From d73262f4e0aa2f64464a453be28d5fc4993aad19 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 20 Oct 2016 21:05:42 +0200
Subject: [PATCH 01/13] k 3 l: add sokratess user
---
krebs/3modules/lass/default.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 08e8995fa..f2c9c4684 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -305,5 +305,7 @@ with config.krebs.lib;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h";
mail = "lass@mors.r";
};
+ sokratess = {
+ };
};
}
From 35596f7aed2f2b43064c5d41121c0d3d17503641 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 20 Oct 2016 21:05:56 +0200
Subject: [PATCH 02/13] l 1 mors: activate redis
---
lass/1systems/mors.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 1028ca652..b9373313c 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -77,6 +77,9 @@ with config.krebs.lib;
];
};
}
+ {
+ services.redis.enable = true;
+ }
];
krebs.build.host = config.krebs.hosts.mors;
From 48282200043d63c5e0434fdd7b8dc79aa271b8ae Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 20 Oct 2016 21:08:55 +0200
Subject: [PATCH 03/13] l 2 c-base: add cifs-utils
---
lass/2configs/c-base.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix
index 9d13bc30d..679a90b7e 100644
--- a/lass/2configs/c-base.nix
+++ b/lass/2configs/c-base.nix
@@ -16,6 +16,10 @@ in {
users.extraGroups.cbasevpn.gid = genid "cbasevpn";
+ environment.systemPackages = [
+ pkgs.cifs-utils
+ ];
+
services.openvpn.servers = {
c-base = {
config = ''
From 0398342657a9548b9ada4524335b3ca864fd9c2e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 20 Oct 2016 21:09:26 +0200
Subject: [PATCH 04/13] l 2 websites domsen: remove obsolete code
---
lass/2configs/websites/domsen.nix | 32 -------------------------------
1 file changed, 32 deletions(-)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 3a3e60d39..5a4748f42 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -22,25 +22,6 @@ let
exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
'';
- check-password = pkgs.writeDash "check-password" ''
- read pw
-
- file="/home/$PAM_USER/.shadow"
-
- #check if shadow file exists
- test -e "$file" || exit 123
-
- hash="$(${pkgs.coreutils}/bin/head -1 $file)"
- salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')"
-
- calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)"
- if [ "$calc_hash" == $hash ]; then
- exit 0
- else
- exit 1
- fi
- '';
-
in {
imports = [
./sqlBackup.nix
@@ -164,19 +145,6 @@ in {
{ predicate = "-p tcp --dport 465"; target = "ACCEPT"; }
];
- security.pam.services.exim.text = ''
- auth required pam_env.so
- auth sufficient pam_exec.so debug expose_authtok ${check-password}
- auth sufficient pam_unix.so likeauth nullok
- auth required pam_deny.so
- account required pam_unix.so
- password required pam_cracklib.so retry=3 type=
- password sufficient pam_unix.so nullok use_authtok md5shadow
- password required pam_deny.so
- session required pam_limits.so
- session required pam_unix.so
- '';
-
krebs.exim-smarthost = {
authenticators.PLAIN = ''
driver = plaintext
From 51a9fb2dccf6996e1f4fe6f795076ebc6bc71d25 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 20 Oct 2016 21:10:59 +0200
Subject: [PATCH 05/13] l 1 shodan: add sokratess user
---
lass/1systems/shodan.nix | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 5140591af..7c44807a6 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -22,6 +22,26 @@ with builtins;
# };
# };
#}
+ {
+ users.users.sokratess = {
+ uid = genid "sokratess";
+ home = "/home/sokratess";
+ group = "users";
+ createHome = true;
+ extraGroups = [
+ "audio"
+ "networkmanager"
+ ];
+ useDefaultShell = true;
+ password = "aidsballs";
+ };
+ krebs.per-user.sokratess.packages = [
+ pkgs.firefox
+ pkgs.python27Packages.virtualenv
+ pkgs.python27Packages.ipython
+ pkgs.python27Packages.python
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.shodan;
From 0f38de96e8749e49af333028435edb37f7b4ae60 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 20 Oct 2016 21:40:11 +0200
Subject: [PATCH 06/13] l: import <stockholm/lib>
---
krebs/3modules/newsbot-js.nix | 4 +---
lass/1systems/shodan.nix | 2 +-
lass/2configs/websites/domsen.nix | 2 +-
lass/2configs/websites/fritz.nix | 2 +-
lass/2configs/websites/lassulus.nix | 2 +-
lass/2configs/websites/wohnprojekt-rhh.de.nix | 2 +-
6 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix
index b58c555e7..2ff9a5ebb 100644
--- a/krebs/3modules/newsbot-js.nix
+++ b/krebs/3modules/newsbot-js.nix
@@ -1,10 +1,8 @@
{ config, lib, pkgs, ... }:
-with builtins;
-with lib;
+with import <stockholm/lib>;
let
- inherit (config.krebs.lib) genid;
cfg = config.krebs.newsbot-js;
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 7c44807a6..9d1df1d72 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -1,6 +1,6 @@
{ config, pkgs, ... }:
-with builtins;
+with import <stockholm/lib>;
{
imports = [
../.
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 5a4748f42..18c771fad 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -2,7 +2,7 @@
let
- inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ inherit (import <stockholm/lib>)
genid
genid_signed
;
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 48d96b1bf..d93d310da 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -2,7 +2,7 @@
with lib;
let
- inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ inherit (import <stockholm/lib>)
genid
head
;
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 04c19fad0..b8342e148 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -2,7 +2,7 @@
with lib;
let
- inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ inherit (import <stockholm/lib>)
genid
;
diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix
index fb1a58109..0c409ca87 100644
--- a/lass/2configs/websites/wohnprojekt-rhh.de.nix
+++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix
@@ -1,7 +1,7 @@
{ config, pkgs, lib, ... }:
let
- inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ inherit (import <stockholm/lib>)
genid
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
From 71b7fa17a46929d7e3c834edf204b272ee1f76ec Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 21 Oct 2016 22:37:59 +0200
Subject: [PATCH 07/13] m 2 default: bump to latest stable (dirtycow)
---
makefu/2configs/default.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 56a87d7af..f218a350d 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -23,7 +23,8 @@ with config.krebs.lib;
user = config.krebs.users.makefu;
source = let
inherit (config.krebs.build) host user;
- ref = "b8ede35"; # stable @ 2016-10-19
+ # ref = "b8ede35"; # stable @ 2016-10-19
+ ref = "31c72ce"; # stable @ 2016-10-21 (dirtycow)
in {
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
{
From 79a83023d5d9ee442d5c0b479cdf2e664a5c3685 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 21 Oct 2016 22:38:18 +0200
Subject: [PATCH 08/13] m 1 gum: remove mattermost
---
makefu/1systems/gum.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 20731c847..ebb8e882d 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -11,9 +11,9 @@ in {
../2configs/fs/simple-swap.nix
../2configs/fs/single-partition-ext4.nix
../2configs/smart-monitor.nix
- # ../2configs/iodined.nix
+ ../2configs/iodined.nix
../2configs/git/cgit-retiolum.nix
- ../2configs/mattermost-docker.nix
+ # ../2configs/mattermost-docker.nix
../2configs/nginx/euer.test.nix
../2configs/nginx/update.connector.one.nix
../2configs/deployment/mycube.connector.one.nix
From 8dc0352e4f585ca6b3a7507663dfcbd91fef098a Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 22 Oct 2016 01:29:16 +0200
Subject: [PATCH 09/13] l 2 nixpkgs: b8ede35 -> 686bc9c
---
lass/2configs/nixpkgs.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 73c96e876..4ef4c6ce7 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "b8ede35d2efa96490857c22c751e75d600bea44f";
+ ref = "686bc9c5ccafbec2b6d2db61bd0803c2b7bc2b7d";
};
}
From ab6a4492f2d9cd6154bcbec5684a751168028f5e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 22 Oct 2016 12:47:22 +0200
Subject: [PATCH 10/13] m 1 x: disable docker for now
---
makefu/1systems/x.nix | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix
index 00eca87c4..e7f5d0dae 100644
--- a/makefu/1systems/x.nix
+++ b/makefu/1systems/x.nix
@@ -13,6 +13,7 @@
# Krebs
#../2configs/disable_v6.nix
+ ../2configs/rad1o.nix
# applications
@@ -38,19 +39,21 @@
../2configs/fs/sda-crypto-root-home.nix
# ../2configs/mediawiki.nix
#../2configs/wordpress.nix
- ../2configs/nginx/public_html.nix
+ #../2configs/nginx/public_html.nix
+ ../2configs/nginx/icecult.nix
../2configs/tinc/retiolum.nix
# temporary modules
../2configs/temp/share-samba.nix
../2configs/laptop-backup.nix
- # ../2configs/temp/elkstack.nix
+ ../2configs/temp/elkstack.nix
# ../2configs/temp/sabnzbd.nix
../2configs/tinc/siem.nix
#../2configs/torrent.nix
];
makefu.full-populate = true;
+ nixpkgs.config.allowUnfree = true;
krebs.nginx = {
default404 = false;
servers.default.listen = [ "80 default_server" ];
@@ -59,7 +62,7 @@
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ];
- virtualisation.docker.enable = true;
+ # virtualisation.docker.enable = true;
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
From bb927ba0bbaa0f0a45d8b3c4f4cebac6fbe4f7c2 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 22 Oct 2016 14:21:22 +0200
Subject: [PATCH 11/13] m 1 vbob:disable docker
---
makefu/1systems/vbob.nix | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index 27a216316..56d1b01ba 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -40,7 +40,7 @@
fortclientsslvpn ppp xclip
get
logstash
- docker
+ # docker
devpi-web
devpi-client
];
@@ -53,8 +53,6 @@
8010
];
- virtualisation.docker.enable = false;
-
fileSystems."/media/share" = {
fsType = "vboxsf";
device = "share";
From 75a3c4029db60013066b0850ed4df359fe2be3cd Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 22 Oct 2016 14:25:52 +0200
Subject: [PATCH 12/13] l 1 helios: oraclejre -> jre
---
lass/1systems/helios.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index c16080762..4e0b40906 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -41,7 +41,7 @@ with import <stockholm/lib>;
environment.systemPackages = with pkgs; [
firefox
chromium
- oraclejre8
+ jre
maven
arandr
libreoffice
From 384c96efd288c44b285d20ca8f5390b9d03af6d6 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sun, 23 Oct 2016 05:53:41 +0200
Subject: [PATCH 13/13] l 1 helios: remove jre from pkgs
---
lass/1systems/helios.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index 4e0b40906..82db8ef7b 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -41,7 +41,6 @@ with import <stockholm/lib>;
environment.systemPackages = with pkgs; [
firefox
chromium
- jre
maven
arandr
libreoffice