From 26c897d72ce24a300b871a737c74742f35221006 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 28 Nov 2018 17:00:39 +0100
Subject: [PATCH 001/103] ma bgt: init download.binaergewitter.de
---
makefu/2configs/bgt/auphonic.pub | 1 +
.../download.binaergewitter.de.nix | 23 +++++++++++++++----
.../{deployment => }/bgt/hidden_service.nix | 0
3 files changed, 19 insertions(+), 5 deletions(-)
create mode 100644 makefu/2configs/bgt/auphonic.pub
rename makefu/2configs/{nginx => bgt}/download.binaergewitter.de.nix (51%)
rename makefu/2configs/{deployment => }/bgt/hidden_service.nix (100%)
diff --git a/makefu/2configs/bgt/auphonic.pub b/makefu/2configs/bgt/auphonic.pub
new file mode 100644
index 000000000..37b8e0599
--- /dev/null
+++ b/makefu/2configs/bgt/auphonic.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvP50lgtHhlC3LKzC1/4yzJNxkZFDSIBvEfavNfchNKJUEBPo82oVtfFgJR5XfjI7c2U9dHl+0q4qMl+9ZiZWr2YgDpAr78kpur4gjWKrnBa2eT9GIfXB3Tm1+OpI2HoeOHUKEK1gKqqe9tJfS+CLb7DLCjulW8zdLiiH6KmvyaH78hGjZv+bpx7H4rItAinl8vGe+ceRIk4tZbmkyhphXbQZa3Ov+imiJXIr7fmX3tkOhUp4YwrVlUK8J0MEa1Kf7ZYWRqvGnKYFQ73LwLPz7UIOZ93zPF4d0R7xqvdEEhIx+u1/gToQZSMUczbVqg3dixr3yeBhFA/6h0lTA61mx
diff --git a/makefu/2configs/nginx/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix
similarity index 51%
rename from makefu/2configs/nginx/download.binaergewitter.de.nix
rename to makefu/2configs/bgt/download.binaergewitter.de.nix
index 6b5687e72..6d64848f5 100644
--- a/makefu/2configs/nginx/download.binaergewitter.de.nix
+++ b/makefu/2configs/bgt/download.binaergewitter.de.nix
@@ -1,12 +1,25 @@
{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
let
- ident = (toString <secrets>) + "/mirrorsync.gum.id_ed25519";
+ ident = (builtins.readFile ./auphonic.pub);
in {
- systemd.services.mirrorsync = {
- startAt = "08:00:00";
- path = with pkgs; [ rsync openssh ];
- script = ''rsync -av -e "ssh -i ${ident}" mirrorsync@159.69.132.234:/var/www/html/ /var/www/binaergewitter'';
+ services.openssh = {
+ allowSFTP = true;
+ sftpFlags = [ "-l VERBOSE" ];
+ extraConfig = ''
+ Match User auphonic
+ ForceCommand internal-sftp
+ AllowTcpForwarding no
+ X11Forwarding no
+ PasswordAuthentication no
+ '';
+ };
+ users.users.auphonic = {
+ uid = genid "auphonic";
+ group = "nginx";
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
};
services.nginx = {
enable = lib.mkDefault true;
diff --git a/makefu/2configs/deployment/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix
similarity index 100%
rename from makefu/2configs/deployment/bgt/hidden_service.nix
rename to makefu/2configs/bgt/hidden_service.nix
From a2b8571c5e39e4a8b5adf6be91a661332a0103df Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 30 Nov 2018 23:02:21 +0100
Subject: [PATCH 002/103] ma: fix ssh key of ulrich
---
krebs/3modules/makefu/ssh/ulrich.pub | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/makefu/ssh/ulrich.pub b/krebs/3modules/makefu/ssh/ulrich.pub
index 88313ee7c..8ac69004c 100644
--- a/krebs/3modules/makefu/ssh/ulrich.pub
+++ b/krebs/3modules/makefu/ssh/ulrich.pub
@@ -1 +1 @@
-AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de
From 91e05287a7a37e960a14144a5abcb4e39cba500c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 30 Nov 2018 23:15:36 +0100
Subject: [PATCH 003/103] k binary-cache: use https://cache.krebsco.de
---
krebs/2configs/binary-cache/prism.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/2configs/binary-cache/prism.nix b/krebs/2configs/binary-cache/prism.nix
index 46b386e14..51b4a1afc 100644
--- a/krebs/2configs/binary-cache/prism.nix
+++ b/krebs/2configs/binary-cache/prism.nix
@@ -3,7 +3,7 @@
{
nix = {
binaryCaches = [
- "http://cache.prism.r"
+ "https://cache.krebsco.de"
];
binaryCachePublicKeys = [
"cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
From 861d4481f710d60d0d84aa8b1f8997f7fc18890d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 30 Nov 2018 23:18:53 +0100
Subject: [PATCH 004/103] ma krops: RIP deployment option
---
makefu/krops.nix | 15 +++++----------
makefu/update-channel.sh | 2 +-
2 files changed, 6 insertions(+), 11 deletions(-)
diff --git a/makefu/krops.nix b/makefu/krops.nix
index 6c510eba3..2a2f70a05 100644
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@@ -7,7 +7,6 @@
host-src = {
secure = false;
- full = false;
torrent = false;
hw = false;
musnix = false;
@@ -23,7 +22,11 @@
{
# nixos-18.09 @ 2018-09-18
# + uhub/sqlite: 5dd7610401747
- nixpkgs = if test then {
+ # + hovercraft: 7134801b17d72
+ nixpkgs = if host-src.arm6 then {
+ # TODO: we want to track the unstable channel
+ symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
+ } else {
file = {
path = toString (pkgs.fetchFromGitHub {
owner = "makefu";
@@ -33,14 +36,6 @@
});
useChecksum = true;
};
- } else if host-src.full then {
- git.ref = nixpkgs-src.rev;
- git.url = nixpkgs-src.url;
- } else if host-src.arm6 then {
- # TODO: we want to track the unstable channel
- symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
- } else {
- file = "/home/makefu/store/${nixpkgs-src.rev}";
};
nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix";
diff --git a/makefu/update-channel.sh b/makefu/update-channel.sh
index 59d3c434f..0899581ec 100755
--- a/makefu/update-channel.sh
+++ b/makefu/update-channel.sh
@@ -6,4 +6,4 @@ nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--rev refs/heads/master' \
> $dir/nixpkgs.json
newref=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
-echo git commit $dir/nixpkgs.json -m "nixpkgs: $oldref -> $newref"
+echo "git commit $dir/nixpkgs.json -m 'ma nixpkgs: $oldref -> $newref'"
From 5782a4de2e5b5f4843a421bac7456e83790950d1 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 3 Dec 2018 09:20:14 +0100
Subject: [PATCH 005/103] cache.nixos.org: provide index.html
---
krebs/2configs/cache.nsupdate.info.nix | 8 ++++++--
krebs/3modules/cachecache.nix | 20 ++++++++++----------
2 files changed, 16 insertions(+), 12 deletions(-)
diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix
index 056667d8c..db221686f 100644
--- a/krebs/2configs/cache.nsupdate.info.nix
+++ b/krebs/2configs/cache.nsupdate.info.nix
@@ -1,4 +1,4 @@
-{lib, ... }:
+{ pkgs, lib, ... }:
with lib;
let
domain = "cache.nsupdate.info";
@@ -17,9 +17,13 @@ in {
};
krebs.cachecache = {
enable = true;
- enableSSL = false; # disable letsencrypt for testing
+ enableSSL = true; # disable letsencrypt for testing
cacheDir = "/var/cache/nix-cache-cache";
maxSize = "10g";
+ indexFile = pkgs.fetchurl {
+ url = "https://raw.githubusercontent.com/krebs/35c3-nixos-cache/master/index.html";
+ sha256 = "0n9lji4rpi2wpfik3dvl92mmpfrywyp33iwsw7d8qmykk7l0hfp8";
+ };
# assumes that the domain is reachable from the internet
virtualHost = domain;
diff --git a/krebs/3modules/cachecache.nix b/krebs/3modules/cachecache.nix
index 989320480..2c2d07ff5 100644
--- a/krebs/3modules/cachecache.nix
+++ b/krebs/3modules/cachecache.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ pkgs, config, lib, ... }:
# fork of https://gist.github.com/rycee/f495fc6cc4130f155e8b670609a1e57b
@@ -59,15 +59,6 @@ in
'';
};
- # webRoot = mkOption {
- # type = types.str;
- # default = "/";
- # description = ''
- # Directory on virtual host that serves the cache. Must end in
- # <literal>/</literal>.
- # '';
- # };
-
resolver = mkOption {
type = types.str;
description = "Address of DNS resolver.";
@@ -82,6 +73,13 @@ in
Where nginx should store cached data.
'';
};
+ indexFile = mkOption {
+ type = types.path;
+ default = pkgs.writeText "myindex" "<html>hello world</html>";
+ description = ''
+ Path to index.html file.
+ '';
+ };
maxSize = mkOption {
type = types.str;
@@ -98,6 +96,7 @@ in
systemd.services.nginx.preStart = ''
mkdir -p ${cfg.cacheDir} /srv/www/nix-cache-cache
chmod 700 ${cfg.cacheDir} /srv/www/nix-cache-cache
+ ln -fs ${cfg.indexFile} /srv/www/nix-cache-cache/index.html
chown ${nginxCfg.user}:${nginxCfg.group} \
${cfg.cacheDir} /srv/www/nix-cache-cache
'';
@@ -143,6 +142,7 @@ in
locations."/" =
{
root = "/srv/www/nix-cache-cache";
+ index = "index.html";
extraConfig = ''
expires max;
add_header Cache-Control $nix_cache_cache_header always;
From 9052d190a352ef9b581d084e2edcd95800cadcfe Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 3 Dec 2018 09:20:48 +0100
Subject: [PATCH 006/103] ma gum.r: enable download.binaergewitter and
cache.nsupdate.info
---
makefu/1systems/gum/config.nix | 12 ++++++++----
makefu/1systems/gum/hardware-config.nix | 11 ++++++++++-
makefu/1systems/gum/rescue.txt | 4 ++++
makefu/1systems/gum/source.nix | 2 +-
4 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 3d2cbac6f..a1691da3a 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -4,13 +4,14 @@ with import <stockholm/lib>;
let
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
ext-if = config.makefu.server.primary-itf;
+ allDisks = [ "/dev/sda" "/dev/sdb" ];
in {
imports = [
<stockholm/makefu>
./hardware-config.nix
{
users.users.lass = {
- uid = 9002;
+ uid = 19002;
isNormalUser = true;
createHome = true;
useDefaultShell = true;
@@ -21,7 +22,7 @@ in {
};
}
<stockholm/makefu/2configs/headless.nix>
- # <stockholm/makefu/2configs/smart-monitor.nix>
+ <stockholm/makefu/2configs/smart-monitor.nix>
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
@@ -93,13 +94,15 @@ in {
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
<stockholm/makefu/2configs/nginx/iso.euer.nix>
+ <stockholm/krebs/2configs/cache.nsupdate.info.nix>
<stockholm/makefu/2configs/shack/events-publisher>
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
<stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
- <stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
+ <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
+ <stockholm/makefu/2configs/bgt/hidden_service.nix>
<stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/logging/client.nix>
@@ -132,7 +135,7 @@ in {
ListenAddress = ${external-ip} 21031
'';
connectTo = [
- "prism" "ni" "enklave" "dishfire" "echelon" "hotdog"
+ "prism" "ni" "enklave" "eve" "archprism"
];
};
@@ -189,6 +192,7 @@ in {
nameservers = [ "8.8.8.8" ];
};
users.users.makefu.extraGroups = [ "download" "nginx" ];
+ services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
boot.tmpOnTmpfs = true;
state = [ "/home/makefu/.weechat" ];
}
diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix
index bfe29b46c..e9670a5a4 100644
--- a/makefu/1systems/gum/hardware-config.nix
+++ b/makefu/1systems/gum/hardware-config.nix
@@ -46,7 +46,7 @@ in {
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
];
- boot.kernelModules = [ "kvm-intel" ];
+ boot.kernelModules = [ "dm-thin-pool" "kvm-intel" ];
hardware.enableRedistributableFirmware = true;
fileSystems."/" = {
device = "/dev/mapper/nixos-root";
@@ -56,10 +56,19 @@ in {
device = "/dev/mapper/nixos-lib";
fsType = "ext4";
};
+ fileSystems."/var/log" = {
+ device = "/dev/mapper/nixos-log";
+ fsType = "ext4";
+ };
fileSystems."/var/download" = {
device = "/dev/mapper/nixos-download";
fsType = "ext4";
};
+ fileSystems."/var/www/binaergewitter" = {
+ device = "/dev/mapper/nixos-binaergewitter";
+ fsType = "ext4";
+ options = [ "nofail" ];
+ };
fileSystems."/var/lib/borgbackup" = {
device = "/dev/mapper/nixos-backup";
fsType = "ext4";
diff --git a/makefu/1systems/gum/rescue.txt b/makefu/1systems/gum/rescue.txt
index 30276b7db..0a3ed96ee 100644
--- a/makefu/1systems/gum/rescue.txt
+++ b/makefu/1systems/gum/rescue.txt
@@ -1,10 +1,14 @@
+ssh gum.i -o StrictHostKeyChecking=no
+
mount /dev/mapper/nixos-root /mnt
mount /dev/sda2 /mnt/boot
chroot-prepare /mnt
chroot /mnt /bin/sh
+
journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub)
+# ... activating ...
export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin
/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate
diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix
index 6940498f1..1e36c6e87 100644
--- a/makefu/1systems/gum/source.nix
+++ b/makefu/1systems/gum/source.nix
@@ -1,5 +1,5 @@
{
- name="nextgum";
+ name="gum";
torrent = true;
clever_kexec = true;
}
From 756d387a544ccae47db770d88ce7a72e22343b30 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 3 Dec 2018 09:30:57 +0100
Subject: [PATCH 007/103] ma 0tests: add nsupdate-cache.nix
---
makefu/0tests/data/secrets/nsupdate-cache.nix | 1 +
1 file changed, 1 insertion(+)
create mode 100644 makefu/0tests/data/secrets/nsupdate-cache.nix
diff --git a/makefu/0tests/data/secrets/nsupdate-cache.nix b/makefu/0tests/data/secrets/nsupdate-cache.nix
new file mode 100644
index 000000000..f5e704702
--- /dev/null
+++ b/makefu/0tests/data/secrets/nsupdate-cache.nix
@@ -0,0 +1 @@
+"derp"
From 176883b37dd48c52c500c2159c00914c39b36250 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 3 Dec 2018 09:45:56 +0100
Subject: [PATCH 008/103] bepasty-server: use genid_uint31
---
krebs/3modules/bepasty-server.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index dd29a4e17..e12367b7c 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -143,12 +143,12 @@ let
) cfg.servers;
users.extraUsers.bepasty = {
- uid = genid "bepasty";
+ uid = genid_uint31 "bepasty";
group = "bepasty";
home = "/var/lib/bepasty-server";
};
users.extraGroups.bepasty = {
- gid = genid "bepasty";
+ gid = genid_uint31 "bepasty";
};
};
From dec7956b534673d76848f617657b62d46f4de769 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 3 Dec 2018 09:46:09 +0100
Subject: [PATCH 009/103] fetchWallpaper: use genid_uint31
---
krebs/3modules/fetchWallpaper.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index 5a5065565..e89b86e32 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -53,7 +53,7 @@ let
imp = {
users.users.fetchWallpaper = {
name = "fetchWallpaper";
- uid = genid "fetchWallpaper";
+ uid = genid_uint31 "fetchWallpaper";
description = "fetchWallpaper user";
home = cfg.stateDir;
createHome = true;
From 692271b2b9bf5de258d3d8424f273a517abaea2a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 3 Dec 2018 09:46:19 +0100
Subject: [PATCH 010/103] tinc_graphs: use genid_uint31
---
krebs/3modules/tinc_graphs.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index 8390eccbb..486a0c9cc 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -124,7 +124,7 @@ let
};
users.extraUsers.tinc_graphs = {
- uid = genid "tinc_graphs";
+ uid = genid_uint31 "tinc_graphs";
home = "/var/spool/tinc_graphs";
};
services.nginx = mkIf cfg.nginx.enable {
From 79e5320e6b1da4d9d3569fe2b4f42c5d9db7c641 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 3 Dec 2018 09:47:35 +0100
Subject: [PATCH 011/103] l: use genid_uint31 where needed
---
lass/1systems/prism/config.nix | 12 ++++++------
lass/2configs/radio.nix | 3 +--
lass/2configs/websites/lassulus.nix | 6 +++---
lass/3modules/xjail.nix | 2 +-
4 files changed, 11 insertions(+), 12 deletions(-)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 0ca39447d..e2097e93a 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -25,7 +25,7 @@ with import <stockholm/lib>;
{ # TODO make new hfos.nix out of this vv
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
users.users.riot = {
- uid = genid "riot";
+ uid = genid_uint31 "riot";
isNormalUser = true;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
@@ -44,21 +44,21 @@ with import <stockholm/lib>;
}
{
users.users.tv = {
- uid = genid "tv";
+ uid = genid_uint31 "tv";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.tv.pubkey
];
};
users.users.makefu = {
- uid = genid "makefu";
+ uid = genid_uint31 "makefu";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.makefu.pubkey
];
};
users.extraUsers.dritter = {
- uid = genid "dritter";
+ uid = genid_uint31 "dritter";
isNormalUser = true;
extraGroups = [
"download"
@@ -75,7 +75,7 @@ with import <stockholm/lib>;
];
};
users.users.hellrazor = {
- uid = genid "hellrazor";
+ uid = genid_uint31 "hellrazor";
isNormalUser = true;
extraGroups = [
"download"
@@ -168,7 +168,7 @@ with import <stockholm/lib>;
}
{
users.users.jeschli = {
- uid = genid "jeschli";
+ uid = genid_uint31 "jeschli";
isNormalUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
jeschli.pubkey
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 85faded14..987632cd1 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -5,7 +5,6 @@ with import <stockholm/lib>;
let
name = "radio";
mainUser = config.users.extraUsers.mainUser;
- inherit (import <stockholm/lib>) genid;
admin-password = import <secrets/icecast-admin-pw>;
source-password = import <secrets/icecast-source-pw>;
@@ -31,7 +30,7 @@ in {
"${name}" = rec {
inherit name;
group = name;
- uid = genid name;
+ uid = genid_uint31 name;
description = "radio manager";
home = "/home/${name}";
useDefaultShell = true;
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 6470d86f7..17af0d00d 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -3,7 +3,7 @@
with lib;
let
inherit (import <stockholm/lib>)
- genid
+ genid_uint31
;
in {
@@ -22,7 +22,7 @@ in {
krebs.tinc_graphs.enable = true;
users.users.lass-stuff = {
- uid = genid "lass-stuff";
+ uid = genid_uint31 "lass-stuff";
description = "lassul.us blog cgi stuff";
home = "/var/empty";
};
@@ -124,7 +124,7 @@ in {
};
users.users.blog = {
- uid = genid "blog";
+ uid = genid_uint31 "blog";
description = "lassul.us blog deployment";
home = "/srv/http/lassul.us";
useDefaultShell = true;
diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix
index 974e11c6e..f6ce7ccc9 100644
--- a/lass/3modules/xjail.nix
+++ b/lass/3modules/xjail.nix
@@ -142,7 +142,7 @@ with import <stockholm/lib>;
users.users = mapAttrs' (_: cfg:
nameValuePair cfg.name {
- uid = genid cfg.name;
+ uid = genid_uint31 cfg.name;
home = "/home/${cfg.name}";
useDefaultShell = true;
createHome = true;
From 63798eb150e5d572ad887b2e6e6ce287fb187a48 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 3 Dec 2018 09:51:38 +0100
Subject: [PATCH 012/103] cabal-read: init
---
krebs/5pkgs/simple/cabal-read.nix | 35 +++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
create mode 100644 krebs/5pkgs/simple/cabal-read.nix
diff --git a/krebs/5pkgs/simple/cabal-read.nix b/krebs/5pkgs/simple/cabal-read.nix
new file mode 100644
index 000000000..f8fc71e05
--- /dev/null
+++ b/krebs/5pkgs/simple/cabal-read.nix
@@ -0,0 +1,35 @@
+{ writeHaskellPackage }:
+
+# Because `sed -n 's/.*\<ghc-options:\s\+\(.*\)/\1/p'` is too simple.
+writeHaskellPackage "cabal-read" {
+ executables.ghc-options = {
+ extra-depends = ["Cabal"];
+ text = /* haskell */ ''
+ module Main (main) where
+ import Data.List
+ import Data.Maybe
+ import Distribution.Compiler
+ import Distribution.PackageDescription.Parsec
+ import Distribution.Types.BuildInfo
+ import Distribution.Types.CondTree
+ import Distribution.Types.Executable
+ import Distribution.Types.GenericPackageDescription
+ import Distribution.Types.UnqualComponentName
+ import Distribution.Verbosity
+ import System.Environment
+ main :: IO ()
+ main = do
+ [path, name] <- getArgs
+
+ desc <- readGenericPackageDescription normal path
+
+ case lookup (mkUnqualComponentName name) (condExecutables desc) of
+ Just exe ->
+ putStrLn . intercalate " " . fromMaybe [] . lookup GHC
+ . options . buildInfo . condTreeData $ exe
+
+ Nothing ->
+ error ("executable " <> name <> " not found in " <> path)
+ '';
+ };
+}
From 4d36900c6f0eedb62652d90bc362dca14d6c7b9a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 3 Dec 2018 17:39:34 +0100
Subject: [PATCH 013/103] Reaktor: add user only if active
---
krebs/3modules/Reaktor.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix
index 677b6f7b8..669483f3c 100644
--- a/krebs/3modules/Reaktor.nix
+++ b/krebs/3modules/Reaktor.nix
@@ -8,7 +8,7 @@ let
out = {
options.krebs.Reaktor = api;
- config = imp;
+ config = mkIf (cfg != {}) imp;
};
api = mkOption {
From 1f05294906e7735ead83cdf4ce9b0d6d195fa1c5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 3 Dec 2018 17:39:53 +0100
Subject: [PATCH 014/103] l archprism.r: cleanup
---
lass/1systems/archprism/config.nix | 276 +----------------------------
1 file changed, 1 insertion(+), 275 deletions(-)
diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix
index bed8961b8..0a2ab1611 100644
--- a/lass/1systems/archprism/config.nix
+++ b/lass/1systems/archprism/config.nix
@@ -6,26 +6,10 @@ with import <stockholm/lib>;
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/libvirt.nix>
- {
- services.nginx.enable = true;
- imports = [
- <stockholm/lass/2configs/websites/domsen.nix>
- <stockholm/lass/2configs/websites/lassulus.nix>
- ];
- # needed by domsen.nix ^^
- lass.usershadow = {
- enable = true;
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
- ];
- }
{ # TODO make new hfos.nix out of this vv
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
users.users.riot = {
- uid = genid "riot";
+ uid = genid_uint31 "riot";
isNormalUser = true;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
@@ -42,153 +26,7 @@ with import <stockholm/lib>;
{ v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; }
];
}
- {
- users.users.tv = {
- uid = genid "tv";
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.tv.pubkey
- ];
- };
- users.users.makefu = {
- uid = genid "makefu";
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.makefu.pubkey
- ];
- };
- users.extraUsers.dritter = {
- uid = genid "dritter";
- isNormalUser = true;
- extraGroups = [
- "download"
- ];
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
- ];
- };
- users.extraUsers.juhulian = {
- uid = 1339;
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
- ];
- };
- users.users.hellrazor = {
- uid = genid "hellrazor";
- isNormalUser = true;
- extraGroups = [
- "download"
- ];
- openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
- };
- }
- {
- #hotdog
- systemd.services."container@hotdog".reloadIfChanged = mkForce false;
- containers.hotdog = {
- config = { ... }: {
- imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
- environment.systemPackages = [ pkgs.git ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- };
- autoStart = true;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.1";
- localAddress = "10.233.2.2";
- };
- }
- <stockholm/lass/2configs/exim-smarthost.nix>
- <stockholm/lass/2configs/ts3.nix>
- <stockholm/lass/2configs/privoxy-retiolum.nix>
- <stockholm/lass/2configs/radio.nix>
- <stockholm/lass/2configs/binary-cache/server.nix>
- <stockholm/lass/2configs/iodined.nix>
- <stockholm/lass/2configs/paste.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
- <stockholm/lass/2configs/monitoring/prometheus-server.nix>
- { # quasi bepasty.nix
- imports = [
- <stockholm/lass/2configs/bepasty.nix>
- ];
- krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
- if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
- return 403;
- }
- '';
- }
- {
- services.tor = {
- enable = true;
- };
- }
- {
- lass.ejabberd = {
- enable = true;
- hosts = [ "lassul.us" ];
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
- ];
- }
- {
- imports = [
- <stockholm/lass/2configs/realwallpaper.nix>
- ];
- services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
- alias /var/realwallpaper/realwallpaper.png;
- '';
- }
- {
- users.users.jeschli = {
- uid = genid "jeschli";
- isNormalUser = true;
- openssh.authorizedKeys.keys = with config.krebs.users; [
- jeschli.pubkey
- jeschli-bln.pubkey
- jeschli-bolide.pubkey
- jeschli-brauerei.pubkey
- ];
- };
- krebs.git.rules = [
- {
- user = with config.krebs.users; [
- jeschli
- jeschli-bln
- jeschli-bolide
- jeschli-brauerei
- ];
- repo = [ config.krebs.git.repos.xmonad-stockholm ];
- perm = with git; push "refs/heads/jeschli*" [ fast-forward non-fast-forward create delete merge ];
- }
- {
- user = with config.krebs.users; [
- jeschli
- jeschli-bln
- jeschli-bolide
- jeschli-brauerei
- ];
- repo = [ config.krebs.git.repos.stockholm ];
- perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ];
- }
- ];
- }
- {
- krebs.repo-sync.repos.stockholm.timerConfig = {
- OnBootSec = "5min";
- OnUnitInactiveSec = "2min";
- RandomizedDelaySec = "2min";
- };
- }
- <stockholm/lass/2configs/downloading.nix>
- <stockholm/lass/2configs/minecraft.nix>
{
services.taskserver = {
enable = true;
@@ -201,123 +39,11 @@ with import <stockholm/lib>;
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
];
}
- #<stockholm/lass/2configs/go.nix>
- {
- environment.systemPackages = [ pkgs.cryptsetup ];
- systemd.services."container@red".reloadIfChanged = mkForce false;
- containers.red = {
- config = { ... }: {
- environment.systemPackages = [ pkgs.git ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- };
- autoStart = false;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.3";
- localAddress = "10.233.2.4";
- };
- services.nginx.virtualHosts."rote-allez-fraktion.de" = {
- enableACME = true;
- forceSSL = true;
- locations."/" = {
- extraConfig = ''
- proxy_set_header Host rote-allez-fraktion.de;
- proxy_pass http://10.233.2.4;
- '';
- };
- };
- }
- #{
- # imports = [ <stockholm/lass/2configs/backup.nix> ];
- # lass.restic = genAttrs [
- # "daedalus"
- # "icarus"
- # "littleT"
- # "mors"
- # "shodan"
- # "skynet"
- # ] (dest: {
- # dirs = [
- # "/home/chat/.weechat"
- # "/bku/sql_dumps"
- # ];
- # passwordFile = (toString <secrets>) + "/restic/${dest}";
- # repo = "sftp:backup@${dest}.r:/backups/prism";
- # extraArguments = [
- # "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
- # ];
- # timerConfig = {
- # OnCalendar = "00:05";
- # RandomizedDelaySec = "5h";
- # };
- # });
- #}
- {
- users.users.download.openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse"
- ];
- }
- {
- }
- {
- lass.nichtparasoup.enable = true;
- services.nginx = {
- enable = true;
- virtualHosts."lol.lassul.us" = {
- forceSSL = true;
- enableACME = true;
- locations."/".extraConfig = ''
- proxy_pass http://localhost:5001;
- '';
- };
- };
- }
- {
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p udp --dport 51820"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = [
- { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
- { v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.POSTROUTING.rules = [
- { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
- ];
- networking.wireguard.interfaces.wg0 = {
- ips = [ "10.244.1.1/24" ];
- listenPort = 51820;
- privateKeyFile = (toString <secrets>) + "/wireguard.key";
- allowedIPsAsRoutes = true;
- peers = [
- {
- # lass-android
- allowedIPs = [ "10.244.1.2/32" ];
- publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
- }
- ];
- };
- }
{
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
];
}
- {
- services.murmur.enable = true;
- services.murmur.registerName = "lassul.us";
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
- ];
-
- }
];
krebs.build.host = config.krebs.hosts.archprism;
From 205e74c138d809fa1bbb8cbbc983e3344217f3be Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 3 Dec 2018 17:40:52 +0100
Subject: [PATCH 015/103] l shodan.r: no need for git & wallpaper
---
lass/1systems/shodan/config.nix | 2 --
1 file changed, 2 deletions(-)
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index 87a733d62..39c0791fc 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -8,11 +8,9 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/git.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/backup.nix>
From 9c04c0cc107fb32ac0fffb1af68d3868fe062a7b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 3 Dec 2018 22:04:39 +0100
Subject: [PATCH 016/103] ma: move home-automation
---
makefu/2configs/{deployment => }/homeautomation/default.nix | 0
makefu/2configs/{deployment => homeautomation}/google-muell.nix | 0
makefu/2configs/{deployment => }/homeautomation/mqtt.nix | 0
3 files changed, 0 insertions(+), 0 deletions(-)
rename makefu/2configs/{deployment => }/homeautomation/default.nix (100%)
rename makefu/2configs/{deployment => homeautomation}/google-muell.nix (100%)
rename makefu/2configs/{deployment => }/homeautomation/mqtt.nix (100%)
diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/homeautomation/default.nix
similarity index 100%
rename from makefu/2configs/deployment/homeautomation/default.nix
rename to makefu/2configs/homeautomation/default.nix
diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/homeautomation/google-muell.nix
similarity index 100%
rename from makefu/2configs/deployment/google-muell.nix
rename to makefu/2configs/homeautomation/google-muell.nix
diff --git a/makefu/2configs/deployment/homeautomation/mqtt.nix b/makefu/2configs/homeautomation/mqtt.nix
similarity index 100%
rename from makefu/2configs/deployment/homeautomation/mqtt.nix
rename to makefu/2configs/homeautomation/mqtt.nix
From 42e64be38804bd97c65f009e26a3de3af03d07dc Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 3 Dec 2018 22:06:23 +0100
Subject: [PATCH 017/103] cache.nsupdate.info: bump index
---
krebs/2configs/cache.nsupdate.info.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix
index db221686f..74f345614 100644
--- a/krebs/2configs/cache.nsupdate.info.nix
+++ b/krebs/2configs/cache.nsupdate.info.nix
@@ -22,7 +22,7 @@ in {
maxSize = "10g";
indexFile = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/krebs/35c3-nixos-cache/master/index.html";
- sha256 = "0n9lji4rpi2wpfik3dvl92mmpfrywyp33iwsw7d8qmykk7l0hfp8";
+ sha256 = "1vlngzbn0jipigspccgikd7xgixksimdl4wf8ix7d30ljx47p9n0";
};
# assumes that the domain is reachable from the internet
From e8e0a68029516b3577aef5aabf818589009f334d Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 3 Dec 2018 22:48:11 +0100
Subject: [PATCH 018/103] tv xmonad shell: prevent double yield
---
tv/5pkgs/haskell/xmonad-tv/shell.nix | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/tv/5pkgs/haskell/xmonad-tv/shell.nix b/tv/5pkgs/haskell/xmonad-tv/shell.nix
index 936e69627..6ca00bc05 100644
--- a/tv/5pkgs/haskell/xmonad-tv/shell.nix
+++ b/tv/5pkgs/haskell/xmonad-tv/shell.nix
@@ -46,7 +46,7 @@ in
xmonad_restart() {(
set -efu
cd "$WORKDIR"
- if systemctl is-active xmonad; then
+ if systemctl --quiet is-active xmonad; then
sudo systemctl stop xmonad
cp -b "$config_XMONAD_CACHE_DIR"/xmonad.state "$CACHEDIR"/
echo "xmonad.state: $(cat "$CACHEDIR"/xmonad.state)"
@@ -59,9 +59,14 @@ in
xmonad_yield() {(
set -efu
- "$xmonad" --shutdown
- cp -b "$CACHEDIR"/xmonad.state "$config_XMONAD_CACHE_DIR"/
- sudo systemctl start xmonad
+ if ! systemctl --quiet is-active xmonad; then
+ "$xmonad" --shutdown
+ cp -b "$CACHEDIR"/xmonad.state "$config_XMONAD_CACHE_DIR"/
+ sudo systemctl start xmonad
+ else
+ echo "xmonad.service is already running" >&2
+ exit -1
+ fi
)}
export PATH=${config.systemd.services.xmonad.path}:$PATH
From 1859d6653a12e1bfda9465780610f63da8f5ce69 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 4 Dec 2018 13:37:56 +0100
Subject: [PATCH 019/103] ma mv {deployment,}/bureautomation
---
makefu/2configs/{deployment => }/bureautomation/default.nix | 0
makefu/2configs/{deployment => }/bureautomation/hass.nix | 0
makefu/2configs/{deployment => }/bureautomation/mpd.nix | 0
3 files changed, 0 insertions(+), 0 deletions(-)
rename makefu/2configs/{deployment => }/bureautomation/default.nix (100%)
rename makefu/2configs/{deployment => }/bureautomation/hass.nix (100%)
rename makefu/2configs/{deployment => }/bureautomation/mpd.nix (100%)
diff --git a/makefu/2configs/deployment/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix
similarity index 100%
rename from makefu/2configs/deployment/bureautomation/default.nix
rename to makefu/2configs/bureautomation/default.nix
diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix
similarity index 100%
rename from makefu/2configs/deployment/bureautomation/hass.nix
rename to makefu/2configs/bureautomation/hass.nix
diff --git a/makefu/2configs/deployment/bureautomation/mpd.nix b/makefu/2configs/bureautomation/mpd.nix
similarity index 100%
rename from makefu/2configs/deployment/bureautomation/mpd.nix
rename to makefu/2configs/bureautomation/mpd.nix
From a8aa26bab161ef72c061948d78cdf0852cc05807 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 4 Dec 2018 21:32:02 +0100
Subject: [PATCH 020/103] l: adopt scardanelli & homeros (kmein)
---
krebs/3modules/lass/default.nix | 60 +++++++++++++++++++++++++++++++++
1 file changed, 60 insertions(+)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 12345a20a..44417f006 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -409,6 +409,66 @@ with import <stockholm/lib>;
};
};
};
+ scardanelli = {
+ monitoring = false;
+ ci = false;
+ external = true;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.2.2";
+ ip6.addr = "42:2:5ca:da:3111::1";
+ aliases = [
+ "scardanelli.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/
+ MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge
+ UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi
+ kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0
+ gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx
+ we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY
+ QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm
+ SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL
+ 2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f
+ m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q
+ FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5
+ lM61fOMcVW1KREdWypiDtu8CAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ homeros = {
+ monitoring = false;
+ ci = false;
+ external = true;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.2.1";
+ ip6.addr = "42:2::0:3:05::1";
+ aliases = [
+ "homeros.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd
+ ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc
+ 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v
+ RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd
+ vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3
+ +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc
+ QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm
+ fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh
+ VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7
+ k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX
+ gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N
+ mJ/hywVtvLxNkNimyztoKKMCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ };
turingmachine = {
monitoring = false;
ci = false;
From 24d1677d8b8439eb213c746bf69da5fad72c6ccc Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 4 Dec 2018 23:48:03 +0100
Subject: [PATCH 021/103] krops: 1.9.0 -> 1.10.0
---
submodules/krops | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/submodules/krops b/submodules/krops
index eb68146cc..140bdfdf6 160000
--- a/submodules/krops
+++ b/submodules/krops
@@ -1 +1 @@
-Subproject commit eb68146cc4848cfc0c0339c72a44a96fdeb4a1de
+Subproject commit 140bdfdf6c87c1822e0c4ec8f497a20ad1d4cf19
From 29998a8a355d7eec2d11801a3775125608d169a9 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 5 Dec 2018 09:01:56 +0100
Subject: [PATCH 022/103] snews: prefix with _
---
krebs/2configs/news-spam.nix | 310 +++++++++++++++++------------------
1 file changed, 155 insertions(+), 155 deletions(-)
diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix
index 88b7e1072..a8c658858 100644
--- a/krebs/2configs/news-spam.nix
+++ b/krebs/2configs/news-spam.nix
@@ -4,161 +4,161 @@
krebs.newsbot-js.news-spam = {
urlShortenerHost = "go.lassul.us";
feeds = pkgs.writeText "feeds" ''
- [SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
- [SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
- [SPAM]antirez|http://antirez.com/rss|#snews
- [SPAM]archlinux|http://www.archlinux.org/feeds/news/|#snews
- [SPAM]ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews
- [SPAM]augustl|http://augustl.com/atom.xml|#snews
- [SPAM]bbc|http://feeds.bbci.co.uk/news/rss.xml|#snews
- [SPAM]bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#snews
- [SPAM]bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#snews
- [SPAM]bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#snews
- [SPAM]bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#snews
- [SPAM]bitcoinpakistan|https://bitcoinspakistan.com/feed/|#snews
- [SPAM]cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#snews
- [SPAM]carta|http://feeds2.feedburner.com/carta-standard-rss|#snews
- [SPAM]catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#snews
- [SPAM]cbc_busi|http://rss.cbc.ca/lineup/business.xml|#snews
- [SPAM]cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#snews
- [SPAM]cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#snews
- [SPAM]cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#snews
- [SPAM]cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#snews
- [SPAM]ccc|http://www.ccc.de/rss/updates.rdf|#snews
- [SPAM]chan_biz|http://boards.4chan.org/biz/index.rss|#snews
- [SPAM]chan_g|http://boards.4chan.org/g/index.rss|#snews
- [SPAM]chan_int|http://boards.4chan.org/int/index.rss|#snews
- [SPAM]chan_sci|http://boards.4chan.org/sci/index.rss|#snews
- [SPAM]chan_x|http://boards.4chan.org/x/index.rss|#snews
- [SPAM]c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#snews
- [SPAM]cryptogon|http://www.cryptogon.com/?feed=rss2|#snews
- [SPAM]csm|http://rss.csmonitor.com/feeds/csm|#snews
- [SPAM]csm_world|http://rss.csmonitor.com/feeds/world|#snews
- [SPAM]danisch|http://www.danisch.de/blog/feed/|#snews
- [SPAM]dod|http://www.defense.gov/news/afps2.xml|#snews
- [SPAM]dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#snews
- [SPAM]ecat|http://ecat.com/feed|#snews
- [SPAM]eia_press|http://www.eia.gov/rss/press_rss.xml|#snews
- [SPAM]eia_today|http://www.eia.gov/rss/todayinenergy.xml|#snews
- [SPAM]embargowatch|https://embargowatch.wordpress.com/feed/|#snews
- [SPAM]ethereum-comments|http://blog.ethereum.org/comments/feed|#snews
- [SPAM]ethereum|http://blog.ethereum.org/feed|#snews
- [SPAM]europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#snews
- [SPAM]eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#snews
- [SPAM]exploitdb|http://www.exploit-db.com/rss.xml|#snews
- [SPAM]fars|http://www.farsnews.com/rss.php|#snews #test
- [SPAM]faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#snews
- [SPAM]faz_politik|http://www.faz.net/rss/aktuell/politik/|#snews
- [SPAM]faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#snews
- [SPAM]fbi|https://www.fbi.gov/news/rss.xml|#snews
- [SPAM]fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#snews
- [SPAM]fefe|http://blog.fefe.de/rss.xml|#snews
- [SPAM]forbes|http://www.forbes.com/forbes/feed2/|#snews
- [SPAM]forbes_realtime|http://www.forbes.com/real-time/feed2/|#snews
- [SPAM]fox|http://feeds.foxnews.com/foxnews/latest|#snews
- [SPAM]geheimorganisation|http://geheimorganisation.org/feed/|#snews
- [SPAM]GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#snews
- [SPAM]gmanet|http://www.gmanetwork.com/news/rss/news|#snews
- [SPAM]golem|http://rss.golem.de/rss.php|#snews
- [SPAM]google|http://news.google.com/?output=rss|#snews
- [SPAM]greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#snews
- [SPAM]guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#snews
- [SPAM]gulli|http://ticker.gulli.com/rss/|#snews
- [SPAM]hackernews|https://news.ycombinator.com/rss|#snews
- [SPAM]handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#snews
- [SPAM]heise|https://www.heise.de/newsticker/heise-atom.xml|#snews
- [SPAM]hindu_business|http://www.thehindubusinessline.com/?service=rss|#snews
- [SPAM]hindu|http://www.thehindu.com/?service=rss|#snews
- [SPAM]ign|http://feeds.ign.com/ign/all|#snews
- [SPAM]independent|http://www.independent.com/rss/headlines/|#snews
- [SPAM]indymedia|https://de.indymedia.org/rss.xml|#snews
- [SPAM]info_libera|http://www.informationliberation.com/rss.xml|#snews
- [SPAM]klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#snews
- [SPAM]korea_herald|http://www.koreaherald.com/rss_xml.php|#snews
- [SPAM]linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#snews
- [SPAM]lisp|http://planet.lisp.org/rss20.xml|#snews
- [SPAM]liveleak|http://www.liveleak.com/rss|#snews
- [SPAM]lolmythesis|http://lolmythesis.com/rss|#snews
- [SPAM]LtU|http://lambda-the-ultimate.org/rss.xml|#snews
- [SPAM]lukepalmer|http://lukepalmer.wordpress.com/feed/|#snews
- [SPAM]mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#snews
- [SPAM]mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#snews
- [SPAM]nds|http://www.nachdenkseiten.de/?feed=atom|#snews
- [SPAM]netzpolitik|https://netzpolitik.org/feed/|#snews
- [SPAM]newsbtc|http://newsbtc.com/feed/|#snews
- [SPAM]nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#snews
- [SPAM]npr_busi|http://www.npr.org/rss/rss.php?id=1006|#snews
- [SPAM]npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#snews
- [SPAM]npr_pol|http://www.npr.org/rss/rss.php?id=1012|#snews
- [SPAM]npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews
- [SPAM]nsa|https://www.nsa.gov/rss.xml|#snews #bullerei
- [SPAM]nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews
- [SPAM]painload|https://github.com/krebs/painload/commits/master.atom|#snews
- [SPAM]phys|http://phys.org/rss-feed/|#snews
- [SPAM]piraten|https://www.piratenpartei.de/feed/|#snews
- [SPAM]polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews
- [SPAM]presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#snews
- [SPAM]presseportal|http://www.presseportal.de/rss/presseportal.rss2|#snews
- [SPAM]prisonplanet|http://prisonplanet.com/feed.rss|#snews
- [SPAM]rawstory|http://www.rawstory.com/rs/feed/|#snews
- [SPAM]reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#snews
- [SPAM]reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#snews
- [SPAM]reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#snews
- [SPAM]reddit_consp|http://reddit.com/r/conspiracy/.rss|#snews
- [SPAM]reddit_haskell|http://www.reddit.com/r/haskell/.rss|#snews
- [SPAM]reddit_nix|http://www.reddit.com/r/nixos/.rss|#snews
- [SPAM]reddit_prog|http://www.reddit.com/r/programming/new/.rss|#snews
- [SPAM]reddit_sci|http://www.reddit.com/r/science/.rss|#snews
- [SPAM]reddit_tech|http://www.reddit.com/r/technology/.rss|#snews
- [SPAM]reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#snews
- [SPAM]reddit_world|http://www.reddit.com/r/worldnews/.rss|#snews
- [SPAM]r-ethereum|http://www.reddit.com/r/ethereum/.rss|#snews
- [SPAM]reuters|http://feeds.reuters.com/Reuters/worldNews|#snews
- [SPAM]reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#snews
- [SPAM]rt|http://rt.com/rss/news/|#snews
- [SPAM]schallurauch|http://feeds.feedburner.com/SchallUndRauch|#snews
- [SPAM]sciencemag|http://news.sciencemag.org/rss/current.xml|#snews
- [SPAM]scmp|http://www.scmp.com/rss/91/feed|#snews
- [SPAM]sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews
- [SPAM]shackspace|http://shackspace.de/atom.xml|#snews
- [SPAM]shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews
- [SPAM]sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews
- [SPAM]sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews
- [SPAM]sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#snews
- [SPAM]sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#snews
- [SPAM]sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#snews
- [SPAM]slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews
- [SPAM]slate|http://feeds.slate.com/slate|#snews
- [SPAM]spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews
- [SPAM]spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews
- [SPAM]standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews
- [SPAM]stern|http://www.stern.de/feed/standard/all/|#snews
- [SPAM]stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#snews
- [SPAM]sz_politik|http://rss.sueddeutsche.de/rss/Politik|#snews
- [SPAM]sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#snews
- [SPAM]sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#snews
- [SPAM]tagesschau|http://www.tagesschau.de/newsticker.rdf|#snews
- [SPAM]taz|http://taz.de/Themen-des-Tages/!p15;rss/|#snews
- [SPAM]telegraph|http://www.telegraph.co.uk/rss.xml|#snews
- [SPAM]telepolis|http://www.heise.de/tp/rss/news-atom.xml|#snews
- [SPAM]the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews
- [SPAM]tigsource|http://www.tigsource.com/feed/|#snews
- [SPAM]tinc|http://tinc-vpn.org/news/index.rss|#snews
- [SPAM]torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews
- [SPAM]torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews
- [SPAM]torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews
- [SPAM]travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#snews
- [SPAM]un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#snews
- [SPAM]un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#snews
- [SPAM]un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#snews
- [SPAM]un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#snews
- [SPAM]un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#snews
- [SPAM]un_top|http://www.un.org/apps/news/rss/rss_top.asp|#snews
- [SPAM]us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews
- [SPAM]vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews
- [SPAM]weechat|http://dev.weechat.org/feed/atom|#snews
- [SPAM]xkcd|https://xkcd.com/rss.xml|#snews
- [SPAM]zdnet|http://www.zdnet.com/news/rss.xml|#snews
+ _aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
+ _allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
+ _antirez|http://antirez.com/rss|#snews
+ _archlinux|http://www.archlinux.org/feeds/news/|#snews
+ _ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews
+ _augustl|http://augustl.com/atom.xml|#snews
+ _bbc|http://feeds.bbci.co.uk/news/rss.xml|#snews
+ _bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#snews
+ _bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#snews
+ _bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#snews
+ _bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#snews
+ _bitcoinpakistan|https://bitcoinspakistan.com/feed/|#snews
+ _cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#snews
+ _carta|http://feeds2.feedburner.com/carta-standard-rss|#snews
+ _catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#snews
+ _cbc_busi|http://rss.cbc.ca/lineup/business.xml|#snews
+ _cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#snews
+ _cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#snews
+ _cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#snews
+ _cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#snews
+ _ccc|http://www.ccc.de/rss/updates.rdf|#snews
+ _chan_biz|http://boards.4chan.org/biz/index.rss|#snews
+ _chan_g|http://boards.4chan.org/g/index.rss|#snews
+ _chan_int|http://boards.4chan.org/int/index.rss|#snews
+ _chan_sci|http://boards.4chan.org/sci/index.rss|#snews
+ _chan_x|http://boards.4chan.org/x/index.rss|#snews
+ _c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#snews
+ _cryptogon|http://www.cryptogon.com/?feed=rss2|#snews
+ _csm|http://rss.csmonitor.com/feeds/csm|#snews
+ _csm_world|http://rss.csmonitor.com/feeds/world|#snews
+ _danisch|http://www.danisch.de/blog/feed/|#snews
+ _dod|http://www.defense.gov/news/afps2.xml|#snews
+ _dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#snews
+ _ecat|http://ecat.com/feed|#snews
+ _eia_press|http://www.eia.gov/rss/press_rss.xml|#snews
+ _eia_today|http://www.eia.gov/rss/todayinenergy.xml|#snews
+ _embargowatch|https://embargowatch.wordpress.com/feed/|#snews
+ _ethereum-comments|http://blog.ethereum.org/comments/feed|#snews
+ _ethereum|http://blog.ethereum.org/feed|#snews
+ _europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#snews
+ _eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#snews
+ _exploitdb|http://www.exploit-db.com/rss.xml|#snews
+ _fars|http://www.farsnews.com/rss.php|#snews #test
+ _faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#snews
+ _faz_politik|http://www.faz.net/rss/aktuell/politik/|#snews
+ _faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#snews
+ _fbi|https://www.fbi.gov/news/rss.xml|#snews
+ _fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#snews
+ _fefe|http://blog.fefe.de/rss.xml|#snews
+ _forbes|http://www.forbes.com/forbes/feed2/|#snews
+ _forbes_realtime|http://www.forbes.com/real-time/feed2/|#snews
+ _fox|http://feeds.foxnews.com/foxnews/latest|#snews
+ _geheimorganisation|http://geheimorganisation.org/feed/|#snews
+ _GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#snews
+ _gmanet|http://www.gmanetwork.com/news/rss/news|#snews
+ _golem|http://rss.golem.de/rss.php|#snews
+ _google|http://news.google.com/?output=rss|#snews
+ _greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#snews
+ _guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#snews
+ _gulli|http://ticker.gulli.com/rss/|#snews
+ _hackernews|https://news.ycombinator.com/rss|#snews
+ _handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#snews
+ _heise|https://www.heise.de/newsticker/heise-atom.xml|#snews
+ _hindu_business|http://www.thehindubusinessline.com/?service=rss|#snews
+ _hindu|http://www.thehindu.com/?service=rss|#snews
+ _ign|http://feeds.ign.com/ign/all|#snews
+ _independent|http://www.independent.com/rss/headlines/|#snews
+ _indymedia|https://de.indymedia.org/rss.xml|#snews
+ _info_libera|http://www.informationliberation.com/rss.xml|#snews
+ _klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#snews
+ _korea_herald|http://www.koreaherald.com/rss_xml.php|#snews
+ _linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#snews
+ _lisp|http://planet.lisp.org/rss20.xml|#snews
+ _liveleak|http://www.liveleak.com/rss|#snews
+ _lolmythesis|http://lolmythesis.com/rss|#snews
+ _LtU|http://lambda-the-ultimate.org/rss.xml|#snews
+ _lukepalmer|http://lukepalmer.wordpress.com/feed/|#snews
+ _mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#snews
+ _mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#snews
+ _nds|http://www.nachdenkseiten.de/?feed=atom|#snews
+ _netzpolitik|https://netzpolitik.org/feed/|#snews
+ _newsbtc|http://newsbtc.com/feed/|#snews
+ _nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#snews
+ _npr_busi|http://www.npr.org/rss/rss.php?id=1006|#snews
+ _npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#snews
+ _npr_pol|http://www.npr.org/rss/rss.php?id=1012|#snews
+ _npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews
+ _nsa|https://www.nsa.gov/rss.xml|#snews #bullerei
+ _nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews
+ _painload|https://github.com/krebs/painload/commits/master.atom|#snews
+ _phys|http://phys.org/rss-feed/|#snews
+ _piraten|https://www.piratenpartei.de/feed/|#snews
+ _polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews
+ _presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#snews
+ _presseportal|http://www.presseportal.de/rss/presseportal.rss2|#snews
+ _prisonplanet|http://prisonplanet.com/feed.rss|#snews
+ _rawstory|http://www.rawstory.com/rs/feed/|#snews
+ _reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#snews
+ _reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#snews
+ _reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#snews
+ _reddit_consp|http://reddit.com/r/conspiracy/.rss|#snews
+ _reddit_haskell|http://www.reddit.com/r/haskell/.rss|#snews
+ _reddit_nix|http://www.reddit.com/r/nixos/.rss|#snews
+ _reddit_prog|http://www.reddit.com/r/programming/new/.rss|#snews
+ _reddit_sci|http://www.reddit.com/r/science/.rss|#snews
+ _reddit_tech|http://www.reddit.com/r/technology/.rss|#snews
+ _reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#snews
+ _reddit_world|http://www.reddit.com/r/worldnews/.rss|#snews
+ _r-ethereum|http://www.reddit.com/r/ethereum/.rss|#snews
+ _reuters|http://feeds.reuters.com/Reuters/worldNews|#snews
+ _reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#snews
+ _rt|http://rt.com/rss/news/|#snews
+ _schallurauch|http://feeds.feedburner.com/SchallUndRauch|#snews
+ _sciencemag|http://news.sciencemag.org/rss/current.xml|#snews
+ _scmp|http://www.scmp.com/rss/91/feed|#snews
+ _sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews
+ _shackspace|http://shackspace.de/atom.xml|#snews
+ _shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews
+ _sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews
+ _sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews
+ _sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#snews
+ _sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#snews
+ _sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#snews
+ _slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews
+ _slate|http://feeds.slate.com/slate|#snews
+ _spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews
+ _spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews
+ _standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews
+ _stern|http://www.stern.de/feed/standard/all/|#snews
+ _stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#snews
+ _sz_politik|http://rss.sueddeutsche.de/rss/Politik|#snews
+ _sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#snews
+ _sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#snews
+ _tagesschau|http://www.tagesschau.de/newsticker.rdf|#snews
+ _taz|http://taz.de/Themen-des-Tages/!p15;rss/|#snews
+ _telegraph|http://www.telegraph.co.uk/rss.xml|#snews
+ _telepolis|http://www.heise.de/tp/rss/news-atom.xml|#snews
+ _the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews
+ _tigsource|http://www.tigsource.com/feed/|#snews
+ _tinc|http://tinc-vpn.org/news/index.rss|#snews
+ _torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews
+ _torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews
+ _torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews
+ _travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#snews
+ _un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#snews
+ _un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#snews
+ _un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#snews
+ _un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#snews
+ _un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#snews
+ _un_top|http://www.un.org/apps/news/rss/rss_top.asp|#snews
+ _us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews
+ _vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews
+ _weechat|http://dev.weechat.org/feed/atom|#snews
+ _xkcd|https://xkcd.com/rss.xml|#snews
+ _zdnet|http://www.zdnet.com/news/rss.xml|#snews
'';
};
}
From e4750d38e76db94a0b255fa143408b8cbe38b61b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 5 Dec 2018 09:02:31 +0100
Subject: [PATCH 023/103] l yellow.r: use fancyindex
---
lass/1systems/yellow/config.nix | 35 +++++++++++++++++++++++++++++----
1 file changed, 31 insertions(+), 4 deletions(-)
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 48d405111..ff7b23687 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -34,10 +34,37 @@ with import <stockholm/lib>;
services.nginx = {
enable = true;
- virtualHosts."yellow.r".locations."/dl".extraConfig = ''
- autoindex on;
- alias /var/download/finished;
- '';
+ package = pkgs.nginx.override {
+ modules = with pkgs.nginxModules; [
+ fancyindex
+ ];
+ };
+ virtualHosts."dl" = {
+ default = true;
+ locations."/Nginx-Fancyindex-Theme-dark" = {
+ extraConfig = ''
+ alias ${pkgs.fetchFromGitHub {
+ owner = "Naereen";
+ repo = "Nginx-Fancyindex-Theme";
+ rev = "e84f7d6a32085c2b6238f85f5fdebe9ceb710fc4";
+ sha256 = "0wzl4ws2w8f0749vxfd1c8c21p3jw463wishgfcmaljbh4dwplg6";
+ }}/Nginx-Fancyindex-Theme-dark;
+ autoindex on;
+ '';
+ };
+ locations."/" = {
+ root = "/var/download/finished";
+ extraConfig = ''
+ fancyindex on;
+ fancyindex_header "/Nginx-Fancyindex-Theme-dark/header.html";
+ fancyindex_footer "/Nginx-Fancyindex-Theme-dark/footer.html";
+ dav_methods PUT DELETE MKCOL COPY MOVE;
+
+ create_full_put_path on;
+ dav_access all:r;
+ '';
+ };
+ };
};
krebs.iptables = {
From d6fba75f21b3de20f4b7b41ec3ee98bb5a205991 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 5 Dec 2018 15:51:46 +0100
Subject: [PATCH 024/103] l: remove deprecated iso host
---
krebs/3modules/lass/default.nix | 5 -----
1 file changed, 5 deletions(-)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 44417f006..1579ab4de 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -351,11 +351,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
};
- iso = {
- monitoring = false;
- ci = false;
- cores = 1;
- };
sokrateslaptop = {
monitoring = false;
ci = false;
From 3dd503e08f04577c896b7f8f3e52608006f7c7c2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 5 Dec 2018 16:05:47 +0100
Subject: [PATCH 025/103] remove unused domsen-nas host
---
krebs/3modules/lass/default.nix | 14 --------------
1 file changed, 14 deletions(-)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 1579ab4de..279b8cd6d 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -129,20 +129,6 @@ with import <stockholm/lib>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
};
- domsen-nas = {
- ci = false;
- monitoring = false;
- external = true;
- nets = rec {
- internet = {
- aliases = [
- "domsen-nas.internet"
- ];
- ip4.addr = "87.138.180.167";
- ssh.port = 2223;
- };
- };
- };
uriel = {
monitoring = false;
cores = 1;
From c2d2e0e01d1d99cc68af22dcc87ee3ae56655d9d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 5 Dec 2018 16:06:32 +0100
Subject: [PATCH 026/103] move external hosts from lass to external
---
krebs/3modules/default.nix | 1 +
krebs/3modules/external/default.nix | 312 +++++++++++++++++++++++++++
krebs/3modules/lass/default.nix | 313 ----------------------------
3 files changed, 313 insertions(+), 313 deletions(-)
create mode 100644 krebs/3modules/external/default.nix
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 24cbd9cc9..e8ed64654 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -109,6 +109,7 @@ let
};
imp = lib.mkMerge [
+ { krebs = import ./external { inherit config; }; }
{ krebs = import ./jeschli { inherit config; }; }
{ krebs = import ./krebs { inherit config; }; }
{ krebs = import ./lass { inherit config; }; }
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
new file mode 100644
index 000000000..0aef25317
--- /dev/null
+++ b/krebs/3modules/external/default.nix
@@ -0,0 +1,312 @@
+{ config, ... }:
+
+with import <stockholm/lib>;
+
+{
+ hosts = mapAttrs (_: recursiveUpdate {
+ ci = false;
+ external = true;
+ monitoring = false;
+ }) {
+ sokrateslaptop = {
+ owner = config.krebs.users.sokratess;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.142.104";
+ ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc";
+ aliases = [
+ "sokrateslaptop.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
+ t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
+ rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
+ egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
+ aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
+ VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ kruck = {
+ owner = config.krebs.users.palo;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.29.201";
+ ip6.addr = "42:4234:6a6d:600::1";
+ aliases = [
+ "kruck.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
+ QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
+ EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
+ uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
+ /RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
+ 9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
+ qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
+ gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
+ jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
+ fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
+ TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ scardanelli = {
+ owner = config.krebs.users.kmein;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.2.2";
+ ip6.addr = "42:2:5ca:da:3111::1";
+ aliases = [
+ "scardanelli.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/
+ MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge
+ UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi
+ kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0
+ gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx
+ we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY
+ QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm
+ SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL
+ 2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f
+ m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q
+ FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5
+ lM61fOMcVW1KREdWypiDtu8CAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ homeros = {
+ owner = config.krebs.users.kmein;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.2.1";
+ ip6.addr = "42:2::0:3:05::1";
+ aliases = [
+ "homeros.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd
+ ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc
+ 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v
+ RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd
+ vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3
+ +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc
+ QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm
+ fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh
+ VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7
+ k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX
+ gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N
+ mJ/hywVtvLxNkNimyztoKKMCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ turingmachine = {
+ owner = config.krebs.users.Mic92;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.29.168";
+ ip6.addr = "42:4992:6a6d:600::1";
+ aliases = [
+ "turingmachine.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C
+ t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9
+ 6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8
+ ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g
+ nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06
+ 5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT
+ 1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1
+ gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl
+ DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL
+ W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW
+ OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ eddie = {
+ owner = config.krebs.users.Mic92;
+ nets = rec {
+ internet = {
+ # eddie.thalheim.io
+ ip4.addr = "129.215.197.11";
+ aliases = [ "eddie.i" ];
+ };
+ retiolum = rec {
+ via = internet;
+ addrs = [
+ ip4.addr
+ ip6.addr
+ ];
+ ip4.addr = "10.243.29.170";
+ ip6.addr = "42:4992:6a6d:700::1";
+ aliases = [ "eddie.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d
+ j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm
+ 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF
+ 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua
+ KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq
+ iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t
+ 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD
+ kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u
+ hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay
+ pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ
+ lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.subnets = [
+ # edinburgh university
+ "129.215.0.0/16"
+ ];
+ };
+ };
+ };
+ rock = {
+ owner = config.krebs.users.Mic92;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.29.171";
+ ip6.addr = "42:4992:6a6d:700::2";
+ aliases = [ "rock.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM
+ DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7
+ HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh
+ mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf
+ Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M
+ Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD
+ 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4
+ fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv
+ 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav
+ ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q
+ cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ inspector = {
+ owner = config.krebs.users.Mic92;
+ nets = rec {
+ internet = {
+ ip4.addr = "141.76.44.154";
+ aliases = [ "inspector.i" ];
+ };
+ retiolum = {
+ via = internet;
+ ip4.addr = "10.243.29.172";
+ ip6.addr = "42:4992:6a6d:800::1";
+ aliases = [ "inspector.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
+ EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
+ 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
+ m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
+ WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
+ eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
+ OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
+ ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
+ B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
+ q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
+ 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ dpdkm = {
+ owner = config.krebs.users.Mic92;
+ nets = rec {
+ retiolum = {
+ ip4.addr = "10.243.29.173";
+ ip6.addr = "42:4992:6a6d:900::1";
+ aliases = [ "dpdkm.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
+ NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
+ qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
+ X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
+ f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
+ bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
+ Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
+ B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
+ tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
+ dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
+ mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ eve = {
+ owner = config.krebs.users.Mic92;
+ nets = rec {
+ internet = {
+ # eve.thalheim.io
+ ip4.addr = "188.68.39.17";
+ ip6.addr = "2a03:4000:13:31e::1";
+ aliases = [ "eve.i" ];
+ };
+ retiolum = rec {
+ via = internet;
+ addrs = [
+ ip4.addr
+ ip6.addr
+ ];
+ ip4.addr = "10.243.29.174";
+ ip6.addr = "42:4992:6a6d:a00::1";
+ aliases = [ "eve.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH
+ XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82
+ 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk
+ 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI
+ +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3
+ dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW
+ pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP
+ c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi
+ YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI
+ 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13
+ Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ };
+ users = {
+ Mic92 = {
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE";
+ mail = "joerg@higgsboson.tk";
+ };
+ kmein = {
+ };
+ palo = {
+ };
+ sokratess = {
+ };
+ };
+}
+
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 279b8cd6d..52d0b18f1 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -337,313 +337,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
};
- sokrateslaptop = {
- monitoring = false;
- ci = false;
- external = true;
- nets = {
- retiolum = {
- ip4.addr = "10.243.142.104";
- ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc";
- aliases = [
- "sokrateslaptop.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
- t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
- rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
- egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
- aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
- VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- kruck = {
- monitoring = false;
- ci = false;
- external = true;
- nets = {
- retiolum = {
- ip4.addr = "10.243.29.201";
- ip6.addr = "42:4234:6a6d:600::1";
- aliases = [
- "kruck.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
- QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
- EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
- uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
- /RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
- 9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
- qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
- gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
- jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
- fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
- TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- scardanelli = {
- monitoring = false;
- ci = false;
- external = true;
- nets = {
- retiolum = {
- ip4.addr = "10.243.2.2";
- ip6.addr = "42:2:5ca:da:3111::1";
- aliases = [
- "scardanelli.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/
- MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge
- UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi
- kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0
- gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx
- we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY
- QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm
- SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL
- 2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f
- m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q
- FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5
- lM61fOMcVW1KREdWypiDtu8CAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- };
- homeros = {
- monitoring = false;
- ci = false;
- external = true;
- nets = {
- retiolum = {
- ip4.addr = "10.243.2.1";
- ip6.addr = "42:2::0:3:05::1";
- aliases = [
- "homeros.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd
- ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc
- 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v
- RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd
- vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3
- +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc
- QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm
- fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh
- VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7
- k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX
- gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N
- mJ/hywVtvLxNkNimyztoKKMCAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- };
- turingmachine = {
- monitoring = false;
- ci = false;
- external = true;
- nets = {
- retiolum = {
- ip4.addr = "10.243.29.168";
- ip6.addr = "42:4992:6a6d:600::1";
- aliases = [
- "turingmachine.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C
- t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9
- 6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8
- ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g
- nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06
- 5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT
- 1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1
- gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl
- DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL
- W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW
- OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- eddie = {
- monitoring = false;
- ci = false;
- external = true;
- nets = rec {
- internet = {
- # eddie.thalheim.io
- ip4.addr = "129.215.197.11";
- aliases = [ "eddie.i" ];
- };
- retiolum = rec {
- via = internet;
- addrs = [
- ip4.addr
- ip6.addr
- ];
- ip4.addr = "10.243.29.170";
- ip6.addr = "42:4992:6a6d:700::1";
- aliases = [ "eddie.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d
- j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm
- 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF
- 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua
- KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq
- iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t
- 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD
- kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u
- hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay
- pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ
- lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- tinc.subnets = [
- # edinburgh university
- "129.215.0.0/16"
- ];
- };
- };
- };
- rock = {
- monitoring = false;
- ci = false;
- external = true;
- nets = {
- retiolum = {
- ip4.addr = "10.243.29.171";
- ip6.addr = "42:4992:6a6d:700::2";
- aliases = [ "rock.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM
- DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7
- HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh
- mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf
- Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M
- Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD
- 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4
- fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv
- 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav
- ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q
- cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- inspector = {
- monitoring = false;
- ci = false;
- external = true;
- nets = rec {
- internet = {
- ip4.addr = "141.76.44.154";
- aliases = [ "inspector.i" ];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.29.172";
- ip6.addr = "42:4992:6a6d:800::1";
- aliases = [ "inspector.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
- EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
- 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
- m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
- WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
- eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
- OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
- ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
- B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
- q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
- 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- dpdkm = {
- monitoring = false;
- ci = false;
- external = true;
- nets = rec {
- retiolum = {
- ip4.addr = "10.243.29.173";
- ip6.addr = "42:4992:6a6d:900::1";
- aliases = [ "dpdkm.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
- NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
- qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
- X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
- f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
- bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
- Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
- B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
- tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
- dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
- mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- eve = {
- monitoring = false;
- ci = false;
- external = true;
- nets = rec {
- internet = {
- # eve.thalheim.io
- ip4.addr = "188.68.39.17";
- ip6.addr = "2a03:4000:13:31e::1";
- aliases = [ "eve.i" ];
- };
- retiolum = rec {
- via = internet;
- addrs = [
- ip4.addr
- ip6.addr
- ];
- ip4.addr = "10.243.29.174";
- ip6.addr = "42:4992:6a6d:a00::1";
- aliases = [ "eve.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH
- XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82
- 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk
- 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI
- +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3
- dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW
- pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP
- c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi
- YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI
- 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13
- Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
xerxes = {
cores = 2;
nets = rec {
@@ -827,14 +520,8 @@ with import <stockholm/lib>;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h";
mail = "lass@mors.r";
};
- sokratess = {
- };
wine-mors = {
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKfTIKmbe1RjX1fjAn//08363zAsI0CijWnaYyAC842";
};
- Mic92 = {
- pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE";
- mail = "joerg@higgsboson.tk";
- };
};
}
From b36e24732e626593371ff985239fa6cdbaa4d27c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 5 Dec 2018 16:25:36 +0100
Subject: [PATCH 027/103] m: don't depend on iso host
---
makefu/1systems/iso/config.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix
index 34a75dbd3..a2012155c 100644
--- a/makefu/1systems/iso/config.nix
+++ b/makefu/1systems/iso/config.nix
@@ -10,7 +10,7 @@ with import <stockholm/lib>;
];
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
- krebs.build.host = config.krebs.hosts.iso;
+ krebs.build.host = { cores = 1; };
isoImage.isoBaseName = lib.mkForce "stockholm";
krebs.hidden-ssh.enable = true;
environment.systemPackages = with pkgs; [
From 7fab6f2dfe2ab1479e4db6dc6fab8f0e672f9e3d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 5 Dec 2018 16:50:39 +0100
Subject: [PATCH 028/103] l hosts: remove deprecated gg23 net
---
krebs/3modules/lass/default.nix | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 52d0b18f1..86a36015b 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -133,11 +133,6 @@ with import <stockholm/lib>;
monitoring = false;
cores = 1;
nets = {
- gg23 = {
- ip4.addr = "10.23.1.12";
- aliases = ["uriel.gg23"];
- ssh.port = 45621;
- };
retiolum = {
ip4.addr = "10.243.81.176";
ip6.addr = "42:dc25:60cf:94ef:759b:d2b6:98a9:2e56";
@@ -164,11 +159,6 @@ with import <stockholm/lib>;
mors = {
cores = 2;
nets = {
- gg23 = {
- ip4.addr = "10.23.1.11";
- aliases = ["mors.gg23"];
- ssh.port = 45621;
- };
retiolum = {
ip4.addr = "10.243.0.2";
ip6.addr = "42:0:0:0:0:0:0:dea7";
From 8f53937c40a88fc59c02a993315c29d32ff2d09c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 5 Dec 2018 16:52:32 +0100
Subject: [PATCH 029/103] types host: cores can also be 0
---
lib/types.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/types.nix b/lib/types.nix
index 016853300..41e75154e 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -19,7 +19,7 @@ rec {
default = config._module.args.name;
};
cores = mkOption {
- type = positive;
+ type = uint;
};
nets = mkOption {
type = attrsOf net;
From 0d560225f1a45b80fe94ec955a2d45434460ae20 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 5 Dec 2018 16:53:09 +0100
Subject: [PATCH 030/103] m iso: automatically detect cores
---
makefu/1systems/iso/config.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix
index a2012155c..fdf203d5b 100644
--- a/makefu/1systems/iso/config.nix
+++ b/makefu/1systems/iso/config.nix
@@ -10,7 +10,7 @@ with import <stockholm/lib>;
];
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
- krebs.build.host = { cores = 1; };
+ krebs.build.host = { cores = 0; };
isoImage.isoBaseName = lib.mkForce "stockholm";
krebs.hidden-ssh.enable = true;
environment.systemPackages = with pkgs; [
From d04c6be43d5c63f98a0c89aad512f19f1ffa6329 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 6 Dec 2018 14:20:04 +0100
Subject: [PATCH 031/103] l prism.r: add dnsmasq for wireguard
---
lass/1systems/prism/config.nix | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index e2097e93a..83cc96771 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -323,6 +323,15 @@ with import <stockholm/lib>;
}
];
};
+ services.dnsmasq = {
+ enable = true;
+ resolveLocalQueries = false;
+
+ extraConfig= ''
+ except-interface=lo
+ interface=wg0
+ '';
+ };
}
{
krebs.iptables.tables.filter.INPUT.rules = [
From 43be8e6bb38ea99ed489a8b6633ebb33b96b6282 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 6 Dec 2018 20:07:22 +0100
Subject: [PATCH 032/103] git: set correct owner on /tmp/cgit
---
krebs/3modules/git.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index f6b4e3c69..895d9b3b6 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -427,7 +427,7 @@ let
system.activationScripts.cgit = ''
mkdir -m 0770 -p ${cfg.cgit.settings.cache-root}
chmod 0770 ${cfg.cgit.settings.cache-root}
- chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root}
+ chown ${toString cfg.cgit.fcgiwrap.user.name}:${toString cfg.cgit.fcgiwrap.group.name} ${cfg.cgit.settings.cache-root}
'';
services.nginx.virtualHosts.cgit = {
From bfcf6ad0adaedf0d069850824fbbb55e4af20c5e Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 6 Dec 2018 22:12:50 +0100
Subject: [PATCH 033/103] tv xserver: xhost +SI:localuser:tv -LOCAL:
---
tv/2configs/xserver/default.nix | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index 8d4b13fad..1c0516651 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -64,7 +64,10 @@ in {
XMONAD_DATA_DIR = cfg.dataDir;
XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
- ${pkgs.xorg.xhost}/bin/xhost +LOCAL: &
+ {
+ ${pkgs.xorg.xhost}/bin/xhost +SI:localuser:${cfg.user.name}
+ ${pkgs.xorg.xhost}/bin/xhost -LOCAL:
+ } &
${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} &
${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} &
${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' &
From 8ce6ab8401a243bdc7b9bfa56a861276ca279a73 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 7 Dec 2018 13:16:41 +0100
Subject: [PATCH 034/103] lib.krebs: init
---
lib/default.nix | 1 +
lib/krebs/default.nix | 3 +++
2 files changed, 4 insertions(+)
create mode 100644 lib/krebs/default.nix
diff --git a/lib/default.nix b/lib/default.nix
index 348d47e85..bf8c65e21 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -5,6 +5,7 @@ let
evalSource = import ./eval-source.nix;
git = import ./git.nix { inherit lib; };
+ krebs = import ./krebs lib;
krops = import ../submodules/krops/lib;
shell = import ./shell.nix { inherit lib; };
types = nixpkgs-lib.types // import ./types.nix { inherit lib; };
diff --git a/lib/krebs/default.nix b/lib/krebs/default.nix
new file mode 100644
index 000000000..c9d9bef63
--- /dev/null
+++ b/lib/krebs/default.nix
@@ -0,0 +1,3 @@
+lib:
+with lib;
+mapNixDir (flip import lib) ./.
From 24c9ea126b620f341ec95b9c779fddb55c144ab2 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 7 Dec 2018 13:17:16 +0100
Subject: [PATCH 035/103] lib.krebs.genipv6: init
---
lib/krebs/genipv6.nix | 92 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 92 insertions(+)
create mode 100644 lib/krebs/genipv6.nix
diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix
new file mode 100644
index 000000000..8d5ca1667
--- /dev/null
+++ b/lib/krebs/genipv6.nix
@@ -0,0 +1,92 @@
+lib:
+with lib;
+let {
+ body = netname: subnetname: suffix: rec {
+ address = let
+ suffix' =
+ if hasEmptyGroup (parseAddress suffix)
+ then suffix
+ else joinAddress "::" suffix;
+ in
+ checkAddress addressLength (joinAddress subnetPrefix suffix');
+ addressCIDR = "${address}/${toString addressLength}";
+ addressLength = 128;
+
+ inherit netname;
+ netCIDR = "${netAddress}/${toString netPrefixLength}";
+ netAddress = joinAddress netPrefix "::";
+ netHash = toString {
+ retiolum = 0;
+ wirelum = 1;
+ }.${netname};
+ netPrefix = "42:${netHash}";
+ netPrefixLength = {
+ retiolum = 32;
+ wirelum = 32;
+ }.${netname};
+
+ inherit subnetname;
+ subnetCIDR = "${subnetAddress}/${toString subnetPrefixLength}";
+ subnetAddress = joinAddress subnetPrefix "::";
+ subnetHash = hash subnetname;
+ subnetPrefix = joinAddress netPrefix subnetHash;
+ subnetPrefixLength = netPrefixLength + 16;
+
+ inherit suffix;
+ suffixLength = addressLength - subnetPrefixLength;
+ };
+
+ hash = s: head (match "0*(.*)" (substring 0 4 (hashString "sha256" s)));
+
+ dropLast = n: xs: reverseList (drop n (reverseList xs));
+ takeLast = n: xs: reverseList (take n (reverseList xs));
+
+ hasEmptyPrefix = xs: take 2 xs == ["" ""];
+ hasEmptySuffix = xs: takeLast 2 xs == ["" ""];
+ hasEmptyInfix = xs: any (x: x == "") (trimEmpty 2 xs);
+
+ hasEmptyGroup = xs:
+ any (p: p xs) [hasEmptyPrefix hasEmptyInfix hasEmptySuffix];
+
+ ltrimEmpty = n: xs: if hasEmptyPrefix xs then drop n xs else xs;
+ rtrimEmpty = n: xs: if hasEmptySuffix xs then dropLast n xs else xs;
+ trimEmpty = n: xs: rtrimEmpty n (ltrimEmpty n xs);
+
+ parseAddress = splitString ":";
+ formatAddress = concatStringsSep ":";
+
+ check = s: c: if !c then throw "${s}" else true;
+
+ checkAddress = maxaddrlen: addr: let
+ parsedaddr = parseAddress addr;
+ normalizedaddr = trimEmpty 1 parsedaddr;
+ in
+ assert (check "address malformed; lone leading colon: ${addr}" (
+ head parsedaddr == "" -> tail (take 2 parsedaddr) == ""
+ ));
+ assert (check "address malformed; lone trailing colon ${addr}" (
+ last parsedaddr == "" -> head (takeLast 2 parsedaddr) == ""
+ ));
+ assert (check "address malformed; too many successive colons: ${addr}" (
+ length (filter (x: x == "") normalizedaddr) > 1 -> addr == [""]
+ ));
+ assert (check "address malformed: ${addr}" (
+ all (test "[0-9a-f]{0,4}") parsedaddr
+ ));
+ assert (check "address is too long: ${addr}" (
+ length normalizedaddr * 16 <= maxaddrlen
+ ));
+ addr;
+
+ joinAddress = prefix: suffix: let
+ parsedPrefix = parseAddress prefix;
+ parsedSuffix = parseAddress suffix;
+ normalizePrefix = rtrimEmpty 2 parsedPrefix;
+ normalizeSuffix = ltrimEmpty 2 parsedSuffix;
+ delimiter =
+ optional (length (normalizePrefix ++ normalizeSuffix) < 8 &&
+ (hasEmptySuffix parsedPrefix || hasEmptyPrefix parsedSuffix))
+ "";
+ in
+ formatAddress (normalizePrefix ++ delimiter ++ normalizeSuffix);
+}
From 149b7f49ec23eaeb9236d1b9b85d7a6bd1b611ad Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 16:50:58 +0100
Subject: [PATCH 036/103] lib types nets: add wireguard
---
lib/types.nix | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/lib/types.nix b/lib/types.nix
index 41e75154e..17c1688fa 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -192,6 +192,28 @@ rec {
}));
default = null;
};
+ wireguard = mkOption {
+ type = nullOr (submodule ({ config, ... }: {
+ options = {
+ port = mkOption {
+ type = int;
+ description = "tinc port to use to connect to host";
+ default = 51820;
+ };
+ pubkey = mkOption {
+ type = wireguard-pubkey;
+ };
+ subnets = mkOption {
+ type = listOf cidr;
+ description = ''
+ wireguard subnets,
+ this defines how routing behaves for hosts that can't reach each other.
+ '';
+ default = [];
+ };
+ };
+ }));
+ };
};
});
@@ -548,4 +570,6 @@ rec {
check = filename.check;
merge = mergeOneOption;
};
+
+ wireguard-pubkey = str;
}
From 60f1e40445692451ffa922a1b48d442f8cab2bb7 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 16:52:32 +0100
Subject: [PATCH 037/103] dns.providers: add wirelum (w)
---
krebs/3modules/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index e8ed64654..2e7c61fb5 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -122,6 +122,7 @@ let
shack = "hosts";
i = "hosts";
r = "hosts";
+ w = "hosts";
};
krebs.users = {
From 9e632ce4905fe46d285ad36f0e5b8a90f5d53dfd Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 16:54:00 +0100
Subject: [PATCH 038/103] l: add wirelum.nix
---
lass/2configs/default.nix | 1 +
lass/2configs/wirelum.nix | 44 +++++++++++++++++++++++++++++++++++++++
2 files changed, 45 insertions(+)
create mode 100644 lass/2configs/wirelum.nix
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index a43113177..dea32d4d4 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -10,6 +10,7 @@ with import <stockholm/lib>;
./zsh.nix
./htop.nix
./security-workarounds.nix
+ ./wirelum.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
diff --git a/lass/2configs/wirelum.nix b/lass/2configs/wirelum.nix
new file mode 100644
index 000000000..cd8a20c6b
--- /dev/null
+++ b/lass/2configs/wirelum.nix
@@ -0,0 +1,44 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: let
+
+ self = config.krebs.build.host.nets.wirelum;
+ isRouter = !isNull self.via;
+
+in mkIf (hasAttr "wirelum" config.krebs.build.host.nets) {
+ #hack for modprobe inside containers
+ systemd.services."wireguard-wirelum".path = mkIf config.boot.isContainer (mkBefore [
+ (pkgs.writeDashBin "modprobe" ":")
+ ]);
+
+ boot.kernel.sysctl = mkIf isRouter {
+ "net.ipv6.conf.all.forwarding" = 1;
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; }
+ ];
+ krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [
+ { precedence = 1000; predicate = "-i wirelum -o wirelum"; target = "ACCEPT"; }
+ ];
+
+ networking.wireguard.interfaces.wirelum = {
+ ips =
+ (optional (!isNull self.ip4) self.ip4.addr) ++
+ (optional (!isNull self.ip6) self.ip6.addr);
+ listenPort = 51820;
+ privateKeyFile = (toString <secrets>) + "/wirelum.key";
+ allowedIPsAsRoutes = true;
+ peers = mapAttrsToList
+ (_: host: {
+ allowedIPs = if isRouter then
+ (optional (!isNull host.nets.wirelum.ip4) host.nets.wirelum.ip4.addr) ++
+ (optional (!isNull host.nets.wirelum.ip6) host.nets.wirelum.ip6.addr)
+ else
+ host.nets.wirelum.wireguard.subnets
+ ;
+ endpoint = mkIf (!isNull host.nets.wirelum.via) (host.nets.wirelum.via.ip4.addr + ":${toString host.nets.wirelum.wireguard.port}");
+ persistentKeepalive = mkIf (!isNull host.nets.wirelum.via) 61;
+ publicKey = host.nets.wirelum.wireguard.pubkey;
+ })
+ (filterAttrs (_: h: hasAttr "wirelum" h.nets) config.krebs.hosts);
+ };
+}
From 5d321689af3fd207a72ea73280add7689dc8d8c5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 16:55:00 +0100
Subject: [PATCH 039/103] l prism.r: dedup with wirelum.nix
---
lass/1systems/prism/config.nix | 26 +++++++-------------------
1 file changed, 7 insertions(+), 19 deletions(-)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 83cc96771..ec3976519 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -297,37 +297,25 @@ with import <stockholm/lib>;
};
}
{
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p udp --dport 51820"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = [
- { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+ imports = [
+ <stockholm/lass/2configs/wirelum.nix>
];
+ #krebs.iptables.tables.nat.PREROUTING.rules = [
+ # { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+ #];
krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+ { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24 -d 10.243.0.0/16"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.POSTROUTING.rules = [
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
];
- networking.wireguard.interfaces.wg0 = {
- ips = [ "10.244.1.1/24" ];
- listenPort = 51820;
- privateKeyFile = (toString <secrets>) + "/wireguard.key";
- allowedIPsAsRoutes = true;
- peers = [
- {
- # lass-android
- allowedIPs = [ "10.244.1.2/32" ];
- publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
- }
- ];
- };
services.dnsmasq = {
enable = true;
resolveLocalQueries = false;
extraConfig= ''
+ listen-address=10.244.1.1
except-interface=lo
interface=wg0
'';
From a289812df188ab45ee03aedea83d5a0c861594f1 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:01:51 +0100
Subject: [PATCH 040/103] l: add phone.w
---
krebs/3modules/lass/default.nix | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 86a36015b..fe63982be 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -1,7 +1,11 @@
{ config, ... }:
-
with import <stockholm/lib>;
+let
+ rip6 = krebs.genipv6 "retiolum" "lass";
+ wip6 = krebs.genipv6 "wirelum" "lass";
+
+in
{
dns.providers = {
"lassul.us" = "zones";
@@ -459,6 +463,20 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
};
+ phone = {
+ nets = {
+ wirelum = {
+ ip6.addr = (wip6 "a").address;
+ ip4.addr = "10.244.1.2";
+ aliases = [
+ "phone.w"
+ ];
+ wireguard.pubkey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
+ };
+ };
+ external = true;
+ ci = false;
+ };
};
users = rec {
lass = lass-blue;
From c739f81e5bd62a5dff2def3a45e7c0ac71b08f52 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:02:50 +0100
Subject: [PATCH 041/103] l: add wirelum to prism, mors, shodan, icarus, yellow
---
krebs/3modules/lass/default.nix | 41 ++++++++++++++++++++++++++++++++-
1 file changed, 40 insertions(+), 1 deletion(-)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index fe63982be..adfa8dbee 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -89,11 +89,22 @@ in
-----END RSA PUBLIC KEY-----
'';
};
+ wirelum = {
+ via = internet;
+ ip4.addr = "10.244.1.1";
+ ip6.addr = (wip6 "1").address;
+ aliases = [
+ "prism.w"
+ ];
+ wireguard = {
+ pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk=";
+ subnets = [ "10.244.1.0/24" (wip6 "1").subnetCIDR ];
+ };
+ };
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
};
-
archprism = {
cores = 1;
nets = rec {
@@ -181,6 +192,13 @@ in
-----END RSA PUBLIC KEY-----
'';
};
+ wirelum = {
+ ip6.addr = (wip6 "dea7").address;
+ aliases = [
+ "mors.w"
+ ];
+ wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za3J3SQ=";
+ };
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
@@ -207,6 +225,13 @@ in
-----END RSA PUBLIC KEY-----
'';
};
+ wirelum = {
+ ip6.addr = (wip6 "50da").address;
+ aliases = [
+ "shodan.w"
+ ];
+ wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za4J3SQ=";
+ };
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
@@ -233,6 +258,13 @@ in
-----END RSA PUBLIC KEY-----
'';
};
+ wirelum = {
+ ip6.addr = (wip6 "1205").address;
+ aliases = [
+ "icarus.w"
+ ];
+ wireguard.pubkey = "mVe3YdlWOlVF5+YD5vgNha3s03dv6elmNVsARtPLXQQ=";
+ };
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
@@ -429,6 +461,13 @@ in
-----END PUBLIC KEY-----
'';
};
+ wirelum = {
+ ip6.addr = (wip6 "e110").address;
+ aliases = [
+ "yellow.w"
+ ];
+ wireguard.pubkey = "YeWbR3mW+nOVBE7bcNSzF5fjj9ppd8OGHBJqERAUVxU=";
+ };
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje ";
From 1a3980bf2eeeb925305312f68e2b8033fc8af78d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:03:44 +0100
Subject: [PATCH 042/103] l yellow.r: fix transmission stuff
---
lass/1systems/yellow/config.nix | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index ff7b23687..58fa564a1 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -19,7 +19,11 @@ with import <stockholm/lib>;
users.groups.download.members = [ "transmission" ];
users.users.transmission.group = mkForce "download";
- systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ];
+ systemd.services.transmission.bindsTo = [ "openvpn-nordvpn.service" ];
+ systemd.services.transmission.after = [ "openvpn-nordvpn.service" ];
+ systemd.services.transmission.postStart = ''
+ chmod 775 /var/download/finished
+ '';
services.transmission = {
enable = true;
settings = {
@@ -52,6 +56,9 @@ with import <stockholm/lib>;
autoindex on;
'';
};
+ locations."/dl".extraConfig = ''
+ return 301 /;
+ '';
locations."/" = {
root = "/var/download/finished";
extraConfig = ''
From 848ababbe1d050b12ca98da2ca713e7de7eca286 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:04:02 +0100
Subject: [PATCH 043/103] l: add more mails
---
lass/2configs/exim-smarthost.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 1ee45bb41..1acfe5056 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -94,6 +94,7 @@ with import <stockholm/lib>;
{ from = "osmocom@lassul.us"; to = lass.mail; }
{ from = "lesswrong@lassul.us"; to = lass.mail; }
{ from = "nordvpn@lassul.us"; to = lass.mail; }
+ { from = "csv-direct@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
From 72e9832f73ba27aafe0fe819d8dc160235222897 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:04:13 +0100
Subject: [PATCH 044/103] l games: add dolhinEmu to pkgs
---
lass/2configs/games.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 49602898e..62e3f6d52 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -57,6 +57,7 @@ let
in {
environment.systemPackages = with pkgs; [
+ dolphinEmu
doom1
doom2
vdoom1
From dfa8e29fd82219849676244b3e90574cfaf7fe2c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:07:53 +0100
Subject: [PATCH 045/103] l: rebind capslock, enable libinput
---
lass/2configs/baseX.nix | 4 ++--
lass/2configs/mouse.nix | 3 ++-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index d781f8c71..53d90ed7d 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -97,9 +97,9 @@ in {
enable = true;
layout = "us";
display = mkForce 0;
- xkbModel = "evdev";
xkbVariant = "altgr-intl";
- xkbOptions = "caps:backspace";
+ xkbOptions = "caps:escape";
+ libinput.enable = true;
displayManager.lightdm.enable = true;
windowManager.default = "xmonad";
windowManager.session = [{
diff --git a/lass/2configs/mouse.nix b/lass/2configs/mouse.nix
index 098809d62..f5f9319ed 100644
--- a/lass/2configs/mouse.nix
+++ b/lass/2configs/mouse.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ lib, ... }:
{
hardware.trackpoint = {
enable = true;
@@ -7,6 +7,7 @@
emulateWheel = true;
};
+ services.xserver.libinput.enable = lib.mkForce false;
services.xserver.synaptics = {
enable = true;
horizEdgeScroll = false;
From 30772247c0e629d443fb62bc566f3651be1157c1 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:12:34 +0100
Subject: [PATCH 046/103] l: add morpheus.r
---
krebs/3modules/lass/default.nix | 29 +++++++++++++++++++++++++
lass/1systems/morpheus/config.nix | 33 +++++++++++++++++++++++++++++
lass/1systems/morpheus/physical.nix | 32 ++++++++++++++++++++++++++++
3 files changed, 94 insertions(+)
create mode 100644 lass/1systems/morpheus/config.nix
create mode 100644 lass/1systems/morpheus/physical.nix
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index adfa8dbee..f06d62586 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -516,6 +516,35 @@ in
external = true;
ci = false;
};
+ morpheus = {
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.19";
+ ip6.addr = "42::19";
+ aliases = [
+ "morpheus.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY
+ T7yWiKaUuBJThWged9PdPltLUEMmv+ubQqpWHZq442VWSS36r1yMSGpUeKK+oYMN
+ /Sfu+1yC4m2uXno95wpJZIcDfbbn26jT6ldJ4Yd97zyrXKljvcdrz3wZzQq0tojh
+ S5Q59x/aQMJbnQpnlFnMIEVgULuFPW16+vPGsXIPdYNggaF1avcBaFl8i3M0EZVz
+ Swn4hArDynDJhR7M0QdlwOpOh7O+1iOnmXqqei3LxMVHb+YtzfHgxOPxggUsy7CR
+ bj9uBR9loGwgmZwaxXd1Vfbw8kn/feOb9FcW73u+SZyzwEA9HFRV0jGQe3P9mGfI
+ Bwe02DOTVXEB8jTAGCw5T3bXLIOX8kqdlCECuAWFfrt8H+GjZDuGUWRcMn32orMz
+ sMvkab95ZOHK6Q31mrhILOIOdyZWKPZIabL3HF6CZtu52h6MDHbmGS0w0OJYhj2+
+ VnT9ZBoaeooVg8QOE43rCXvmL5vzhLKrj4s/53wTGG5SpzLs9Q9rrJVgAnz4YQ7j
+ 3Ov5q3Zxyr+vO6O7Pb5X49vCQw/jzK41S0/15GEmKcoxXemzeZCpX1mbeeTUtLvA
+ U7OJwldrElzictBJ1gT94L4BDvoGZVqAkXJCJPamfsWaiw6SsMqtTfECAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f ";
+ };
};
users = rec {
lass = lass-blue;
diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix
new file mode 100644
index 000000000..0d82ba611
--- /dev/null
+++ b/lass/1systems/morpheus/config.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ imports = [
+ <stockholm/lass>
+
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/power-action.nix>
+ <stockholm/lass/2configs/baseX.nix>
+ <stockholm/lass/2configs/games.nix>
+ <stockholm/lass/2configs/steam.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.morpheus;
+
+ networking.wireless.enable = false;
+ networking.networkmanager.enable = true;
+
+ services.logind.extraConfig = ''
+ HandleLidSwitch=ignore
+ '';
+
+ nixpkgs.config.packageOverrides = super: {
+ steam = super.steam.override {
+ withPrimus = true;
+ extraPkgs = p: with p; [
+ glxinfo
+ nettools
+ bumblebee
+ ];
+ };
+ };
+}
diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix
new file mode 100644
index 000000000..0f08acb2d
--- /dev/null
+++ b/lass/1systems/morpheus/physical.nix
@@ -0,0 +1,32 @@
+{ lib, ... }:
+{
+ imports = [
+ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ ./config.nix
+ ];
+
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ networking.hostId = "60ce7e88";
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.kernelParams = [ "acpi_osi=!" ''acpi_osi="Windows 2009"'' ];
+
+ hardware.bumblebee.enable = true;
+ hardware.bumblebee.group = "video";
+
+ fileSystems."/" =
+ { device = "rpool/root";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/DF3B-4528";
+ fsType = "vfat";
+ };
+
+ nix.maxJobs = lib.mkDefault 8;
+ powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
From dc64ec0307253b497afc4a99a5e6aca1f1a23be9 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 9 Dec 2018 17:26:41 +0100
Subject: [PATCH 047/103] l gen-secrets: add wirelum keys
---
lass/5pkgs/l-gen-secrets/default.nix | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix
index b6cb2ec7e..5997dca09 100644
--- a/lass/5pkgs/l-gen-secrets/default.nix
+++ b/lass/5pkgs/l-gen-secrets/default.nix
@@ -8,6 +8,8 @@ pkgs.writeDashBin "l-gen-secrets" ''
${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
+ ${pkgs.wireguard}/bin/wg genkey > $TMPDIR/wirelum.key
+ ${pkgs.coreutils}/bin/cat $TMPDIR/wirelum.key | ${pkgs.wireguard}/bin/wg pubkey > $TMPDIR/wirelum.pub
cat <<EOF > $TMPDIR/hashedPasswords.nix
{
root = "$HASHED_PASSWORD";
@@ -35,6 +37,15 @@ pkgs.writeDashBin "l-gen-secrets" ''
$(cat $TMPDIR/retiolum.rsa_key.pub)
${"''"};
};
+ wirelum = {
+ ip6.addr = (wip6 "changeme").address;
+ aliases = [
+ "$HOSTNAME.w"
+ ];
+ wireguard.pubkey = ${"''"}
+ $(cat $TMPDIR/wirelum.pub)
+ ${"''"};
+ };
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)";
From 56ffeb186a10c7b4406ac777149e7256a6c4dbbb Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 9 Dec 2018 18:43:41 +0100
Subject: [PATCH 048/103] ma pkgs.libopencm3: rip
---
makefu/5pkgs/libopencm3/default.nix | 30 -----------------------------
1 file changed, 30 deletions(-)
delete mode 100644 makefu/5pkgs/libopencm3/default.nix
diff --git a/makefu/5pkgs/libopencm3/default.nix b/makefu/5pkgs/libopencm3/default.nix
deleted file mode 100644
index ed35fc639..000000000
--- a/makefu/5pkgs/libopencm3/default.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ lib, stdenv, fetchFromGitHub, gcc-arm-embedded, python }:
-stdenv.mkDerivation rec {
- name = "libopencm-${version}";
- version = "2017-04-01";
-
- src = fetchFromGitHub {
- owner = "libopencm3";
- repo = "libopencm3";
- rev = "383fafc862c0d47f30965f00409d03a328049278";
- sha256 = "0ar67icxl39cf7yb5glx3zd5413vcs7zp1jq0gzv1napvmrv3jv9";
- };
-
- buildInputs = [ gcc-arm-embedded python ];
- buildPhase = ''
- sed -i 's#/usr/bin/env python#${python}/bin/python#' ./scripts/irq2nvic_h
- make
- '';
- installPhase = ''
- mkdir -p $out
- cp -r lib $out/
- '';
-
- meta = {
- description = "Open Source ARM cortex m microcontroller library";
- homepage = https://github.com/libopencm3/libopencm3;
- license = stdenv.lib.licenses.gpl2;
- platforms = stdenv.lib.platforms.linux;
- maintainers = with stdenv.lib.maintainers; [ makefu ];
- };
-}
From 2e18ee84f02c0d7abcf936b1d39c42ab8e75825c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 10 Dec 2018 00:09:03 +0100
Subject: [PATCH 049/103] ma: sort hostnames for euer, add
netdata.euer.krebsco.de
---
krebs/3modules/makefu/default.nix | 62 ++++++++++---------
.../stats/{client.nix => collectd-client.nix} | 0
2 files changed, 32 insertions(+), 30 deletions(-)
rename makefu/2configs/stats/{client.nix => collectd-client.nix} (100%)
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 188fbc461..32cba1886 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -560,27 +560,28 @@ in {
ci = true;
extraZones = {
"krebsco.de" = ''
+ boot.euer IN A ${nets.internet.ip4.addr}
cache.euer IN A ${nets.internet.ip4.addr}
cache.gum IN A ${nets.internet.ip4.addr}
- graph IN A ${nets.internet.ip4.addr}
- gold IN A ${nets.internet.ip4.addr}
- iso.euer IN A ${nets.internet.ip4.addr}
- wg.euer IN A ${nets.internet.ip4.addr}
- photostore IN A ${nets.internet.ip4.addr}
- o.euer IN A ${nets.internet.ip4.addr}
- mon.euer IN A ${nets.internet.ip4.addr}
- boot.euer IN A ${nets.internet.ip4.addr}
- wiki.euer IN A ${nets.internet.ip4.addr}
- pigstarter IN A ${nets.internet.ip4.addr}
cgit.euer IN A ${nets.internet.ip4.addr}
- git.euer IN A ${nets.internet.ip4.addr}
- euer IN A ${nets.internet.ip4.addr}
- share.euer IN A ${nets.internet.ip4.addr}
- gum IN A ${nets.internet.ip4.addr}
- wikisearch IN A ${nets.internet.ip4.addr}
dl.euer IN A ${nets.internet.ip4.addr}
- ghook IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
+ euer IN A ${nets.internet.ip4.addr}
+ ghook IN A ${nets.internet.ip4.addr}
+ git.euer IN A ${nets.internet.ip4.addr}
+ gold IN A ${nets.internet.ip4.addr}
+ graph IN A ${nets.internet.ip4.addr}
+ gum IN A ${nets.internet.ip4.addr}
+ iso.euer IN A ${nets.internet.ip4.addr}
+ mon.euer IN A ${nets.internet.ip4.addr}
+ netdata.euer IN A ${nets.internet.ip4.addr}
+ o.euer IN A ${nets.internet.ip4.addr}
+ photostore IN A ${nets.internet.ip4.addr}
+ pigstarter IN A ${nets.internet.ip4.addr}
+ share.euer IN A ${nets.internet.ip4.addr}
+ wg.euer IN A ${nets.internet.ip4.addr}
+ wiki.euer IN A ${nets.internet.ip4.addr}
+ wikisearch IN A ${nets.internet.ip4.addr}
io IN NS gum.krebsco.de.
'';
};
@@ -607,24 +608,25 @@ in {
ip4.addr = "10.243.0.213";
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3";
aliases = [
- "nextgum.r"
- "graph.r"
- "cache.gum.r"
- "logs.makefu.r"
- "stats.makefu.r"
"backup.makefu.r"
- "dcpp.nextgum.r"
- "gum.r"
- "cgit.gum.r"
- "o.gum.r"
- "tracker.makefu.r"
- "search.makefu.r"
- "wiki.makefu.r"
- "wiki.gum.r"
- "blog.makefu.r"
"blog.gum.r"
+ "blog.makefu.r"
+ "cache.gum.r"
+ "cgit.gum.r"
"dcpp.gum.r"
+ "dcpp.nextgum.r"
+ "graph.r"
+ "gum.r"
+ "logs.makefu.r"
+ "netdata.makefu.r"
+ "nextgum.r"
+ "o.gum.r"
+ "search.makefu.r"
+ "stats.makefu.r"
"torrent.gum.r"
+ "tracker.makefu.r"
+ "wiki.gum.r"
+ "wiki.makefu.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/makefu/2configs/stats/client.nix b/makefu/2configs/stats/collectd-client.nix
similarity index 100%
rename from makefu/2configs/stats/client.nix
rename to makefu/2configs/stats/collectd-client.nix
From 761ce9cefdb2c04132f44c2b41fac6d49a472752 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 9 Dec 2018 10:14:09 +0100
Subject: [PATCH 050/103] tv xmonad: cleanup service definition
---
tv/2configs/xserver/default.nix | 45 +++++++++++++++------------------
1 file changed, 21 insertions(+), 24 deletions(-)
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index 1c0516651..f68e8e681 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -48,34 +48,35 @@ in {
systemd.services.xmonad = let
xmonad = "${pkgs.haskellPackages.xmonad-tv}/bin/xmonad";
+ xmonad-prepare = pkgs.writeDash "xmonad-prepare" ''
+ ${pkgs.coreutils}/bin/mkdir -p "$XMONAD_CACHE_DIR"
+ ${pkgs.coreutils}/bin/mkdir -p "$XMONAD_CONFIG_DIR"
+ ${pkgs.coreutils}/bin/mkdir -p "$XMONAD_DATA_DIR"
+ '';
+ xmonad-ready = pkgs.writeDash "xmonad-ready" ''
+ {
+ ${pkgs.xorg.xhost}/bin/xhost +SI:localuser:${cfg.user.name}
+ ${pkgs.xorg.xhost}/bin/xhost -LOCAL:
+ } &
+ ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} &
+ ${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} &
+ ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' &
+ wait
+ '';
in {
wantedBy = [ "graphical.target" ];
requires = [ "xserver.service" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
-
FZMENU_FZF_DEFAULT_OPTS = toString [
"--color=dark,border:126,bg+:090"
"--inline-info"
];
-
XMONAD_CACHE_DIR = cfg.cacheDir;
XMONAD_CONFIG_DIR = cfg.configDir;
XMONAD_DATA_DIR = cfg.dataDir;
-
- XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" ''
- {
- ${pkgs.xorg.xhost}/bin/xhost +SI:localuser:${cfg.user.name}
- ${pkgs.xorg.xhost}/bin/xhost -LOCAL:
- } &
- ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} &
- ${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} &
- ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' &
- wait
- '';
-
- # XXX JSON is close enough :)
- XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
+ XMONAD_STARTUP_HOOK = xmonad-ready;
+ XMONAD_WORKSPACES0_FILE = pkgs.writeJSON "xmonad-workspaces0.json" [
"Dashboard" # we start here
"23"
"cr"
@@ -85,7 +86,7 @@ in {
"mail"
"stockholm"
"za" "zh" "zj" "zs"
- ]);
+ ];
};
path = [
config.tv.slock.package
@@ -96,14 +97,10 @@ in {
"/run/wrappers" # for su
];
serviceConfig = {
- SyslogIdentifier = "xmonad";
- ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${toString [
- "\${XMONAD_CACHE_DIR}"
- "\${XMONAD_CONFIG_DIR}"
- "\${XMONAD_DATA_DIR}"
- ]}";
- ExecStart = "@${xmonad} xmonad-${currentSystem} ";
+ ExecStartPre = "@${xmonad-prepare} xmonad-prepare";
+ ExecStart = "@${xmonad} xmonad-${currentSystem}";
ExecStop = "@${xmonad} xmonad-${currentSystem} --shutdown";
+ SyslogIdentifier = "xmonad";
User = cfg.user.name;
WorkingDirectory = cfg.user.home;
};
From c36a52fb672e585d89db469a075593ef34351207 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 11 Dec 2018 19:52:12 +0100
Subject: [PATCH 051/103] =?UTF-8?q?lib.krebs.genipv6=20hash:=200000=20->?=
=?UTF-8?q?=200=20instead=20of=20=CE=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
lib/krebs/genipv6.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix
index 8d5ca1667..27df8bf55 100644
--- a/lib/krebs/genipv6.nix
+++ b/lib/krebs/genipv6.nix
@@ -36,7 +36,7 @@ let {
suffixLength = addressLength - subnetPrefixLength;
};
- hash = s: head (match "0*(.*)" (substring 0 4 (hashString "sha256" s)));
+ hash = s: head (match "0*(.+)" (substring 0 4 (hashString "sha256" s)));
dropLast = n: xs: reverseList (drop n (reverseList xs));
takeLast = n: xs: reverseList (take n (reverseList xs));
From 46275b41edaa6063bdfb3ba040421b79ebd27b35 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 11 Dec 2018 21:37:52 +0100
Subject: [PATCH 052/103] lib.krebs.genipv6: can compute suffix from name
---
lib/krebs/genipv6.nix | 38 ++++++++++++++++++++++++++++++++++----
1 file changed, 34 insertions(+), 4 deletions(-)
diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix
index 27df8bf55..8e105ab49 100644
--- a/lib/krebs/genipv6.nix
+++ b/lib/krebs/genipv6.nix
@@ -1,7 +1,7 @@
lib:
with lib;
let {
- body = netname: subnetname: suffix: rec {
+ body = netname: subnetname: suffixSpec: rec {
address = let
suffix' =
if hasEmptyGroup (parseAddress suffix)
@@ -28,15 +28,45 @@ let {
inherit subnetname;
subnetCIDR = "${subnetAddress}/${toString subnetPrefixLength}";
subnetAddress = joinAddress subnetPrefix "::";
- subnetHash = hash subnetname;
+ subnetHash = simplify (hash 4 subnetname);
subnetPrefix = joinAddress netPrefix subnetHash;
subnetPrefixLength = netPrefixLength + 16;
- inherit suffix;
+ suffix = getAttr (typeOf suffixSpec) {
+ set =
+ concatMapStringsSep
+ ":"
+ simplify
+ (stringToGroupsOf 4 (hash (suffixLength / 8) suffixSpec.hostName));
+ string = suffixSpec;
+ };
suffixLength = addressLength - subnetPrefixLength;
};
- hash = s: head (match "0*(.+)" (substring 0 4 (hashString "sha256" s)));
+ # Split string into list of chunks where each chunk is at most n chars long.
+ # The leftmost chunk might shorter.
+ # Example: stringToGroupsOf "123456" -> ["12" "3456"]
+ stringToGroupsOf = n: s: let
+ acc =
+ foldl'
+ (acc: c: if stringLength acc.chunk < n then {
+ chunk = acc.chunk + c;
+ chunks = acc.chunks;
+ } else {
+ chunk = c;
+ chunks = acc.chunks ++ [acc.chunk];
+ })
+ {
+ chunk = "";
+ chunks = [];
+ }
+ (stringToCharacters s);
+ in
+ filter (x: x != []) ([acc.chunk] ++ acc.chunks);
+
+ simplify = s: head (match "0*(.+)" s);
+
+ hash = n: s: substring 0 n (hashString "sha256" s);
dropLast = n: xs: reverseList (drop n (reverseList xs));
takeLast = n: xs: reverseList (take n (reverseList xs));
From 313712ebc2fc70adefd577f09f0d1795450b0b00 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 11 Dec 2018 21:41:11 +0100
Subject: [PATCH 053/103] hosts.*.net.retiolum.ip6.addr: use genipv6
---
krebs/3modules/external/default.nix | 36 +++++++++------------
krebs/3modules/jeschli/default.nix | 20 ++++++------
krebs/3modules/krebs/default.nix | 24 ++++++--------
krebs/3modules/lass/default.nix | 36 +++++++--------------
krebs/3modules/makefu/default.nix | 50 ++++++++---------------------
krebs/3modules/tv/default.nix | 22 ++++++-------
6 files changed, 70 insertions(+), 118 deletions(-)
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 0aef25317..02d28ddc8 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -1,19 +1,22 @@
-{ config, ... }:
-
with import <stockholm/lib>;
+{ config, ... }: let
-{
- hosts = mapAttrs (_: recursiveUpdate {
+ hostDefaults = hostName: host: flip recursiveUpdate host ({
ci = false;
external = true;
monitoring = false;
- }) {
+ } // optionalAttrs (host.nets?retiolum) {
+ nets.retiolum.ip6.addr =
+ (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
+ });
+
+in {
+ hosts = mapAttrs hostDefaults {
sokrateslaptop = {
owner = config.krebs.users.sokratess;
nets = {
retiolum = {
ip4.addr = "10.243.142.104";
- ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc";
aliases = [
"sokrateslaptop.r"
];
@@ -35,7 +38,6 @@ with import <stockholm/lib>;
nets = {
retiolum = {
ip4.addr = "10.243.29.201";
- ip6.addr = "42:4234:6a6d:600::1";
aliases = [
"kruck.r"
];
@@ -62,7 +64,6 @@ with import <stockholm/lib>;
nets = {
retiolum = {
ip4.addr = "10.243.2.2";
- ip6.addr = "42:2:5ca:da:3111::1";
aliases = [
"scardanelli.r"
];
@@ -90,7 +91,6 @@ with import <stockholm/lib>;
nets = {
retiolum = {
ip4.addr = "10.243.2.1";
- ip6.addr = "42:2::0:3:05::1";
aliases = [
"homeros.r"
];
@@ -118,7 +118,6 @@ with import <stockholm/lib>;
nets = {
retiolum = {
ip4.addr = "10.243.29.168";
- ip6.addr = "42:4992:6a6d:600::1";
aliases = [
"turingmachine.r"
];
@@ -148,14 +147,13 @@ with import <stockholm/lib>;
ip4.addr = "129.215.197.11";
aliases = [ "eddie.i" ];
};
- retiolum = rec {
+ retiolum = {
via = internet;
addrs = [
- ip4.addr
- ip6.addr
+ config.krebs.hosts.eddie.nets.retiolum.ip4.addr
+ config.krebs.hosts.eddie.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.170";
- ip6.addr = "42:4992:6a6d:700::1";
aliases = [ "eddie.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -184,7 +182,6 @@ with import <stockholm/lib>;
nets = {
retiolum = {
ip4.addr = "10.243.29.171";
- ip6.addr = "42:4992:6a6d:700::2";
aliases = [ "rock.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -214,7 +211,6 @@ with import <stockholm/lib>;
retiolum = {
via = internet;
ip4.addr = "10.243.29.172";
- ip6.addr = "42:4992:6a6d:800::1";
aliases = [ "inspector.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -239,7 +235,6 @@ with import <stockholm/lib>;
nets = rec {
retiolum = {
ip4.addr = "10.243.29.173";
- ip6.addr = "42:4992:6a6d:900::1";
aliases = [ "dpdkm.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -268,14 +263,13 @@ with import <stockholm/lib>;
ip6.addr = "2a03:4000:13:31e::1";
aliases = [ "eve.i" ];
};
- retiolum = rec {
+ retiolum = {
via = internet;
addrs = [
- ip4.addr
- ip6.addr
+ config.krebs.hosts.eve.nets.retiolum.ip4.addr
+ config.krebs.hosts.eve.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.174";
- ip6.addr = "42:4992:6a6d:a00::1";
aliases = [ "eve.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix
index c0cb601bc..4a8af435b 100644
--- a/krebs/3modules/jeschli/default.nix
+++ b/krebs/3modules/jeschli/default.nix
@@ -1,17 +1,20 @@
-{ config, ... }:
-
with import <stockholm/lib>;
+{ config, ... }: let
-{
- hosts = mapAttrs (_: recursiveUpdate {
- owner = config.krebs.users.jeschli;
+ hostDefaults = hostName: host: flip recursiveUpdate host ({
ci = true;
- }) {
+ owner = config.krebs.users.jeschli;
+ } // optionalAttrs (host.nets?retiolum) {
+ nets.retiolum.ip6.addr =
+ (krebs.genipv6 "retiolum" "jeschli" { inherit hostName; }).address;
+ });
+
+in {
+ hosts = mapAttrs hostDefaults {
brauerei = {
nets = {
retiolum = {
ip4.addr = "10.243.27.29";
- ip6.addr = "42::29";
aliases = [
"brauerei.r"
];
@@ -48,7 +51,6 @@ with import <stockholm/lib>;
nets = {
retiolum = {
ip4.addr = "10.243.27.27";
- ip6.addr = "42::27";
aliases = [
"reagenzglas.r"
];
@@ -92,7 +94,6 @@ with import <stockholm/lib>;
retiolum = {
via = internet;
ip4.addr = "10.243.27.30";
- ip6.addr = "42::30";
aliases = [
"enklave.r"
"cgit.enklave.r"
@@ -131,7 +132,6 @@ with import <stockholm/lib>;
nets = {
retiolum = {
ip4.addr = "10.243.27.31";
- ip6.addr = "42::31";
aliases = [
"bolide.r"
];
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 889ee2817..59fc43af8 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -1,20 +1,24 @@
-{ config, ... }:
-
with import <stockholm/lib>;
-let
+{ config, ... }: let
+
+ hostDefaults = hostName: host: flip recursiveUpdate host ({
+ owner = config.krebs.users.krebs;
+ } // optionalAttrs (host.nets?retiolum) {
+ nets.retiolum.ip6.addr =
+ (krebs.genipv6 "retiolum" "krebs" { inherit hostName; }).address;
+ });
+
testHosts = genAttrs [
"test-arch"
"test-centos6"
"test-centos7"
"test-all-krebs-modules"
] (name: {
- owner = config.krebs.users.krebs;
inherit name;
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.73.57";
- ip6.addr = "42:0:0:0:0:0:0:7357";
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAy41YKF/wpHLnN370MSdnAo63QUW30aw+6O79cnaJyxoL6ZQkk4Nd
@@ -29,14 +33,12 @@ let
};
});
in {
- hosts = {
+ hosts = mapAttrs hostDefaults {
hotdog = {
ci = true;
- owner = config.krebs.users.krebs;
nets = {
retiolum = {
ip4.addr = "10.243.77.3";
- ip6.addr = "42:0:0:0:0:0:77:3";
aliases = [
"hotdog.r"
"build.r"
@@ -61,11 +63,9 @@ in {
};
onebutton = {
cores = 1;
- owner = config.krebs.users.krebs;
nets = {
retiolum = {
ip4.addr = "10.243.0.101";
- ip6.addr = "42:0:0:0:0:0:0:101";
aliases = [
"onebutton.r"
];
@@ -92,11 +92,9 @@ in {
};
puyak = {
ci = true;
- owner = config.krebs.users.krebs;
nets = {
retiolum = {
ip4.addr = "10.243.77.2";
- ip6.addr = "42:0:0:0:0:0:77:2";
aliases = [
"puyak.r"
"build.puyak.r"
@@ -120,7 +118,6 @@ in {
};
wolf = {
ci = true;
- owner = config.krebs.users.krebs;
nets = {
shack = {
ip4.addr = "10.42.2.150" ;
@@ -135,7 +132,6 @@ in {
};
retiolum = {
ip4.addr = "10.243.77.1";
- ip6.addr = "42:0:0:0:0:0:77:1";
aliases = [
"wolf.r"
"build.wolf.r"
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index f06d62586..0d8513a69 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -1,20 +1,22 @@
-{ config, ... }:
with import <stockholm/lib>;
-let
+{ config, ... }: let
+
+ hostDefaults = hostName: host: flip recursiveUpdate host ({
+ ci = true;
+ monitoring = true;
+ owner = config.krebs.users.lass;
+ } // optionalAttrs (host.nets?retiolum) {
+ nets.retiolum.ip6.addr =
+ (krebs.genipv6 "retiolum" "lass" { inherit hostName; }).address;
+ });
- rip6 = krebs.genipv6 "retiolum" "lass";
wip6 = krebs.genipv6 "wirelum" "lass";
-in
-{
+in {
dns.providers = {
"lassul.us" = "zones";
};
- hosts = mapAttrs (_: recursiveUpdate {
- owner = config.krebs.users.lass;
- ci = true;
- monitoring = true;
- }) {
+ hosts = mapAttrs hostDefaults {
prism = rec {
cores = 4;
extraZones = {
@@ -54,7 +56,6 @@ in
retiolum = {
via = internet;
ip4.addr = "10.243.0.103";
- ip6.addr = "42:0000:0000:0000:0000:0000:0000:15ab";
aliases = [
"prism.r"
"cache.prism.r"
@@ -118,7 +119,6 @@ in
retiolum = {
via = internet;
ip4.addr = "10.243.0.123";
- ip6.addr = "42:0:0:0:0:0:0:123";
aliases = [
"archprism.r"
];
@@ -150,7 +150,6 @@ in
nets = {
retiolum = {
ip4.addr = "10.243.81.176";
- ip6.addr = "42:dc25:60cf:94ef:759b:d2b6:98a9:2e56";
aliases = [
"uriel.r"
"cgit.uriel.r"
@@ -176,7 +175,6 @@ in
nets = {
retiolum = {
ip4.addr = "10.243.0.2";
- ip6.addr = "42:0:0:0:0:0:0:dea7";
aliases = [
"mors.r"
"cgit.mors.r"
@@ -209,7 +207,6 @@ in
nets = {
retiolum = {
ip4.addr = "10.243.0.4";
- ip6.addr = "42:0:0:0:0:0:0:50d4";
aliases = [
"shodan.r"
"cgit.shodan.r"
@@ -242,7 +239,6 @@ in
nets = rec {
retiolum = {
ip4.addr = "10.243.133.114";
- ip6.addr = "42:0:0:0:0:0:01ca:1205";
aliases = [
"icarus.r"
"cgit.icarus.r"
@@ -275,7 +271,6 @@ in
nets = rec {
retiolum = {
ip4.addr = "10.243.133.115";
- ip6.addr = "42:0:0:0:0:0:daed:a105";
aliases = [
"daedalus.r"
"cgit.daedalus.r"
@@ -301,7 +296,6 @@ in
nets = rec {
retiolum = {
ip4.addr = "10.243.133.116";
- ip6.addr = "42:0:0:0:0:0:0:1101";
aliases = [
"skynet.r"
"cgit.skynet.r"
@@ -327,7 +321,6 @@ in
nets = {
retiolum = {
ip4.addr = "10.243.133.77";
- ip6.addr = "42:0:0:0:0:0:717:7137";
aliases = [
"littleT.r"
];
@@ -368,7 +361,6 @@ in
nets = rec {
retiolum = {
ip4.addr = "10.243.1.3";
- ip6.addr = "42::1:3";
aliases = [
"xerxes.r"
];
@@ -410,7 +402,6 @@ in
nets = {
retiolum = {
ip4.addr = "10.243.0.13";
- ip6.addr = "42:0:0:0:0:0:0:12ed";
aliases = [
"red.r"
];
@@ -440,7 +431,6 @@ in
nets = {
retiolum = {
ip4.addr = "10.243.0.14";
- ip6.addr = "42:0:0:0:0:0:0:14";
aliases = [
"yellow.r"
];
@@ -477,7 +467,6 @@ in
nets = {
retiolum = {
ip4.addr = "10.243.0.77";
- ip6.addr = "42:0:0:0:0:0:0:77";
aliases = [
"blue.r"
];
@@ -521,7 +510,6 @@ in
nets = {
retiolum = {
ip4.addr = "10.243.0.19";
- ip6.addr = "42::19";
aliases = [
"morpheus.r"
];
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 188fbc461..d6c1f0b61 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -1,20 +1,27 @@
-{ config, ... }:
-
-with import <stockholm/lib>;
## generate keys with:
# tinc generate-keys
# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
-let
+
+with import <stockholm/lib>;
+{ config, ... }: let
+
+ hostDefaults = hostName: host: flip recursiveUpdate host ({
+ owner = config.krebs.users.makefu;
+ } // optionalAttrs (host.nets?retiolum) {
+ nets.retiolum.ip6.addr =
+ (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
+ });
+
pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
+
in {
- hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
+ hosts = mapAttrs hostDefaults {
cake = rec {
cores = 4;
ci = false;
nets = {
retiolum = {
ip4.addr = "10.243.136.236";
- ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee1";
aliases = [
"cake.r"
];
@@ -39,7 +46,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.136.237";
- ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee2";
aliases = [
"crapi.r"
];
@@ -65,7 +71,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.177.9";
- ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce";
aliases = [
"drop.r"
];
@@ -90,7 +95,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.227.163";
- ip6.addr = "42:e23f:ae0e:ea25:72ff:4ab8:9bd9:38a6";
aliases = [
"studio.r"
];
@@ -116,7 +120,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.113.98";
- # ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
aliases = [
"fileleech.r"
];
@@ -147,7 +150,6 @@ in {
};
retiolum = {
ip4.addr = "10.243.80.249";
- ip6.addr = "42:ecb0:376:b37d:cf47:1ecf:f32b:a3b9";
aliases = [
"latte.r"
];
@@ -171,7 +173,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.0.210";
- ip6.addr = "42:f9f1:0000:0000:0000:0000:0000:0001";
aliases = [
"pnp.r"
"cgit.pnp.r"
@@ -195,7 +196,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.0.84";
- ip6.addr = "42:ff6b:5f0b:460d:2cee:4d05:73f7:5566";
aliases = [
"darth.r"
];
@@ -267,7 +267,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.0.212";
- ip6.addr = "42:f9f1:0000:0000:0000:0000:0000:0002";
aliases = [
"tsp.r"
];
@@ -295,7 +294,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.0.91";
- ip6.addr = "42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db";
aliases = [
"x.r"
];
@@ -329,7 +327,6 @@ in {
'';
};
#wiregrill = {
- # ip6.addr = "42:4200:0000:0000:0000:0000:0000:a4db";
# aliases = [
# "x.w"
# ];
@@ -347,7 +344,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.1.91";
- ip6.addr = "42:0b2c:d90e:e717:03dd:9ac1:0000:a400";
aliases = [
"vbob.r"
];
@@ -386,7 +382,6 @@ in {
};
retiolum = {
ip4.addr = "10.243.0.153";
- ip6.addr = "42:9143:b4c0:f981:6030:7aa2:8bc5:4110";
aliases = [
"pigstarter.r"
];
@@ -422,7 +417,6 @@ in {
retiolum = {
via = internet;
ip4.addr = "10.243.29.169";
- ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
aliases = [
"wry.r"
"graph.wry.r"
@@ -460,7 +454,6 @@ in {
};
retiolum = {
ip4.addr = "10.243.153.102";
- ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0";
aliases = [
"filepimp.r"
];
@@ -491,7 +484,6 @@ in {
};
retiolum = {
ip4.addr = "10.243.0.89";
- ip6.addr = "42:f9f0::10";
aliases = [
"omo.r"
"dcpp.omo.r"
@@ -536,7 +528,6 @@ in {
};
retiolum = {
ip4.addr = "10.243.214.15";
- # ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
aliases = [
"wbob.r"
"hydra.wbob.r"
@@ -596,7 +587,6 @@ in {
};
#wiregrill = {
# via = internet;
- # ip6.addr = "42:4200:0000:0000:0000:0000:0000:70d3";
# aliases = [
# "gum.w"
# ];
@@ -605,7 +595,6 @@ in {
retiolum = {
via = internet;
ip4.addr = "10.243.0.213";
- ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3";
aliases = [
"nextgum.r"
"graph.r"
@@ -673,7 +662,6 @@ in {
};
retiolum = {
ip4.addr = "10.243.205.131";
- ip6.addr = "42:490d:cd82:d2bb:56d5:abd1:b88b:e8b4";
aliases = [
"shoney.r"
];
@@ -698,7 +686,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.83.237";
- ip6.addr = "42:af50:99cf:c185:f1a8:14d5:acb:8101";
aliases = [
"sdev.r"
];
@@ -736,7 +723,6 @@ in {
};
retiolum = {
ip4.addr = "10.243.211.172";
- ip6.addr = "42:472a:3d01:bbe4:4425:567e:592b:065d";
aliases = [
"flap.r"
];
@@ -759,7 +745,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.231.219";
- ip6.addr = "42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72";
aliases = [
"nukular.r"
];
@@ -782,7 +767,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.124.21";
- ip6.addr = "42:9898:a8be:ce56:0ee3:b99c:42c5:109e";
aliases = [
"heidi.r"
];
@@ -872,7 +856,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.189.130";
- ip6.addr = "42:c64e:011f:9755:31e1:c3e6:73c0:af2d";
aliases = [
"filebitch.r"
];
@@ -895,7 +878,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.26.29";
- ip6.addr = "42:927a:3d59:1cb3:29d6:1a08:78d3:812e";
aliases = [
"excobridge.r"
];
@@ -918,7 +900,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.226.213";
- ip6.addr = "42:432e:2379:0cd2:8486:f3b5:335a:5d83";
aliases = [
"horisa.r"
];
@@ -947,7 +928,6 @@ in {
};
retiolum = {
ip4.addr = "10.243.57.85";
- ip6.addr = "42:2f06:b899:a3b5:1dcf:51a4:a02b:8731";
aliases = [
"wooki.r"
];
@@ -970,7 +950,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.0.163";
- ip6.addr = "42:b67b:5752:a730:5f28:d80d:6b37:5bda";
aliases = [
"senderechner.r"
];
@@ -995,7 +974,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.144.142";
- ip6.addr = "42:4bf8:94b:eec5:69e2:c837:686e:f278";
aliases = [
"tcac-0-1.r"
];
@@ -1025,7 +1003,6 @@ in {
};
retiolum = {
ip4.addr = "10.243.139.184";
- ip6.addr = "42:d568:6106:ba30:753b:0f2a:8225:b1fb";
aliases = [
"muhbaasu.r"
];
@@ -1048,7 +1025,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.183.236";
- ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c";
aliases = [
"tpsw.r"
];
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 71670d336..0683492bc 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -1,19 +1,24 @@
-{ config, ... }:
-
with import <stockholm/lib>;
+{ config, ... }: let
-{
+ hostDefaults = hostName: host: flip recursiveUpdate host ({
+ owner = config.krebs.users.tv;
+ } // optionalAttrs (host.nets?retiolum) {
+ nets.retiolum.ip6.addr =
+ (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address;
+ });
+
+in {
dns.providers = {
"viljetic.de" = "regfish";
};
- hosts = mapAttrs (_: setAttr "owner" config.krebs.users.tv) {
+ hosts = mapAttrs hostDefaults {
alnus = {
ci = true;
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.21.1";
- ip6.addr = "42::2101";
aliases = [
"alnus.r"
];
@@ -38,7 +43,6 @@ with import <stockholm/lib>;
nets = {
retiolum = {
ip4.addr = "10.243.20.1";
- ip6.addr = "42::2001";
aliases = [
"mu.r"
];
@@ -79,7 +83,6 @@ with import <stockholm/lib>;
retiolum = {
via = config.krebs.hosts.ni.nets.internet;
ip4.addr = "10.243.113.223";
- ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af4";
aliases = [
"ni.r"
"cgit.ni.r"
@@ -114,7 +117,6 @@ with import <stockholm/lib>;
};
retiolum = {
ip4.addr = "10.243.0.110";
- ip6.addr = "42:2d5:733f:d6da:c0f5:2bb7:2b18:9ec";
aliases = [
"nomic.r"
"cgit.nomic.r"
@@ -158,7 +160,6 @@ with import <stockholm/lib>;
};
retiolum = {
ip4.addr = "10.243.13.37";
- ip6.addr = "42::1337";
aliases = [
"wu.r"
"cgit.wu.r"
@@ -185,7 +186,6 @@ with import <stockholm/lib>;
nets = {
retiolum = {
ip4.addr = "10.243.22.22";
- ip6.addr = "42::2222";
aliases = [
"querel.r"
];
@@ -226,7 +226,6 @@ with import <stockholm/lib>;
};
retiolum = {
ip4.addr = "10.243.13.38";
- ip6.addr = "42::1338";
aliases = [
"xu.r"
"cgit.xu.r"
@@ -261,7 +260,6 @@ with import <stockholm/lib>;
};
retiolum = {
ip4.addr = "10.243.13.40";
- ip6.addr = "42::1340";
aliases = [
"zu.r"
];
From facbcdafc891094fa62857089b13fcc9926a4485 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 11 Dec 2018 21:59:41 +0100
Subject: [PATCH 054/103] lib.setAttr: RIP
---
lib/default.nix | 2 --
1 file changed, 2 deletions(-)
diff --git a/lib/default.nix b/lib/default.nix
index bf8c65e21..54597e5fd 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -29,8 +29,6 @@ let
listToAttrs (map (name: nameValuePair name set.${name})
(filter (flip hasAttr set) names));
- setAttr = name: value: set: set // { ${name} = value; };
-
test = re: x: isString x && testString re x;
testString = re: x: match re x != null;
From b6e1cef6a5d0235a049b8d7606ebf053d8ab1516 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 11 Dec 2018 22:47:27 +0100
Subject: [PATCH 055/103] lib.normalize-ip6-addr: only normalize addrs w/o ::
---
lib/default.nix | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lib/default.nix b/lib/default.nix
index 54597e5fd..e352c7be9 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -107,7 +107,11 @@ let
in
a: concatStringsSep ":" (map f (splitString ":" a));
in
- a: toLower (group-zeros (drop-leading-zeros a));
+ a:
+ toLower
+ (if test ".*::.*" a
+ then a
+ else group-zeros (drop-leading-zeros a));
};
in
From cee44811cdc5fbc0d46efd96439885065627aa1a Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 11 Dec 2018 22:49:14 +0100
Subject: [PATCH 056/103] lib.krebs.genipv6: use normalize-ip6-addr
---
lib/krebs/genipv6.nix | 35 ++++++++++++++++++++++-------------
1 file changed, 22 insertions(+), 13 deletions(-)
diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix
index 8e105ab49..bf3ebab38 100644
--- a/lib/krebs/genipv6.nix
+++ b/lib/krebs/genipv6.nix
@@ -3,18 +3,16 @@ with lib;
let {
body = netname: subnetname: suffixSpec: rec {
address = let
- suffix' =
- if hasEmptyGroup (parseAddress suffix)
- then suffix
- else joinAddress "::" suffix;
+ suffix' = prependZeros suffixLength suffix;
in
- checkAddress addressLength (joinAddress subnetPrefix suffix');
+ normalize-ip6-addr
+ (checkAddress addressLength (joinAddress subnetPrefix suffix'));
addressCIDR = "${address}/${toString addressLength}";
addressLength = 128;
inherit netname;
netCIDR = "${netAddress}/${toString netPrefixLength}";
- netAddress = joinAddress netPrefix "::";
+ netAddress = appendZeros netPrefixLength netPrefix;
netHash = toString {
retiolum = 0;
wirelum = 1;
@@ -27,22 +25,35 @@ let {
inherit subnetname;
subnetCIDR = "${subnetAddress}/${toString subnetPrefixLength}";
- subnetAddress = joinAddress subnetPrefix "::";
- subnetHash = simplify (hash 4 subnetname);
+ subnetAddress = appendZeros subnetPrefixLength subnetPrefix;
+ subnetHash = hash 4 subnetname;
subnetPrefix = joinAddress netPrefix subnetHash;
subnetPrefixLength = netPrefixLength + 16;
suffix = getAttr (typeOf suffixSpec) {
set =
- concatMapStringsSep
+ concatStringsSep
":"
- simplify
- (stringToGroupsOf 4 (hash (suffixLength / 8) suffixSpec.hostName));
+ (stringToGroupsOf 4 (hash (suffixLength / 4) suffixSpec.hostName));
string = suffixSpec;
};
suffixLength = addressLength - subnetPrefixLength;
};
+ appendZeros = n: s: let
+ n' = n / 16;
+ zeroCount = n' - length parsedaddr;
+ parsedaddr = parseAddress s;
+ in
+ formatAddress (parsedaddr ++ map (const "0") (range 1 zeroCount));
+
+ prependZeros = n: s: let
+ n' = n / 16;
+ zeroCount = n' - length parsedaddr;
+ parsedaddr = parseAddress s;
+ in
+ formatAddress (map (const "0") (range 1 zeroCount) ++ parsedaddr);
+
# Split string into list of chunks where each chunk is at most n chars long.
# The leftmost chunk might shorter.
# Example: stringToGroupsOf "123456" -> ["12" "3456"]
@@ -64,8 +75,6 @@ let {
in
filter (x: x != []) ([acc.chunk] ++ acc.chunks);
- simplify = s: head (match "0*(.+)" s);
-
hash = n: s: substring 0 n (hashString "sha256" s);
dropLast = n: xs: reverseList (drop n (reverseList xs));
From e55b54092803dbddbafe4971c9c7da4b5679988d Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 11 Dec 2018 23:11:40 +0100
Subject: [PATCH 057/103] krebs hosts: add owner to testHosts, too ^_^'
---
krebs/3modules/krebs/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 59fc43af8..72c16711c 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -33,7 +33,7 @@ with import <stockholm/lib>;
};
});
in {
- hosts = mapAttrs hostDefaults {
+ hosts = mapAttrs hostDefaults ({
hotdog = {
ci = true;
nets = {
@@ -153,7 +153,7 @@ in {
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR";
};
- } // testHosts;
+ } // testHosts);
users = {
krebs = {
pubkey = "lol"; # TODO krebs.users.krebs.pubkey should be unnecessary
From 474e3e2e4513a5d2df89789885725b176e7ec532 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 11 Dec 2018 23:21:42 +0100
Subject: [PATCH 058/103] lib: import generally useful stuff from genipv6
---
lib/default.nix | 27 +++++++++++++++++++++++++++
lib/krebs/genipv6.nix | 32 ++++----------------------------
2 files changed, 31 insertions(+), 28 deletions(-)
diff --git a/lib/default.nix b/lib/default.nix
index e352c7be9..64b2d48ab 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -112,6 +112,33 @@ let
(if test ".*::.*" a
then a
else group-zeros (drop-leading-zeros a));
+
+ hashToLength = n: s: substring 0 n (hashString "sha256" s);
+
+ dropLast = n: xs: reverseList (drop n (reverseList xs));
+ takeLast = n: xs: reverseList (take n (reverseList xs));
+
+ # Split string into list of chunks where each chunk is at most n chars long.
+ # The leftmost chunk might shorter.
+ # Example: stringToGroupsOf "123456" -> ["12" "3456"]
+ stringToGroupsOf = n: s: let
+ acc =
+ foldl'
+ (acc: c: if stringLength acc.chunk < n then {
+ chunk = acc.chunk + c;
+ chunks = acc.chunks;
+ } else {
+ chunk = c;
+ chunks = acc.chunks ++ [acc.chunk];
+ })
+ {
+ chunk = "";
+ chunks = [];
+ }
+ (stringToCharacters s);
+ in
+ filter (x: x != []) ([acc.chunk] ++ acc.chunks);
+
};
in
diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix
index bf3ebab38..af1df6d0e 100644
--- a/lib/krebs/genipv6.nix
+++ b/lib/krebs/genipv6.nix
@@ -26,7 +26,7 @@ let {
inherit subnetname;
subnetCIDR = "${subnetAddress}/${toString subnetPrefixLength}";
subnetAddress = appendZeros subnetPrefixLength subnetPrefix;
- subnetHash = hash 4 subnetname;
+ subnetHash = hashToLength 4 subnetname;
subnetPrefix = joinAddress netPrefix subnetHash;
subnetPrefixLength = netPrefixLength + 16;
@@ -34,7 +34,9 @@ let {
set =
concatStringsSep
":"
- (stringToGroupsOf 4 (hash (suffixLength / 4) suffixSpec.hostName));
+ (stringToGroupsOf
+ 4
+ (hashToLength (suffixLength / 4) suffixSpec.hostName));
string = suffixSpec;
};
suffixLength = addressLength - subnetPrefixLength;
@@ -54,32 +56,6 @@ let {
in
formatAddress (map (const "0") (range 1 zeroCount) ++ parsedaddr);
- # Split string into list of chunks where each chunk is at most n chars long.
- # The leftmost chunk might shorter.
- # Example: stringToGroupsOf "123456" -> ["12" "3456"]
- stringToGroupsOf = n: s: let
- acc =
- foldl'
- (acc: c: if stringLength acc.chunk < n then {
- chunk = acc.chunk + c;
- chunks = acc.chunks;
- } else {
- chunk = c;
- chunks = acc.chunks ++ [acc.chunk];
- })
- {
- chunk = "";
- chunks = [];
- }
- (stringToCharacters s);
- in
- filter (x: x != []) ([acc.chunk] ++ acc.chunks);
-
- hash = n: s: substring 0 n (hashString "sha256" s);
-
- dropLast = n: xs: reverseList (drop n (reverseList xs));
- takeLast = n: xs: reverseList (take n (reverseList xs));
-
hasEmptyPrefix = xs: take 2 xs == ["" ""];
hasEmptySuffix = xs: takeLast 2 xs == ["" ""];
hasEmptyInfix = xs: any (x: x == "") (trimEmpty 2 xs);
From 35be9c66bfa6dd03437f919ec610aed0e9b20b58 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 12 Dec 2018 00:34:32 +0100
Subject: [PATCH 059/103] lib.normalize-ip6-addr: no :: for single section
---
lib/default.nix | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/lib/default.nix b/lib/default.nix
index 64b2d48ab..347830e8c 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -93,7 +93,13 @@ let
in
if max.pos == 0
then a
- else "${concatStringsSep ":" lhs}::${concatStringsSep ":" rhs}";
+ else let
+ sep =
+ if 8 - (length lhs + length rhs) == 1
+ then ":0:"
+ else "::";
+ in
+ "${concatStringsSep ":" lhs}${sep}${concatStringsSep ":" rhs}";
drop-leading-zeros =
let
From 4d44efa2fceda1308dbe8207e8fd0f122cd64e19 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 12 Dec 2018 15:35:15 +0100
Subject: [PATCH 060/103] l: import network-manager only in mors
---
lass/1systems/mors/config.nix | 1 +
lass/2configs/baseX.nix | 1 -
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 207c7c640..46cdbbb66 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -34,6 +34,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/print.nix>
<stockholm/lass/2configs/blue-host.nix>
+ <stockholm/lass/2configs/network-manager.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 53d90ed7d..859a2a1b9 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -9,7 +9,6 @@ in {
./power-action.nix
./copyq.nix
./urxvt.nix
- ./network-manager.nix
{
hardware.pulseaudio = {
enable = true;
From 1a88a8ae6447528fc505607f680573c501fc2273 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 12 Dec 2018 18:41:51 +0100
Subject: [PATCH 061/103] ma events-publisher: use 1.0.0
---
makefu/1systems/gum/config.nix | 109 ++++++++++++---------------------
1 file changed, 40 insertions(+), 69 deletions(-)
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index a1691da3a..dcfa3d0e5 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -21,8 +21,12 @@ in {
];
};
}
+ # <stockholm/makefu/2configs/stats/client.nix>
+ <stockholm/makefu/2configs/stats/netdata-server.nix>
+
<stockholm/makefu/2configs/headless.nix>
<stockholm/makefu/2configs/smart-monitor.nix>
+ { services.smartd.devices = builtins.map (x: { device = x; }) allDisks; }
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
@@ -31,6 +35,8 @@ in {
<stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/sec.nix>
+ <stockholm/makefu/2configs/tools/desktop.nix>
+
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/mosh.nix>
# <stockholm/makefu/2configs/gui/xpra.nix>
@@ -42,17 +48,47 @@ in {
<stockholm/makefu/2configs/iodined.nix>
# <stockholm/makefu/2configs/backup.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
+ { # bonus retiolum config for connecting more hosts
+ krebs.tinc.retiolum = {
+ extraConfig = ''
+ ListenAddress = ${external-ip} 53
+ ListenAddress = ${external-ip} 655
+ ListenAddress = ${external-ip} 21031
+ '';
+ connectTo = [
+ "prism" "ni" "enklave" "eve" "archprism"
+ ];
+ };
+ networking.firewall = {
+ allowedTCPPorts =
+ [
+ 53
+ 655
+ 21031
+ ];
+ allowedUDPPorts =
+ [
+ 53
+ 655
+ 21031
+ ];
+ };
+ }
# ci
# <stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
+ <stockholm/makefu/2configs/shack/events-publisher>
<stockholm/makefu/2configs/shack/gitlab-runner>
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/taskd.nix>
# services
- <stockholm/makefu/2configs/sabnzbd.nix>
+ # <stockholm/makefu/2configs/sabnzbd.nix>
<stockholm/makefu/2configs/mail/mail.euer.nix>
+ {
+ krebs.exim.enable = mkForce false;
+ }
# sharing
<stockholm/makefu/2configs/share/gum.nix>
@@ -60,13 +96,6 @@ in {
#<stockholm/makefu/2configs/retroshare.nix>
## <stockholm/makefu/2configs/ipfs.nix>
#<stockholm/makefu/2configs/syncthing.nix>
- { # ncdc
- environment.systemPackages = [ pkgs.ncdc ];
- networking.firewall = {
- allowedUDPPorts = [ 51411 ];
- allowedTCPPorts = [ 51411 ];
- };
- }
# <stockholm/makefu/2configs/opentracker.nix>
## network
@@ -92,10 +121,9 @@ in {
#<stockholm/makefu/2configs/nginx/public_html.nix>
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
- <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
+ # <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
<stockholm/makefu/2configs/nginx/iso.euer.nix>
<stockholm/krebs/2configs/cache.nsupdate.info.nix>
- <stockholm/makefu/2configs/shack/events-publisher>
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
@@ -104,7 +132,6 @@ in {
<stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
<stockholm/makefu/2configs/bgt/hidden_service.nix>
- <stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/logging/client.nix>
# sharing
@@ -118,7 +145,8 @@ in {
# krebs infrastructure services
<stockholm/makefu/2configs/stats/server.nix>
- ];
+ ];
+
makefu.dl-dir = "/var/download";
services.openssh.hostKeys = [
@@ -128,71 +156,14 @@ in {
services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
krebs.build.host = config.krebs.hosts.gum;
- krebs.tinc.retiolum = {
- extraConfig = ''
- ListenAddress = ${external-ip} 53
- ListenAddress = ${external-ip} 655
- ListenAddress = ${external-ip} 21031
- '';
- connectTo = [
- "prism" "ni" "enklave" "eve" "archprism"
- ];
- };
-
-
- # access
- users.users = {
- root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
- makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ];
- };
-
- # Chat
- environment.systemPackages = with pkgs;[
- weechat
- bepasty-client-cli
- tmux
- ];
-
- # Hardware
-
# Network
networking = {
firewall = {
allowPing = true;
logRefusedConnections = false;
- allowedTCPPorts = [
- # smtp
- 25
- # http
- 80 443
- # httptunnel
- 8080 8443
- # tinc
- 655
- # tinc-shack
- 21032
- # tinc-retiolum
- 21031
- # taskserver
- 53589
- # temp vnc
- 18001
- # temp reverseshell
- 31337
- ];
- allowedUDPPorts = [
- # tinc
- 655 53
- # tinc-retiolum
- 21031
- # tinc-shack
- 21032
- ];
};
nameservers = [ "8.8.8.8" ];
};
users.users.makefu.extraGroups = [ "download" "nginx" ];
- services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
- boot.tmpOnTmpfs = true;
state = [ "/home/makefu/.weechat" ];
}
From 67d54622a399fc650b72b9aaf960b73996bdf0aa Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 00:20:00 +0100
Subject: [PATCH 062/103] ma omo.r: new disks for snapraid
---
makefu/1systems/omo/hw/omo.nix | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/makefu/1systems/omo/hw/omo.nix b/makefu/1systems/omo/hw/omo.nix
index 1b618a486..31db335bb 100644
--- a/makefu/1systems/omo/hw/omo.nix
+++ b/makefu/1systems/omo/hw/omo.nix
@@ -48,9 +48,8 @@ in {
makefu.snapraid = {
enable = true;
- # TODO: 3 is not protected
- disks = map toMapper [ 0 1 ];
- parity = toMapper 2;
+ disks = map toMapper [ 0 2 3 ];
+ parity = toMapper 1;
};
fileSystems = let
cryptMount = name:
From f6d38eafe875ed344ce282c21c99f2b1919f043f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:31:17 +0100
Subject: [PATCH 063/103] ma omor: move homeautomation, add google-muell
---
makefu/1systems/omo/config.nix | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 260f96081..81b1e0ea1 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -44,7 +44,8 @@ in {
# <stockholm/makefu/2configs/share/omo-timemachine.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
-
+ # statistics
+ <stockholm/makefu/2configs/stats/client.nix>
# Logging
#influx + grafana
<stockholm/makefu/2configs/stats/server.nix>
@@ -74,7 +75,8 @@ in {
"homeassistant-0.77.2"
];
}
- <stockholm/makefu/2configs/deployment/homeautomation>
+ <stockholm/makefu/2configs/homeautomation>
+ <stockholm/makefu/2configs/homeautomation/google-muell.nix>
{
makefu.ps3netsrv = {
enable = true;
From 5f95c191932826c33f75b590f8f34f2ceb9cb492 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:31:41 +0100
Subject: [PATCH 064/103] ma bureautomation: try to fix automation for
fernseher
---
makefu/2configs/bureautomation/hass.nix | 42 +++++++++++++++++--------
1 file changed, 29 insertions(+), 13 deletions(-)
diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix
index 443484a34..a89a4813f 100644
--- a/makefu/2configs/bureautomation/hass.nix
+++ b/makefu/2configs/bureautomation/hass.nix
@@ -112,7 +112,6 @@ in {
"temperature" # "temperature_high" "temperature_low"
"apparent_temperature"
"hourly_summary" # next 24 hours text
- "minutely_summary"
"humidity"
"pressure"
"uv_index" ];
@@ -212,27 +211,44 @@ in {
to = "on";
};
action = {
- service= "homeassistant.turn_on";
- entity_id= "switch.fernseher";
+ service = "homeassistant.turn_on";
+ entity_id = [ "switch.fernseher" "switch.blitzdings" ];
};
}
{ alias = "Turn off Fernseher 10 minutes after last movement";
- trigger = {
+ trigger = [
+ { # trigger when movement was detected at the time
platform = "state";
entity_id = "binary_sensor.motion";
to = "off";
for.minutes = 10;
- };
+ }
+ { # trigger at 20:00 no matter what
+ # to avoid 'everybody left before 18:00:00'
+ platform = "time";
+ at = "18:00:00";
+ }
+ ];
action = {
- service= "homeassistant.turn_off";
- entity_id= "switch.fernseher";
+ service = "homeassistant.turn_off";
+ entity_id = [ "switch.fernseher" "switch.blitzdings" ];
+ };
+ condition =
+ { condition = "and";
+ conditions = [
+ {
+ condition = "time";
+ before = "06:30:00"; #only turn off between 6:30 and 18:00
+ after = "18:00:00";
+ # weekday = [ "mon" "tue" "wed" "thu" "fri" ];
+ }
+ {
+ condition = "state";
+ entity_id = "binary_sensor.motion";
+ state = "off";
+ }
+ ];
};
- condition = [{
- condition = "time";
- before = "06:30:00"; #only turn off between 6:30 and 18:00
- after = "18:00:00";
- weekday = [ "mon" "tue" "wed" "thu" "fri" ];
- }];
}
];
};
From a8db537be5b157c0afe3a71d632724e1ceef3d4f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:32:12 +0100
Subject: [PATCH 065/103] ma netdata: init
---
makefu/2configs/stats/client.nix | 7 ++
makefu/2configs/stats/netdata-server.nix | 17 +++
makefu/3modules/netdata.nix | 150 +++++++++++++++++++++++
3 files changed, 174 insertions(+)
create mode 100644 makefu/2configs/stats/client.nix
create mode 100644 makefu/2configs/stats/netdata-server.nix
create mode 100644 makefu/3modules/netdata.nix
diff --git a/makefu/2configs/stats/client.nix b/makefu/2configs/stats/client.nix
new file mode 100644
index 000000000..b88515a35
--- /dev/null
+++ b/makefu/2configs/stats/client.nix
@@ -0,0 +1,7 @@
+{
+ makefu.netdata = {
+ enable = true;
+ stream.role = "slave";
+ # stream.destination = "netdata.makefu.r";
+ };
+}
diff --git a/makefu/2configs/stats/netdata-server.nix b/makefu/2configs/stats/netdata-server.nix
new file mode 100644
index 000000000..5fec3583c
--- /dev/null
+++ b/makefu/2configs/stats/netdata-server.nix
@@ -0,0 +1,17 @@
+{
+ makefu.netdata = {
+ enable = true;
+ stream.role = "master";
+ };
+
+ services.nginx = {
+ virtualHosts."netdata.euer.krebsco.de" = {
+ addSSL = true;
+ enableACME = true;
+ locations."/".proxyPass = "http://localhost:19999";
+ };
+ virtualHosts."netdata.makefu.r" = {
+ locations."/".proxyPass = "http://localhost:19999";
+ };
+ };
+}
diff --git a/makefu/3modules/netdata.nix b/makefu/3modules/netdata.nix
new file mode 100644
index 000000000..3ed33643c
--- /dev/null
+++ b/makefu/3modules/netdata.nix
@@ -0,0 +1,150 @@
+{ config, lib, pkgs, ... }:
+
+# fork of https://github.com/Mic92/dotfiles/blob/master/nixos/vms/modules/netdata.nix
+with lib;
+let
+ cfg = config.makefu.netdata;
+in
+{
+ options.makefu.netdata = {
+ enable = mkEnableOption "netdata";
+
+ # TODO only apikey from file, set remote host manually
+ stream.file = mkOption {
+ type = types.str;
+ default = toString <secrets/netdata-stream.conf>;
+ description = "path to stream data file";
+ };
+ stream.role = mkOption {
+ type = types.enum [ "master" "slave" ];
+ default = "slave";
+ description = "Wether to stream data";
+ };
+
+ httpcheck.checks = mkOption {
+ type = types.attrsOf (types.submodule ({
+ options = {
+ url = mkOption {
+ type = types.str;
+ example = "https://thalheim.io";
+ description = "Url to check";
+ };
+ regex = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ example = "My homepage";
+ description = "Regex that is matched against the returned content";
+ };
+ statusAccepted = mkOption {
+ type = types.listOf types.int;
+ default = [ 200 ];
+ example = [ 401 ];
+ description = "Expected http status code";
+ };
+ };
+ }));
+ default = {};
+ description = ''
+ httpcheck plugin: https://github.com/netdata/netdata/blob/master/collectors/python.d.plugin/httpcheck/httpcheck.conf
+ '';
+ };
+
+ portcheck.checks = mkOption {
+ type = types.attrsOf (types.submodule ({
+ options = {
+ host = mkOption {
+ type = types.str;
+ default = "127.0.0.1";
+ description = "Dns name/IP to check";
+ };
+ port = mkOption {
+ type = types.int;
+ description = "Tcp port number";
+ };
+ };
+ }));
+ default = {};
+ description = ''
+ portcheck plugin: https://github.com/netdata/netdata/tree/master/collectors/python.d.plugin/portcheck
+ '';
+ };
+ };
+ config = mkIf cfg.enable {
+ systemd.services.netdata = {
+ requires = [ "secret.service" ];
+ after = [ "secret.service" ];
+ };
+ krebs.secret.files.netdata-stream = {
+ path = "/run/secret/netdata-stream.conf";
+ owner.name = "netdata";
+ source-path = cfg.stream.file;
+ };
+ environment.etc."netdata/stream.conf".source = "/run/secret/netdata-stream.conf";
+
+ services.netdata = {
+ enable = true;
+ config = {
+ global = {
+ "bind to" = "0.0.0.0:19999 [::]:19999";
+ "error log" = "stderr";
+ "update every" = "5";
+ };
+ health.enable = if cfg.stream.role == "master" then "yes" else "no";
+ };
+ };
+ services.netdata.python.extraPackages = ps: [
+ ps.psycopg2 ps.docker ps.dnspython
+ ];
+
+ makefu.netdata.portcheck.checks.openssh.port = (lib.head config.services.openssh.ports);
+
+ networking.firewall.allowedTCPPorts = [ 19999 ];
+
+ environment.etc."netdata/python.d/httpcheck.conf".text = ''
+ update_every: 30
+ ${lib.concatStringsSep "\n" (mapAttrsToList (site: options:
+ ''
+ ${site}:
+ url: '${options.url}'
+ ${optionalString (options.regex != null) "regex: '${options.regex}'"}
+ status_accepted: [ ${lib.concatStringsSep " " (map toString options.statusAccepted) } ]
+ '') cfg.httpcheck.checks)
+ }
+ '';
+
+ environment.etc."netdata/python.d/portcheck.conf".text = ''
+ ${lib.concatStringsSep "\n" (mapAttrsToList (service: options:
+ ''
+ ${service}:
+ host: '${options.host}'
+ port: ${toString options.port}
+ '') cfg.portcheck.checks)
+ }
+ '';
+ systemd.services.netdata.restartTriggers = [
+ config.environment.etc."netdata/python.d/httpcheck.conf".source
+ config.environment.etc."netdata/python.d/portcheck.conf".source
+ config.environment.etc."netdata/stream.conf".source
+ ];
+
+ environment.etc."netdata/health.d/httpcheck.conf".text = ''
+ # taken from the original but warn only if a request is at least 300ms slow
+ template: web_service_slow
+ families: *
+ on: httpcheck.responsetime
+ lookup: average -3m unaligned of time
+ units: ms
+ every: 10s
+ warn: ($this > ($1h_web_service_response_time * 4) && $this > 1000)
+ crit: ($this > ($1h_web_service_response_time * 6) && $this > 1000)
+ info: average response time over the last 3 minutes, compared to the average over the last hour
+ delay: down 5m multiplier 1.5 max 1h
+ options: no-clear-notification
+ to: webmaster
+ '';
+
+ };
+ # TODO: notification
+ # environment.etc."netdata/health_alarm_notify.conf".source = "/run/keys/netdata-pushover.conf";
+
+}
From ab2554004be7680f880675dfdc992c85cad05bc3 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:32:48 +0100
Subject: [PATCH 066/103] ma wbob.r: move bureautomation to top 2configs
---
makefu/1systems/wbob/config.nix | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index f2311fb55..3930406b1 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -20,9 +20,6 @@ in {
<stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/gui/wbob-kiosk.nix>
- <stockholm/makefu/2configs/stats/client.nix>
-
-
# <stockholm/makefu/2configs/gui/studio-virtual.nix>
# <stockholm/makefu/2configs/audio/jack-on-pulse.nix>
# <stockholm/makefu/2configs/audio/realtime-audio.nix>
@@ -35,6 +32,8 @@ in {
<stockholm/makefu/2configs/bluetooth-mpd.nix>
# Sensors
+ <stockholm/makefu/2configs/stats/client.nix>
+ <stockholm/makefu/2configs/stats/collectd-client.nix>
<stockholm/makefu/2configs/stats/telegraf>
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
<stockholm/makefu/2configs/stats/telegraf/europastats.nix>
@@ -51,9 +50,9 @@ in {
"homeassistant-0.77.2"
];
}
- <stockholm/makefu/2configs/deployment/bureautomation>
- <stockholm/makefu/2configs/deployment/bureautomation/mpd.nix>
- <stockholm/makefu/2configs/deployment/bureautomation/hass.nix>
+ <stockholm/makefu/2configs/bureautomation>
+ <stockholm/makefu/2configs/bureautomation/mpd.nix>
+ <stockholm/makefu/2configs/bureautomation/hass.nix>
(let
collectd-port = 25826;
influx-port = 8086;
From eb2bd24bbf540cbc8b668272b3f0c9bd0bbc73b5 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:33:15 +0100
Subject: [PATCH 067/103] ma minimal: set hostname if configured, disable ncsd
---
makefu/2configs/minimal.nix | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/makefu/2configs/minimal.nix b/makefu/2configs/minimal.nix
index d764e5624..cb2ef09e3 100644
--- a/makefu/2configs/minimal.nix
+++ b/makefu/2configs/minimal.nix
@@ -7,8 +7,8 @@
# the only true timezone (even after the the removal of DST)
time.timeZone = "Europe/Berlin";
- networking.hostName = config.krebs.build.host.name;
- nix.buildCores = config.krebs.build.host.cores;
+ networking.hostName = lib.mkIf (lib.hasAttr "host" config.krebs.build) config.krebs.build.host.name;
+ nix.buildCores = 0; # until https://github.com/NixOS/nixpkgs/pull/50440 is in stable
# we use gpg if necessary (or nothing at all)
programs.ssh.startAgent = false;
@@ -85,4 +85,6 @@
"net.ipv6.conf.all.use_tempaddr" = 2;
"net.ipv6.conf.default.use_tempaddr" = 2;
};
+
+ services.nscd.enable = false;
}
From 3c941e7653fe4aff370f27e095b395f6195d0152 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:33:35 +0100
Subject: [PATCH 068/103] ma events-publisher: bump to latest version
---
makefu/2configs/shack/events-publisher/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/makefu/2configs/shack/events-publisher/default.nix b/makefu/2configs/shack/events-publisher/default.nix
index 531d2525e..964e5ccbb 100644
--- a/makefu/2configs/shack/events-publisher/default.nix
+++ b/makefu/2configs/shack/events-publisher/default.nix
@@ -2,8 +2,8 @@
with import <stockholm/lib>;
let
shack-announce = pkgs.callPackage (builtins.fetchTarball {
- url = "https://github.com/makefu/events-publisher/archive/670f4d7182a41b6763296e301612499d2986f213.tar.gz";
- sha256 = "1yf9cb08v4rc6x992yx5lcyn62sm3p8i2b48rsmr4m66xdi4bpnd";
+ url = "https://github.com/makefu/events-publisher/archive/419afdfe16ebf7f2360d2ba64b67ca88948832bd.tar.gz";
+ sha256 = "0rn1ykgjbd79zg03maa49kzi6hpzn4xzf4j93qgx5wax7h12qjx0";
}) {} ;
home = "/var/lib/shackannounce";
user = "shackannounce";
From b9f21cc5672440c5af9d195cd13cf3cfaed08c12 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:33:54 +0100
Subject: [PATCH 069/103] ma wbob/share: expose music
---
makefu/2configs/share/wbob.nix | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix
index 7d3fc38fe..9695751ff 100644
--- a/makefu/2configs/share/wbob.nix
+++ b/makefu/2configs/share/wbob.nix
@@ -8,6 +8,7 @@
home = "/home/share";
createHome = true;
};
+ users.groups.mpd.members = [ "makefu" ];
services.samba = {
enable = true;
enableNmbd = true;
@@ -24,6 +25,12 @@
browseable = "yes";
"guest ok" = "yes";
};
+ music-rw = {
+ path = "/data/music";
+ "read only" = "no";
+ browseable = "yes";
+ "guest ok" = "no";
+ };
};
extraConfig = ''
guest account = smbguest
From 4f591e4531a450f871d5f4f6d91b5bfc2e899d63 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:34:15 +0100
Subject: [PATCH 070/103] ma tinc: open tinc ports in config
---
makefu/2configs/tinc/retiolum.nix | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/makefu/2configs/tinc/retiolum.nix b/makefu/2configs/tinc/retiolum.nix
index 98abb2406..0d2774209 100644
--- a/makefu/2configs/tinc/retiolum.nix
+++ b/makefu/2configs/tinc/retiolum.nix
@@ -1,8 +1,10 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
{
imports = [
../binary-cache/lass.nix
];
krebs.tinc.retiolum.enable = true;
environment.systemPackages = [ pkgs.tinc ];
+ networking.firewall.allowedTCPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ];
+ networking.firewall.allowedUDPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ];
}
From 5b94458eb725b5e319220c0571ddc504559d25ef Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:34:35 +0100
Subject: [PATCH 071/103] ma: add netdata module to 3modules
---
makefu/3modules/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index 7146174fb..65b5a6afd 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -5,6 +5,7 @@ _:
./awesome-extra.nix
./deluge.nix
./forward-journal.nix
+ ./netdata.nix
./opentracker.nix
./ps3netsrv.nix
./logging-config.nix
From 0e41f6f64ef672fbccdfb77158bfa46f8ca74991 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:37:36 +0100
Subject: [PATCH 072/103] ma gum.krebsco.de: init config
---
makefu/2configs/nginx/gum.krebsco.de.nix | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
create mode 100644 makefu/2configs/nginx/gum.krebsco.de.nix
diff --git a/makefu/2configs/nginx/gum.krebsco.de.nix b/makefu/2configs/nginx/gum.krebsco.de.nix
new file mode 100644
index 000000000..3e96e6826
--- /dev/null
+++ b/makefu/2configs/nginx/gum.krebsco.de.nix
@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+in {
+ services.nginx = {
+ enable = mkDefault true;
+ virtualHosts."gum.krebsco.de" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ # proxyPass = "http://localhost:8000/";
+ # extraConfig = ''
+ # proxy_set_header Host $host;
+ # proxy_set_header X-Real-IP $remote_addr;
+ # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ # '';
+ };
+ };
+ };
+}
From 34b340510d3509d8ceaf88fc9aded3379792c733 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:39:41 +0100
Subject: [PATCH 073/103] ma 1/full: rip
---
makefu/1systems/full/source.nix | 5 -----
1 file changed, 5 deletions(-)
delete mode 100644 makefu/1systems/full/source.nix
diff --git a/makefu/1systems/full/source.nix b/makefu/1systems/full/source.nix
deleted file mode 100644
index 1e36c6e87..000000000
--- a/makefu/1systems/full/source.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- name="gum";
- torrent = true;
- clever_kexec = true;
-}
From 927c6d619eb4ef30b0934cd027d64d056e905022 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:46:01 +0100
Subject: [PATCH 074/103] ma binary-cache: use cache.krebsco.de
---
makefu/2configs/binary-cache/lass.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/2configs/binary-cache/lass.nix b/makefu/2configs/binary-cache/lass.nix
index 46b386e14..51b4a1afc 100644
--- a/makefu/2configs/binary-cache/lass.nix
+++ b/makefu/2configs/binary-cache/lass.nix
@@ -3,7 +3,7 @@
{
nix = {
binaryCaches = [
- "http://cache.prism.r"
+ "https://cache.krebsco.de"
];
binaryCachePublicKeys = [
"cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
From dea2bb97d27041544d8f6d8c10de7059238eaa5f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:46:31 +0100
Subject: [PATCH 075/103] ma bitlbee: enable skypeweb
---
makefu/2configs/bitlbee.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/2configs/bitlbee.nix b/makefu/2configs/bitlbee.nix
index 17efa7113..e955384d6 100644
--- a/makefu/2configs/bitlbee.nix
+++ b/makefu/2configs/bitlbee.nix
@@ -3,6 +3,6 @@
{
services.bitlbee = {
enable = true;
- libpurple_plugins = [ pkgs.telegram-purple ];
+ libpurple_plugins = [ pkgs.telegram-purple pkgs.pidgin-skypeweb];
};
}
From 3ff0c20ffcbfebd74aa33b5b711467cc48dfcd9d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:47:11 +0100
Subject: [PATCH 076/103] ma elchos: v5 -> v6
---
makefu/2configs/elchos/search.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/2configs/elchos/search.nix b/makefu/2configs/elchos/search.nix
index 521bfc80a..e7b91e6a8 100644
--- a/makefu/2configs/elchos/search.nix
+++ b/makefu/2configs/elchos/search.nix
@@ -32,7 +32,7 @@ let
${user}
protocol=dyndns2
- usev5=if, if=${primary-itf}
+ usev6=if, if=${primary-itf}
ssl=yes
server=ipv6.nsupdate.info
login=${user}
From 8bf287558e0c2f53fe08bfb39b33e7e107b1989b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:47:56 +0100
Subject: [PATCH 077/103] ma homeautomation: use MEM1
---
makefu/2configs/homeautomation/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/2configs/homeautomation/default.nix b/makefu/2configs/homeautomation/default.nix
index 94799b11d..596d0002a 100644
--- a/makefu/2configs/homeautomation/default.nix
+++ b/makefu/2configs/homeautomation/default.nix
@@ -31,7 +31,7 @@ let
brightness_scale = 100;
# color
rgb_state_topic = "/ham/${topic}/stat/Color";
- rgb_command_topic = "/ham/${topic}/cmnd/Color2";
+ rgb_command_topic = "/ham/${topic}/cmnd/MEM1"; # use enabled tasmota rule
rgb_command_mode = "hex";
rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
# effects
From 0eb5039053fb65c64b2cb62b44b55f630111825c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:49:20 +0100
Subject: [PATCH 078/103] ma mail.euer: use nms 2.2.0
---
makefu/2configs/mail/mail.euer.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix
index f079d7f41..f8f82e76b 100644
--- a/makefu/2configs/mail/mail.euer.nix
+++ b/makefu/2configs/mail/mail.euer.nix
@@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
imports = [
- (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.1.4/nixos-mailserver-v2.1.4.tar.gz")
+ (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.0/nixos-mailserver-v2.2.0.tar.gz")
];
mailserver = {
From 28026e6571b525c80d69b220c69739c9629c8fc7 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:50:23 +0100
Subject: [PATCH 079/103] ma share/omo: export audiobooks
---
makefu/2configs/share/omo.nix | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix
index e4fef7c3c..ed5066787 100644
--- a/makefu/2configs/share/omo.nix
+++ b/makefu/2configs/share/omo.nix
@@ -30,6 +30,12 @@ in {
browseable = "yes";
"guest ok" = "yes";
};
+ audiobook = {
+ path = "/media/crypt1/audiobooks";
+ "read only" = "yes";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
crypt0 = {
path = "/media/crypt0";
"read only" = "yes";
From ad9623e18128da37733487b60aa00de2e00e226d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:52:24 +0100
Subject: [PATCH 080/103] ma stats/server: disable verbose logging
---
makefu/2configs/stats/server.nix | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix
index c8e768c99..bb8fd1750 100644
--- a/makefu/2configs/stats/server.nix
+++ b/makefu/2configs/stats/server.nix
@@ -21,6 +21,13 @@ in {
services.influxdb.extraConfig = {
meta.hostname = config.krebs.build.host.name;
# meta.logging-enabled = true;
+ logging.level = "info";
+ http.log-enabled = true;
+ http.write-tracing = false;
+ http.suppress-write-log = true;
+ data.trace-logging-enabled = false;
+ data.query-log-enabled = false;
+
http.bind-address = ":${toString influx-port}";
admin.bind-address = ":8083";
monitoring = {
From be04145200549f91bfe9656c359f38aae38a6382 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 01:56:34 +0100
Subject: [PATCH 081/103] ma testdat: add netdata-stream.conf
---
makefu/0tests/data/netdata-stream.conf | 0
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 makefu/0tests/data/netdata-stream.conf
diff --git a/makefu/0tests/data/netdata-stream.conf b/makefu/0tests/data/netdata-stream.conf
new file mode 100644
index 000000000..e69de29bb
From 7d458a04ac55477a73cdea192d9f8e95cdb47a5c Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 13 Dec 2018 09:56:51 +0100
Subject: [PATCH 082/103] krops: 1.10.0 -> 1.10.1
---
submodules/krops | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/submodules/krops b/submodules/krops
index 140bdfdf6..21a894dc6 160000
--- a/submodules/krops
+++ b/submodules/krops
@@ -1 +1 @@
-Subproject commit 140bdfdf6c87c1822e0c4ec8f497a20ad1d4cf19
+Subproject commit 21a894dc6f0a304655d2a30230510c8cb0e164b2
From ce60c288e588d8968535399921e6735cc05acef1 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Dec 2018 10:56:38 +0100
Subject: [PATCH 083/103] ma 0tests: move netdata-stream to correct directory
---
makefu/0tests/data/{ => secrets}/netdata-stream.conf | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename makefu/0tests/data/{ => secrets}/netdata-stream.conf (100%)
diff --git a/makefu/0tests/data/netdata-stream.conf b/makefu/0tests/data/secrets/netdata-stream.conf
similarity index 100%
rename from makefu/0tests/data/netdata-stream.conf
rename to makefu/0tests/data/secrets/netdata-stream.conf
From 2d243bbeac37b2bf63dedb88588d7e7da9c0db26 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 14 Dec 2018 20:02:17 +0100
Subject: [PATCH 084/103] lib.krebs.genipv6: make net addresses 128 bit long
---
lib/krebs/genipv6.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix
index af1df6d0e..b4806e156 100644
--- a/lib/krebs/genipv6.nix
+++ b/lib/krebs/genipv6.nix
@@ -12,7 +12,7 @@ let {
inherit netname;
netCIDR = "${netAddress}/${toString netPrefixLength}";
- netAddress = appendZeros netPrefixLength netPrefix;
+ netAddress = appendZeros addressLength netPrefix;
netHash = toString {
retiolum = 0;
wirelum = 1;
@@ -25,7 +25,7 @@ let {
inherit subnetname;
subnetCIDR = "${subnetAddress}/${toString subnetPrefixLength}";
- subnetAddress = appendZeros subnetPrefixLength subnetPrefix;
+ subnetAddress = appendZeros addressLength subnetPrefix;
subnetHash = hashToLength 4 subnetname;
subnetPrefix = joinAddress netPrefix subnetHash;
subnetPrefixLength = netPrefixLength + 16;
From ede763d77af82763d45ae4c3edb01d26f68581d5 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 14 Dec 2018 20:03:26 +0100
Subject: [PATCH 085/103] lib.krebs.genipv6: normalize net addresses
---
lib/krebs/genipv6.nix | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix
index b4806e156..1d3f398ec 100644
--- a/lib/krebs/genipv6.nix
+++ b/lib/krebs/genipv6.nix
@@ -12,7 +12,8 @@ let {
inherit netname;
netCIDR = "${netAddress}/${toString netPrefixLength}";
- netAddress = appendZeros addressLength netPrefix;
+ netAddress =
+ normalize-ip6-addr (appendZeros addressLength netPrefix);
netHash = toString {
retiolum = 0;
wirelum = 1;
@@ -25,7 +26,8 @@ let {
inherit subnetname;
subnetCIDR = "${subnetAddress}/${toString subnetPrefixLength}";
- subnetAddress = appendZeros addressLength subnetPrefix;
+ subnetAddress =
+ normalize-ip6-addr (appendZeros addressLength subnetPrefix);
subnetHash = hashToLength 4 subnetname;
subnetPrefix = joinAddress netPrefix subnetHash;
subnetPrefixLength = netPrefixLength + 16;
From 49c605f955b478e7ecec44d64506362e3e57f25c Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 14 Dec 2018 20:09:05 +0100
Subject: [PATCH 086/103] krops: 1.10.1 -> 1.10.2
---
submodules/krops | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/submodules/krops b/submodules/krops
index 21a894dc6..943c6567f 160000
--- a/submodules/krops
+++ b/submodules/krops
@@ -1 +1 @@
-Subproject commit 21a894dc6f0a304655d2a30230510c8cb0e164b2
+Subproject commit 943c6567fc90c3ac400fc336359b25cfebd0f1c6
From 9147488383123117539b9a8829ee33ebbfe8b4e3 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 14 Dec 2018 20:30:22 +0100
Subject: [PATCH 087/103] krops: 1.10.2 -> 1.11.0
---
submodules/krops | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/submodules/krops b/submodules/krops
index 943c6567f..61b5ef3b8 160000
--- a/submodules/krops
+++ b/submodules/krops
@@ -1 +1 @@
-Subproject commit 943c6567fc90c3ac400fc336359b25cfebd0f1c6
+Subproject commit 61b5ef3b8e7e4d601db67a20f14a5022e9de8398
From 9e6dbd6df4532031c2dd23d1da7d88c12f1b2fbb Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 15 Dec 2018 21:10:05 +0100
Subject: [PATCH 088/103] l: set short ipv6 addresses for all hosts
---
krebs/3modules/lass/default.nix | 50 ++++++++++++++++++++++++---------
1 file changed, 37 insertions(+), 13 deletions(-)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 0d8513a69..148cc3ed8 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -1,16 +1,14 @@
with import <stockholm/lib>;
{ config, ... }: let
- hostDefaults = hostName: host: flip recursiveUpdate host ({
+ hostDefaults = hostName: host: flip recursiveUpdate host {
ci = true;
monitoring = true;
owner = config.krebs.users.lass;
- } // optionalAttrs (host.nets?retiolum) {
- nets.retiolum.ip6.addr =
- (krebs.genipv6 "retiolum" "lass" { inherit hostName; }).address;
- });
+ };
- wip6 = krebs.genipv6 "wirelum" "lass";
+ r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address;
+ w6 = ip: (krebs.genipv6 "wirelum" "lass" ip).address;
in {
dns.providers = {
@@ -56,6 +54,7 @@ in {
retiolum = {
via = internet;
ip4.addr = "10.243.0.103";
+ ip6.addr = r6 "1";
aliases = [
"prism.r"
"cache.prism.r"
@@ -93,13 +92,13 @@ in {
wirelum = {
via = internet;
ip4.addr = "10.244.1.1";
- ip6.addr = (wip6 "1").address;
+ ip6.addr = w6 "1";
aliases = [
"prism.w"
];
wireguard = {
pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk=";
- subnets = [ "10.244.1.0/24" (wip6 "1").subnetCIDR ];
+ subnets = [ "10.244.1.0/24" "42:1::/32" ];
};
};
};
@@ -150,6 +149,7 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.81.176";
+ ip6.addr = r6 "1e1";
aliases = [
"uriel.r"
"cgit.uriel.r"
@@ -175,6 +175,7 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.0.2";
+ ip6.addr = r6 "dea7";
aliases = [
"mors.r"
"cgit.mors.r"
@@ -191,7 +192,7 @@ in {
'';
};
wirelum = {
- ip6.addr = (wip6 "dea7").address;
+ ip6.addr = w6 "dea7";
aliases = [
"mors.w"
];
@@ -207,6 +208,7 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.0.4";
+ ip6.addr = r6 "50da";
aliases = [
"shodan.r"
"cgit.shodan.r"
@@ -223,7 +225,7 @@ in {
'';
};
wirelum = {
- ip6.addr = (wip6 "50da").address;
+ ip6.addr = w6 "50da";
aliases = [
"shodan.w"
];
@@ -239,6 +241,7 @@ in {
nets = rec {
retiolum = {
ip4.addr = "10.243.133.114";
+ ip6.addr = r6 "1205";
aliases = [
"icarus.r"
"cgit.icarus.r"
@@ -255,7 +258,7 @@ in {
'';
};
wirelum = {
- ip6.addr = (wip6 "1205").address;
+ ip6.addr = w6 "1205";
aliases = [
"icarus.w"
];
@@ -271,6 +274,7 @@ in {
nets = rec {
retiolum = {
ip4.addr = "10.243.133.115";
+ ip6.addr = r6 "dead";
aliases = [
"daedalus.r"
"cgit.daedalus.r"
@@ -296,6 +300,7 @@ in {
nets = rec {
retiolum = {
ip4.addr = "10.243.133.116";
+ ip6.addr = r6 "5ce7";
aliases = [
"skynet.r"
"cgit.skynet.r"
@@ -321,6 +326,7 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.133.77";
+ ip6.addr = r6 "771e";
aliases = [
"littleT.r"
];
@@ -402,6 +408,7 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.0.13";
+ ip6.addr = r6 "12ed";
aliases = [
"red.r"
];
@@ -431,6 +438,7 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.0.14";
+ ip6.addr = r6 "3110";
aliases = [
"yellow.r"
];
@@ -452,7 +460,7 @@ in {
'';
};
wirelum = {
- ip6.addr = (wip6 "e110").address;
+ ip6.addr = w6 "3110";
aliases = [
"yellow.w"
];
@@ -467,6 +475,7 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.0.77";
+ ip6.addr = r6 "b1ce";
aliases = [
"blue.r"
];
@@ -487,6 +496,13 @@ in {
-----END PUBLIC KEY-----
'';
};
+ wirelum = {
+ ip6.addr = w6 "b1ce";
+ aliases = [
+ "blue.w"
+ ];
+ wireguard.pubkey = "emftvx8v8GdoKe68MFVL53QZ187Ei0zhMmvosU1sr3U=";
+ };
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
@@ -494,8 +510,8 @@ in {
phone = {
nets = {
wirelum = {
- ip6.addr = (wip6 "a").address;
ip4.addr = "10.244.1.2";
+ ip6.addr = w6 "a";
aliases = [
"phone.w"
];
@@ -510,6 +526,7 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.0.19";
+ ip6.addr = r6 "012f";
aliases = [
"morpheus.r"
];
@@ -529,6 +546,13 @@ in {
-----END RSA PUBLIC KEY-----
'';
};
+ wirelum = {
+ ip6.addr = w6 "012f";
+ aliases = [
+ "morpheus.w"
+ ];
+ wireguard.pubkey = "BdiIHJjJQThmZD8DehxPGA+bboBHjljedwaRaV5yyDY=";
+ };
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f ";
From f0fc2013d75e249e03123f611eacf523077ad07e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 15 Dec 2018 23:01:55 +0100
Subject: [PATCH 089/103] l: update shodan wirelum key
---
krebs/3modules/lass/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 148cc3ed8..6f3b19a96 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -229,7 +229,7 @@ in {
aliases = [
"shodan.w"
];
- wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za4J3SQ=";
+ wireguard.pubkey = "0rI/I8FYQ3Pba7fQ9oyvtP4a54GWsPa+3zAiGIuyV30=";
};
};
secure = true;
From 4e04b2ac99885f2d953487b506d37c5519794754 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 15 Dec 2018 23:02:22 +0100
Subject: [PATCH 090/103] l: rip xerxes
---
krebs/3modules/lass/default.nix | 40 -------------------------------
lass/1systems/xerxes/config.nix | 16 -------------
lass/1systems/xerxes/physical.nix | 29 ----------------------
3 files changed, 85 deletions(-)
delete mode 100644 lass/1systems/xerxes/config.nix
delete mode 100644 lass/1systems/xerxes/physical.nix
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 6f3b19a96..1eac198fa 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -362,46 +362,6 @@ in {
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
};
- xerxes = {
- cores = 2;
- nets = rec {
- retiolum = {
- ip4.addr = "10.243.1.3";
- aliases = [
- "xerxes.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U
- MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk
- gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W
- /EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb
- mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO
- X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj
- +2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim
- hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9
- 3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4
- H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5
- JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4
- hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe
- SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo
- 4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe
- vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3
- Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO
- scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv
- jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ
- Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u
- /Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0
- bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ
- sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- secure = true;
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
- };
red = {
monitoring = false;
cores = 1;
diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix
deleted file mode 100644
index 1bd6cf2c5..000000000
--- a/lass/1systems/xerxes/config.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports = [
- <stockholm/lass>
-
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/browsers.nix>
- <stockholm/lass/2configs/programs.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.xerxes;
-}
diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix
deleted file mode 100644
index 17caccfe6..000000000
--- a/lass/1systems/xerxes/physical.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{
- imports = [
- ./config.nix
- <stockholm/lass/2configs/hw/gpd-pocket.nix>
- <stockholm/lass/2configs/boot/stock-x220.nix>
- ];
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0"
- '';
-
- fileSystems."/" = {
- device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437";
- fsType = "btrfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/16C8-D053";
- fsType = "vfat";
- };
-
- fileSystems."/home" = {
- device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358";
- fsType = "btrfs";
- };
-
- boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ];
-
- networking.wireless.enable = true;
-}
From 1e47567cedb089b8045201eea20bce162cadcfef Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 09:33:03 +0100
Subject: [PATCH 091/103] l littleT: rebirth
---
lass/1systems/littleT/config.nix | 46 ++----------------------------
lass/1systems/littleT/physical.nix | 22 ++++++++++++--
2 files changed, 22 insertions(+), 46 deletions(-)
diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix
index 44617d3e7..2f28cc0d6 100644
--- a/lass/1systems/littleT/config.nix
+++ b/lass/1systems/littleT/config.nix
@@ -6,52 +6,10 @@ with import <stockholm/lib>;
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/backup.nix>
- <stockholm/lass/2configs/steam.nix>
- {
- users.users.blacky = {
- uid = genid "blacky";
- home = "/home/blacky";
- group = "users";
- createHome = true;
- extraGroups = [
- "audio"
- "networkmanager"
- "video"
- ];
- useDefaultShell = true;
- };
- networking.networkmanager.enable = true;
- networking.wireless.enable = mkForce false;
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
- environment.systemPackages = with pkgs; [
- pavucontrol
- chromium
- hexchat
- networkmanagerapplet
- vlc
- ];
- services.xserver.enable = true;
- services.xserver.displayManager.lightdm.enable = true;
- services.xserver.desktopManager.plasma5.enable = true;
- services.xserver.layout = "de";
- users.mutableUsers = mkForce true;
- services.xserver.synaptics.enable = true;
- }
- {
- #remote control
- environment.systemPackages = with pkgs; [
- x11vnc
- ];
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; }
- ];
- }
];
+ networking.networkmanager.enable = true;
+ networking.wireless.enable = mkForce false;
time.timeZone = "Europe/Berlin";
hardware.trackpoint = {
diff --git a/lass/1systems/littleT/physical.nix b/lass/1systems/littleT/physical.nix
index 9776211ae..550f058a8 100644
--- a/lass/1systems/littleT/physical.nix
+++ b/lass/1systems/littleT/physical.nix
@@ -1,7 +1,25 @@
{
imports = [
./config.nix
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/stock-x220.nix>
+ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
+ fileSystems."/" =
+ { device = "rpool/root";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/5B2E-3734";
+ fsType = "vfat";
+ };
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.efiSupport = true;
+ boot.loader.grub.efiInstallAsRemovable = true;
+ boot.loader.grub.device = "nodev";
+ networking.hostId = "584248c6";
+
+ boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
+ boot.kernelModules = [ "kvm-intel" ];
+
}
From 1f1a0e0c6bd70897e451cfd9cdf1a175a6edd38a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 09:34:16 +0100
Subject: [PATCH 092/103] l prism: firewall for wirelum
---
lass/1systems/prism/config.nix | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index ec3976519..962a77cc2 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -300,14 +300,16 @@ with import <stockholm/lib>;
imports = [
<stockholm/lass/2configs/wirelum.nix>
];
- #krebs.iptables.tables.nat.PREROUTING.rules = [
- # { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
- #];
+ krebs.iptables.tables.nat.PREROUTING.rules = [
+ { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+ { v4 = false; precedence = 1000; predicate = "-s 42:1::/32"; target = "ACCEPT"; }
+ ];
krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24 -d 10.243.0.0/16"; target = "ACCEPT"; }
- { v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
+ { precedence = 1000; predicate = "-i wirelum -o retiolum"; target = "ACCEPT"; }
+ { precedence = 1000; predicate = "-i retiolum -o wirelum"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.POSTROUTING.rules = [
+ { v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; }
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
];
services.dnsmasq = {
@@ -315,7 +317,7 @@ with import <stockholm/lib>;
resolveLocalQueries = false;
extraConfig= ''
- listen-address=10.244.1.1
+ listen-address=42:1:ce16::1
except-interface=lo
interface=wg0
'';
From e1cbd678dfddb2033b5d56eb8bbd32763a6976b4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 09:34:40 +0100
Subject: [PATCH 093/103] l blue: allow connections from wirelum
---
lass/2configs/blue.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
index 4d4a92eb9..6dc2b1213 100644
--- a/lass/2configs/blue.nix
+++ b/lass/2configs/blue.nix
@@ -22,7 +22,9 @@ with (import <stockholm/lib>);
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
+ { predicate = "-i wirelum -p udp --dport 60000:61000"; target = "ACCEPT";}
{ predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";}
+ { predicate = "-i wirelum -p tcp --dport 9999"; target = "ACCEPT";}
];
systemd.services.chat = let
From 19380cfd7096b203415995a40d0a53d606282e66 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 09:36:39 +0100
Subject: [PATCH 094/103] l browsers: use stable firefox
---
lass/2configs/browsers.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 425e0ee13..eaffdf623 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -45,7 +45,7 @@ let
createFirefoxUser = name: groups: precedence:
createUser (pkgs.writeDash name ''
- ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@"
+ ${pkgs.firefox}/bin/firefox "$@"
'') name groups precedence 80;
createQuteUser = name: groups: precedence:
From 42f9ff16452d7273dd8d1814758a2ae275751e7b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 09:37:37 +0100
Subject: [PATCH 095/103] l git: set announce to true
---
lass/2configs/git.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 62173e33f..7650f4294 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -154,7 +154,7 @@ let
public = true;
};
- make-restricted-repo = name: { admins ? [], collaborators ? [], announce ? false, hooks ? {}, ... }: {
+ make-restricted-repo = name: { admins ? [], collaborators ? [], announce ? true, hooks ? {}, ... }: {
inherit admins collaborators name;
public = false;
hooks = {
From 1d22bcb90fb4ca9459172eb5ba5c2aa44c73b07c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 09:38:40 +0100
Subject: [PATCH 096/103] l xmonad: use launch
---
lass/5pkgs/custom/xmonad-lass/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix
index f86a4a69b..79e6416e1 100644
--- a/lass/5pkgs/custom/xmonad-lass/default.nix
+++ b/lass/5pkgs/custom/xmonad-lass/default.nix
@@ -78,7 +78,7 @@ main = getArgs >>= \case
main' :: IO ()
main' = do
handleShutdownEvent <- newShutdownEventHandler
- xmonad $ ewmh
+ launch $ ewmh
$ withUrgencyHook LibNotifyUrgencyHook
$ def
{ terminal = myTerm
From ea50add2ba55f0779d8e79c3d11cdba4b2bb9fcf Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 14:38:05 +0100
Subject: [PATCH 097/103] l browsers: use ff more often
---
lass/2configs/browsers.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index eaffdf623..d214e224d 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -89,8 +89,8 @@ in {
}));
};
}
- ( createQuteUser "qb" [ "audio" ] 20 )
- ( createFirefoxUser "ff" [ "audio" ] 10 )
+ ( createFirefoxUser "ff" [ "audio" ] 11 )
+ ( createQuteUser "qb" [ "audio" ] 10 )
( createChromiumUser "cr" [ "audio" "video" ] 9 )
( createChromiumUser "gm" [ "video" "audio" ] 8 )
( createChromiumUser "wk" [ "audio" ] 0 )
From 9e464d988859395466543d62f94b71229791628d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 14:38:24 +0100
Subject: [PATCH 098/103] l mail: don't autosign with gpg
---
lass/2configs/mail.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 36e797a96..21b9d7b49 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -82,7 +82,7 @@ let
source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc
set pgp_use_gpg_agent = yes
set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D
- set crypt_autosign = yes
+ set crypt_autosign = no
set crypt_replyencrypt = yes
set crypt_verify_sig = yes
set pgp_verify_command = "gpg --no-verbose --batch --output - --verify %s %f"
From 24330950fe2bd31056e3ae1d58c1965c8a736f1f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 16:11:02 +0100
Subject: [PATCH 099/103] wirelum -> wiregrill
---
krebs/3modules/lass/default.nix | 18 ++++++------
lass/1systems/prism/config.nix | 6 ++--
lass/2configs/blue.nix | 4 +--
lass/2configs/default.nix | 2 +-
lass/2configs/wiregrill.nix | 44 ++++++++++++++++++++++++++++
lass/2configs/wirelum.nix | 44 ----------------------------
lass/5pkgs/l-gen-secrets/default.nix | 8 ++---
lib/krebs/genipv6.nix | 4 +--
8 files changed, 65 insertions(+), 65 deletions(-)
create mode 100644 lass/2configs/wiregrill.nix
delete mode 100644 lass/2configs/wirelum.nix
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 1eac198fa..1117dc61c 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -8,7 +8,7 @@ with import <stockholm/lib>;
};
r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address;
- w6 = ip: (krebs.genipv6 "wirelum" "lass" ip).address;
+ w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address;
in {
dns.providers = {
@@ -89,7 +89,7 @@ in {
-----END RSA PUBLIC KEY-----
'';
};
- wirelum = {
+ wiregrill = {
via = internet;
ip4.addr = "10.244.1.1";
ip6.addr = w6 "1";
@@ -191,7 +191,7 @@ in {
-----END RSA PUBLIC KEY-----
'';
};
- wirelum = {
+ wiregrill = {
ip6.addr = w6 "dea7";
aliases = [
"mors.w"
@@ -224,7 +224,7 @@ in {
-----END RSA PUBLIC KEY-----
'';
};
- wirelum = {
+ wiregrill = {
ip6.addr = w6 "50da";
aliases = [
"shodan.w"
@@ -257,7 +257,7 @@ in {
-----END RSA PUBLIC KEY-----
'';
};
- wirelum = {
+ wiregrill = {
ip6.addr = w6 "1205";
aliases = [
"icarus.w"
@@ -419,7 +419,7 @@ in {
-----END PUBLIC KEY-----
'';
};
- wirelum = {
+ wiregrill = {
ip6.addr = w6 "3110";
aliases = [
"yellow.w"
@@ -456,7 +456,7 @@ in {
-----END PUBLIC KEY-----
'';
};
- wirelum = {
+ wiregrill = {
ip6.addr = w6 "b1ce";
aliases = [
"blue.w"
@@ -469,7 +469,7 @@ in {
};
phone = {
nets = {
- wirelum = {
+ wiregrill = {
ip4.addr = "10.244.1.2";
ip6.addr = w6 "a";
aliases = [
@@ -506,7 +506,7 @@ in {
-----END RSA PUBLIC KEY-----
'';
};
- wirelum = {
+ wiregrill = {
ip6.addr = w6 "012f";
aliases = [
"morpheus.w"
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 962a77cc2..6c454b4ac 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -298,15 +298,15 @@ with import <stockholm/lib>;
}
{
imports = [
- <stockholm/lass/2configs/wirelum.nix>
+ <stockholm/lass/2configs/wiregrill.nix>
];
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
{ v4 = false; precedence = 1000; predicate = "-s 42:1::/32"; target = "ACCEPT"; }
];
krebs.iptables.tables.filter.FORWARD.rules = [
- { precedence = 1000; predicate = "-i wirelum -o retiolum"; target = "ACCEPT"; }
- { precedence = 1000; predicate = "-i retiolum -o wirelum"; target = "ACCEPT"; }
+ { precedence = 1000; predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; }
+ { precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.POSTROUTING.rules = [
{ v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; }
diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
index 6dc2b1213..cdd77e847 100644
--- a/lass/2configs/blue.nix
+++ b/lass/2configs/blue.nix
@@ -22,9 +22,9 @@ with (import <stockholm/lib>);
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
- { predicate = "-i wirelum -p udp --dport 60000:61000"; target = "ACCEPT";}
+ { predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";}
{ predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";}
- { predicate = "-i wirelum -p tcp --dport 9999"; target = "ACCEPT";}
+ { predicate = "-i wiregrill -p tcp --dport 9999"; target = "ACCEPT";}
];
systemd.services.chat = let
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index dea32d4d4..62a42baf9 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -10,7 +10,7 @@ with import <stockholm/lib>;
./zsh.nix
./htop.nix
./security-workarounds.nix
- ./wirelum.nix
+ ./wiregrill.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
diff --git a/lass/2configs/wiregrill.nix b/lass/2configs/wiregrill.nix
new file mode 100644
index 000000000..b2ee35df3
--- /dev/null
+++ b/lass/2configs/wiregrill.nix
@@ -0,0 +1,44 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: let
+
+ self = config.krebs.build.host.nets.wiregrill;
+ isRouter = !isNull self.via;
+
+in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
+ #hack for modprobe inside containers
+ systemd.services."wireguard-wiregrill".path = mkIf config.boot.isContainer (mkBefore [
+ (pkgs.writeDashBin "modprobe" ":")
+ ]);
+
+ boot.kernel.sysctl = mkIf isRouter {
+ "net.ipv6.conf.all.forwarding" = 1;
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; }
+ ];
+ krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [
+ { precedence = 1000; predicate = "-i wiregrill -o wiregrill"; target = "ACCEPT"; }
+ ];
+
+ networking.wireguard.interfaces.wiregrill = {
+ ips =
+ (optional (!isNull self.ip4) self.ip4.addr) ++
+ (optional (!isNull self.ip6) self.ip6.addr);
+ listenPort = 51820;
+ privateKeyFile = (toString <secrets>) + "/wiregrill.key";
+ allowedIPsAsRoutes = true;
+ peers = mapAttrsToList
+ (_: host: {
+ allowedIPs = if isRouter then
+ (optional (!isNull host.nets.wiregrill.ip4) host.nets.wiregrill.ip4.addr) ++
+ (optional (!isNull host.nets.wiregrill.ip6) host.nets.wiregrill.ip6.addr)
+ else
+ host.nets.wiregrill.wireguard.subnets
+ ;
+ endpoint = mkIf (!isNull host.nets.wiregrill.via) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}");
+ persistentKeepalive = mkIf (!isNull host.nets.wiregrill.via) 61;
+ publicKey = host.nets.wiregrill.wireguard.pubkey;
+ })
+ (filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts);
+ };
+}
diff --git a/lass/2configs/wirelum.nix b/lass/2configs/wirelum.nix
deleted file mode 100644
index cd8a20c6b..000000000
--- a/lass/2configs/wirelum.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }: let
-
- self = config.krebs.build.host.nets.wirelum;
- isRouter = !isNull self.via;
-
-in mkIf (hasAttr "wirelum" config.krebs.build.host.nets) {
- #hack for modprobe inside containers
- systemd.services."wireguard-wirelum".path = mkIf config.boot.isContainer (mkBefore [
- (pkgs.writeDashBin "modprobe" ":")
- ]);
-
- boot.kernel.sysctl = mkIf isRouter {
- "net.ipv6.conf.all.forwarding" = 1;
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [
- { precedence = 1000; predicate = "-i wirelum -o wirelum"; target = "ACCEPT"; }
- ];
-
- networking.wireguard.interfaces.wirelum = {
- ips =
- (optional (!isNull self.ip4) self.ip4.addr) ++
- (optional (!isNull self.ip6) self.ip6.addr);
- listenPort = 51820;
- privateKeyFile = (toString <secrets>) + "/wirelum.key";
- allowedIPsAsRoutes = true;
- peers = mapAttrsToList
- (_: host: {
- allowedIPs = if isRouter then
- (optional (!isNull host.nets.wirelum.ip4) host.nets.wirelum.ip4.addr) ++
- (optional (!isNull host.nets.wirelum.ip6) host.nets.wirelum.ip6.addr)
- else
- host.nets.wirelum.wireguard.subnets
- ;
- endpoint = mkIf (!isNull host.nets.wirelum.via) (host.nets.wirelum.via.ip4.addr + ":${toString host.nets.wirelum.wireguard.port}");
- persistentKeepalive = mkIf (!isNull host.nets.wirelum.via) 61;
- publicKey = host.nets.wirelum.wireguard.pubkey;
- })
- (filterAttrs (_: h: hasAttr "wirelum" h.nets) config.krebs.hosts);
- };
-}
diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix
index 5997dca09..85b050644 100644
--- a/lass/5pkgs/l-gen-secrets/default.nix
+++ b/lass/5pkgs/l-gen-secrets/default.nix
@@ -8,8 +8,8 @@ pkgs.writeDashBin "l-gen-secrets" ''
${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
- ${pkgs.wireguard}/bin/wg genkey > $TMPDIR/wirelum.key
- ${pkgs.coreutils}/bin/cat $TMPDIR/wirelum.key | ${pkgs.wireguard}/bin/wg pubkey > $TMPDIR/wirelum.pub
+ ${pkgs.wireguard}/bin/wg genkey > $TMPDIR/wiregrill.key
+ ${pkgs.coreutils}/bin/cat $TMPDIR/wiregrill.key | ${pkgs.wireguard}/bin/wg pubkey > $TMPDIR/wiregrill.pub
cat <<EOF > $TMPDIR/hashedPasswords.nix
{
root = "$HASHED_PASSWORD";
@@ -37,13 +37,13 @@ pkgs.writeDashBin "l-gen-secrets" ''
$(cat $TMPDIR/retiolum.rsa_key.pub)
${"''"};
};
- wirelum = {
+ wiregrill = {
ip6.addr = (wip6 "changeme").address;
aliases = [
"$HOSTNAME.w"
];
wireguard.pubkey = ${"''"}
- $(cat $TMPDIR/wirelum.pub)
+ $(cat $TMPDIR/wiregrill.pub)
${"''"};
};
};
diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix
index 1d3f398ec..22a23fcef 100644
--- a/lib/krebs/genipv6.nix
+++ b/lib/krebs/genipv6.nix
@@ -16,12 +16,12 @@ let {
normalize-ip6-addr (appendZeros addressLength netPrefix);
netHash = toString {
retiolum = 0;
- wirelum = 1;
+ wiregrill = 1;
}.${netname};
netPrefix = "42:${netHash}";
netPrefixLength = {
retiolum = 32;
- wirelum = 32;
+ wiregrill = 32;
}.${netname};
inherit subnetname;
From bb22dc7475a01b262f4102c9a7b9df96c1ed5708 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 16:31:57 +0100
Subject: [PATCH 100/103] l littleT: make into blue-host
---
lass/1systems/littleT/config.nix | 1 +
lass/2configs/blue-host.nix | 1 +
2 files changed, 2 insertions(+)
diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix
index 2f28cc0d6..7fe143c3c 100644
--- a/lass/1systems/littleT/config.nix
+++ b/lass/1systems/littleT/config.nix
@@ -6,6 +6,7 @@ with import <stockholm/lib>;
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/blue-host.nix>
];
networking.networkmanager.enable = true;
diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix
index 9cf294afd..718a92e9c 100644
--- a/lass/2configs/blue-host.nix
+++ b/lass/2configs/blue-host.nix
@@ -7,6 +7,7 @@ let
"daedalus"
"skynet"
"prism"
+ "littleT"
];
remote_hosts = filter (h: h != config.networking.hostName) all_hosts;
From c8943a2c89d2bcefc910f3c2bc588bcf6c1673f2 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 16:33:37 +0100
Subject: [PATCH 101/103] l skynet.r don't fetch wallpaper
---
lass/1systems/skynet/config.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
index 13a8b3e41..4b806af7b 100644
--- a/lass/1systems/skynet/config.nix
+++ b/lass/1systems/skynet/config.nix
@@ -5,7 +5,6 @@ with import <stockholm/lib>;
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/power-action.nix>
{
From e9907ee8a8433904026bf1c54edd7f79ab0c49a3 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 16:34:45 +0100
Subject: [PATCH 102/103] l baseX: add fzfmenu to pkgs
---
lass/2configs/baseX.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 859a2a1b9..1b6a1d593 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -64,6 +64,7 @@ in {
dic
dmenu
font-size
+ fzfmenu
gitAndTools.qgit
git-preview
gnome3.dconf
From 8705b4dbc8e8cf0c4e09c114daad3f96026520ab Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 16 Dec 2018 16:36:13 +0100
Subject: [PATCH 103/103] l domsen: add klabusterbeere
---
lass/2configs/websites/domsen.nix | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 4935268a4..ce7df4bfb 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -126,6 +126,7 @@ in {
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
{ from = "akayguen@freemonkey.art"; to ="akayguen"; }
{ from = "bui@freemonkey.art"; to ="bui"; }
+ { from = "kontakt@alewis.de"; to ="klabusterbeere"; }
{ from = "testuser@lassul.us"; to = "testuser"; }
{ from = "testuser@ubikmedia.eu"; to = "testuser"; }
@@ -204,5 +205,12 @@ in {
createHome = true;
};
+ users.users.klabusterbeere = {
+ uid = genid_uint31 "klabusterbeere";
+ home = "/home/klabusterbeere";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
}