|
||||
|
||||
in
|
||||
evalSource (toString _file) [
|
||||
|
@ -43,10 +44,14 @@ in
|
|||
file = "/home/makefu/store/${ref}";
|
||||
};
|
||||
|
||||
secrets.file = getAttr builder {
|
||||
buildbot = toString <stockholm/makefu/6tests/data/secrets>;
|
||||
makefu = "/home/makefu/secrets/${name}";
|
||||
secrets = getAttr builder {
|
||||
buildbot.file = toString <stockholm/makefu/6tests/data/secrets>;
|
||||
makefu.pass = {
|
||||
inherit name;
|
||||
dir = "${getEnv "HOME"}/.secrets-pass";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
stockholm.file = toString <stockholm>;
|
||||
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
|
||||
|
@ -54,7 +59,7 @@ in
|
|||
(mkIf ( musnix ) {
|
||||
musnix.git = {
|
||||
url = https://github.com/musnix/musnix.git;
|
||||
ref = "d8b989f";
|
||||
ref = "master"; # follow the musnix channel, lets see how this works out
|
||||
};
|
||||
})
|
||||
|
||||
|
@ -73,9 +78,12 @@ in
|
|||
})
|
||||
|
||||
(mkIf ( torrent ) {
|
||||
torrent-secrets.file = getAttr builder {
|
||||
buildbot = toString <stockholm/makefu/6tests/data/secrets>;
|
||||
makefu = "/home/makefu/secrets/torrent" ;
|
||||
torrent-secrets = getAttr builder {
|
||||
buildbot.file = toString <stockholm/makefu/6tests/data/secrets>;
|
||||
makefu.pass = {
|
||||
name = "torrent";
|
||||
dir = "${getEnv "HOME"}/.secrets-pass";
|
||||
};
|
||||
};
|
||||
})
|
||||
|
||||
|
@ -93,5 +101,19 @@ in
|
|||
};
|
||||
})
|
||||
|
||||
(mkIf ( nms ) {
|
||||
nms.git = {
|
||||
url = https://github.com/r-raymond/nixos-mailserver;
|
||||
ref = "v2.1.2";
|
||||
};
|
||||
})
|
||||
|
||||
(mkIf ( clever_kexec ) {
|
||||
clever_kexec.git = {
|
||||
url = https://github.com/cleverca22/nix-tests;
|
||||
ref = "5a670de7f2decfaafc95c34ffeb0f1896662f3d7";
|
||||
};
|
||||
})
|
||||
|
||||
override
|
||||
]
|
||||
|
|
|
@ -349,6 +349,7 @@ let
|
|||
let b:current_syntax = "nix"
|
||||
|
||||
set isk=@,48-57,_,192-255,-,'
|
||||
set bg=dark
|
||||
'';
|
||||
in
|
||||
out
|
||||
|
|
Loading…
Reference in a new issue