summaryrefslogtreecommitdiffstats
path: root/lass/1systems
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2019-04-13 14:07:30 +0200
committertv <tv@krebsco.de>2019-04-13 14:07:30 +0200
commit0430fbbbfeef5f7d6188ec70d7f084ffa1cb1a46 (patch)
tree38daa64159448bc750de5b3c6692c7e2027ed4c7 /lass/1systems
parent39fba33bed71c7553da47e56c5e34a0389950c71 (diff)
parentbb2f8b9b920287df33e194a3b62d86669d8e6ddd (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/1systems')
-rw-r--r--lass/1systems/blue/config.nix31
-rw-r--r--lass/1systems/blue/physical.nix1
-rw-r--r--lass/1systems/blue/source.nix20
-rw-r--r--lass/1systems/daedalus/physical.nix4
-rw-r--r--lass/1systems/green/config.nix28
-rw-r--r--lass/1systems/green/physical.nix7
-rw-r--r--lass/1systems/green/source.nix14
-rw-r--r--lass/1systems/icarus/config.nix3
-rw-r--r--lass/1systems/icarus/physical.nix2
-rw-r--r--lass/1systems/littleT/config.nix1
-rw-r--r--lass/1systems/mors/config.nix12
-rw-r--r--lass/1systems/mors/physical.nix4
-rw-r--r--lass/1systems/prism/config.nix22
-rw-r--r--lass/1systems/red/physical.nix1
-rw-r--r--lass/1systems/shodan/physical.nix4
-rw-r--r--lass/1systems/skynet/config.nix1
-rw-r--r--lass/1systems/yellow/config.nix5
-rw-r--r--lass/1systems/yellow/physical.nix1
18 files changed, 110 insertions, 51 deletions
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
index a84bb37f6..a287f548b 100644
--- a/lass/1systems/blue/config.nix
+++ b/lass/1systems/blue/config.nix
@@ -8,21 +8,29 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/blue.nix>
+ <stockholm/lass/2configs/syncthing.nix>
];
krebs.build.host = config.krebs.hosts.blue;
+ krebs.syncthing.folders = [
+ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
+ ];
+ lass.ensure-permissions = [
+ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
+ ];
+
environment.shellAliases = {
deploy = pkgs.writeDash "deploy" ''
set -eu
export SYSTEM="$1"
- $(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
+ $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
'';
};
networking.nameservers = [ "1.1.1.1" ];
- lass.restic = genAttrs [
+ services.restic.backups = genAttrs [
"daedalus"
"icarus"
"littleT"
@@ -30,20 +38,19 @@ with import <stockholm/lib>;
"shodan"
"skynet"
] (dest: {
- dirs = [
- "/home/"
- "/var/lib"
+ initialize = true;
+ extraOptions = [
+ "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
];
+ repository = "sftp:backup@${dest}.r:/backups/blue";
passwordFile = (toString <secrets>) + "/restic/${dest}";
- repo = "sftp:backup@${dest}.r:/backups/blue";
- extraArguments = [
- "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
+ timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
+ paths = [
+ "/home/"
+ "/var/lib"
];
- timerConfig = {
- OnCalendar = "00:05";
- RandomizedDelaySec = "5h";
- };
});
+
time.timeZone = "Europe/Berlin";
users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
}
diff --git a/lass/1systems/blue/physical.nix b/lass/1systems/blue/physical.nix
index 7499ff723..b6aa3a894 100644
--- a/lass/1systems/blue/physical.nix
+++ b/lass/1systems/blue/physical.nix
@@ -4,5 +4,4 @@
];
boot.isContainer = true;
networking.useDHCP = false;
- environment.variables.NIX_REMOTE = "daemon";
}
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
index a52771a4d..21f3a8bd5 100644
--- a/lass/1systems/blue/source.nix
+++ b/lass/1systems/blue/source.nix
@@ -1,20 +1,14 @@
{ lib, pkgs, ... }:
{
nixpkgs = lib.mkForce {
- derivation = let
- rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
- sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
- in ''
- with import (builtins.fetchTarball {
- url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
- sha256 = "${sha256}";
- }) {};
- pkgs.fetchFromGitHub {
+ file = {
+ path = toString (pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
- rev = "${rev}";
- sha256 = "${sha256}";
- }
- '';
+ rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
+ sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
+ });
+ useChecksum = true;
+ };
};
}
diff --git a/lass/1systems/daedalus/physical.nix b/lass/1systems/daedalus/physical.nix
index 33a0cb473..d10ced7da 100644
--- a/lass/1systems/daedalus/physical.nix
+++ b/lass/1systems/daedalus/physical.nix
@@ -11,6 +11,10 @@
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
+ "/backups" = {
+ device = "/dev/pool/backup";
+ fsType = "ext4";
+ };
};
services.udev.extraRules = ''
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
new file mode 100644
index 000000000..6ae157e38
--- /dev/null
+++ b/lass/1systems/green/config.nix
@@ -0,0 +1,28 @@
+with import <stockholm/lib>;
+{ config, lib, pkgs, ... }:
+{
+ imports = [
+ <stockholm/lass>
+ <stockholm/lass/2configs>
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/exim-retiolum.nix>
+ <stockholm/lass/2configs/mail.nix>
+
+ #<stockholm/lass/2configs/blue.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.green;
+
+ krebs.syncthing.folders = [
+ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
+ ];
+ lass.ensure-permissions = [
+ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
+ ];
+
+
+ #networking.nameservers = [ "1.1.1.1" ];
+
+ #time.timeZone = "Europe/Berlin";
+}
diff --git a/lass/1systems/green/physical.nix b/lass/1systems/green/physical.nix
new file mode 100644
index 000000000..b6aa3a894
--- /dev/null
+++ b/lass/1systems/green/physical.nix
@@ -0,0 +1,7 @@
+{
+ imports = [
+ ./config.nix
+ ];
+ boot.isContainer = true;
+ networking.useDHCP = false;
+}
diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix
new file mode 100644
index 000000000..21f3a8bd5
--- /dev/null
+++ b/lass/1systems/green/source.nix
@@ -0,0 +1,14 @@
+{ lib, pkgs, ... }:
+{
+ nixpkgs = lib.mkForce {
+ file = {
+ path = toString (pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
+ sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
+ });
+ useChecksum = true;
+ };
+ };
+}
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index d2d4bd3eb..06b1e7366 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -17,6 +17,9 @@
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/blue-host.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ <stockholm/lass/2configs/nfs-dl.nix>
+ <stockholm/lass/2configs/prism-share.nix>
];
krebs.build.host = config.krebs.hosts.icarus;
diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix
index 6cc77a47d..d764dabc1 100644
--- a/lass/1systems/icarus/physical.nix
+++ b/lass/1systems/icarus/physical.nix
@@ -17,4 +17,6 @@
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
+
+ services.thinkfan.enable = true;
}
diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix
index 7fe143c3c..eee23ee60 100644
--- a/lass/1systems/littleT/config.nix
+++ b/lass/1systems/littleT/config.nix
@@ -7,6 +7,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/blue-host.nix>
+ <stockholm/lass/2configs/syncthing.nix>
];
networking.networkmanager.enable = true;
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index f35ebff56..fa5fb5518 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -36,7 +36,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/nfs-dl.nix>
- <stockholm/lass/2configs/hardening.nix>
+ #<stockholm/lass/2configs/hardening.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain
@@ -49,6 +49,16 @@ with import <stockholm/lib>;
];
}
{
+ krebs.syncthing.folders = [
+ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
+ { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; }
+ ];
+ lass.ensure-permissions = [
+ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
+ { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
+ ];
+ }
+ {
lass.umts = {
enable = true;
modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09";
diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix
index 680dc9bde..25425f146 100644
--- a/lass/1systems/mors/physical.nix
+++ b/lass/1systems/mors/physical.nix
@@ -15,6 +15,10 @@
device = "/dev/mapper/pool-virtual";
fsType = "ext4";
};
+ "/backups" = {
+ device = "/dev/pool/backup";
+ fsType = "ext4";
+ };
};
services.udev.extraRules = ''
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 23746d210..b3b7ac0df 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -109,25 +109,6 @@ with import <stockholm/lib>;
localAddress = "10.233.2.2";
};
}
- {
- #onondaga
- systemd.services."container@onondaga".reloadIfChanged = mkForce false;
- containers.onondaga = {
- config = { ... }: {
- imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
- environment.systemPackages = [ pkgs.git ];
- services.openssh.enable = true;
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass.pubkey
- ];
- };
- autoStart = true;
- enableTun = true;
- privateNetwork = true;
- hostAddress = "10.233.2.5";
- localAddress = "10.233.2.6";
- };
- }
<stockholm/lass/2configs/exim-smarthost.nix>
<stockholm/lass/2configs/ts3.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
@@ -139,7 +120,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/reaktor-coders.nix>
<stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
- <stockholm/lass/2configs/monitoring/prometheus-server.nix>
{ # quasi bepasty.nix
imports = [
<stockholm/lass/2configs/bepasty.nix>
@@ -286,6 +266,7 @@ with import <stockholm/lib>;
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse"
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbsRjUwOMnxAt/K6A2M/33PbwQCEYVfqfmkXBwkw/L+ZLCnVxfdxJ79ds1k6kyUVcxfHcvxGvUCcM0wr4T7aaP79fsfSf3lcOgySeAtkQjfQL+IdMk0FQVz612cTPg2uWhMFvHGkGSBvSbKNw72RnUaw9qlF8fBx22FozrlmnbY4APTXeqwiF0VeBMq8qr4H9NdIoIFIcq398jn/Na8gYLUfmuDw18AWCt+u7Eg0B/qIU0hi/gK40Lk9+g8Nn19SCad1YOgNDG7aNpEwgT7I7BNXC5oLD31QKKuXmBa/mCLqRLAGW2sJ2ZhBR4tPLMgNrxtn2jxzVVjY+v3bWQnPocB9H9PsdtdNrULLfeJ4y9a3p3kfOzOgYMrnPAjasrkiIyOBBNEFAn/bbvpH01glbF8tVMcPOSD+W89oxTBEgqk6w34QAfySDMW34dIUHeq82v+X0wN9SK6xbBRBsjSpAC4ZcNyzl1JLIMcdZ5mbQXakD3kzDFs5kfjxlkrp3S5gqiSmCp5w/osykjxSH6wnPPCcgzpCBNGRULKw5vbzDSnLAQ3nSYB9tIj4Hp62XymsxVnY+6MsVVy206BYAXrKJomK7sIeLL2wIMYNnAUdSBjqQ5IEE2m+5+YaK0NMNsk2munNrN96ZE3r5xe/BDqfaLMpPfosOTXBtT7tLMlV6zkQ== palo@workout"
];
}
{
@@ -386,6 +367,7 @@ with import <stockholm/lib>;
lass-icarus.pubkey
lass-daedalus.pubkey
lass-helios.pubkey
+ lass-android.pubkey
makefu.pubkey
wine-mors.pubkey
];
diff --git a/lass/1systems/red/physical.nix b/lass/1systems/red/physical.nix
index 7499ff723..b6aa3a894 100644
--- a/lass/1systems/red/physical.nix
+++ b/lass/1systems/red/physical.nix
@@ -4,5 +4,4 @@
];
boot.isContainer = true;
networking.useDHCP = false;
- environment.variables.NIX_REMOTE = "daemon";
}
diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix
index 4a550d0a4..41508127c 100644
--- a/lass/1systems/shodan/physical.nix
+++ b/lass/1systems/shodan/physical.nix
@@ -38,6 +38,10 @@
device = "/dev/pool/bku";
fsType = "btrfs";
};
+ "/backups" = {
+ device = "/dev/pool/backup";
+ fsType = "ext4";
+ };
};
services.udev.extraRules = ''
diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
index 4b806af7b..0bf3e6b4d 100644
--- a/lass/1systems/skynet/config.nix
+++ b/lass/1systems/skynet/config.nix
@@ -7,6 +7,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/power-action.nix>
+ <stockholm/lass/2configs/syncthing.nix>
{
services.xserver.enable = true;
services.xserver.desktopManager.xfce.enable = true;
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 9d8bcd7be..8b3b2814f 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -11,7 +11,8 @@ with import <stockholm/lib>;
system.activationScripts.downloadFolder = ''
mkdir -p /var/download
- chown download:download /var/download
+ chown transmission:download /var/download
+ chown transmission:download /var/download/finished
chmod 775 /var/download
'';
@@ -43,7 +44,7 @@ with import <stockholm/lib>;
fancyindex
];
};
- virtualHosts."dl" = {
+ virtualHosts.default = {
default = true;
locations."/Nginx-Fancyindex-Theme-dark" = {
extraConfig = ''
diff --git a/lass/1systems/yellow/physical.nix b/lass/1systems/yellow/physical.nix
index 7499ff723..b6aa3a894 100644
--- a/lass/1systems/yellow/physical.nix
+++ b/lass/1systems/yellow/physical.nix
@@ -4,5 +4,4 @@
];
boot.isContainer = true;
networking.useDHCP = false;
- environment.variables.NIX_REMOTE = "daemon";
}