Merge remote-tracking branch 'lass/master'
This commit is contained in:
commit
8156ab9237
|
@ -1,13 +1,15 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
# bln config file
|
||||
{
|
||||
imports =
|
||||
[ <stockholm/jeschli>
|
||||
<stockholm/jeschli/2configs/virtualbox.nix>
|
||||
<stockholm/jeschli/2configs/urxvt.nix>
|
||||
<stockholm/jeschli/2configs/emacs.nix>
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
<stockholm/jeschli>
|
||||
<stockholm/jeschli/2configs/virtualbox.nix>
|
||||
<stockholm/jeschli/2configs/urxvt.nix>
|
||||
<stockholm/jeschli/2configs/emacs.nix>
|
||||
<stockholm/jeschli/2configs/xdg.nix>
|
||||
<stockholm/jeschli/2configs/xserver>
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
@ -91,14 +93,14 @@
|
|||
services.printing.drivers = [ pkgs.postscript-lexmark ];
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
services.xserver.enable = true;
|
||||
# services.xserver.enable = true;
|
||||
services.xserver.videoDrivers = [ "nvidia" ];
|
||||
|
||||
services.xserver.windowManager.xmonad.enable = true;
|
||||
services.xserver.windowManager.xmonad.enableContribAndExtras = true;
|
||||
services.xserver.displayManager.sddm.enable = true;
|
||||
services.xserver.dpi = 100;
|
||||
fonts.fontconfig.dpi = 100;
|
||||
# services.xserver.windowManager.xmonad.enable = true;
|
||||
# services.xserver.windowManager.xmonad.enableContribAndExtras = true;
|
||||
# services.xserver.displayManager.sddm.enable = true;
|
||||
# services.xserver.dpi = 100;
|
||||
# fonts.fontconfig.dpi = 100;
|
||||
|
||||
users.extraUsers.jeschli = {
|
||||
isNormalUser = true;
|
||||
|
|
|
@ -44,6 +44,9 @@ in {
|
|||
display = 11;
|
||||
tty = 11;
|
||||
|
||||
dpi = 100;
|
||||
|
||||
videoDrivers = [ "nvidia" ];
|
||||
synaptics = {
|
||||
enable = true;
|
||||
twoFingerScroll = true;
|
||||
|
|
|
@ -44,6 +44,7 @@ import XMonad.Layout.Reflect (reflectVert)
|
|||
import XMonad.Layout.FixedColumn (FixedColumn(..))
|
||||
import XMonad.Hooks.Place (placeHook, smart)
|
||||
import XMonad.Hooks.FloatNext (floatNextHook)
|
||||
import XMonad.Hooks.SetWMName
|
||||
import XMonad.Actions.PerWorkspaceKeys (chooseAction)
|
||||
import XMonad.Layout.PerWorkspace (onWorkspace)
|
||||
--import XMonad.Layout.BinarySpacePartition
|
||||
|
@ -86,7 +87,8 @@ mainNoArgs = do
|
|||
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
|
||||
--, handleEventHook = handleTimerEvent
|
||||
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
|
||||
, startupHook =
|
||||
, startupHook = do
|
||||
setWMName "LG3D"
|
||||
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
|
||||
(\path -> forkFile path [] Nothing)
|
||||
, normalBorderColor = "#1c1c1c"
|
||||
|
@ -217,7 +219,7 @@ myKeys conf = Map.fromList $
|
|||
pagerConfig :: PagerConfig
|
||||
pagerConfig = def
|
||||
{ pc_font = myFont
|
||||
, pc_cellwidth = 64
|
||||
, pc_cellwidth = 256
|
||||
--, pc_cellheight = 36 -- TODO automatically keep screen aspect
|
||||
--, pc_borderwidth = 1
|
||||
--, pc_matchcolor = "#f0b000"
|
||||
|
|
|
@ -21,4 +21,5 @@
|
|||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
|
||||
environment.variables.NIX_REMOTE = "daemon";
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
{
|
||||
krebs.newsbot-js.news-spam = {
|
||||
urlShortenerHost = "go.lassul.us";
|
||||
feeds = pkgs.writeText "feeds" ''
|
||||
[SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
|
||||
[SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
|
||||
|
|
|
@ -9,6 +9,7 @@ with import <stockholm/lib>;
|
|||
hosts = mapAttrs (_: recursiveUpdate {
|
||||
owner = config.krebs.users.lass;
|
||||
ci = true;
|
||||
monitoring = true;
|
||||
}) {
|
||||
dishfire = {
|
||||
cores = 4;
|
||||
|
@ -43,39 +44,6 @@ with import <stockholm/lib>;
|
|||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
|
||||
};
|
||||
echelon = {
|
||||
cores = 2;
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "64.137.242.41";
|
||||
aliases = [
|
||||
"echelon.i"
|
||||
];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.243.206.103";
|
||||
ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f763";
|
||||
aliases = [
|
||||
"echelon.r"
|
||||
"cgit.echelon.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ
|
||||
oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX
|
||||
MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f
|
||||
4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA
|
||||
n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p
|
||||
do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
|
||||
};
|
||||
prism = rec {
|
||||
cores = 4;
|
||||
extraZones = {
|
||||
|
@ -86,14 +54,17 @@ with import <stockholm/lib>;
|
|||
"lassul.us" = ''
|
||||
$TTL 3600
|
||||
@ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300)
|
||||
60 IN NS ns16.ovh.net.
|
||||
60 IN NS dns16.ovh.net.
|
||||
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
60 IN TXT v=spf1 mx a:lassul.us -all
|
||||
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
io 60 IN NS ions.lassul.us.
|
||||
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
60 IN NS ns16.ovh.net.
|
||||
60 IN NS dns16.ovh.net.
|
||||
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
60 IN TXT v=spf1 mx a:lassul.us -all
|
||||
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
|
||||
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
|
||||
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
io 60 IN NS ions.lassul.us.
|
||||
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
nets = rec {
|
||||
|
@ -149,6 +120,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
domsen-nas = {
|
||||
ci = false;
|
||||
monitoring = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
internet = {
|
||||
|
@ -161,6 +133,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
uriel = {
|
||||
monitoring = false;
|
||||
cores = 1;
|
||||
nets = {
|
||||
gg23 = {
|
||||
|
@ -399,10 +372,12 @@ with import <stockholm/lib>;
|
|||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
|
||||
};
|
||||
iso = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
cores = 1;
|
||||
};
|
||||
sokrateslaptop = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = {
|
||||
|
@ -426,6 +401,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
turingmachine = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = {
|
||||
|
@ -454,6 +430,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
eddie = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
|
@ -494,6 +471,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
borg = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = {
|
||||
|
@ -521,6 +499,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
inspector = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
|
@ -552,6 +531,7 @@ with import <stockholm/lib>;
|
|||
};
|
||||
};
|
||||
dpdkm = {
|
||||
monitoring = false;
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = rec {
|
||||
|
@ -659,6 +639,37 @@ with import <stockholm/lib>;
|
|||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
|
||||
};
|
||||
red = {
|
||||
monitoring = false;
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.13";
|
||||
ip6.addr = "42:0:0:0:0:0:0:12ed";
|
||||
aliases = [
|
||||
"red.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG
|
||||
4/cqsjvHlffAN8jYDq+GImgREvbiLlFhhHgxwKh0gcDTR8P1xX/00P3/fx/g5bRF
|
||||
Te7LZT2AFmVFFFfx1n9NBweN/gG2/hzB9J8epbWLNT+RzpzHuAoREvDZ+jweSXaI
|
||||
phdmQY2s36yrR3TAShqq0q4cwlXuHT00J+InDutM0mTftBQG/fvYkBhHOfq4WSY0
|
||||
FeMK7DTKNbsqQiKKQ/kvWi7KfTW0F0c7SDpi7BLwbQzP2WbogtGy9MIrw9ZhE6Ox
|
||||
TVdAksPKw0TlYdb16X/MkbzBqTYbxFlmWzpMJABMxIVwAfQx3ZGYvJDdDXmQS2qa
|
||||
mDN2xBb/5pj3fbfp4wbwWlRVSd/AJQtRvaNY24F+UsRJb0WinIguDI6oRZx7Xt8w
|
||||
oYirKqqq1leb3EYUt8TMIXQsOw0/Iq+JJCwB+ZyLLGVNB19XOxdR3RN1JYeZANpE
|
||||
cMSS3SdFGgZ//ZAdhIN5kw9yMeKo6Rnt+Vdz3vZWTuSVp/xYO3IMGXNGAdIWIwrJ
|
||||
7fwSl/rfXGG816h0sD46U0mxd+i68YOtHlzOKe+vMZ4/FJZYd/E5/IDQluV8HLwa
|
||||
5lODfZXUmfStdV+GDA9KVEGUP5xSkC3rMnir66NgHzKpIL002/g/HfGu7O3MrvpW
|
||||
ng7AMvRv5vbsYcJBj2HUhKUCAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
|
||||
};
|
||||
};
|
||||
users = {
|
||||
lass = {
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
krebs-source = {
|
||||
nixpkgs.git = {
|
||||
ref = "4b4bbce199d3b3a8001ee93495604289b01aaad3";
|
||||
ref = "b50443b5c4ac0f382c49352a892b9d5d970eb4e7";
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
};
|
||||
stockholm.file = toString ../.;
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
<stockholm/lass/2configs/browsers.nix>
|
||||
<stockholm/lass/2configs/programs.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
<stockholm/lass/2configs/games.nix>
|
||||
<stockholm/lass/2configs/bitcoin.nix>
|
||||
<stockholm/lass/2configs/AP.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.cabal;
|
||||
|
|
|
@ -8,9 +8,9 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/boot/coreboot.nix>
|
||||
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
<stockholm/lass/2configs/games.nix>
|
||||
<stockholm/lass/2configs/steam.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
{
|
||||
# bubsy config
|
||||
users.users.bubsy = {
|
||||
|
|
|
@ -1,50 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (import <stockholm/lass/4lib> { inherit pkgs lib; }) getDefaultGateway;
|
||||
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
in {
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix>
|
||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
||||
<stockholm/lass/2configs/git.nix>
|
||||
{
|
||||
networking.interfaces.enp2s1.ip4 = [
|
||||
{
|
||||
address = ip;
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
networking.defaultGateway = getDefaultGateway ip;
|
||||
networking.nameservers = [
|
||||
"8.8.8.8"
|
||||
];
|
||||
|
||||
}
|
||||
{
|
||||
sound.enable = false;
|
||||
}
|
||||
{
|
||||
users.extraUsers = {
|
||||
satan = {
|
||||
name = "satan";
|
||||
uid = 1338;
|
||||
home = "/home/satan";
|
||||
group = "users";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
extraGroups = [
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.echelon;
|
||||
}
|
|
@ -17,6 +17,7 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/dcso-dev.nix>
|
||||
<stockholm/lass/2configs/steam.nix>
|
||||
<stockholm/lass/2configs/rtl-sdr.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
{ # automatic hardware detection
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
|
@ -137,35 +138,14 @@ with import <stockholm/lib>;
|
|||
networking.hostName = lib.mkForce "BLN02NB0162";
|
||||
|
||||
security.pki.certificateFiles = [
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })
|
||||
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
|
||||
(pkgs.writeText "minio.cert" ''
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS
|
||||
MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1
|
||||
OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
|
||||
AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL
|
||||
8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV
|
||||
YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C
|
||||
ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM
|
||||
CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw
|
||||
hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk
|
||||
MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw
|
||||
I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB
|
||||
CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30
|
||||
hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox
|
||||
jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY
|
||||
EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM
|
||||
zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a
|
||||
qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa
|
||||
-----END CERTIFICATE-----
|
||||
'')
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })
|
||||
];
|
||||
|
||||
programs.adb.enable = true;
|
||||
|
|
|
@ -14,9 +14,9 @@
|
|||
<stockholm/lass/2configs/browsers.nix>
|
||||
<stockholm/lass/2configs/programs.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
<stockholm/lass/2configs/games.nix>
|
||||
<stockholm/lass/2configs/bitcoin.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.icarus;
|
||||
|
|
|
@ -8,7 +8,7 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
||||
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
<stockholm/lass/2configs/steam.nix>
|
||||
{
|
||||
users.users.blacky = {
|
||||
|
|
|
@ -33,6 +33,7 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/ableton.nix>
|
||||
<stockholm/lass/2configs/dunst.nix>
|
||||
<stockholm/lass/2configs/rtl-sdr.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
{
|
||||
#risk of rain port
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
|
@ -140,6 +141,8 @@ with import <stockholm/lib>;
|
|||
dpass
|
||||
|
||||
dnsutils
|
||||
woeusb
|
||||
l-gen-secrets
|
||||
generate-secrets
|
||||
(pkgs.writeDashBin "btc-coinbase" ''
|
||||
${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount'
|
||||
|
@ -186,6 +189,10 @@ with import <stockholm/lib>;
|
|||
programs.adb.enable = true;
|
||||
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
|
||||
virtualisation.docker.enable = true;
|
||||
services.redshift = {
|
||||
enable = true;
|
||||
provider = "geoclue2";
|
||||
};
|
||||
|
||||
lass.restic = genAttrs [
|
||||
"daedalus"
|
||||
|
|
|
@ -104,6 +104,7 @@ in {
|
|||
];
|
||||
}
|
||||
{ # TODO make new hfos.nix out of this vv
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
users.users.riot = {
|
||||
uid = genid "riot";
|
||||
isNormalUser = true;
|
||||
|
@ -189,26 +190,6 @@ in {
|
|||
localAddress = "10.233.2.2";
|
||||
};
|
||||
}
|
||||
{
|
||||
#kaepsele
|
||||
systemd.services."container@kaepsele".reloadIfChanged = mkForce false;
|
||||
containers.kaepsele = {
|
||||
config = { ... }: {
|
||||
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||
lass.pubkey
|
||||
tv.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = true;
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.3";
|
||||
localAddress = "10.233.2.4";
|
||||
};
|
||||
}
|
||||
{
|
||||
#onondaga
|
||||
systemd.services."container@onondaga".reloadIfChanged = mkForce false;
|
||||
|
@ -237,13 +218,12 @@ in {
|
|||
<stockholm/lass/2configs/repo-sync.nix>
|
||||
<stockholm/lass/2configs/binary-cache/server.nix>
|
||||
<stockholm/lass/2configs/iodined.nix>
|
||||
<stockholm/lass/2configs/monitoring/server.nix>
|
||||
<stockholm/lass/2configs/monitoring/monit-alarms.nix>
|
||||
<stockholm/lass/2configs/paste.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
<stockholm/lass/2configs/reaktor-coders.nix>
|
||||
<stockholm/lass/2configs/ciko.nix>
|
||||
<stockholm/lass/2configs/container-networking.nix>
|
||||
<stockholm/lass/2configs/monitoring/prometheus-server.nix>
|
||||
{ # quasi bepasty.nix
|
||||
imports = [
|
||||
<stockholm/lass/2configs/bepasty.nix>
|
||||
|
@ -324,6 +304,35 @@ in {
|
|||
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
<stockholm/lass/2configs/go.nix>
|
||||
{
|
||||
environment.systemPackages = [ pkgs.cryptsetup ];
|
||||
systemd.services."container@red".reloadIfChanged = mkForce false;
|
||||
containers.red = {
|
||||
config = { ... }: {
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = false;
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.3";
|
||||
localAddress = "10.233.2.4";
|
||||
};
|
||||
services.nginx.virtualHosts."rote-allez-fraktion.de" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
proxy_set_header Host rote-allez-fraktion.de;
|
||||
proxy_pass http://10.233.2.4;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.prism;
|
||||
|
|
31
lass/1systems/red/config.nix
Normal file
31
lass/1systems/red/config.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
with import <stockholm/lib>;
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
|
||||
servephpBB
|
||||
;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/websites>
|
||||
<stockholm/lass/2configs/websites/sqlBackup.nix>
|
||||
(servephpBB [ "rote-allez-fraktion.de" ])
|
||||
];
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.red;
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
|
||||
services.nginx.enable = true;
|
||||
environment.variables.NIX_REMOTE = "daemon";
|
||||
environment.systemPackages = [
|
||||
pkgs.mk_sql_pair
|
||||
];
|
||||
}
|
|
@ -1,3 +1,4 @@
|
|||
import <stockholm/lass/source.nix> {
|
||||
name = "echelon";
|
||||
name = "red";
|
||||
secure = true;
|
||||
}
|
|
@ -15,9 +15,9 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/browsers.nix>
|
||||
<stockholm/lass/2configs/programs.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
<stockholm/lass/2configs/wine.nix>
|
||||
<stockholm/lass/2configs/bitcoin.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.shodan;
|
||||
|
|
|
@ -9,7 +9,6 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/retiolum.nix>
|
||||
#<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/backups.nix>
|
||||
{
|
||||
# discordius config
|
||||
services.xserver.enable = true;
|
||||
|
|
|
@ -2,10 +2,4 @@ with import <stockholm/lib>;
|
|||
import <stockholm/lass/source.nix> {
|
||||
name = "xerxes";
|
||||
secure = true;
|
||||
override = {
|
||||
nixpkgs.git = mkForce {
|
||||
url = https://github.com/lassulus/nixpkgs;
|
||||
ref = "3eccd0b";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
77
lass/2configs/AP.nix
Normal file
77
lass/2configs/AP.nix
Normal file
|
@ -0,0 +1,77 @@
|
|||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
wifi = "wlp0s29u1u2";
|
||||
in {
|
||||
boot.extraModulePackages = [
|
||||
pkgs.linuxPackages.rtl8814au
|
||||
];
|
||||
networking.networkmanager.unmanaged = [ wifi ];
|
||||
|
||||
systemd.services.hostapd = {
|
||||
description = "hostapd wireless AP";
|
||||
path = [ pkgs.hostapd ];
|
||||
wantedBy = [ "network.target" ];
|
||||
|
||||
after = [ "${wifi}-cfg.service" "nat.service" "bind.service" "dhcpd.service" "sys-subsystem-net-devices-${wifi}.device" ];
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.hostapd}/bin/hostapd ${pkgs.writeText "hostapd.conf" ''
|
||||
interface=${wifi}
|
||||
hw_mode=a
|
||||
channel=36
|
||||
ieee80211d=1
|
||||
country_code=DE
|
||||
ieee80211n=1
|
||||
ieee80211ac=1
|
||||
wmm_enabled=1
|
||||
|
||||
# 5ghz
|
||||
ssid=krebsing
|
||||
auth_algs=1
|
||||
wpa=2
|
||||
wpa_key_mgmt=WPA-PSK
|
||||
rsn_pairwise=CCMP
|
||||
wpa_passphrase=aidsballz
|
||||
''}";
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
|
||||
networking.interfaces.${wifi}.ipv4.addresses = [
|
||||
{ address = "10.99.0.1"; prefixLength = 24; }
|
||||
];
|
||||
services.dhcpd4 = {
|
||||
enable = true;
|
||||
interfaces = [ wifi ];
|
||||
extraConfig = ''
|
||||
option subnet-mask 255.255.255.0;
|
||||
option routers 10.99.0.1;
|
||||
option domain-name-servers 1.1.1.1, 8.8.8.8;
|
||||
subnet 10.99.0.0 netmask 255.255.255.0 {
|
||||
range 10.99.0.100 10.99.0.200;
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||
{ v6 = false; predicate = "-d 10.99.0.0/24 -o ${wifi} -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 -i ${wifi}"; target = "ACCEPT"; }
|
||||
{ v6 = false; predicate = "-i ${wifi} -o ${wifi}"; target = "ACCEPT"; }
|
||||
{ v6 = false; predicate = "-o ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
||||
{ v6 = false; predicate = "-i ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
||||
];
|
||||
krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24"; target = "ACCEPT"; precedence = 1000; }
|
||||
];
|
||||
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
||||
#TODO find out what this is about?
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 -d 255.255.255.255"; target = "RETURN"; }
|
||||
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24"; target = "MASQUERADE"; }
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24 -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
|
||||
{ v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24 -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
|
||||
];
|
||||
}
|
20
lass/2configs/backup.nix
Normal file
20
lass/2configs/backup.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{ config, lib, ... }:
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
fileSystems = {
|
||||
"/backups" = {
|
||||
device = "/dev/pool/backup";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
users.users.backup = {
|
||||
useDefaultShell = true;
|
||||
home = "/backups";
|
||||
createHome = true;
|
||||
openssh.authorizedKeys.keys = with config.krebs.hosts; [
|
||||
mors.ssh.pubkey
|
||||
prism.ssh.pubkey
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,173 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
|
||||
# TODO add timerConfig to krebs.backup and randomize startup
|
||||
# TODO define plans more abstract
|
||||
krebs.backup.plans = {
|
||||
} // mapAttrs (_: recursiveUpdate {
|
||||
snapshots = {
|
||||
daily = { format = "%Y-%m-%d"; retain = 7; };
|
||||
weekly = { format = "%YW%W"; retain = 4; };
|
||||
monthly = { format = "%Y-%m"; retain = 12; };
|
||||
yearly = { format = "%Y"; };
|
||||
};
|
||||
}) {
|
||||
dishfire-http-prism = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; };
|
||||
startAt = "03:00";
|
||||
};
|
||||
dishfire-http-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-http"; };
|
||||
startAt = "03:10";
|
||||
};
|
||||
dishfire-http-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; };
|
||||
startAt = "03:05";
|
||||
};
|
||||
dishfire-http-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-http"; };
|
||||
startAt = "03:10";
|
||||
};
|
||||
dishfire-sql-prism = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; };
|
||||
startAt = "03:15";
|
||||
};
|
||||
dishfire-sql-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-sql"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
dishfire-sql-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; };
|
||||
startAt = "03:20";
|
||||
};
|
||||
dishfire-sql-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-sql"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
prism-bitlbee-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-bitlbee"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
prism-bitlbee-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
prism-bitlbee-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-bitlbee"; };
|
||||
startAt = "03:25";
|
||||
};
|
||||
prism-chat-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-chat"; };
|
||||
startAt = "03:35";
|
||||
};
|
||||
prism-chat-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; };
|
||||
startAt = "03:30";
|
||||
};
|
||||
prism-chat-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-chat"; };
|
||||
startAt = "03:35";
|
||||
};
|
||||
prism-sql-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-sql_dumps"; };
|
||||
startAt = "03:45";
|
||||
};
|
||||
prism-sql-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; };
|
||||
startAt = "03:40";
|
||||
};
|
||||
prism-sql-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-sql_dumps"; };
|
||||
startAt = "03:45";
|
||||
};
|
||||
prism-http-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-http"; };
|
||||
startAt = "03:55";
|
||||
};
|
||||
prism-http-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; };
|
||||
startAt = "03:50";
|
||||
};
|
||||
prism-http-shodan = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-http"; };
|
||||
startAt = "03:55";
|
||||
};
|
||||
icarus-home-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.icarus; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/icarus-home"; };
|
||||
startAt = "05:00";
|
||||
};
|
||||
icarus-home-shodan = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.icarus; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/icarus-home"; };
|
||||
startAt = "05:00";
|
||||
};
|
||||
mors-home-icarus = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.mors; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/mors-home"; };
|
||||
startAt = "05:00";
|
||||
};
|
||||
mors-home-shodan = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.mors; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/mors-home"; };
|
||||
startAt = "05:00";
|
||||
};
|
||||
shodan-home-icarus = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.shodan; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/shodan-home"; };
|
||||
startAt = "04:00";
|
||||
};
|
||||
shodan-home-mors = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.shodan; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.mors; path = "/bku/shodan-home"; };
|
||||
startAt = "04:00";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -9,7 +9,6 @@ in {
|
|||
./power-action.nix
|
||||
./copyq.nix
|
||||
./livestream.nix
|
||||
./dns-stuff.nix
|
||||
./urxvt.nix
|
||||
./network-manager.nix
|
||||
{
|
||||
|
|
|
@ -10,9 +10,6 @@ in {
|
|||
krebs.per-user.bitcoin.packages = [
|
||||
pkgs.electrum
|
||||
];
|
||||
krebs.per-user.ethereum.packages = [
|
||||
pkgs.go-ethereum
|
||||
];
|
||||
users.extraUsers = {
|
||||
bch = {
|
||||
name = "bch";
|
||||
|
@ -28,13 +25,6 @@ in {
|
|||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
};
|
||||
ethereum = {
|
||||
name = "ethereum";
|
||||
description = "user for ethereum stuff";
|
||||
home = "/home/ethereum";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL
|
||||
|
|
|
@ -9,6 +9,7 @@ in {
|
|||
dev = {
|
||||
name = "dev";
|
||||
uid = genid "dev";
|
||||
extraGroups = [ "docker" ];
|
||||
description = "user for collaborative development";
|
||||
home = "/home/dev";
|
||||
useDefaultShell = true;
|
||||
|
|
|
@ -6,10 +6,9 @@ with import <stockholm/lib>;
|
|||
./gc.nix
|
||||
./mc.nix
|
||||
./vim.nix
|
||||
./monitoring/client.nix
|
||||
./monitoring/node-exporter.nix
|
||||
./zsh.nix
|
||||
./htop.nix
|
||||
./backups.nix
|
||||
./security-workarounds.nix
|
||||
{
|
||||
users.extraUsers =
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
services.dnscrypt-proxy = {
|
||||
enable = true;
|
||||
localAddress = "127.1.0.1";
|
||||
customResolver = {
|
||||
address = config.krebs.hosts.gum.nets.internet.ip4.addr;
|
||||
port = 15251;
|
||||
name = "2.dnscrypt-cert.euer.krebsco.de";
|
||||
key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C";
|
||||
};
|
||||
};
|
||||
services.resolved.enable = true;
|
||||
services.resolved.fallbackDns = [ "127.1.0.1" ];
|
||||
}
|
|
@ -79,6 +79,7 @@ with import <stockholm/lib>;
|
|||
{ from = "ovh@lassul.us"; to = lass.mail; }
|
||||
{ from = "hetzner@lassul.us"; to = lass.mail; }
|
||||
{ from = "allygator@lassul.us"; to = lass.mail; }
|
||||
{ from = "immoscout@lassul.us"; to = lass.mail; }
|
||||
];
|
||||
system-aliases = [
|
||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||
|
|
|
@ -3,6 +3,6 @@
|
|||
with import <stockholm/lib>;
|
||||
{
|
||||
nix.gc = {
|
||||
automatic = ! elem config.krebs.build.host.name [ "prism" "mors" "helios" ];
|
||||
automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer);
|
||||
};
|
||||
}
|
||||
|
|
|
@ -57,6 +57,16 @@ let
|
|||
cgit.desc = "Fork of nix-user-chroot my lethalman";
|
||||
cgit.section = "software";
|
||||
};
|
||||
nixos-aws = {
|
||||
collaborators = [ {
|
||||
name = "fabio";
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada";
|
||||
} ];
|
||||
};
|
||||
krops = {
|
||||
cgit.desc = "krebs deployment";
|
||||
cgit.section = "software";
|
||||
};
|
||||
} // mapAttrs make-public-repo-silent {
|
||||
};
|
||||
|
||||
|
@ -70,8 +80,8 @@ let
|
|||
import <secrets/repos.nix> { inherit config lib pkgs; }
|
||||
);
|
||||
|
||||
make-public-repo = name: { cgit ? {}, ... }: {
|
||||
inherit cgit name;
|
||||
make-public-repo = name: { cgit ? {}, collaborators ? [], ... }: {
|
||||
inherit cgit collaborators name;
|
||||
public = true;
|
||||
hooks = {
|
||||
post-receive = pkgs.git-hooks.irc-announce {
|
||||
|
|
19
lass/2configs/go.nix
Normal file
19
lass/2configs/go.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
krebs.go = {
|
||||
enable = true;
|
||||
};
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts.go = {
|
||||
locations."/".extraConfig = ''
|
||||
proxy_set_header Host go.lassul.us;
|
||||
proxy_pass http://localhost:1337;
|
||||
'';
|
||||
serverAliases = [
|
||||
"go.lassul.us"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -206,8 +206,11 @@ in {
|
|||
msmtp
|
||||
mutt
|
||||
pkgs.much
|
||||
pkgs.notmuch
|
||||
tag-new-mails
|
||||
tag-old-mails
|
||||
];
|
||||
|
||||
nixpkgs.config.packageOverrides = opkgs: {
|
||||
notmuch = (opkgs.notmuch.overrideAttrs (o: { doCheck = false; }));
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,26 +0,0 @@
|
|||
{pkgs, config, ...}:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
services.telegraf = {
|
||||
enable = true;
|
||||
|
||||
extraConfig = {
|
||||
agent.interval = "1s";
|
||||
outputs = {
|
||||
influxdb = {
|
||||
urls = ["http://prism:8086"];
|
||||
database = "telegraf_db";
|
||||
user_agent = "telegraf";
|
||||
};
|
||||
};
|
||||
inputs = {
|
||||
cpu = {
|
||||
percpu = false;
|
||||
totalcpu = true;
|
||||
};
|
||||
mem = {};
|
||||
net = {};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,44 +0,0 @@
|
|||
{pkgs, config, ...}:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
echoToIrc = msg:
|
||||
pkgs.writeDash "echo_irc" ''
|
||||
set -euf
|
||||
export LOGNAME=prism-alarm
|
||||
${pkgs.irc-announce}/bin/irc-announce \
|
||||
irc.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
|
||||
'';
|
||||
|
||||
in {
|
||||
krebs.monit = {
|
||||
enable = true;
|
||||
http.enable = true;
|
||||
alarms = {
|
||||
nirwanabluete = {
|
||||
test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'";
|
||||
alarm = echoToIrc "test nirwanabluete failed";
|
||||
};
|
||||
ubik = {
|
||||
test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'";
|
||||
alarm = echoToIrc "test ubik failed";
|
||||
};
|
||||
cac-panel = {
|
||||
test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'";
|
||||
alarm = echoToIrc "test cac-panel failed";
|
||||
};
|
||||
radio = {
|
||||
test = pkgs.writeBash "check_stream" ''
|
||||
${pkgs.curl}/bin/curl -sif http://lassul.us:8000/radio.ogg \
|
||||
| ${pkgs.gawk}/bin/awk '/^\r$/{exit}{print $0}' \
|
||||
| ${pkgs.gnugrep}/bin/grep -q "200 OK" || exit "''${PIPESTATUS[0]}"
|
||||
'';
|
||||
alarm = echoToIrc "test radio failed";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
|
|
@ -1,7 +1,9 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [ 9100 ];
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; }
|
||||
{ predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; }
|
||||
];
|
||||
services.prometheus.exporters = {
|
||||
node = {
|
||||
enable = true;
|
||||
|
|
|
@ -9,6 +9,12 @@
|
|||
# useDHCP = true;
|
||||
#};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; }
|
||||
{ predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; }
|
||||
{ predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; }
|
||||
];
|
||||
|
||||
services = {
|
||||
prometheus = {
|
||||
enable = true;
|
||||
|
@ -124,11 +130,10 @@
|
|||
static_configs = [
|
||||
{
|
||||
targets = [
|
||||
"localhost:9100"
|
||||
];
|
||||
labels = {
|
||||
alias = "prometheus.example.com";
|
||||
};
|
||||
] ++ map (host: "${host}:9100") (lib.attrNames (lib.filterAttrs (_: host: host.owner.name == "lass" && host.monitoring) config.krebs.hosts));
|
||||
#labels = {
|
||||
# alias = "prometheus.example.com";
|
||||
#};
|
||||
}
|
||||
];
|
||||
}
|
||||
|
@ -159,7 +164,7 @@
|
|||
];
|
||||
"webhook_configs" = [
|
||||
{
|
||||
"url" = "https://example.com/prometheus-alerts";
|
||||
"url" = "http://127.0.0.1:14813/prometheus-alerts";
|
||||
"send_resolved" = true;
|
||||
}
|
||||
];
|
||||
|
@ -176,4 +181,37 @@
|
|||
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
|
||||
};
|
||||
};
|
||||
services.logstash = {
|
||||
enable = true;
|
||||
inputConfig = ''
|
||||
http {
|
||||
port => 14813
|
||||
host => "127.0.0.1"
|
||||
}
|
||||
'';
|
||||
filterConfig = ''
|
||||
if ([alerts]) {
|
||||
ruby {
|
||||
code => '
|
||||
lines = []
|
||||
event["alerts"].each {|p|
|
||||
lines << "#{p["labels"]["instance"]}#{p["annotations"]["summary"]} #{p["status"]}"
|
||||
}
|
||||
event["output"] = lines.join("\n")
|
||||
'
|
||||
}
|
||||
}
|
||||
'';
|
||||
outputConfig = ''
|
||||
file { path => "/tmp/logs.json" codec => "json_lines" }
|
||||
irc {
|
||||
channels => [ "#noise" ]
|
||||
host => "irc.r"
|
||||
nick => "alarm"
|
||||
codec => "json_lines"
|
||||
format => "%{output}"
|
||||
}
|
||||
'';
|
||||
#plugins = [ ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,87 +0,0 @@
|
|||
{pkgs, config, ...}:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
services.influxdb.enable = true;
|
||||
|
||||
services.influxdb.extraConfig = {
|
||||
meta.hostname = config.krebs.build.host.name;
|
||||
# meta.logging-enabled = true;
|
||||
http.bind-address = ":8086";
|
||||
admin.bind-address = ":8083";
|
||||
http.log-enabled = false;
|
||||
monitoring = {
|
||||
enabled = false;
|
||||
# write-interval = "24h";
|
||||
};
|
||||
collectd = [{
|
||||
enabled = true;
|
||||
typesdb = "${pkgs.collectd}/share/collectd/types.db";
|
||||
database = "collectd_db";
|
||||
port = 25826;
|
||||
}];
|
||||
};
|
||||
|
||||
krebs.kapacitor =
|
||||
let
|
||||
db = "telegraf_db";
|
||||
echoToIrc = pkgs.writeDash "echo_irc" ''
|
||||
set -euf
|
||||
data="$(${pkgs.jq}/bin/jq -r .message)"
|
||||
export LOGNAME=prism-alarm
|
||||
${pkgs.irc-announce}/bin/irc-announce \
|
||||
irc.r 6667 prism-alarm \#noise "$data" >/dev/null
|
||||
'';
|
||||
in {
|
||||
enable = true;
|
||||
alarms = {
|
||||
cpu = {
|
||||
database = db;
|
||||
text = ''
|
||||
var data = batch
|
||||
|query(${"'''"}
|
||||
SELECT mean("usage_user") AS mean
|
||||
FROM "${db}"."default"."cpu"
|
||||
${"'''"})
|
||||
.period(10m)
|
||||
.every(1m)
|
||||
.groupBy('host')
|
||||
data |alert()
|
||||
.crit(lambda: "mean" > 90)
|
||||
.exec('${echoToIrc}')
|
||||
data |deadman(1.0,5m)
|
||||
.stateChangesOnly()
|
||||
.exec('${echoToIrc}')
|
||||
'';
|
||||
};
|
||||
ram = {
|
||||
database = db;
|
||||
text = ''
|
||||
var data = batch
|
||||
|query(${"'''"}
|
||||
SELECT mean("used_percent") AS mean
|
||||
FROM "${db}"."default"."mem"
|
||||
${"'''"})
|
||||
.period(10m)
|
||||
.every(1m)
|
||||
.groupBy('host')
|
||||
data |alert()
|
||||
.crit(lambda: "mean" > 90)
|
||||
.exec('${echoToIrc}')
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
addr = "0.0.0.0";
|
||||
auth.anonymous.enable = true;
|
||||
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
|
||||
};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
|
@ -6,66 +6,10 @@ let
|
|||
genid
|
||||
;
|
||||
|
||||
servephpBB = domains:
|
||||
let
|
||||
domain = head domains;
|
||||
|
||||
in {
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
serverAliases = domains;
|
||||
extraConfig = ''
|
||||
index index.php;
|
||||
root /srv/http/${domain}/;
|
||||
access_log /tmp/nginx_acc.log;
|
||||
error_log /tmp/nginx_err.log;
|
||||
error_page 404 /404.html;
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
client_max_body_size 100m;
|
||||
'';
|
||||
locations."/".extraConfig = ''
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
'';
|
||||
locations."~ \.php(?:$|/)".extraConfig = ''
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
|
||||
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
|
||||
fastcgi_intercept_errors on;
|
||||
'';
|
||||
#Directives to send expires headers and turn off 404 error logging.
|
||||
locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
'';
|
||||
};
|
||||
services.phpfpm.poolConfigs."${domain}" = ''
|
||||
listen = /srv/http/${domain}/phpfpm.pool
|
||||
user = nginx
|
||||
group = nginx
|
||||
pm = dynamic
|
||||
pm.max_children = 25
|
||||
pm.start_servers = 5
|
||||
pm.min_spare_servers = 3
|
||||
pm.max_spare_servers = 20
|
||||
listen.owner = nginx
|
||||
listen.group = nginx
|
||||
php_admin_value[error_log] = 'stderr'
|
||||
php_admin_flag[log_errors] = on
|
||||
catch_workers_output = yes
|
||||
'';
|
||||
};
|
||||
|
||||
in {
|
||||
imports = [
|
||||
./default.nix
|
||||
../git.nix
|
||||
(servephpBB [ "rote-allez-fraktion.de" ])
|
||||
];
|
||||
|
||||
security.acme = {
|
||||
|
|
|
@ -28,6 +28,59 @@ rec {
|
|||
};
|
||||
};
|
||||
|
||||
servephpBB = domains:
|
||||
let
|
||||
domain = head domains;
|
||||
|
||||
in {
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
serverAliases = domains;
|
||||
extraConfig = ''
|
||||
index index.php;
|
||||
root /srv/http/${domain}/;
|
||||
access_log /tmp/nginx_acc.log;
|
||||
error_log /tmp/nginx_err.log;
|
||||
error_page 404 /404.html;
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
client_max_body_size 100m;
|
||||
'';
|
||||
locations."/".extraConfig = ''
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
'';
|
||||
locations."~ \.php(?:$|/)".extraConfig = ''
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
|
||||
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
|
||||
fastcgi_intercept_errors on;
|
||||
'';
|
||||
#Directives to send expires headers and turn off 404 error logging.
|
||||
locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
expires max;
|
||||
'';
|
||||
};
|
||||
services.phpfpm.poolConfigs."${domain}" = ''
|
||||
listen = /srv/http/${domain}/phpfpm.pool
|
||||
user = nginx
|
||||
group = nginx
|
||||
pm = dynamic
|
||||
pm.max_children = 25
|
||||
pm.start_servers = 5
|
||||
pm.min_spare_servers = 3
|
||||
pm.max_spare_servers = 20
|
||||
listen.owner = nginx
|
||||
listen.group = nginx
|
||||
php_admin_value[error_log] = 'stderr'
|
||||
php_admin_flag[log_errors] = on
|
||||
catch_workers_output = yes
|
||||
'';
|
||||
};
|
||||
|
||||
serveOwncloud = domains:
|
||||
let
|
||||
domain = head domains;
|
||||
|
|
|
@ -54,8 +54,8 @@
|
|||
eval $(dircolors -b ${pkgs.fetchFromGitHub {
|
||||
owner = "trapd00r";
|
||||
repo = "LS_COLORS";
|
||||
rev = "master";
|
||||
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
|
||||
rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
|
||||
sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
|
||||
}}/LS_COLORS)
|
||||
alias ls='ls --color'
|
||||
zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
|
||||
|
|
|
@ -50,6 +50,14 @@ rec {
|
|||
default = false;
|
||||
};
|
||||
|
||||
monitoring = mkOption {
|
||||
description = ''
|
||||
Whether the host should be monitored by monitoring tools like Prometheus.
|
||||
'';
|
||||
type = bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
owner = mkOption {
|
||||
type = user;
|
||||
};
|
||||
|
|
|
@ -349,6 +349,7 @@ let
|
|||
let b:current_syntax = "nix"
|
||||
|
||||
set isk=@,48-57,_,192-255,-,'
|
||||
set bg=dark
|
||||
'';
|
||||
in
|
||||
out
|
||||
|
|
Loading…
Reference in a new issue