From 0901d6e6f8e5357cd06b0d6832bdbde6251b7de3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 19 May 2017 00:24:52 +0200 Subject: lib/types: add managed bool to host type --- lib/types.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/types.nix b/lib/types.nix index 30de5e177..530cd1e69 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -31,6 +31,13 @@ rec { default = null; }; + managed = mkOption { + description = '' + If true, then the host's configuration is defined in stockholm. + ''; + type = bool; + }; + owner = mkOption { type = user; }; -- cgit v1.2.3 From a9f0332f9c70088101b85c73d55e265813d94fd7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 19 May 2017 00:25:27 +0200 Subject: k 3 l: define `managed` for every host --- krebs/3modules/lass/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index b86e05319..0e1cbd876 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -3,7 +3,10 @@ with import ; { - hosts = mapAttrs (_: setAttr "owner" config.krebs.users.lass) { + hosts = mapAttrs (_: recursiveUpdate { + owner = config.krebs.users.lass; + managed = true; + }) { dishfire = { cores = 4; nets = rec { @@ -124,6 +127,7 @@ with import ; ssh.port = 2223; }; }; + managed = false; }; cloudkrebs = { cores = 1; @@ -300,6 +304,7 @@ with import ; }; iso = { cores = 1; + managed = false; }; sokrateslaptop = { nets = { @@ -321,6 +326,7 @@ with import ; ''; }; }; + managed = false; }; }; users = { -- cgit v1.2.3 From fa08ca88dee73ac0a0b888e114ab1df3ecf4c0fa Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 19 May 2017 00:27:25 +0200 Subject: l 3 hosts: filter unmanaged hosts --- lass/3modules/hosts.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/3modules/hosts.nix b/lass/3modules/hosts.nix index 125819bb0..7e3af10be 100644 --- a/lass/3modules/hosts.nix +++ b/lass/3modules/hosts.nix @@ -6,7 +6,7 @@ with import ; options.lass.hosts = mkOption { type = types.attrsOf types.host; default = - filterAttrs (_: host: host.owner.name == "lass") + filterAttrs (_: host: host.owner.name == "lass" && host.managed) config.krebs.hosts; }; } -- cgit v1.2.3 From 6ff1f811366215b82e892cb75dd9419a6de06f4d Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 22 May 2017 17:20:58 +0200 Subject: l 2 baseX: enable X forwarding --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 9c51effdc..65dc6b6e9 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -33,6 +33,7 @@ in { time.timeZone = "Europe/Berlin"; programs.ssh.startAgent = false; + services.openssh.forwardX11 = true; services.printing = { enable = true; -- cgit v1.2.3 From a5390438dc08684a543e7260ff3377001c8bd5b0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 22 May 2017 17:22:28 +0200 Subject: l 2 retiolum: add tinc to systemPackages --- lass/2configs/retiolum.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 7f1b36c96..e7779f53e 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -1,4 +1,4 @@ -{ ... }: +{ pkgs, ... }: { @@ -25,4 +25,8 @@ nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + + environment.systemPackages = [ + pkgs.tinc + ]; } -- cgit v1.2.3 From fee2fa19585403a568242f3bdd870477b9cf97e7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 22 May 2017 17:24:58 +0200 Subject: l 2 nixpkgs: 2bb9c1c -> f469354 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 49c44aa88..c6620afaa 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "2bb9c1c"; + ref = "f469354"; }; } -- cgit v1.2.3 From 7545d799ddb4d4cb79a51fda3ac95262bdc15d22 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 22 May 2017 17:28:19 +0200 Subject: il 2: move dnscrypt & dnsmasq to dns-stuff.nix --- lass/2configs/baseX.nix | 1 + lass/2configs/default.nix | 9 --------- lass/2configs/dns-stuff.nix | 31 +++++++++++++++++++++++++++++++ 3 files changed, 32 insertions(+), 9 deletions(-) create mode 100644 lass/2configs/dns-stuff.nix diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 65dc6b6e9..3e2e325d8 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -10,6 +10,7 @@ in { ./copyq.nix ./xresources.nix ./livestream.nix + ./dns-stuff.nix { hardware.pulseaudio = { enable = true; diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index ffed5bb70..d7deb3165 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -63,15 +63,6 @@ with import ; pkgs.pythonPackages.python ]; } - { - services.dnscrypt-proxy = { - enable = true; - resolverName = "cs-de"; - }; - networking.extraResolvconfConf = '' - name_servers='127.0.0.1' - ''; - } ]; networking.hostName = config.krebs.build.host.name; diff --git a/lass/2configs/dns-stuff.nix b/lass/2configs/dns-stuff.nix new file mode 100644 index 000000000..b52d3050b --- /dev/null +++ b/lass/2configs/dns-stuff.nix @@ -0,0 +1,31 @@ +{ config, pkgs, ... }: +with import ; +{ + services.dnscrypt-proxy = { + enable = true; + localAddress = "127.1.0.1"; + resolverName = "cs-de"; + }; + services.dnsmasq = { + enable = true; + extraConfig = '' + server=127.1.0.1 + server=/dn42/172.23.75.6 + #no-resolv + cache-size=1000 + min-cache-ttl=3600 + bind-dynamic + all-servers + dnssec + trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 + address=/blog/127.0.0.1 + address=/blog/::1 + rebind-domain-ok=/onion/ + server=/.onion/127.0.0.1#9053 + port=53 + ''; + }; + networking.extraResolvconfConf = '' + name_servers='127.0.0.1' + ''; +} -- cgit v1.2.3 From 28b6e5d218ca984c3e34fd5385ea343a0bd3d39a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 May 2017 19:57:03 +0200 Subject: l 1 mors: enable elasticsearch --- lass/1systems/mors.nix | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index c8d9465d5..dd3777c64 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -32,14 +32,11 @@ with import ; { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } ]; } - #{ - # services.elasticsearch = { - # enable = true; - # plugins = [ - # # pkgs.elasticsearchPlugins.elasticsearch_kopf - # ]; - # }; - #} + { + services.elasticsearch = { + enable = true; + }; + } { #zalando project services.postgresql = { -- cgit v1.2.3 From a44e215d31c019fda6b0783f0d07cbd8072f919e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 May 2017 20:34:12 +0200 Subject: l 2 websites domsen: remove www. from domains --- lass/2configs/websites/domsen.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 581b37d91..62945755d 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -25,8 +25,8 @@ in { imports = [ ./sqlBackup.nix (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (servePage [ "karlaskop.de" "www.karlaskop.de" ]) - (servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) + (servePage [ "karlaskop.de" ]) + (servePage [ "makeup.apanowicz.de" ]) (servePage [ "pixelpocket.de" ]) (serveOwncloud [ "o.ubikmedia.de" ]) (serveWordpress [ -- cgit v1.2.3 From d1321d64118fa50d0082e79a8fc74613aa0cb66a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 May 2017 20:35:42 +0200 Subject: l 2 websites habsys.*: fritz -> domsen --- lass/2configs/websites/domsen.nix | 1 + lass/2configs/websites/fritz.nix | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 62945755d..b0d28d4da 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -28,6 +28,7 @@ in { (servePage [ "karlaskop.de" ]) (servePage [ "makeup.apanowicz.de" ]) (servePage [ "pixelpocket.de" ]) + (servePage [ "habsys.de" "habsys.eu" ]) (serveOwncloud [ "o.ubikmedia.de" ]) (serveWordpress [ "ubikmedia.de" diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 9bf7e4a9c..45927b102 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -40,8 +40,6 @@ in { (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ]) - (servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ]) - (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ]) ]; -- cgit v1.2.3 From ad1e4cb239bfbb39be977c3fdf2f5f172bb5a4f5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 May 2017 20:36:23 +0200 Subject: l 3 pyload: init --- lass/3modules/default.nix | 1 + lass/3modules/pyload.nix | 55 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 lass/3modules/pyload.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 73692446a..fd353e008 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -6,6 +6,7 @@ _: ./hosts.nix ./mysql-backup.nix ./news.nix + ./pyload.nix ./umts.nix ./usershadow.nix ./xresources.nix diff --git a/lass/3modules/pyload.nix b/lass/3modules/pyload.nix new file mode 100644 index 000000000..6f29ffb17 --- /dev/null +++ b/lass/3modules/pyload.nix @@ -0,0 +1,55 @@ +{ config, lib, pkgs, ... }: + +with import ; + +let + cfg = config.lass.pyload; + + out = { + options.lass.pyload = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "pyload"; + user = mkOption { + type = types.str; + default = "download"; + }; + }; + + imp = { + + krebs.per-user.${cfg.user}.packages = [ + pkgs.pyload + pkgs.spidermonkey + pkgs.tesseract + ]; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 9099"; target = "ACCEPT"; } + ]; + systemd.services.pyload = { + description = "pyload"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + path = with pkgs; [ + pyload + spidermonkey + tesseract + dnsmasq + ]; + + restartIfChanged = true; + + serviceConfig = { + Restart = "always"; + ExecStart = "${pkgs.pyload}/bin/pyLoadCore"; + User = cfg.user; + }; + }; + + }; + +in out -- cgit v1.2.3 From 71719f2929c2dae1c431c09c517d8c49c7610b30 Mon Sep 17 00:00:00 2001 From: nin Date: Tue, 23 May 2017 22:45:52 +0200 Subject: n 2: change search-domain to r --- nin/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index a1ed76d98..cb02521ce 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -59,7 +59,7 @@ with import ; krebs = { enable = true; - search-domain = "retiolum"; + search-domain = "r"; build = { user = config.krebs.users.nin; source = let inherit (config.krebs.build) host; in { -- cgit v1.2.3 From 5f92b6b0a27ac6ed3289c0df96ebb9be664c0464 Mon Sep 17 00:00:00 2001 From: nin Date: Tue, 23 May 2017 22:51:09 +0200 Subject: n 2 nixpkgs: 5b0c9d4 -> 0afb6d7 --- nin/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix index 9c3eafffd..14ddb7920 100644 --- a/nin/2configs/nixpkgs.nix +++ b/nin/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "5b0c9d4"; + ref = "0afb6d7"; }; } -- cgit v1.2.3 From e497faf8ec755da17e790782909a7aa8de7e0677 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 May 2017 23:35:31 +0200 Subject: l 2 bepasty: allow write for externals --- lass/2configs/bepasty.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix index c2bc3f3cd..b2d40d4f3 100644 --- a/lass/2configs/bepasty.nix +++ b/lass/2configs/bepasty.nix @@ -35,7 +35,7 @@ in { forceSSL = true; enableACME = true; }; - defaultPermissions = "read"; + defaultPermissions = "read,create"; secretKey = secKey; }); }; -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/4b100000.lock: No such file or directory (2)