2016-05-19 22:17:21 +00:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
2016-10-20 19:40:11 +00:00
|
|
|
with import <stockholm/lib>;
|
2016-05-19 22:17:21 +00:00
|
|
|
{
|
|
|
|
imports = [
|
|
|
|
../.
|
2016-08-23 22:03:38 +00:00
|
|
|
../2configs/retiolum.nix
|
2016-06-25 16:38:30 +00:00
|
|
|
../2configs/hw/tp-x220.nix
|
2016-05-19 22:17:21 +00:00
|
|
|
../2configs/baseX.nix
|
2016-06-06 20:11:52 +00:00
|
|
|
../2configs/git.nix
|
2016-05-19 22:17:21 +00:00
|
|
|
../2configs/exim-retiolum.nix
|
|
|
|
../2configs/browsers.nix
|
|
|
|
../2configs/programs.nix
|
|
|
|
../2configs/fetchWallpaper.nix
|
|
|
|
../2configs/backups.nix
|
2017-07-04 14:35:27 +00:00
|
|
|
../2configs/wine.nix
|
2016-05-19 22:17:21 +00:00
|
|
|
#{
|
|
|
|
# users.extraUsers = {
|
|
|
|
# root = {
|
|
|
|
# openssh.authorizedKeys.keys = map readFile [
|
|
|
|
# ../../krebs/Zpubkeys/uriel.ssh.pub
|
|
|
|
# ];
|
|
|
|
# };
|
|
|
|
# };
|
|
|
|
#}
|
2016-10-20 19:10:59 +00:00
|
|
|
{
|
|
|
|
users.users.sokratess = {
|
|
|
|
uid = genid "sokratess";
|
|
|
|
home = "/home/sokratess";
|
|
|
|
group = "users";
|
|
|
|
createHome = true;
|
|
|
|
extraGroups = [
|
|
|
|
"audio"
|
|
|
|
"networkmanager"
|
|
|
|
];
|
|
|
|
useDefaultShell = true;
|
|
|
|
password = "aidsballs";
|
|
|
|
};
|
|
|
|
krebs.per-user.sokratess.packages = [
|
|
|
|
pkgs.firefox
|
|
|
|
pkgs.python27Packages.virtualenv
|
|
|
|
pkgs.python27Packages.ipython
|
|
|
|
pkgs.python27Packages.python
|
|
|
|
];
|
|
|
|
}
|
2017-02-21 13:30:21 +00:00
|
|
|
{
|
|
|
|
krebs.monit = let
|
|
|
|
echoToIrc = msg:
|
|
|
|
pkgs.writeDash "echo_irc" ''
|
|
|
|
set -euf
|
|
|
|
export LOGNAME=prism-alarm
|
|
|
|
${pkgs.irc-announce}/bin/irc-announce \
|
|
|
|
ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
|
|
|
|
'';
|
|
|
|
in {
|
|
|
|
enable = true;
|
|
|
|
http.enable = true;
|
|
|
|
alarms = {
|
|
|
|
hfos = {
|
|
|
|
test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'";
|
|
|
|
alarm = echoToIrc "test hfos failed";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2017-02-22 17:20:30 +00:00
|
|
|
krebs.iptables.tables.filter.INPUT.rules = [
|
|
|
|
{ predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
|
|
|
|
];
|
2017-02-21 13:30:21 +00:00
|
|
|
}
|
2016-05-19 22:17:21 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
krebs.build.host = config.krebs.hosts.shodan;
|
|
|
|
|
|
|
|
boot = {
|
|
|
|
loader.grub.enable = true;
|
|
|
|
loader.grub.version = 2;
|
|
|
|
loader.grub.device = "/dev/sda";
|
|
|
|
|
|
|
|
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
|
|
|
|
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
|
|
|
|
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
|
|
|
|
#kernelModules = [ "kvm-intel" "msr" ];
|
|
|
|
};
|
|
|
|
fileSystems = {
|
|
|
|
"/" = {
|
|
|
|
device = "/dev/pool/nix";
|
2017-01-09 16:12:50 +00:00
|
|
|
fsType = "btrfs";
|
2016-05-19 22:17:21 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
"/boot" = {
|
|
|
|
device = "/dev/sda1";
|
|
|
|
};
|
2016-06-06 20:12:55 +00:00
|
|
|
|
2016-10-11 15:35:53 +00:00
|
|
|
"/tmp" = {
|
|
|
|
device = "tmpfs";
|
|
|
|
fsType = "tmpfs";
|
|
|
|
options = ["nosuid" "nodev" "noatime"];
|
|
|
|
};
|
2016-11-07 21:14:38 +00:00
|
|
|
"/bku" = {
|
|
|
|
device = "/dev/pool/bku";
|
2017-01-09 16:12:50 +00:00
|
|
|
fsType = "btrfs";
|
2016-11-07 21:14:38 +00:00
|
|
|
};
|
2016-05-19 22:17:21 +00:00
|
|
|
};
|
|
|
|
|
2016-06-06 20:09:57 +00:00
|
|
|
services.udev.extraRules = ''
|
|
|
|
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
|
|
|
|
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
|
|
|
|
'';
|
2016-05-19 22:17:21 +00:00
|
|
|
}
|