Merge remote-tracking branch 'origin/master'
This commit is contained in:
commit
8eca9165ce
|
@ -53,8 +53,8 @@
|
||||||
eval $(dircolors -b ${pkgs.fetchFromGitHub {
|
eval $(dircolors -b ${pkgs.fetchFromGitHub {
|
||||||
owner = "trapd00r";
|
owner = "trapd00r";
|
||||||
repo = "LS_COLORS";
|
repo = "LS_COLORS";
|
||||||
rev = "master";
|
rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
|
||||||
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
|
sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
|
||||||
}}/LS_COLORS)
|
}}/LS_COLORS)
|
||||||
|
|
||||||
#beautiful colors
|
#beautiful colors
|
||||||
|
|
|
@ -3,7 +3,7 @@ import <nixpkgs/nixos/tests/make-test.nix> ({ ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
pkgs = import <nixpkgs> { overlays = [(import ../5pkgs)]; };
|
pkgs = import <nixpkgs> { overlays = [(import ../5pkgs)]; };
|
||||||
test-config = <stockholm/krebs/6tests/data/test-config.nix>;
|
test-config = <stockholm/krebs/0tests/data/test-config.nix>;
|
||||||
privKey = ''
|
privKey = ''
|
||||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
|
@ -9,17 +9,17 @@
|
||||||
<stockholm/krebs>
|
<stockholm/krebs>
|
||||||
<stockholm/krebs/2configs>
|
<stockholm/krebs/2configs>
|
||||||
|
|
||||||
<stockholm/krebs/2configs/buildbot-all.nix>
|
<stockholm/krebs/2configs/buildbot-stockholm.nix>
|
||||||
<stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
|
<stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
|
||||||
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
||||||
<stockholm/krebs/2configs/ircd.nix>
|
<stockholm/krebs/2configs/ircd.nix>
|
||||||
<stockholm/krebs/2configs/reaktor-retiolum.nix>
|
<stockholm/krebs/2configs/reaktor-retiolum.nix>
|
||||||
|
<stockholm/krebs/2configs/reaktor-krebs.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.hotdog;
|
krebs.build.host = config.krebs.hosts.hotdog;
|
||||||
|
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
|
|
||||||
environment.variables.NIX_REMOTE = "daemon";
|
environment.variables.NIX_REMOTE = "daemon";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
with import <stockholm/lib>;
|
|
||||||
{ lib, config, pkgs, ... }:
|
|
||||||
{
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
|
|
||||||
krebs.ci.enable = true;
|
|
||||||
krebs.ci.treeStableTimer = 1;
|
|
||||||
krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts);
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
with import <stockholm/lib>;
|
|
||||||
{ lib, config, pkgs, ... }:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
<stockholm/krebs/2configs/repo-sync.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
|
|
||||||
krebs.ci.enable = true;
|
|
||||||
krebs.ci.treeStableTimer = 120;
|
|
||||||
krebs.ci.hosts = [ config.krebs.build.host ];
|
|
||||||
}
|
|
178
krebs/2configs/buildbot-stockholm.nix
Normal file
178
krebs/2configs/buildbot-stockholm.nix
Normal file
|
@ -0,0 +1,178 @@
|
||||||
|
{ config, pkgs, ... }: with import <stockholm/lib>;
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
hostname = config.networking.hostName;
|
||||||
|
|
||||||
|
in
|
||||||
|
{
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts.build = {
|
||||||
|
serverAliases = [ "build.${hostname}.r" ];
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_pass http://127.0.0.1:${toString config.krebs.buildbot.master.web.port};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.buildbot.master = {
|
||||||
|
slaves = {
|
||||||
|
testslave = "lasspass";
|
||||||
|
};
|
||||||
|
change_source.stockholm = ''
|
||||||
|
stockholm_repo = 'http://cgit.prism.r/stockholm'
|
||||||
|
cs.append(
|
||||||
|
changes.GitPoller(
|
||||||
|
stockholm_repo,
|
||||||
|
workdir='stockholm-poller', branches=True,
|
||||||
|
project='stockholm',
|
||||||
|
pollinterval=10
|
||||||
|
)
|
||||||
|
)
|
||||||
|
'';
|
||||||
|
scheduler = {
|
||||||
|
auto-scheduler = ''
|
||||||
|
sched.append(
|
||||||
|
schedulers.SingleBranchScheduler(
|
||||||
|
change_filter=util.ChangeFilter(branch_re=".*"),
|
||||||
|
treeStableTimer=60,
|
||||||
|
name="build-all-branches",
|
||||||
|
builderNames=[
|
||||||
|
"hosts",
|
||||||
|
]
|
||||||
|
)
|
||||||
|
)
|
||||||
|
'';
|
||||||
|
force-scheduler = ''
|
||||||
|
sched.append(
|
||||||
|
schedulers.ForceScheduler(
|
||||||
|
name="hosts",
|
||||||
|
builderNames=[
|
||||||
|
"hosts",
|
||||||
|
]
|
||||||
|
)
|
||||||
|
)
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
builder_pre = ''
|
||||||
|
# prepare grab_repo step for stockholm
|
||||||
|
grab_repo = steps.Git(
|
||||||
|
repourl=stockholm_repo,
|
||||||
|
mode='full',
|
||||||
|
)
|
||||||
|
'';
|
||||||
|
builder = {
|
||||||
|
hosts = ''
|
||||||
|
from buildbot import interfaces
|
||||||
|
from buildbot.steps.shell import ShellCommand
|
||||||
|
|
||||||
|
class StepToStartMoreSteps(ShellCommand):
|
||||||
|
def __init__(self, **kwargs):
|
||||||
|
ShellCommand.__init__(self, **kwargs)
|
||||||
|
|
||||||
|
def addBuildSteps(self, steps_factories):
|
||||||
|
for sf in steps_factories:
|
||||||
|
step = interfaces.IBuildStepFactory(sf).buildStep()
|
||||||
|
step.setBuild(self.build)
|
||||||
|
step.setBuildSlave(self.build.slavebuilder.slave)
|
||||||
|
step_status = self.build.build_status.addStepWithName(step.name)
|
||||||
|
step.setStepStatus(step_status)
|
||||||
|
self.build.steps.append(step)
|
||||||
|
|
||||||
|
def start(self):
|
||||||
|
props = self.build.getProperties()
|
||||||
|
hosts = json.loads(props.getProperty('hosts_json'))
|
||||||
|
for host in hosts:
|
||||||
|
user = hosts[host]['owner']
|
||||||
|
|
||||||
|
self.addBuildSteps([steps.ShellCommand(
|
||||||
|
name=str(host),
|
||||||
|
env={
|
||||||
|
"NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src",
|
||||||
|
"NIX_REMOTE": "daemon",
|
||||||
|
"dummy_secrets": "true",
|
||||||
|
},
|
||||||
|
command=[
|
||||||
|
"nix-shell", "-I", "stockholm=.", "--run", " ".join(["test",
|
||||||
|
"--user={}".format(user),
|
||||||
|
"--system={}".format(host),
|
||||||
|
"--force-populate",
|
||||||
|
"--target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user),
|
||||||
|
])
|
||||||
|
],
|
||||||
|
timeout=90001,
|
||||||
|
workdir='build', # TODO figure out why we need this?
|
||||||
|
)])
|
||||||
|
|
||||||
|
ShellCommand.start(self)
|
||||||
|
|
||||||
|
|
||||||
|
f = util.BuildFactory()
|
||||||
|
f.addStep(grab_repo)
|
||||||
|
|
||||||
|
f.addStep(steps.SetPropertyFromCommand(
|
||||||
|
env={
|
||||||
|
"NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src",
|
||||||
|
"NIX_REMOTE": "daemon",
|
||||||
|
},
|
||||||
|
name="get_hosts",
|
||||||
|
command=["nix-instantiate", "--json", "--strict", "--eval", "-E", """
|
||||||
|
with import <nixpkgs> {};
|
||||||
|
let
|
||||||
|
eval-config = cfg:
|
||||||
|
import <nixpkgs/nixos/lib/eval-config.nix> {
|
||||||
|
modules = [
|
||||||
|
(import cfg)
|
||||||
|
];
|
||||||
|
}
|
||||||
|
;
|
||||||
|
|
||||||
|
system = eval-config ./krebs/1systems/hotdog/config.nix; # TODO put a better config here
|
||||||
|
|
||||||
|
ci-systems = lib.filterAttrs (_: v: v.ci) system.config.krebs.hosts;
|
||||||
|
|
||||||
|
filtered-attrs = lib.mapAttrs ( n: v: {
|
||||||
|
owner = v.owner.name;
|
||||||
|
}) ci-systems;
|
||||||
|
|
||||||
|
in filtered-attrs
|
||||||
|
"""],
|
||||||
|
property="hosts_json"
|
||||||
|
))
|
||||||
|
f.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here
|
||||||
|
|
||||||
|
bu.append(
|
||||||
|
util.BuilderConfig(
|
||||||
|
name="hosts",
|
||||||
|
slavenames=slavenames,
|
||||||
|
factory=f
|
||||||
|
)
|
||||||
|
)
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
enable = true;
|
||||||
|
web.enable = true;
|
||||||
|
irc = {
|
||||||
|
enable = true;
|
||||||
|
nick = "build|${hostname}";
|
||||||
|
server = "irc.r";
|
||||||
|
channels = [ "noise" "xxx" ];
|
||||||
|
allowForce = true;
|
||||||
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
c['buildbotURL'] = "http://build.${hostname}.r/"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.buildbot.slave = {
|
||||||
|
enable = true;
|
||||||
|
masterhost = "localhost";
|
||||||
|
username = "testslave";
|
||||||
|
password = "lasspass";
|
||||||
|
packages = with pkgs; [ gnumake jq nix populate ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -50,6 +50,7 @@ with import <stockholm/lib>;
|
||||||
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
||||||
# TODO
|
# TODO
|
||||||
config.krebs.users.lass.pubkey
|
config.krebs.users.lass.pubkey
|
||||||
|
config.krebs.users.lass-mors.pubkey
|
||||||
config.krebs.users.makefu.pubkey
|
config.krebs.users.makefu.pubkey
|
||||||
# TODO HARDER:
|
# TODO HARDER:
|
||||||
config.krebs.users.makefu-omo.pubkey
|
config.krebs.users.makefu-omo.pubkey
|
||||||
|
|
|
@ -94,7 +94,7 @@
|
||||||
[SPAM]npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews
|
[SPAM]npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews
|
||||||
[SPAM]nsa|https://www.nsa.gov/rss.xml|#snews #bullerei
|
[SPAM]nsa|https://www.nsa.gov/rss.xml|#snews #bullerei
|
||||||
[SPAM]nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews
|
[SPAM]nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews
|
||||||
[SPAM]painload|https://github.com/krebscode/painload/commits/master.atom|#snews
|
[SPAM]painload|https://github.com/krebs/painload/commits/master.atom|#snews
|
||||||
[SPAM]phys|http://phys.org/rss-feed/|#snews
|
[SPAM]phys|http://phys.org/rss-feed/|#snews
|
||||||
[SPAM]piraten|https://www.piratenpartei.de/feed/|#snews
|
[SPAM]piraten|https://www.piratenpartei.de/feed/|#snews
|
||||||
[SPAM]polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews
|
[SPAM]polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
ethereum|http://blog.ethereum.org/feed|#news
|
ethereum|http://blog.ethereum.org/feed|#news
|
||||||
LtU|http://lambda-the-ultimate.org/rss.xml|#news
|
LtU|http://lambda-the-ultimate.org/rss.xml|#news
|
||||||
mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#news
|
mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#news
|
||||||
painload|https://github.com/krebscode/painload/commits/master.atom|#news
|
painload|https://github.com/krebs/painload/commits/master.atom|#news
|
||||||
reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
|
reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
|
||||||
reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
|
reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
|
||||||
shackspace|http://shackspace.de/atom.xml|#news
|
shackspace|http://shackspace.de/atom.xml|#news
|
||||||
|
@ -16,7 +16,7 @@
|
||||||
vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
|
vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
|
||||||
weechat|http://dev.weechat.org/feed/atom|#news
|
weechat|http://dev.weechat.org/feed/atom|#news
|
||||||
xkcd|https://xkcd.com/rss.xml|#news
|
xkcd|https://xkcd.com/rss.xml|#news
|
||||||
painload|https://github.com/krebscode/painload/commits/master.atom|#news
|
painload|https://github.com/krebs/painload/commits/master.atom|#news
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,13 +13,8 @@ with import <stockholm/lib>;
|
||||||
};
|
};
|
||||||
plugins = with pkgs.ReaktorPlugins; [
|
plugins = with pkgs.ReaktorPlugins; [
|
||||||
sed-plugin
|
sed-plugin
|
||||||
wiki-todo-add
|
] ++
|
||||||
wiki-todo-done
|
(attrValues (todo "agenda"))
|
||||||
wiki-todo-show
|
;
|
||||||
];
|
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts."lassul.us".locations."/wiki-todo".extraConfig = ''
|
|
||||||
default_type "text/plain";
|
|
||||||
alias /var/lib/Reaktor/state/wiki-todo;
|
|
||||||
'';
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,6 +10,8 @@ with import <stockholm/lib>;
|
||||||
};
|
};
|
||||||
plugins = with pkgs.ReaktorPlugins; [
|
plugins = with pkgs.ReaktorPlugins; [
|
||||||
sed-plugin
|
sed-plugin
|
||||||
];
|
] ++
|
||||||
|
(attrValues (todo "agenda"))
|
||||||
|
;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,192 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
let
|
|
||||||
cfg = config.krebs.ci;
|
|
||||||
|
|
||||||
hostname = config.networking.hostName;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.krebs.ci = {
|
|
||||||
enable = mkEnableOption "krebs continous integration";
|
|
||||||
stockholmSrc = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "http://cgit.${hostname}.r/stockholm";
|
|
||||||
};
|
|
||||||
treeStableTimer = mkOption {
|
|
||||||
type = types.int;
|
|
||||||
default = 10;
|
|
||||||
description = "how long to wait until we test changes (in minutes)";
|
|
||||||
};
|
|
||||||
hosts = mkOption {
|
|
||||||
type = types.listOf types.host;
|
|
||||||
default = [];
|
|
||||||
description = ''
|
|
||||||
List of hosts that should be build
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
tests = mkOption {
|
|
||||||
type = types.listOf types.str;
|
|
||||||
default = [];
|
|
||||||
description = ''
|
|
||||||
List of tests that should be build
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
virtualHosts.build = {
|
|
||||||
serverAliases = [ "build.${hostname}.r" ];
|
|
||||||
locations."/".extraConfig = ''
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_pass http://127.0.0.1:${toString config.krebs.buildbot.master.web.port};
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
krebs.buildbot.master = {
|
|
||||||
slaves = {
|
|
||||||
testslave = "lasspass";
|
|
||||||
};
|
|
||||||
change_source.stockholm = ''
|
|
||||||
stockholm_repo = '${cfg.stockholmSrc}'
|
|
||||||
cs.append(
|
|
||||||
changes.GitPoller(
|
|
||||||
stockholm_repo,
|
|
||||||
workdir='stockholm-poller', branches=True,
|
|
||||||
project='stockholm',
|
|
||||||
pollinterval=10
|
|
||||||
)
|
|
||||||
)
|
|
||||||
'';
|
|
||||||
scheduler = {
|
|
||||||
build-scheduler = ''
|
|
||||||
sched.append(
|
|
||||||
schedulers.SingleBranchScheduler(
|
|
||||||
change_filter=util.ChangeFilter(branch_re=".*"),
|
|
||||||
treeStableTimer=${toString cfg.treeStableTimer}*60,
|
|
||||||
name="build-all-branches",
|
|
||||||
builderNames=[
|
|
||||||
${optionalString (cfg.hosts != []) ''"hosts",''}
|
|
||||||
${optionalString (cfg.tests != []) ''"tests",''}
|
|
||||||
]
|
|
||||||
)
|
|
||||||
)
|
|
||||||
'';
|
|
||||||
force-scheduler = ''
|
|
||||||
sched.append(
|
|
||||||
schedulers.ForceScheduler(
|
|
||||||
name="force",
|
|
||||||
builderNames=[
|
|
||||||
${optionalString (cfg.hosts != []) ''"hosts",''}
|
|
||||||
${optionalString (cfg.tests != []) ''"tests",''}
|
|
||||||
]
|
|
||||||
)
|
|
||||||
)
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
builder_pre = ''
|
|
||||||
# prepare grab_repo step for stockholm
|
|
||||||
grab_repo = steps.Git(
|
|
||||||
repourl=stockholm_repo,
|
|
||||||
mode='full'
|
|
||||||
)
|
|
||||||
|
|
||||||
# prepare addShell function
|
|
||||||
def addShell(factory,**kwargs):
|
|
||||||
factory.addStep(steps.ShellCommand(**kwargs))
|
|
||||||
'';
|
|
||||||
builder = {
|
|
||||||
hosts = mkIf (cfg.hosts != []) ''
|
|
||||||
f = util.BuildFactory()
|
|
||||||
f.addStep(grab_repo)
|
|
||||||
|
|
||||||
def build_host(user, host):
|
|
||||||
addShell(f,
|
|
||||||
name="{}".format(host),
|
|
||||||
env={
|
|
||||||
"NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
|
|
||||||
"NIX_REMOTE": "daemon",
|
|
||||||
"dummy_secrets": "true",
|
|
||||||
},
|
|
||||||
command=[
|
|
||||||
"nix-shell", "-I", "stockholm=.", "--run", " ".join(["test",
|
|
||||||
"--user={}".format(user),
|
|
||||||
"--system={}".format(host),
|
|
||||||
"--force-populate",
|
|
||||||
"--target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user),
|
|
||||||
])
|
|
||||||
],
|
|
||||||
timeout=90001
|
|
||||||
)
|
|
||||||
|
|
||||||
${concatMapStringsSep "\n" (host:
|
|
||||||
"build_host(\"${host.owner.name}\", \"${host.name}\")"
|
|
||||||
) cfg.hosts}
|
|
||||||
|
|
||||||
bu.append(
|
|
||||||
util.BuilderConfig(
|
|
||||||
name="hosts",
|
|
||||||
slavenames=slavenames,
|
|
||||||
factory=f
|
|
||||||
)
|
|
||||||
)
|
|
||||||
'';
|
|
||||||
tests = mkIf (cfg.tests != []) ''
|
|
||||||
f = util.BuildFactory()
|
|
||||||
f.addStep(grab_repo)
|
|
||||||
|
|
||||||
def run_test(test):
|
|
||||||
addShell(f,
|
|
||||||
name="{}".format(test),
|
|
||||||
env={
|
|
||||||
"NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
|
|
||||||
"NIX_REMOTE": "daemon",
|
|
||||||
"dummy_secrets": "true",
|
|
||||||
},
|
|
||||||
command=[
|
|
||||||
"nix-build", "-I", "stockholm=.", "krebs/6tests",
|
|
||||||
"-A", "{}".format(test)
|
|
||||||
],
|
|
||||||
timeout=90001
|
|
||||||
)
|
|
||||||
|
|
||||||
${concatMapStringsSep "\n" (test:
|
|
||||||
"run_test(\"${test}\")"
|
|
||||||
) cfg.tests}
|
|
||||||
|
|
||||||
bu.append(
|
|
||||||
util.BuilderConfig(
|
|
||||||
name="tests",
|
|
||||||
slavenames=slavenames,
|
|
||||||
factory=f
|
|
||||||
)
|
|
||||||
)
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
enable = true;
|
|
||||||
web.enable = true;
|
|
||||||
irc = {
|
|
||||||
enable = true;
|
|
||||||
nick = "build|${hostname}";
|
|
||||||
server = "irc.r";
|
|
||||||
channels = [ "xxx" "noise" ];
|
|
||||||
allowForce = true;
|
|
||||||
};
|
|
||||||
extraConfig = ''
|
|
||||||
c['buildbotURL'] = "http://build.${hostname}.r/"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
krebs.buildbot.slave = {
|
|
||||||
enable = true;
|
|
||||||
masterhost = "localhost";
|
|
||||||
username = "testslave";
|
|
||||||
password = "lasspass";
|
|
||||||
packages = with pkgs; [ gnumake jq nix populate ];
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -13,7 +13,6 @@ let
|
||||||
./buildbot/master.nix
|
./buildbot/master.nix
|
||||||
./buildbot/slave.nix
|
./buildbot/slave.nix
|
||||||
./build.nix
|
./build.nix
|
||||||
./ci.nix
|
|
||||||
./current.nix
|
./current.nix
|
||||||
./exim.nix
|
./exim.nix
|
||||||
./exim-retiolum.nix
|
./exim-retiolum.nix
|
||||||
|
|
|
@ -65,6 +65,7 @@ with import <stockholm/lib>;
|
||||||
io 60 IN NS ions.lassul.us.
|
io 60 IN NS ions.lassul.us.
|
||||||
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
nets = rec {
|
nets = rec {
|
||||||
|
@ -670,9 +671,45 @@ with import <stockholm/lib>;
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
|
||||||
};
|
};
|
||||||
|
blue = {
|
||||||
|
cores = 1;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.0.77";
|
||||||
|
ip6.addr = "42:0:0:0:0:0:0:77";
|
||||||
|
aliases = [
|
||||||
|
"blue.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA28b+WMiQaWbwUPcJlacd
|
||||||
|
QwyX4PvVm9WItPmmNy+RE2y0Mf04LxZ7RLm5+e0wPuhXXQyhZ06CNd6tjeaKfXUc
|
||||||
|
sNeC1Vjuh1hsyYJLR5Xf/YRNJQKoaHjbkXGt+rSK7PPuCcsUPOSZSEAgHYVvcFzM
|
||||||
|
wWE4kTDcBZeISB4+yLmPIZXhnDImRRMEurFNRiocoMmEIu/zyYVq8rnlTl972Agu
|
||||||
|
PMGo1HqVxCouEWstRvtX5tJmV8yruRbH4tADAruLXErLLwUAx/AYDNRjY1TYYetJ
|
||||||
|
RoaxejmZVVIvR+hWaDLkHZO89+to6wS5IVChs1anFxMNN6Chq2v8Bb2Nyy1oG/H/
|
||||||
|
HzXxj1Rn7CN9es5Wl0UX4h9Zg+hfspoI75lQ509GLusYOyFwgmFF02eMpxgHBiWm
|
||||||
|
khSJzPkFdYJKUKaZI0nQEGGsFJOe/Se5jj70x3Q5XEuUoQqyahAqwQIYh6uwhbuP
|
||||||
|
49RBPHpE+ry6smhUPLTitrRsqeBU4RZRNsUAYyCbwyAH1i+K3Q5PSovgPtlHVr2N
|
||||||
|
w+VZCzsrtOY2fxXw0e+mncrx/Qga62s4m6a/dyukA5RytA9f6bBsvSTqr7/EQTs6
|
||||||
|
ZEBoPudk7ULNEbfjmJtBkeG7wKIlpgzVg/JaCAwMuSgVjrpIHrZmjOVvmOwB8W6J
|
||||||
|
Ch/o7chVljAwW4JmyRnhZbMCAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
users = {
|
users = rec {
|
||||||
lass = {
|
lass = lass-blue;
|
||||||
|
lass-blue = {
|
||||||
|
mail = "lass@blue.r";
|
||||||
|
pubkey = builtins.readFile ./ssh/blue.rsa;
|
||||||
|
pgp.pubkeys.default = builtins.readFile ./pgp/blue.pgp;
|
||||||
|
};
|
||||||
|
lass-mors = {
|
||||||
mail = "lass@mors.r";
|
mail = "lass@mors.r";
|
||||||
pubkey = builtins.readFile ./ssh/mors.rsa;
|
pubkey = builtins.readFile ./ssh/mors.rsa;
|
||||||
pgp.pubkeys.default = builtins.readFile ./pgp/mors.pgp;
|
pgp.pubkeys.default = builtins.readFile ./pgp/mors.pgp;
|
||||||
|
@ -697,6 +734,7 @@ with import <stockholm/lib>;
|
||||||
lass-icarus = {
|
lass-icarus = {
|
||||||
mail = "lass@icarus.r";
|
mail = "lass@icarus.r";
|
||||||
pubkey = builtins.readFile ./ssh/icarus.rsa;
|
pubkey = builtins.readFile ./ssh/icarus.rsa;
|
||||||
|
pgp.pubkeys.default = builtins.readFile ./pgp/icarus.pgp;
|
||||||
};
|
};
|
||||||
lass-xerxes = {
|
lass-xerxes = {
|
||||||
mail = "lass@xerxes.r";
|
mail = "lass@xerxes.r";
|
||||||
|
|
51
krebs/3modules/lass/pgp/blue.pgp
Normal file
51
krebs/3modules/lass/pgp/blue.pgp
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQINBFr9fAEBEACz2E2E7uBulVBBtPmk9IR2yB+uAWSe8Hi7vNiGc1Dbs40jzWuy
|
||||||
|
AqouqyC5xnVw66+cQaYOsgXiwencmu/cFEV2x2uRLDVh1E/fvc8yxAOizEIY0jm/
|
||||||
|
WZ/4IWvTZLVPF3BOhM4p/HGNbdZhRc4RoljLTB34VuY1KSMhs3Vx7n3HgZzdbD7D
|
||||||
|
itUFU4oY5CnkQp4yl1Htat08cZmbD51VTZB1hDw2Uea+VuMQ/ImRtTqW+Ss4xyPA
|
||||||
|
DwUE/vRM3CKwBvcjbNL3uUqc5dtZuvruuFeK3ScmdNLytcgXqJzLlwuzHmSt/Tnc
|
||||||
|
DQZWKGiHnMvrAOkMEvsmiKhboWSAq4sRUPhISqZ7MSvPfhaH5Gcmhi+hL8FZhGY0
|
||||||
|
qF7MNLHoimw6MBV6FIIA0vCDn2p5Vwc7L+LqLjWqAvxdfVoeUJjUWbWWNNWg4Tw7
|
||||||
|
9e7rAR86e4AvhCZRubRn1aOfKGF5vg/El98OeIwBFQHpr7uznKfjmAEpoGveV+vG
|
||||||
|
amptMCBAr4Hw76U708XWOQkZ2GDY9cfdxUllhAmmPrNQ/OcT2b4x0xKvMi4nA5G8
|
||||||
|
PBOFErkS61zNxsHgpFe2isG+VDqYLfeQhOdB101Qn6IHw3KxyW85CwImUpdRLMUi
|
||||||
|
0wtcA7M5GB94HRZ8qW6LtFBjwqm2NGudB0alfIWIq7KuRMXus3sJKQ2gDQARAQAB
|
||||||
|
tBlsYXNzQGJsdWUuciA8bGFzc0BibHVlLnI+iQJOBBMBCAA4FiEEuOpc8JA44Pd5
|
||||||
|
NXyK8UJeZkL6H7wFAlr9fAECGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ
|
||||||
|
8UJeZkL6H7ygPQ/+JydbB0IX64ojm34YaeWKVdM5D7JFBdNuKgbAMf0Uhcja6YcU
|
||||||
|
0YRvuOPpw4lNZqV/1yxDXGHJrVfGolq6uz28oWr+9VUD8QXH9ODm1EMLsU8Jb1Nh
|
||||||
|
SE+rWSAhEmdw8l9Bi12wq4v/z/JC93/VJLnBGOL8LDEsJ9OatUw71KIt/a50ERoz
|
||||||
|
uCZbMeLPym8WqSK1kjQehL5pj97BzxmBNpFYwqaniTAuqTN6bhs2ws+k89vjaWIP
|
||||||
|
T+bEqsJV/vR9KZcNlmKlTQwbsjQ1BZ9EuV4EBL6IAMrqxDeY3mFnT+EpkabfIVSh
|
||||||
|
38KmG+4PZDXaj6rCsrsH2pUKaZ/Z6Mr3lmFb/1aaK3xKiQyxcMrbcixIIVI8ihTM
|
||||||
|
HUC3DFFlA7+02b67QomWFLRiZid4gCry7xhZyryQJkN2l20fzRjWf0myzcPO0qxc
|
||||||
|
y39gUyEqy1oeaffCc1QgDJH2Hvf+P9StyMZIulNuCKJ9tfQR5nkkDAy/2p405Lmf
|
||||||
|
mdKOMha6bZ+mA5HbmjMqwyFPHEtU6t/mUhlh7mYqNYAJikuqV00N6nTKVrBb2IfK
|
||||||
|
atoHeUcmvMWBGL7+x3zxwf2pnum6a5iDES2ir87ltOGKGDeMt2Y/Ap30P+uZGnn1
|
||||||
|
AiRu2bGkCiQ/WH1StJhAhJeleUfdbOa7/voc14nl3rewqyhqYd8dlI+TWAu5Ag0E
|
||||||
|
Wv18AQEQAOFMwY2ky5TyRrDqJosq0y/9+8D6RiXlyOnyTQ+bqu4mDEaVu3xNcKLH
|
||||||
|
CQsTM7gDR9pivapoDo84CK8w519DHCA2EpNGTDO4twcQ3jKqPth809LnibwdKJCe
|
||||||
|
qsfxsIfN8LbpKDOygZ2av11gcT0ye9uOMkiiRSE2MMGDU/50sskecavUAExDgwFs
|
||||||
|
v72ReU3fXRfTqYT6p/i/qMB7GbS8PlKFz61JKHDceS5GJUZJ5OWOoq7ZMCz6zrLW
|
||||||
|
2mQIJ7kblGCJKUnx/lZ5y9nqSCk7jer2qENxWNPOCwD48A78u1Bz8xSN5D1gFO3f
|
||||||
|
YSKh60kK5UljwkvRD7NvAcg2ifwL1e+/7v8WV9OsHDUBEiJO05tsjJ76QwHnEq6j
|
||||||
|
4peArcTAHWZ4uGncAgYN/Uii+0vs3oVDsZ9d2uLJxuR3h6T4XVejeuZ3j3o/XX/E
|
||||||
|
aZwcdH3VpKqEjdG4c4TMz96bN7ZN2DbgTf40rwPFKgWnvhCA9dWlmfy9pW2z2hyg
|
||||||
|
rJaRGXd/4znj5YlMliDrL4/Yp9j1J1CsoZM68er6/zMU1SA9U/y+MVqMoPCPlczx
|
||||||
|
mbwWQm1JH6fZv2SzHbZOrZYWKVWX+jPZQV6SjKwSiVrLlZJ0Z8u00HBRRRzXLwXa
|
||||||
|
OLL/dGP1v+msMv1oCJT1AsMcBEE3bY1efnDP1XK8vBLzoMKGS1RtABEBAAGJAjYE
|
||||||
|
GAEIACAWIQS46lzwkDjg93k1fIrxQl5mQvofvAUCWv18AQIbDAAKCRDxQl5mQvof
|
||||||
|
vOC1D/wO+tGKz/y5dc/ifJGTndxoHnU8tarboDll0kcdpTGU7It+ReNustqJZj5v
|
||||||
|
HK4V/ZXUw5+y6ZasNa/mFYY8oACOI40SlMdyt708XfPqYKXOpnM0oGRGfALi+oKg
|
||||||
|
iIzYtXsqYk5ZYSFWpgxajHef9HMmHNJ8riSVRugUPubPMKPR65DOXl+BdVIlQw7o
|
||||||
|
2g3s4Lii0IRKov3BvB51oJMhRK2Ne55VDBid32oIoqXLXS2E2gJQegioAiDUA5J4
|
||||||
|
1f96RCeYfxOgaPj/o4eiXK0H3owA3W78/tIjq5218PCIYFsOKPhrSqJ7ZF/5yGwW
|
||||||
|
ppVzsaz1sE9oULR0VOFUwjpYmyH32WwKkLF6mKumb8Q7Pd/FJq0I3/kxD/OrlNVZ
|
||||||
|
8UCX0CzxMyfEeSUfScunKLMfopEGxXTR4l8jew7CwxX08H0nkqyegDZSN8MjYxQL
|
||||||
|
V/zoL+aPjYh1WYf1L8wyBZjQbA6khHwYRZPaHrGfGaCGC8MHiSjPb/nt54+vZXtt
|
||||||
|
17LcX4VvHwWIBf88JpZO9eyTFPdYIZANSyo6ltbRoomuAywuA5IibCwh/BXi/aVa
|
||||||
|
Jro4UvbiwMqbVgSAt15VAwEK1Re/NNLBTcVVMHsWr5WNmo0s2C7+j+iIMPEOwhRs
|
||||||
|
ZFj74cztyOF/dGeCv9ycW29g+ejXaPpFOYQz0A9bBdkEdTGWhQ==
|
||||||
|
=D854
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
51
krebs/3modules/lass/pgp/icarus.pgp
Normal file
51
krebs/3modules/lass/pgp/icarus.pgp
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQINBFpqAGEBEADWiwVYVFXuK9kM7Y1XFL70jb2ZAZBRIpcZF81URMDFhm6ulvHq
|
||||||
|
fEhXTpiKKmfnv5Mz6r6wAWLJFKOKZuEvg8NwplRrlBHMkR3iEx4+7sP/dVey7U6f
|
||||||
|
+gI61ytFHTOKr52gstPVdXO3xhNmdrAI1hFuF2DxoXKloz8tPP92dZcCdm7+5C+2
|
||||||
|
KSYEBrIp/Zv1cjkbAFwek5y4ut65sBh/VM+RhSLbqwzyCxwfBE9QAJdIEiSmChql
|
||||||
|
Lcz6CToYrdXhOY0ykx+QhT092k/6Xh66JeZ63WVHGrF+SSabq5NNcbWi7EISioHd
|
||||||
|
N6JXZmbXMpS/BxgMe145e3mWnd3KOSeOxaiORqev8VOycjRQJfSm8Ky+GtWIyxp7
|
||||||
|
rwEHbY8vlG2X9RMW5UxVmSRPWLykZoX0Xvmnrpwcohb5WdkuCp9NjqF0gDswU8do
|
||||||
|
bCqASfeWBvJAQkoAlMLU7YH+ymmeQcSVdLy4Jpv1fk5FocQBihTBnC1+ztt7Rm8m
|
||||||
|
8VGEpH1h174/z4Xn+bCkRZqopl9GlvpilLT8m8N8jdL7QLZJlQwrHVtima8Rg3XZ
|
||||||
|
TriW1Ha/NxHZ8nN7pbisqXHCrJB0szzu++yVeQ7Ebr7HA0tIHqDhqVR0s6a1g5AX
|
||||||
|
JYI8vCErowhvPf+BVCUYfmh5dJAY6tt9zrvCneaZ7ogPzOH9kRnZXYi7ZQARAQAB
|
||||||
|
tBZpY2FydXMgPGxhc3NAaWNhcnVzLnI+iQJOBBMBCAA4FiEEbimq9dgDayT9DrQy
|
||||||
|
FSODpr2bDFMFAlpqAGECGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQFSOD
|
||||||
|
pr2bDFNVohAAiY6Pp4whrAIKwNkzqLkUl2SyQCVSGOce906jthKSixdfaUORZPdD
|
||||||
|
AnyYUmPyVpWxKYjZl7IfmDDo7D6m21tP8FxCRK8/oYAtz3uRK5b5sb0/5YR77O9+
|
||||||
|
s65sNhU8jiHetUEHQ0Z9UJKfm1DpanJ37uIhVcye8BC8OuSD0v0s+hZ+2ZaN1qdn
|
||||||
|
qqCkujAILxOWo1ZDqpXfHaV11AotzlgyYmxlXzClsLB0SGhU7HUZesKETn3JUmrV
|
||||||
|
88kkpug8gn9MpTSPDIWsTeNUWpNhqdDRA+2TUygtpQSKzJC8sdkFaWkMrH3cF6wA
|
||||||
|
BZ+4tS2mRMQWq9BNMK+xnkWPvYO9e6v4ddXtlcVgGTUhSo+opCXza3dcXE5Xbv8x
|
||||||
|
a1T5HJSV0HQPTrlAUoXZveu7ZgYVO5SOTCm1jBNKX8WCmvO6yJRalxo9N/d6gswq
|
||||||
|
tKAGm9tlXpTXnG6tvebmSxjzjVwjbQMDJGy4Cj4bw0GGCdapDFrPidUDY/INmU7D
|
||||||
|
TWtNsAJlJRuu7ddxIVTspZ7rmDBAOhYzXxGuU3ntZFTiFm9BpCmHYWpeQ5EKuxhJ
|
||||||
|
mgxzC9wKDoS8NRKwt5ak/mX0vpXkJjF2Lrza0wCAZ1ZYWFNaehEwhNT51s9kZIi3
|
||||||
|
w1v2z8xmu7VDq/n2sMRtMe7MVIOh1Nu7l/5Uqeb+EYnEc1NGZsFxcYK5Ag0EWmoA
|
||||||
|
YQEQALMaaF9HeDpeqDjDpxanjjIz4YXMZoMkXwrLS/Rn2mobG5lJzxU+1AkwXxTD
|
||||||
|
K45A0YHWsnAH1S8V9Gx+NlUMS/S/m9BruSXNohUKARIJLbltEM/EufOThjgfhW0Y
|
||||||
|
cLorZ1kOSZvORR9+Ctuq/RcvGFwyLB/4OpcGHUezTIcAkLUo0lKPS4HtT2ogSUIx
|
||||||
|
UstAMwEOSQIDR6sDDiS0BXNdlkKK6daLpH+snQMGP+ILAyRHGu1MlYkACDQZa5aP
|
||||||
|
9vpany7zC9Ls7vaewCevZCUJfs00VF72pdCRdBV8oPQqwPfhS+uSCV58WwWCqHTq
|
||||||
|
8PtxCVVzQdngOvScRvjrijtzlseyyTW3w9DPoDsQ16oM3y0kcnnv2hdfTVuv4+YK
|
||||||
|
9fVRIrWEAlU3cxud7iws9+vUO9GwyWy+epFLiCgNgJR/RVIIjcHUExn/XAcFStjw
|
||||||
|
QtW+3BxjYmdJpsh5wvmMJSMZDJFMEdKYPm4RI7ZfKVwl6yFeJt3hNkLxxF7k2fXB
|
||||||
|
84pIvl03hXA3tRQ5t46wS7L2EPlWT00+MCraczvbIS+SX1nCp4ZXLBs0YmicioBS
|
||||||
|
Os0zEtVs+80eWMf86MTT7YLwre4t+QRbM/RyIvJFTqBT3ad7/7ZMyEuVJBwDJlpx
|
||||||
|
LGwZGa6zwnbzcf8Us4kAIRzQoK8VOg/xC/ymJYCk3oJCKD9RABEBAAGJAjYEGAEI
|
||||||
|
ACAWIQRuKar12ANrJP0OtDIVI4OmvZsMUwUCWmoAYQIbDAAKCRAVI4OmvZsMU1vw
|
||||||
|
EACDJDmZR5BIPxwr9+1Z5ZgT7XcBUbu4F2w84J3xqCUYqcti6I4lSMtxfw94crMp
|
||||||
|
HoexOVOhvoTneIliv0a4ZSu84u4CGoFn4M7RA0Ka1SVvbuasXf57sVwRptXjr3LL
|
||||||
|
f/0olra5rkIyZbsvKm0g2N/bfmCfmtOClFDst2yK/FovW5PJBRx2mT38qBhHG8j2
|
||||||
|
P7zG0/vO846FxjAGvOMGlEVGmN+R9BeecomOKsKgvUbsycAwzZi/2vWAUGbJBYjx
|
||||||
|
Yd+K8wjPE8g5CumxaLSH/dlY/0BOZygjank+aHLrwMtNnplYVJmmqDhdbgwN6DDk
|
||||||
|
cCQNLQyk61IdhtZ7UzJyFTkXnXiirrO4WzL6GJjunNzvcTUAU5vNiG+2he1GdxZF
|
||||||
|
WiLRrcC+oIMWVST8fNRwJZU+Ibw/UIfEV/rHau0fJlxZatks7Qd8gjxSHIyElUVj
|
||||||
|
CYrizbFPZ85IhkCirX2tvhycK/nseAYjDuJkJIp3Io0sl3cQ9M8Kx790LUbYzNC4
|
||||||
|
bZn8vA1YwTr1ny3+vEhMhaaVSTeVrWYV8023kwzcLRWra7F1hJcc9+LNmqHvXR67
|
||||||
|
uBW2KPIrXKrjJmGkMVBSrf9PJu5jNfvCWOntck7C7xOWoUcgyt3uTpP7FkHVdolh
|
||||||
|
HFNPouS3w0HoB20zdCpmyFNs6Rjhey2r5JIttd6ATVRVYA==
|
||||||
|
=gJia
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
1
krebs/3modules/lass/ssh/blue.rsa
Normal file
1
krebs/3modules/lass/ssh/blue.rsa
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHYLHcHSumTUr0jTu1XmmwRMqjLHYvo4AYuEg1QdishDbwU5KCqarSf7sxLTjeBgOugHP/oJZclin+e9GTQ5hlBEtc26IVQqirNVD1BCZrt/y5ok0p8p+2Rhzh89kfRI6Etp+8cPbot4h3Vg6tY57icKn3visaMdH0cI2pAQbPWwSY+cmyXU5cfcFC8ahcZpEgth4ycC5yM/qdHxZek2wN+58ApgjEjuvTD6y4iXqdWmqHVoGaeNV7OFiiKVaYoJND1igHLNw2VEQR5aPsmc8gadBtGIQb43YqObNBDWwMjvozmQVFPycMmMTDwA1n+IWxvwz34KEzyw5jQShUTCRDji4vK58WfC16fPLbW+ohCe+9Yyg7TRdjDFA5jTA3rFM7tZS8EhpLgyHupNi1GbUVmeyhqTdWp+H66u5zTzC5Q/PYOk1M0D/X/C6dXyIcB4lLr9mDTGvS1aOZVZJuDF4pLyI2oZzaySALjcofCJyNpBBUtUXHsiT4VNuJExl4XEXjvQKnPKojEzpTsK1rm/ZSa3vBCv0gBbjQ8uU1q86ODIDy35q2GQvsLMkAbduBLeA9m1EdZXLYComSfVLalArw3Q+4vd/FHhoOicVkrwIzcPiYg9uQZm2NrjiBkYlWCdXTFc49ghIDrPXLnwwWqPuZcs430u6Somk8XzuRZBC7ZDdjbiS5D8vQkDThQrmmFPRs+bp1N9VkC+LaBtFnbFaYARF6i2yFUD9YNSEEu2r14u+KGlg5P7ndIkE+BhAOIp4XcHejVFWfvKvYpMRZ4LDVkPIJdmZ4gIIfGbdBNMv1zRsX6O0NOhiEP1pNYb+HdY5R2YYIvtxn1sC/TrjoN3ELAQA9YBszHEaYjvmqHh08/CWCEpgHIagCccYdSzbtM9GsoAcePL4E7kqSZxIfbNjrYQEBEQbu16pj7bMxVhH8QaouOdjiioqr2tBr5HwA05HP1poGProOzsmJxdph7pb4hJ1P+OEeuwTRIVLudYYl6iBajGW2IdsUo+xGANpuPBpQyB4RajJ4XcXP8K3xVY6x7DfH3DwKfCFAc6KzyADa2xw7/uwBRi2HOyKazkPe5ESYLWY29krqH2tO+IYkgm5tAEkf79j4R9aCeZe/HyjPDlSPZ2NwAZpWKJFkBTveiwoe2noZSAeVKrcblFN5ic0or+ci+CSbmctce8mbqB7QHEJJh5flLDzBMIuh4eroH/Dp5MBbDqxu/T8yCCRHFz70KXpaIFSGlSIebTRt1Om9+CWTgTp95cM0HrAhZDnN/W9FRdAFsA/IjEJ2Eh3tHpdvFZ3XgIq52MrHJdopQo7KUoOVhJiFCo5L0PcKNRVpMbcCKVk1i9k8jqyM9AVgwGrnijiaafUaFmBIlC/U2FZZ+KRtIyDcIRrnGGKE7DEyhBQ9YavxpOFDDSXuC5aPjMNcSGydGArtDd5+5Yp0YraY0oe6UTuzypsxdI8W6IbePryvEeOXG5b/6YayC2sq+7wRconaa9DU= lass@blue
|
|
@ -32,30 +32,6 @@ with import <stockholm/lib>;
|
||||||
ssh.privkey.path = <secrets/ssh.id_rsa>;
|
ssh.privkey.path = <secrets/ssh.id_rsa>;
|
||||||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q==";
|
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q==";
|
||||||
};
|
};
|
||||||
kaepsele = {
|
|
||||||
external = true;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.166.2";
|
|
||||||
ip6.addr = "42:b9d:6660:d07c:2bb7:4e91:1a01:2e7d";
|
|
||||||
aliases = [
|
|
||||||
"kaepsele.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEA4+kDaKhCBNlpHqRCA2R6c4UEFk0OaiPwHvjmBBjpihTJVyffIEYm
|
|
||||||
QFZ5ZNkaVumSOAgKk9ygppO9WsNasl1ag+IRWik9oupdzEkNjgvOMBVJGhcwGZGF
|
|
||||||
6UEY5sdA1n0qg74og5BGSiXUBiaahVM0rAfCNk8gV3qrot5kWJMQLb9BKabJ56eb
|
|
||||||
JrgWepxuVaw3BoEhz6uusuvw5i1IF382L8R11hlvyefifXONFOAUjCrCr0bCb4uK
|
|
||||||
ZZcRUU35pbHLDXXTOrOarOO1tuVGu85VXo3S1sLaaouHYjhTVT8bxqbwcNhxBXYf
|
|
||||||
ONLv0f7G5XwecgUNbE6ZTfjV5PQKaww3lwIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5Wr36T0MmB8pnSO5/pw9/Dfe5+IMgVHOhm6EUa55jj";
|
|
||||||
};
|
|
||||||
mu = {
|
mu = {
|
||||||
ci = true;
|
ci = true;
|
||||||
cores = 2;
|
cores = 2;
|
||||||
|
|
|
@ -141,25 +141,27 @@ rec {
|
||||||
'';
|
'';
|
||||||
});
|
});
|
||||||
|
|
||||||
wiki-todo-add = buildSimpleReaktorPlugin "wiki-todo-add" {
|
todo = name: {
|
||||||
pattern = "^wiki-todo: (?P<args>.*)$$";
|
add = buildSimpleReaktorPlugin "${name}-add" {
|
||||||
script = pkgs.writeDash "wiki-todo-add" ''
|
pattern = "^${name}-add: (?P<args>.*)$$";
|
||||||
echo "$*" >> wiki-todo
|
script = pkgs.writeDash "${name}-add" ''
|
||||||
echo "added todo. check on http://lassul.us/wiki-todo"
|
echo "$*" >> ${name}-todo
|
||||||
'';
|
echo "added ${name} todo"
|
||||||
};
|
'';
|
||||||
wiki-todo-done = buildSimpleReaktorPlugin "wiki-todo-done" {
|
};
|
||||||
pattern = "^wiki-done: (?P<args>.*)$$";
|
delete = buildSimpleReaktorPlugin "${name}-delete" {
|
||||||
script = pkgs.writeDash "wiki-todo-done" ''
|
pattern = "^${name}-delete: (?P<args>.*)$$";
|
||||||
${pkgs.gnugrep}/bin/grep -Fvxe "$*" wiki-todo > wiki-todo.tmp
|
script = pkgs.writeDash "${name}-delete" ''
|
||||||
${pkgs.coreutils}/bin/mv wiki-todo.tmp wiki-todo
|
${pkgs.gnugrep}/bin/grep -Fvxe "$*" ${name}-todo > ${name}-todo.tmp
|
||||||
echo "thank you for resolving todo: $*"
|
${pkgs.coreutils}/bin/mv ${name}-todo.tmp ${name}-todo
|
||||||
'';
|
echo "removed ${name} todo: $*"
|
||||||
};
|
'';
|
||||||
wiki-todo-show = buildSimpleReaktorPlugin "wiki-todo" {
|
};
|
||||||
pattern = "^wiki-show$";
|
show = buildSimpleReaktorPlugin "${name}-show" {
|
||||||
script = pkgs.writeDash "wiki-show" ''
|
pattern = "^${name}-show$";
|
||||||
${pkgs.coreutils}/bin/cat wiki-todo
|
script = pkgs.writeDash "${name}-show" ''
|
||||||
'';
|
${pkgs.coreutils}/bin/cat ${name}-todo
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,7 +7,7 @@ python2Packages.buildPythonApplication rec {
|
||||||
patches = [];
|
patches = [];
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "krebscode";
|
owner = "krebs";
|
||||||
repo = "buildbot-classic";
|
repo = "buildbot-classic";
|
||||||
rev = version;
|
rev = version;
|
||||||
sha256 = "0g686n6m0cjfyympl0ksansllx503gby3hx9gmc8hiyx6x5fkjha";
|
sha256 = "0g686n6m0cjfyympl0ksansllx503gby3hx9gmc8hiyx6x5fkjha";
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
{ stdenv, writeScriptBin, lib, fetchurl, git, cacert
|
{ stdenv, writeScriptBin, lib, fetchurl, git, cacert
|
||||||
, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd
|
, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd
|
||||||
, flock
|
|
||||||
, withMysql ? false
|
, withMysql ? false
|
||||||
, withPgsql ? false
|
, withPgsql ? false
|
||||||
, withSqlite ? false, sqlite
|
, withSqlite ? false, sqlite
|
||||||
|
@ -106,7 +105,7 @@ in stdenv.mkDerivation rec {
|
||||||
postInstall = ''
|
postInstall = ''
|
||||||
sed -i \
|
sed -i \
|
||||||
-e '2iexport PATH=${ctlpath}:$PATH' \
|
-e '2iexport PATH=${ctlpath}:$PATH' \
|
||||||
-e 's,\(^ *FLOCK=\).*,\1${flock}/bin/flock,' \
|
-e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \
|
||||||
-e 's,\(^ *JOT=\).*,\1,' \
|
-e 's,\(^ *JOT=\).*,\1,' \
|
||||||
-e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \
|
-e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \
|
||||||
$out/sbin/ejabberdctl
|
$out/sbin/ejabberdctl
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
{ fetchgit, ... }:
|
|
||||||
|
|
||||||
fetchgit {
|
|
||||||
url = https://cgit.krebsco.de/kops;
|
|
||||||
rev = "refs/tags/v1.1.0";
|
|
||||||
sha256 = "0k3zhv2830z4bljcdvf6ciwjihk2zzcn9y23p49c6sba5hbsd6jb";
|
|
||||||
}
|
|
7
krebs/5pkgs/simple/krops.nix
Normal file
7
krebs/5pkgs/simple/krops.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{ fetchgit, ... }:
|
||||||
|
|
||||||
|
fetchgit {
|
||||||
|
url = https://cgit.krebsco.de/krops;
|
||||||
|
rev = "refs/tags/v1.0.0";
|
||||||
|
sha256 = "0ahp3fxb3l1vcjylxw0cd0f4hfp98bxskkf3z9d37hl3m7v4pcb4";
|
||||||
|
}
|
|
@ -1,7 +1,7 @@
|
||||||
{ fetchgit, ... }:
|
{ fetchgit, ... }:
|
||||||
|
|
||||||
fetchgit {
|
fetchgit {
|
||||||
url = https://github.com/krebscode/painload;
|
url = https://github.com/krebs/painload;
|
||||||
rev = "c113487f73713a03b1a139b22bb34b86234d0495";
|
rev = "c113487f73713a03b1a139b22bb34b86234d0495";
|
||||||
sha256 = "1irxklnmvm8wsa70ypjahkr8rfqq7357vcy8r0x1sfncs1hy6gr6";
|
sha256 = "1irxklnmvm8wsa70ypjahkr8rfqq7357vcy8r0x1sfncs1hy6gr6";
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,7 +10,7 @@ with python3Packages; buildPythonPackage rec {
|
||||||
pkgs.git
|
pkgs.git
|
||||||
];
|
];
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "krebscode";
|
owner = "krebs";
|
||||||
repo = "repo-sync";
|
repo = "repo-sync";
|
||||||
rev = version;
|
rev = version;
|
||||||
sha256 = "1qjf1jmxf7xzwskybdys4vqncnwj9f3xwk1gv354zrla68s533cw";
|
sha256 = "1qjf1jmxf7xzwskybdys4vqncnwj9f3xwk1gv354zrla68s533cw";
|
||||||
|
|
|
@ -6,7 +6,7 @@ stdenv.mkDerivation rec {
|
||||||
|
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = https://raw.githubusercontent.com/krebscode/painload/master/retiolum/scripts/tinc_setup/new_install.sh;
|
url = https://raw.githubusercontent.com/krebs/painload/master/retiolum/scripts/tinc_setup/new_install.sh;
|
||||||
sha256 = "03kmil8q2xm3rdm2jxyah7vww84pw6w01d0c3siid9zpn2j7la9s";
|
sha256 = "03kmil8q2xm3rdm2jxyah7vww84pw6w01d0c3siid9zpn2j7la9s";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
|
||||||
|
|
||||||
meta = {
|
meta = {
|
||||||
description = "Retiolum boostrap scripts";
|
description = "Retiolum boostrap scripts";
|
||||||
url = https://github.com/krebscode/painload;
|
url = https://github.com/krebs/painload;
|
||||||
license = licenses.wtfpl;
|
license = licenses.wtfpl;
|
||||||
platforms = platforms.unix;
|
platforms = platforms.unix;
|
||||||
maintainers = with maintainers; [ makefu ];
|
maintainers = with maintainers; [ makefu ];
|
||||||
|
|
7
krebs/5pkgs/simple/thesauron/default.nix
Normal file
7
krebs/5pkgs/simple/thesauron/default.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{ fetchgit, callPackage }: let
|
||||||
|
src = fetchgit {
|
||||||
|
url = "https://github.com/krebs/thesauron";
|
||||||
|
rev = "8ac22588cf2c20465e3c9348e7ce04885599c2a5";
|
||||||
|
"sha256"= "1ivkjl235dnm5aaqqvarnxkz7zh0gvah22b0fqwlsflrcd5wmgva";
|
||||||
|
};
|
||||||
|
in callPackage src {}
|
|
@ -1,19 +1,18 @@
|
||||||
{ name }: rec {
|
{ name }: rec {
|
||||||
|
|
||||||
kops = (import <nixpkgs> {}).fetchgit {
|
krops = builtins.fetchGit {
|
||||||
url = https://cgit.krebsco.de/kops/;
|
url = https://cgit.krebsco.de/krops/;
|
||||||
rev = "e89cf20d4310070a877c2e24a287659546b561c9";
|
rev = "4e466eaf05861b47365c5ef46a31a188b70f3615";
|
||||||
sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
lib = import "${kops}/lib";
|
lib = import "${krops}/lib";
|
||||||
|
|
||||||
# TODO document why pkgs should be used like this
|
# TODO document why pkgs should be used like this
|
||||||
pkgs = import "${kops}/pkgs" {};
|
pkgs = import "${krops}/pkgs" {};
|
||||||
|
|
||||||
krebs-source = {
|
krebs-source = {
|
||||||
nixpkgs.git = {
|
nixpkgs.git = {
|
||||||
ref = "b50443b5c4ac0f382c49352a892b9d5d970eb4e7";
|
ref = "7295e175bf6c6e8aa54f1b4d99256ee95d13d385";
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
url = https://github.com/NixOS/nixpkgs;
|
||||||
};
|
};
|
||||||
stockholm.file = toString ../.;
|
stockholm.file = toString ../.;
|
||||||
|
@ -38,7 +37,7 @@
|
||||||
secrets =
|
secrets =
|
||||||
if test
|
if test
|
||||||
then {
|
then {
|
||||||
file = toString <stockholm/krebs/6tests/data/secrets>;
|
file = toString <stockholm/krebs/0tests/data/secrets>;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
pass = {
|
pass = {
|
||||||
|
@ -51,14 +50,14 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
|
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
|
||||||
deploy = pkgs.kops.writeDeploy "${name}-deploy" {
|
deploy = pkgs.krops.writeDeploy "${name}-deploy" {
|
||||||
source = source { test = false; };
|
source = source { test = false; };
|
||||||
target = "root@${name}/var/src";
|
target = "root@${name}/var/src";
|
||||||
};
|
};
|
||||||
|
|
||||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test)
|
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test)
|
||||||
test = pkgs.kops.writeTest "${name}-test" {
|
test = pkgs.krops.writeTest "${name}-test" {
|
||||||
source = source { test = true; };
|
source = source { test = true; };
|
||||||
target = "${lib.getEnv "HOME"}/tmp/${name}-kops-test-src";
|
target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src";
|
||||||
};
|
};
|
||||||
}
|
}
|
|
@ -14,7 +14,7 @@ in
|
||||||
{
|
{
|
||||||
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
|
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
|
||||||
secrets = getAttr builder {
|
secrets = getAttr builder {
|
||||||
buildbot.file = toString <stockholm/krebs/6tests/data/secrets>;
|
buildbot.file = toString <stockholm/krebs/0tests/data/secrets>;
|
||||||
krebs.pass = {
|
krebs.pass = {
|
||||||
dir = "${getEnv "HOME"}/brain";
|
dir = "${getEnv "HOME"}/brain";
|
||||||
name = "krebs-secrets/${name}";
|
name = "krebs-secrets/${name}";
|
||||||
|
@ -22,7 +22,7 @@ in
|
||||||
};
|
};
|
||||||
stockholm.file = toString <stockholm>;
|
stockholm.file = toString <stockholm>;
|
||||||
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
|
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
|
||||||
nixpkgs = (import ./kops.nix { name = ""; }).krebs-source.nixpkgs;
|
nixpkgs = (import ./krops.nix { name = ""; }).krebs-source.nixpkgs;
|
||||||
}
|
}
|
||||||
override
|
override
|
||||||
]
|
]
|
||||||
|
|
49
lass/1systems/blue/config.nix
Normal file
49
lass/1systems/blue/config.nix
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
<stockholm/lass>
|
||||||
|
<stockholm/lass/2configs>
|
||||||
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
|
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||||
|
|
||||||
|
<stockholm/lass/2configs/blue.nix>
|
||||||
|
];
|
||||||
|
|
||||||
|
krebs.build.host = config.krebs.hosts.blue;
|
||||||
|
|
||||||
|
environment.shellAliases = {
|
||||||
|
deploy = pkgs.writeDash "deploy" ''
|
||||||
|
set -eu
|
||||||
|
export SYSTEM="$1"
|
||||||
|
$(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.nameservers = [ "1.1.1.1" ];
|
||||||
|
|
||||||
|
lass.restic = genAttrs [
|
||||||
|
"daedalus"
|
||||||
|
"icarus"
|
||||||
|
"littleT"
|
||||||
|
"prism"
|
||||||
|
"shodan"
|
||||||
|
"skynet"
|
||||||
|
] (dest: {
|
||||||
|
dirs = [
|
||||||
|
"/home/"
|
||||||
|
"/var/lib"
|
||||||
|
];
|
||||||
|
passwordFile = (toString <secrets>) + "/restic/${dest}";
|
||||||
|
repo = "sftp:backup@${dest}.r:/backups/blue";
|
||||||
|
extraArguments = [
|
||||||
|
"sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
|
||||||
|
];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "00:05";
|
||||||
|
RandomizedDelaySec = "5h";
|
||||||
|
};
|
||||||
|
});
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
|
||||||
|
}
|
8
lass/1systems/blue/physical.nix
Normal file
8
lass/1systems/blue/physical.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
];
|
||||||
|
boot.isContainer = true;
|
||||||
|
networking.useDHCP = false;
|
||||||
|
environment.variables.NIX_REMOTE = "daemon";
|
||||||
|
}
|
4
lass/1systems/blue/source.nix
Normal file
4
lass/1systems/blue/source.nix
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
import <stockholm/lass/source.nix> {
|
||||||
|
name = "blue";
|
||||||
|
secure = true;
|
||||||
|
}
|
|
@ -3,8 +3,6 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/lass>
|
<stockholm/lass>
|
||||||
<stockholm/lass/2configs/hw/x220.nix>
|
|
||||||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
|
||||||
|
|
||||||
<stockholm/lass/2configs/mouse.nix>
|
<stockholm/lass/2configs/mouse.nix>
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
|
@ -16,20 +14,8 @@
|
||||||
<stockholm/lass/2configs/games.nix>
|
<stockholm/lass/2configs/games.nix>
|
||||||
<stockholm/lass/2configs/bitcoin.nix>
|
<stockholm/lass/2configs/bitcoin.nix>
|
||||||
<stockholm/lass/2configs/AP.nix>
|
<stockholm/lass/2configs/AP.nix>
|
||||||
|
<stockholm/lass/2configs/blue-host.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.cabal;
|
krebs.build.host = config.krebs.hosts.cabal;
|
||||||
|
|
||||||
#fileSystems = {
|
|
||||||
# "/bku" = {
|
|
||||||
# device = "/dev/mapper/pool-bku";
|
|
||||||
# fsType = "btrfs";
|
|
||||||
# options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
|
||||||
# };
|
|
||||||
#};
|
|
||||||
|
|
||||||
#services.udev.extraRules = ''
|
|
||||||
# SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
|
|
||||||
# SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
|
|
||||||
#'';
|
|
||||||
}
|
}
|
||||||
|
|
12
lass/1systems/cabal/physical.nix
Normal file
12
lass/1systems/cabal/physical.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
<stockholm/lass/2configs/hw/x220.nix>
|
||||||
|
<stockholm/lass/2configs/boot/stock-x220.nix>
|
||||||
|
];
|
||||||
|
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0"
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0"
|
||||||
|
'';
|
||||||
|
}
|
|
@ -4,8 +4,6 @@ with import <stockholm/lib>;
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/lass>
|
<stockholm/lass>
|
||||||
<stockholm/lass/2configs/hw/x220.nix>
|
|
||||||
<stockholm/lass/2configs/boot/coreboot.nix>
|
|
||||||
|
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
<stockholm/lass/2configs/games.nix>
|
<stockholm/lass/2configs/games.nix>
|
||||||
|
@ -94,17 +92,4 @@ with import <stockholm/lib>;
|
||||||
'';
|
'';
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.daedalus;
|
krebs.build.host = config.krebs.hosts.daedalus;
|
||||||
|
|
||||||
fileSystems = {
|
|
||||||
"/bku" = {
|
|
||||||
device = "/dev/mapper/pool-bku";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
|
|
||||||
'';
|
|
||||||
}
|
}
|
||||||
|
|
20
lass/1systems/daedalus/physical.nix
Normal file
20
lass/1systems/daedalus/physical.nix
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
<stockholm/lass/2configs/hw/x220.nix>
|
||||||
|
<stockholm/lass/2configs/boot/coreboot.nix>
|
||||||
|
];
|
||||||
|
|
||||||
|
fileSystems = {
|
||||||
|
"/bku" = {
|
||||||
|
device = "/dev/mapper/pool-bku";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
|
||||||
|
'';
|
||||||
|
}
|
|
@ -4,41 +4,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/lass>
|
<stockholm/lass>
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
|
||||||
<stockholm/lass/2configs/git.nix>
|
<stockholm/lass/2configs/git.nix>
|
||||||
{
|
|
||||||
boot.loader.grub = {
|
|
||||||
device = "/dev/vda";
|
|
||||||
splashImage = null;
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [
|
|
||||||
"ata_piix"
|
|
||||||
"ehci_pci"
|
|
||||||
"uhci_hcd"
|
|
||||||
"virtio_pci"
|
|
||||||
"virtio_blk"
|
|
||||||
];
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/mapper/pool-nix";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/srv/http" = {
|
|
||||||
device = "/dev/pool/srv_http";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" = {
|
|
||||||
device = "/dev/vda1";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/bku" = {
|
|
||||||
device = "/dev/pool/bku";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
networking.dhcpcd.allowInterfaces = [
|
networking.dhcpcd.allowInterfaces = [
|
||||||
"enp*"
|
"enp*"
|
||||||
|
|
39
lass/1systems/dishfire/physical.nix
Normal file
39
lass/1systems/dishfire/physical.nix
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader.grub = {
|
||||||
|
device = "/dev/vda";
|
||||||
|
splashImage = null;
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [
|
||||||
|
"ata_piix"
|
||||||
|
"ehci_pci"
|
||||||
|
"uhci_hcd"
|
||||||
|
"virtio_pci"
|
||||||
|
"virtio_blk"
|
||||||
|
];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/mapper/pool-nix";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/srv/http" = {
|
||||||
|
device = "/dev/pool/srv_http";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/vda1";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
fileSystems."/bku" = {
|
||||||
|
device = "/dev/pool/bku";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
}
|
|
@ -12,48 +12,12 @@ with import <stockholm/lib>;
|
||||||
<stockholm/lass/2configs/otp-ssh.nix>
|
<stockholm/lass/2configs/otp-ssh.nix>
|
||||||
# TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined
|
# TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined
|
||||||
#<stockholm/lass/2configs/git.nix>
|
#<stockholm/lass/2configs/git.nix>
|
||||||
<stockholm/lass/2configs/dcso-vpn.nix>
|
#<stockholm/lass/2configs/dcso-vpn.nix>
|
||||||
<stockholm/lass/2configs/virtualbox.nix>
|
<stockholm/lass/2configs/virtualbox.nix>
|
||||||
<stockholm/lass/2configs/dcso-dev.nix>
|
<stockholm/lass/2configs/dcso-dev.nix>
|
||||||
<stockholm/lass/2configs/steam.nix>
|
<stockholm/lass/2configs/steam.nix>
|
||||||
<stockholm/lass/2configs/rtl-sdr.nix>
|
<stockholm/lass/2configs/rtl-sdr.nix>
|
||||||
<stockholm/lass/2configs/backup.nix>
|
<stockholm/lass/2configs/backup.nix>
|
||||||
{ # automatic hardware detection
|
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/pool/root";
|
|
||||||
fsType = "btrfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" = {
|
|
||||||
device = "/dev/disk/by-uuid/1F60-17C6";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/home" = {
|
|
||||||
device = "/dev/pool/home";
|
|
||||||
fsType = "btrfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/tmp" = {
|
|
||||||
device = "tmpfs";
|
|
||||||
fsType = "tmpfs";
|
|
||||||
options = ["nosuid" "nodev" "noatime"];
|
|
||||||
};
|
|
||||||
|
|
||||||
nix.maxJobs = lib.mkDefault 8;
|
|
||||||
}
|
|
||||||
{ # crypto stuff
|
|
||||||
boot.initrd.luks = {
|
|
||||||
cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
|
||||||
devices = [{
|
|
||||||
name = "luksroot";
|
|
||||||
device = "/dev/nvme0n1p3";
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
services.xserver.dpi = 200;
|
services.xserver.dpi = 200;
|
||||||
fonts.fontconfig.dpi = 200;
|
fonts.fontconfig.dpi = 200;
|
||||||
|
@ -99,13 +63,6 @@ with import <stockholm/lib>;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
|
|
||||||
networking.wireless.enable = true;
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
ag
|
ag
|
||||||
vim
|
vim
|
||||||
|
@ -124,17 +81,6 @@ with import <stockholm/lib>;
|
||||||
|
|
||||||
services.tlp.enable = true;
|
services.tlp.enable = true;
|
||||||
|
|
||||||
services.xserver.videoDrivers = [ "nvidia" ];
|
|
||||||
services.xserver.xrandrHeads = [
|
|
||||||
{ output = "DP-2"; primary = true; }
|
|
||||||
{ output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; }
|
|
||||||
{ output = "DP-0"; }
|
|
||||||
];
|
|
||||||
|
|
||||||
services.xserver.displayManager.sessionCommands = ''
|
|
||||||
${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
|
|
||||||
'';
|
|
||||||
|
|
||||||
networking.hostName = lib.mkForce "BLN02NB0162";
|
networking.hostName = lib.mkForce "BLN02NB0162";
|
||||||
|
|
||||||
security.pki.certificateFiles = [
|
security.pki.certificateFiles = [
|
||||||
|
|
64
lass/1systems/helios/physical.nix
Normal file
64
lass/1systems/helios/physical.nix
Normal file
|
@ -0,0 +1,64 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
{ # automatic hardware detection
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/pool/root";
|
||||||
|
fsType = "btrfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/1F60-17C6";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/home" = {
|
||||||
|
device = "/dev/pool/home";
|
||||||
|
fsType = "btrfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/tmp" = {
|
||||||
|
device = "tmpfs";
|
||||||
|
fsType = "tmpfs";
|
||||||
|
options = ["nosuid" "nodev" "noatime"];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{ # crypto stuff
|
||||||
|
boot.initrd.luks = {
|
||||||
|
cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||||
|
devices = [{
|
||||||
|
name = "luksroot";
|
||||||
|
device = "/dev/nvme0n1p3";
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
networking.wireless.enable = true;
|
||||||
|
hardware.enableRedistributableFirmware = true;
|
||||||
|
|
||||||
|
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0"
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0"
|
||||||
|
'';
|
||||||
|
|
||||||
|
services.xserver.videoDrivers = [ "nvidia" ];
|
||||||
|
services.xserver.xrandrHeads = [
|
||||||
|
{ output = "DP-2"; primary = true; }
|
||||||
|
{ output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; }
|
||||||
|
{ output = "DP-0"; }
|
||||||
|
];
|
||||||
|
|
||||||
|
services.xserver.displayManager.sessionCommands = ''
|
||||||
|
${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
|
||||||
|
'';
|
||||||
|
}
|
|
@ -3,8 +3,6 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/lass>
|
<stockholm/lass>
|
||||||
<stockholm/lass/2configs/hw/x220.nix>
|
|
||||||
<stockholm/lass/2configs/boot/coreboot.nix>
|
|
||||||
|
|
||||||
<stockholm/lass/2configs/mouse.nix>
|
<stockholm/lass/2configs/mouse.nix>
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
|
@ -17,20 +15,18 @@
|
||||||
<stockholm/lass/2configs/games.nix>
|
<stockholm/lass/2configs/games.nix>
|
||||||
<stockholm/lass/2configs/bitcoin.nix>
|
<stockholm/lass/2configs/bitcoin.nix>
|
||||||
<stockholm/lass/2configs/backup.nix>
|
<stockholm/lass/2configs/backup.nix>
|
||||||
|
<stockholm/lass/2configs/wine.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.icarus;
|
krebs.build.host = config.krebs.hosts.icarus;
|
||||||
|
|
||||||
fileSystems = {
|
environment.systemPackages = with pkgs; [
|
||||||
"/bku" = {
|
macchanger
|
||||||
device = "/dev/mapper/pool-bku";
|
dpass
|
||||||
fsType = "btrfs";
|
];
|
||||||
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
services.redshift = {
|
||||||
};
|
enable = true;
|
||||||
|
provider = "geoclue2";
|
||||||
};
|
};
|
||||||
|
programs.adb.enable = true;
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
|
|
||||||
'';
|
|
||||||
}
|
}
|
||||||
|
|
20
lass/1systems/icarus/physical.nix
Normal file
20
lass/1systems/icarus/physical.nix
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
<stockholm/lass/2configs/hw/x220.nix>
|
||||||
|
<stockholm/lass/2configs/boot/coreboot.nix>
|
||||||
|
];
|
||||||
|
|
||||||
|
fileSystems = {
|
||||||
|
"/bku" = {
|
||||||
|
device = "/dev/mapper/pool-bku";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
|
||||||
|
'';
|
||||||
|
}
|
|
@ -4,8 +4,6 @@ with import <stockholm/lib>;
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/lass>
|
<stockholm/lass>
|
||||||
<stockholm/lass/2configs/hw/x220.nix>
|
|
||||||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
|
||||||
|
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
<stockholm/lass/2configs/backup.nix>
|
<stockholm/lass/2configs/backup.nix>
|
||||||
|
@ -68,17 +66,4 @@ with import <stockholm/lib>;
|
||||||
'';
|
'';
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.littleT;
|
krebs.build.host = config.krebs.hosts.littleT;
|
||||||
|
|
||||||
#fileSystems = {
|
|
||||||
# "/bku" = {
|
|
||||||
# device = "/dev/mapper/pool-bku";
|
|
||||||
# fsType = "btrfs";
|
|
||||||
# options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
|
||||||
# };
|
|
||||||
#};
|
|
||||||
|
|
||||||
#services.udev.extraRules = ''
|
|
||||||
# SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
|
|
||||||
# SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
|
|
||||||
#'';
|
|
||||||
}
|
}
|
||||||
|
|
7
lass/1systems/littleT/physical.nix
Normal file
7
lass/1systems/littleT/physical.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
<stockholm/lass/2configs/hw/x220.nix>
|
||||||
|
<stockholm/lass/2configs/boot/stock-x220.nix>
|
||||||
|
];
|
||||||
|
}
|
|
@ -4,8 +4,6 @@ with import <stockholm/lib>;
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/lass>
|
<stockholm/lass>
|
||||||
<stockholm/lass/2configs/hw/x220.nix>
|
|
||||||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
|
||||||
|
|
||||||
<stockholm/lass/2configs/mouse.nix>
|
<stockholm/lass/2configs/mouse.nix>
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
|
@ -35,9 +33,11 @@ with import <stockholm/lib>;
|
||||||
<stockholm/lass/2configs/rtl-sdr.nix>
|
<stockholm/lass/2configs/rtl-sdr.nix>
|
||||||
<stockholm/lass/2configs/backup.nix>
|
<stockholm/lass/2configs/backup.nix>
|
||||||
{
|
{
|
||||||
#risk of rain port
|
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
#risk of rain
|
||||||
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
|
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
|
||||||
|
#chromecast
|
||||||
|
{ predicate = "-p udp -m multiport --sports 32768:61000 -m multiport --dports 32768:61000"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
@ -86,43 +86,6 @@ with import <stockholm/lib>;
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.mors;
|
krebs.build.host = config.krebs.hosts.mors;
|
||||||
|
|
||||||
fileSystems = {
|
|
||||||
"/bku" = {
|
|
||||||
device = "/dev/mapper/pool-bku";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
|
||||||
};
|
|
||||||
"/home/virtual" = {
|
|
||||||
device = "/dev/mapper/pool-virtual";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0"
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0"
|
|
||||||
'';
|
|
||||||
|
|
||||||
#TODO activationScripts seem broken, fix them!
|
|
||||||
#activationScripts
|
|
||||||
#split up and move into base
|
|
||||||
system.activationScripts.powertopTunables = ''
|
|
||||||
#Runtime PMs
|
|
||||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
|
|
||||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control'
|
|
||||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control'
|
|
||||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control'
|
|
||||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control'
|
|
||||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control'
|
|
||||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control'
|
|
||||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control'
|
|
||||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control'
|
|
||||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control'
|
|
||||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control'
|
|
||||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control'
|
|
||||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
|
|
||||||
'';
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
acronym
|
acronym
|
||||||
brain
|
brain
|
||||||
|
@ -177,14 +140,6 @@ with import <stockholm/lib>;
|
||||||
OnCalendar = "00:37";
|
OnCalendar = "00:37";
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.shellAliases = {
|
|
||||||
deploy = pkgs.writeDash "deploy" ''
|
|
||||||
set -eu
|
|
||||||
export SYSTEM="$1"
|
|
||||||
$(nix-build $HOME/stockholm/lass/kops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
nix.package = pkgs.nixUnstable;
|
nix.package = pkgs.nixUnstable;
|
||||||
programs.adb.enable = true;
|
programs.adb.enable = true;
|
||||||
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
|
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
|
||||||
|
@ -223,4 +178,5 @@ with import <stockholm/lib>;
|
||||||
RandomizedDelaySec = "5h";
|
RandomizedDelaySec = "5h";
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
virtualisation.libvirtd.enable = true;
|
||||||
}
|
}
|
||||||
|
|
44
lass/1systems/mors/physical.nix
Normal file
44
lass/1systems/mors/physical.nix
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
<stockholm/lass/2configs/hw/x220.nix>
|
||||||
|
<stockholm/lass/2configs/boot/stock-x220.nix>
|
||||||
|
];
|
||||||
|
|
||||||
|
fileSystems = {
|
||||||
|
"/bku" = {
|
||||||
|
device = "/dev/mapper/pool-bku";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||||
|
};
|
||||||
|
"/home/virtual" = {
|
||||||
|
device = "/dev/mapper/pool-virtual";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:72:f4:88", NAME="wl0"
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:c4:7a:f1", NAME="et0"
|
||||||
|
'';
|
||||||
|
|
||||||
|
#TODO activationScripts seem broken, fix them!
|
||||||
|
#activationScripts
|
||||||
|
#split up and move into base
|
||||||
|
system.activationScripts.powertopTunables = ''
|
||||||
|
#Runtime PMs
|
||||||
|
echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
|
||||||
|
echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control'
|
||||||
|
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control'
|
||||||
|
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control'
|
||||||
|
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control'
|
||||||
|
echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control'
|
||||||
|
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control'
|
||||||
|
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control'
|
||||||
|
echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control'
|
||||||
|
echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control'
|
||||||
|
echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control'
|
||||||
|
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control'
|
||||||
|
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
|
||||||
|
'';
|
||||||
|
}
|
|
@ -1,90 +1,9 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
|
|
||||||
let
|
{
|
||||||
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
|
||||||
|
|
||||||
in {
|
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/lass>
|
<stockholm/lass>
|
||||||
{
|
|
||||||
networking.interfaces.et0.ipv4.addresses = [
|
|
||||||
{
|
|
||||||
address = ip;
|
|
||||||
prefixLength = 27;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
address = "46.4.114.243";
|
|
||||||
prefixLength = 27;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
networking.defaultGateway = "46.4.114.225";
|
|
||||||
networking.nameservers = [
|
|
||||||
"8.8.8.8"
|
|
||||||
];
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
{
|
|
||||||
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
|
|
||||||
|
|
||||||
boot.loader.grub = {
|
|
||||||
devices = [
|
|
||||||
"/dev/sda"
|
|
||||||
"/dev/sdb"
|
|
||||||
];
|
|
||||||
splashImage = null;
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [
|
|
||||||
"ata_piix"
|
|
||||||
"vmw_pvscsi"
|
|
||||||
"ahci" "sd_mod"
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/pool/nix_root";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/tmp" = {
|
|
||||||
device = "tmpfs";
|
|
||||||
fsType = "tmpfs";
|
|
||||||
options = ["nosuid" "nodev" "noatime"];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/var/download" = {
|
|
||||||
device = "/dev/pool/download";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/srv/http" = {
|
|
||||||
device = "/dev/pool/http";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/home" = {
|
|
||||||
device = "/dev/pool/home";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/bku" = {
|
|
||||||
device = "/dev/pool/bku";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [
|
|
||||||
{ label = "swap1"; }
|
|
||||||
{ label = "swap2"; }
|
|
||||||
];
|
|
||||||
|
|
||||||
sound.enable = false;
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
}
|
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
<stockholm/lass/2configs/libvirt.nix>
|
<stockholm/lass/2configs/libvirt.nix>
|
||||||
{
|
{
|
||||||
|
@ -212,7 +131,6 @@ in {
|
||||||
}
|
}
|
||||||
<stockholm/lass/2configs/exim-smarthost.nix>
|
<stockholm/lass/2configs/exim-smarthost.nix>
|
||||||
<stockholm/lass/2configs/ts3.nix>
|
<stockholm/lass/2configs/ts3.nix>
|
||||||
<stockholm/lass/2configs/IM.nix>
|
|
||||||
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
||||||
<stockholm/lass/2configs/radio.nix>
|
<stockholm/lass/2configs/radio.nix>
|
||||||
<stockholm/lass/2configs/repo-sync.nix>
|
<stockholm/lass/2configs/repo-sync.nix>
|
||||||
|
@ -257,7 +175,6 @@ in {
|
||||||
alias /var/realwallpaper/realwallpaper.png;
|
alias /var/realwallpaper/realwallpaper.png;
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
<stockholm/krebs/2configs/reaktor-krebs.nix>
|
|
||||||
<stockholm/lass/2configs/dcso-dev.nix>
|
<stockholm/lass/2configs/dcso-dev.nix>
|
||||||
{
|
{
|
||||||
users.users.jeschli = {
|
users.users.jeschli = {
|
||||||
|
@ -324,7 +241,7 @@ in {
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts."rote-allez-fraktion.de" = {
|
services.nginx.virtualHosts."rote-allez-fraktion.de" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
addSSL = true;
|
forceSSL = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_set_header Host rote-allez-fraktion.de;
|
proxy_set_header Host rote-allez-fraktion.de;
|
||||||
|
@ -358,6 +275,72 @@ in {
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
users.users.download.openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
lass.nichtparasoup.enable = true;
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts."lol.lassul.us" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_pass http://localhost:5001;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{ #weechat port forwarding to blue
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport 9998"; target = "ACCEPT";}
|
||||||
|
];
|
||||||
|
krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||||
|
{ v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.prism.nets.internet.ip4.addr} -p tcp --dport 9998"; target = "DNAT --to-destination ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}:9999"; }
|
||||||
|
];
|
||||||
|
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||||
|
{ v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "ACCEPT"; }
|
||||||
|
{ v6 = false; precedence = 1000; predicate = "-s ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
||||||
|
{ v6 = false; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "MASQUERADE"; }
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p udp --dport 51820"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||||
|
{ v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||||
|
{ v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
|
||||||
|
{ v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
||||||
|
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
|
||||||
|
];
|
||||||
|
networking.wireguard.interfaces.wg0 = {
|
||||||
|
ips = [ "10.244.1.1/24" ];
|
||||||
|
listenPort = 51820;
|
||||||
|
privateKeyFile = (toString <secrets>) + "/wireguard.key";
|
||||||
|
allowedIPsAsRoutes = true;
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
# lass-android
|
||||||
|
allowedIPs = [ "10.244.1.2/32" ];
|
||||||
|
publicKey = "63+ns9AGv6e6a8WgxiZNFEt1xQT0YKFlEHzRaYJWtmk=";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
|
||||||
|
];
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.prism;
|
krebs.build.host = config.krebs.hosts.prism;
|
||||||
|
|
85
lass/1systems/prism/physical.nix
Normal file
85
lass/1systems/prism/physical.nix
Normal file
|
@ -0,0 +1,85 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
{
|
||||||
|
networking.interfaces.et0.ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = config.krebs.build.host.nets.internet.ip4.addr;
|
||||||
|
prefixLength = 27;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
address = "46.4.114.243";
|
||||||
|
prefixLength = 27;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
networking.defaultGateway = "46.4.114.225";
|
||||||
|
networking.nameservers = [
|
||||||
|
"8.8.8.8"
|
||||||
|
];
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
{
|
||||||
|
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
|
||||||
|
|
||||||
|
boot.loader.grub = {
|
||||||
|
devices = [
|
||||||
|
"/dev/sda"
|
||||||
|
"/dev/sdb"
|
||||||
|
];
|
||||||
|
splashImage = null;
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [
|
||||||
|
"ata_piix"
|
||||||
|
"vmw_pvscsi"
|
||||||
|
"ahci" "sd_mod"
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/pool/nix_root";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/tmp" = {
|
||||||
|
device = "tmpfs";
|
||||||
|
fsType = "tmpfs";
|
||||||
|
options = ["nosuid" "nodev" "noatime"];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/download" = {
|
||||||
|
device = "/dev/pool/download";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/srv/http" = {
|
||||||
|
device = "/dev/pool/http";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/home" = {
|
||||||
|
device = "/dev/pool/home";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/bku" = {
|
||||||
|
device = "/dev/pool/bku";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [
|
||||||
|
{ label = "swap1"; }
|
||||||
|
{ label = "swap2"; }
|
||||||
|
];
|
||||||
|
|
||||||
|
sound.enable = false;
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
}
|
|
@ -20,11 +20,8 @@ in
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.red;
|
krebs.build.host = config.krebs.hosts.red;
|
||||||
boot.isContainer = true;
|
|
||||||
networking.useDHCP = false;
|
|
||||||
|
|
||||||
services.nginx.enable = true;
|
services.nginx.enable = true;
|
||||||
environment.variables.NIX_REMOTE = "daemon";
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
pkgs.mk_sql_pair
|
pkgs.mk_sql_pair
|
||||||
];
|
];
|
||||||
|
|
8
lass/1systems/red/physical.nix
Normal file
8
lass/1systems/red/physical.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
];
|
||||||
|
boot.isContainer = true;
|
||||||
|
networking.useDHCP = false;
|
||||||
|
environment.variables.NIX_REMOTE = "daemon";
|
||||||
|
}
|
|
@ -4,8 +4,6 @@ with import <stockholm/lib>;
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/lass>
|
<stockholm/lass>
|
||||||
#TODO reinstall with correct layout and use lass/hw/x220
|
|
||||||
<stockholm/krebs/2configs/hw/x220.nix>
|
|
||||||
|
|
||||||
<stockholm/lass/2configs/mouse.nix>
|
<stockholm/lass/2configs/mouse.nix>
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
|
@ -22,46 +20,6 @@ with import <stockholm/lib>;
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.shodan;
|
krebs.build.host = config.krebs.hosts.shodan;
|
||||||
|
|
||||||
boot = {
|
|
||||||
loader.grub.enable = true;
|
|
||||||
loader.grub.version = 2;
|
|
||||||
loader.grub.device = "/dev/sda";
|
|
||||||
|
|
||||||
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
|
|
||||||
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
|
||||||
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
|
||||||
#kernelModules = [ "kvm-intel" "msr" ];
|
|
||||||
};
|
|
||||||
fileSystems = {
|
|
||||||
"/" = {
|
|
||||||
device = "/dev/pool/nix";
|
|
||||||
fsType = "btrfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
"/boot" = {
|
|
||||||
device = "/dev/sda1";
|
|
||||||
};
|
|
||||||
"/home" = {
|
|
||||||
device = "/dev/mapper/pool-home";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
|
||||||
};
|
|
||||||
"/tmp" = {
|
|
||||||
device = "tmpfs";
|
|
||||||
fsType = "tmpfs";
|
|
||||||
options = ["nosuid" "nodev" "noatime"];
|
|
||||||
};
|
|
||||||
"/bku" = {
|
|
||||||
device = "/dev/pool/bku";
|
|
||||||
fsType = "btrfs";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
|
|
||||||
'';
|
|
||||||
|
|
||||||
services.logind.extraConfig = ''
|
services.logind.extraConfig = ''
|
||||||
HandleLidSwitch=ignore
|
HandleLidSwitch=ignore
|
||||||
'';
|
'';
|
||||||
|
|
47
lass/1systems/shodan/physical.nix
Normal file
47
lass/1systems/shodan/physical.nix
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
{
|
||||||
|
#TODO reinstall with correct layout and use lass/hw/x220
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
<stockholm/krebs/2configs/hw/x220.nix>
|
||||||
|
];
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
loader.grub.enable = true;
|
||||||
|
loader.grub.version = 2;
|
||||||
|
loader.grub.device = "/dev/sda";
|
||||||
|
|
||||||
|
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
|
||||||
|
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||||
|
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||||
|
#kernelModules = [ "kvm-intel" "msr" ];
|
||||||
|
};
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/pool/nix";
|
||||||
|
fsType = "btrfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
"/boot" = {
|
||||||
|
device = "/dev/sda1";
|
||||||
|
};
|
||||||
|
"/home" = {
|
||||||
|
device = "/dev/mapper/pool-home";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||||
|
};
|
||||||
|
"/tmp" = {
|
||||||
|
device = "tmpfs";
|
||||||
|
fsType = "tmpfs";
|
||||||
|
options = ["nosuid" "nodev" "noatime"];
|
||||||
|
};
|
||||||
|
"/bku" = {
|
||||||
|
device = "/dev/pool/bku";
|
||||||
|
fsType = "btrfs";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
|
||||||
|
'';
|
||||||
|
}
|
|
@ -3,8 +3,6 @@ with import <stockholm/lib>;
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/lass>
|
<stockholm/lass>
|
||||||
<stockholm/lass/2configs/hw/x220.nix>
|
|
||||||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
|
||||||
|
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
#<stockholm/lass/2configs/exim-retiolum.nix>
|
#<stockholm/lass/2configs/exim-retiolum.nix>
|
||||||
|
@ -46,17 +44,4 @@ with import <stockholm/lib>;
|
||||||
services.logind.extraConfig = ''
|
services.logind.extraConfig = ''
|
||||||
HandleLidSwitch=ignore
|
HandleLidSwitch=ignore
|
||||||
'';
|
'';
|
||||||
|
|
||||||
#fileSystems = {
|
|
||||||
# "/bku" = {
|
|
||||||
# device = "/dev/mapper/pool-bku";
|
|
||||||
# fsType = "btrfs";
|
|
||||||
# options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
|
||||||
# };
|
|
||||||
#};
|
|
||||||
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0"
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0"
|
|
||||||
'';
|
|
||||||
}
|
}
|
||||||
|
|
12
lass/1systems/skynet/physical.nix
Normal file
12
lass/1systems/skynet/physical.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
<stockholm/lass/2configs/hw/x220.nix>
|
||||||
|
<stockholm/lass/2configs/boot/stock-x220.nix>
|
||||||
|
];
|
||||||
|
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0"
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0"
|
||||||
|
'';
|
||||||
|
}
|
|
@ -41,60 +41,5 @@ with import <stockholm/lib>;
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.uriel;
|
krebs.build.host = config.krebs.hosts.uriel;
|
||||||
|
|
||||||
hardware.enableAllFirmware = true;
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
boot = {
|
|
||||||
#kernelParams = [
|
|
||||||
# "acpi.brightness_switch_enabled=0"
|
|
||||||
#];
|
|
||||||
#loader.grub.enable = true;
|
|
||||||
#loader.grub.version = 2;
|
|
||||||
#loader.grub.device = "/dev/sda";
|
|
||||||
|
|
||||||
loader.systemd-boot.enable = true;
|
|
||||||
loader.timeout = 5;
|
|
||||||
|
|
||||||
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
|
|
||||||
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
|
||||||
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
|
||||||
#kernelModules = [ "kvm-intel" "msr" ];
|
|
||||||
kernelModules = [ "msr" ];
|
|
||||||
};
|
|
||||||
fileSystems = {
|
|
||||||
"/" = {
|
|
||||||
device = "/dev/pool/root";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
"/bku" = {
|
|
||||||
device = "/dev/pool/bku";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
"/boot" = {
|
|
||||||
device = "/dev/sda1";
|
|
||||||
};
|
|
||||||
"/tmp" = {
|
|
||||||
device = "tmpfs";
|
|
||||||
fsType = "tmpfs";
|
|
||||||
options = ["nosuid" "nodev" "noatime"];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
|
|
||||||
'';
|
|
||||||
|
|
||||||
services.xserver.synaptics = {
|
|
||||||
enable = true;
|
|
||||||
twoFingerScroll = true;
|
|
||||||
accelFactor = "0.035";
|
|
||||||
additionalOptions = ''
|
|
||||||
Option "FingerHigh" "60"
|
|
||||||
Option "FingerLow" "60"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
59
lass/1systems/uriel/physical.nix
Normal file
59
lass/1systems/uriel/physical.nix
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
hardware.enableAllFirmware = true;
|
||||||
|
boot = {
|
||||||
|
#kernelParams = [
|
||||||
|
# "acpi.brightness_switch_enabled=0"
|
||||||
|
#];
|
||||||
|
#loader.grub.enable = true;
|
||||||
|
#loader.grub.version = 2;
|
||||||
|
#loader.grub.device = "/dev/sda";
|
||||||
|
|
||||||
|
loader.systemd-boot.enable = true;
|
||||||
|
loader.timeout = 5;
|
||||||
|
|
||||||
|
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
|
||||||
|
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
||||||
|
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
||||||
|
#kernelModules = [ "kvm-intel" "msr" ];
|
||||||
|
kernelModules = [ "msr" ];
|
||||||
|
};
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/pool/root";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
"/bku" = {
|
||||||
|
device = "/dev/pool/bku";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
"/boot" = {
|
||||||
|
device = "/dev/sda1";
|
||||||
|
};
|
||||||
|
"/tmp" = {
|
||||||
|
device = "tmpfs";
|
||||||
|
fsType = "tmpfs";
|
||||||
|
options = ["nosuid" "nodev" "noatime"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
|
||||||
|
'';
|
||||||
|
|
||||||
|
services.xserver.synaptics = {
|
||||||
|
enable = true;
|
||||||
|
twoFingerScroll = true;
|
||||||
|
accelFactor = "0.035";
|
||||||
|
additionalOptions = ''
|
||||||
|
Option "FingerHigh" "60"
|
||||||
|
Option "FingerLow" "60"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
|
@ -3,8 +3,6 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/lass>
|
<stockholm/lass>
|
||||||
<stockholm/lass/2configs/hw/gpd-pocket.nix>
|
|
||||||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
|
||||||
|
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||||
|
@ -15,26 +13,4 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.xerxes;
|
krebs.build.host = config.krebs.hosts.xerxes;
|
||||||
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0"
|
|
||||||
'';
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437";
|
|
||||||
fsType = "btrfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" = {
|
|
||||||
device = "/dev/disk/by-uuid/16C8-D053";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/home" = {
|
|
||||||
device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358";
|
|
||||||
fsType = "btrfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ];
|
|
||||||
networking.wireless.enable = true;
|
|
||||||
}
|
}
|
||||||
|
|
29
lass/1systems/xerxes/physical.nix
Normal file
29
lass/1systems/xerxes/physical.nix
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
<stockholm/lass/2configs/hw/gpd-pocket.nix>
|
||||||
|
<stockholm/lass/2configs/boot/stock-x220.nix>
|
||||||
|
];
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0"
|
||||||
|
'';
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437";
|
||||||
|
fsType = "btrfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/16C8-D053";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/home" = {
|
||||||
|
device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358";
|
||||||
|
fsType = "btrfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ];
|
||||||
|
|
||||||
|
networking.wireless.enable = true;
|
||||||
|
}
|
|
@ -6,7 +6,7 @@ in {
|
||||||
boot.extraModulePackages = [
|
boot.extraModulePackages = [
|
||||||
pkgs.linuxPackages.rtl8814au
|
pkgs.linuxPackages.rtl8814au
|
||||||
];
|
];
|
||||||
networking.networkmanager.unmanaged = [ wifi ];
|
networking.networkmanager.unmanaged = [ wifi "et0" ];
|
||||||
|
|
||||||
systemd.services.hostapd = {
|
systemd.services.hostapd = {
|
||||||
description = "hostapd wireless AP";
|
description = "hostapd wireless AP";
|
||||||
|
@ -38,12 +38,17 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.interfaces.${wifi}.ipv4.addresses = [
|
networking.bridges.br0.interfaces = [
|
||||||
|
wifi
|
||||||
|
"et0"
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.interfaces.br0.ipv4.addresses = [
|
||||||
{ address = "10.99.0.1"; prefixLength = 24; }
|
{ address = "10.99.0.1"; prefixLength = 24; }
|
||||||
];
|
];
|
||||||
services.dhcpd4 = {
|
services.dhcpd4 = {
|
||||||
enable = true;
|
enable = true;
|
||||||
interfaces = [ wifi ];
|
interfaces = [ "br0" ];
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
option subnet-mask 255.255.255.0;
|
option subnet-mask 255.255.255.0;
|
||||||
option routers 10.99.0.1;
|
option routers 10.99.0.1;
|
||||||
|
@ -56,11 +61,12 @@ in {
|
||||||
|
|
||||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||||
krebs.iptables.tables.filter.FORWARD.rules = [
|
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||||
{ v6 = false; predicate = "-d 10.99.0.0/24 -o ${wifi} -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "-d 10.99.0.0/24 -o br0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
|
||||||
{ v6 = false; predicate = "-s 10.99.0.0/24 -i ${wifi}"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "-s 10.99.0.0/24 -i br0"; target = "ACCEPT"; }
|
||||||
{ v6 = false; predicate = "-i ${wifi} -o ${wifi}"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "-i br0 -o br0"; target = "ACCEPT"; }
|
||||||
{ v6 = false; predicate = "-o ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
{ v6 = false; predicate = "-i br0 -o br0"; target = "ACCEPT"; }
|
||||||
{ v6 = false; predicate = "-i ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
{ v6 = false; predicate = "-o br0"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
||||||
|
{ v6 = false; predicate = "-i br0"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
||||||
];
|
];
|
||||||
krebs.iptables.tables.nat.PREROUTING.rules = [
|
krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||||
{ v6 = false; predicate = "-s 10.99.0.0/24"; target = "ACCEPT"; precedence = 1000; }
|
{ v6 = false; predicate = "-s 10.99.0.0/24"; target = "ACCEPT"; precedence = 1000; }
|
||||||
|
|
|
@ -1,73 +0,0 @@
|
||||||
with (import <stockholm/lib>);
|
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
tmux = pkgs.writeDash "tmux" ''
|
|
||||||
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
|
|
||||||
set-option -g prefix `
|
|
||||||
unbind-key C-b
|
|
||||||
bind ` send-prefix
|
|
||||||
|
|
||||||
set-option -g status off
|
|
||||||
set-option -g default-terminal screen-256color
|
|
||||||
|
|
||||||
#use session instead of windows
|
|
||||||
bind-key c new-session
|
|
||||||
bind-key p switch-client -p
|
|
||||||
bind-key n switch-client -n
|
|
||||||
bind-key C-s switch-client -l
|
|
||||||
''} "$@"
|
|
||||||
'';
|
|
||||||
in {
|
|
||||||
|
|
||||||
services.bitlbee = {
|
|
||||||
enable = true;
|
|
||||||
portNumber = 6666;
|
|
||||||
plugins = [
|
|
||||||
pkgs.bitlbee-facebook
|
|
||||||
pkgs.bitlbee-steam
|
|
||||||
pkgs.bitlbee-discord
|
|
||||||
];
|
|
||||||
libpurple_plugins = [ pkgs.telegram-purple ];
|
|
||||||
};
|
|
||||||
|
|
||||||
users.extraUsers.chat = {
|
|
||||||
home = "/home/chat";
|
|
||||||
uid = genid "chat";
|
|
||||||
useDefaultShell = true;
|
|
||||||
createHome = true;
|
|
||||||
openssh.authorizedKeys.keys = with config.krebs.users; [
|
|
||||||
lass.pubkey
|
|
||||||
lass-shodan.pubkey
|
|
||||||
lass-icarus.pubkey
|
|
||||||
lass-android.pubkey
|
|
||||||
lass-helios.pubkey
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
# mosh
|
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
|
||||||
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
|
|
||||||
{ predicate = "-p tcp --dport 9999"; target = "ACCEPT";}
|
|
||||||
];
|
|
||||||
|
|
||||||
systemd.services.chat = {
|
|
||||||
description = "chat environment setup";
|
|
||||||
after = [ "network.target" ];
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
|
|
||||||
restartIfChanged = false;
|
|
||||||
|
|
||||||
path = [
|
|
||||||
pkgs.rxvt_unicode.terminfo
|
|
||||||
];
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
User = "chat";
|
|
||||||
RemainAfterExit = true;
|
|
||||||
Type = "oneshot";
|
|
||||||
ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
|
|
||||||
ExecStop = "${tmux} kill-session -t IM";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -15,6 +15,7 @@ with import <stockholm/lib>;
|
||||||
openssh.authorizedKeys.keys = with config.krebs.hosts; [
|
openssh.authorizedKeys.keys = with config.krebs.hosts; [
|
||||||
mors.ssh.pubkey
|
mors.ssh.pubkey
|
||||||
prism.ssh.pubkey
|
prism.ssh.pubkey
|
||||||
|
blue.ssh.pubkey
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -68,12 +68,15 @@ in {
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
acpi
|
acpi
|
||||||
|
ag
|
||||||
bank
|
bank
|
||||||
|
cabal2nix
|
||||||
dic
|
dic
|
||||||
dmenu
|
dmenu
|
||||||
gi
|
gi
|
||||||
git-preview
|
|
||||||
gitAndTools.qgit
|
gitAndTools.qgit
|
||||||
|
git-preview
|
||||||
|
gnome3.dconf
|
||||||
lm_sensors
|
lm_sensors
|
||||||
mpv-poll
|
mpv-poll
|
||||||
much
|
much
|
||||||
|
@ -86,19 +89,18 @@ in {
|
||||||
rxvt_unicode_with-plugins
|
rxvt_unicode_with-plugins
|
||||||
slock
|
slock
|
||||||
sxiv
|
sxiv
|
||||||
timewarrior
|
|
||||||
taskwarrior
|
taskwarrior
|
||||||
termite
|
termite
|
||||||
|
thesauron
|
||||||
|
timewarrior
|
||||||
xclip
|
xclip
|
||||||
|
xephyrify
|
||||||
xorg.xbacklight
|
xorg.xbacklight
|
||||||
xorg.xhost
|
xorg.xhost
|
||||||
xsel
|
xsel
|
||||||
youtube-tools
|
youtube-tools
|
||||||
yt-next
|
yt-next
|
||||||
zathura
|
zathura
|
||||||
|
|
||||||
cabal2nix
|
|
||||||
xephyrify
|
|
||||||
];
|
];
|
||||||
|
|
||||||
fonts.fonts = with pkgs; [
|
fonts.fonts = with pkgs; [
|
||||||
|
|
15
lass/2configs/bitlbee.nix
Normal file
15
lass/2configs/bitlbee.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
with (import <stockholm/lib>);
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.bitlbee = {
|
||||||
|
enable = true;
|
||||||
|
portNumber = 6666;
|
||||||
|
plugins = [
|
||||||
|
pkgs.bitlbee-facebook
|
||||||
|
pkgs.bitlbee-steam
|
||||||
|
pkgs.bitlbee-discord
|
||||||
|
];
|
||||||
|
libpurple_plugins = [ pkgs.telegram-purple ];
|
||||||
|
};
|
||||||
|
}
|
22
lass/2configs/blue-host.nix
Normal file
22
lass/2configs/blue-host.nix
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
<stockholm/lass/2configs/container-networking.nix>
|
||||||
|
];
|
||||||
|
containers.blue = {
|
||||||
|
config = { ... }: {
|
||||||
|
environment.systemPackages = [ pkgs.git ];
|
||||||
|
services.openssh.enable = true;
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
|
config.krebs.users.lass.pubkey
|
||||||
|
];
|
||||||
|
};
|
||||||
|
autoStart = true;
|
||||||
|
enableTun = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "10.233.2.9";
|
||||||
|
localAddress = "10.233.2.10";
|
||||||
|
};
|
||||||
|
}
|
60
lass/2configs/blue.nix
Normal file
60
lass/2configs/blue.nix
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
with (import <stockholm/lib>);
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
./bitlbee.nix
|
||||||
|
./mail.nix
|
||||||
|
./pass.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
ag
|
||||||
|
nmap
|
||||||
|
];
|
||||||
|
|
||||||
|
services.tor.enable = true;
|
||||||
|
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
|
||||||
|
{ predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";}
|
||||||
|
];
|
||||||
|
|
||||||
|
systemd.services.chat = let
|
||||||
|
tmux = pkgs.writeDash "tmux" ''
|
||||||
|
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
|
||||||
|
set-option -g prefix `
|
||||||
|
unbind-key C-b
|
||||||
|
bind ` send-prefix
|
||||||
|
|
||||||
|
set-option -g status off
|
||||||
|
set-option -g default-terminal screen-256color
|
||||||
|
|
||||||
|
#use session instead of windows
|
||||||
|
bind-key c new-session
|
||||||
|
bind-key p switch-client -p
|
||||||
|
bind-key n switch-client -n
|
||||||
|
bind-key C-s switch-client -l
|
||||||
|
''} "$@"
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
description = "chat environment setup";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
restartIfChanged = false;
|
||||||
|
|
||||||
|
path = [
|
||||||
|
pkgs.rxvt_unicode.terminfo
|
||||||
|
];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
User = "lass";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
Type = "oneshot";
|
||||||
|
ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
|
||||||
|
ExecStop = "${tmux} kill-session -t IM";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,12 +1,6 @@
|
||||||
{ ... }:
|
{ lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
#krebs.iptables.tables.filter.INPUT.rules = [
|
|
||||||
# { v6 = false; predicate = "-i ve-+ -p udp -m udp --dport 53"; target = "ACCEPT"; }
|
|
||||||
# { v6 = false; predicate = "-i ve-+ -p tcp -m tcp --dport 53"; target = "ACCEPT"; }
|
|
||||||
# { v6 = false; predicate = "-i ve-+ -p udp -m udp --dport 67"; target = "ACCEPT"; }
|
|
||||||
# { v6 = false; predicate = "-i ve-+ -p tcp -m tcp --dport 67"; target = "ACCEPT"; }
|
|
||||||
#];
|
|
||||||
krebs.iptables.tables.filter.FORWARD.rules = [
|
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||||
{ v6 = false; predicate = "-d 10.233.2.0/24 -o ve-+ -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "-d 10.233.2.0/24 -o ve-+ -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
|
||||||
{ v6 = false; predicate = "-s 10.233.2.0/24 -i ve-+"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "-s 10.233.2.0/24 -i ve-+"; target = "ACCEPT"; }
|
||||||
|
@ -14,9 +8,9 @@
|
||||||
{ v6 = false; predicate = "-o ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
{ v6 = false; predicate = "-o ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
||||||
{ v6 = false; predicate = "-i ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
{ v6 = false; predicate = "-i ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
||||||
];
|
];
|
||||||
#krebs.iptables.tables.filter.OUTPUT.rules = [
|
krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||||
# { v6 = false; predicate = "-o ve-+ -p udp -m udp --dport 68"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "-s 10.233.2.0/24"; target = "ACCEPT"; precedence = 1000; }
|
||||||
#];
|
];
|
||||||
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
||||||
{ v6 = false; predicate = "-s 10.233.2.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
|
{ v6 = false; predicate = "-s 10.233.2.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
|
||||||
{ v6 = false; predicate = "-s 10.233.2.0/24 -d 255.255.255.255"; target = "RETURN"; }
|
{ v6 = false; predicate = "-s 10.233.2.0/24 -d 255.255.255.255"; target = "RETURN"; }
|
||||||
|
@ -24,4 +18,5 @@
|
||||||
{ v6 = false; predicate = "-s 10.233.2.0/24 ! -d 10.233.2.0/24 -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
|
{ v6 = false; predicate = "-s 10.233.2.0/24 ! -d 10.233.2.0/24 -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
|
||||||
{ v6 = false; predicate = "-s 10.233.2.0/24 ! -d 10.233.2.0/24 -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
|
{ v6 = false; predicate = "-s 10.233.2.0/24 ! -d 10.233.2.0/24 -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
|
||||||
];
|
];
|
||||||
|
boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault 1;
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,10 +19,10 @@ with import <stockholm/lib>;
|
||||||
users.extraUsers = {
|
users.extraUsers = {
|
||||||
root = {
|
root = {
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
config.krebs.users.lass.pubkey
|
config.krebs.users.lass-mors.pubkey
|
||||||
|
config.krebs.users.lass-blue.pubkey
|
||||||
config.krebs.users.lass-shodan.pubkey
|
config.krebs.users.lass-shodan.pubkey
|
||||||
config.krebs.users.lass-icarus.pubkey
|
config.krebs.users.lass-icarus.pubkey
|
||||||
config.krebs.users.lass-xerxes.pubkey
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
mainUser = {
|
mainUser = {
|
||||||
|
@ -38,7 +38,8 @@ with import <stockholm/lib>;
|
||||||
"wheel"
|
"wheel"
|
||||||
];
|
];
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
config.krebs.users.lass.pubkey
|
config.krebs.users.lass-mors.pubkey
|
||||||
|
config.krebs.users.lass-blue.pubkey
|
||||||
config.krebs.users.lass-shodan.pubkey
|
config.krebs.users.lass-shodan.pubkey
|
||||||
config.krebs.users.lass-icarus.pubkey
|
config.krebs.users.lass-icarus.pubkey
|
||||||
];
|
];
|
||||||
|
|
|
@ -14,7 +14,7 @@ with import <stockholm/lib>;
|
||||||
];
|
];
|
||||||
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
|
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
|
||||||
config.krebs.hosts.mors
|
config.krebs.hosts.mors
|
||||||
config.krebs.hosts.uriel
|
config.krebs.hosts.blue
|
||||||
];
|
];
|
||||||
internet-aliases = with config.krebs.users; [
|
internet-aliases = with config.krebs.users; [
|
||||||
{ from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822
|
{ from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822
|
||||||
|
@ -80,6 +80,9 @@ with import <stockholm/lib>;
|
||||||
{ from = "hetzner@lassul.us"; to = lass.mail; }
|
{ from = "hetzner@lassul.us"; to = lass.mail; }
|
||||||
{ from = "allygator@lassul.us"; to = lass.mail; }
|
{ from = "allygator@lassul.us"; to = lass.mail; }
|
||||||
{ from = "immoscout@lassul.us"; to = lass.mail; }
|
{ from = "immoscout@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "elitedangerous@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "boardgamegeek@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "qwertee@lassul.us"; to = lass.mail; }
|
||||||
];
|
];
|
||||||
system-aliases = [
|
system-aliases = [
|
||||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||||
|
|
|
@ -80,6 +80,7 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
hardware.opengl.driSupport32Bit = true;
|
||||||
hardware.pulseaudio.support32Bit = true;
|
hardware.pulseaudio.support32Bit = true;
|
||||||
|
|
||||||
security.sudo.extraConfig = ''
|
security.sudo.extraConfig = ''
|
||||||
|
|
|
@ -54,20 +54,20 @@ let
|
||||||
cgit.section = "art";
|
cgit.section = "art";
|
||||||
};
|
};
|
||||||
nix-user-chroot = {
|
nix-user-chroot = {
|
||||||
cgit.desc = "Fork of nix-user-chroot my lethalman";
|
cgit.desc = "Fork of nix-user-chroot by lethalman";
|
||||||
cgit.section = "software";
|
cgit.section = "software";
|
||||||
};
|
};
|
||||||
nixos-aws = {
|
|
||||||
collaborators = [ {
|
|
||||||
name = "fabio";
|
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada";
|
|
||||||
} ];
|
|
||||||
};
|
|
||||||
krops = {
|
krops = {
|
||||||
cgit.desc = "krebs deployment";
|
cgit.desc = "krebs deployment";
|
||||||
cgit.section = "software";
|
cgit.section = "software";
|
||||||
};
|
};
|
||||||
} // mapAttrs make-public-repo-silent {
|
} // mapAttrs make-public-repo-silent {
|
||||||
|
nixos-aws = {
|
||||||
|
collaborators = [ {
|
||||||
|
name = "fabio";
|
||||||
|
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada";
|
||||||
|
} ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
restricted-repos = mapAttrs make-restricted-repo (
|
restricted-repos = mapAttrs make-restricted-repo (
|
||||||
|
@ -121,7 +121,7 @@ let
|
||||||
with git // config.krebs.users;
|
with git // config.krebs.users;
|
||||||
repo:
|
repo:
|
||||||
singleton {
|
singleton {
|
||||||
user = [ lass lass-shodan ];
|
user = [ lass-mors lass-shodan lass-icarus lass-blue ];
|
||||||
repo = [ repo ];
|
repo = [ repo ];
|
||||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||||
} ++
|
} ++
|
||||||
|
|
|
@ -20,6 +20,9 @@
|
||||||
krebs.iptables.tables.filter.OUTPUT.rules = [
|
krebs.iptables.tables.filter.OUTPUT.rules = [
|
||||||
{ v6 = false; predicate = "-o virbr0 -p udp -m udp --dport 68"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "-o virbr0 -p udp -m udp --dport 68"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
|
krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||||
|
{ v6 = false; predicate = "-s 192.168.122.0/24"; target = "ACCEPT"; precedence = 1000; }
|
||||||
|
];
|
||||||
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
||||||
{ v6 = false; predicate = "-s 192.168.122.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
|
{ v6 = false; predicate = "-s 192.168.122.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
|
||||||
{ v6 = false; predicate = "-s 192.168.122.0/24 -d 255.255.255.255"; target = "RETURN"; }
|
{ v6 = false; predicate = "-s 192.168.122.0/24 -d 255.255.255.255"; target = "RETURN"; }
|
||||||
|
|
|
@ -159,7 +159,6 @@
|
||||||
"email_configs" = [
|
"email_configs" = [
|
||||||
{
|
{
|
||||||
"to" = "devnull@example.com";
|
"to" = "devnull@example.com";
|
||||||
"send_resolved" = true;
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
"webhook_configs" = [
|
"webhook_configs" = [
|
||||||
|
|
|
@ -126,8 +126,8 @@ in {
|
||||||
(sync-remote "xintmap" "https://github.com/4z3/xintmap")
|
(sync-remote "xintmap" "https://github.com/4z3/xintmap")
|
||||||
(sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper")
|
(sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper")
|
||||||
(sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog")
|
(sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog")
|
||||||
(sync-remote "painload" "https://github.com/krebscode/painload")
|
(sync-remote "painload" "https://github.com/krebs/painload")
|
||||||
(sync-remote "Reaktor" "https://github.com/krebscode/Reaktor")
|
(sync-remote "Reaktor" "https://github.com/krebs/Reaktor")
|
||||||
(sync-remote "nixos-wiki" "https://github.com/Mic92/nixos-wiki.wiki.git")
|
(sync-remote "nixos-wiki" "https://github.com/Mic92/nixos-wiki.wiki.git")
|
||||||
(sync-retiolum "go")
|
(sync-retiolum "go")
|
||||||
(sync-retiolum "much")
|
(sync-retiolum "much")
|
||||||
|
|
|
@ -10,8 +10,6 @@
|
||||||
# source: https://nixos.org/wiki/Talk:Steam
|
# source: https://nixos.org/wiki/Talk:Steam
|
||||||
#
|
#
|
||||||
##TODO: make steam module
|
##TODO: make steam module
|
||||||
hardware.opengl.driSupport32Bit = true;
|
|
||||||
|
|
||||||
nixpkgs.config.steam.java = true;
|
nixpkgs.config.steam.java = true;
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
steam
|
steam
|
||||||
|
|
|
@ -27,10 +27,8 @@ in {
|
||||||
./sqlBackup.nix
|
./sqlBackup.nix
|
||||||
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
|
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
|
||||||
(servePage [
|
(servePage [
|
||||||
"habsys.de"
|
"freemonkey.art"
|
||||||
"habsys.eu"
|
"www.freemonkey.art"
|
||||||
"www.habsys.de"
|
|
||||||
"www.habsys.eu"
|
|
||||||
])
|
])
|
||||||
(serveOwncloud [ "o.ubikmedia.de" ])
|
(serveOwncloud [ "o.ubikmedia.de" ])
|
||||||
(serveWordpress [
|
(serveWordpress [
|
||||||
|
@ -120,6 +118,7 @@ in {
|
||||||
{ from = "jms@ubikmedia.eu"; to = "jms"; }
|
{ from = "jms@ubikmedia.eu"; to = "jms"; }
|
||||||
{ from = "ms@ubikmedia.eu"; to = "ms"; }
|
{ from = "ms@ubikmedia.eu"; to = "ms"; }
|
||||||
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
|
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
|
||||||
|
{ from = "akayguen@freemonkey.art"; to ="akayguen"; }
|
||||||
|
|
||||||
{ from = "testuser@lassul.us"; to = "testuser"; }
|
{ from = "testuser@lassul.us"; to = "testuser"; }
|
||||||
{ from = "testuser@ubikmedia.eu"; to = "testuser"; }
|
{ from = "testuser@ubikmedia.eu"; to = "testuser"; }
|
||||||
|
@ -177,5 +176,12 @@ in {
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.users.akayguen = {
|
||||||
|
uid = genid_signed "akayguen";
|
||||||
|
home = "/home/akayguen";
|
||||||
|
useDefaultShell = true;
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -16,11 +16,7 @@ rec {
|
||||||
in {
|
in {
|
||||||
services.nginx.virtualHosts.${domain} = {
|
services.nginx.virtualHosts.${domain} = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
onlySSL = true;
|
addSSL = true;
|
||||||
extraConfig = ''
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
'';
|
|
||||||
serverAliases = domains;
|
serverAliases = domains;
|
||||||
locations."/".extraConfig = ''
|
locations."/".extraConfig = ''
|
||||||
root /srv/http/${domain};
|
root /srv/http/${domain};
|
||||||
|
@ -87,12 +83,9 @@ rec {
|
||||||
in {
|
in {
|
||||||
services.nginx.virtualHosts."${domain}" = {
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
onlySSL = true;
|
addSSL = true;
|
||||||
serverAliases = domains;
|
serverAliases = domains;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
|
|
||||||
# Add headers to serve security related headers
|
# Add headers to serve security related headers
|
||||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||||
add_header X-Content-Type-Options nosniff;
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
@ -201,12 +194,9 @@ rec {
|
||||||
in {
|
in {
|
||||||
services.nginx.virtualHosts."${domain}" = {
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
onlySSL = true;
|
addSSL = true;
|
||||||
serverAliases = domains;
|
serverAliases = domains;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
|
|
||||||
root /srv/http/${domain}/;
|
root /srv/http/${domain}/;
|
||||||
index index.php;
|
index index.php;
|
||||||
access_log /tmp/nginx_acc.log;
|
access_log /tmp/nginx_acc.log;
|
||||||
|
|
|
@ -7,6 +7,7 @@ _:
|
||||||
./hosts.nix
|
./hosts.nix
|
||||||
./mysql-backup.nix
|
./mysql-backup.nix
|
||||||
./news.nix
|
./news.nix
|
||||||
|
./nichtparasoup.nix
|
||||||
./pyload.nix
|
./pyload.nix
|
||||||
./restic.nix
|
./restic.nix
|
||||||
./screenlock.nix
|
./screenlock.nix
|
||||||
|
|
48
lass/3modules/nichtparasoup.nix
Normal file
48
lass/3modules/nichtparasoup.nix
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
|
||||||
|
{
|
||||||
|
options.lass.nichtparasoup = {
|
||||||
|
enable = mkEnableOption "nichtparasoup funny image page";
|
||||||
|
config = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = ''
|
||||||
|
[General]
|
||||||
|
Port: 5001
|
||||||
|
IP: 0.0.0.0
|
||||||
|
Useragent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25
|
||||||
|
|
||||||
|
[Cache]
|
||||||
|
Images_min_limit: 15
|
||||||
|
|
||||||
|
[Logging]
|
||||||
|
;; possible destinations: file syslog
|
||||||
|
Destination: syslog
|
||||||
|
Verbosity: ERROR
|
||||||
|
|
||||||
|
[Sites]
|
||||||
|
SoupIO: everyone
|
||||||
|
Pr0gramm: new,top
|
||||||
|
Reddit: gifs,reactiongifs,ANormalDayInRussia,perfectloops,reallifedoodles,bizarrebuildings,cablefail,cableporn,educationalgifs,EngineeringPorn,holdmybeer,itsaunixsystem,loadingicon,michaelbaygifs,nononoyesno,oddlysatisfying,ofcoursethatsathing,OSHA,PeopleFuckingDying,PerfectTiming,PixelArt,RetroFuturism,robotsbeingjerks,scriptedasiangifs,shittyrobots,startrekstabilized,ThingsCutInHalfPorn,totallynotrobots,Unexpected
|
||||||
|
NineGag: geeky,wtf,hot,trending
|
||||||
|
Instagram: nature,wtf
|
||||||
|
Fourchan: sci
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf config.lass.nichtparasoup.enable {
|
||||||
|
systemd.services.nichtparasoup = {
|
||||||
|
description = "nichtparasoup";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
restartIfChanged = true;
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = "always";
|
||||||
|
ExecStart = "${pkgs.nichtparasoup}/bin/nichtparasoup -c ${pkgs.writeText "config.ini"config.lass.nichtparasoup.config}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -90,7 +90,7 @@ main' = do
|
||||||
|
|
||||||
myLayoutHook = defLayout
|
myLayoutHook = defLayout
|
||||||
where
|
where
|
||||||
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
|
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
|
||||||
|
|
||||||
floatHooks :: Query (Endo WindowSet)
|
floatHooks :: Query (Endo WindowSet)
|
||||||
floatHooks = composeAll . concat $
|
floatHooks = composeAll . concat $
|
||||||
|
|
|
@ -17,9 +17,9 @@ pkgs.writeDashBin "l-gen-secrets" ''
|
||||||
|
|
||||||
cd $TMPDIR
|
cd $TMPDIR
|
||||||
for x in *; do
|
for x in *; do
|
||||||
${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m krebs-secrets/$HOSTNAME/$x > /dev/null
|
${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null
|
||||||
done
|
done
|
||||||
echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/pass > /dev/null
|
echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/pass > /dev/null
|
||||||
|
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
$HOSTNAME = {
|
$HOSTNAME = {
|
||||||
|
|
15
lass/5pkgs/nichtparasoup/default.nix
Normal file
15
lass/5pkgs/nichtparasoup/default.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{ stdenv, pkgs, ... }:
|
||||||
|
let
|
||||||
|
py = pkgs.python3Packages.python.withPackages (p: [
|
||||||
|
p.werkzeug
|
||||||
|
p.beautifulsoup4
|
||||||
|
]);
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "k4cg";
|
||||||
|
repo = "nichtparasoup";
|
||||||
|
rev = "c6dcd0d";
|
||||||
|
sha256 = "10xy20bjdnd5bjv2hf6v5y5wi0mc9555awxkjqf57rk6ngc5w6ss";
|
||||||
|
};
|
||||||
|
in pkgs.writeDashBin "nichtparasoup" ''
|
||||||
|
${py}/bin/python ${src}/nichtparasoup.py "$@"
|
||||||
|
''
|
13
lass/5pkgs/nichtparasoup/exception.patch
Normal file
13
lass/5pkgs/nichtparasoup/exception.patch
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
diff --git a/nichtparasoup.py b/nichtparasoup.py
|
||||||
|
index 9da9a2b..833ca71 100755
|
||||||
|
--- a/nichtparasoup.py
|
||||||
|
+++ b/nichtparasoup.py
|
||||||
|
@@ -211,7 +211,7 @@ def cache_fill_loop():
|
||||||
|
try:
|
||||||
|
sources[crawler][site].crawl()
|
||||||
|
info = Crawler.info()
|
||||||
|
- except Exception, e:
|
||||||
|
+ except Exception as e:
|
||||||
|
logger.error("Error in crawler %s - %s: %s" % (crawler, site, e))
|
||||||
|
break
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
{ name }: let
|
{ config ? config, name }: let
|
||||||
inherit (import ../krebs/kops.nix { inherit name; })
|
inherit (import ../krebs/krops.nix { inherit name; })
|
||||||
krebs-source
|
krebs-source
|
||||||
lib
|
lib
|
||||||
pkgs
|
pkgs
|
||||||
|
@ -8,7 +8,7 @@
|
||||||
source = { test }: lib.evalSource [
|
source = { test }: lib.evalSource [
|
||||||
krebs-source
|
krebs-source
|
||||||
{
|
{
|
||||||
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
|
nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
|
||||||
secrets = if test then {
|
secrets = if test then {
|
||||||
file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets";
|
file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets";
|
||||||
} else {
|
} else {
|
||||||
|
@ -22,14 +22,21 @@
|
||||||
|
|
||||||
in {
|
in {
|
||||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
|
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
|
||||||
deploy = pkgs.kops.writeDeploy "${name}-deploy" {
|
deploy = pkgs.krops.writeDeploy "${name}-deploy" {
|
||||||
source = source { test = false; };
|
source = source { test = false; };
|
||||||
target = "root@${name}/var/src";
|
target = "root@${name}/var/src";
|
||||||
};
|
};
|
||||||
|
|
||||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test)
|
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test)
|
||||||
test = pkgs.kops.writeTest "${name}-test" {
|
test = pkgs.krops.writeTest "${name}-test" {
|
||||||
source = source { test = true; };
|
source = source { test = true; };
|
||||||
target = "${lib.getEnv "HOME"}/tmp/${name}-kops-test-src";
|
target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
ci = map (host:
|
||||||
|
pkgs.krops.writeTest "${host.name}-test" {
|
||||||
|
source = source { test = true; };
|
||||||
|
target = "${lib.getEnv "TMPDIR"}/lass/${host.name}";
|
||||||
|
}
|
||||||
|
) (lib.filter (host: lib.getAttr "ci" host && host.owner == "lass") (lib.attrValues config.krebs.hosts));
|
||||||
}
|
}
|
|
@ -12,7 +12,7 @@ host@{ name, secure ? false, override ? {} }: let
|
||||||
in
|
in
|
||||||
evalSource (toString _file) [
|
evalSource (toString _file) [
|
||||||
{
|
{
|
||||||
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
|
nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
|
||||||
nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
|
nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
|
||||||
secrets = getAttr builder {
|
secrets = getAttr builder {
|
||||||
buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;
|
buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue