Merge remote-tracking branches 'gum/master' and 'prism/master'
This commit is contained in:
commit
66849259ee
|
@ -20,6 +20,7 @@ let
|
||||||
./github-hosts-sync.nix
|
./github-hosts-sync.nix
|
||||||
./git.nix
|
./git.nix
|
||||||
./go.nix
|
./go.nix
|
||||||
|
./hidden-ssh.nix
|
||||||
./htgen.nix
|
./htgen.nix
|
||||||
./iptables.nix
|
./iptables.nix
|
||||||
./kapacitor.nix
|
./kapacitor.nix
|
||||||
|
|
53
krebs/3modules/hidden-ssh.nix
Normal file
53
krebs/3modules/hidden-ssh.nix
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
let
|
||||||
|
cfg = config.krebs.hidden-ssh;
|
||||||
|
|
||||||
|
out = {
|
||||||
|
options.krebs.hidden-ssh = api;
|
||||||
|
config = lib.mkIf cfg.enable imp;
|
||||||
|
};
|
||||||
|
|
||||||
|
api = {
|
||||||
|
enable = mkEnableOption "hidden SSH announce";
|
||||||
|
};
|
||||||
|
|
||||||
|
imp = let
|
||||||
|
torDirectory = "/var/lib/tor"; # from tor.nix
|
||||||
|
hiddenServiceDir = torDirectory + "/ssh-announce-service";
|
||||||
|
in {
|
||||||
|
services.tor = {
|
||||||
|
enable = true;
|
||||||
|
extraConfig = ''
|
||||||
|
HiddenServiceDir ${hiddenServiceDir}
|
||||||
|
HiddenServicePort 22 127.0.0.1:22
|
||||||
|
'';
|
||||||
|
client.enable = true;
|
||||||
|
};
|
||||||
|
systemd.services.hidden-ssh-announce = {
|
||||||
|
description = "irc announce hidden ssh";
|
||||||
|
after = [ "tor.service" "network-online.target" ];
|
||||||
|
wants = [ "tor.service" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
# ${pkgs.tor}/bin/torify
|
||||||
|
ExecStart = pkgs.writeDash "irc-announce-ssh" ''
|
||||||
|
set -efu
|
||||||
|
until test -e ${hiddenServiceDir}/hostname; do
|
||||||
|
echo "still waiting for ${hiddenServiceDir}/hostname"
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
${pkgs.irc-announce}/bin/irc-announce \
|
||||||
|
irc.freenode.org 6667 ${config.krebs.build.host.name}-ssh \
|
||||||
|
\#krebs-announce \
|
||||||
|
"SSH Hidden Service at $(cat ${hiddenServiceDir}/hostname)"
|
||||||
|
'';
|
||||||
|
PrivateTmp = "true";
|
||||||
|
User = "tor";
|
||||||
|
Type = "oneshot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
out
|
|
@ -33,7 +33,7 @@ with import <stockholm/lib>;
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
ip4.addr = "10.243.113.98";
|
ip4.addr = "10.243.113.98";
|
||||||
ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
|
# ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
|
||||||
aliases = [
|
aliases = [
|
||||||
"fileleech.r"
|
"fileleech.r"
|
||||||
];
|
];
|
||||||
|
@ -247,7 +247,6 @@ with import <stockholm/lib>;
|
||||||
"krebsco.de" = ''
|
"krebsco.de" = ''
|
||||||
euer IN MX 1 aspmx.l.google.com.
|
euer IN MX 1 aspmx.l.google.com.
|
||||||
nixos.unstable IN CNAME krebscode.github.io.
|
nixos.unstable IN CNAME krebscode.github.io.
|
||||||
pigstarter IN A ${nets.internet.ip4.addr}
|
|
||||||
gold IN A ${nets.internet.ip4.addr}
|
gold IN A ${nets.internet.ip4.addr}
|
||||||
boot IN A ${nets.internet.ip4.addr}
|
boot IN A ${nets.internet.ip4.addr}
|
||||||
'';
|
'';
|
||||||
|
@ -301,7 +300,7 @@ with import <stockholm/lib>;
|
||||||
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
|
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
|
||||||
aliases = [
|
aliases = [
|
||||||
"wry.r"
|
"wry.r"
|
||||||
"graphs.wry.r"
|
"graph.wry.r"
|
||||||
"paste.wry.r"
|
"paste.wry.r"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
|
@ -436,12 +435,13 @@ with import <stockholm/lib>;
|
||||||
mattermost.euer IN A ${nets.internet.ip4.addr}
|
mattermost.euer IN A ${nets.internet.ip4.addr}
|
||||||
git.euer IN A ${nets.internet.ip4.addr}
|
git.euer IN A ${nets.internet.ip4.addr}
|
||||||
gum IN A ${nets.internet.ip4.addr}
|
gum IN A ${nets.internet.ip4.addr}
|
||||||
|
pigstarter IN A ${nets.internet.ip4.addr}
|
||||||
cgit.euer IN A ${nets.internet.ip4.addr}
|
cgit.euer IN A ${nets.internet.ip4.addr}
|
||||||
o.euer IN A ${nets.internet.ip4.addr}
|
o.euer IN A ${nets.internet.ip4.addr}
|
||||||
dl.euer IN A ${nets.internet.ip4.addr}
|
dl.euer IN A ${nets.internet.ip4.addr}
|
||||||
euer IN A ${nets.internet.ip4.addr}
|
euer IN A ${nets.internet.ip4.addr}
|
||||||
wiki.euer IN A ${nets.internet.ip4.addr}
|
wiki.euer IN A ${nets.internet.ip4.addr}
|
||||||
graphs IN A ${nets.internet.ip4.addr}
|
graph IN A ${nets.internet.ip4.addr}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
nets = rec {
|
nets = rec {
|
||||||
|
@ -461,7 +461,7 @@ with import <stockholm/lib>;
|
||||||
"o.gum.r"
|
"o.gum.r"
|
||||||
"tracker.makefu.r"
|
"tracker.makefu.r"
|
||||||
|
|
||||||
"graphs.r"
|
"graph.r"
|
||||||
"wiki.makefu.r"
|
"wiki.makefu.r"
|
||||||
"wiki.gum.r"
|
"wiki.gum.r"
|
||||||
"blog.makefu.r"
|
"blog.makefu.r"
|
||||||
|
@ -491,7 +491,7 @@ with import <stockholm/lib>;
|
||||||
ip4.prefix = "10.8.10.0/24";
|
ip4.prefix = "10.8.10.0/24";
|
||||||
aliases = [
|
aliases = [
|
||||||
"shoney.siem"
|
"shoney.siem"
|
||||||
"graphs.siem"
|
"graph.siem"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
|
|
@ -32,9 +32,9 @@ let
|
||||||
default = "http://xplanetclouds.com/free/local/clouds_2048.jpg";
|
default = "http://xplanetclouds.com/free/local/clouds_2048.jpg";
|
||||||
};
|
};
|
||||||
|
|
||||||
outFile = mkOption {
|
marker = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "/tmp/wallpaper.png";
|
default = "http://graph.r/marker.json";
|
||||||
};
|
};
|
||||||
|
|
||||||
timerConfig = mkOption {
|
timerConfig = mkOption {
|
||||||
|
@ -43,7 +43,6 @@ let
|
||||||
OnCalendar = "*:0/15";
|
OnCalendar = "*:0/15";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
imp = {
|
imp = {
|
||||||
|
@ -63,6 +62,7 @@ let
|
||||||
imagemagick
|
imagemagick
|
||||||
curl
|
curl
|
||||||
file
|
file
|
||||||
|
jq
|
||||||
];
|
];
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
|
@ -70,7 +70,7 @@ let
|
||||||
nightmap_url = cfg.nightmap;
|
nightmap_url = cfg.nightmap;
|
||||||
daymap_url = cfg.daymap;
|
daymap_url = cfg.daymap;
|
||||||
cloudmap_url = cfg.cloudmap;
|
cloudmap_url = cfg.cloudmap;
|
||||||
out_file = cfg.outFile;
|
marker_url = cfg.marker;
|
||||||
};
|
};
|
||||||
|
|
||||||
restartIfChanged = true;
|
restartIfChanged = true;
|
||||||
|
|
|
@ -47,6 +47,7 @@ in {
|
||||||
ip6.addr = "42:0:0:0:0:0:77:1";
|
ip6.addr = "42:0:0:0:0:0:77:1";
|
||||||
aliases = [
|
aliases = [
|
||||||
"wolf.r"
|
"wolf.r"
|
||||||
|
"build.wolf.r"
|
||||||
"cgit.wolf.r"
|
"cgit.wolf.r"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
|
|
|
@ -24,7 +24,7 @@ pkgs.writeDashBin "irc-announce" ''
|
||||||
# echo2 and cat2 are used output to both, stdout and stderr
|
# echo2 and cat2 are used output to both, stdout and stderr
|
||||||
# This is used to see what we send to the irc server. (debug output)
|
# This is used to see what we send to the irc server. (debug output)
|
||||||
echo2() { echo "$*"; echo "$*" >&2; }
|
echo2() { echo "$*"; echo "$*" >&2; }
|
||||||
cat2() { tee /dev/stderr; }
|
cat2() { awk '{print;print > "/dev/stderr"}'; }
|
||||||
|
|
||||||
# privmsg_cat transforms stdin to a privmsg
|
# privmsg_cat transforms stdin to a privmsg
|
||||||
privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
|
privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
|
||||||
|
|
|
@ -2,5 +2,5 @@
|
||||||
|
|
||||||
# TODO use `execve` instead?
|
# TODO use `execve` instead?
|
||||||
writeDashBin "krebspaste" ''
|
writeDashBin "krebspaste" ''
|
||||||
exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@"
|
exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" | sed '$ s/$/\/+inline/g'
|
||||||
''
|
''
|
||||||
|
|
|
@ -5,8 +5,8 @@ stdenv.mkDerivation {
|
||||||
|
|
||||||
src = fetchgit {
|
src = fetchgit {
|
||||||
url = https://github.com/Lassulus/realwallpaper;
|
url = https://github.com/Lassulus/realwallpaper;
|
||||||
rev = "c2778c3c235fc32edc8115d533a0d0853ab101c5";
|
rev = "b8408cfb295b6ce5b965309b30358ca6c6409efd";
|
||||||
sha256 = "0yhbjz19zk8sj5dsvccm6skkqq2vardn1yi70qmd5li7qvp17mvs";
|
sha256 = "0yyl8hhqshw9bx04xs8glvir3c0qzvfrwzmbvyg318mnz5xalcl0";
|
||||||
};
|
};
|
||||||
|
|
||||||
phases = [
|
phases = [
|
||||||
|
@ -15,10 +15,6 @@ stdenv.mkDerivation {
|
||||||
];
|
];
|
||||||
|
|
||||||
buildInputs = [
|
buildInputs = [
|
||||||
xplanet
|
|
||||||
imagemagick
|
|
||||||
curl
|
|
||||||
file
|
|
||||||
];
|
];
|
||||||
|
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
|
|
|
@ -2,14 +2,14 @@
|
||||||
|
|
||||||
python3Packages.buildPythonPackage rec {
|
python3Packages.buildPythonPackage rec {
|
||||||
name = "tinc_graphs-${version}";
|
name = "tinc_graphs-${version}";
|
||||||
version = "0.3.9";
|
version = "0.3.10";
|
||||||
propagatedBuildInputs = with pkgs;[
|
propagatedBuildInputs = with pkgs;[
|
||||||
python3Packages.pygeoip
|
python3Packages.pygeoip
|
||||||
## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
|
## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
|
||||||
];
|
];
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz";
|
url = "mirror://pypi/t/tinc_graphs/${name}.tar.gz";
|
||||||
sha256 = "0hjmkiclvyjb3707285x4b8mk5aqjcvh383hvkad1h7p1n61qrfx";
|
sha256 = "0f4cvb9424fhfmc0hbzmynzh9528fyhx00ayq1nbpgd1p89yw7mc";
|
||||||
};
|
};
|
||||||
preFixup = with pkgs;''
|
preFixup = with pkgs;''
|
||||||
wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin"
|
wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin"
|
||||||
|
|
|
@ -11,11 +11,34 @@ with import <stockholm/lib>;
|
||||||
../2configs/mc.nix
|
../2configs/mc.nix
|
||||||
../2configs/nixpkgs.nix
|
../2configs/nixpkgs.nix
|
||||||
../2configs/vim.nix
|
../2configs/vim.nix
|
||||||
|
{
|
||||||
|
# /dev/stderr doesn't work. I don't know why
|
||||||
|
# /proc/self doesn't seem to work correctly
|
||||||
|
# /dev/pts is empty except for 1 file
|
||||||
|
# my life sucks
|
||||||
|
nixpkgs.config.packageOverrides = super: {
|
||||||
|
irc-announce = super.callPackage <stockholm/krebs/5pkgs/irc-announce> {
|
||||||
|
pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [
|
||||||
|
pkgs.coreutils
|
||||||
|
(pkgs.writeDashBin "tee" ''
|
||||||
|
if test "$1" = /dev/stderr; then
|
||||||
|
while read -r line; do
|
||||||
|
echo "$line"
|
||||||
|
echo "$line" >&2
|
||||||
|
done
|
||||||
|
else
|
||||||
|
${super.coreutils}/bin/tee "$@"
|
||||||
|
fi
|
||||||
|
'')
|
||||||
|
];};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
boot.kernelParams = [ "copytoram" ];
|
||||||
|
}
|
||||||
{
|
{
|
||||||
krebs.enable = true;
|
krebs.enable = true;
|
||||||
krebs.build.user = config.krebs.users.lass;
|
krebs.build.user = config.krebs.users.lass;
|
||||||
krebs.build.host = config.krebs.hosts.iso;
|
krebs.build.host = config.krebs.hosts.iso;
|
||||||
krebs.build.source.nixos-config.symlink = "stockholm/lass/1systems/${config.krebs.buil.host.name}.nix";
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
@ -122,18 +145,12 @@ with import <stockholm/lib>;
|
||||||
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
|
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
krebs.iptables = {
|
krebs.iptables = {
|
||||||
enable = true;
|
enable = true;
|
||||||
tables = {
|
tables = {
|
||||||
nat.PREROUTING.rules = [
|
|
||||||
{ predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
|
|
||||||
{ predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
|
|
||||||
];
|
|
||||||
nat.OUTPUT.rules = [
|
|
||||||
{ predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
|
|
||||||
];
|
|
||||||
filter.INPUT.policy = "DROP";
|
filter.INPUT.policy = "DROP";
|
||||||
filter.FORWARD.policy = "DROP";
|
filter.FORWARD.policy = "DROP";
|
||||||
filter.INPUT.rules = [
|
filter.INPUT.rules = [
|
||||||
|
@ -148,5 +165,8 @@ with import <stockholm/lib>;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
krebs.hidden-ssh.enable = true;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,6 +25,7 @@ with import <stockholm/lib>;
|
||||||
../2configs/repo-sync.nix
|
../2configs/repo-sync.nix
|
||||||
../2configs/ircd.nix
|
../2configs/ircd.nix
|
||||||
../2configs/logf.nix
|
../2configs/logf.nix
|
||||||
|
../2configs/syncthing.nix
|
||||||
{
|
{
|
||||||
#risk of rain port
|
#risk of rain port
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
@ -76,10 +77,6 @@ with import <stockholm/lib>;
|
||||||
{
|
{
|
||||||
services.redis.enable = true;
|
services.redis.enable = true;
|
||||||
}
|
}
|
||||||
{
|
|
||||||
#ipfs-testing
|
|
||||||
services.ipfs.enable = true;
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
pkgs.krebszones
|
pkgs.krebszones
|
||||||
|
@ -89,6 +86,12 @@ with import <stockholm/lib>;
|
||||||
#ps vita stuff
|
#ps vita stuff
|
||||||
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
|
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
services.tor = {
|
||||||
|
enable = true;
|
||||||
|
client.enable = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.mors;
|
krebs.build.host = config.krebs.hosts.mors;
|
||||||
|
|
|
@ -46,6 +46,7 @@ in {
|
||||||
../2configs/monitoring/server.nix
|
../2configs/monitoring/server.nix
|
||||||
../2configs/monitoring/monit-alarms.nix
|
../2configs/monitoring/monit-alarms.nix
|
||||||
../2configs/paste.nix
|
../2configs/paste.nix
|
||||||
|
../2configs/syncthing.nix
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../2configs/bepasty.nix
|
../2configs/bepasty.nix
|
||||||
|
@ -158,7 +159,7 @@ in {
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
users.users.chat.openssh.authorizedKeys.keys = [
|
users.users.chat.openssh.authorizedKeys.keys = [
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkmIvB8BekIE2W24+I0gnzkvkEoeulz/zQkDUVJK4oScbIvgTYmcHzQuHJyPueTm67bJCOcYaTwEDNhcR/ZvcyiCQ7Jwa5cLDTkCkcR9LQq8ry5jMNEanvTgrnBIEcwfS7jFpyFb/PRVG6hh2bPOfP+ksFplkq1BTzKt/UTaCBwVEZqi5XuFIlq/MqJg+FIjh+wyeNR5jHtqgAhVjR+YLVNXLgtVPE+dlSfbyRQHuA9FTkUj8BxxnTdwM5Sx33S61ddik1XvRn++IYqFl68fZhzyTME7t/Mvjdz8J7ew2bF2IbJrXt37yQCAOEEp9/RC5OloA7dd/5ZJjZxSzT2HnYROILsYr3S0WV4e+H2G66ZN0ftdUCYh1o5rtY7IrSes6yHsKYbpoij1IAkRkyt2XgEH5EZCk1Omx8AY3ekW1KFIEhz2DZEfnCEjPf4AGCYZ0uy4XEztxzTDkh25TVs/tym1+96qCJ1yAxwWZDbVhS/Z6aSBpsyeDRKcak8qoWVC2dEPdYuTUmwvmo3pmGn/a4UfOLNJTn0jSRjy3kSv1hYzosN4NSYZqEylFB0ABnlqoLpX3tmWtrkiKv19S+djVGxbaaYm3hjPJfds3qCWTJWPvxPPeCE8wGXVLYqOQxa5ZPYeoTwRof5YNSbj5RFYy9sDLTlHl+U4ASTHZM5S3akQ== JuiceSSH"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
@ -194,7 +195,7 @@ in {
|
||||||
../2configs/realwallpaper.nix
|
../2configs/realwallpaper.nix
|
||||||
];
|
];
|
||||||
services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
|
services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
|
||||||
alias /tmp/wallpaper.png;
|
alias /var/realwallpaper/realwallpaper.png;
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
@ -254,19 +255,20 @@ in {
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
krebs.Reaktor.coders = let
|
krebs.Reaktor.coders = {
|
||||||
lambdabot = (import (pkgs.fetchFromGitHub {
|
nickname = "Reaktor|lass";
|
||||||
owner = "NixOS"; repo = "nixpkgs";
|
|
||||||
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
|
|
||||||
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
|
|
||||||
}) {}).lambdabot;
|
|
||||||
in {
|
|
||||||
nickname = "reaktor-lass";
|
|
||||||
channels = [ "#coders" ];
|
channels = [ "#coders" ];
|
||||||
extraEnviron = {
|
extraEnviron = {
|
||||||
REAKTOR_HOST = "irc.hackint.org";
|
REAKTOR_HOST = "irc.hackint.org";
|
||||||
};
|
};
|
||||||
plugins = with pkgs.ReaktorPlugins; let
|
plugins = with pkgs.ReaktorPlugins; let
|
||||||
|
|
||||||
|
lambdabot = (import (pkgs.fetchFromGitHub {
|
||||||
|
owner = "NixOS"; repo = "nixpkgs";
|
||||||
|
rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
|
||||||
|
sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
|
||||||
|
}) {}).lambdabot;
|
||||||
|
|
||||||
lambdabotflags = ''
|
lambdabotflags = ''
|
||||||
-XStandaloneDeriving -XGADTs -XFlexibleContexts \
|
-XStandaloneDeriving -XGADTs -XFlexibleContexts \
|
||||||
-XFlexibleInstances -XMultiParamTypeClasses \
|
-XFlexibleInstances -XMultiParamTypeClasses \
|
||||||
|
@ -349,6 +351,18 @@ in {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
krebs.Reaktor.prism = {
|
||||||
|
nickname = "Reaktor|lass";
|
||||||
|
channels = [ "#retiolum" ];
|
||||||
|
extraEnviron = {
|
||||||
|
REAKTOR_HOST = "ni.r";
|
||||||
|
};
|
||||||
|
plugins = with pkgs.ReaktorPlugins; [
|
||||||
|
sed-plugin
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.prism;
|
krebs.build.host = config.krebs.hosts.prism;
|
||||||
|
|
|
@ -32,8 +32,6 @@ in {
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
virtualisation.libvirtd.enable = true;
|
|
||||||
|
|
||||||
programs.ssh.startAgent = false;
|
programs.ssh.startAgent = false;
|
||||||
|
|
||||||
services.printing = {
|
services.printing = {
|
||||||
|
|
|
@ -20,7 +20,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
config.krebs.buildbot.master = let
|
config.krebs.buildbot.master = let
|
||||||
stockholm-mirror-url = http://cgit.lassul.us/stockholm ;
|
stockholm-mirror-url = http://cgit.prism.r/stockholm ;
|
||||||
in {
|
in {
|
||||||
workers = {
|
workers = {
|
||||||
testworker = "lasspass";
|
testworker = "lasspass";
|
||||||
|
|
|
@ -64,7 +64,10 @@ with import <stockholm/lib>;
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
services.dnscrypt-proxy.enable = true;
|
services.dnscrypt-proxy = {
|
||||||
|
enable = true;
|
||||||
|
resolverName = "cs-de";
|
||||||
|
};
|
||||||
networking.extraResolvconfConf = ''
|
networking.extraResolvconfConf = ''
|
||||||
name_servers='127.0.0.1'
|
name_servers='127.0.0.1'
|
||||||
'';
|
'';
|
||||||
|
@ -151,6 +154,10 @@ with import <stockholm/lib>;
|
||||||
p7zip
|
p7zip
|
||||||
unzip
|
unzip
|
||||||
unrar
|
unrar
|
||||||
|
|
||||||
|
(pkgs.writeDashBin "sshn" ''
|
||||||
|
${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
|
||||||
|
'')
|
||||||
];
|
];
|
||||||
|
|
||||||
programs.bash = {
|
programs.bash = {
|
||||||
|
|
|
@ -6,7 +6,7 @@ in {
|
||||||
krebs.fetchWallpaper = {
|
krebs.fetchWallpaper = {
|
||||||
enable = true;
|
enable = true;
|
||||||
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
|
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
|
||||||
url = "prism/wallpaper.png";
|
url = "prism/realwallpaper-sat-krebs.png";
|
||||||
maxTime = 10;
|
maxTime = 10;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,6 +3,6 @@
|
||||||
{
|
{
|
||||||
krebs.build.source.nixpkgs.git = {
|
krebs.build.source.nixpkgs.git = {
|
||||||
url = https://cgit.lassul.us/nixpkgs;
|
url = https://cgit.lassul.us/nixpkgs;
|
||||||
ref = "a563923";
|
ref = "c85f39e";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,11 +10,23 @@ in {
|
||||||
krebs.realwallpaper.enable = true;
|
krebs.realwallpaper.enable = true;
|
||||||
|
|
||||||
services.nginx.virtualHosts.wallpaper = {
|
services.nginx.virtualHosts.wallpaper = {
|
||||||
|
extraConfig = ''
|
||||||
|
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
'';
|
||||||
serverAliases = [
|
serverAliases = [
|
||||||
hostname
|
hostname
|
||||||
|
"${hostname}.r"
|
||||||
];
|
];
|
||||||
locations."/wallpaper.png".extraConfig = ''
|
locations."/realwallpaper.png".extraConfig = ''
|
||||||
root /tmp/;
|
root /var/realwallpaper/;
|
||||||
|
'';
|
||||||
|
locations."/realwallpaper-sat.png".extraConfig = ''
|
||||||
|
root /var/realwallpaper/;
|
||||||
|
'';
|
||||||
|
locations."/realwallpaper-sat-krebs.png".extraConfig = ''
|
||||||
|
root /var/realwallpaper/;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
12
lass/2configs/syncthing.nix
Normal file
12
lass/2configs/syncthing.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
{
|
||||||
|
services.syncthing = {
|
||||||
|
enable = true;
|
||||||
|
useInotify = true;
|
||||||
|
};
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
|
||||||
|
{ predicate = "-p udp --dport 21027"; target = "ACCEPT";}
|
||||||
|
];
|
||||||
|
}
|
|
@ -32,7 +32,6 @@ in {
|
||||||
../2configs/elchos/log.nix
|
../2configs/elchos/log.nix
|
||||||
../2configs/elchos/search.nix
|
../2configs/elchos/search.nix
|
||||||
../2configs/elchos/stats.nix
|
../2configs/elchos/stats.nix
|
||||||
../2configs/stats-srv.nix
|
|
||||||
|
|
||||||
];
|
];
|
||||||
systemd.services.grafana.serviceConfig.LimitNOFILE=10032;
|
systemd.services.grafana.serviceConfig.LimitNOFILE=10032;
|
||||||
|
@ -129,6 +128,7 @@ in {
|
||||||
# createHome = true;
|
# createHome = true;
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
config.krebs.users.makefu.pubkey
|
config.krebs.users.makefu.pubkey
|
||||||
|
config.krebs.users.lass.pubkey
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13"
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local"
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de"
|
||||||
|
|
|
@ -35,10 +35,12 @@ in {
|
||||||
../2configs/nginx/update.connector.one.nix
|
../2configs/nginx/update.connector.one.nix
|
||||||
../2configs/deployment/mycube.connector.one.nix
|
../2configs/deployment/mycube.connector.one.nix
|
||||||
../2configs/deployment/graphs.nix
|
../2configs/deployment/graphs.nix
|
||||||
|
# ../2configs/ipfs.nix
|
||||||
|
../2configs/syncthing.nix
|
||||||
|
|
||||||
# ../2configs/opentracker.nix
|
# ../2configs/opentracker.nix
|
||||||
../2configs/logging/central-stats-client.nix
|
../2configs/logging/central-stats-client.nix
|
||||||
../2configs/logging/central-logging-client.nix
|
# ../2configs/logging/central-logging-client.nix
|
||||||
|
|
||||||
];
|
];
|
||||||
services.smartd.devices = [ { device = "/dev/sda";} ];
|
services.smartd.devices = [ { device = "/dev/sda";} ];
|
||||||
|
@ -79,7 +81,6 @@ in {
|
||||||
];
|
];
|
||||||
services.bitlbee.enable = true;
|
services.bitlbee.enable = true;
|
||||||
systemd.services.bitlbee.environment.BITLBEE_DEBUG="1";
|
systemd.services.bitlbee.environment.BITLBEE_DEBUG="1";
|
||||||
# systemd.services.bitlbee.serviceConfig.ExecStart = "${pkgs.bitlbee}/bin/bitlbee -Dnv -c
|
|
||||||
|
|
||||||
# Hardware
|
# Hardware
|
||||||
boot.loader.grub.device = "/dev/sda";
|
boot.loader.grub.device = "/dev/sda";
|
||||||
|
|
|
@ -53,9 +53,10 @@ in {
|
||||||
../2configs/omo-share.nix
|
../2configs/omo-share.nix
|
||||||
../2configs/tinc/retiolum.nix
|
../2configs/tinc/retiolum.nix
|
||||||
../2configs/logging/central-stats-server.nix
|
../2configs/logging/central-stats-server.nix
|
||||||
../2configs/logging/central-logging-server.nix
|
# ../2configs/logging/central-logging-server.nix
|
||||||
../2configs/logging/central-stats-client.nix
|
../2configs/logging/central-stats-client.nix
|
||||||
../2configs/logging/central-logging-client.nix
|
../2configs/syncthing.nix
|
||||||
|
# ../2configs/logging/central-logging-client.nix
|
||||||
|
|
||||||
# ../2configs/torrent.nix
|
# ../2configs/torrent.nix
|
||||||
|
|
||||||
|
|
|
@ -31,7 +31,7 @@ in {
|
||||||
anonymous-domain = "localhost.localdomain";
|
anonymous-domain = "localhost.localdomain";
|
||||||
anonymous.extraConfig = "return 403;";
|
anonymous.extraConfig = "return 403;";
|
||||||
complete = {
|
complete = {
|
||||||
serverAliases = [ "graphs.siem" ];
|
serverAliases = [ "graph.siem" ];
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
if ( $server_addr = "${ip}" ) {
|
if ( $server_addr = "${ip}" ) {
|
||||||
return 403;
|
return 403;
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
|
@ -71,14 +72,9 @@
|
||||||
makefu.umts.apn = "web.vodafone.de";
|
makefu.umts.apn = "web.vodafone.de";
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
krebs.nginx = {
|
|
||||||
default404 = false;
|
|
||||||
servers.default.listen = [ "80 default_server" ];
|
|
||||||
servers.default.server-names = [ "_" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
|
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
|
||||||
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ];
|
environment.systemPackages = [ pkgs.passwdqc-utils ];
|
||||||
|
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,10 @@ let
|
||||||
mainUser = config.krebs.build.user.name;
|
mainUser = config.krebs.build.user.name;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [ ];
|
imports = [
|
||||||
|
./urxvtd.nix
|
||||||
|
];
|
||||||
|
|
||||||
services.xserver = {
|
services.xserver = {
|
||||||
enable = true;
|
enable = true;
|
||||||
layout = "us";
|
layout = "us";
|
||||||
|
|
|
@ -11,7 +11,7 @@ with import <stockholm/lib>;
|
||||||
./vim.nix
|
./vim.nix
|
||||||
./binary-cache/nixos.nix
|
./binary-cache/nixos.nix
|
||||||
];
|
];
|
||||||
|
programs.command-not-found.enable = false;
|
||||||
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
|
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
|
||||||
krebs = {
|
krebs = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -22,7 +22,7 @@ with import <stockholm/lib>;
|
||||||
user = config.krebs.users.makefu;
|
user = config.krebs.users.makefu;
|
||||||
source = let
|
source = let
|
||||||
inherit (config.krebs.build) host user;
|
inherit (config.krebs.build) host user;
|
||||||
ref = "2982661"; # unstable @ 2017-03-31 + cups-dymo + snapraid-11.1
|
ref = "4fac473"; # unstable @ 2017-03-31 + command-not-found
|
||||||
in {
|
in {
|
||||||
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
|
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
|
||||||
{
|
{
|
||||||
|
|
|
@ -23,8 +23,8 @@ in {
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
serverAliases = [
|
serverAliases = [
|
||||||
"graphs.r" "graphs.retiolum"
|
"graph.r"
|
||||||
"graphs.${hn}" "graphs.${hn}.retiolum"
|
"graph.${hn}" "graph.${hn}.r"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
anonymous = {
|
anonymous = {
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{
|
{
|
||||||
services.dnscrypt-proxy.enable = true;
|
services.dnscrypt-proxy.enable = true;
|
||||||
|
services.dnscrypt-proxy.resolverName = "cs-de";
|
||||||
networking.extraResolvconfConf = ''
|
networking.extraResolvconfConf = ''
|
||||||
name_servers='127.0.0.1'
|
name_servers='127.0.0.1'
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
OnCalendar = "*:0/30";
|
OnCalendar = "*:0/30";
|
||||||
};
|
};
|
||||||
url = "http://echelon/wallpaper.png";
|
url = "http://prism.r/realwallpaper-sat-krebs.png";
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
5
makefu/2configs/ipfs.nix
Normal file
5
makefu/2configs/ipfs.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{...}:
|
||||||
|
{
|
||||||
|
services.ipfs.enable = true;
|
||||||
|
networking.firewall.allowedTCPPorts = [ 4001 ];
|
||||||
|
}
|
|
@ -71,5 +71,12 @@ in {
|
||||||
iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
|
iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
|
||||||
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
|
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
|
||||||
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
|
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
|
||||||
|
|
||||||
|
ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
|
||||||
|
ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
|
||||||
|
ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
|
||||||
|
ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
|
||||||
|
ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
|
||||||
|
ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
11
makefu/2configs/syncthing.nix
Normal file
11
makefu/2configs/syncthing.nix
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
{...}:
|
||||||
|
|
||||||
|
with import <stockholm/lib>; {
|
||||||
|
services.syncthing = {
|
||||||
|
enable = true;
|
||||||
|
openDefaultPorts = true;
|
||||||
|
useInotify = true;
|
||||||
|
group = "download";
|
||||||
|
};
|
||||||
|
users.extraGroups.download.gid = genid "download";
|
||||||
|
}
|
|
@ -12,11 +12,11 @@
|
||||||
firefox
|
firefox
|
||||||
keepassx
|
keepassx
|
||||||
pcmanfm
|
pcmanfm
|
||||||
|
evince
|
||||||
skype
|
skype
|
||||||
mirage
|
mirage
|
||||||
tightvnc
|
tightvnc
|
||||||
gnome3.dconf
|
gnome3.dconf
|
||||||
wireshark
|
|
||||||
xdotool
|
xdotool
|
||||||
xorg.xbacklight
|
xorg.xbacklight
|
||||||
scrot
|
scrot
|
||||||
|
|
|
@ -40,6 +40,7 @@
|
||||||
cac-api
|
cac-api
|
||||||
cac-panel
|
cac-panel
|
||||||
krebspaste
|
krebspaste
|
||||||
|
krebszones
|
||||||
ledger
|
ledger
|
||||||
pass
|
pass
|
||||||
];
|
];
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
krebs.per-user.makefu.packages = with pkgs;[
|
krebs.per-user.makefu.packages = with pkgs;[
|
||||||
inkscape
|
inkscape
|
||||||
gimp
|
gimp
|
||||||
|
libreoffice
|
||||||
skype
|
skype
|
||||||
virtmanager
|
virtmanager
|
||||||
synergy
|
synergy
|
||||||
|
|
|
@ -11,5 +11,6 @@
|
||||||
nmap
|
nmap
|
||||||
msf
|
msf
|
||||||
thc-hydra
|
thc-hydra
|
||||||
|
wireshark
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
21
makefu/2configs/urxvtd.nix
Normal file
21
makefu/2configs/urxvtd.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
mainUser = config.krebs.build.user.name;
|
||||||
|
in {
|
||||||
|
systemd.services.urxvtd = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
before = [ "graphical.target" ];
|
||||||
|
reloadIfChanged = true;
|
||||||
|
serviceConfig = {
|
||||||
|
SyslogIdentifier = "urxvtd";
|
||||||
|
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
|
||||||
|
ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd";
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = "2s";
|
||||||
|
StartLimitBurst = 0;
|
||||||
|
User = mainUser;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# TODO: sessionCommands from base-gui related to urxvt in this file
|
||||||
|
}
|
|
@ -90,7 +90,7 @@ client.connect_signal("focus", function(c) c.border_color = beautiful.border_foc
|
||||||
client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end)
|
client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end)
|
||||||
|
|
||||||
-- This is used later as the default terminal and editor to run.
|
-- This is used later as the default terminal and editor to run.
|
||||||
terminal = "urxvt"
|
terminal = "urxvtc"
|
||||||
editor = os.getenv("EDITOR") or "vim"
|
editor = os.getenv("EDITOR") or "vim"
|
||||||
editor_cmd = terminal .. " -e " .. editor
|
editor_cmd = terminal .. " -e " .. editor
|
||||||
browser = "firefox"
|
browser = "firefox"
|
||||||
|
|
|
@ -14,6 +14,7 @@ in
|
||||||
../2configs/shack-nix-cacher.nix
|
../2configs/shack-nix-cacher.nix
|
||||||
../2configs/shared-buildbot.nix
|
../2configs/shared-buildbot.nix
|
||||||
../2configs/share-shack.nix
|
../2configs/share-shack.nix
|
||||||
|
../2configs/central-stats-client.nix
|
||||||
];
|
];
|
||||||
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
||||||
# apt-cacher-ng in first place)
|
# apt-cacher-ng in first place)
|
||||||
|
|
68
shared/2configs/central-stats-client.nix
Normal file
68
shared/2configs/central-stats-client.nix
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
{pkgs, config, ...}:
|
||||||
|
{
|
||||||
|
services.collectd = {
|
||||||
|
enable = true;
|
||||||
|
autoLoadPlugin = true;
|
||||||
|
extraConfig = ''
|
||||||
|
Hostname ${config.krebs.build.host.name}
|
||||||
|
LoadPlugin load
|
||||||
|
LoadPlugin disk
|
||||||
|
LoadPlugin memory
|
||||||
|
LoadPlugin df
|
||||||
|
Interval 30.0
|
||||||
|
|
||||||
|
LoadPlugin interface
|
||||||
|
<Plugin "interface">
|
||||||
|
Interface "*Link"
|
||||||
|
Interface "lo"
|
||||||
|
Interface "vboxnet*"
|
||||||
|
Interface "virbr*"
|
||||||
|
IgnoreSelected true
|
||||||
|
</Plugin>
|
||||||
|
|
||||||
|
LoadPlugin df
|
||||||
|
<Plugin "df">
|
||||||
|
MountPoint "/nix/store"
|
||||||
|
# MountPoint "/run*"
|
||||||
|
# MountPoint "/sys*"
|
||||||
|
# MountPoint "/dev"
|
||||||
|
# MountPoint "/dev/shm"
|
||||||
|
# MountPoint "/tmp"
|
||||||
|
FSType "tmpfs"
|
||||||
|
FSType "binfmt_misc"
|
||||||
|
FSType "debugfs"
|
||||||
|
FSType "mqueue"
|
||||||
|
FSType "hugetlbfs"
|
||||||
|
FSType "systemd-1"
|
||||||
|
FSType "cgroup"
|
||||||
|
FSType "securityfs"
|
||||||
|
FSType "ramfs"
|
||||||
|
FSType "proc"
|
||||||
|
FSType "devpts"
|
||||||
|
FSType "devtmpfs"
|
||||||
|
MountPoint "/var/lib/docker/devicemapper"
|
||||||
|
IgnoreSelected true
|
||||||
|
</Plugin>
|
||||||
|
|
||||||
|
LoadPlugin cpu
|
||||||
|
<Plugin cpu>
|
||||||
|
ReportByCpu true
|
||||||
|
ReportByState true
|
||||||
|
ValuesPercentage true
|
||||||
|
</Plugin>
|
||||||
|
|
||||||
|
LoadPlugin network
|
||||||
|
<Plugin "network">
|
||||||
|
Server "stats.makefu.r" "25826"
|
||||||
|
</Plugin>
|
||||||
|
|
||||||
|
LoadPlugin curl
|
||||||
|
<Plugin curl>
|
||||||
|
<Page "smarthome">
|
||||||
|
URL "http://smarthome.shack/";
|
||||||
|
MeasureResponseTime true
|
||||||
|
</Page>
|
||||||
|
</Plugin>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
|
@ -9,11 +9,20 @@
|
||||||
{
|
{
|
||||||
# due to the fact that we actually build stuff on the box via the daemon,
|
# due to the fact that we actually build stuff on the box via the daemon,
|
||||||
# /nix/store should be cleaned up automatically as well
|
# /nix/store should be cleaned up automatically as well
|
||||||
|
services.nginx.virtualHosts.build = {
|
||||||
|
serverAliases = [ "build.wolf.r" ];
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_pass http://localhost:${toString config.krebs.buildbot.master.web.port};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
nix.gc.automatic = true;
|
nix.gc.automatic = true;
|
||||||
nix.gc.dates = "05:23";
|
nix.gc.dates = "05:23";
|
||||||
networking.firewall.allowedTCPPorts = [ 8010 9989 ];
|
networking.firewall.allowedTCPPorts = [ 8010 9989 ];
|
||||||
krebs.buildbot.master = let
|
krebs.buildbot.master = let
|
||||||
stockholm-mirror-url = http://cgit.wolf/stockholm-mirror ;
|
stockholm-mirror-url = http://cgit.wolf.r/stockholm-mirror ;
|
||||||
in {
|
in {
|
||||||
secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ];
|
secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ];
|
||||||
workers = {
|
workers = {
|
||||||
|
@ -151,6 +160,9 @@
|
||||||
channels = [ { channel = "retiolum"; } ];
|
channels = [ { channel = "retiolum"; } ];
|
||||||
allowForce = true;
|
allowForce = true;
|
||||||
};
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
c['buildbotURL'] = "http://build.wolf.r/"
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
krebs.buildbot.worker = {
|
krebs.buildbot.worker = {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user