Merge remote-tracking branch 'prism/master'

This commit is contained in:
tv 2016-07-22 13:22:13 +02:00
commit 45c62ec4d3
45 changed files with 386 additions and 378 deletions

View File

@ -37,7 +37,7 @@ let
config = config =
# This configuration makes only sense for retiolum-enabled hosts. # This configuration makes only sense for retiolum-enabled hosts.
# TODO modular configuration # TODO modular configuration
assert config.krebs.retiolum.enable; assert config.krebs.tinc.retiolum.enable;
'' ''
keep_environment = keep_environment =

View File

@ -259,8 +259,13 @@ with config.krebs.lib;
}; };
filepimp = rec { filepimp = rec {
cores = 1; cores = 1;
nets = { nets = {
lan = {
ip4.addr = "192.168.1.12";
aliases = [
"filepimp.lan"
];
};
retiolum = { retiolum = {
ip4.addr = "10.243.153.102"; ip4.addr = "10.243.153.102";
ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"; ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0";
@ -286,6 +291,12 @@ with config.krebs.lib;
cores = 2; cores = 2;
nets = { nets = {
lan = {
ip4.addr = "192.168.1.11";
aliases = [
"omo.lan"
];
};
retiolum = { retiolum = {
ip4.addr = "10.243.0.89"; ip4.addr = "10.243.0.89";
ip6.addr = "42:f9f0::10"; ip6.addr = "42:f9f0::10";

View File

@ -27,12 +27,12 @@ let
ssl_certificate_key = mkOption { ssl_certificate_key = mkOption {
type = types.str; type = types.str;
description = "Certificate key to use for ssl"; description = "Certificate key to use for ssl";
default = "/root/secrets/tinc.krebsco.de.key"; default = "${toString <secrets>}/tinc.krebsco.de.key";
}; };
ssl_certificate = mkOption { ssl_certificate = mkOption {
type = types.str; type = types.str;
description = "Certificate file to use for ssl"; description = "Certificate file to use for ssl";
default = "/root/secrets/tinc.krebsco.de.crt" ; default = "${toString <secrets>}/tinc.krebsco.de.crt" ;
}; };
# in use: # in use:
# <secrets/tinc.krebsco.de.crt> # <secrets/tinc.krebsco.de.crt>

View File

@ -1,175 +1,185 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with config.krebs.lib; with config.krebs.lib;
let let
cfg = config.krebs.retiolum;
out = { out = {
options.krebs.retiolum = api; options.krebs.tinc = api;
config = lib.mkIf cfg.enable imp; config = imp;
}; };
api = { api = mkOption {
enable = mkEnableOption "krebs.retiolum"; default = {};
description = ''
define a tinc network
'';
type = with types; attrsOf (submodule (tinc: {
options = {
host = mkOption { enable = mkEnableOption "krebs.tinc.${tinc.config._module.args.name}" // { default = true; };
type = types.host;
default = config.krebs.build.host;
};
netname = mkOption { host = mkOption {
type = types.enum (attrNames cfg.host.nets); type = types.host;
default = "retiolum"; default = config.krebs.build.host;
description = '' };
The tinc network name.
It is used to name the TUN device and to generate the default value for
<literal>config.krebs.retiolum.hosts</literal>.
'';
};
extraConfig = mkOption { netname = mkOption {
type = types.str; type = types.enum (attrNames tinc.config.host.nets);
default = ""; default = tinc.config._module.args.name;
description = '' description = ''
Extra Configuration to be appended to tinc.conf The tinc network name.
''; It is used to name the TUN device and to generate the default value for
}; <literal>config.krebs.tinc.retiolum.hosts</literal>.
'';
};
tincPackage = mkOption { extraConfig = mkOption {
type = types.package; type = types.str;
default = pkgs.tinc; default = "";
description = "Tincd package to use."; description = ''
}; Extra Configuration to be appended to tinc.conf
'';
};
hosts = mkOption { tincPackage = mkOption {
type = with types; attrsOf host; type = types.package;
default = default = pkgs.tinc;
filterAttrs (_: h: hasAttr cfg.netname h.nets) config.krebs.hosts; description = "Tincd package to use.";
description = '' };
Hosts to generate <literal>config.krebs.retiolum.hostsPackage</literal>.
Note that these hosts must have a network named
<literal>config.krebs.retiolum.netname</literal>.
'';
};
hostsPackage = mkOption { hosts = mkOption {
type = types.package; type = with types; attrsOf host;
default = pkgs.stdenv.mkDerivation { default =
name = "${cfg.netname}-tinc-hosts"; filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts;
phases = [ "installPhase" ]; description = ''
installPhase = '' Hosts to generate <literal>config.krebs.tinc.retiolum.hostsPackage</literal>.
mkdir $out Note that these hosts must have a network named
${concatStrings (mapAttrsToList (_: host: '' <literal>config.krebs.tinc.retiolum.netname</literal>.
echo ${shell.escape host.nets.${cfg.netname}.tinc.config} \ '';
> $out/${shell.escape host.name} };
'') cfg.hosts)}
''; hostsPackage = mkOption {
type = types.package;
default = pkgs.stdenv.mkDerivation {
name = "${tinc.config.netname}-tinc-hosts";
phases = [ "installPhase" ];
installPhase = ''
mkdir $out
${concatStrings (lib.mapAttrsToList (_: host: ''
echo ${shell.escape host.nets."${tinc.config.netname}".tinc.config} \
> $out/${shell.escape host.name}
'') tinc.config.hosts)}
'';
};
description = ''
Package of tinc host configuration files. By default, a package will
be generated from <literal>config.krebs.${tinc.config.netname}.hosts</literal>. This
option's main purpose is to expose the generated hosts package to other
modules, like <literal>config.krebs.tinc_graphs</literal>. But it can
also be used to provide a custom hosts directory.
'';
example = literalExample ''
(pkgs.stdenv.mkDerivation {
name = "my-tinc-hosts";
src = /home/tv/my-tinc-hosts;
installPhase = "cp -R . $out";
})
'';
};
iproutePackage = mkOption {
type = types.package;
default = pkgs.iproute;
description = "Iproute2 package to use.";
};
privkey = mkOption {
type = types.secret-file;
default = {
path = "${tinc.config.user.home}/tinc.rsa_key.priv";
owner = tinc.config.user;
source-path = toString <secrets> + "/${tinc.config.netname}.rsa_key.priv";
};
};
connectTo = mkOption {
type = types.listOf types.str;
default = [ "fastpoke" "cd" "prism" "gum" ];
description = ''
The list of hosts in the network which the client will try to connect
to. These hosts should have an 'Address' configured which points to a
routeable IPv4 or IPv6 address.
In stockholm this can be done by configuring:
krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.addrs4 =
[ "${external-ip} ${external-port}" ]
'';
};
user = mkOption {
type = types.user;
default = {
name = tinc.config.netname;
home = "/var/lib/${tinc.config.user.name}";
};
};
}; };
description = '' }));
Package of tinc host configuration files. By default, a package will
be generated from <literal>config.krebs.retiolum.hosts</literal>. This
option's main purpose is to expose the generated hosts package to other
modules, like <literal>config.krebs.tinc_graphs</literal>. But it can
also be used to provide a custom hosts directory.
'';
example = literalExample ''
(pkgs.stdenv.mkDerivation {
name = "my-tinc-hosts";
src = /home/tv/my-tinc-hosts;
installPhase = "cp -R . $out";
})
'';
};
iproutePackage = mkOption {
type = types.package;
default = pkgs.iproute;
description = "Iproute2 package to use.";
};
privkey = mkOption {
type = types.secret-file;
default = {
path = "${cfg.user.home}/tinc.rsa_key.priv";
owner = cfg.user;
source-path = toString <secrets> + "/${cfg.netname}.rsa_key.priv";
};
};
connectTo = mkOption {
type = types.listOf types.str;
default = [ "fastpoke" "cd" "prism" "gum" ];
description = ''
The list of hosts in the network which the client will try to connect
to. These hosts should have an 'Address' configured which points to a
routeable IPv4 or IPv6 address.
In stockholm this can be done by configuring:
krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.addrs4 =
[ "${external-ip} ${external-port}" ]
'';
};
user = mkOption {
type = types.user;
default = {
name = cfg.netname;
home = "/var/lib/${cfg.user.name}";
};
};
}; };
imp = { imp = {
krebs.secret.files."${cfg.netname}.rsa_key.priv" = cfg.privkey; # TODO `environment.systemPackages = [ cfg.tincPackage cfg.iproutePackage ]` for each network,
# avoid conflicts in environment if the packages differ
environment.systemPackages = [ tinc iproute ]; krebs.secret.files = mapAttrs' (netname: cfg:
nameValuePair "${netname}.rsa_key.priv" cfg.privkey ) config.krebs.tinc;
users.users = mapAttrs' (netname: cfg:
nameValuePair "${netname}" {
inherit (cfg.user) home name uid;
createHome = true;
}
) config.krebs.tinc;
systemd.services.${cfg.netname} = { systemd.services = mapAttrs (netname: cfg:
description = "Tinc daemon for Retiolum"; let
after = [ "network.target" ]; net = cfg.host.nets.${netname};
wantedBy = [ "multi-user.target" ]; tinc = cfg.tincPackage;
requires = [ "secret.service" ]; iproute = cfg.iproutePackage;
path = [ tinc iproute ];
serviceConfig = rec {
Restart = "always";
ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
SyslogIdentifier = cfg.netname;
};
};
users.users.${cfg.user.name} = { confDir = let
inherit (cfg.user) home name uid; namePathPair = name: path: { inherit name path; };
createHome = true; in pkgs.linkFarm "${netname}-etc-tinc" (mapAttrsToList namePathPair {
}; "hosts" = cfg.hostsPackage;
"tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" ''
Name = ${cfg.host.name}
Interface = ${netname}
${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)}
PrivateKeyFile = ${cfg.privkey.path}
${cfg.extraConfig}
'';
"tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
${iproute}/sbin/ip link set ${netname} up
${optionalString (net.ip4 != null) /* sh */ ''
${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname}
${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname}
''}
${optionalString (net.ip6 != null) /* sh */ ''
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname}
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname}
''}
'';
}
);
in {
description = "Tinc daemon for ${netname}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
requires = [ "secret.service" ];
path = [ tinc iproute ];
serviceConfig = rec {
Restart = "always";
ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
SyslogIdentifier = netname;
};
}
) config.krebs.tinc;
}; };
net = cfg.host.nets.${cfg.netname};
tinc = cfg.tincPackage;
iproute = cfg.iproutePackage;
confDir = let
namePathPair = name: path: { inherit name path; };
in pkgs.linkFarm "${cfg.netname}-etc-tinc" (mapAttrsToList namePathPair {
"hosts" = cfg.hostsPackage;
"tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" ''
Name = ${cfg.host.name}
Interface = ${cfg.netname}
${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)}
PrivateKeyFile = ${cfg.privkey.path}
${cfg.extraConfig}
'';
"tinc-up" = pkgs.writeDash "${cfg.netname}-tinc-up" ''
${iproute}/sbin/ip link set ${cfg.netname} up
${optionalString (net.ip4 != null) /* sh */ ''
${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${cfg.netname}
${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${cfg.netname}
''}
${optionalString (net.ip6 != null) /* sh */ ''
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${cfg.netname}
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${cfg.netname}
''}
'';
});
in out in out

View File

@ -23,7 +23,7 @@ let
hostsPath = mkOption { hostsPath = mkOption {
type = types.str; type = types.str;
description = "Path to Hosts directory"; description = "Path to Hosts directory";
default = "${config.krebs.retiolum.hostsPackage}"; default = "${config.krebs.tinc.retiolum.hostsPackage}";
}; };
network = mkOption { network = mkOption {

View File

@ -5,9 +5,10 @@ stdenv.mkDerivation rec {
# forticlient will be copied into /tmp before execution. this is necessary as # forticlient will be copied into /tmp before execution. this is necessary as
# the software demands $base to be writeable # the software demands $base to be writeable
# TODO: chroot and create the following files instead of copying files manually
# mkdir /etc/ppp ; touch /etc/ppp/options # mkdir /etc/ppp ; touch /etc/ppp/options
## i still have not found which tool uses tail ... i tried redirecting it in forticlientsslvpn and subproc
# ln -s /run/current-system/sw/bin/tail /usr/bin/tail # ln -s /run/current-system/sw/bin/tail /usr/bin/tail
# ln -s /run/current-system/sw/bin/pppd /usr/sbin/pppd
src = fetchurl { src = fetchurl {
# archive.org mirror: # archive.org mirror:
@ -62,7 +63,7 @@ stdenv.mkDerivation rec {
cp -r 64bit/. "$out/opt/fortinet" cp -r 64bit/. "$out/opt/fortinet"
wrapProgram $out/opt/fortinet/forticlientsslvpn \ wrapProgram $out/opt/fortinet/forticlientsslvpn \
--set LD_PRELOAD "${libredirect}/lib/libredirect.so" \ --set LD_PRELOAD "${libredirect}/lib/libredirect.so" \
--set NIX_REDIRECTS /usr/sbin/ip=${iproute}/bin/ip:/usr/sbin/ppp=${ppp}/bin/ppp --set NIX_REDIRECTS /usr/bin/tail=${coreutils}/bin/tail:/usr/sbin/ip=${iproute}/bin/ip:/usr/sbin/pppd=${ppp}/bin/pppd
mkdir -p "$out/bin/" mkdir -p "$out/bin/"

View File

@ -226,7 +226,7 @@ in {
{ {
users.users.tv = { users.users.tv = {
uid = genid "tv"; uid = genid "tv";
home = "/home/tv"; inherit (config.krebs.users.tv) home;
group = "users"; group = "users";
createHome = true; createHome = true;
useDefaultShell = true; useDefaultShell = true;

9
lass/2configs/audit.nix Normal file
View File

@ -0,0 +1,9 @@
{ ... }:
{
security.audit = {
rules = [
"-a task,never"
];
};
}

View File

@ -86,17 +86,17 @@ in {
["make \ ["make \
test \ test \
ssh=${sshWrapper} \ ssh=${sshWrapper} \
target=build@localhost:${config.users.users.build.home}/testbuild \ target=build@localhost${config.users.users.build.home}/testbuild \
method=build \ method=build \
system={}".format(i)]) system={}".format(i)])
for i in [ "pornocauster", "wry" ]: for i in [ "pornocauster", "wry", "vbob", "wbob", "shoney" ]:
addShell(f,name="build-{}".format(i),env=env_makefu, addShell(f,name="build-{}".format(i),env=env_makefu,
command=nixshell + \ command=nixshell + \
["make \ ["make \
test \ test \
ssh=${sshWrapper} \ ssh=${sshWrapper} \
target=build@localhost:${config.users.users.build.home}/testbuild \ target=build@localhost${config.users.users.build.home}/testbuild \
method=build \ method=build \
system={}".format(i)]) system={}".format(i)])
@ -147,7 +147,7 @@ in {
password = "lasspass"; password = "lasspass";
packages = with pkgs; [ gnumake jq nix populate ]; packages = with pkgs; [ gnumake jq nix populate ];
extraEnviron = { extraEnviron = {
NIX_PATH="nixpkgs=/var/src/nixpkgs"; NIX_PATH="/var/src";
}; };
}; };
config.krebs.iptables = { config.krebs.iptables = {

View File

@ -3,13 +3,14 @@
with config.krebs.lib; with config.krebs.lib;
{ {
imports = [ imports = [
../2configs/vim.nix ../2configs/audit.nix
../2configs/zsh.nix
../2configs/mc.nix
../2configs/retiolum.nix
../2configs/nixpkgs.nix
../2configs/binary-cache/client.nix ../2configs/binary-cache/client.nix
../2configs/gc.nix ../2configs/gc.nix
../2configs/mc.nix
../2configs/nixpkgs.nix
../2configs/retiolum.nix
../2configs/vim.nix
../2configs/zsh.nix
./backups.nix ./backups.nix
{ {
users.extraUsers = users.extraUsers =

View File

@ -5,9 +5,6 @@ with config.krebs.lib;
let let
rpc-password = import <secrets/transmission-pw>; rpc-password = import <secrets/transmission-pw>;
in { in {
imports = [
../3modules/folderPerms.nix
];
users.extraUsers = { users.extraUsers = {
download = { download = {
@ -64,15 +61,4 @@ in {
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; } { predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
]; ];
}; };
lass.folderPerms = {
enable = true;
permissions = [
{
path = "/var/download";
permission = "775";
owner = "transmission:download";
}
];
};
} }

View File

@ -27,7 +27,6 @@ with config.krebs.lib;
{ from = "lass@aidsballs.de"; to = lass.mail; } { from = "lass@aidsballs.de"; to = lass.mail; }
{ from = "wordpress@ubikmedia.de"; to = lass.mail; } { from = "wordpress@ubikmedia.de"; to = lass.mail; }
{ from = "finanzamt@lassul.us"; to = lass.mail; } { from = "finanzamt@lassul.us"; to = lass.mail; }
{ from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; }
{ from = "netzclub@lassul.us"; to = lass.mail; } { from = "netzclub@lassul.us"; to = lass.mail; }
{ from = "nebenan@lassul.us"; to = lass.mail; } { from = "nebenan@lassul.us"; to = lass.mail; }
]; ];

View File

@ -1,8 +1,8 @@
{ ... }: { ... }:
{ {
krebs.build.source.nixpkgs = { krebs.build.source.nixpkgs.git = {
url = https://github.com/lassulus/nixpkgs; url = https://github.com/lassulus/nixpkgs;
rev = "446d4c1fc10f53cf97abea1996d067ad93de2ded"; ref = "c6ca9c8c8b7eb8f8e68868e36fb90e162adf080f";
}; };
} }

View File

@ -91,12 +91,11 @@ in {
(sync-remote "repo-sync" "https://github.com/makefu/repo-sync") (sync-remote "repo-sync" "https://github.com/makefu/repo-sync")
(sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger") (sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger")
(sync-remote "xintmap" "https://github.com/4z3/xintmap") (sync-remote "xintmap" "https://github.com/4z3/xintmap")
(sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper")
(sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs") (sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs")
(sync-retiolum "go") (sync-retiolum "go")
(sync-retiolum "much") (sync-retiolum "much")
(sync-retiolum "newsbot-js") (sync-retiolum "newsbot-js")
(sync-retiolum "painload")
(sync-retiolum "realwallpaper")
(sync-retiolum "stockholm") (sync-retiolum "stockholm")
(sync-retiolum "wai-middleware-time") (sync-retiolum "wai-middleware-time")
(sync-retiolum "web-routes-wai-custom") (sync-retiolum "web-routes-wai-custom")

View File

@ -12,7 +12,7 @@
}; };
}; };
krebs.retiolum = { krebs.tinc.retiolum = {
enable = true; enable = true;
connectTo = [ connectTo = [
"prism" "prism"

View File

@ -110,14 +110,6 @@ in {
}; };
}; };
users.users.domsen = {
uid = genid "domsen";
description = "maintenance acc for domsen";
home = "/home/domsen";
useDefaultShell = true;
extraGroups = [ "nginx" ];
createHome = true;
};
#services.phpfpm.phpOptions = '' #services.phpfpm.phpOptions = ''
# extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
@ -133,5 +125,40 @@ in {
cat ${pkgs.php}/etc/php-recommended.ini > $out cat ${pkgs.php}/etc/php-recommended.ini > $out
echo "$options" >> $out echo "$options" >> $out
''; '';
# MAIL STUFF
# TODO: make into its own module
services.dovecot2 = {
enable = true;
mailLocation = "maildir:~/Mail";
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport pop3"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport imap"; target = "ACCEPT"; }
];
krebs.exim-smarthost = {
internet-aliases = [
{ from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; }
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
];
system-aliases = [
];
};
users.users.domsen = {
uid = genid "domsen";
description = "maintenance acc for domsen";
home = "/home/domsen";
useDefaultShell = true;
extraGroups = [ "nginx" ];
createHome = true;
};
users.users.jla-trading = {
uid = genid "jla-trading";
home = "/home/jla-trading";
useDefaultShell = true;
createHome = true;
};
} }

View File

@ -7,6 +7,7 @@ let
head head
; ;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;}) inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
manageCerts
ssl ssl
servePage servePage
serveWordpress serveWordpress
@ -48,6 +49,9 @@ in {
(ssl [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ]) (ssl [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
(servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ]) (servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ])
(manageCerts [ "goldbarrendiebstahl.radical-dreamers.de" ])
(serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
]; ];
lass.mysqlBackup.config.all.databases = [ lass.mysqlBackup.config.all.databases = [
@ -74,6 +78,16 @@ in {
config.krebs.users.fritz.pubkey config.krebs.users.fritz.pubkey
]; ];
users.users.goldbarrendiebstahl = {
home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de";
uid = genid "goldbarrendiebstahl";
createHome = true;
useDefaultShell = true;
openssh.authorizedKeys.keys = [
config.krebs.users.fritz.pubkey
];
};
services.phpfpm.phpIni = pkgs.runCommand "php.ini" { services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
options = '' options = ''
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so

View File

@ -17,6 +17,7 @@ in {
../2configs/exim-retiolum.nix ../2configs/exim-retiolum.nix
../2configs/virtualization.nix ../2configs/virtualization.nix
../2configs/tinc/retiolum.nix
../2configs/temp-share-samba.nix ../2configs/temp-share-samba.nix
]; ];
services.samba.shares = { services.samba.shares = {
@ -39,7 +40,6 @@ in {
}; };
#networking.firewall.enable = false; #networking.firewall.enable = false;
krebs.retiolum.enable = true;
boot.kernelModules = [ "coretemp" "f71882fg" ]; boot.kernelModules = [ "coretemp" "f71882fg" ];
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;

View File

@ -22,8 +22,8 @@ in {
../. ../.
../2configs/fs/single-partition-ext4.nix ../2configs/fs/single-partition-ext4.nix
../2configs/smart-monitor.nix ../2configs/smart-monitor.nix
../2configs/tinc/retiolum.nix
]; ];
krebs.retiolum.enable = true;
krebs.build.host = config.krebs.hosts.filepimp; krebs.build.host = config.krebs.hosts.filepimp;
# AMD N54L # AMD N54L
boot = { boot = {

View File

@ -19,6 +19,7 @@ in {
../2configs/deployment/mycube.connector.one.nix ../2configs/deployment/mycube.connector.one.nix
../2configs/exim-retiolum.nix ../2configs/exim-retiolum.nix
../2configs/tinc/retiolum.nix
../2configs/urlwatch.nix ../2configs/urlwatch.nix
]; ];
@ -27,8 +28,7 @@ in {
###### stable ###### stable
krebs.build.host = config.krebs.hosts.gum; krebs.build.host = config.krebs.hosts.gum;
krebs.retiolum = { krebs.tinc.retiolum = {
enable = true;
extraConfig = '' extraConfig = ''
ListenAddress = ${external-ip} 53 ListenAddress = ${external-ip} 53
ListenAddress = ${external-ip} 655 ListenAddress = ${external-ip} 655

View File

@ -47,12 +47,12 @@ in {
#../2configs/graphite-standalone.nix #../2configs/graphite-standalone.nix
#../2configs/share-user-sftp.nix #../2configs/share-user-sftp.nix
../2configs/omo-share.nix ../2configs/omo-share.nix
../2configs/tinc/retiolum.nix
## as long as pyload is not in nixpkgs: ## as long as pyload is not in nixpkgs:
# docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
]; ];
krebs.retiolum.enable = true;
networking.firewall.trustedInterfaces = [ primaryInterface ]; networking.firewall.trustedInterfaces = [ primaryInterface ];
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
# tcp:80 - nginx for sharing files # tcp:80 - nginx for sharing files

View File

@ -15,11 +15,12 @@
<nixpkgs/nixos/modules/profiles/qemu-guest.nix> <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/fs/vm-single-partition.nix ../2configs/fs/vm-single-partition.nix
../2configs/tinc/retiolum.nix
# config.system.build.vm # config.system.build.vm
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> (toString <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>)
]; ];
krebs.retiolum.enable = true;
virtualisation.graphics = false; virtualisation.graphics = false;
# also export secrets, see Usage above # also export secrets, see Usage above
fileSystems = pkgs.lib.mkVMOverride { fileSystems = pkgs.lib.mkVMOverride {

View File

@ -38,8 +38,9 @@
#../2configs/wordpress.nix #../2configs/wordpress.nix
../2configs/nginx/public_html.nix ../2configs/nginx/public_html.nix
../2configs/tinc/retiolum.nix
# temporary modules # temporary modules
# ../2configs/temp/share-samba.nix ../2configs/temp/share-samba.nix
# ../2configs/temp/elkstack.nix # ../2configs/temp/elkstack.nix
# ../2configs/temp/sabnzbd.nix # ../2configs/temp/sabnzbd.nix
]; ];
@ -69,10 +70,9 @@
krebs.build.host = config.krebs.hosts.pornocauster; krebs.build.host = config.krebs.hosts.pornocauster;
krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11"; krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11";
krebs.retiolum = {
enable = true; krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
connectTo = [ "omo" "gum" "prism" ];
};
networking.extraHosts = '' networking.extraHosts = ''
192.168.1.11 omo.local 192.168.1.11 omo.local
''; '';

View File

@ -10,6 +10,7 @@
../. ../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix> <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/git/cgit-retiolum.nix ../2configs/git/cgit-retiolum.nix
../2configs/tinc/retiolum.nix
]; ];
krebs.build.host = config.krebs.hosts.repunit; krebs.build.host = config.krebs.hosts.repunit;
@ -31,14 +32,6 @@
{ device = "/dev/disk/by-label/nixos"; { device = "/dev/disk/by-label/nixos";
fsType = "ext4"; fsType = "ext4";
}; };
krebs.retiolum = {
enable = true;
connectTo = [
"gum"
"pigstarter"
"fastpoke"
];
};
# $ nix-env -qaP | grep wget # $ nix-env -qaP | grep wget
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

View File

@ -13,15 +13,12 @@ in {
../2configs/save-diskspace.nix ../2configs/save-diskspace.nix
../2configs/hw/CAC.nix ../2configs/hw/CAC.nix
../2configs/fs/CAC-CentOS-7-64bit.nix ../2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/tinc/retiolum.nix
]; ];
environment.systemPackages = [ pkgs.honeyd ];
services.tinc.networks.siem.name = "sjump";
krebs = { krebs = {
enable = true; enable = true;
retiolum.enable = true;
build.host = config.krebs.hosts.shoney; build.host = config.krebs.hosts.shoney;
nginx.enable = true; nginx.enable = true;
tinc_graphs = { tinc_graphs = {

View File

@ -17,9 +17,9 @@
../2configs/zsh-user.nix ../2configs/zsh-user.nix
../2configs/exim-retiolum.nix ../2configs/exim-retiolum.nix
../2configs/tinc/retiolum.nix
]; ];
# not working in vm # not working in vm
krebs.retiolum.enable = true;
krebs.build.host = config.krebs.hosts.tsp; krebs.build.host = config.krebs.hosts.tsp;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [

View File

@ -8,9 +8,10 @@
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>) (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>) (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
../2configs/main-laptop.nix #< base-gui ../2configs/main-laptop.nix #< base-gui
# (toString <secrets>)/extra-hosts.nix # <secrets/extra-hosts.nix>
# environment # environment
../2configs/tinc/retiolum.nix
]; ];
# workaround for https://github.com/NixOS/nixpkgs/issues/16641 # workaround for https://github.com/NixOS/nixpkgs/issues/16641
@ -28,8 +29,15 @@
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
}; };
}; };
environment.shellAliases = {
forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
};
# TODO: for forticleintsslpn
# ln -s /r/current-system/sw/bin/pppd /usr/sbin/pppd
# ln -s /r/current-system/sw/bin/tail /usr/bin/tail
environment.systemPackages = with pkgs;[ environment.systemPackages = with pkgs;[
fortclientsslvpn fortclientsslvpn ppp xclip
get get
logstash logstash
docker docker
@ -45,13 +53,6 @@
8010 8010
]; ];
krebs.retiolum = {
enable = true;
connectTo = [
"omo"
"gum"
];
};
virtualisation.docker.enable = false; virtualisation.docker.enable = false;
fileSystems."/media/share" = { fileSystems."/media/share" = {

View File

@ -1,5 +1,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ let rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115";
in {
makefu.awesome = { makefu.awesome = {
modkey = "Mod1"; modkey = "Mod1";
#TODO: integrate kiosk config into full config by templating the autostart #TODO: integrate kiosk config into full config by templating the autostart
@ -9,19 +11,19 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
../. ../.
../2configs/main-laptop.nix ../2configs/main-laptop.nix
../2configs/virtualization.nix
../2configs/tinc/retiolum.nix
]; ];
krebs = { krebs = {
enable = true; enable = true;
retiolum.enable = true;
build.host = config.krebs.hosts.wbob; build.host = config.krebs.hosts.wbob;
}; };
networking.firewall.allowedUDPPorts = [ 1655 ]; networking.firewall.allowedUDPPorts = [ 1655 ];
networking.firewall.allowedTCPPorts = [ 1655 ]; networking.firewall.allowedTCPPorts = [ 1655 49152 ];
services.tinc.networks.siem = { services.tinc.networks.siem = {
name = "display"; name = "display";
extraConfig = '' extraConfig = ''
ConnectTo = sjump ConnectTo = sjump
Port = 1655
''; '';
}; };
@ -35,12 +37,12 @@
# nuc hardware # nuc hardware
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = rootdisk;
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/sda1"; device = rootdisk + "-part1";
fsType = "ext4"; fsType = "ext4";
}; };

View File

@ -25,8 +25,9 @@ in {
# collectd # collectd
../2configs/collectd/collectd-base.nix ../2configs/collectd/collectd-base.nix
../2configs/tinc/retiolum.nix
]; ];
krebs.retiolum.enable = true;
krebs.build.host = config.krebs.hosts.wry; krebs.build.host = config.krebs.hosts.wry;

View File

@ -15,6 +15,9 @@ let
sec = toString <secrets>; sec = toString <secrets>;
# secKey is nothing worth protecting on a local machine # secKey is nothing worth protecting on a local machine
secKey = import <secrets/bepasty-secret.nix>; secKey = import <secrets/bepasty-secret.nix>;
acmepath = "/var/lib/acme/";
acmechall = acmepath + "/challenges/";
ext-dom = "paste.krebsco.de" ;
in { in {
krebs.nginx.enable = mkDefault true; krebs.nginx.enable = mkDefault true;
@ -25,7 +28,7 @@ in {
servers = { servers = {
internal = { internal = {
nginx = { nginx = {
server-names = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; server-names = [ "paste.retiolum" "paste.r" "paste.${config.krebs.build.host.name}" ];
}; };
defaultPermissions = "admin,list,create,read,delete"; defaultPermissions = "admin,list,create,read,delete";
secretKey = secKey; secretKey = secKey;
@ -33,17 +36,25 @@ in {
external = { external = {
nginx = { nginx = {
server-names = [ "paste.krebsco.de" ]; server-names = [ ext-dom ];
ssl = {
enable = true;
certificate = "${acmepath}/${ext-dom}/fullchain.pem";
certificate_key = "${acmepath}/${ext-dom}/key.pem";
# these certs will be needed if acme has not yet created certificates:
#certificate = "${sec}/wildcard.krebsco.de.crt";
#certificate_key = "${sec}/wildcard.krebsco.de.key";
ciphers = "RC4:HIGH:!aNULL:!MD5" ;
};
locations = singleton ( nameValuePair "/.well-known/acme-challenge" ''
root ${acmechall}/${ext-dom}/;
'');
extraConfig = '' extraConfig = ''
ssl_session_cache shared:SSL:1m; ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m; ssl_session_timeout 10m;
ssl_certificate ${sec}/wildcard.krebsco.de.crt;
ssl_certificate_key ${sec}/wildcard.krebsco.de.key;
ssl_verify_client off; ssl_verify_client off;
proxy_ssl_session_reuse off; proxy_ssl_session_reuse off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
if ($scheme = http){ if ($scheme = http){
return 301 https://$server_name$request_uri; return 301 https://$server_name$request_uri;
}''; }'';
@ -53,4 +64,12 @@ in {
}; };
}; };
}; };
security.acme.certs."${ext-dom}" = {
email = "acme@syntax-fehler.de";
webroot = "${acmechall}/${ext-dom}/";
group = "nginx";
allowKeysForGroup = true;
postRun = "systemctl reload nginx.service";
extraDomains."${ext-dom}" = null ;
};
} }

View File

@ -17,7 +17,6 @@ with config.krebs.lib;
krebs = { krebs = {
enable = true; enable = true;
dns.providers.siem = "hosts";
dns.providers.lan = "hosts"; dns.providers.lan = "hosts";
search-domain = "retiolum"; search-domain = "retiolum";
build = { build = {
@ -25,7 +24,7 @@ with config.krebs.lib;
source = let inherit (config.krebs.build) host user; in { source = let inherit (config.krebs.build) host user; in {
nixpkgs.git = { nixpkgs.git = {
url = https://github.com/nixos/nixpkgs; url = https://github.com/nixos/nixpkgs;
ref = "0546a4a"; # stable @ 2016-06-11 ref = "125ffff"; # stable @ 2016-07-20
}; };
secrets.file = secrets.file =
if getEnv "dummy_secrets" == "true" if getEnv "dummy_secrets" == "true"
@ -67,7 +66,7 @@ with config.krebs.lib;
startAgent = false; startAgent = false;
}; };
services.openssh.enable = true; services.openssh.enable = true;
nix.useChroot = true; nix.useSandbox = true;
users.mutableUsers = false; users.mutableUsers = false;
@ -171,4 +170,10 @@ with config.krebs.lib;
consoleKeyMap = "us"; consoleKeyMap = "us";
defaultLocale = "en_US.UTF-8"; defaultLocale = "en_US.UTF-8";
}; };
# suppress chrome autit event messages
security.audit = {
rules = [
"-a task,never"
];
};
} }

View File

@ -8,10 +8,9 @@ with config.krebs.lib;
kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
}; };
hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
services.xserver = { services.xserver = {
videoDriver = "intel"; videoDriver = "intel";
vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
deviceSection = '' deviceSection = ''
Option "AccelMethod" "sna" Option "AccelMethod" "sna"
''; '';

View File

@ -0,0 +1,36 @@
{config, ... }:{
users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
description = "smb guest user";
home = "/var/empty";
};
networking.firewall.allowedTCPPorts = [
139 445 # samba
];
networking.firewall.allowedUDPPorts = [
137 138
];
services.samba = {
enable = true;
shares = {
share-home = {
path = "/home/share/";
"read only" = "no";
browseable = "yes";
"guest ok" = "yes";
};
};
extraConfig = ''
guest account = smbguest
map to guest = bad user
# disable printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
'';
};
}

View File

@ -0,0 +1,4 @@
_:
{
krebs.tinc.retiolum.enable = true;
}

View File

@ -2,20 +2,22 @@
let let
mainUser = config.krebs.build.user; mainUser = config.krebs.build.user;
version = "5.0.20"; vboxguestpkg = lib.stdenv.mkDerivation rec {
rev = "106931"; name = "Virtualbox-Extensions-${version}-${rev}";
vboxguestpkg = pkgs.fetchurl { version = "5.0.20";
rev = "106931";
src = pkgs.fetchurl {
url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack"; url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf"; sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf";
}; };
};
in { in {
#inherit vboxguestpkg;
virtualisation.virtualbox.host.enable = true; virtualisation.virtualbox.host.enable = true;
nixpkgs.config.virtualbox.enableExtensionPack = true; nixpkgs.config.virtualbox.enableExtensionPack = true;
users.extraGroups.vboxusers.members = [ "${mainUser.name}" ]; users.extraGroups.vboxusers.members = [ "${mainUser.name}" ];
nixpkgs.config.packageOverrides = super: { nixpkgs.config.packageOverrides = super: {
boot.kernelPackages = super.boot.kernelPackages.virtualbox.override { boot.kernelPackages.virtualbox = super.boot.kernelPackages.virtualbox.override {
buildInputs = super.boot.kernelPackages.virtualBox.buildInputs buildInputs = super.boot.kernelPackages.virtualBox.buildInputs
++ [ vboxguestpkg ]; ++ [ vboxguestpkg ];
}; };

View File

@ -22,15 +22,11 @@ in
bindkey "\e[3~" delete-char bindkey "\e[3~" delete-char
zstyle ':completion:*' menu select zstyle ':completion:*' menu select
# load gpg-agent gpg-connect-agent updatestartuptty /bye >/dev/null
envfile="$HOME/.gnupg/gpg-agent.env" GPG_TTY=$(tty)
if [ -e "$envfile" ] && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then export GPG_TTY
eval "$(cat "$envfile")" unset SSH_AGENT_PID
else export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
eval "$(${pkgs.gnupg}/bin/gpg-agent --daemon --enable-ssh-support --write-env-file "$envfile")"
fi
export GPG_AGENT_INFO
export SSH_AUTH_SOCK
''; '';
promptInit = '' promptInit = ''

View File

@ -19,7 +19,6 @@ in
skytraq-logger = callPackage ./skytraq-logger {}; skytraq-logger = callPackage ./skytraq-logger {};
taskserver = callPackage ./taskserver {}; taskserver = callPackage ./taskserver {};
ps3netsrv = callPackage ./ps3netsrv {}; ps3netsrv = callPackage ./ps3netsrv {};
honeyd = callPackage ./honeyd {};
farpd = callPackage ./farpd {}; farpd = callPackage ./farpd {};
}; };
} }

View File

@ -8,7 +8,7 @@ let
url = "https://pypi.python.org/packages/source/e/execnet/${name}.tar.gz"; url = "https://pypi.python.org/packages/source/e/execnet/${name}.tar.gz";
sha256 = "1rpk1vyclhg911p3hql0m0nrpq7q7mysxnaaw6vs29cpa6kx8vgn"; sha256 = "1rpk1vyclhg911p3hql0m0nrpq7q7mysxnaaw6vs29cpa6kx8vgn";
}; };
doCheck = false; # http://prism:8010/builders/build-all/builds/177/steps/build-vbob/logs/stdio
propagatedBuildInputs = with pkgs.python3Packages; propagatedBuildInputs = with pkgs.python3Packages;
[ setuptools_scm apipkg ]; [ setuptools_scm apipkg ];
meta = { meta = {

View File

@ -1,62 +0,0 @@
{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub,
libpcap, libdnet, libevent, readline, autoconf, automake, libtool, zlib, pcre,
... }:
stdenv.mkDerivation rec {
name = "honeyd-${version}";
#version = "1.5c"; #original, does not compile due to libc errors
#src = fetchurl {
# url = "http://www.honeyd.org/uploads/honeyd-${version}.tar.gz";
# sha256 = "0vcih16fk5pir5ssfil8x79nvi62faw0xvk8s5klnysv111db1ii";
#};
#version = "64d087c"; # honeyd-1.6.7
# sha256 = "0zhnn13r24y1q494xcfx64vyp84zqk8qmsl41fq2674230bn0p31";
version = "c135fea08"; #nova-13.09
src = fetchFromGitHub {
owner = "DataSoft";
repo = "honeyd";
rev = version;
sha256 = "1r9qds7a1yp3nkccwh3isrizpr2njhpf1m6qp3lqkj0i9c4w6x44";
};
buildInputs = with pkgs;[
automake
gnugrep
libpcap
libdnet
pcre
libevent
readline
autoconf
libtool
zlib
coreutils
python
pythonPackages.sqlite3
];
patches = [ ./fix-autogen.patch ];
# removes user install script from Makefile before automake
preConfigure = ''
sed -i '/init.py$/d' Makefile.am
sh ./autogen.sh
'';
makeFlags = [ "LIBS=-lz" ];
configureFlags = [
"--with-libpcap=${libpcap}"
"--with-libevent=${libevent}"
"--with-zlib=${zlib}"
"--with-python"
"--with-libpcre=${pcre}"
"--with-libreadline=${readline}"
];
meta = {
homepage = http://www.honeyd.org/;
description = "virtual Honeypots";
license = lib.licenses.gpl2;
};
}

View File

@ -1,42 +0,0 @@
--- ./configure.in 2016-06-27 18:36:06.640779048 +0200
+++ ./configure.in 2016-06-27 18:34:53.968803854 +0200
@@ -119,11 +119,11 @@
;;
*)
AC_MSG_RESULT($withval)
- if test -f $withval/pcap.h -a -f $withval/libpcap.a; then
+ if test -f $withval/include/pcap.h -a -f $withval/lib/libpcap.so; then
owd=`pwd`
if cd $withval; then withval=`pwd`; cd $owd; fi
- PCAPINC="-I$withval -I$withval/bpf"
- PCAPLIB="-L$withval -lpcap"
+ PCAPINC="-I$withval/include -I$withval/include/bpf"
+ PCAPLIB="-L$withval/lib -lpcap"
else
AC_ERROR(pcap.h or libpcap.a not found in $withval)
fi
@@ -230,7 +230,7 @@
if cd $withval; then withval=`pwd`; cd $owd; fi
EVENTINC="-I$withval"
EVENTLIB="-L$withval -levent"
- elif test -f $withval/include/event.h -a -f $withval/lib/libevent.a; then
+ elif test -f $withval/include/event.h -a -f $withval/lib/libevent.so; then
owd=`pwd`
if cd $withval; then withval=`pwd`; cd $owd; fi
EVENTINC="-I$withval/include"
@@ -354,12 +354,12 @@
;;
*)
AC_MSG_RESULT($withval)
- if test -f $withval/readline/readline.h -a -f $withval/libreadline.a; then
+ if test -f $withval/include/readline/readline.h -o -f $withval/lib/libreadline.so; then
owd=`pwd`
if cd $withval; then withval=`pwd`; cd $owd; fi
AC_DEFINE(HAVE_LIBREADLINE, 1, [Define if you have libreadline])
- EDITINC="-I$withval"
- EDITLIB="-L$withval -lreadline"
+ EDITINC="-I$withval/include"
+ EDITLIB="-L$withval/lib -lreadline"
else
AC_ERROR(readline/readline.h or libreadline.a not found in $withval)
fi

View File

@ -38,7 +38,7 @@ in {
}; };
nginx.enable = true; nginx.enable = true;
realwallpaper.enable = true; realwallpaper.enable = true;
retiolum.enable = true; tinc.retiolum.enable = true;
retiolum-bootstrap.enable = true; retiolum-bootstrap.enable = true;
tinc_graphs.enable = true; tinc_graphs.enable = true;
urlwatch.enable = true; urlwatch.enable = true;

View File

@ -15,14 +15,14 @@ in
../2configs/shared-buildbot.nix ../2configs/shared-buildbot.nix
../2configs/cgit-mirror.nix ../2configs/cgit-mirror.nix
../2configs/repo-sync.nix ../2configs/repo-sync.nix
# ../2configs/graphite.nix ../2configs/graphite.nix
]; ];
# use your own binary cache, fallback use cache.nixos.org (which is used by # use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place) # apt-cacher-ng in first place)
# local discovery in shackspace # local discovery in shackspace
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
krebs.retiolum.extraConfig = "TCPOnly = yes"; krebs.tinc.retiolum.extraConfig = "TCPOnly = yes";
services.grafana = { services.grafana = {
enable = true; enable = true;
addr = "0.0.0.0"; addr = "0.0.0.0";

View File

@ -3,7 +3,7 @@
with config.krebs.lib; with config.krebs.lib;
{ {
krebs.enable = true; krebs.enable = true;
krebs.retiolum.enable = true; krebs.tinc.retiolum.enable = true;
# TODO rename shared user to "krebs" # TODO rename shared user to "krebs"
krebs.build.user = mkDefault config.krebs.users.shared; krebs.build.user = mkDefault config.krebs.users.shared;

View File

@ -17,7 +17,7 @@ with lib;
mirror.url = mirror; mirror.url = mirror;
}; };
lassulus = { lassulus = {
origin.url = http://cgit.cloudkrebs/stockholm ; origin.url = http://cgit.prism/stockholm ;
mirror.url = mirror; mirror.url = mirror;
}; };
"@latest" = { "@latest" = {

View File

@ -3,7 +3,7 @@
with config.krebs.lib; with config.krebs.lib;
{ {
krebs.retiolum = { krebs.tinc.retiolum = {
enable = true; enable = true;
connectTo = filter (ne config.krebs.build.host.name) [ connectTo = filter (ne config.krebs.build.host.name) [
"gum" "gum"