Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of prism:stockholm

Browse Source
This commit is contained in:
makefu 2017-06-06 14:35:58 +02:00
commit 427e09fdf3
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
17 changed files with 39 additions and 197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
krebs/3modules/lass/default.nix
View File

@ -224,32 +224,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
};
helios = {
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.0.3";
ip6.addr = "42:0:0:0:0:0:0:7105";
aliases = [
"helios.r"
"cgit.helios.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA9SItL2mhQpTl95gjSWRstrDajUnI5YbrVCuaDKfw9gRwMyPNiO/y
Xwv/w4Ri8NCJZLZGkj2vG3X0EfJFBEPTJPTCbF9fP7PqqVs38BD41txLp+NrFxEq
5fmFk65/eg8ujrNQoOSUGmky/BKqQhWjvxdAWuwjN933wJCcNCxyaUwljHLYEK/I
oIJX+spnFmPwmhW9hsOj8K06eHixT13+0W48GG/ZNcV3x5vWxcKUvZ4Qtzz2iMNB
hud5kae7xMUfFAzCeKF/zsjuyt2d/xQg1WgR8MXGNgYhNJFSXz94r/bivNO6H4vP
Pfjndnh8cD46ADo8woS1nQ19WId+sMbipwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7";
};
shodan = {
cores = 2;
nets = {
@ -339,10 +313,6 @@ with import <stockholm/lib>;
mail = "lass@uriel.r";
pubkey = builtins.readFile ./ssh/uriel.rsa;
};
lass-helios = {
mail = "lass@helios.r";
pubkey = builtins.readFile ./ssh/helios.rsa;
};
lass-shodan = {
mail = "lass@shodan.r";
pubkey = builtins.readFile ./ssh/shodan.rsa;

1
krebs/3modules/lass/ssh/helios.rsa
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios

3
krebs/3modules/tv/default.nix
View File

@ -77,9 +77,7 @@ with import <stockholm/lib>;
extraZones = {
# TODO generate krebsco.de zone from nets and don't use extraZones at all
"krebsco.de" = ''
krebsco.de. 60 IN MX 5 mx23
cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
mx23 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
'';
};
nets = {
@ -212,6 +210,7 @@ with import <stockholm/lib>;
ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
krebsco.de. 60 IN MX 5 ni
'';
};
nets = {

1
lass/1systems/dishfire.nix
View File

@ -70,7 +70,6 @@
relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
config.krebs.hosts.mors
config.krebs.hosts.uriel
config.krebs.hosts.helios
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }

130
lass/1systems/helios.nix
View File

@ -1,130 +0,0 @@
{ config, pkgs, ... }:
with builtins;
with import <stockholm/lib>;
{
imports = [
../.
../2configs/retiolum.nix
../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/programs.nix
../2configs/git.nix
../2configs/pass.nix
../2configs/fetchWallpaper.nix
../2configs/backups.nix
#{
# # conflicting stuff with gnome setup
# # TODO: fix this
# imports = [
# ../2configs/baseX.nix
# ];
#}
{
# gnome3 for suja
time.timeZone = "Europe/Berlin";
services.xserver.enable = true;
services.xserver.desktopManager.xfce.enable = true;
networking.wireless.enable = true;
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
users.users.ferret = {
uid = genid "ferret";
home = "/home/ferret";
group = "users";
createHome = true;
useDefaultShell = true;
extraGroups = [
];
hashedPassword = "$6$SaneLuyep90p8BPn$0IDbvLgNbRGZL96obWavanTmY6IkBG84vs2b/2oqlpbmTZH3retOYbQKF1uVqu6dD0ZGF4eBq9tqPbwUjRyY00";
};
environment.systemPackages = with pkgs; [
firefox
chromium
maven
arandr
libreoffice
mpv
];
}
#{
# users.extraUsers = {
# root = {
# openssh.authorizedKeys.keys = map readFile [
# ../../krebs/Zpubkeys/uriel.ssh.pub
# ];
# };
# };
#}
#{
# services.elasticsearch = {
# enable = true;
# };
#}
{
krebs.power-action.battery = "BAT1";
}
];
krebs.build.host = config.krebs.hosts.helios;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
loader.grub.device = "/dev/sda";
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
kernelModules = [ "msr" ];
};
fileSystems = {
"/" = {
device = "/dev/pool/nix";
fsType = "ext4";
};
"/boot" = {
device = "/dev/sda1";
};
"/home" = {
device = "/dev/pool/home";
fsType = "ext4";
};
"/bku" = {
device = "/dev/pool/bku";
fsType = "ext4";
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["nosuid" "nodev" "noatime"];
};
};
#services.udev.extraRules = ''
# SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
# SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
#'';
services.xserver.synaptics = {
enable = true;
twoFingerScroll = true;
accelFactor = "0.035";
additionalOptions = ''
Option "FingerHigh" "60"
Option "FingerLow" "60"
'';
};
}

24
lass/2configs/backups.nix
View File

@ -107,29 +107,5 @@ with import <stockholm/lib>;
dst = { host = config.krebs.hosts.shodan; path = "/bku/mors-home"; };
startAt = "05:00";
};
dishfire-http-helios = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-http"; };
startAt = "12:00";
};
dishfire-sql-helios = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-sql"; };
startAt = "12:15";
};
prism-sql-helios = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.helios; path = "/bku/prism-sql_dumps"; };
startAt = "12:30";
};
prism-http-helios = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
dst = { host = config.krebs.hosts.helios; path = "/bku/prism-http"; };
startAt = "12:45";
};
};
}

2
lass/2configs/buildbot-standalone.nix
View File

@ -113,7 +113,7 @@ in {
]
)
for i in [ "mors", "uriel", "shodan", "helios", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
for i in [ "mors", "uriel", "shodan", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
addShell(f,name="build-{}".format(i),env=env_lass,
command=nixshell + \
["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \

1
lass/2configs/downloading.nix
View File

@ -15,7 +15,6 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-shodan.pubkey
lass-helios.pubkey
lass-icarus.pubkey
makefu.pubkey
];

1
lass/2configs/exim-smarthost.nix
View File

@ -16,7 +16,6 @@ with import <stockholm/lib>;
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors
config.krebs.hosts.uriel
config.krebs.hosts.helios
];
internet-aliases = with config.krebs.users; [
{ from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822

1
lass/2configs/logf.nix
View File

@ -8,7 +8,6 @@ let
shodan = "51";
icarus = "53";
echelon = "197";
helios = "199";
cloudkrebs = "119";
};
in {

2
lass/2configs/nixpkgs.nix
View File

@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://cgit.lassul.us/nixpkgs;
ref = "f8dfdd7";
ref = "8804775";
};
}

2
tv/1systems/nomic.nix
View File

@ -9,7 +9,7 @@ with import <stockholm/lib>;
../.
../2configs/hw/x220.nix
../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/gitrepos.nix
../2configs/im.nix
../2configs/mail-client.nix
../2configs/nginx/public_html.nix

2
tv/1systems/wu.nix
View File

@ -9,7 +9,7 @@ with import <stockholm/lib>;
../.
../2configs/hw/w110er.nix
../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/gitrepos.nix
../2configs/im.nix
../2configs/mail-client.nix
../2configs/man.nix

15
tv/1systems/xu.nix
View File

@ -9,7 +9,8 @@ with import <stockholm/lib>;
../.
../2configs/hw/x220.nix
../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/gitconfig.nix
../2configs/gitrepos.nix
../2configs/mail-client.nix
../2configs/man.nix
../2configs/nginx/public_html.nix
@ -46,6 +47,18 @@ with import <stockholm/lib>;
texlive.combined.scheme-full
tmux
(pkgs.writeDashBin "krebszones" ''
set -efu
export OVH_ZONE_CONFIG=$HOME/.secrets/krebs/ovh-zone.conf
case $* in
import)
set -- import /etc/zones/krebsco.de krebsco.de
echo "+ krebszones $*" >&2
;;
esac
exec ${pkgs.krebszones}/bin/ovh-zone "$@"
'')
#ack
#apache-httpd
#ascii

2
tv/1systems/zu.nix
View File

@ -15,7 +15,7 @@ with import <stockholm/lib>;
../.
../2configs/hw/x220.nix
../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/gitrepos.nix
../2configs/mail-client.nix
../2configs/man.nix
../2configs/nginx/public_html.nix

19
tv/2configs/gitconfig.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
environment.etc.gitconfig.text = ''
[alias]
patch = !${pkgs.git}/bin/git --no-pager diff --no-color
[diff-so-fancy]
markEmptyLines = false
stripLeadingSymbols = false
[pager]
diff = ${pkgs.gitAndTools.diff-so-fancy}/bin/diff-so-fancy \
| ${pkgs.less}/bin/less -FRX
[user]
email = tv@krebsco.de
name = tv
'';
}

0
tv/2configs/git.nix → tv/2configs/gitrepos.nix
View File