Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse Source
This commit is contained in:
tv 2018-12-07 13:20:49 +01:00
commit 1d3a3c8104
39 changed files with 1059 additions and 1002 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

310
krebs/2configs/news-spam.nix
View File

@ -4,161 +4,161 @@
krebs.newsbot-js.news-spam = { krebs.newsbot-js.news-spam = {
urlShortenerHost = "go.lassul.us"; urlShortenerHost = "go.lassul.us";
feeds = pkgs.writeText "feeds" '' feeds = pkgs.writeText "feeds" ''
[SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews _aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
[SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews _allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
[SPAM]antirez|http://antirez.com/rss|#snews _antirez|http://antirez.com/rss|#snews
[SPAM]archlinux|http://www.archlinux.org/feeds/news/|#snews _archlinux|http://www.archlinux.org/feeds/news/|#snews
[SPAM]ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews _ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews
[SPAM]augustl|http://augustl.com/atom.xml|#snews _augustl|http://augustl.com/atom.xml|#snews
[SPAM]bbc|http://feeds.bbci.co.uk/news/rss.xml|#snews _bbc|http://feeds.bbci.co.uk/news/rss.xml|#snews
[SPAM]bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#snews _bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#snews
[SPAM]bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#snews _bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#snews
[SPAM]bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#snews _bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#snews
[SPAM]bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#snews _bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#snews
[SPAM]bitcoinpakistan|https://bitcoinspakistan.com/feed/|#snews _bitcoinpakistan|https://bitcoinspakistan.com/feed/|#snews
[SPAM]cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#snews _cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#snews
[SPAM]carta|http://feeds2.feedburner.com/carta-standard-rss|#snews _carta|http://feeds2.feedburner.com/carta-standard-rss|#snews
[SPAM]catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#snews _catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#snews
[SPAM]cbc_busi|http://rss.cbc.ca/lineup/business.xml|#snews _cbc_busi|http://rss.cbc.ca/lineup/business.xml|#snews
[SPAM]cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#snews _cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#snews
[SPAM]cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#snews _cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#snews
[SPAM]cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#snews _cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#snews
[SPAM]cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#snews _cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#snews
[SPAM]ccc|http://www.ccc.de/rss/updates.rdf|#snews _ccc|http://www.ccc.de/rss/updates.rdf|#snews
[SPAM]chan_biz|http://boards.4chan.org/biz/index.rss|#snews _chan_biz|http://boards.4chan.org/biz/index.rss|#snews
[SPAM]chan_g|http://boards.4chan.org/g/index.rss|#snews _chan_g|http://boards.4chan.org/g/index.rss|#snews
[SPAM]chan_int|http://boards.4chan.org/int/index.rss|#snews _chan_int|http://boards.4chan.org/int/index.rss|#snews
[SPAM]chan_sci|http://boards.4chan.org/sci/index.rss|#snews _chan_sci|http://boards.4chan.org/sci/index.rss|#snews
[SPAM]chan_x|http://boards.4chan.org/x/index.rss|#snews _chan_x|http://boards.4chan.org/x/index.rss|#snews
[SPAM]c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#snews _c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#snews
[SPAM]cryptogon|http://www.cryptogon.com/?feed=rss2|#snews _cryptogon|http://www.cryptogon.com/?feed=rss2|#snews
[SPAM]csm|http://rss.csmonitor.com/feeds/csm|#snews _csm|http://rss.csmonitor.com/feeds/csm|#snews
[SPAM]csm_world|http://rss.csmonitor.com/feeds/world|#snews _csm_world|http://rss.csmonitor.com/feeds/world|#snews
[SPAM]danisch|http://www.danisch.de/blog/feed/|#snews _danisch|http://www.danisch.de/blog/feed/|#snews
[SPAM]dod|http://www.defense.gov/news/afps2.xml|#snews _dod|http://www.defense.gov/news/afps2.xml|#snews
[SPAM]dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#snews _dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#snews
[SPAM]ecat|http://ecat.com/feed|#snews _ecat|http://ecat.com/feed|#snews
[SPAM]eia_press|http://www.eia.gov/rss/press_rss.xml|#snews _eia_press|http://www.eia.gov/rss/press_rss.xml|#snews
[SPAM]eia_today|http://www.eia.gov/rss/todayinenergy.xml|#snews _eia_today|http://www.eia.gov/rss/todayinenergy.xml|#snews
[SPAM]embargowatch|https://embargowatch.wordpress.com/feed/|#snews _embargowatch|https://embargowatch.wordpress.com/feed/|#snews
[SPAM]ethereum-comments|http://blog.ethereum.org/comments/feed|#snews _ethereum-comments|http://blog.ethereum.org/comments/feed|#snews
[SPAM]ethereum|http://blog.ethereum.org/feed|#snews _ethereum|http://blog.ethereum.org/feed|#snews
[SPAM]europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#snews _europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#snews
[SPAM]eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#snews _eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#snews
[SPAM]exploitdb|http://www.exploit-db.com/rss.xml|#snews _exploitdb|http://www.exploit-db.com/rss.xml|#snews
[SPAM]fars|http://www.farsnews.com/rss.php|#snews #test _fars|http://www.farsnews.com/rss.php|#snews #test
[SPAM]faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#snews _faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#snews
[SPAM]faz_politik|http://www.faz.net/rss/aktuell/politik/|#snews _faz_politik|http://www.faz.net/rss/aktuell/politik/|#snews
[SPAM]faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#snews _faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#snews
[SPAM]fbi|https://www.fbi.gov/news/rss.xml|#snews _fbi|https://www.fbi.gov/news/rss.xml|#snews
[SPAM]fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#snews _fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#snews
[SPAM]fefe|http://blog.fefe.de/rss.xml|#snews _fefe|http://blog.fefe.de/rss.xml|#snews
[SPAM]forbes|http://www.forbes.com/forbes/feed2/|#snews _forbes|http://www.forbes.com/forbes/feed2/|#snews
[SPAM]forbes_realtime|http://www.forbes.com/real-time/feed2/|#snews _forbes_realtime|http://www.forbes.com/real-time/feed2/|#snews
[SPAM]fox|http://feeds.foxnews.com/foxnews/latest|#snews _fox|http://feeds.foxnews.com/foxnews/latest|#snews
[SPAM]geheimorganisation|http://geheimorganisation.org/feed/|#snews _geheimorganisation|http://geheimorganisation.org/feed/|#snews
[SPAM]GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#snews _GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#snews
[SPAM]gmanet|http://www.gmanetwork.com/news/rss/news|#snews _gmanet|http://www.gmanetwork.com/news/rss/news|#snews
[SPAM]golem|http://rss.golem.de/rss.php|#snews _golem|http://rss.golem.de/rss.php|#snews
[SPAM]google|http://news.google.com/?output=rss|#snews _google|http://news.google.com/?output=rss|#snews
[SPAM]greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#snews _greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#snews
[SPAM]guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#snews _guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#snews
[SPAM]gulli|http://ticker.gulli.com/rss/|#snews _gulli|http://ticker.gulli.com/rss/|#snews
[SPAM]hackernews|https://news.ycombinator.com/rss|#snews _hackernews|https://news.ycombinator.com/rss|#snews
[SPAM]handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#snews _handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#snews
[SPAM]heise|https://www.heise.de/newsticker/heise-atom.xml|#snews _heise|https://www.heise.de/newsticker/heise-atom.xml|#snews
[SPAM]hindu_business|http://www.thehindubusinessline.com/?service=rss|#snews _hindu_business|http://www.thehindubusinessline.com/?service=rss|#snews
[SPAM]hindu|http://www.thehindu.com/?service=rss|#snews _hindu|http://www.thehindu.com/?service=rss|#snews
[SPAM]ign|http://feeds.ign.com/ign/all|#snews _ign|http://feeds.ign.com/ign/all|#snews
[SPAM]independent|http://www.independent.com/rss/headlines/|#snews _independent|http://www.independent.com/rss/headlines/|#snews
[SPAM]indymedia|https://de.indymedia.org/rss.xml|#snews _indymedia|https://de.indymedia.org/rss.xml|#snews
[SPAM]info_libera|http://www.informationliberation.com/rss.xml|#snews _info_libera|http://www.informationliberation.com/rss.xml|#snews
[SPAM]klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#snews _klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#snews
[SPAM]korea_herald|http://www.koreaherald.com/rss_xml.php|#snews _korea_herald|http://www.koreaherald.com/rss_xml.php|#snews
[SPAM]linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#snews _linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#snews
[SPAM]lisp|http://planet.lisp.org/rss20.xml|#snews _lisp|http://planet.lisp.org/rss20.xml|#snews
[SPAM]liveleak|http://www.liveleak.com/rss|#snews _liveleak|http://www.liveleak.com/rss|#snews
[SPAM]lolmythesis|http://lolmythesis.com/rss|#snews _lolmythesis|http://lolmythesis.com/rss|#snews
[SPAM]LtU|http://lambda-the-ultimate.org/rss.xml|#snews _LtU|http://lambda-the-ultimate.org/rss.xml|#snews
[SPAM]lukepalmer|http://lukepalmer.wordpress.com/feed/|#snews _lukepalmer|http://lukepalmer.wordpress.com/feed/|#snews
[SPAM]mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#snews _mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#snews
[SPAM]mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#snews _mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#snews
[SPAM]nds|http://www.nachdenkseiten.de/?feed=atom|#snews _nds|http://www.nachdenkseiten.de/?feed=atom|#snews
[SPAM]netzpolitik|https://netzpolitik.org/feed/|#snews _netzpolitik|https://netzpolitik.org/feed/|#snews
[SPAM]newsbtc|http://newsbtc.com/feed/|#snews _newsbtc|http://newsbtc.com/feed/|#snews
[SPAM]nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#snews _nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#snews
[SPAM]npr_busi|http://www.npr.org/rss/rss.php?id=1006|#snews _npr_busi|http://www.npr.org/rss/rss.php?id=1006|#snews
[SPAM]npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#snews _npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#snews
[SPAM]npr_pol|http://www.npr.org/rss/rss.php?id=1012|#snews _npr_pol|http://www.npr.org/rss/rss.php?id=1012|#snews
[SPAM]npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews _npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews
[SPAM]nsa|https://www.nsa.gov/rss.xml|#snews #bullerei _nsa|https://www.nsa.gov/rss.xml|#snews #bullerei
[SPAM]nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews _nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews
[SPAM]painload|https://github.com/krebs/painload/commits/master.atom|#snews _painload|https://github.com/krebs/painload/commits/master.atom|#snews
[SPAM]phys|http://phys.org/rss-feed/|#snews _phys|http://phys.org/rss-feed/|#snews
[SPAM]piraten|https://www.piratenpartei.de/feed/|#snews _piraten|https://www.piratenpartei.de/feed/|#snews
[SPAM]polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews _polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews
[SPAM]presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#snews _presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#snews
[SPAM]presseportal|http://www.presseportal.de/rss/presseportal.rss2|#snews _presseportal|http://www.presseportal.de/rss/presseportal.rss2|#snews
[SPAM]prisonplanet|http://prisonplanet.com/feed.rss|#snews _prisonplanet|http://prisonplanet.com/feed.rss|#snews
[SPAM]rawstory|http://www.rawstory.com/rs/feed/|#snews _rawstory|http://www.rawstory.com/rs/feed/|#snews
[SPAM]reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#snews _reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#snews
[SPAM]reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#snews _reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#snews
[SPAM]reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#snews _reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#snews
[SPAM]reddit_consp|http://reddit.com/r/conspiracy/.rss|#snews _reddit_consp|http://reddit.com/r/conspiracy/.rss|#snews
[SPAM]reddit_haskell|http://www.reddit.com/r/haskell/.rss|#snews _reddit_haskell|http://www.reddit.com/r/haskell/.rss|#snews
[SPAM]reddit_nix|http://www.reddit.com/r/nixos/.rss|#snews _reddit_nix|http://www.reddit.com/r/nixos/.rss|#snews
[SPAM]reddit_prog|http://www.reddit.com/r/programming/new/.rss|#snews _reddit_prog|http://www.reddit.com/r/programming/new/.rss|#snews
[SPAM]reddit_sci|http://www.reddit.com/r/science/.rss|#snews _reddit_sci|http://www.reddit.com/r/science/.rss|#snews
[SPAM]reddit_tech|http://www.reddit.com/r/technology/.rss|#snews _reddit_tech|http://www.reddit.com/r/technology/.rss|#snews
[SPAM]reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#snews _reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#snews
[SPAM]reddit_world|http://www.reddit.com/r/worldnews/.rss|#snews _reddit_world|http://www.reddit.com/r/worldnews/.rss|#snews
[SPAM]r-ethereum|http://www.reddit.com/r/ethereum/.rss|#snews _r-ethereum|http://www.reddit.com/r/ethereum/.rss|#snews
[SPAM]reuters|http://feeds.reuters.com/Reuters/worldNews|#snews _reuters|http://feeds.reuters.com/Reuters/worldNews|#snews
[SPAM]reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#snews _reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#snews
[SPAM]rt|http://rt.com/rss/news/|#snews _rt|http://rt.com/rss/news/|#snews
[SPAM]schallurauch|http://feeds.feedburner.com/SchallUndRauch|#snews _schallurauch|http://feeds.feedburner.com/SchallUndRauch|#snews
[SPAM]sciencemag|http://news.sciencemag.org/rss/current.xml|#snews _sciencemag|http://news.sciencemag.org/rss/current.xml|#snews
[SPAM]scmp|http://www.scmp.com/rss/91/feed|#snews _scmp|http://www.scmp.com/rss/91/feed|#snews
[SPAM]sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews _sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews
[SPAM]shackspace|http://shackspace.de/atom.xml|#snews _shackspace|http://shackspace.de/atom.xml|#snews
[SPAM]shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews _shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews
[SPAM]sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews _sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews
[SPAM]sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews _sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews
[SPAM]sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#snews _sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#snews
[SPAM]sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#snews _sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#snews
[SPAM]sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#snews _sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#snews
[SPAM]slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews _slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews
[SPAM]slate|http://feeds.slate.com/slate|#snews _slate|http://feeds.slate.com/slate|#snews
[SPAM]spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews _spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews
[SPAM]spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews _spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews
[SPAM]standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews _standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews
[SPAM]stern|http://www.stern.de/feed/standard/all/|#snews _stern|http://www.stern.de/feed/standard/all/|#snews
[SPAM]stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#snews _stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#snews
[SPAM]sz_politik|http://rss.sueddeutsche.de/rss/Politik|#snews _sz_politik|http://rss.sueddeutsche.de/rss/Politik|#snews
[SPAM]sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#snews _sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#snews
[SPAM]sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#snews _sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#snews
[SPAM]tagesschau|http://www.tagesschau.de/newsticker.rdf|#snews _tagesschau|http://www.tagesschau.de/newsticker.rdf|#snews
[SPAM]taz|http://taz.de/Themen-des-Tages/!p15;rss/|#snews _taz|http://taz.de/Themen-des-Tages/!p15;rss/|#snews
[SPAM]telegraph|http://www.telegraph.co.uk/rss.xml|#snews _telegraph|http://www.telegraph.co.uk/rss.xml|#snews
[SPAM]telepolis|http://www.heise.de/tp/rss/news-atom.xml|#snews _telepolis|http://www.heise.de/tp/rss/news-atom.xml|#snews
[SPAM]the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews _the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews
[SPAM]tigsource|http://www.tigsource.com/feed/|#snews _tigsource|http://www.tigsource.com/feed/|#snews
[SPAM]tinc|http://tinc-vpn.org/news/index.rss|#snews _tinc|http://tinc-vpn.org/news/index.rss|#snews
[SPAM]torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews _torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews
[SPAM]torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews _torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews
[SPAM]torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews _torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews
[SPAM]travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#snews _travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#snews
[SPAM]un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#snews _un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#snews
[SPAM]un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#snews _un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#snews
[SPAM]un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#snews _un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#snews
[SPAM]un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#snews _un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#snews
[SPAM]un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#snews _un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#snews
[SPAM]un_top|http://www.un.org/apps/news/rss/rss_top.asp|#snews _un_top|http://www.un.org/apps/news/rss/rss_top.asp|#snews
[SPAM]us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews _us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews
[SPAM]vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews _vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews
[SPAM]weechat|http://dev.weechat.org/feed/atom|#snews _weechat|http://dev.weechat.org/feed/atom|#snews
[SPAM]xkcd|https://xkcd.com/rss.xml|#snews _xkcd|https://xkcd.com/rss.xml|#snews
[SPAM]zdnet|http://www.zdnet.com/news/rss.xml|#snews _zdnet|http://www.zdnet.com/news/rss.xml|#snews
''; '';
}; };
} }

2
krebs/3modules/Reaktor.nix
View File

@ -8,7 +8,7 @@ let
out = { out = {
options.krebs.Reaktor = api; options.krebs.Reaktor = api;
config = imp; config = mkIf (cfg != {}) imp;
}; };
api = mkOption { api = mkOption {

4
krebs/3modules/bepasty-server.nix
View File

@ -143,12 +143,12 @@ let
) cfg.servers; ) cfg.servers;
users.extraUsers.bepasty = { users.extraUsers.bepasty = {
uid = genid "bepasty"; uid = genid_uint31 "bepasty";
group = "bepasty"; group = "bepasty";
home = "/var/lib/bepasty-server"; home = "/var/lib/bepasty-server";
}; };
users.extraGroups.bepasty = { users.extraGroups.bepasty = {
gid = genid "bepasty"; gid = genid_uint31 "bepasty";
}; };
}; };

1
krebs/3modules/default.nix
View File

@ -109,6 +109,7 @@ let
}; };
imp = lib.mkMerge [ imp = lib.mkMerge [
{ krebs = import ./external { inherit config; }; }
{ krebs = import ./jeschli { inherit config; }; } { krebs = import ./jeschli { inherit config; }; }
{ krebs = import ./krebs { inherit config; }; } { krebs = import ./krebs { inherit config; }; }
{ krebs = import ./lass { inherit config; }; } { krebs = import ./lass { inherit config; }; }

312
krebs/3modules/external/default.nix vendored Normal file
View File

@ -0,0 +1,312 @@
{ config, ... }:
with import <stockholm/lib>;
{
hosts = mapAttrs (_: recursiveUpdate {
ci = false;
external = true;
monitoring = false;
}) {
sokrateslaptop = {
owner = config.krebs.users.sokratess;
nets = {
retiolum = {
ip4.addr = "10.243.142.104";
ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc";
aliases = [
"sokrateslaptop.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
kruck = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.29.201";
ip6.addr = "42:4234:6a6d:600::1";
aliases = [
"kruck.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
/RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
scardanelli = {
owner = config.krebs.users.kmein;
nets = {
retiolum = {
ip4.addr = "10.243.2.2";
ip6.addr = "42:2:5ca:da:3111::1";
aliases = [
"scardanelli.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/
MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge
UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi
kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0
gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx
we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY
QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm
SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL
2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f
m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q
FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5
lM61fOMcVW1KREdWypiDtu8CAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
};
homeros = {
owner = config.krebs.users.kmein;
nets = {
retiolum = {
ip4.addr = "10.243.2.1";
ip6.addr = "42:2::0:3:05::1";
aliases = [
"homeros.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd
ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc
6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v
RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd
vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3
+LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc
QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm
fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh
VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7
k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX
gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N
mJ/hywVtvLxNkNimyztoKKMCAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
};
turingmachine = {
owner = config.krebs.users.Mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.168";
ip6.addr = "42:4992:6a6d:600::1";
aliases = [
"turingmachine.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C
t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9
6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8
ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g
nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06
5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT
1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1
gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl
DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL
W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW
OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
eddie = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
# eddie.thalheim.io
ip4.addr = "129.215.197.11";
aliases = [ "eddie.i" ];
};
retiolum = rec {
via = internet;
addrs = [
ip4.addr
ip6.addr
];
ip4.addr = "10.243.29.170";
ip6.addr = "42:4992:6a6d:700::1";
aliases = [ "eddie.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d
j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm
3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF
2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua
KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq
iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t
6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD
kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u
hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay
pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ
lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.subnets = [
# edinburgh university
"129.215.0.0/16"
];
};
};
};
rock = {
owner = config.krebs.users.Mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.171";
ip6.addr = "42:4992:6a6d:700::2";
aliases = [ "rock.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM
DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7
HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh
mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf
Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M
Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD
91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4
fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv
3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav
ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q
cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
inspector = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
ip4.addr = "141.76.44.154";
aliases = [ "inspector.i" ];
};
retiolum = {
via = internet;
ip4.addr = "10.243.29.172";
ip6.addr = "42:4992:6a6d:800::1";
aliases = [ "inspector.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
dpdkm = {
owner = config.krebs.users.Mic92;
nets = rec {
retiolum = {
ip4.addr = "10.243.29.173";
ip6.addr = "42:4992:6a6d:900::1";
aliases = [ "dpdkm.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
eve = {
owner = config.krebs.users.Mic92;
nets = rec {
internet = {
# eve.thalheim.io
ip4.addr = "188.68.39.17";
ip6.addr = "2a03:4000:13:31e::1";
aliases = [ "eve.i" ];
};
retiolum = rec {
via = internet;
addrs = [
ip4.addr
ip6.addr
];
ip4.addr = "10.243.29.174";
ip6.addr = "42:4992:6a6d:a00::1";
aliases = [ "eve.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH
XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82
08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk
6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI
+xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3
dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW
pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP
c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi
YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI
61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13
Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
};
users = {
Mic92 = {
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE";
mail = "joerg@higgsboson.tk";
};
kmein = {
};
palo = {
};
sokratess = {
};
};
}

2
krebs/3modules/fetchWallpaper.nix
View File

@ -53,7 +53,7 @@ let
imp = { imp = {
users.users.fetchWallpaper = { users.users.fetchWallpaper = {
name = "fetchWallpaper"; name = "fetchWallpaper";
uid = genid "fetchWallpaper"; uid = genid_uint31 "fetchWallpaper";
description = "fetchWallpaper user"; description = "fetchWallpaper user";
home = cfg.stateDir; home = cfg.stateDir;
createHome = true; createHome = true;

2
krebs/3modules/git.nix
View File

@ -427,7 +427,7 @@ let
system.activationScripts.cgit = '' system.activationScripts.cgit = ''
mkdir -m 0770 -p ${cfg.cgit.settings.cache-root} mkdir -m 0770 -p ${cfg.cgit.settings.cache-root}
chmod 0770 ${cfg.cgit.settings.cache-root} chmod 0770 ${cfg.cgit.settings.cache-root}
chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root} chown ${toString cfg.cgit.fcgiwrap.user.name}:${toString cfg.cgit.fcgiwrap.group.name} ${cfg.cgit.settings.cache-root}
''; '';
services.nginx.virtualHosts.cgit = { services.nginx.virtualHosts.cgit = {

356
krebs/3modules/lass/default.nix
View File

@ -129,29 +129,10 @@ with import <stockholm/lib>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
}; };
domsen-nas = {
ci = false;
monitoring = false;
external = true;
nets = rec {
internet = {
aliases = [
"domsen-nas.internet"
];
ip4.addr = "87.138.180.167";
ssh.port = 2223;
};
};
};
uriel = { uriel = {
monitoring = false; monitoring = false;
cores = 1; cores = 1;
nets = { nets = {
gg23 = {
ip4.addr = "10.23.1.12";
aliases = ["uriel.gg23"];
ssh.port = 45621;
};
retiolum = { retiolum = {
ip4.addr = "10.243.81.176"; ip4.addr = "10.243.81.176";
ip6.addr = "42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"; ip6.addr = "42:dc25:60cf:94ef:759b:d2b6:98a9:2e56";
@ -178,11 +159,6 @@ with import <stockholm/lib>;
mors = { mors = {
cores = 2; cores = 2;
nets = { nets = {
gg23 = {
ip4.addr = "10.23.1.11";
aliases = ["mors.gg23"];
ssh.port = 45621;
};
retiolum = { retiolum = {
ip4.addr = "10.243.0.2"; ip4.addr = "10.243.0.2";
ip6.addr = "42:0:0:0:0:0:0:dea7"; ip6.addr = "42:0:0:0:0:0:0:dea7";
@ -351,258 +327,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
}; };
iso = {
monitoring = false;
ci = false;
cores = 1;
};
sokrateslaptop = {
monitoring = false;
ci = false;
external = true;
nets = {
retiolum = {
ip4.addr = "10.243.142.104";
ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc";
aliases = [
"sokrateslaptop.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
kruck = {
monitoring = false;
ci = false;
external = true;
nets = {
retiolum = {
ip4.addr = "10.243.29.201";
ip6.addr = "42:4234:6a6d:600::1";
aliases = [
"kruck.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
/RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
turingmachine = {
monitoring = false;
ci = false;
external = true;
nets = {
retiolum = {
ip4.addr = "10.243.29.168";
ip6.addr = "42:4992:6a6d:600::1";
aliases = [
"turingmachine.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C
t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9
6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8
ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g
nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06
5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT
1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1
gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl
DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL
W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW
OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
eddie = {
monitoring = false;
ci = false;
external = true;
nets = rec {
internet = {
# eddie.thalheim.io
ip4.addr = "129.215.197.11";
aliases = [ "eddie.i" ];
};
retiolum = rec {
via = internet;
addrs = [
ip4.addr
ip6.addr
];
ip4.addr = "10.243.29.170";
ip6.addr = "42:4992:6a6d:700::1";
aliases = [ "eddie.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d
j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm
3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF
2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua
KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq
iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t
6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD
kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u
hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay
pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ
lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.subnets = [
# edinburgh university
"129.215.0.0/16"
];
};
};
};
rock = {
monitoring = false;
ci = false;
external = true;
nets = {
retiolum = {
ip4.addr = "10.243.29.171";
ip6.addr = "42:4992:6a6d:700::2";
aliases = [ "rock.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM
DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7
HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh
mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf
Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M
Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD
91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4
fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv
3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav
ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q
cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
inspector = {
monitoring = false;
ci = false;
external = true;
nets = rec {
internet = {
ip4.addr = "141.76.44.154";
aliases = [ "inspector.i" ];
};
retiolum = {
via = internet;
ip4.addr = "10.243.29.172";
ip6.addr = "42:4992:6a6d:800::1";
aliases = [ "inspector.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
dpdkm = {
monitoring = false;
ci = false;
external = true;
nets = rec {
retiolum = {
ip4.addr = "10.243.29.173";
ip6.addr = "42:4992:6a6d:900::1";
aliases = [ "dpdkm.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
eve = {
monitoring = false;
ci = false;
external = true;
nets = rec {
internet = {
# eve.thalheim.io
ip4.addr = "188.68.39.17";
ip6.addr = "2a03:4000:13:31e::1";
aliases = [ "eve.i" ];
};
retiolum = rec {
via = internet;
addrs = [
ip4.addr
ip6.addr
];
ip4.addr = "10.243.29.174";
ip6.addr = "42:4992:6a6d:a00::1";
aliases = [ "eve.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH
XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82
08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk
6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI
+xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3
dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW
pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP
c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi
YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI
61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13
Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
xerxes = { xerxes = {
cores = 2; cores = 2;
nets = rec { nets = rec {
@ -644,47 +368,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
}; };
cabal = {
cores = 2;
nets = rec {
retiolum = {
ip4.addr = "10.243.1.4";
ip6.addr = "42::1:4";
aliases = [
"cabal.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A
SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj
rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK
qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e
LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq
rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3
6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE
fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v
yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A
kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR
KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi
TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U
oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs
TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw
3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD
rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ
4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf
luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py
w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG
09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1
K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g
ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
};
red = { red = {
monitoring = false; monitoring = false;
cores = 1; cores = 1;
@ -716,6 +399,36 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
}; };
yellow = {
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.0.14";
ip6.addr = "42:0:0:0:0:0:0:14";
aliases = [
"yellow.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP
MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY
b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU
Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd
OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP
vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6
C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp
Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU
52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg
zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p
DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ
Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje ";
};
blue = { blue = {
cores = 1; cores = 1;
nets = { nets = {
@ -789,9 +502,6 @@ with import <stockholm/lib>;
mail = "lass@daedalus.r"; mail = "lass@daedalus.r";
pubkey = builtins.readFile ./ssh/daedalus.rsa; pubkey = builtins.readFile ./ssh/daedalus.rsa;
}; };
fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
};
prism-repo-sync = { prism-repo-sync = {
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe";
mail = "lass@prism.r"; mail = "lass@prism.r";
@ -800,14 +510,8 @@ with import <stockholm/lib>;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h";
mail = "lass@mors.r"; mail = "lass@mors.r";
}; };
sokratess = {
};
wine-mors = { wine-mors = {
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKfTIKmbe1RjX1fjAn//08363zAsI0CijWnaYyAC842"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKfTIKmbe1RjX1fjAn//08363zAsI0CijWnaYyAC842";
}; };
Mic92 = {
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE";
mail = "joerg@higgsboson.tk";
};
}; };
} }

185
krebs/3modules/realwallpaper.nix
View File

@ -77,7 +77,190 @@ let
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = "${pkgs.realwallpaper}/realwallpaper.sh"; ExecStart = pkgs.writeDash "generate-wallpaper" ''
set -xeuf
# usage: getimg FILENAME URL
fetch() {
echo "fetch $1"
curl -LsS -z "$1" -o "$1" "$2"
}
# usage: check_type FILENAME TYPE
check_type() {
if ! file -ib "$1" | grep -q "^$2/"; then
echo "$1 is not of type $2" >&2
rm "$1"
return 1
fi
}
# usage: image_size FILENAME
image_size() {
identify "$1" | awk '{print$3}'
}
# usage: make_mask DST SRC MASK
make_layer() {
if needs_rebuild "$@"; then
echo "make $1 (apply mask)" >&2
convert "$2" "$3" -alpha off -compose copy_opacity -composite "$1"
fi
}
# usage: flatten DST HILAYER LOLAYER
flatten() {
if needs_rebuild "$@"; then
echo "make $1 (flatten)" >&2
composite "$2" "$3" "$1"
fi
}
# usage: needs_rebuild DST SRC...
needs_rebuild() {
a="$1"
shift
if ! test -e "$a"; then
#echo " $a does not exist" >&2
result=0
else
result=1
for b; do
if test "$b" -nt "$a"; then
#echo " $b is newer than $a" >&2
result=0
fi
done
fi
#case $result in
# 0) echo "$a needs rebuild" >&2;;
#esac
return $result
}
main() {
cd ${cfg.workingDir}
# fetch source images in parallel
fetch nightmap-raw.jpg \
${cfg.nightmap} &
fetch daymap-raw.png \
${cfg.daymap} &
fetch clouds-raw.jpg \
${cfg.cloudmap} &
fetch marker.json \
${cfg.marker} &
wait
check_type nightmap-raw.jpg image
check_type daymap-raw.png image
check_type clouds-raw.jpg image
in_size=2048x1024
xplanet_out_size=1466x1200
out_geometry=1366x768+100+160
nightsnow_color='#0c1a49' # nightmap
for raw in \
nightmap-raw.jpg \
daymap-raw.png \
clouds-raw.jpg \
;
do
normal=''${raw%-raw.*}.png
if needs_rebuild $normal $raw; then
echo "make $normal; normalize $raw" >&2
convert $raw -scale $in_size $normal
fi
done
# create nightmap-fullsnow
if needs_rebuild nightmap-fullsnow.png; then
convert -size $in_size xc:$nightsnow_color nightmap-fullsnow.png
fi
# extract daymap-snowmask from daymap-final
if needs_rebuild daymap-snowmask.png daymap.png; then
convert daymap.png -threshold 95% daymap-snowmask.png
fi
# extract nightmap-lightmask from nightmap
if needs_rebuild nightmap-lightmask.png nightmap.png; then
convert nightmap.png -threshold 25% nightmap-lightmask.png
fi
# create layers
make_layer nightmap-snowlayer.png nightmap-fullsnow.png daymap-snowmask.png
make_layer nightmap-lightlayer.png nightmap.png nightmap-lightmask.png
# apply layers
flatten nightmap-lightsnowlayer.png \
nightmap-lightlayer.png \
nightmap-snowlayer.png
flatten nightmap-final.png \
nightmap-lightsnowlayer.png \
nightmap.png
# create marker file from json
if [ -s marker.json ]; then
jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude)"' marker.json > marker_file
fi
# make all unmodified files as final
for normal in \
daymap.png \
clouds.png \
;
do
final=''${normal%.png}-final.png
needs_rebuild $final &&
ln $normal $final
done
# rebuild every time to update shadow
xplanet --num_times 1 --geometry $xplanet_out_size \
--output xplanet-output.png --projection merc \
-config ${pkgs.writeText "xplanet.config" ''
[earth]
"Earth"
map=daymap-final.png
night_map=nightmap-final.png
cloud_map=clouds-final.png
cloud_threshold=10
shade=15
''}
xplanet --num_times 1 --geometry $xplanet_out_size \
--output xplanet-krebs-output.png --projection merc \
-config ${pkgs.writeText "xplanet-krebs.config" ''
[earth]
"Earth"
map=daymap-final.png
night_map=nightmap-final.png
cloud_map=clouds-final.png
cloud_threshold=10
marker_file=marker_file
shade=15
''}
# trim xplanet output
if needs_rebuild realwallpaper.png xplanet-output.png; then
convert xplanet-output.png -crop $out_geometry \
realwallpaper-tmp.png
mv realwallpaper-tmp.png realwallpaper.png
fi
if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then
convert xplanet-krebs-output.png -crop $out_geometry \
realwallpaper-krebs-tmp.png
mv realwallpaper-krebs-tmp.png realwallpaper-krebs.png
fi
}
main "$@"
'';
User = "realwallpaper"; User = "realwallpaper";
}; };
}; };

2
krebs/3modules/tinc_graphs.nix
View File

@ -124,7 +124,7 @@ let
}; };
users.extraUsers.tinc_graphs = { users.extraUsers.tinc_graphs = {
uid = genid "tinc_graphs"; uid = genid_uint31 "tinc_graphs";
home = "/var/spool/tinc_graphs"; home = "/var/spool/tinc_graphs";
}; };
services.nginx = mkIf cfg.nginx.enable { services.nginx = mkIf cfg.nginx.enable {

24
krebs/5pkgs/simple/realwallpaper/default.nix
View File

@ -1,24 +0,0 @@
{ stdenv, fetchgit, xplanet, imagemagick, curl, file }:
stdenv.mkDerivation {
name = "realwallpaper";
src = fetchgit {
url = https://github.com/Lassulus/realwallpaper;
rev = "847faebc9b7e87e4bea078e3a2304ec00b4cdfc0";
sha256 = "10zihkwj9vpshlxw2jk67zbsy8g4i8b1y4jzna9fdcsgn7s12jrr";
};
phases = [
"unpackPhase"
"installPhase"
];
buildInputs = [
];
installPhase = ''
mkdir -p $out
cp realwallpaper.sh $out/realwallpaper.sh
'';
}

276
lass/1systems/archprism/config.nix
View File

@ -6,26 +6,10 @@ with import <stockholm/lib>;
<stockholm/lass> <stockholm/lass>
<stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/libvirt.nix> <stockholm/lass/2configs/libvirt.nix>
{
services.nginx.enable = true;
imports = [
<stockholm/lass/2configs/websites/domsen.nix>
<stockholm/lass/2configs/websites/lassulus.nix>
];
# needed by domsen.nix ^^
lass.usershadow = {
enable = true;
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
];
}
{ # TODO make new hfos.nix out of this vv { # TODO make new hfos.nix out of this vv
boot.kernel.sysctl."net.ipv4.ip_forward" = 1; boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
users.users.riot = { users.users.riot = {
uid = genid "riot"; uid = genid_uint31 "riot";
isNormalUser = true; isNormalUser = true;
extraGroups = [ "libvirtd" ]; extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
@ -42,153 +26,7 @@ with import <stockholm/lib>;
{ v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; } { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; }
]; ];
} }
{
users.users.tv = {
uid = genid "tv";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.tv.pubkey
];
};
users.users.makefu = {
uid = genid "makefu";
isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.makefu.pubkey
];
};
users.extraUsers.dritter = {
uid = genid "dritter";
isNormalUser = true;
extraGroups = [
"download"
];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
];
};
users.extraUsers.juhulian = {
uid = 1339;
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
];
};
users.users.hellrazor = {
uid = genid "hellrazor";
isNormalUser = true;
extraGroups = [
"download"
];
openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ];
};
}
{
#hotdog
systemd.services."container@hotdog".reloadIfChanged = mkForce false;
containers.hotdog = {
config = { ... }: {
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
autoStart = true;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.1";
localAddress = "10.233.2.2";
};
}
<stockholm/lass/2configs/exim-smarthost.nix>
<stockholm/lass/2configs/ts3.nix>
<stockholm/lass/2configs/privoxy-retiolum.nix>
<stockholm/lass/2configs/radio.nix>
<stockholm/lass/2configs/binary-cache/server.nix>
<stockholm/lass/2configs/iodined.nix>
<stockholm/lass/2configs/paste.nix>
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix> <stockholm/lass/2configs/container-networking.nix>
<stockholm/lass/2configs/monitoring/prometheus-server.nix>
{ # quasi bepasty.nix
imports = [
<stockholm/lass/2configs/bepasty.nix>
];
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
return 403;
}
'';
}
{
services.tor = {
enable = true;
};
}
{
lass.ejabberd = {
enable = true;
hosts = [ "lassul.us" ];
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
];
}
{
imports = [
<stockholm/lass/2configs/realwallpaper.nix>
];
services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
alias /var/realwallpaper/realwallpaper.png;
'';
}
{
users.users.jeschli = {
uid = genid "jeschli";
isNormalUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
jeschli.pubkey
jeschli-bln.pubkey
jeschli-bolide.pubkey
jeschli-brauerei.pubkey
];
};
krebs.git.rules = [
{
user = with config.krebs.users; [
jeschli
jeschli-bln
jeschli-bolide
jeschli-brauerei
];
repo = [ config.krebs.git.repos.xmonad-stockholm ];
perm = with git; push "refs/heads/jeschli*" [ fast-forward non-fast-forward create delete merge ];
}
{
user = with config.krebs.users; [
jeschli
jeschli-bln
jeschli-bolide
jeschli-brauerei
];
repo = [ config.krebs.git.repos.stockholm ];
perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ];
}
];
}
{
krebs.repo-sync.repos.stockholm.timerConfig = {
OnBootSec = "5min";
OnUnitInactiveSec = "2min";
RandomizedDelaySec = "2min";
};
}
<stockholm/lass/2configs/downloading.nix>
<stockholm/lass/2configs/minecraft.nix>
{ {
services.taskserver = { services.taskserver = {
enable = true; enable = true;
@ -201,123 +39,11 @@ with import <stockholm/lib>;
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; } { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
]; ];
} }
#<stockholm/lass/2configs/go.nix>
{
environment.systemPackages = [ pkgs.cryptsetup ];
systemd.services."container@red".reloadIfChanged = mkForce false;
containers.red = {
config = { ... }: {
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
autoStart = false;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.3";
localAddress = "10.233.2.4";
};
services.nginx.virtualHosts."rote-allez-fraktion.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
extraConfig = ''
proxy_set_header Host rote-allez-fraktion.de;
proxy_pass http://10.233.2.4;
'';
};
};
}
#{
# imports = [ <stockholm/lass/2configs/backup.nix> ];
# lass.restic = genAttrs [
# "daedalus"
# "icarus"
# "littleT"
# "mors"
# "shodan"
# "skynet"
# ] (dest: {
# dirs = [
# "/home/chat/.weechat"
# "/bku/sql_dumps"
# ];
# passwordFile = (toString <secrets>) + "/restic/${dest}";
# repo = "sftp:backup@${dest}.r:/backups/prism";
# extraArguments = [
# "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
# ];
# timerConfig = {
# OnCalendar = "00:05";
# RandomizedDelaySec = "5h";
# };
# });
#}
{
users.users.download.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse"
];
}
{
}
{
lass.nichtparasoup.enable = true;
services.nginx = {
enable = true;
virtualHosts."lol.lassul.us" = {
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
proxy_pass http://localhost:5001;
'';
};
};
}
{
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p udp --dport 51820"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
];
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.POSTROUTING.rules = [
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
];
networking.wireguard.interfaces.wg0 = {
ips = [ "10.244.1.1/24" ];
listenPort = 51820;
privateKeyFile = (toString <secrets>) + "/wireguard.key";
allowedIPsAsRoutes = true;
peers = [
{
# lass-android
allowedIPs = [ "10.244.1.2/32" ];
publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
}
];
};
}
{ {
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
]; ];
} }
{
services.murmur.enable = true;
services.murmur.registerName = "lassul.us";
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
];
}
]; ];
krebs.build.host = config.krebs.hosts.archprism; krebs.build.host = config.krebs.hosts.archprism;

16
lass/1systems/cabal/config.nix
View File

@ -1,16 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/baseX.nix>
<stockholm/lass/2configs/AP.nix>
<stockholm/lass/2configs/blue-host.nix>
];
krebs.build.host = config.krebs.hosts.cabal;
}

12
lass/1systems/cabal/physical.nix
View File

@ -1,12 +0,0 @@
{
imports = [
./config.nix
<stockholm/lass/2configs/hw/x220.nix>
<stockholm/lass/2configs/boot/stock-x220.nix>
];
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0"
'';
}

4
lass/1systems/icarus/config.nix
View File

@ -25,9 +25,5 @@
macchanger macchanger
dpass dpass
]; ];
services.redshift = {
enable = true;
provider = "geoclue2";
};
programs.adb.enable = true; programs.adb.enable = true;
} }

5
lass/1systems/mors/config.nix
View File

@ -102,6 +102,7 @@ with import <stockholm/lib>;
urban urban
mk_sql_pair mk_sql_pair
remmina remmina
transmission
iodine iodine
@ -148,10 +149,6 @@ with import <stockholm/lib>;
programs.adb.enable = true; programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
services.redshift = {
enable = true;
provider = "geoclue2";
};
lass.restic = genAttrs [ lass.restic = genAttrs [
"daedalus" "daedalus"

77
lass/1systems/prism/config.nix
View File

@ -25,7 +25,7 @@ with import <stockholm/lib>;
{ # TODO make new hfos.nix out of this vv { # TODO make new hfos.nix out of this vv
boot.kernel.sysctl."net.ipv4.ip_forward" = 1; boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
users.users.riot = { users.users.riot = {
uid = genid "riot"; uid = genid_uint31 "riot";
isNormalUser = true; isNormalUser = true;
extraGroups = [ "libvirtd" ]; extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
@ -44,21 +44,21 @@ with import <stockholm/lib>;
} }
{ {
users.users.tv = { users.users.tv = {
uid = genid "tv"; uid = genid_uint31 "tv";
isNormalUser = true; isNormalUser = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
config.krebs.users.tv.pubkey config.krebs.users.tv.pubkey
]; ];
}; };
users.users.makefu = { users.users.makefu = {
uid = genid "makefu"; uid = genid_uint31 "makefu";
isNormalUser = true; isNormalUser = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
config.krebs.users.makefu.pubkey config.krebs.users.makefu.pubkey
]; ];
}; };
users.extraUsers.dritter = { users.extraUsers.dritter = {
uid = genid "dritter"; uid = genid_uint31 "dritter";
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [
"download" "download"
@ -75,7 +75,7 @@ with import <stockholm/lib>;
]; ];
}; };
users.users.hellrazor = { users.users.hellrazor = {
uid = genid "hellrazor"; uid = genid_uint31 "hellrazor";
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [
"download" "download"
@ -168,7 +168,7 @@ with import <stockholm/lib>;
} }
{ {
users.users.jeschli = { users.users.jeschli = {
uid = genid "jeschli"; uid = genid_uint31 "jeschli";
isNormalUser = true; isNormalUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [ openssh.authorizedKeys.keys = with config.krebs.users; [
jeschli.pubkey jeschli.pubkey
@ -207,7 +207,6 @@ with import <stockholm/lib>;
RandomizedDelaySec = "2min"; RandomizedDelaySec = "2min";
}; };
} }
<stockholm/lass/2configs/downloading.nix>
<stockholm/lass/2configs/minecraft.nix> <stockholm/lass/2configs/minecraft.nix>
{ {
services.taskserver = { services.taskserver = {
@ -324,6 +323,15 @@ with import <stockholm/lib>;
} }
]; ];
}; };
services.dnsmasq = {
enable = true;
resolveLocalQueries = false;
extraConfig= ''
except-interface=lo
interface=wg0
'';
};
} }
{ {
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [
@ -338,6 +346,61 @@ with import <stockholm/lib>;
]; ];
} }
{
systemd.services."container@yellow".reloadIfChanged = mkForce false;
containers.yellow = {
config = { ... }: {
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
autoStart = false;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.13";
localAddress = "10.233.2.14";
};
services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = ''
if ($scheme != "https") {
rewrite ^ https://$host$uri permanent;
}
auth_basic "Restricted Content";
auth_basic_user_file ${pkgs.writeText "transmission-user-pass" ''
krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
''};
proxy_pass http://10.233.2.14:9091;
'';
users.groups.download = {};
users.users = {
download = {
createHome = true;
group = "download";
name = "download";
home = "/var/download";
useDefaultShell = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-shodan.pubkey
lass-icarus.pubkey
lass-daedalus.pubkey
lass-helios.pubkey
makefu.pubkey
wine-mors.pubkey
];
};
};
system.activationScripts.downloadFolder = ''
mkdir -p /var/download
chmod 775 /var/download
ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
chown download: /var/download/finished
'';
}
]; ];
krebs.build.host = config.krebs.hosts.prism; krebs.build.host = config.krebs.hosts.prism;

5
lass/1systems/prism/physical.nix
View File

@ -25,6 +25,11 @@
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/download" = {
device = "tank/download";
fsType = "zfs";
};
fileSystems."/var/lib/containers" = { fileSystems."/var/lib/containers" = {
device = "tank/containers"; device = "tank/containers";
fsType = "zfs"; fsType = "zfs";

3
lass/1systems/shodan/config.nix
View File

@ -8,14 +8,13 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/mouse.nix> <stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/baseX.nix> <stockholm/lass/2configs/baseX.nix>
<stockholm/lass/2configs/git.nix>
<stockholm/lass/2configs/exim-retiolum.nix> <stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/browsers.nix> <stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix> <stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/wine.nix> <stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/bitcoin.nix> <stockholm/lass/2configs/bitcoin.nix>
<stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/blue-host.nix>
]; ];
krebs.build.host = config.krebs.hosts.shodan; krebs.build.host = config.krebs.hosts.shodan;

1
lass/1systems/skynet/config.nix
View File

@ -7,6 +7,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/power-action.nix>
{ {
services.xserver.enable = true; services.xserver.enable = true;
services.xserver.desktopManager.xfce.enable = true; services.xserver.desktopManager.xfce.enable = true;

167
lass/1systems/yellow/config.nix Normal file
View File

@ -0,0 +1,167 @@
with import <stockholm/lib>;
{ config, lib, pkgs, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs>
<stockholm/lass/2configs/retiolum.nix>
];
krebs.build.host = config.krebs.hosts.yellow;
system.activationScripts.downloadFolder = ''
mkdir -p /var/download
chown download:download /var/download
chmod 775 /var/download
'';
users.users.download = { uid = genid "download"; };
users.groups.download.members = [ "transmission" ];
users.users.transmission.group = mkForce "download";
systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ];
services.transmission = {
enable = true;
settings = {
download-dir = "/var/download/finished";
incomplete-dir = "/var/download/incoming";
incomplete-dir-enable = true;
umask = "002";
rpc-whitelist-enabled = false;
rpc-host-whitelist-enabled = false;
};
};
services.nginx = {
enable = true;
package = pkgs.nginx.override {
modules = with pkgs.nginxModules; [
fancyindex
];
};
virtualHosts."dl" = {
default = true;
locations."/Nginx-Fancyindex-Theme-dark" = {
extraConfig = ''
alias ${pkgs.fetchFromGitHub {
owner = "Naereen";
repo = "Nginx-Fancyindex-Theme";
rev = "e84f7d6a32085c2b6238f85f5fdebe9ceb710fc4";
sha256 = "0wzl4ws2w8f0749vxfd1c8c21p3jw463wishgfcmaljbh4dwplg6";
}}/Nginx-Fancyindex-Theme-dark;
autoindex on;
'';
};
locations."/" = {
root = "/var/download/finished";
extraConfig = ''
fancyindex on;
fancyindex_header "/Nginx-Fancyindex-Theme-dark/header.html";
fancyindex_footer "/Nginx-Fancyindex-Theme-dark/footer.html";
dav_methods PUT DELETE MKCOL COPY MOVE;
create_full_put_path on;
dav_access all:r;
'';
};
};
};
krebs.iptables = {
enable = true;
tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
];
};
services.openvpn.servers.nordvpn.config = ''
client
dev tun
proto udp
remote 82.102.16.229 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no
explicit-exit-notify 3
remote-cert-tls server
#mute 10000
auth-user-pass ${toString <secrets/nordvpn.txt>}
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH
Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw
bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y
ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG
A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT
B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2
cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v
cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG
UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny
mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X
+D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT
ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI
583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA
VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT
Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh
MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ
MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy
Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW
EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ
e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW
//DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB
wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB
KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p
lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
49b2f54c6ee58d2d97331681bb577d55
054f56d92b743c31e80b684de0388702
ad3bf51088cd88f3fac7eb0729f2263c
51d82a6eb7e2ed4ae6dfa65b1ac764d0
b9dedf1379c1b29b36396d64cb6fd6b2
e61f869f9a13001dadc02db171f04c4d
c46d1132c1f31709e7b54a6eabae3ea8
fbd2681363c185f4cb1be5aa42a27c31
21db7b2187fd11c1acf224a0d5a44466
b4b5a3cc34ec0227fe40007e8b379654
f1e8e2b63c6b46ee7ab6f1bd82f57837
92c209e8f25bc9ed493cb5c1d891ae72
7f54f4693c5b20f136ca23e639fd8ea0
865b4e22dd2af43e13e6b075f12427b2
08af9ffd09c56baa694165f57fe2697a
3377fa34aebcba587c79941d83deaf45
-----END OpenVPN Static key V1-----
</tls-auth>
'';
}

8
lass/1systems/yellow/physical.nix Normal file
View File

@ -0,0 +1,8 @@
{
imports = [
./config.nix
];
boot.isContainer = true;
networking.useDHCP = false;
environment.variables.NIX_REMOTE = "daemon";
}

6
lass/2configs/baseX.nix
View File

@ -126,6 +126,12 @@ in {
restartIfChanged = false; restartIfChanged = false;
}; };
nixpkgs.config.packageOverrides = super: {
dmenu = pkgs.writeDashBin "dmenu" ''
${pkgs.fzfmenu}/bin/fzfmenu "$@"
'';
};
krebs.xresources.enable = true; krebs.xresources.enable = true;
lass.screenlock.enable = true; lass.screenlock.enable = true;
} }

1
lass/2configs/binary-cache/server.nix
View File

@ -26,6 +26,7 @@
''; '';
}; };
virtualHosts."cache.krebsco.de" = { virtualHosts."cache.krebsco.de" = {
forceSSL = true;
serverAliases = [ "cache.lassul.us" ]; serverAliases = [ "cache.lassul.us" ];
enableACME = true; enableACME = true;
locations."/".extraConfig = '' locations."/".extraConfig = ''

1
lass/2configs/blue-host.nix
View File

@ -81,6 +81,7 @@ in {
host = "${host}.r", host = "${host}.r",
targetdir = "/var/lib/containers/.blue", targetdir = "/var/lib/containers/.blue",
rsync = { rsync = {
archive = true,
owner = true, owner = true,
group = true, group = true,
}; };

65
lass/2configs/downloading.nix
View File

@ -1,65 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
users.extraUsers = {
download = {
name = "download";
home = "/var/download";
createHome = true;
useDefaultShell = true;
extraGroups = [
"download"
];
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-shodan.pubkey
lass-icarus.pubkey
lass-daedalus.pubkey
lass-helios.pubkey
makefu.pubkey
wine-mors.pubkey
];
};
transmission = {
extraGroups = [
"download"
];
};
};
users.extraGroups = {
download = {
members = [
"download"
"transmission"
];
};
};
krebs.rtorrent = {
enable = true;
web = {
enable = true;
port = 9091;
basicAuth = import <secrets/torrent-auth>;
};
rutorrent.enable = true;
enableXMLRPC = true;
listenPort = 51413;
downloadDir = "/var/download/finished";
# dump old torrents into watch folder to have them re-added
watchDir = "/var/download/watch";
};
krebs.iptables = {
enable = true;
tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
];
};
}

1
lass/2configs/exim-smarthost.nix
View File

@ -93,6 +93,7 @@ with import <stockholm/lib>;
{ from = "neocron@lassul.us"; to = lass.mail; } { from = "neocron@lassul.us"; to = lass.mail; }
{ from = "osmocom@lassul.us"; to = lass.mail; } { from = "osmocom@lassul.us"; to = lass.mail; }
{ from = "lesswrong@lassul.us"; to = lass.mail; } { from = "lesswrong@lassul.us"; to = lass.mail; }
{ from = "nordvpn@lassul.us"; to = lass.mail; }
]; ];
system-aliases = [ system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; } { from = "mailer-daemon"; to = "postmaster"; }

10
lass/2configs/mail.nix
View File

@ -174,6 +174,16 @@ let
macro pager a "<modify-labels>-archive\n" # tag as Archived macro pager a "<modify-labels>-archive\n" # tag as Archived
bind index U noop
bind index u noop
bind pager U noop
bind pager u noop
macro index U "<modify-labels>+unread\n"
macro index u "<modify-labels>-unread\n"
macro pager U "<modify-labels>+unread\n"
macro pager u "<modify-labels>-unread\n"
bind index t noop bind index t noop
bind pager t noop bind pager t noop
macro index t "<modify-labels>" # tag as Archived macro index t "<modify-labels>" # tag as Archived

3
lass/2configs/radio.nix
View File

@ -5,7 +5,6 @@ with import <stockholm/lib>;
let let
name = "radio"; name = "radio";
mainUser = config.users.extraUsers.mainUser; mainUser = config.users.extraUsers.mainUser;
inherit (import <stockholm/lib>) genid;
admin-password = import <secrets/icecast-admin-pw>; admin-password = import <secrets/icecast-admin-pw>;
source-password = import <secrets/icecast-source-pw>; source-password = import <secrets/icecast-source-pw>;
@ -31,7 +30,7 @@ in {
"${name}" = rec { "${name}" = rec {
inherit name; inherit name;
group = name; group = name;
uid = genid name; uid = genid_uint31 name;
description = "radio manager"; description = "radio manager";
home = "/home/${name}"; home = "/home/${name}";
useDefaultShell = true; useDefaultShell = true;

0
lass/2configs/tests/dummy-secrets/nordvpn.txt Normal file
View File

70
lass/2configs/websites/fritz.nix
View File

@ -1,70 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
inherit (import <stockholm/lib>)
genid
head
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
servePage
serveWordpress
;
msmtprc = pkgs.writeText "msmtprc" ''
account default
host localhost
'';
sendmail = pkgs.writeDash "msmtp" ''
exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
'';
in {
services.nginx.enable = true;
imports = [
./default.nix
./sqlBackup.nix
(serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ])
(serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ])
(serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
(servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
(serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
(serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
(serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
];
lass.mysqlBackup.config.all.databases = [
"eastuttgart_de"
"radical_dreamers_de"
"spielwaren_kern_de"
"ttf_kleinaspach_de"
];
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.fritz.pubkey
];
users.users.goldbarrendiebstahl = {
home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de";
uid = genid "goldbarrendiebstahl";
createHome = true;
useDefaultShell = true;
openssh.authorizedKeys.keys = [
config.krebs.users.fritz.pubkey
];
};
services.phpfpm.phpOptions = ''
sendmail_path = ${sendmail} -t
'';
}

22
lass/2configs/websites/lassulus.nix
View File

@ -3,7 +3,7 @@
with lib; with lib;
let let
inherit (import <stockholm/lib>) inherit (import <stockholm/lib>)
genid genid_uint31
; ;
in { in {
@ -22,7 +22,7 @@ in {
krebs.tinc_graphs.enable = true; krebs.tinc_graphs.enable = true;
users.users.lass-stuff = { users.users.lass-stuff = {
uid = genid "lass-stuff"; uid = genid_uint31 "lass-stuff";
description = "lassul.us blog cgi stuff"; description = "lassul.us blog cgi stuff";
home = "/var/empty"; home = "/var/empty";
}; };
@ -66,22 +66,6 @@ in {
locations."/tinc".extraConfig = '' locations."/tinc".extraConfig = ''
alias ${config.krebs.tinc_graphs.workingDir}/external; alias ${config.krebs.tinc_graphs.workingDir}/external;
''; '';
locations."/urlaubyay2018".extraConfig = ''
autoindex on;
alias /srv/http/lassul.us-media/india2018;
auth_basic "Restricted Content";
auth_basic_user_file ${pkgs.writeText "pics-user-pass" ''
paolo:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0
''};
'';
locations."/heilstadt".extraConfig = ''
autoindex on;
alias /srv/http/lassul.us-media/grabowsee2018;
auth_basic "Restricted Content";
auth_basic_user_file ${pkgs.writeText "pics-user-pass" ''
c-base:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0
''};
'';
locations."/krebspage".extraConfig = '' locations."/krebspage".extraConfig = ''
default_type "text/html"; default_type "text/html";
alias ${pkgs.krebspage}/index.html; alias ${pkgs.krebspage}/index.html;
@ -140,7 +124,7 @@ in {
}; };
users.users.blog = { users.users.blog = {
uid = genid "blog"; uid = genid_uint31 "blog";
description = "lassul.us blog deployment"; description = "lassul.us blog deployment";
home = "/srv/http/lassul.us"; home = "/srv/http/lassul.us";
useDefaultShell = true; useDefaultShell = true;

2
lass/3modules/xjail.nix
View File

@ -142,7 +142,7 @@ with import <stockholm/lib>;
users.users = mapAttrs' (_: cfg: users.users = mapAttrs' (_: cfg:
nameValuePair cfg.name { nameValuePair cfg.name {
uid = genid cfg.name; uid = genid_uint31 cfg.name;
home = "/home/${cfg.name}"; home = "/home/${cfg.name}";
useDefaultShell = true; useDefaultShell = true;
createHome = true; createHome = true;

21
lass/5pkgs/custom/xmonad-lass/default.nix
View File

@ -38,7 +38,7 @@ import XMonad.Hooks.EwmhDesktops (ewmh)
import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNext)
import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.FloatNext (floatNextHook)
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
import XMonad.Hooks.Place (placeHook, smart) import XMonad.Hooks.ManageHelpers (composeOne, doCenterFloat, (-?>))
import XMonad.Hooks.UrgencyHook (focusUrgent) import XMonad.Hooks.UrgencyHook (focusUrgent)
import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..)) import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Layout.FixedColumn (FixedColumn(..))
@ -84,7 +84,7 @@ main' = do
{ terminal = myTerm { terminal = myTerm
, modMask = mod4Mask , modMask = mod4Mask
, layoutHook = smartBorders $ myLayoutHook , layoutHook = smartBorders $ myLayoutHook
, manageHook = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks , manageHook = floatHooks <+> floatNextHook
, startupHook = , startupHook =
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
(\path -> forkFile path [] Nothing) (\path -> forkFile path [] Nothing)
@ -99,13 +99,12 @@ myLayoutHook = defLayout
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat) defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
floatHooks :: Query (Endo WindowSet) floatHooks :: Query (Endo WindowSet)
floatHooks = composeAll . concat $ floatHooks = composeOne
[ [ title =? t --> doFloat | t <- myTitleFloats] [ className =? "Pinentry" -?> doCenterFloat
, [ className =? c --> doFloat | c <- myClassFloats ] ] , title =? "fzfmenu" -?> doCenterFloat
where , title =? "glxgears" -?> doCenterFloat
myTitleFloats = [] , resource =? "Dialog" -?> doFloat
myClassFloats = ["Pinentry"] -- for gpg passphrase entry ]
myKeyMap :: [([Char], X ())] myKeyMap :: [([Char], X ())]
myKeyMap = myKeyMap =
@ -114,6 +113,7 @@ myKeyMap =
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
, ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
, ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type") , ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type")
, ("M4-z", spawn "${pkgs.emot-menu}/bin/emoticons")
, ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") , ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle")
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
@ -163,6 +163,9 @@ myKeyMap =
, ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33") , ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
, ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100") , ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
, ("M4-<F9>", spawn "${pkgs.redshift}/bin/redshift -O 4000 -g 0.9:0.8:0.8")
, ("M4-<F10>", spawn "${pkgs.redshift}/bin/redshift -x")
, ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") , ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
, ("M4-s", spawn "${pkgs.knav}/bin/knav") , ("M4-s", spawn "${pkgs.knav}/bin/knav")

31
lass/5pkgs/emot-menu/default.nix Normal file
View File

@ -0,0 +1,31 @@
{ coreutils, dmenu, gnused, writeDashBin, writeText, xdotool }: let
emoticons = writeText "emoticons" ''
¯\(°_o)/¯ | dunno lol shrug dlol
¯\_()_/¯ | dunno lol shrug dlol
( ͡° ͜ʖ ͡°) | lenny
¯\_( ͡° ͜ʖ ͡°)_/¯ | lenny shrug dlol
( д) | aaah sad noo
(^o^)丿 | hi yay hello
(^o^; | ups hehe
(^^) | yay
(´) | angry argh
(^_^) byebye!! | bye
<(^.^<) <(^.^)> (>^.^)> (7^.^)7 (>^.^<) | dance
(-.-)Zzz... | sleep
() | oh noes woot
| tm
ζ | zeta
(°° | table flip
() | why woot
'';
in
writeDashBin "emoticons" ''
set -efu
data=$(${coreutils}/bin/cat ${emoticons})
emoticon=$(echo "$data" | ${dmenu}/bin/dmenu | ${gnused}/bin/sed 's/ | .*//')
${xdotool}/bin/xdotool type -- "$emoticon"
exit 0
''

45
lass/5pkgs/fzfmenu/default.nix Normal file
View File

@ -0,0 +1,45 @@
{ pkgs, ... }:
pkgs.writeDashBin "fzfmenu" ''
set -efu
PROMPT=">"
for i in "$@"
do
case $i in
-p)
PROMPT="$2"
shift
shift
break
;;
-l)
# no reason to filter number of lines
LINES="$2"
shift
shift
break
;;
-i)
# we do this anyway
shift
break
;;
*)
echo "Unknown option $1" >&2
shift
;;
esac
done
INPUT=$(${pkgs.coreutils}/bin/cat)
OUTPUT="$(${pkgs.coreutils}/bin/mktemp)"
${pkgs.rxvt_unicode}/bin/urxvt \
-name fzfmenu -title fzfmenu \
-e ${pkgs.dash}/bin/dash -c \
"echo \"$INPUT\" | ${pkgs.fzf}/bin/fzf \
--history=/dev/null \
--no-sort \
--prompt=\"$PROMPT\" \
> \"$OUTPUT\"" 2>/dev/null
${pkgs.coreutils}/bin/cat "$OUTPUT"
${pkgs.coreutils}/bin/rm "$OUTPUT"
''

5
lib/default.nix
View File

@ -13,8 +13,9 @@ let
ne = x: y: x != y; ne = x: y: x != y;
mod = x: y: x - y * (x / y); mod = x: y: x - y * (x / y);
genid = import ./genid.nix { inherit lib; }; genid = lib.genid_uint32; # TODO remove
genid_uint31 = x: ((lib.genid x) + 16777216) / 2; genid_uint31 = x: ((lib.genid_uint32 x) + 16777216) / 2;
genid_uint32 = import ./genid.nix { inherit lib; };
lpad = n: c: s: lpad = n: c: s:
if lib.stringLength s < n if lib.stringLength s < n

2
lib/types.nix
View File

@ -19,7 +19,7 @@ rec {
default = config._module.args.name; default = config._module.args.name;
}; };
cores = mkOption { cores = mkOption {
type = positive; type = uint;
}; };
nets = mkOption { nets = mkOption {
type = attrsOf net; type = attrsOf net;

2
makefu/1systems/iso/config.nix
View File

@ -10,7 +10,7 @@ with import <stockholm/lib>;
]; ];
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
krebs.build.host = config.krebs.hosts.iso; krebs.build.host = { cores = 0; };
isoImage.isoBaseName = lib.mkForce "stockholm"; isoImage.isoBaseName = lib.mkForce "stockholm";
krebs.hidden-ssh.enable = true; krebs.hidden-ssh.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [