stockholm/lass/1systems/shodan.nix

109 lines
2.7 KiB
Nix
Raw Normal View History

2016-05-19 22:17:21 +00:00
{ config, pkgs, ... }:
2016-10-20 19:40:11 +00:00
with import <stockholm/lib>;
2016-05-19 22:17:21 +00:00
{
imports = [
../.
2016-08-23 22:03:38 +00:00
../2configs/retiolum.nix
2016-06-25 16:38:30 +00:00
../2configs/hw/tp-x220.nix
2016-05-19 22:17:21 +00:00
../2configs/baseX.nix
2016-06-06 20:11:52 +00:00
../2configs/git.nix
2016-05-19 22:17:21 +00:00
../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/programs.nix
../2configs/fetchWallpaper.nix
../2configs/backups.nix
2017-07-04 14:35:27 +00:00
../2configs/wine.nix
2016-05-19 22:17:21 +00:00
#{
# users.extraUsers = {
# root = {
# openssh.authorizedKeys.keys = map readFile [
# ../../krebs/Zpubkeys/uriel.ssh.pub
# ];
# };
# };
#}
2016-10-20 19:10:59 +00:00
{
users.users.sokratess = {
uid = genid "sokratess";
home = "/home/sokratess";
group = "users";
createHome = true;
extraGroups = [
"audio"
"networkmanager"
];
useDefaultShell = true;
password = "aidsballs";
};
krebs.per-user.sokratess.packages = [
pkgs.firefox
pkgs.python27Packages.virtualenv
pkgs.python27Packages.ipython
pkgs.python27Packages.python
];
}
2017-02-21 13:30:21 +00:00
{
krebs.monit = let
echoToIrc = msg:
pkgs.writeDash "echo_irc" ''
set -euf
export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \
ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
'';
in {
enable = true;
http.enable = true;
alarms = {
hfos = {
test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'";
alarm = echoToIrc "test hfos failed";
};
};
};
2017-02-22 17:20:30 +00:00
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
];
2017-02-21 13:30:21 +00:00
}
2016-05-19 22:17:21 +00:00
];
krebs.build.host = config.krebs.hosts.shodan;
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
loader.grub.device = "/dev/sda";
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
};
fileSystems = {
"/" = {
device = "/dev/pool/nix";
2017-01-09 16:12:50 +00:00
fsType = "btrfs";
2016-05-19 22:17:21 +00:00
};
"/boot" = {
device = "/dev/sda1";
};
2016-06-06 20:12:55 +00:00
2016-10-11 15:35:53 +00:00
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
2016-11-07 21:14:38 +00:00
"/bku" = {
device = "/dev/pool/bku";
2017-01-09 16:12:50 +00:00
fsType = "btrfs";
2016-11-07 21:14:38 +00:00
};
2016-05-19 22:17:21 +00:00
};
2016-06-06 20:09:57 +00:00
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
'';
2016-05-19 22:17:21 +00:00
}