From dede52e436625471e905360d4d78d5a9c5d6fe81 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 10 Sep 2017 13:05:34 +0200 Subject: ma x: steam is now a tool --- makefu/1systems/x/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index faa29f3db..892eb1095 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -56,7 +56,6 @@ with import ; - # # Hardware -- cgit v1.2.3 From 2b4d7d951299d7dada001476872d809310f40810 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Sep 2017 23:02:28 +0200 Subject: ma gum.r: disable torrent --- makefu/1systems/gum/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 934bfa685..2f288e708 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -40,7 +40,7 @@ in { # services - + # -- cgit v1.2.3 From ad06126dcedfd5f28a3b64f2df2f32428f933a08 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 19 Sep 2017 16:39:58 +0200 Subject: ma omo.r: enable telegraf --- makefu/1systems/omo/config.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'makefu/1systems') diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 4c93a7a3e..32cd3f900 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -60,6 +60,7 @@ in { # logs to influx + # services @@ -77,6 +78,9 @@ in { ## as long as pyload is not in nixpkgs: # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload + + # Temporary: + ]; makefu.full-populate = true; makefu.server.primary-itf = primaryInterface; -- cgit v1.2.3 From 7db4c634fc266d25ac80f2545c6c77d5b4d28708 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:29:26 +0200 Subject: ma latte.r: init --- makefu/1systems/latte/config.nix | 53 ++++++++++++++++++++++++++++++++++++++++ makefu/1systems/latte/source.nix | 3 +++ 2 files changed, 56 insertions(+) create mode 100644 makefu/1systems/latte/config.nix create mode 100644 makefu/1systems/latte/source.nix (limited to 'makefu/1systems') diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix new file mode 100644 index 000000000..d532f216f --- /dev/null +++ b/makefu/1systems/latte/config.nix @@ -0,0 +1,53 @@ +{ config, pkgs, ... }: +let + + # external-ip = config.krebs.build.host.nets.internet.ip4.addr; + # internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + # default-gw = "185.215.224.1"; + # prefixLength = 24; + # external-mac = "46:5b:fc:f4:44:c9"; + # ext-if = "et0"; +in { + + imports = [ + + # configure your hw: + + + + + # Security + + + + # Tools + + + + # Services + + + ]; + krebs = { + enable = true; + build.host = config.krebs.hosts.latte; + }; + boot.initrd.availableKernelModules = [ "ata_piix" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ]; + + boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.copyKernels = true; + fileSystems."/" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + networking = { + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ ]; + allowedUDPPorts = [ 655 ]; + }; + # network interface receives dhcp address + nameservers = [ "8.8.8.8" ]; + }; +} diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix new file mode 100644 index 000000000..d997fb3f0 --- /dev/null +++ b/makefu/1systems/latte/source.nix @@ -0,0 +1,3 @@ +import { + name="latte"; +} -- cgit v1.2.3 From e2a8aab44294584d185b6501cede7857c0529d36 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:37:24 +0200 Subject: ma: enable remote-build on gum,omo - x is master --- makefu/1systems/gum/config.nix | 8 +++++++- makefu/1systems/omo/config.nix | 2 ++ makefu/1systems/x/config.nix | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 2f288e708..e1357ff01 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -40,10 +40,11 @@ in { # services - # + + ## Web @@ -74,6 +75,9 @@ in { # + # Temporary: + + ]; makefu.dl-dir = "/var/download"; @@ -143,6 +147,8 @@ in { 53589 # temp vnc 18001 + # temp reverseshell + 31337 ]; allowedUDPPorts = [ # tinc diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 32cd3f900..a22ff10bd 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -65,6 +65,8 @@ in { # services + + # security diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 892eb1095..443f912d8 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -57,6 +57,7 @@ with import ; # + # Hardware -- cgit v1.2.3 From aa273ee8802c7de6283e0bea2a7624bf099d251d Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:38:08 +0200 Subject: ma wbob: enable extended logging --- makefu/1systems/wbob/config.nix | 106 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 104 insertions(+), 2 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index b776b49d6..3a53b70cb 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -25,7 +25,9 @@ in { # # - ]; + # Services + + ]; krebs = { enable = true; @@ -33,10 +35,48 @@ in { }; swapDevices = [ { device = "/var/swap"; } ]; + services.collectd.extraConfig = lib.mkAfter '' + #LoadPlugin ping + # does not work because it requires privileges + # + # Host "google.de" + # Host "heise.de" + # + + LoadPlugin curl + + TotalTime true + NamelookupTime true + ConnectTime true + + + MeasureResponseTime true + MeasureResponseCode true + URL "https://google.de" + + + + MeasureResponseTime true + MeasureResponseCode true + URL "http://web.de" + + + + #LoadPlugin netlink + # + # Interface "enp0s25" + # Interface "wlp2s0" + # IgnoreSelected false + # + ''; networking.firewall.allowedUDPPorts = [ 655 ]; - networking.firewall.allowedTCPPorts = [ 655 49152 ]; + networking.firewall.allowedTCPPorts = [ + 655 + 8081 #smokeping + 49152 + ]; networking.firewall.trustedInterfaces = [ "enp0s25" ]; #services.tinc.networks.siem = { # name = "display"; @@ -90,4 +130,66 @@ in { serverAddress = "x.r"; }; }; + security.wrappers.fping = { + source = "${pkgs.fping}/bin/fping"; + setuid = true; + }; + services.smokeping = { + enable = true; + targetConfig = '' + probe = FPing + menu = Top + title = Network Latency Grapher + remark = Welcome to this SmokePing website. + + + network + menu = Net latency + title = Network latency (ICMP pings) + + ++ google + probe = FPing + host = google.de + ++ webde + probe = FPing + host = web.de + + + services + menu = Service latency + title = Service latency (DNS, HTTP) + + ++ HTTP + menu = HTTP latency + title = Service latency (HTTP) + + +++ webdeping + probe = EchoPingHttp + host = web.de + + +++ googwebping + probe = EchoPingHttp + host = google.de + + #+++ webwww + #probe = Curl + #host = web.de + + #+++ googwebwww + #probe = Curl + #host = google.de + ''; + probeConfig = '' + + FPing + binary = /run/wrappers/bin/fping + + EchoPingHttp + pings = 5 + url = / + + #+ Curl + ## probe-specific variables + #binary = ${pkgs.curl}/bin/curl + #step = 60 + ## a default for this target-specific variable + #urlformat = http://%host%/ + ''; + }; } -- cgit v1.2.3 From 5b536e2d311ae6beea7f7e73115c3a061d523a59 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 1 Oct 2017 14:01:19 +0200 Subject: ma irc: ni.r -> irc.r --- makefu/1systems/pnp/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/pnp/config.nix b/makefu/1systems/pnp/config.nix index 5fbaaabc7..47fa74c00 100644 --- a/makefu/1systems/pnp/config.nix +++ b/makefu/1systems/pnp/config.nix @@ -34,7 +34,8 @@ krebs.Reaktor.debug = { debug = true; extraEnviron = { - REAKTOR_HOST = "ni.r"; + # TODO: remove hard-coded server + REAKTOR_HOST = "irc.r"; }; plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ]; channels = [ "#retiolum" ]; -- cgit v1.2.3 From 0fe3f562d7dc66dc4dcf39522fc17ccce6ee30b4 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 1 Oct 2017 14:01:48 +0200 Subject: ma cake.r: init --- makefu/1systems/cake/config.nix | 20 ++++++++++++++++++++ makefu/1systems/cake/source.nix | 3 +++ 2 files changed, 23 insertions(+) create mode 100644 makefu/1systems/cake/config.nix create mode 100644 makefu/1systems/cake/source.nix (limited to 'makefu/1systems') diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix new file mode 100644 index 000000000..0630d19ad --- /dev/null +++ b/makefu/1systems/cake/config.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: +{ + imports = [ + + # configure your hw: + # + # + # { + name="cake"; +} \ No newline at end of file -- cgit v1.2.3 From b01385c974dd3f4a9cbf0e7e992e960cd9ebf295 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 1 Oct 2017 14:28:34 +0200 Subject: ma: #retiolum -> #xxx --- makefu/1systems/pnp/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/pnp/config.nix b/makefu/1systems/pnp/config.nix index 47fa74c00..6c9fc0606 100644 --- a/makefu/1systems/pnp/config.nix +++ b/makefu/1systems/pnp/config.nix @@ -38,7 +38,7 @@ REAKTOR_HOST = "irc.r"; }; plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ]; - channels = [ "#retiolum" ]; + channels = [ "#xxx" ]; }; krebs.build.host = config.krebs.hosts.pnp; -- cgit v1.2.3