diff options
| author | tv <tv@krebsco.de> | 2017-03-05 00:28:32 +0100 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2017-03-05 00:28:32 +0100 |
| commit | 4499cc406560963d65b016075ba2df6451c834cd (patch) | |
| tree | ffea19187190a105e7b0caf617a0215c02c281da | |
| parent | d7761aed6559adba3cfa61d822165c42c90fc276 (diff) | |
| parent | 39fd77b84c7c14d6460722721726b378bdab7acd (diff) | |
Merge remote-tracking branch 'prism/master'
49 files changed, 783 insertions, 654 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e0810ab63..f336c966f 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -22,6 +22,7 @@ let ./go.nix ./iptables.nix ./kapacitor.nix + ./monit.nix ./newsbot-js.nix ./nginx.nix ./nixpkgs.nix diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index bda563f8d..0ad952e3b 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -55,7 +55,7 @@ let local_domains = mkOption { type = with types; listOf hostname; - default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases; + default = unique (["localhost" cfg.primary_hostname] ++ config.krebs.build.host.nets.retiolum.aliases); }; relay_from_hosts = mkOption { diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 29c4f50e9..e226a9060 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -21,13 +21,14 @@ let OnCalendar = "*:00,10,20,30,40,50"; }; }; + # TODO find a better default stateDir stateDir = mkOption { type = types.str; - default = "/var/lib/wallpaper"; + default = "$HOME/wallpaper"; }; display = mkOption { type = types.str; - default = ":11"; + default = ":0"; }; unitConfig = mkOption { type = types.attrsOf types.str; @@ -48,38 +49,30 @@ let fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" '' set -euf - mkdir -p ${shell.escape cfg.stateDir} - cd ${shell.escape cfg.stateDir} + mkdir -p ${cfg.stateDir} + cd ${cfg.stateDir} (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || : - feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper + feh --no-fehbg --bg-scale wallpaper ''; imp = { - users.users.fetchWallpaper = { - name = "fetchWallpaper"; - uid = genid "fetchWallpaper"; - description = "fetchWallpaper user"; - home = cfg.stateDir; - createHome = true; - }; - - systemd.timers.fetchWallpaper = { + systemd.user.timers.fetchWallpaper = { description = "fetch wallpaper timer"; wantedBy = [ "timers.target" ]; timerConfig = cfg.timerConfig; }; - systemd.services.fetchWallpaper = { + systemd.user.services.fetchWallpaper = { description = "fetch wallpaper"; - after = [ "network.target" ]; + wantedBy = [ "default.target" ]; path = with pkgs; [ curl feh + coreutils ]; environment = { - URL = cfg.url; DISPLAY = cfg.display; }; restartIfChanged = true; @@ -87,7 +80,6 @@ let serviceConfig = { Type = "simple"; ExecStart = fetchWallpaperScript; - User = "fetchWallpaper"; }; unitConfig = cfg.unitConfig; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0b67abd11..6ab8ede56 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -73,13 +73,21 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK"; }; - prism = { + prism = rec { cores = 4; + extraZones = { + "krebsco.de" = '' + prism IN A ${nets.internet.ip4.addr} + paste IN A ${nets.internet.ip4.addr} + ''; + }; nets = rec { internet = { ip4.addr = "213.239.205.240"; aliases = [ "prism.internet" + "paste.i" + "paste.internet" ]; ssh.port = 45621; }; diff --git a/krebs/3modules/lass/ssh/icarus.rsa b/krebs/3modules/lass/ssh/icarus.rsa index da99fcfdf..e3cb74081 100644 --- a/krebs/3modules/lass/ssh/icarus.rsa +++ b/krebs/3modules/lass/ssh/icarus.rsa @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz97C5WVGXgKZ3I7FMvL4TyUv+0rsrSOGI7jj5uQaaHx0SSR0V4tnZtv2hXYrfnkaPHwu2PYUeeUdMBHfbZS6l2dmaXRI9f2WG7182G3IUskMktpi84DMyh0kwK2pWmHoS+Kwo//q+lu4WXIRy4X5wVMVpPT1Oc7boDtqJt4rK8uZkuVmVzGi+5SFaBxspCsdZsX/uDWOeC4/U2l+2Pd4YYl8UdmgN3bJceKTwqKIcbK7AL91My0jrnRSU6XLuED0hcVKzjkjc6bcj1R+Mlch9cflsMQV8TfT6p7VGGvUOtVwhG1+CjraHfilzFn76wINClsQXF/ncKrGabTEWO3zTi12ukAzL2/B0IB0q61tror9uYqeI74WgLjwhnuF98hUL7hnqgV3KB1ytpt6yzXqf1Uz784z9dh0n9r0fLTkeTDbJ4uOz1XzpmAMRwuo0o7/Op7rRBLHohu2Tp6AV8sISKJN5hDGe0wD6861pH9ZrRBiUux6uylzfWp2qrZmERnk0brBl+oDQNhKs3Z0CZmLG4DZWMc5pxpQ5751/8bb6nEorg2ulDZ/h+G3myC+9Zbc/owb/HHOGOBMEpyYYYMvYAfchu50e4xtHd+wMqzFxzjfcM7u6dTdyDEXi6+TFXKBEZyvaAhW2J27HKj4iK6Td2GyK59myPG6OtCnIbw9BPw== lass@icarus +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDm4qnRU8/Zyb+7x/QxW1grN+i1qcN39Sr/TSkBdccAPyfPdk8ph/G+wZKgsyr9sl5CgbA4hOsqDBN97dp4dKghKARuk0GldHDgo+2odWwBTa4EOSmE4Bfj3z7r9tW33Y+ujy55L4w5Qw21lj51mbhc0qvC/03xypEeKsLM0RtNAf8TsdGMPGmbha7uCF75VjFJvrHysbjonh6ZQ+Or8N0MSNABZ9oawJQxxBUqtLFhnq20zCJmm281f9GS/EaGYwcpOjiHd4fj3XWyfEIJRK/LRBZXkidvVDN7mhOQY3G+qiGZfPeyged9CRDRFoc5QbZ43NtrmPS+yUtjHQZKynkjI0lA00fegRzb0FkEJmYSy1Vdqgj338CjNwcuTaKJTw2EotMqMuHyk1FllnphafJtgMTMLIGoZRTpJpC91gbP0MGTnRoCwD4McZcz1YD3cxng101QsLsDv/FPxzbyxr+P6rjBB6eP6IhP4k4ALjWzoMURdCo1BW4//zt+PXImUpcX2+urtAMmVBQ8BwZry1hsEcR+r6C1Yb+jzeWGnvtfjXSFv+ZjpA0eEnqeKeh3LDCxybjkok51zdTe97EZ0sDAnKcnrVzpXJwehY02E2N9Sw1HhvWIUUulr09a2bC2rYR7HWryOjaEzT2aKmUyrxPkflCawB8gn2iSbVMWK74VJw== lass@icarus diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 1e63a26e2..489f62b65 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -5,50 +5,50 @@ with import <stockholm/lib>; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { drop = rec { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.177.9"; - ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce"; - aliases = [ - "drop.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl - 6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI - GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW - 0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C - Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT - F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.177.9"; + ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce"; + aliases = [ + "drop.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl + 6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI + GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW + 0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C + Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT + F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; + }; }; fileleech = rec { - cores = 4; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech"; - nets = { - retiolum = { - ip4.addr = "10.243.113.98"; - ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096"; - aliases = [ - "fileleech.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF - 8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K - YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait - nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z - e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V - UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + cores = 4; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech"; + nets = { + retiolum = { + ip4.addr = "10.243.113.98"; + ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096"; + aliases = [ + "fileleech.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF + 8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K + YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait + nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z + e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V + UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; + }; }; pnp = { @@ -123,16 +123,16 @@ with import <stockholm/lib>; aliases = [ "ossim.siem" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl - RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL - cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand - mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd - dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL - WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB - -----END RSA PUBLIC KEY----- - ''; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl + RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL + cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand + mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd + dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL + WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; }; }; @@ -169,7 +169,7 @@ with import <stockholm/lib>; XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ== -----END RSA PUBLIC KEY----- - ''; + ''; }; }; }; @@ -228,16 +228,15 @@ with import <stockholm/lib>; "vbob.retiolum" ]; tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr - 4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI - AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP - hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o - Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s - AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB - -----END RSA PUBLIC KEY----- - - ''; + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr + 4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI + AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP + hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o + Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s + AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; }; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; @@ -278,7 +277,7 @@ with import <stockholm/lib>; DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB -----END RSA PUBLIC KEY----- - ''; + ''; }; }; }; @@ -291,7 +290,6 @@ with import <stockholm/lib>; wry IN A ${nets.internet.ip4.addr} io IN NS wry.krebsco.de. graphs IN A ${nets.internet.ip4.addr} - paste 60 IN A ${nets.internet.ip4.addr} tinc IN A ${nets.internet.ip4.addr} ''; }; @@ -300,9 +298,7 @@ with import <stockholm/lib>; ip4.addr = "104.233.87.86"; aliases = [ "wry.i" - "paste.i" "wry.internet" - "paste.internet" ]; }; retiolum = { @@ -353,7 +349,7 @@ with import <stockholm/lib>; ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"; aliases = [ "filepimp.retiolum" - "filepimp.r" + "filepimp.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -364,7 +360,7 @@ with import <stockholm/lib>; UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB 8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB -----END RSA PUBLIC KEY----- - ''; + ''; }; }; }; @@ -389,15 +385,15 @@ with import <stockholm/lib>; "stats.makefu.r" ]; tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM - ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn - sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm - s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6 - GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6 - 5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB - -----END RSA PUBLIC KEY----- - ''; + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM + ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn + sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm + s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6 + GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6 + 5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; }; ssh.privkey.path = <secrets/ssh.id_ed25519>; @@ -428,18 +424,18 @@ with import <stockholm/lib>; ip4.addr = "10.243.214.15"; ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"; aliases = [ - "wbob.retiolum" + "wbob.retiolum" ]; tinc.pubkey = '' ------BEGIN RSA PUBLIC KEY----- -MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e -QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal -cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8 -khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs -rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9 -TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB ------END RSA PUBLIC KEY----- -''; + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e + QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal + cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8 + khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs + rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9 + TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; }; }; @@ -487,7 +483,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB -----END RSA PUBLIC KEY----- - ''; + ''; }; }; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; @@ -538,7 +534,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB +DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5 uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB -----END RSA PUBLIC KEY----- - ''; + ''; }; }; }; @@ -551,8 +547,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB ip4.addr = "10.243.83.237"; ip6.addr = "42:af50:99cf:c185:f1a8:14d5:acb:8101"; aliases = [ - "sdev.retiolum" - "sdev.r" + "sdev.retiolum" + "sdev.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -569,7 +565,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; - # non-stockholm +# non-stockholm flap = rec { cores = 1; @@ -602,7 +598,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB -----END RSA PUBLIC KEY----- - ''; + ''; }; }; }; @@ -819,32 +815,30 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; }; tcac-0-1 = rec { - cores = 1; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1 - "; - nets = { - retiolum = { - ip4.addr = "10.243.144.142"; - ip6.addr = "42:4bf8:94b:eec5:69e2:c837:686e:f278"; - aliases = [ - "tcac-0-1.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j - 7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs - zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO - Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs - QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl - HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + cores = 1; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1 + "; + nets = { + retiolum = { + ip4.addr = "10.243.144.142"; + ip6.addr = "42:4bf8:94b:eec5:69e2:c837:686e:f278"; + aliases = [ + "tcac-0-1.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j + 7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs + zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO + Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs + QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl + HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; + }; }; - - } // { # hosts only maintained in stockholm, not owned by me muhbaasu = rec { owner = config.krebs.users.root; @@ -878,23 +872,23 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB tpsw = { cores = 2; owner = config.krebs.users.ciko; # main laptop - nets = { - retiolum = { - ip4.addr = "10.243.183.236"; - ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c"; - aliases = [ "tpsw.r" "tpsw.retiolum" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ - Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML - WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl - OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM - 0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd - pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB - -----END RSA PUBLIC KEY----- - ''; + nets = { + retiolum = { + ip4.addr = "10.243.183.236"; + ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c"; + aliases = [ "tpsw.r" "tpsw.retiolum" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ + Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML + WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl + OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM + 0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd + pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; }; - }; }; }; users = rec { @@ -920,6 +914,10 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB inherit (makefu) mail pgp; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum"; }; + makefu-bob = { + inherit (makefu) mail pgp; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD"; + }; ciko = { mail = "wieczorek.stefan@googlemail.com"; }; diff --git a/krebs/3modules/monit.nix b/krebs/3modules/monit.nix new file mode 100644 index 000000000..4d4066ae4 --- /dev/null +++ b/krebs/3modules/monit.nix @@ -0,0 +1,116 @@ +{ config, lib, pkgs, ... }: + +with builtins; +with import <stockholm/lib>; + +let + cfg = config.krebs.monit; + + out = { + options.krebs.monit = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "monit"; + http = { + enable = mkEnableOption "monit http server"; + port = mkOption { + type = types.int; + default = 9093; + }; + user = mkOption { + type = types.str; + default = "krebs"; + }; + pass = mkOption { + type = types.str; + default = "bob"; + }; + }; + user = mkOption { + type = types.user; + default = { + name = "monit"; + }; + }; + group = mkOption { + type = types.group; + default = { + name = "monitor"; + }; + }; + extraConfig = mkOption { + type = types.attrs; + default = {}; + }; + alarms = mkOption { + default = {}; + type = with types; attrsOf (submodule { + options = { + test = mkOption { + type = path; + }; + alarm = mkOption { + type = path; + }; + interval = mkOption { + type = str; + default = "10"; + }; + }; + }); + }; + }; + + imp = let + configFile = pkgs.writeText "monit.cfg" '' + ${optionalString cfg.http.enable '' + set httpd port ${toString cfg.http.port} + allow ${cfg.http.user}:${cfg.http.pass} + ''} + set daemon 10 + + ${concatStringsSep "\n" (mapAttrsToList (name: alarm: '' + check program ${name} with path "${alarm.test}" + every ${alarm.interval} cycles + if status != 0 then exec "${alarm.alarm}" + '') cfg.alarms)} + ''; + in { + environment.etc = [ + { + source = configFile; + target = "monit.conf"; + mode = "0400"; + uid = config.users.users.${cfg.user.name}.uid; + } + ]; + users = { + groups.${cfg.group.name} = { + inherit (cfg.group) name gid; + }; + users.${cfg.user.name} = { + inherit (cfg.user) home name uid; + createHome = true; + group = cfg.group.name; + }; + }; + + systemd.services.monit = { + description = "monit"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = true; + + serviceConfig = { + Restart = "always"; + User = cfg.user.name; + ExecStart = "${pkgs.monit}/bin/monit -I -c /etc/monit.conf"; + # Monit should restart when the config changes + ExecStartPre = "${pkgs.coreutils}/bin/echo ${configFile}"; + }; + }; + }; +in out diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix index 3231c0e23..d5d13cd1a 100644 --- a/krebs/3modules/nin/default.nix +++ b/krebs/3modules/nin/default.nix @@ -38,6 +38,8 @@ with import <stockholm/lib>; aliases = [ "onondaga.retiolum" "onondaga.r" + "cgit.onondaga.r" + "cgit.onondaga.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/5pkgs/buildbot/default.nix b/krebs/5pkgs/buildbot/default.nix index 2e14b6b63..37eea5fd9 100644 --- a/krebs/5pkgs/buildbot/default.nix +++ b/krebs/5pkgs/buildbot/default.nix @@ -3,10 +3,10 @@ pythonPackages.buildPythonApplication (rec { name = "${pname}-${version}"; pname = "buildbot"; - version = "0.9.1"; + version = "0.9.4"; src = fetchurl { url = "mirror://pypi/b/${pname}/${name}.tar.gz"; - sha256 = "1kk4dlkk4rznwid9xykq2lbzksvkcr4r5kmz9hgh5hswdzv8bwx9"; + sha256 = "0wklrn4fszac9wi8zw3vbsznwyff6y57cz0i81zvh46skb6n3086"; }; doCheck = false; buildInputs = with pythonPackages; [ @@ -22,6 +22,7 @@ pythonPackages.buildPythonApplication (rec { pylint astroid pyflakes + pyjwt ]; propagatedBuildInputs = with pythonPackages; [ @@ -55,9 +56,6 @@ pythonPackages.buildPythonApplication (rec { ] ++ plugins; - patchPhase = '' - patch -p1 < ${./irc_messages.patch} - ''; preInstall = '' # writes out a file that can't be read properly sed -i.bak -e '69,84d' buildbot/test/unit/test_www_config.py diff --git a/krebs/5pkgs/buildbot/irc_messages.patch b/krebs/5pkgs/buildbot/irc_messages.patch deleted file mode 100644 index ab8597dbd..000000000 --- a/krebs/5pkgs/buildbot/irc_messages.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff --git a/buildbot/reporters/words.py b/master/buildbot/reporters/words.py -index a65147b..bf44118 100644 ---- a/buildbot/reporters/words.py -+++ b/buildbot/reporters/words.py -@@ -550,14 +550,15 @@ class Contact(service.AsyncService): - - if self.useRevisions: - revisions = yield self.getRevisionsForBuild(build) -- r = "Hey! build %s containing revision(s) [%s] is complete: %s" % \ -+ r = "Build %s containing revision(s) [%s] is complete: %s" % \ - (builderName, ','.join(revisions), results[0]) - else: -- r = "Hey! build %s #%d is complete: %s" % \ -+ r = "Build %s #%d is complete: %s" % \ - (builderName, buildNumber, results[0]) - - r += ' [%s]' % maybeColorize(build['state_string'], - results[1], self.useColors) -+ r += " - %s" % self.master.status.getURLForBuild(builder['builderid'],buildNumber) - self.send(r) - - # FIXME: where do we get the list of changes for a build ? -@@ -622,14 +623,15 @@ class Contact(service.AsyncService): - results = self.getResultsDescriptionAndColor(build['results']) - if self.useRevisions: - revisions = yield self.getRevisionsForBuild(build) -- r = "Hey! build %s containing revision(s) [%s] is complete: %s" % \ -+ r = "Build %s containing revision(s) [%s] is complete: %s" % \ - (builder_name, ','.join(revisions), results[0]) - else: -- r = "Hey! build %s #%d is complete: %s" % \ -+ r = "Build %s #%d is complete: %s" % \ - (builder_name, buildnum, results[0]) - - r += ' [%s]' % maybeColorize(build['state_string'], - results[1], self.useColors) -+ r += " - %s" % self.master.status.getURLForBuild(builder['builderid'],buildNumber) - self.send(r) - - # FIXME: where do we get the base_url? Then do we use the build Link to diff --git a/krebs/5pkgs/buildbot/worker.nix b/krebs/5pkgs/buildbot/worker.nix index c100de5d2..34e526858 100644 --- a/krebs/5pkgs/buildbot/worker.nix +++ b/krebs/5pkgs/buildbot/worker.nix @@ -2,12 +2,12 @@ pythonPackages.buildPythonApplication (rec { name = "${pname}-${version}"; pname = "buildbot-worker"; - version = "0.9.1"; + version = "0.9.4"; doCheck = false; src = fetchurl { url = "mirror://pypi/b/${pname}/${name}.tar.gz"; - sha256 = "00p9l1qz6mx12npjwsycp8f9a8f2har15ig79pfsg8z7a7yw93hx"; + sha256 = "0rdrr8x7sn2nxl51p6h9ad42s3c28lb6sys84zrg0d7fm4zhv7hj"; }; buildInputs = with pythonPackages; [ setuptoolsTrial mock ]; diff --git a/krebs/5pkgs/zandronum-bin/default.nix b/krebs/5pkgs/zandronum-bin/default.nix new file mode 100644 index 000000000..e97f46add --- /dev/null +++ b/krebs/5pkgs/zandronum-bin/default.nix @@ -0,0 +1,83 @@ +{ stdenv +, atk +, bzip2 +, cairo +, fetchurl +, fluidsynth +, fontconfig +, freetype +, gdk_pixbuf +, glib +, gtk2 +, libjpeg_turbo +, mesa_glu +, mesa_noglu +, openssl +, pango +, SDL +, zlib +, makeWrapper +}: + +stdenv.mkDerivation rec { + name = "zandronum-3.0"; + + src = fetchurl { + url = "http://zandronum.com/downloads/testing/3.0/ZandroDev3.0-170205-2117linux-x86_64.tar.bz2"; + sha256 = "17vrzk0m5b17sp3sqcg57r7812ma97lp3qxn9hmd39fwl1z40fz3"; + }; + + libPath = stdenv.lib.makeLibraryPath [ + atk + bzip2 + cairo + fluidsynth + fontconfig + freetype + gdk_pixbuf + glib + gtk2 + libjpeg_turbo + mesa_glu + mesa_noglu + openssl + pango + SDL + stdenv.cc.cc + zlib + ]; + + nativeBuildInputs = [ makeWrapper ]; + + phases = [ "unpackPhase" "installPhase" ]; + + sourceRoot = "."; + + installPhase = '' + mkdir -p $out/bin + mkdir -p $out/share/zandronum + cp *.so *.pk3 zandronum zandronum-server $out/share/zandronum + + patchelf \ + --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \ + --set-rpath $libPath:$out/share/zandronum \ + $out/share/zandronum/zandronum + patchelf \ + --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \ + --set-rpath $libPath \ + $out/share/zandronum/zandronum-server + + # If we don't set absolute argv0, zandronum.wad file is not found. + makeWrapper $out/share/zandronum/zandronum $out/bin/zandronum + makeWrapper $out/share/zandronum/zandronum-server $out/bin/zandronum-server + ''; + + meta = { + homepage = http://zandronum.com/; + description = "Multiplayer oriented port, based off Skulltag, for Doom and Doom II by id Software. Binary version for online play"; + maintainers = [ stdenv.lib.maintainers.lassulus ]; + # Binary version has different version string than source code version. + license = stdenv.lib.licenses.unfreeRedistributable; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index a5eaaed9d..bffb08ad3 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -76,56 +76,15 @@ with import <stockholm/lib>; { services.redis.enable = true; } - #{ - # #gitit magic - # imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ]; - # services.gitit = { - # enable = true; - # haskellPackages = pkgs.haskell.packages.ghc7103; - # }; - #} - #{ - # lass.icinga2 = { - # enable = true; - # configFiles = [ - # '' - # template Service "generic-service" { - # max_check_attempts = 3 - # check_interval = 5m - # retry_interval = 1m - # enable_perfdata = true - # } - # apply Service "ping4" { - # } - # '' - # ]; - # }; - # services.mysql = { - # enable = true; - # package = pkgs.mariadb; - # rootPassword = "<secrets>/mysql_rootPassword"; - # }; - # lass.icingaweb2 = { - # enable = true; - # initialRootPasswordHash = "$1$HpWDCehI$ITbAoyfOB6HEN1ftooxZq0"; - # resources = { - # icinga2db = { - # type = "mysql"; - # host = "localhost"; - # user = "icingaweb2"; - # db = "icinga"; - # passfile = <secrets/icinga2-pw>; - # }; - # icingaweb2db = { - # type = "mysql"; - # host = "localhost"; - # user = "icingaweb2"; - # db = "icingaweb2"; - # passfile = <secrets/icinga2-pw>; - # }; - # }; - # }; - #} + { + #ipfs-testing + services.ipfs.enable = true; + } + { + environment.systemPackages = [ + pkgs.krebszones + ]; + } ]; krebs.build.host = config.krebs.hosts.mors; diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index c0c22a0de..b55732f65 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -44,6 +44,7 @@ in { ../2configs/hfos.nix ../2configs/makefu-sip.nix ../2configs/monitoring/server.nix + ../2configs/monitoring/monit-alarms.nix { imports = [ ../2configs/bepasty.nix @@ -164,7 +165,6 @@ in { } { imports = [ - ../2configs/websites/wohnprojekt-rhh.de.nix ../2configs/websites/domsen.nix ../2configs/websites/lassulus.nix ]; @@ -215,7 +215,8 @@ in { } { krebs.repo-sync.timerConfig = { - OnUnitInactiveSec = "5min"; + OnBootSec = "5min"; + OnUnitInactiveSec = "3min"; RandomizedDelaySec = "2min"; }; } @@ -247,7 +248,13 @@ in { ]; } { - krebs.Reaktor.coders = { + krebs.Reaktor.coders = let + lambdabot = (import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs"; + rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; + sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; + }) {}).lambdabot; + in { nickname = "reaktor-lass"; channels = [ "#coders" ]; extraEnviron = { @@ -263,7 +270,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-pl" { pattern = "^@pl (?P<args>.*)$$"; script = pkgs.writeDash "lambda-pl" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@pl $1" ''; @@ -271,7 +278,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-type" { pattern = "^@type (?P<args>.*)$$"; script = pkgs.writeDash "lambda-type" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@type $1" ''; @@ -279,7 +286,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-let" { pattern = "^@let (?P<args>.*)$$"; script = pkgs.writeDash "lambda-let" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@let $1" ''; @@ -287,7 +294,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-run" { pattern = "^@run (?P<args>.*)$$"; script = pkgs.writeDash "lambda-run" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@run $1" ''; @@ -295,7 +302,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-kind" { pattern = "^@kind (?P<args>.*)$$"; script = pkgs.writeDash "lambda-kind" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@kind $1" ''; @@ -303,7 +310,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-kind" { pattern = "^@kind (?P<args>.*)$$"; script = pkgs.writeDash "lambda-kind" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@kind $1" ''; diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 232e91d90..dca616936 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -42,6 +42,29 @@ with import <stockholm/lib>; pkgs.python27Packages.python ]; } + { + krebs.monit = let + echoToIrc = msg: + pkgs.writeDash "echo_irc" '' + set -euf + export LOGNAME=prism-alarm + ${pkgs.irc-announce}/bin/irc-announce \ + ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null + ''; + in { + enable = true; + http.enable = true; + alarms = { + hfos = { + test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'"; + alarm = echoToIrc "test hfos failed"; + }; + }; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.shodan; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 2933ca0e4..275b93f26 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -1,13 +1,15 @@ { config, pkgs, ... }: - +with import <stockholm/lib>; let - mainUser = config.users.extraUsers.mainUser; + user = config.krebs.build.user; in { imports = [ - ./xserver ./mpv.nix ./power-action.nix ./screenlock.nix + ./copyq.nix + ./xresources.nix + ./livestream.nix { hardware.pulseaudio = { enable = true; @@ -32,15 +34,15 @@ in { programs.ssh.startAgent = false; - security.setuidPrograms = [ "slock" ]; - services.printing = { enable = true; - drivers = [ pkgs.foomatic_filters ]; + drivers = [ + pkgs.foomatic_filters + pkgs.gutenprint + ]; }; environment.systemPackages = with pkgs; [ - acpi dic dmenu @@ -66,37 +68,37 @@ in { youtube-tools rxvt_unicode - #window manager stuff - #haskellPackages.xmobar - #haskellPackages.yeganesh - #dmenu2 - #xlibs.fontschumachermisc ]; - #fonts.fonts = [ - # pkgs.xlibs.fontschumachermisc - #]; - - #services.xserver = { - # enable = true; - - # windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [ - # X11-xshape - # ]; - # windowManager.xmonad.enable = true; - # windowManager.xmonad.enableContribAndExtras = true; - # windowManager.default = "xmonad"; - # desktopManager.default = "none"; - # desktopManager.xterm.enable = false; - # displayManager.slim.enable = true; - # displayManager.auto.enable = true; - # displayManager.auto.user = mainUser.name; - - # layout = "us"; - # xkbModel = "evdev"; - # xkbVariant = "altgr-intl"; - # xkbOptions = "caps:backspace"; - #}; + fonts.fonts = [ + pkgs.xlibs.fontschumachermisc + ]; + + services.xserver = { + enable = true; + + desktopManager.xterm.enable = false; + desktopManager.default = "none"; + displayManager.lightdm.enable = true; + displayManager.lightdm.autoLogin = { + enable = true; + user = "lass"; + }; + windowManager.default = "xmonad"; + windowManager.session = [{ + name = "xmonad"; + start = '' + ${pkgs.xorg.xhost}/bin/xhost +LOCAL: + ${pkgs.xmonad-lass}/bin/xmonad & + waitPID=$! + ''; + }]; + + layout = "us"; + xkbModel = "evdev"; + xkbVariant = "altgr-intl"; + xkbOptions = "caps:backspace"; + }; services.logind.extraConfig = '' HandleLidSwitch=ignore @@ -107,4 +109,6 @@ in { twoFingerScroll = true; accelFactor = "0.035"; }; + + services.urxvtd.enable = true; } diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix index 108ff7a1e..9dba5fbfb 100644 --- a/lass/2configs/binary-cache/client.nix +++ b/lass/2configs/binary-cache/client.nix @@ -2,8 +2,14 @@ { nix = { - binaryCaches = ["http://cache.prism.r"]; - binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; + binaryCaches = [ + "http://cache.prism.r" + "https://cache.nixos.org/" + ]; + binaryCachePublicKeys = [ + "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" + ]; }; } diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 88ee70802..6c381863c 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -20,7 +20,7 @@ let createChromiumUser = name: extraGroups: let bin = pkgs.writeScriptBin name '' - /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ + /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@ ''; in { users.extraUsers.${name} = { @@ -43,7 +43,7 @@ let createFirefoxUser = name: extraGroups: let bin = pkgs.writeScriptBin name '' - /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ + /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@ ''; in { users.extraUsers.${name} = { diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index cd11254d6..2bd3e9914 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -216,7 +216,7 @@ in { enable = true; nick = "buildbot-lass"; server = "ni.r"; - channels = [ { channel = "retiolum"; } ]; + channels = [ { channel = "retiolum"; } { channel = "noise"; } ]; allowForce = true; }; }; diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix new file mode 100644 index 000000000..0616c4025 --- /dev/null +++ b/lass/2configs/copyq.nix @@ -0,0 +1,38 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +let + copyqConfig = pkgs.writeDash "copyq-config" '' + ${pkgs.copyq}/bin/copyq config check_clipboard true + ${pkgs.copyq}/bin/copyq config check_selection true + ${pkgs.copyq}/bin/copyq config copy_clipboard true + ${pkgs.copyq}/bin/copyq config copy_selection true + + ${pkgs.copyq}/bin/copyq config activate_closes true + ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 + ${pkgs.copyq}/bin/copyq config clipboard_tab clipboard + ${pkgs.copyq}/bin/copyq config disable_tray true + ${pkgs.copyq}/bin/copyq config hide_tabs true + ${pkgs.copyq}/bin/copyq config hide_toolbar true + ${pkgs.copyq}/bin/copyq config item_popup_interval true + ${pkgs.copyq}/bin/copyq config maxitems 1000 + ${pkgs.copyq}/bin/copyq config move true + ${pkgs.copyq}/bin/copyq config text_wrap true + ''; +in { + systemd.user.services.copyq = { + after = [ "graphical.target" ]; + wants = [ "graphical.target" ]; + wantedBy = [ "default.target" ]; + environment = { + DISPLAY = ":0"; + }; + serviceConfig = { + SyslogIdentifier = "copyq"; + ExecStart = "${pkgs.copyq}/bin/copyq"; + ExecStartPost = copyqConfig; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + }; + }; +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index d1810c00c..3e7881fb4 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -1,5 +1,4 @@ -{ config, lib, pkgs, ... }: - +{ config, pkgs, ... }: with import <stockholm/lib>; { imports = [ @@ -11,6 +10,7 @@ with import <stockholm/lib>; ../2configs/vim.nix ../2configs/monitoring/client.nix ./backups.nix + ./security-workarounds.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) @@ -62,6 +62,12 @@ with import <stockholm/lib>; pkgs.pythonPackages.python ]; } + { + services.dnscrypt-proxy.enable = true; + networking.extraResolvconfConf = '' + name_servers='127.0.0.1' + ''; + } ]; networking.hostName = config.krebs.build.host.name; @@ -129,6 +135,7 @@ with import <stockholm/lib>; #neat utils krebspaste + mosh pciutils pop psmisc @@ -155,6 +162,7 @@ with import <stockholm/lib>; shopt -s histappend histreedit histverify shopt -s no_empty_cmd_completion complete -d cd + LS_COLORS=$LS_COLORS:'di=1;31:' ; export LS_COLORS ''; promptInit = '' if test $UID = 0; then @@ -202,6 +210,7 @@ with import <stockholm/lib>; filter.INPUT.rules = [ { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index d120dfcad..3353cdac0 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -8,11 +8,12 @@ with import <stockholm/lib>; dkim = [ { domain = "lassul.us"; } ]; + primary_hostname = "lassul.us"; sender_domains = [ "lassul.us" "aidsballs.de" ]; - relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ config.krebs.hosts.mors config.krebs.hosts.uriel config.krebs.hosts.helios diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index 29f321994..971be9588 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -9,9 +9,5 @@ in { url = "prism/wallpaper.png"; maxTime = 10; }; - systemd.services.fetchWallpaper = { - after = [ "xmonad.service" ]; - wantedBy = [ "xmonad.service" ]; - }; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 1bcb8c676..d114a826d 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -11,7 +11,6 @@ let DOOM_DIR=''${DOOM_DIR:-~/doom/} ${vdoom} \ -file $DOOM_DIR/lib/brutalv20.pk3 \ - -file $DOOM_DIR/lib/RebotStarcraftMarines.pk3 \ "$@" ''; doom1 = pkgs.writeDashBin "doom1" '' @@ -31,6 +30,31 @@ let ${vdoom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" ''; + doomservercfg = pkgs.writeText "doomserver.cfg" '' + skill 7 + #survival true + #sv_maxlives 4 + #sv_norespawn true + #sv_weapondrop true + no_jump true + #sv_noweaponspawn true + sv_sharekeys true + sv_survivalcountdowntime 1 + sv_noteamselect true + sv_updatemaster false + #sv_coop_loseinventory true + #cl_startasspectator false + #lms_spectatorview false + ''; + + vdoomserver = pkgs.writeDashBin "vdoomserver" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + + ${pkgs.zandronum-bin}/bin/zandronum-server \ + +exec ${doomservercfg} \ + "$@" + ''; + in { environment.systemPackages = with pkgs; [ dwarf_fortress @@ -38,6 +62,7 @@ in { doom2 vdoom1 vdoom2 + vdoomserver ]; users.extraUsers = { @@ -56,4 +81,9 @@ in { security.sudo.extraConfig = '' ${mainUser.name} ALL=(games) NOPASSWD: ALL ''; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 10666"; target = "ACCEPT"; } + { predicate = "-p udp --dport 10666"; target = "ACCEPT"; } + ]; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index bdd65ce09..3e1b2c6e3 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -5,6 +5,7 @@ with import <stockholm/lib>; let out = { + services.nginx.enable = true; krebs.git = { enable = true; cgit = { diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix index 7d4d544aa..a28a6a5d2 100644 --- a/lass/2configs/hfos.nix +++ b/lass/2configs/hfos.nix @@ -8,7 +8,6 @@ with import <stockholm/lib>; extraGroups = [ "libvirtd" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex" - config.krebs.users.lass.pubkey ]; }; @@ -32,4 +31,10 @@ with import <stockholm/lib>; { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } ]; + + krebs.iptables.tables.nat.OUTPUT.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; } + ]; + + systemd.services.krebs-iptables.after = [ "libvirtd.service" ]; } diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix index d551cd44e..1e75271ca 100644 --- a/lass/2configs/hw/tp-x220.nix +++ b/lass/2configs/hw/tp-x220.nix @@ -48,4 +48,9 @@ with import <stockholm/lib>; ]; security.rngd.enable = true; + + services.xserver.synaptics = { + enable = true; + additionalOptions = ''Option "TouchpadOff" "1"''; + }; } diff --git a/lass/2configs/livestream.nix b/lass/2configs/livestream.nix new file mode 100644 index 000000000..c877a8c0a --- /dev/null +++ b/lass/2configs/livestream.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; + +let + + stream = pkgs.writeDashBin "stream" '' + ${pkgs.python27Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@" + ''; + +in { + environment.systemPackages = [ stream ]; +} diff --git a/lass/2configs/monitoring/monit-alarms.nix b/lass/2configs/monitoring/monit-alarms.nix new file mode 100644 index 000000000..65b91a745 --- /dev/null +++ b/lass/2configs/monitoring/monit-alarms.nix @@ -0,0 +1,44 @@ +{pkgs, config, ...}: +with import <stockholm/lib>; +let + echoToIrc = msg: + pkgs.writeDash "echo_irc" '' + set -euf + export LOGNAME=prism-alarm + ${pkgs.irc-announce}/bin/irc-announce \ + ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null + ''; + +in { + krebs.monit = { + enable = true; + http.enable = true; + alarms = { + nirwanabluete = { + test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'"; + alarm = echoToIrc "test nirwanabluete failed"; + }; + ubik = { + test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'"; + alarm = echoToIrc "test ubik failed"; + }; + cac-panel = { + test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'"; + alarm = echoToIrc "test cac-panel failed"; + }; + radio = { + test = pkgs.writeBash "check_stream" '' + ${pkgs.curl}/bin/curl -sif http://lassul.us:8000/radio.ogg \ + | ${pkgs.gawk}/bin/awk '/^\r$/{exit}{print $0}' \ + | ${pkgs.gnugrep}/bin/grep -q "200 OK" || exit "''${PIPESTATUS[0]}" + ''; + alarm = echoToIrc "test radio failed"; + }; + }; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; } + ]; +} + diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix index bbae4511e..b6ccf9cc1 100644 --- a/lass/2configs/monitoring/server.nix +++ b/lass/2configs/monitoring/server.nix @@ -29,7 +29,7 @@ with import <stockholm/lib>; data="$(${pkgs.jq}/bin/jq -r .message)" export LOGNAME=prism-alarm ${pkgs.irc-announce}/bin/irc-announce \ - ni.r 6667 prism-alarm \#retiolum "$data" >/dev/null + ni.r 6667 prism-alarm \#noise "$data" >/dev/null ''; in { enable = true; diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index aef9dd8b4..9c3eafffd 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "f7b7d8e"; + ref = "5b0c9d4"; }; } diff --git a/lass/2configs/screenlock.nix b/lass/2configs/screenlock.nix index 237127f69..b5bc4ee2a 100644 --- a/lass/2configs/screenlock.nix +++ b/lass/2configs/screenlock.nix @@ -5,7 +5,7 @@ before = [ "sleep.target" ]; wantedBy = [ "sleep.target" ]; environment = { - DISPLAY = ":${toString config.services.xserver.display}"; + DISPLAY = ":0"; }; serviceConfig = { SyslogIdentifier = "screenlock"; diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix new file mode 100644 index 000000000..537c8a59b --- /dev/null +++ b/lass/2configs/security-workarounds.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +{ + # http://seclists.org/oss-sec/2017/q1/471 + boot.extraModprobeConfig = '' + install dccp /run/current-system/sw/bin/false + ''; +} diff --git a/lass/2configs/termite.nix b/lass/2configs/termite.nix new file mode 100644 index 000000000..245b89e9c --- /dev/null +++ b/lass/2configs/termite.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; + +{ + environment.systemPackages = [ + pkgs.termite + ]; + + krebs.per-user.lass.packages = let + termitecfg = pkgs.writeTextFile { + name = "termite-config"; + destination = "/etc/xdg/termite/config"; + text = '' + [colors] + foreground = #d0d7d0 + background = #000000 + ''; + }; + in [ + termitecfg + ]; +} diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index c3eac8f38..4e0af0dc7 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -25,7 +25,7 @@ let set hlsearch set incsearch set mouse=a - set noruler + set ruler set pastetoggle=<INS> set runtimepath=${extra-runtimepath},$VIMRUNTIME set shortmess+=I @@ -66,6 +66,7 @@ let "Syntastic config let g:syntastic_python_checkers=['flake8'] + let g:syntastic_python_flake8_post_args='--ignore=E501' nmap <esc>q :buffer nmap <M-q> :buffer diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 024d2eeb2..3a8979427 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -110,7 +110,10 @@ in { ''; enableSSL = true; - extraConfig = "listen 80;"; + extraConfig = '' + listen 80; + listen [::]:80; + ''; sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem"; sslCertificateKey = "/var/lib/acme/lassul.us/key.pem"; }; @@ -123,7 +126,10 @@ in { root /var/lib/acme/acme-challenges; ''; enableSSL = true; - extraConfig = "listen 80;"; + extraConfig = '' + listen 80; + listen [::]:80; + ''; sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem"; }; diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 6e236ab63..6d14de731 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -17,7 +17,10 @@ rec { services.nginx.virtualHosts.${domain} = { enableACME = true; enableSSL = true; - extraConfig = "listen 80;"; + extraConfig = '' + listen 80; + listen [::]:80; + ''; serverAliases = domains; locations."/".extraConfig = '' root /srv/http/${domain}; @@ -29,12 +32,14 @@ rec { let domain = head domains; in { + services.phpfpm.phpPackage = pkgs.php56; services.nginx.virtualHosts."${domain}" = { enableACME = true; enableSSL = true; serverAliases = domains; extraConfig = '' listen 80; + listen [::]:80; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; @@ -148,6 +153,8 @@ rec { serverAliases = domains; extraConfig = '' listen 80; + listen [::]:80; + root /srv/http/${domain}/; index index.php; access_log /tmp/nginx_acc.log; @@ -175,10 +182,10 @@ rec { user = nginx group = nginx pm = dynamic - pm.max_children = 5 - pm.start_servers = 2 + pm.max_children = 15 + pm.start_servers = 3 pm.min_spare_servers = 1 - pm.max_spare_servers = 3 + pm.max_spare_servers = 10 listen.owner = nginx listen.group = nginx php_admin_value[error_log] = 'stderr' diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix deleted file mode 100644 index 0c409ca87..000000000 --- a/lass/2configs/websites/wohnprojekt-rhh.de.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - inherit (import <stockholm/lib>) - genid - ; - inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;}) - ssl - servePage - ; -in { - imports = [ - ( ssl [ "wohnprojekt-rhh.de" ]) - ( servePage [ "wohnprojekt-rhh.de" ]) - ]; - - users.users.laura = { - home = "/srv/http/wohnprojekt-rhh.de"; - createHome = true; - useDefaultShell = true; - }; -} - diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix new file mode 100644 index 000000000..35dbe2044 --- /dev/null +++ b/lass/2configs/xresources.nix @@ -0,0 +1,55 @@ +{ config, pkgs, ... }: + +with import <stockholm/lib>; + +let + + xresources = pkgs.writeText "Xresources" '' + URxvt*scrollBar: false + URxvt*urgentOnBell: true + URxvt*SaveLines: 4096 + URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 + URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 + + ! ref https://github.com/muennich/urxvt-perls + URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl + URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select + URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select + URxvt.url-select.underline: true + URxvt.keysym.M-u: perl:url-select:select_next + URxvt.keysym.M-Escape: perl:keyboard-select:activate + URxvt.keysym.M-s: perl:keyboard-select:search + + URxvt.intensityStyles: false + + URxvt*background: #000000 + URxvt*foreground: #d0d7d0 + + URxvt*cursorColor: #f042b0 + URxvt*cursorColor2: #f0b000 + URxvt*cursorBlink: off + + URxvt*.pointerBlank: true + URxvt*.pointerBlankDelay: 987654321 + URxvt*.pointerColor: #f042b0 + URxvt*.pointerColor2: #050505 + ''; + +in { + systemd.user.services.xresources = { + description = "xresources"; + wantedBy = [ "default.target" ]; + + environment = { + DISPLAY = ":0"; + }; + + restartIfChanged = true; + + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}"; + Restart = "on-failure"; + }; + }; +} diff --git a/lass/2configs/xserver/Xresources.nix b/lass/2configs/xserver/Xresources.nix deleted file mode 100644 index 3049774f8..000000000 --- a/lass/2configs/xserver/Xresources.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -pkgs.writeText "Xresources" '' - URxvt*scrollBar: false - URxvt*urgentOnBell: true - URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* - URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-* - - ! ref https://github.com/muennich/urxvt-perls - URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl - URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select - URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select - URxvt.url-select.underline: true - URxvt.keysym.M-u: perl:url-select:select_next - URxvt.keysym.M-Escape: perl:keyboard-select:activate - URxvt.keysym.M-s: perl:keyboard-select:search - - URxvt.intensityStyles: false - - URxvt*background: #050505 - ! URxvt*background: #041204 - - !URxvt.depth: 32 - !URxvt*background: rgba:0500/0500/0500/cccc - - ! URxvt*background: #080810 - URxvt*foreground: #d0d7d0 - ! URxvt*background: black - ! URxvt*foreground: white - ! URxvt*background: rgb:00/00/40 - ! URxvt*foreground: rgb:a0/a0/d0 - ! XTerm*cursorColor: rgb:00/00/60 - URxvt*cursorColor: #f042b0 - URxvt*cursorColor2: #f0b000 - URxvt*cursorBlink: off - ! URxvt*cursorUnderline: true - ! URxvt*highlightColor: #232323 - ! URxvt*highlightTextColor: #b0ffb0 - - URxvt*.pointerBlank: true - URxvt*.pointerBlankDelay: 987654321 - URxvt*.pointerColor: #f042b0 - URxvt*.pointerColor2: #050505 - - ! URxvt*color0: #000000 - ! URxvt*color1: #c00000 - ! URxvt*color2: #80c070 - URxvt*color3: #c07000 - ! URxvt*color4: #0000c0 - URxvt*color4: #4040c0 - ! URxvt*color5: #c000c0 - ! URxvt*color6: #008080 - URxvt*color7: #c0c0c0 - - URxvt*color8: #707070 - URxvt*color9: #ff6060 - URxvt*color10: #70ff70 - URxvt*color11: #ffff70 - URxvt*color12: #7070ff - URxvt*color13: #ff50ff - URxvt*color14: #70ffff - URxvt*color15: #ffffff - -'' diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix deleted file mode 100644 index cba4db766..000000000 --- a/lass/2configs/xserver/default.nix +++ /dev/null @@ -1,147 +0,0 @@ -{ config, pkgs, ... }@args: -with import <stockholm/lib>; -let - user = config.krebs.build.user; - - copyqConfig = pkgs.writeDash "copyq-config" '' - ${pkgs.copyq}/bin/copyq config check_clipboard true - ${pkgs.copyq}/bin/copyq config check_selection true - ${pkgs.copyq}/bin/copyq config copy_clipboard true - ${pkgs.copyq}/bin/copyq config copy_selection true - - ${pkgs.copyq}/bin/copyq config activate_closes true - ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 - ${pkgs.copyq}/bin/copyq config clipboard_tab &clipboard - ${pkgs.copyq}/bin/copyq config disable_tray true - ${pkgs.copyq}/bin/copyq config hide_tabs true - ${pkgs.copyq}/bin/copyq config hide_toolbar true - ${pkgs.copyq}/bin/copyq config item_popup_interval true - ${pkgs.copyq}/bin/copyq config maxitems 1000 - ${pkgs.copyq}/bin/copyq config move true - ${pkgs.copyq}/bin/copyq config text_wrap true - ''; -in { - - environment.systemPackages = [ - pkgs.gitAndTools.qgit - pkgs.mpv - pkgs.sxiv - pkgs.xsel - pkgs.zathura - ]; - - fonts.fonts = [ - pkgs.xlibs.fontschumachermisc - ]; - - services.xserver = { - enable = true; - display = 11; - tty = 11; - - synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - }; - - layout = "us"; - xkbVariant = "altgr-intl"; - xkbOptions = "caps:backspace"; - }; - - systemd.services.display-manager.enable = false; - - systemd.services.xmonad = { - wantedBy = [ "multi-user.target" ]; - requires = [ "xserver.service" ]; - environment = { - DISPLAY = ":${toString config.services.xserver.display}"; - - XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' - ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & - ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args} & - ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' & - wait - ''; - - XMONAD_STATE = "/tmp/xmonad.state"; - - # XXX JSON is close enough :) - XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ - "dashboard" # we start here - ]); - }; - serviceConfig = { - SyslogIdentifier = "xmonad"; - ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; - ExecStop = pkgs.writeScript "xmonad-stop" '' - #! /bin/sh - ${pkgs.xmonad-lass}/bin/xmonad --shutdown - ${pkgs.coreutils}/bin/sleep 2s - ''; - User = user.name; - WorkingDirectory = user.home; - }; - }; - - systemd.services.xserver = { - after = [ - "systemd-udev-settle.service" - "local-fs.target" - "acpid.service" - ]; - reloadIfChanged = true; - environment = { - XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension. - XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. - LD_LIBRARY_PATH = concatStringsSep ":" ( - [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ] - ++ concatLists (catAttrs "libPath" config.services.xserver.drivers)); - }; - serviceConfig = { - SyslogIdentifier = "xserver"; - ExecReload = "${pkgs.coreutils}/bin/echo NOP"; - ExecStart = toString [ - "${pkgs.xorg.xorgserver}/bin/X" - ":${toString config.services.xserver.display}" - "vt${toString config.services.xserver.tty}" - "-config ${import ./xserver.conf.nix args}" - "-logfile /dev/null -logverbose 0 -verbose 3" - "-nolisten tcp" - "-xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb" - ]; - }; - }; - - systemd.services.urxvtd = { - wantedBy = [ "multi-user.target" ]; - reloadIfChanged = true; - serviceConfig = { - SyslogIdentifier = "urxvtd"; - ExecReload = "${pkgs.coreutils}/bin/echo NOP"; - ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd"; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - User = user.name; - }; - }; - - systemd.services.copyq = { - wantedBy = [ "multi-user.target" ]; - requires = [ "xserver.service" ]; - environment = { - DISPLAY = ":${toString config.services.xserver.display}"; - }; - serviceConfig = { - SyslogIdentifier = "copyq"; - ExecStart = "${pkgs.copyq}/bin/copyq"; - ExecStartPost = copyqConfig; - Restart = "always"; - RestartSec = "2s"; - StartLimitBurst = 0; - User = user.name; - }; - }; -} diff --git a/lass/2configs/xserver/xserver.conf.nix b/lass/2configs/xserver/xserver.conf.nix deleted file mode 100644 index 6f34e0150..000000000 --- a/lass/2configs/xserver/xserver.conf.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -let - cfg = config.services.xserver; -in - -pkgs.stdenv.mkDerivation { - name = "xserver.conf"; - - xfs = optionalString (cfg.useXFS != false) - ''FontPath "${toString cfg.useXFS}"''; - - inherit (cfg) config; - - buildCommand = - '' - echo 'Section "Files"' >> $out - echo $xfs >> $out - - for i in ${toString config.fonts.fonts}; do - if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then - for j in $(find $i -name fonts.dir); do - echo " FontPath \"$(dirname $j)\"" >> $out - done - fi - done - - for i in $(find ${toString cfg.modules} -type d); do - if test $(echo $i/*.so* | wc -w) -ne 0; then - echo " ModulePath \"$i\"" >> $out - fi - done - - echo 'EndSection' >> $out - - echo "$config" >> $out - ''; -} diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index dd4d8803c..bc70417f5 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -22,7 +22,7 @@ import XMonad import qualified XMonad.StackSet as W import Control.Exception import Data.List (isInfixOf) -import System.Environment (getArgs, withArgs, getEnv) +import System.Environment (getArgs, withArgs) import System.IO (hPutStrLn, stderr) import System.Posix.Process (executeFile) import Text.Read (readEither) @@ -60,21 +60,17 @@ main = getArgs >>= \case mainNoArgs :: IO () mainNoArgs = do - workspaces0 <- getWorkspaces0 xmonad' $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ def { terminal = urxvtcPath , modMask = mod4Mask - , workspaces = workspaces0 , layoutHook = smartBorders $ myLayoutHook , manageHook = placeHook (smart (1,0)) <+> floatNextHook - , startupHook = do - path <- liftIO (getEnv "XMONAD_STARTUP_HOOK") - forkFile path [] Nothing , normalBorderColor = "#1c1c1c" , focusedBorderColor = "#f000b0" , handleEventHook = handleShutdownEvent + , workspaces = [ "dashboard" ] } `additionalKeysP` myKeyMap myLayoutHook = defLayout @@ -84,7 +80,7 @@ myLayoutHook = defLayout xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO () xmonad' conf = do - path <- getEnv "XMONAD_STATE" + let path = "/tmp/xmonad.state" try (readFile path) >>= \case Right content -> do hPutStrLn stderr ("resuming from " ++ path) @@ -93,25 +89,13 @@ xmonad' conf = do hPutStrLn stderr (displaySomeException e) xmonad conf -getWorkspaces0 :: IO [String] -getWorkspaces0 = - try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case - Left e -> warn (displaySomeException e) - Right p -> try (readFile p) >>= \case - Left e -> warn (displaySomeException e) - Right x -> case readEither x of - Left e -> warn e - Right y -> return y - where - warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return [] - displaySomeException :: SomeException -> String displaySomeException = displayException myKeyMap :: [([Char], X ())] myKeyMap = - [ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f") + [ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i $HOME/wallpaper -f") , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 18dc644fd..910493026 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -35,6 +35,7 @@ in { # ../2configs/opentracker.nix ../2configs/logging/central-stats-client.nix + ../2configs/logging/central-logging-client.nix ]; services.smartd.devices = [ { device = "/dev/sda";} ]; @@ -64,7 +65,7 @@ in { # access users.users = { root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ]; - makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; + makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ]; }; # Chat diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 9fd329d10..2457ab92e 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -25,6 +25,7 @@ in { # collectd ../2configs/logging/central-stats-client.nix + ../2configs/logging/central-logging-client.nix ../2configs/tinc/retiolum.nix # ../2configs/torrent.nix diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index adbf372ab..08da92068 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -10,9 +10,10 @@ ../2configs/main-laptop.nix ../2configs/laptop-utils.nix ../2configs/laptop-backup.nix + ../2configs/dnscrypt.nix # testing - ../2configs/openvpn/vpngate.nix + # ../2configs/openvpn/vpngate.nix #../2configs/temp/share-samba.nix # ../2configs/mediawiki.nix # ../2configs/wordpress.nix @@ -26,7 +27,6 @@ #../2configs/elchos/stats.nix #../2configs/elchos/test/ftpservers.nix - ../2configs/laptop-backup.nix # ../2configs/tinc/siem.nix #../2configs/torrent.nix # temporary modules @@ -59,7 +59,7 @@ # hardware specifics are in here ../2configs/hw/tp-x230.nix ../2configs/hw/rtl8812au.nix - ../2configs/hw/bcm4352.nix + # mount points ../2configs/fs/sda-crypto-root-home.nix diff --git a/makefu/2configs/dnscrypt.nix b/makefu/2configs/dnscrypt.nix new file mode 100644 index 000000000..d810456f3 --- /dev/null +++ b/makefu/2configs/dnscrypt.nix @@ -0,0 +1,6 @@ +{ + services.dnscrypt-proxy.enable = true; + networking.extraResolvconfConf = '' + name_servers='127.0.0.1' + ''; +} diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index d780e2a03..8036e5765 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -101,6 +101,7 @@ browser = "firefox" -- I suggest you to remap Mod4 to another key using xmodmap or other tools. -- However, you can use another modifier like Mod1, but it may interact with others. modkey = "@modkey@" +-- modkey = "Mod4" -- Table of layouts to cover with awful.layout.inc, order matters. awful.layout.layouts = @@ -116,10 +117,24 @@ awful.layout.layouts = -- awful.layout.suit.spiral.dwindle, awful.layout.suit.max, awful.layout.suit.max.fullscreen, --- awful.layout.suit.magnifier, + awful.layout.suit.magnifier, awful.layout.suit.corner.nw } -- }}} +-- {{{ Helper Functions +local function client_menu_toggle_fn() + local instance = nil + + return function () + if instance and instance.wibox.visible then + instance:hide() + instance = nil + else + instance = awful.menu.clients({ theme = { width = 250 } }) + end + end +end +-- }}} -- {{{ Wallpaper if beautiful.wallpaper then @@ -166,50 +181,51 @@ mytextclock = wibox.widget.textclock() -- Create a wibox for each screen and add it mywibox = {} mylayoutbox = {} -mytaglist = {} -mytaglist.buttons = awful.util.table.join( - awful.button({ }, 1, awful.tag.viewonly), - awful.button({ modkey }, 1, awful.client.movetotag), - awful.button({ }, 3, awful.tag.viewtoggle), - awful.button({ modkey }, 3, awful.client.toggletag), - awful.button({ }, 4, function(t) awful.tag.viewnext(awful.tag.getscreen(t)) end), - awful.button({ }, 5, function(t) awful.tag.viewprev(awful.tag.getscreen(t)) end) - ) -mytasklist = {} -mytasklist.buttons = awful.util.table.join( - awful.button({ }, 1, function (c) - if c == client.focus then - c.minimized = true - else - -- Without this, the following - -- :isvisible() makes no sense - c.minimized = false - if not c:isvisible() then - awful.tag.viewonly(c:tags()[1]) - end - -- This will also un-minimize - -- the client, if needed - client.focus = c - c:raise() + +-- Create a wibox for each screen and add it +local taglist_buttons = awful.util.table.join( + awful.button({ }, 1, function(t) t:view_only() end), + awful.button({ modkey }, 1, function(t) + if client.focus then + client.focus:move_to_tag(t) end end), - awful.button({ }, 3, function () - if instance then - instance:hide() - instance = nil - else - instance = awful.menu.clients({ width=250 }) + awful.button({ }, 3, awful.tag.viewtoggle), + awful.button({ modkey }, 3, function(t) + if client.focus then + client.focus:toggle_tag(t) end end), + awful.button({ }, 4, function(t) awful.tag.viewnext(t.screen) end), + awful.button({ }, 5, function(t) awful.tag.viewprev(t.screen) end) + ) + +local tasklist_buttons = awful.util.table.join( + awful.button({ }, 1, function (c) + if c == client.focus then + c.minimized = true + else + -- Without this, the following + -- :isvisible() makes no sense + c.minimized = false + if not c:isvisible() and c.first_tag then + c.first_tag:view_only() + end + -- This will also un-minimize + -- the client, if needed + client.focus = c + c:raise() + end + end), + awful.button({ }, 3, client_menu_toggle_fn()), awful.button({ }, 4, function () awful.client.focus.byidx(1) - if client.focus then client.focus:raise() end end), awful.button({ }, 5, function () awful.client.focus.byidx(-1) - if client.focus then client.focus:raise() end end)) + local function set_wallpaper(s) -- Wallpaper if beautiful.wallpaper then diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix index 9d73afbe0..ad39848b6 100644 --- a/nin/2configs/nixpkgs.nix +++ b/nin/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "6b28bd0daf00b8e5e370a04347844cb8614138ff"; + ref = "6651c72"; }; } |