Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'lass/master'

Browse Source
This commit is contained in:
makefu 2018-05-31 10:39:49 +02:00
commit 10deb114af
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
114 changed files with 993 additions and 650 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
jeschli/1systems/bln/config.nix
View File

@ -93,7 +93,6 @@
services.printing.drivers = [ pkgs.postscript-lexmark ];
# Enable the X11 windowing system.
# services.xserver.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
# services.xserver.windowManager.xmonad.enable = true;
@ -104,7 +103,7 @@
users.extraUsers.jeschli = {
isNormalUser = true;
extraGroups = ["docker" "vboxusers"];
extraGroups = ["docker" "vboxusers" "audio"];
uid = 1000;
};
@ -124,15 +123,17 @@
# DCSO Certificates
security.pki.certificateFiles = [
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })
];
hardware.bluetooth.enable = true;
krebs.build.host = config.krebs.hosts.bln;
}

2
jeschli/1systems/bln/hardware-configuration.nix
View File

@ -30,4 +30,6 @@
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = "powersave";
hardware.pulseaudio.enable = true;
}

4
jeschli/2configs/xserver/Xresources.nix
View File

@ -3,6 +3,10 @@
with import <stockholm/lib>;
pkgs.writeText "Xresources" /* xdefaults */ ''
Xcursor.theme: aero-large-drop
Xcursor.size: 128
Xft.dpi: 144
URxvt*cutchars: "\\`\"'&()*,;<=>?@[]^{|}"
URxvt*eightBitInput: false
URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1

2
jeschli/2configs/xserver/default.nix
View File

@ -44,7 +44,7 @@ in {
display = 11;
tty = 11;
dpi = 100;
dpi = 200;
videoDrivers = [ "nvidia" ];
synaptics = {

4
jeschli/2configs/zsh.nix
View File

@ -53,8 +53,8 @@
eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r";
repo = "LS_COLORS";
rev = "master";
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
}}/LS_COLORS)
#beautiful colors

0
krebs/6tests/data/secrets/grafana_security.nix → krebs/0tests/data/secrets/grafana_security.nix
View File

0
krebs/6tests/data/secrets/hashedPasswords.nix → krebs/0tests/data/secrets/hashedPasswords.nix
View File

0
krebs/6tests/data/secrets/retiolum.rsa_key.priv → krebs/0tests/data/secrets/retiolum.rsa_key.priv
View File

0
krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix → krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix
View File

0
krebs/6tests/data/secrets/ssh.id_ed25519 → krebs/0tests/data/secrets/ssh.id_ed25519
View File

0
krebs/6tests/data/test-config.nix → krebs/0tests/data/test-config.nix
View File

0
krebs/6tests/data/test-source.nix → krebs/0tests/data/test-source.nix
View File

0
krebs/6tests/default.nix → krebs/0tests/default.nix
View File

2
krebs/6tests/deploy.nix → krebs/0tests/deploy.nix
View File

@ -3,7 +3,7 @@ import <nixpkgs/nixos/tests/make-test.nix> ({ ... }:
let
pkgs = import <nixpkgs> { overlays = [(import ../5pkgs)]; };
test-config = <stockholm/krebs/6tests/data/test-config.nix>;
test-config = <stockholm/krebs/0tests/data/test-config.nix>;
privKey = ''
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW

41
krebs/1systems/hope/config.nix
View File

@ -1,41 +0,0 @@
with import <stockholm/lib>;
{ config, pkgs, ... }: let
ip = config.krebs.build.host.nets.internet.ip4.addr;
bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1";
in {
imports = [
<stockholm/krebs>
<stockholm/krebs/2configs>
<stockholm/krebs/2configs/os-templates/CAC-CentOS-7-64bit.nix>
<stockholm/krebs/2configs/secret-passwords.nix>
{
users.extraUsers = {
satan = {
name = "satan";
uid = 1338;
home = "/home/satan";
group = "users";
createHome = true;
useDefaultShell = true;
initialPassword = "test";
};
};
}
];
krebs.build.host = config.krebs.hosts.hope;
networking = let
address = config.krebs.build.host.nets.internet.ip4.addr;
in {
defaultGateway = bestGuessGateway address;
interfaces.enp2s1.ip4 = singleton {
inherit address;
prefixLength = 24;
};
nameservers = ["8.8.8.8"];
};
}

3
krebs/1systems/hope/source.nix
View File

@ -1,3 +0,0 @@
import <stockholm/krebs/source.nix> {
name = "hope";
}

2
krebs/3modules/ci.nix
View File

@ -147,7 +147,7 @@ in
"dummy_secrets": "true",
},
command=[
"nix-build", "-I", "stockholm=.", "krebs/6tests",
"nix-build", "-I", "stockholm=.", "krebs/0tests",
"-A", "{}".format(test)
],
timeout=90001

32
krebs/3modules/krebs/default.nix
View File

@ -30,38 +30,6 @@ let
});
in {
hosts = {
hope = {
ci = true;
owner = config.krebs.users.krebs;
nets = {
internet = {
ip4.addr = "45.62.225.18";
aliases = [
"hope.i"
];
ssh.port = 45621;
};
retiolum = {
ip4.addr = "10.243.77.4";
ip6.addr = "42:0:0:0:0:0:77:4";
aliases = [
"hope.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAsQVWCoNZZd77tYw1qEDlUsfcF0ld+jVorq2uR5il1D8sqER644l5
uaWxPQjSl27xdq5kvzIH24Ab6/xF2EDgE2fUTwpO5coBYafeiGyi5AwURQmYMp2a
2CV7uUAagFQaSzD0Aj796r1BXPn1IeE+uRSBmmc/+/7L0hweRGLiha34NOMZkq+4
A0pwI/CjnyRXdV4AqfORHXkelykJPATm+m3bC+KYogPBeNMP2AV2aYgY8a0UJPMK
fjAJCzxYJjiYxm8faJlm2U1bWytZODQa8pRZOrYQa4he2UoU6x78CNcrQkYLPOFC
K2Q7+B5WJNKV6CqYztXuU/6LTHJRmV0FiwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdLHRI29xJj1jmfSidE2Dh7EsDNszm+WH3Kj4zYBkP/";
};
hotdog = {
ci = true;
owner = config.krebs.users.krebs;

42
krebs/3modules/lass/default.nix
View File

@ -65,6 +65,7 @@ with import <stockholm/lib>;
io 60 IN NS ions.lassul.us.
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
nets = rec {
@ -670,9 +671,45 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
};
blue = {
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.0.77";
ip6.addr = "42:0:0:0:0:0:0:77";
aliases = [
"blue.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA28b+WMiQaWbwUPcJlacd
QwyX4PvVm9WItPmmNy+RE2y0Mf04LxZ7RLm5+e0wPuhXXQyhZ06CNd6tjeaKfXUc
sNeC1Vjuh1hsyYJLR5Xf/YRNJQKoaHjbkXGt+rSK7PPuCcsUPOSZSEAgHYVvcFzM
wWE4kTDcBZeISB4+yLmPIZXhnDImRRMEurFNRiocoMmEIu/zyYVq8rnlTl972Agu
PMGo1HqVxCouEWstRvtX5tJmV8yruRbH4tADAruLXErLLwUAx/AYDNRjY1TYYetJ
RoaxejmZVVIvR+hWaDLkHZO89+to6wS5IVChs1anFxMNN6Chq2v8Bb2Nyy1oG/H/
HzXxj1Rn7CN9es5Wl0UX4h9Zg+hfspoI75lQ509GLusYOyFwgmFF02eMpxgHBiWm
khSJzPkFdYJKUKaZI0nQEGGsFJOe/Se5jj70x3Q5XEuUoQqyahAqwQIYh6uwhbuP
49RBPHpE+ry6smhUPLTitrRsqeBU4RZRNsUAYyCbwyAH1i+K3Q5PSovgPtlHVr2N
w+VZCzsrtOY2fxXw0e+mncrx/Qga62s4m6a/dyukA5RytA9f6bBsvSTqr7/EQTs6
ZEBoPudk7ULNEbfjmJtBkeG7wKIlpgzVg/JaCAwMuSgVjrpIHrZmjOVvmOwB8W6J
Ch/o7chVljAwW4JmyRnhZbMCAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
};
};
users = {
lass = {
users = rec {
lass = lass-blue;
lass-blue = {
mail = "lass@blue.r";
pubkey = builtins.readFile ./ssh/blue.rsa;
pgp.pubkeys.default = builtins.readFile ./pgp/blue.pgp;
};
lass-mors = {
mail = "lass@mors.r";
pubkey = builtins.readFile ./ssh/mors.rsa;
pgp.pubkeys.default = builtins.readFile ./pgp/mors.pgp;
@ -697,6 +734,7 @@ with import <stockholm/lib>;
lass-icarus = {
mail = "lass@icarus.r";
pubkey = builtins.readFile ./ssh/icarus.rsa;
pgp.pubkeys.default = builtins.readFile ./pgp/icarus.pgp;
};
lass-xerxes = {
mail = "lass@xerxes.r";

51
krebs/3modules/lass/pgp/blue.pgp Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFr9fAEBEACz2E2E7uBulVBBtPmk9IR2yB+uAWSe8Hi7vNiGc1Dbs40jzWuy
AqouqyC5xnVw66+cQaYOsgXiwencmu/cFEV2x2uRLDVh1E/fvc8yxAOizEIY0jm/
WZ/4IWvTZLVPF3BOhM4p/HGNbdZhRc4RoljLTB34VuY1KSMhs3Vx7n3HgZzdbD7D
itUFU4oY5CnkQp4yl1Htat08cZmbD51VTZB1hDw2Uea+VuMQ/ImRtTqW+Ss4xyPA
DwUE/vRM3CKwBvcjbNL3uUqc5dtZuvruuFeK3ScmdNLytcgXqJzLlwuzHmSt/Tnc
DQZWKGiHnMvrAOkMEvsmiKhboWSAq4sRUPhISqZ7MSvPfhaH5Gcmhi+hL8FZhGY0
qF7MNLHoimw6MBV6FIIA0vCDn2p5Vwc7L+LqLjWqAvxdfVoeUJjUWbWWNNWg4Tw7
9e7rAR86e4AvhCZRubRn1aOfKGF5vg/El98OeIwBFQHpr7uznKfjmAEpoGveV+vG
amptMCBAr4Hw76U708XWOQkZ2GDY9cfdxUllhAmmPrNQ/OcT2b4x0xKvMi4nA5G8
PBOFErkS61zNxsHgpFe2isG+VDqYLfeQhOdB101Qn6IHw3KxyW85CwImUpdRLMUi
0wtcA7M5GB94HRZ8qW6LtFBjwqm2NGudB0alfIWIq7KuRMXus3sJKQ2gDQARAQAB
tBlsYXNzQGJsdWUuciA8bGFzc0BibHVlLnI+iQJOBBMBCAA4FiEEuOpc8JA44Pd5
NXyK8UJeZkL6H7wFAlr9fAECGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ
8UJeZkL6H7ygPQ/+JydbB0IX64ojm34YaeWKVdM5D7JFBdNuKgbAMf0Uhcja6YcU
0YRvuOPpw4lNZqV/1yxDXGHJrVfGolq6uz28oWr+9VUD8QXH9ODm1EMLsU8Jb1Nh
SE+rWSAhEmdw8l9Bi12wq4v/z/JC93/VJLnBGOL8LDEsJ9OatUw71KIt/a50ERoz
uCZbMeLPym8WqSK1kjQehL5pj97BzxmBNpFYwqaniTAuqTN6bhs2ws+k89vjaWIP
T+bEqsJV/vR9KZcNlmKlTQwbsjQ1BZ9EuV4EBL6IAMrqxDeY3mFnT+EpkabfIVSh
38KmG+4PZDXaj6rCsrsH2pUKaZ/Z6Mr3lmFb/1aaK3xKiQyxcMrbcixIIVI8ihTM
HUC3DFFlA7+02b67QomWFLRiZid4gCry7xhZyryQJkN2l20fzRjWf0myzcPO0qxc
y39gUyEqy1oeaffCc1QgDJH2Hvf+P9StyMZIulNuCKJ9tfQR5nkkDAy/2p405Lmf
mdKOMha6bZ+mA5HbmjMqwyFPHEtU6t/mUhlh7mYqNYAJikuqV00N6nTKVrBb2IfK
atoHeUcmvMWBGL7+x3zxwf2pnum6a5iDES2ir87ltOGKGDeMt2Y/Ap30P+uZGnn1
AiRu2bGkCiQ/WH1StJhAhJeleUfdbOa7/voc14nl3rewqyhqYd8dlI+TWAu5Ag0E
Wv18AQEQAOFMwY2ky5TyRrDqJosq0y/9+8D6RiXlyOnyTQ+bqu4mDEaVu3xNcKLH
CQsTM7gDR9pivapoDo84CK8w519DHCA2EpNGTDO4twcQ3jKqPth809LnibwdKJCe
qsfxsIfN8LbpKDOygZ2av11gcT0ye9uOMkiiRSE2MMGDU/50sskecavUAExDgwFs
v72ReU3fXRfTqYT6p/i/qMB7GbS8PlKFz61JKHDceS5GJUZJ5OWOoq7ZMCz6zrLW
2mQIJ7kblGCJKUnx/lZ5y9nqSCk7jer2qENxWNPOCwD48A78u1Bz8xSN5D1gFO3f
YSKh60kK5UljwkvRD7NvAcg2ifwL1e+/7v8WV9OsHDUBEiJO05tsjJ76QwHnEq6j
4peArcTAHWZ4uGncAgYN/Uii+0vs3oVDsZ9d2uLJxuR3h6T4XVejeuZ3j3o/XX/E
aZwcdH3VpKqEjdG4c4TMz96bN7ZN2DbgTf40rwPFKgWnvhCA9dWlmfy9pW2z2hyg
rJaRGXd/4znj5YlMliDrL4/Yp9j1J1CsoZM68er6/zMU1SA9U/y+MVqMoPCPlczx
mbwWQm1JH6fZv2SzHbZOrZYWKVWX+jPZQV6SjKwSiVrLlZJ0Z8u00HBRRRzXLwXa
OLL/dGP1v+msMv1oCJT1AsMcBEE3bY1efnDP1XK8vBLzoMKGS1RtABEBAAGJAjYE
GAEIACAWIQS46lzwkDjg93k1fIrxQl5mQvofvAUCWv18AQIbDAAKCRDxQl5mQvof
vOC1D/wO+tGKz/y5dc/ifJGTndxoHnU8tarboDll0kcdpTGU7It+ReNustqJZj5v
HK4V/ZXUw5+y6ZasNa/mFYY8oACOI40SlMdyt708XfPqYKXOpnM0oGRGfALi+oKg
iIzYtXsqYk5ZYSFWpgxajHef9HMmHNJ8riSVRugUPubPMKPR65DOXl+BdVIlQw7o
2g3s4Lii0IRKov3BvB51oJMhRK2Ne55VDBid32oIoqXLXS2E2gJQegioAiDUA5J4
1f96RCeYfxOgaPj/o4eiXK0H3owA3W78/tIjq5218PCIYFsOKPhrSqJ7ZF/5yGwW
ppVzsaz1sE9oULR0VOFUwjpYmyH32WwKkLF6mKumb8Q7Pd/FJq0I3/kxD/OrlNVZ
8UCX0CzxMyfEeSUfScunKLMfopEGxXTR4l8jew7CwxX08H0nkqyegDZSN8MjYxQL
V/zoL+aPjYh1WYf1L8wyBZjQbA6khHwYRZPaHrGfGaCGC8MHiSjPb/nt54+vZXtt
17LcX4VvHwWIBf88JpZO9eyTFPdYIZANSyo6ltbRoomuAywuA5IibCwh/BXi/aVa
Jro4UvbiwMqbVgSAt15VAwEK1Re/NNLBTcVVMHsWr5WNmo0s2C7+j+iIMPEOwhRs
ZFj74cztyOF/dGeCv9ycW29g+ejXaPpFOYQz0A9bBdkEdTGWhQ==
=D854
-----END PGP PUBLIC KEY BLOCK-----

51
krebs/3modules/lass/pgp/icarus.pgp Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFpqAGEBEADWiwVYVFXuK9kM7Y1XFL70jb2ZAZBRIpcZF81URMDFhm6ulvHq
fEhXTpiKKmfnv5Mz6r6wAWLJFKOKZuEvg8NwplRrlBHMkR3iEx4+7sP/dVey7U6f
+gI61ytFHTOKr52gstPVdXO3xhNmdrAI1hFuF2DxoXKloz8tPP92dZcCdm7+5C+2
KSYEBrIp/Zv1cjkbAFwek5y4ut65sBh/VM+RhSLbqwzyCxwfBE9QAJdIEiSmChql
Lcz6CToYrdXhOY0ykx+QhT092k/6Xh66JeZ63WVHGrF+SSabq5NNcbWi7EISioHd
N6JXZmbXMpS/BxgMe145e3mWnd3KOSeOxaiORqev8VOycjRQJfSm8Ky+GtWIyxp7
rwEHbY8vlG2X9RMW5UxVmSRPWLykZoX0Xvmnrpwcohb5WdkuCp9NjqF0gDswU8do
bCqASfeWBvJAQkoAlMLU7YH+ymmeQcSVdLy4Jpv1fk5FocQBihTBnC1+ztt7Rm8m
8VGEpH1h174/z4Xn+bCkRZqopl9GlvpilLT8m8N8jdL7QLZJlQwrHVtima8Rg3XZ
TriW1Ha/NxHZ8nN7pbisqXHCrJB0szzu++yVeQ7Ebr7HA0tIHqDhqVR0s6a1g5AX
JYI8vCErowhvPf+BVCUYfmh5dJAY6tt9zrvCneaZ7ogPzOH9kRnZXYi7ZQARAQAB
tBZpY2FydXMgPGxhc3NAaWNhcnVzLnI+iQJOBBMBCAA4FiEEbimq9dgDayT9DrQy
FSODpr2bDFMFAlpqAGECGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQFSOD
pr2bDFNVohAAiY6Pp4whrAIKwNkzqLkUl2SyQCVSGOce906jthKSixdfaUORZPdD
AnyYUmPyVpWxKYjZl7IfmDDo7D6m21tP8FxCRK8/oYAtz3uRK5b5sb0/5YR77O9+
s65sNhU8jiHetUEHQ0Z9UJKfm1DpanJ37uIhVcye8BC8OuSD0v0s+hZ+2ZaN1qdn
qqCkujAILxOWo1ZDqpXfHaV11AotzlgyYmxlXzClsLB0SGhU7HUZesKETn3JUmrV
88kkpug8gn9MpTSPDIWsTeNUWpNhqdDRA+2TUygtpQSKzJC8sdkFaWkMrH3cF6wA
BZ+4tS2mRMQWq9BNMK+xnkWPvYO9e6v4ddXtlcVgGTUhSo+opCXza3dcXE5Xbv8x
a1T5HJSV0HQPTrlAUoXZveu7ZgYVO5SOTCm1jBNKX8WCmvO6yJRalxo9N/d6gswq
tKAGm9tlXpTXnG6tvebmSxjzjVwjbQMDJGy4Cj4bw0GGCdapDFrPidUDY/INmU7D
TWtNsAJlJRuu7ddxIVTspZ7rmDBAOhYzXxGuU3ntZFTiFm9BpCmHYWpeQ5EKuxhJ
mgxzC9wKDoS8NRKwt5ak/mX0vpXkJjF2Lrza0wCAZ1ZYWFNaehEwhNT51s9kZIi3
w1v2z8xmu7VDq/n2sMRtMe7MVIOh1Nu7l/5Uqeb+EYnEc1NGZsFxcYK5Ag0EWmoA
YQEQALMaaF9HeDpeqDjDpxanjjIz4YXMZoMkXwrLS/Rn2mobG5lJzxU+1AkwXxTD
K45A0YHWsnAH1S8V9Gx+NlUMS/S/m9BruSXNohUKARIJLbltEM/EufOThjgfhW0Y
cLorZ1kOSZvORR9+Ctuq/RcvGFwyLB/4OpcGHUezTIcAkLUo0lKPS4HtT2ogSUIx
UstAMwEOSQIDR6sDDiS0BXNdlkKK6daLpH+snQMGP+ILAyRHGu1MlYkACDQZa5aP
9vpany7zC9Ls7vaewCevZCUJfs00VF72pdCRdBV8oPQqwPfhS+uSCV58WwWCqHTq
8PtxCVVzQdngOvScRvjrijtzlseyyTW3w9DPoDsQ16oM3y0kcnnv2hdfTVuv4+YK
9fVRIrWEAlU3cxud7iws9+vUO9GwyWy+epFLiCgNgJR/RVIIjcHUExn/XAcFStjw
QtW+3BxjYmdJpsh5wvmMJSMZDJFMEdKYPm4RI7ZfKVwl6yFeJt3hNkLxxF7k2fXB
84pIvl03hXA3tRQ5t46wS7L2EPlWT00+MCraczvbIS+SX1nCp4ZXLBs0YmicioBS
Os0zEtVs+80eWMf86MTT7YLwre4t+QRbM/RyIvJFTqBT3ad7/7ZMyEuVJBwDJlpx
LGwZGa6zwnbzcf8Us4kAIRzQoK8VOg/xC/ymJYCk3oJCKD9RABEBAAGJAjYEGAEI
ACAWIQRuKar12ANrJP0OtDIVI4OmvZsMUwUCWmoAYQIbDAAKCRAVI4OmvZsMU1vw
EACDJDmZR5BIPxwr9+1Z5ZgT7XcBUbu4F2w84J3xqCUYqcti6I4lSMtxfw94crMp
HoexOVOhvoTneIliv0a4ZSu84u4CGoFn4M7RA0Ka1SVvbuasXf57sVwRptXjr3LL
f/0olra5rkIyZbsvKm0g2N/bfmCfmtOClFDst2yK/FovW5PJBRx2mT38qBhHG8j2
P7zG0/vO846FxjAGvOMGlEVGmN+R9BeecomOKsKgvUbsycAwzZi/2vWAUGbJBYjx
Yd+K8wjPE8g5CumxaLSH/dlY/0BOZygjank+aHLrwMtNnplYVJmmqDhdbgwN6DDk
cCQNLQyk61IdhtZ7UzJyFTkXnXiirrO4WzL6GJjunNzvcTUAU5vNiG+2he1GdxZF
WiLRrcC+oIMWVST8fNRwJZU+Ibw/UIfEV/rHau0fJlxZatks7Qd8gjxSHIyElUVj
CYrizbFPZ85IhkCirX2tvhycK/nseAYjDuJkJIp3Io0sl3cQ9M8Kx790LUbYzNC4
bZn8vA1YwTr1ny3+vEhMhaaVSTeVrWYV8023kwzcLRWra7F1hJcc9+LNmqHvXR67
uBW2KPIrXKrjJmGkMVBSrf9PJu5jNfvCWOntck7C7xOWoUcgyt3uTpP7FkHVdolh
HFNPouS3w0HoB20zdCpmyFNs6Rjhey2r5JIttd6ATVRVYA==
=gJia
-----END PGP PUBLIC KEY BLOCK-----

1
krebs/3modules/lass/ssh/blue.rsa Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHYLHcHSumTUr0jTu1XmmwRMqjLHYvo4AYuEg1QdishDbwU5KCqarSf7sxLTjeBgOugHP/oJZclin+e9GTQ5hlBEtc26IVQqirNVD1BCZrt/y5ok0p8p+2Rhzh89kfRI6Etp+8cPbot4h3Vg6tY57icKn3visaMdH0cI2pAQbPWwSY+cmyXU5cfcFC8ahcZpEgth4ycC5yM/qdHxZek2wN+58ApgjEjuvTD6y4iXqdWmqHVoGaeNV7OFiiKVaYoJND1igHLNw2VEQR5aPsmc8gadBtGIQb43YqObNBDWwMjvozmQVFPycMmMTDwA1n+IWxvwz34KEzyw5jQShUTCRDji4vK58WfC16fPLbW+ohCe+9Yyg7TRdjDFA5jTA3rFM7tZS8EhpLgyHupNi1GbUVmeyhqTdWp+H66u5zTzC5Q/PYOk1M0D/X/C6dXyIcB4lLr9mDTGvS1aOZVZJuDF4pLyI2oZzaySALjcofCJyNpBBUtUXHsiT4VNuJExl4XEXjvQKnPKojEzpTsK1rm/ZSa3vBCv0gBbjQ8uU1q86ODIDy35q2GQvsLMkAbduBLeA9m1EdZXLYComSfVLalArw3Q+4vd/FHhoOicVkrwIzcPiYg9uQZm2NrjiBkYlWCdXTFc49ghIDrPXLnwwWqPuZcs430u6Somk8XzuRZBC7ZDdjbiS5D8vQkDThQrmmFPRs+bp1N9VkC+LaBtFnbFaYARF6i2yFUD9YNSEEu2r14u+KGlg5P7ndIkE+BhAOIp4XcHejVFWfvKvYpMRZ4LDVkPIJdmZ4gIIfGbdBNMv1zRsX6O0NOhiEP1pNYb+HdY5R2YYIvtxn1sC/TrjoN3ELAQA9YBszHEaYjvmqHh08/CWCEpgHIagCccYdSzbtM9GsoAcePL4E7kqSZxIfbNjrYQEBEQbu16pj7bMxVhH8QaouOdjiioqr2tBr5HwA05HP1poGProOzsmJxdph7pb4hJ1P+OEeuwTRIVLudYYl6iBajGW2IdsUo+xGANpuPBpQyB4RajJ4XcXP8K3xVY6x7DfH3DwKfCFAc6KzyADa2xw7/uwBRi2HOyKazkPe5ESYLWY29krqH2tO+IYkgm5tAEkf79j4R9aCeZe/HyjPDlSPZ2NwAZpWKJFkBTveiwoe2noZSAeVKrcblFN5ic0or+ci+CSbmctce8mbqB7QHEJJh5flLDzBMIuh4eroH/Dp5MBbDqxu/T8yCCRHFz70KXpaIFSGlSIebTRt1Om9+CWTgTp95cM0HrAhZDnN/W9FRdAFsA/IjEJ2Eh3tHpdvFZ3XgIq52MrHJdopQo7KUoOVhJiFCo5L0PcKNRVpMbcCKVk1i9k8jqyM9AVgwGrnijiaafUaFmBIlC/U2FZZ+KRtIyDcIRrnGGKE7DEyhBQ9YavxpOFDDSXuC5aPjMNcSGydGArtDd5+5Yp0YraY0oe6UTuzypsxdI8W6IbePryvEeOXG5b/6YayC2sq+7wRconaa9DU= lass@blue

7
krebs/5pkgs/simple/kops.nix
View File

@ -1,7 +0,0 @@
{ fetchgit, ... }:
fetchgit {
url = https://cgit.krebsco.de/kops;
rev = "refs/tags/v1.1.0";
sha256 = "0k3zhv2830z4bljcdvf6ciwjihk2zzcn9y23p49c6sba5hbsd6jb";
}

7
krebs/5pkgs/simple/krops.nix Normal file
View File

@ -0,0 +1,7 @@
{ fetchgit, ... }:
fetchgit {
url = https://cgit.krebsco.de/krops;
rev = "refs/tags/v1.0.0";
sha256 = "0ahp3fxb3l1vcjylxw0cd0f4hfp98bxskkf3z9d37hl3m7v4pcb4";
}

7
krebs/5pkgs/simple/thesauron/default.nix Normal file
View File

@ -0,0 +1,7 @@
{ fetchgit, callPackage }: let
src = fetchgit {
url = "https://github.com/krebscode/thesauron";
rev = "8ac22588cf2c20465e3c9348e7ce04885599c2a5";
"sha256"= "1ivkjl235dnm5aaqqvarnxkz7zh0gvah22b0fqwlsflrcd5wmgva";
};
in callPackage src {}

4
krebs/kops.nix
View File

@ -13,7 +13,7 @@
krebs-source = {
nixpkgs.git = {
ref = "b50443b5c4ac0f382c49352a892b9d5d970eb4e7";
ref = "ef74cafd3e5914fdadd08bf20303328d72d65d6c";
url = https://github.com/NixOS/nixpkgs;
};
stockholm.file = toString ../.;
@ -38,7 +38,7 @@
secrets =
if test
then {
file = toString <stockholm/krebs/6tests/data/secrets>;
file = toString <stockholm/krebs/0tests/data/secrets>;
}
else {
pass = {

2
krebs/source.nix
View File

@ -14,7 +14,7 @@ in
{
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
secrets = getAttr builder {
buildbot.file = toString <stockholm/krebs/6tests/data/secrets>;
buildbot.file = toString <stockholm/krebs/0tests/data/secrets>;
krebs.pass = {
dir = "${getEnv "HOME"}/brain";
name = "krebs-secrets/${name}";

41
lass/1systems/blue/config.nix Normal file
View File

@ -0,0 +1,41 @@
with import <stockholm/lib>;
{ config, lib, pkgs, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/blue.nix>
];
krebs.build.host = config.krebs.hosts.blue;
networking.nameservers = [ "1.1.1.1" ];
lass.restic = genAttrs [
"daedalus"
"icarus"
"littleT"
"prism"
"shodan"
"skynet"
] (dest: {
dirs = [
"/home/"
"/var/lib"
];
passwordFile = (toString <secrets>) + "/restic/${dest}";
repo = "sftp:backup@${dest}.r:/backups/blue";
extraArguments = [
"sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
];
timerConfig = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
});
time.timeZone = "Europe/Berlin";
users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
}

8
lass/1systems/blue/physical.nix Normal file
View File

@ -0,0 +1,8 @@
{
imports = [
./config.nix
];
boot.isContainer = true;
networking.useDHCP = false;
environment.variables.NIX_REMOTE = "daemon";
}

4
lass/1systems/blue/source.nix Normal file
View File

@ -0,0 +1,4 @@
import <stockholm/lass/source.nix> {
name = "blue";
secure = true;
}

16
lass/1systems/cabal/config.nix
View File

@ -3,8 +3,6 @@
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
@ -16,20 +14,8 @@
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/AP.nix>
<stockholm/lass/2configs/blue-host.nix>
];
krebs.build.host = config.krebs.hosts.cabal;
#fileSystems = {
# "/bku" = {
# device = "/dev/mapper/pool-bku";
# fsType = "btrfs";
# options = ["defaults" "noatime" "ssd" "compress=lzo"];
# };
#};
#services.udev.extraRules = ''
# SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
# SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
#'';
}

12
lass/1systems/cabal/physical.nix Normal file
View File

@ -0,0 +1,12 @@
{
imports = [
./config.nix
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/stock-x220.nix>
];
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0"
'';
}

15
lass/1systems/daedalus/config.nix
View File

@ -4,8 +4,6 @@ with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/coreboot.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/games.nix>
@ -94,17 +92,4 @@ with import <stockholm/lib>;
'';
krebs.build.host = config.krebs.hosts.daedalus;
fileSystems = {
"/bku" = {
device = "/dev/mapper/pool-bku";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
};
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
}

20
lass/1systems/daedalus/physical.nix Normal file
View File

@ -0,0 +1,20 @@
{
imports = [
./config.nix
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/coreboot.nix>
];
fileSystems = {
"/bku" = {
device = "/dev/mapper/pool-bku";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
};
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
}

34
lass/1systems/dishfire/config.nix
View File

@ -4,41 +4,7 @@
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
<stockholm/lass/2configs/git.nix>
{
boot.loader.grub = {
device = "/dev/vda";
splashImage = null;
};
boot.initrd.availableKernelModules = [
"ata_piix"
"ehci_pci"
"uhci_hcd"
"virtio_pci"
"virtio_blk"
];
fileSystems."/" = {
device = "/dev/mapper/pool-nix";
fsType = "ext4";
};
fileSystems."/srv/http" = {
device = "/dev/pool/srv_http";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/vda1";
fsType = "ext4";
};
fileSystems."/bku" = {
device = "/dev/pool/bku";
fsType = "ext4";
};
}
{
networking.dhcpcd.allowInterfaces = [
"enp*"

39
lass/1systems/dishfire/physical.nix Normal file
View File

@ -0,0 +1,39 @@
{ config, lib, pkgs, ... }:
{
imports = [
./config.nix
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
boot.loader.grub = {
device = "/dev/vda";
splashImage = null;
};
boot.initrd.availableKernelModules = [
"ata_piix"
"ehci_pci"
"uhci_hcd"
"virtio_pci"
"virtio_blk"
];
fileSystems."/" = {
device = "/dev/mapper/pool-nix";
fsType = "ext4";
};
fileSystems."/srv/http" = {
device = "/dev/pool/srv_http";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/vda1";
fsType = "ext4";
};
fileSystems."/bku" = {
device = "/dev/pool/bku";
fsType = "ext4";
};
}

56
lass/1systems/helios/config.nix
View File

@ -12,48 +12,12 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/otp-ssh.nix>
# TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined
#<stockholm/lass/2configs/git.nix>
<stockholm/lass/2configs/dcso-vpn.nix>
#<stockholm/lass/2configs/dcso-vpn.nix>
<stockholm/lass/2configs/virtualbox.nix>
<stockholm/lass/2configs/dcso-dev.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
<stockholm/lass/2configs/backup.nix>
{ # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
fileSystems."/" = {
device = "/dev/pool/root";
fsType = "btrfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/1F60-17C6";
fsType = "vfat";
};
fileSystems."/home" = {
device = "/dev/pool/home";
fsType = "btrfs";
};
fileSystems."/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
nix.maxJobs = lib.mkDefault 8;
}
{ # crypto stuff
boot.initrd.luks = {
cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
devices = [{
name = "luksroot";
device = "/dev/nvme0n1p3";
}];
};
}
{
services.xserver.dpi = 200;
fonts.fontconfig.dpi = 200;
@ -99,13 +63,6 @@ with import <stockholm/lib>;
}
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.wireless.enable = true;
hardware.enableRedistributableFirmware = true;
environment.systemPackages = with pkgs; [
ag
vim
@ -124,17 +81,6 @@ with import <stockholm/lib>;
services.tlp.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
services.xserver.xrandrHeads = [
{ output = "DP-2"; primary = true; }
{ output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; }
{ output = "DP-0"; }
];
services.xserver.displayManager.sessionCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
'';
networking.hostName = lib.mkForce "BLN02NB0162";
security.pki.certificateFiles = [

64
lass/1systems/helios/physical.nix Normal file
View File

@ -0,0 +1,64 @@
{ pkgs, ... }:
{
imports = [
./config.nix
{ # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
fileSystems."/" = {
device = "/dev/pool/root";
fsType = "btrfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/1F60-17C6";
fsType = "vfat";
};
fileSystems."/home" = {
device = "/dev/pool/home";
fsType = "btrfs";
};
fileSystems."/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
}
{ # crypto stuff
boot.initrd.luks = {
cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
devices = [{
name = "luksroot";
device = "/dev/nvme0n1p3";
}];
};
}
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.wireless.enable = true;
hardware.enableRedistributableFirmware = true;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0"
'';
services.xserver.videoDrivers = [ "nvidia" ];
services.xserver.xrandrHeads = [
{ output = "DP-2"; primary = true; }
{ output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; }
{ output = "DP-0"; }
];
services.xserver.displayManager.sessionCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
'';
}

22
lass/1systems/icarus/config.nix
View File

@ -3,8 +3,6 @@
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/coreboot.nix>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
@ -17,20 +15,18 @@
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/wine.nix>
];
krebs.build.host = config.krebs.hosts.icarus;
fileSystems = {
"/bku" = {
device = "/dev/mapper/pool-bku";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
environment.systemPackages = with pkgs; [
macchanger
dpass
];
services.redshift = {
enable = true;
provider = "geoclue2";
};
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
programs.adb.enable = true;
}

20
lass/1systems/icarus/physical.nix Normal file
View File

@ -0,0 +1,20 @@
{
imports = [
./config.nix
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/coreboot.nix>
];
fileSystems = {
"/bku" = {
device = "/dev/mapper/pool-bku";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
};
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
}

15
lass/1systems/littleT/config.nix
View File

@ -4,8 +4,6 @@ with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/backup.nix>
@ -68,17 +66,4 @@ with import <stockholm/lib>;
'';
krebs.build.host = config.krebs.hosts.littleT;
#fileSystems = {
# "/bku" = {
# device = "/dev/mapper/pool-bku";
# fsType = "btrfs";
# options = ["defaults" "noatime" "ssd" "compress=lzo"];
# };
#};
#services.udev.extraRules = ''
# SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
# SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
#'';
}

7
lass/1systems/littleT/physical.nix Normal file
View File

@ -0,0 +1,7 @@
{
imports = [
./config.nix
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/stock-x220.nix>
];
}

44
lass/1systems/mors/config.nix
View File

@ -4,8 +4,6 @@ with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
@ -35,9 +33,11 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/rtl-sdr.nix>
<stockholm/lass/2configs/backup.nix>
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain
{ predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
#chromecast
{ predicate = "-p udp -m multiport --sports 32768:61000 -m multiport --dports 32768:61000"; target = "ACCEPT"; }
];
}
{
@ -86,43 +86,6 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.mors;
fileSystems = {
"/bku" = {
device = "/dev/mapper/pool-bku";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/home/virtual" = {
device = "/dev/mapper/pool-virtual";
fsType = "ext4";
};
};
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0"
'';
#TODO activationScripts seem broken, fix them!
#activationScripts
#split up and move into base
system.activationScripts.powertopTunables = ''
#Runtime PMs
echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
'';
environment.systemPackages = with pkgs; [
acronym
brain
@ -223,4 +186,5 @@ with import <stockholm/lib>;
RandomizedDelaySec = "5h";
};
});
virtualisation.libvirtd.enable = true;
}

44
lass/1systems/mors/physical.nix Normal file
View File

@ -0,0 +1,44 @@
{
imports = [
./config.nix
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/stock-x220.nix>
];
fileSystems = {
"/bku" = {
device = "/dev/mapper/pool-bku";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/home/virtual" = {
device = "/dev/mapper/pool-virtual";
fsType = "ext4";
};
};
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:72:f4:88", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:c4:7a:f1", NAME="et0"
'';
#TODO activationScripts seem broken, fix them!
#activationScripts
#split up and move into base
system.activationScripts.powertopTunables = ''
#Runtime PMs
echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
'';
}

147
lass/1systems/prism/config.nix
View File

@ -1,90 +1,9 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
ip = config.krebs.build.host.nets.internet.ip4.addr;
in {
{
imports = [
<stockholm/lass>
{
networking.interfaces.et0.ipv4.addresses = [
{
address = ip;
prefixLength = 27;
}
{
address = "46.4.114.243";
prefixLength = 27;
}
];
networking.defaultGateway = "46.4.114.225";
networking.nameservers = [
"8.8.8.8"
];
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
'';
}
{
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot.loader.grub = {
devices = [
"/dev/sda"
"/dev/sdb"
];
splashImage = null;
};
boot.initrd.availableKernelModules = [
"ata_piix"
"vmw_pvscsi"
"ahci" "sd_mod"
];
boot.kernelModules = [ "kvm-intel" ];
fileSystems."/" = {
device = "/dev/pool/nix_root";
fsType = "ext4";
};
fileSystems."/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
fileSystems."/var/download" = {
device = "/dev/pool/download";
fsType = "ext4";
};
fileSystems."/srv/http" = {
device = "/dev/pool/http";
fsType = "ext4";
};
fileSystems."/home" = {
device = "/dev/pool/home";
fsType = "ext4";
};
fileSystems."/bku" = {
device = "/dev/pool/bku";
fsType = "ext4";
};
swapDevices = [
{ label = "swap1"; }
{ label = "swap2"; }
];
sound.enable = false;
nixpkgs.config.allowUnfree = true;
time.timeZone = "Europe/Berlin";
}
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/libvirt.nix>
{
@ -212,7 +131,6 @@ in {
}
<stockholm/lass/2configs/exim-smarthost.nix>
<stockholm/lass/2configs/ts3.nix>
<stockholm/lass/2configs/IM.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
<stockholm/lass/2configs/radio.nix>
<stockholm/lass/2configs/repo-sync.nix>
@ -324,7 +242,7 @@ in {
};
services.nginx.virtualHosts."rote-allez-fraktion.de" = {
enableACME = true;
addSSL = true;
forceSSL = true;
locations."/" = {
extraConfig = ''
proxy_set_header Host rote-allez-fraktion.de;
@ -358,6 +276,67 @@ in {
};
});
}
{
users.users.download.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
];
}
{
lass.nichtparasoup.enable = true;
services.nginx = {
enable = true;
virtualHosts."lol.lassul.us" = {
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
proxy_pass http://localhost:5001;
'';
};
};
}
{ #weechat port forwarding to blue
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 9998"; target = "ACCEPT";}
];
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.prism.nets.internet.ip4.addr} -p tcp --dport 9998"; target = "DNAT --to-destination ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}:9999"; }
];
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-s ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.POSTROUTING.rules = [
{ v6 = false; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "MASQUERADE"; }
];
}
{
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p udp --dport 51820"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
];
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.POSTROUTING.rules = [
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
];
networking.wireguard.interfaces.wg0 = {
ips = [ "10.244.1.1/24" ];
listenPort = 51820;
privateKeyFile = (toString <secrets>) + "/wireguard.key";
allowedIPsAsRoutes = true;
peers = [
{
# lass-android
allowedIPs = [ "10.244.1.2/32" ];
publicKey = "63+ns9AGv6e6a8WgxiZNFEt1xQT0YKFlEHzRaYJWtmk=";
}
];
};
}
];
krebs.build.host = config.krebs.hosts.prism;

85
lass/1systems/prism/physical.nix Normal file
View File

@ -0,0 +1,85 @@
{ config, lib, pkgs, ... }:
{
imports = [
./config.nix
{
networking.interfaces.et0.ipv4.addresses = [
{
address = config.krebs.build.host.nets.internet.ip4.addr;
prefixLength = 27;
}
{
address = "46.4.114.243";
prefixLength = 27;
}
];
networking.defaultGateway = "46.4.114.225";
networking.nameservers = [
"8.8.8.8"
];
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
'';
}
{
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot.loader.grub = {
devices = [
"/dev/sda"
"/dev/sdb"
];
splashImage = null;
};
boot.initrd.availableKernelModules = [
"ata_piix"
"vmw_pvscsi"
"ahci" "sd_mod"
];
boot.kernelModules = [ "kvm-intel" ];
fileSystems."/" = {
device = "/dev/pool/nix_root";
fsType = "ext4";
};
fileSystems."/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
fileSystems."/var/download" = {
device = "/dev/pool/download";
fsType = "ext4";
};
fileSystems."/srv/http" = {
device = "/dev/pool/http";
fsType = "ext4";
};
fileSystems."/home" = {
device = "/dev/pool/home";
fsType = "ext4";
};
fileSystems."/bku" = {
device = "/dev/pool/bku";
fsType = "ext4";
};
swapDevices = [
{ label = "swap1"; }
{ label = "swap2"; }
];
sound.enable = false;
nixpkgs.config.allowUnfree = true;
time.timeZone = "Europe/Berlin";
}
];
}

3
lass/1systems/red/config.nix
View File

@ -20,11 +20,8 @@ in
];
krebs.build.host = config.krebs.hosts.red;
boot.isContainer = true;
networking.useDHCP = false;
services.nginx.enable = true;
environment.variables.NIX_REMOTE = "daemon";
environment.systemPackages = [
pkgs.mk_sql_pair
];

8
lass/1systems/red/physical.nix Normal file
View File

@ -0,0 +1,8 @@
{
imports = [
./config.nix
];
boot.isContainer = true;
networking.useDHCP = false;
environment.variables.NIX_REMOTE = "daemon";
}

42
lass/1systems/shodan/config.nix
View File

@ -4,8 +4,6 @@ with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
#TODO reinstall with correct layout and use lass/hw/x220
<stockholm/krebs/2configs/hw/x220.nix>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
@ -22,46 +20,6 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.shodan;
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
loader.grub.device = "/dev/sda";
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
};
fileSystems = {
"/" = {
device = "/dev/pool/nix";
fsType = "btrfs";
};
"/boot" = {
device = "/dev/sda1";
};
"/home" = {
device = "/dev/mapper/pool-home";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
"/bku" = {
device = "/dev/pool/bku";
fsType = "btrfs";
};
};
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
'';
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';

47
lass/1systems/shodan/physical.nix Normal file
View File

@ -0,0 +1,47 @@
{
#TODO reinstall with correct layout and use lass/hw/x220
imports = [
./config.nix
<stockholm/krebs/2configs/hw/x220.nix>
];
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
loader.grub.device = "/dev/sda";
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
};
fileSystems = {
"/" = {
device = "/dev/pool/nix";
fsType = "btrfs";
};
"/boot" = {
device = "/dev/sda1";
};
"/home" = {
device = "/dev/mapper/pool-home";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
"/bku" = {
device = "/dev/pool/bku";
fsType = "btrfs";
};
};
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
'';
}

15
lass/1systems/skynet/config.nix
View File

@ -3,8 +3,6 @@ with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/retiolum.nix>
#<stockholm/lass/2configs/exim-retiolum.nix>
@ -46,17 +44,4 @@ with import <stockholm/lib>;
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
#fileSystems = {
# "/bku" = {
# device = "/dev/mapper/pool-bku";
# fsType = "btrfs";
# options = ["defaults" "noatime" "ssd" "compress=lzo"];
# };
#};
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0"
'';
}

12
lass/1systems/skynet/physical.nix Normal file
View File

@ -0,0 +1,12 @@
{
imports = [
./config.nix
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/stock-x220.nix>
];
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0"
'';
}

55
lass/1systems/uriel/config.nix
View File

@ -41,60 +41,5 @@ with import <stockholm/lib>;
];
krebs.build.host = config.krebs.hosts.uriel;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
boot = {
#kernelParams = [
# "acpi.brightness_switch_enabled=0"
#];
#loader.grub.enable = true;
#loader.grub.version = 2;
#loader.grub.device = "/dev/sda";
loader.systemd-boot.enable = true;
loader.timeout = 5;
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
kernelModules = [ "msr" ];
};
fileSystems = {
"/" = {
device = "/dev/pool/root";
fsType = "ext4";
};
"/bku" = {
device = "/dev/pool/bku";
fsType = "ext4";
};
"/boot" = {
device = "/dev/sda1";
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
};
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
'';
services.xserver.synaptics = {
enable = true;
twoFingerScroll = true;
accelFactor = "0.035";
additionalOptions = ''
Option "FingerHigh" "60"
Option "FingerLow" "60"
'';
};
}

59
lass/1systems/uriel/physical.nix Normal file
View File

@ -0,0 +1,59 @@
{
imports = [
./config.nix
];
hardware.enableAllFirmware = true;
boot = {
#kernelParams = [
# "acpi.brightness_switch_enabled=0"
#];
#loader.grub.enable = true;
#loader.grub.version = 2;
#loader.grub.device = "/dev/sda";
loader.systemd-boot.enable = true;
loader.timeout = 5;
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
kernelModules = [ "msr" ];
};
fileSystems = {
"/" = {
device = "/dev/pool/root";
fsType = "ext4";
};
"/bku" = {
device = "/dev/pool/bku";
fsType = "ext4";
};
"/boot" = {
device = "/dev/sda1";
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
};
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
'';
services.xserver.synaptics = {
enable = true;
twoFingerScroll = true;
accelFactor = "0.035";
additionalOptions = ''
Option "FingerHigh" "60"
Option "FingerLow" "60"
'';
};
}

24
lass/1systems/xerxes/config.nix
View File

@ -3,8 +3,6 @@
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/hw/gpd-pocket.nix>
<stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
@ -15,26 +13,4 @@
];
krebs.build.host = config.krebs.hosts.xerxes;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0"
'';
fileSystems."/" = {
device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437";
fsType = "btrfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/16C8-D053";
fsType = "vfat";
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358";
fsType = "btrfs";
};
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ];
networking.wireless.enable = true;
}

29
lass/1systems/xerxes/physical.nix Normal file
View File

@ -0,0 +1,29 @@
{
imports = [
./config.nix
<stockholm/lass/2configs/hw/gpd-pocket.nix>
<stockholm/lass/2configs/boot/stock-x220.nix>
];
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0"
'';
fileSystems."/" = {
device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437";
fsType = "btrfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/16C8-D053";
fsType = "vfat";
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358";
fsType = "btrfs";
};
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ];
networking.wireless.enable = true;
}

22
lass/2configs/AP.nix
View File

@ -6,7 +6,7 @@ in {
boot.extraModulePackages = [
pkgs.linuxPackages.rtl8814au
];
networking.networkmanager.unmanaged = [ wifi ];
networking.networkmanager.unmanaged = [ wifi "et0" ];
systemd.services.hostapd = {
description = "hostapd wireless AP";
@ -38,12 +38,17 @@ in {
};
};
networking.interfaces.${wifi}.ipv4.addresses = [
networking.bridges.br0.interfaces = [
wifi
"et0"
];
networking.interfaces.br0.ipv4.addresses = [
{ address = "10.99.0.1"; prefixLength = 24; }
];
services.dhcpd4 = {
enable = true;
interfaces = [ wifi ];
interfaces = [ "br0" ];
extraConfig = ''
option subnet-mask 255.255.255.0;
option routers 10.99.0.1;
@ -56,11 +61,12 @@ in {
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; predicate = "-d 10.99.0.0/24 -o ${wifi} -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
{ v6 = false; predicate = "-s 10.99.0.0/24 -i ${wifi}"; target = "ACCEPT"; }
{ v6 = false; predicate = "-i ${wifi} -o ${wifi}"; target = "ACCEPT"; }
{ v6 = false; predicate = "-o ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
{ v6 = false; predicate = "-i ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
{ v6 = false; predicate = "-d 10.99.0.0/24 -o br0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
{ v6 = false; predicate = "-s 10.99.0.0/24 -i br0"; target = "ACCEPT"; }
{ v6 = false; predicate = "-i br0 -o br0"; target = "ACCEPT"; }
{ v6 = false; predicate = "-i br0 -o br0"; target = "ACCEPT"; }
{ v6 = false; predicate = "-o br0"; target = "REJECT --reject-with icmp-port-unreachable"; }
{ v6 = false; predicate = "-i br0"; target = "REJECT --reject-with icmp-port-unreachable"; }
];
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; predicate = "-s 10.99.0.0/24"; target = "ACCEPT"; precedence = 1000; }

73
lass/2configs/IM.nix
View File

@ -1,73 +0,0 @@
with (import <stockholm/lib>);
{ config, lib, pkgs, ... }:
let
tmux = pkgs.writeDash "tmux" ''
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
set-option -g prefix `
unbind-key C-b
bind ` send-prefix
set-option -g status off
set-option -g default-terminal screen-256color
#use session instead of windows
bind-key c new-session
bind-key p switch-client -p
bind-key n switch-client -n
bind-key C-s switch-client -l
''} "$@"
'';
in {
services.bitlbee = {
enable = true;
portNumber = 6666;
plugins = [
pkgs.bitlbee-facebook
pkgs.bitlbee-steam
pkgs.bitlbee-discord
];
libpurple_plugins = [ pkgs.telegram-purple ];
};
users.extraUsers.chat = {
home = "/home/chat";
uid = genid "chat";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-shodan.pubkey
lass-icarus.pubkey
lass-android.pubkey
lass-helios.pubkey
];
};
# mosh
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
{ predicate = "-p tcp --dport 9999"; target = "ACCEPT";}
];
systemd.services.chat = {
description = "chat environment setup";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = false;
path = [
pkgs.rxvt_unicode.terminfo
];
serviceConfig = {
User = "chat";
RemainAfterExit = true;
Type = "oneshot";
ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
ExecStop = "${tmux} kill-session -t IM";
};
};
}

1
lass/2configs/backup.nix
View File

@ -15,6 +15,7 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = with config.krebs.hosts; [
mors.ssh.pubkey
prism.ssh.pubkey
blue.ssh.pubkey
];
};
}

11
lass/2configs/baseX.nix
View File

@ -69,11 +69,13 @@ in {
environment.systemPackages = with pkgs; [
acpi
bank
cabal2nix
dic
dmenu
gi
git-preview
gitAndTools.qgit
git-preview
gnome3.dconf
lm_sensors
mpv-poll
much
@ -86,19 +88,18 @@ in {
rxvt_unicode_with-plugins
slock
sxiv
timewarrior
taskwarrior
termite
thesauron
timewarrior
xclip
xephyrify
xorg.xbacklight
xorg.xhost
xsel
youtube-tools
yt-next
zathura
cabal2nix
xephyrify
];
fonts.fonts = with pkgs; [

15
lass/2configs/bitlbee.nix Normal file
View File

@ -0,0 +1,15 @@
with (import <stockholm/lib>);
{ config, lib, pkgs, ... }:
{
services.bitlbee = {
enable = true;
portNumber = 6666;
plugins = [
pkgs.bitlbee-facebook
pkgs.bitlbee-steam
pkgs.bitlbee-discord
];
libpurple_plugins = [ pkgs.telegram-purple ];
};
}

22
lass/2configs/blue-host.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
<stockholm/lass/2configs/container-networking.nix>
];
containers.blue = {
config = { ... }: {
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
autoStart = true;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.9";
localAddress = "10.233.2.10";
};
}

55
lass/2configs/blue.nix Normal file
View File

@ -0,0 +1,55 @@
with (import <stockholm/lib>);
{ config, lib, pkgs, ... }:
{
imports = [
./bitlbee.nix
./mail.nix
./pass.nix
];
services.tor.enable = true;
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
{ predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";}
];
systemd.services.chat = let
tmux = pkgs.writeDash "tmux" ''
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
set-option -g prefix `
unbind-key C-b
bind ` send-prefix
set-option -g status off
set-option -g default-terminal screen-256color
#use session instead of windows
bind-key c new-session
bind-key p switch-client -p
bind-key n switch-client -n
bind-key C-s switch-client -l
''} "$@"
'';
in {
description = "chat environment setup";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = false;
path = [
pkgs.rxvt_unicode.terminfo
];
serviceConfig = {
User = "lass";
RemainAfterExit = true;
Type = "oneshot";
ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat";
ExecStop = "${tmux} kill-session -t IM";
};
};
}

15
lass/2configs/container-networking.nix
View File

@ -1,12 +1,6 @@
{ ... }:
{ lib, ... }:
{
#krebs.iptables.tables.filter.INPUT.rules = [
# { v6 = false; predicate = "-i ve-+ -p udp -m udp --dport 53"; target = "ACCEPT"; }
# { v6 = false; predicate = "-i ve-+ -p tcp -m tcp --dport 53"; target = "ACCEPT"; }
# { v6 = false; predicate = "-i ve-+ -p udp -m udp --dport 67"; target = "ACCEPT"; }
# { v6 = false; predicate = "-i ve-+ -p tcp -m tcp --dport 67"; target = "ACCEPT"; }
#];
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; predicate = "-d 10.233.2.0/24 -o ve-+ -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
{ v6 = false; predicate = "-s 10.233.2.0/24 -i ve-+"; target = "ACCEPT"; }
@ -14,9 +8,9 @@
{ v6 = false; predicate = "-o ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
{ v6 = false; predicate = "-i ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
];
#krebs.iptables.tables.filter.OUTPUT.rules = [
# { v6 = false; predicate = "-o ve-+ -p udp -m udp --dport 68"; target = "ACCEPT"; }
#];
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; predicate = "-s 10.233.2.0/24"; target = "ACCEPT"; precedence = 1000; }
];
krebs.iptables.tables.nat.POSTROUTING.rules = [
{ v6 = false; predicate = "-s 10.233.2.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
{ v6 = false; predicate = "-s 10.233.2.0/24 -d 255.255.255.255"; target = "RETURN"; }
@ -24,4 +18,5 @@
{ v6 = false; predicate = "-s 10.233.2.0/24 ! -d 10.233.2.0/24 -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
{ v6 = false; predicate = "-s 10.233.2.0/24 ! -d 10.233.2.0/24 -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
];
boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault 1;
}

6
lass/2configs/default.nix
View File

@ -19,7 +19,8 @@ with import <stockholm/lib>;
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-mors.pubkey
config.krebs.users.lass-blue.pubkey
config.krebs.users.lass-shodan.pubkey
config.krebs.users.lass-icarus.pubkey
config.krebs.users.lass-xerxes.pubkey
@ -38,7 +39,8 @@ with import <stockholm/lib>;
"wheel"
];
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-mors.pubkey
config.krebs.users.lass-blue.pubkey
config.krebs.users.lass-shodan.pubkey
config.krebs.users.lass-icarus.pubkey
];

5
lass/2configs/exim-smarthost.nix
View File

@ -14,7 +14,7 @@ with import <stockholm/lib>;
];
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors
config.krebs.hosts.uriel
config.krebs.hosts.blue
];
internet-aliases = with config.krebs.users; [
{ from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822
@ -80,6 +80,9 @@ with import <stockholm/lib>;
{ from = "hetzner@lassul.us"; to = lass.mail; }
{ from = "allygator@lassul.us"; to = lass.mail; }
{ from = "immoscout@lassul.us"; to = lass.mail; }
{ from = "elitedangerous@lassul.us"; to = lass.mail; }
{ from = "boardgamegeek@lassul.us"; to = lass.mail; }
{ from = "qwertee@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }

1
lass/2configs/games.nix
View File

@ -80,6 +80,7 @@ in {
};
};
hardware.opengl.driSupport32Bit = true;
hardware.pulseaudio.support32Bit = true;
security.sudo.extraConfig = ''

12
lass/2configs/git.nix
View File

@ -57,17 +57,17 @@ let
cgit.desc = "Fork of nix-user-chroot my lethalman";
cgit.section = "software";
};
krops = {
cgit.desc = "krebs deployment";
cgit.section = "software";
};
} // mapAttrs make-public-repo-silent {
nixos-aws = {
collaborators = [ {
name = "fabio";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada";
} ];
};
krops = {
cgit.desc = "krebs deployment";
cgit.section = "software";
};
} // mapAttrs make-public-repo-silent {
};
restricted-repos = mapAttrs make-restricted-repo (
@ -121,7 +121,7 @@ let
with git // config.krebs.users;
repo:
singleton {
user = [ lass lass-shodan ];
user = [ lass-mors lass-shodan lass-icarus lass-blue ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++

3
lass/2configs/libvirt.nix
View File

@ -20,6 +20,9 @@
krebs.iptables.tables.filter.OUTPUT.rules = [
{ v6 = false; predicate = "-o virbr0 -p udp -m udp --dport 68"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; predicate = "-s 192.168.122.0/24"; target = "ACCEPT"; precedence = 1000; }
];
krebs.iptables.tables.nat.POSTROUTING.rules = [
{ v6 = false; predicate = "-s 192.168.122.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
{ v6 = false; predicate = "-s 192.168.122.0/24 -d 255.255.255.255"; target = "RETURN"; }

1
lass/2configs/monitoring/prometheus-server.nix
View File

@ -159,7 +159,6 @@
"email_configs" = [
{
"to" = "devnull@example.com";
"send_resolved" = true;
}
];
"webhook_configs" = [

2
lass/2configs/steam.nix
View File

@ -10,8 +10,6 @@
# source: https://nixos.org/wiki/Talk:Steam
#
##TODO: make steam module
hardware.opengl.driSupport32Bit = true;
nixpkgs.config.steam.java = true;
environment.systemPackages = with pkgs; [
steam

15
lass/2configs/websites/domsen.nix
View File

@ -26,12 +26,7 @@ in {
./default.nix
./sqlBackup.nix
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
(servePage [
"habsys.de"
"habsys.eu"
"www.habsys.de"
"www.habsys.eu"
])
(servePage [ "freemonkey.art" ])
(serveOwncloud [ "o.ubikmedia.de" ])
(serveWordpress [
"ubikmedia.de"
@ -120,6 +115,7 @@ in {
{ from = "jms@ubikmedia.eu"; to = "jms"; }
{ from = "ms@ubikmedia.eu"; to = "ms"; }
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
{ from = "akayguen@freemonkey.art"; to ="akayguen"; }
{ from = "testuser@lassul.us"; to = "testuser"; }
{ from = "testuser@ubikmedia.eu"; to = "testuser"; }
@ -177,5 +173,12 @@ in {
createHome = true;
};
users.users.akayguen = {
uid = genid_signed "akayguen";
home = "/home/akayguen";
useDefaultShell = true;
createHome = true;
};
}

16
lass/2configs/websites/util.nix
View File

@ -16,11 +16,7 @@ rec {
in {
services.nginx.virtualHosts.${domain} = {
enableACME = true;
onlySSL = true;
extraConfig = ''
listen 80;
listen [::]:80;
'';
addSSL = true;
serverAliases = domains;
locations."/".extraConfig = ''
root /srv/http/${domain};
@ -87,12 +83,9 @@ rec {
in {
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
onlySSL = true;
addSSL = true;
serverAliases = domains;
extraConfig = ''
listen 80;
listen [::]:80;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
@ -201,12 +194,9 @@ rec {
in {
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
onlySSL = true;
addSSL = true;
serverAliases = domains;
extraConfig = ''
listen 80;
listen [::]:80;
root /srv/http/${domain}/;
index index.php;
access_log /tmp/nginx_acc.log;

1
lass/3modules/default.nix
View File

@ -7,6 +7,7 @@ _:
./hosts.nix
./mysql-backup.nix
./news.nix
./nichtparasoup.nix
./pyload.nix
./restic.nix
./screenlock.nix

48
lass/3modules/nichtparasoup.nix Normal file
View File

@ -0,0 +1,48 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
options.lass.nichtparasoup = {
enable = mkEnableOption "nichtparasoup funny image page";
config = mkOption {
type = types.str;
default = ''
[General]
Port: 5001
IP: 0.0.0.0
Useragent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25
[Cache]
Images_min_limit: 15
[Logging]
;; possible destinations: file syslog
Destination: syslog
Verbosity: ERROR
[Sites]
SoupIO: everyone
Pr0gramm: new,top
Reddit: gifs,reactiongifs,ANormalDayInRussia,perfectloops,reallifedoodles,bizarrebuildings,cablefail,cableporn,educationalgifs,EngineeringPorn,holdmybeer,itsaunixsystem,loadingicon,michaelbaygifs,nononoyesno,oddlysatisfying,ofcoursethatsathing,OSHA,PeopleFuckingDying,PerfectTiming,PixelArt,RetroFuturism,robotsbeingjerks,scriptedasiangifs,shittyrobots,startrekstabilized,ThingsCutInHalfPorn,totallynotrobots,Unexpected
NineGag: geeky,wtf,hot,trending
Instagram: nature,wtf
Fourchan: sci
'';
};
};
config = mkIf config.lass.nichtparasoup.enable {
systemd.services.nichtparasoup = {
description = "nichtparasoup";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
serviceConfig = {
Restart = "always";
ExecStart = "${pkgs.nichtparasoup}/bin/nichtparasoup -c ${pkgs.writeText "config.ini"config.lass.nichtparasoup.config}";
};
};
};
}

2
lass/5pkgs/custom/xmonad-lass/default.nix
View File

@ -90,7 +90,7 @@ main' = do
myLayoutHook = defLayout
where
defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat)
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
floatHooks :: Query (Endo WindowSet)
floatHooks = composeAll . concat $

4
lass/5pkgs/l-gen-secrets/default.nix
View File

@ -17,9 +17,9 @@ pkgs.writeDashBin "l-gen-secrets" ''
cd $TMPDIR
for x in *; do
${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m krebs-secrets/$HOSTNAME/$x > /dev/null
${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null
done
echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/pass > /dev/null
echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/pass > /dev/null
cat <<EOF
$HOSTNAME = {

15
lass/5pkgs/nichtparasoup/default.nix Normal file
View File

@ -0,0 +1,15 @@
{ stdenv, pkgs, ... }:
let
py = pkgs.python3Packages.python.withPackages (p: [
p.werkzeug
p.beautifulsoup4
]);
src = pkgs.fetchFromGitHub {
owner = "k4cg";
repo = "nichtparasoup";
rev = "c6dcd0d";
sha256 = "10xy20bjdnd5bjv2hf6v5y5wi0mc9555awxkjqf57rk6ngc5w6ss";
};
in pkgs.writeDashBin "nichtparasoup" ''
${py}/bin/python ${src}/nichtparasoup.py "$@"
''

13
lass/5pkgs/nichtparasoup/exception.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/nichtparasoup.py b/nichtparasoup.py
index 9da9a2b..833ca71 100755
--- a/nichtparasoup.py
+++ b/nichtparasoup.py
@@ -211,7 +211,7 @@ def cache_fill_loop():
try:
sources[crawler][site].crawl()
info = Crawler.info()
- except Exception, e:
+ except Exception as e:
logger.error("Error in crawler %s - %s: %s" % (crawler, site, e))
break

2
lass/kops.nix
View File

@ -8,7 +8,7 @@
source = { test }: lib.evalSource [
krebs-source
{
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
secrets = if test then {
file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets";
} else {

2
lass/source.nix
View File

@ -12,7 +12,7 @@ host@{ name, secure ? false, override ? {} }: let
in
evalSource (toString _file) [
{
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
secrets = getAttr builder {
buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;

0
makefu/6tests/data/secrets/auth.nix → makefu/0tests/data/secrets/auth.nix
View File

0
makefu/6tests/data/secrets/bepasty-secret.nix → makefu/0tests/data/secrets/bepasty-secret.nix
View File

0
makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname → makefu/0tests/data/secrets/bgt_cyberwar_hidden_service/hostname
View File

0
makefu/6tests/data/secrets/daemon-pw → makefu/0tests/data/secrets/daemon-pw
View File

0
makefu/6tests/data/secrets/dl.euer.krebsco.de-auth.nix → makefu/0tests/data/secrets/dl.euer.krebsco.de-auth.nix
View File

0
makefu/6tests/data/secrets/extra-hosts.nix → makefu/0tests/data/secrets/extra-hosts.nix
View File

0
makefu/6tests/data/secrets/grafana_security.nix → makefu/0tests/data/secrets/grafana_security.nix
View File

0
makefu/6tests/data/secrets/hashedPasswords.nix → makefu/0tests/data/secrets/hashedPasswords.nix
View File

0
makefu/6tests/data/secrets/iodinepw.nix → makefu/0tests/data/secrets/iodinepw.nix
View File

0
makefu/6tests/data/secrets/kibana-auth.nix → makefu/0tests/data/secrets/kibana-auth.nix
View File

0
makefu/6tests/data/secrets/nsupdate-data.nix → makefu/0tests/data/secrets/nsupdate-data.nix
View File

0
makefu/6tests/data/secrets/nsupdate-search.nix → makefu/0tests/data/secrets/nsupdate-search.nix
View File

0
makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv → makefu/0tests/data/secrets/retiolum-ci.rsa_key.priv
View File

0
makefu/6tests/data/secrets/retiolum.rsa_key.priv → makefu/0tests/data/secrets/retiolum.rsa_key.priv
View File

0
makefu/6tests/data/secrets/retiolum.rsa_key.pub → makefu/0tests/data/secrets/retiolum.rsa_key.pub
View File

0
makefu/6tests/data/secrets/sambacred → makefu/0tests/data/secrets/sambacred
View File

0
makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix → makefu/0tests/data/secrets/shackspace-gitlab-ci-token.nix
View File

0
makefu/6tests/data/secrets/ssh.id_ed25519 → makefu/0tests/data/secrets/ssh.id_ed25519
View File

0
makefu/6tests/data/secrets/ssh.makefu.id_rsa → makefu/0tests/data/secrets/ssh.makefu.id_rsa
View File

Some files were not shown because too many files have changed in this diff Show More