Merge remote-tracking branch 'lass/master'
This commit is contained in:
commit
8156ab9237
@ -1,12 +1,14 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
# bln config file
|
# bln config file
|
||||||
{
|
{
|
||||||
imports =
|
imports = [
|
||||||
[ <stockholm/jeschli>
|
./hardware-configuration.nix
|
||||||
|
<stockholm/jeschli>
|
||||||
<stockholm/jeschli/2configs/virtualbox.nix>
|
<stockholm/jeschli/2configs/virtualbox.nix>
|
||||||
<stockholm/jeschli/2configs/urxvt.nix>
|
<stockholm/jeschli/2configs/urxvt.nix>
|
||||||
<stockholm/jeschli/2configs/emacs.nix>
|
<stockholm/jeschli/2configs/emacs.nix>
|
||||||
./hardware-configuration.nix
|
<stockholm/jeschli/2configs/xdg.nix>
|
||||||
|
<stockholm/jeschli/2configs/xserver>
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
@ -91,14 +93,14 @@
|
|||||||
services.printing.drivers = [ pkgs.postscript-lexmark ];
|
services.printing.drivers = [ pkgs.postscript-lexmark ];
|
||||||
|
|
||||||
# Enable the X11 windowing system.
|
# Enable the X11 windowing system.
|
||||||
services.xserver.enable = true;
|
# services.xserver.enable = true;
|
||||||
services.xserver.videoDrivers = [ "nvidia" ];
|
services.xserver.videoDrivers = [ "nvidia" ];
|
||||||
|
|
||||||
services.xserver.windowManager.xmonad.enable = true;
|
# services.xserver.windowManager.xmonad.enable = true;
|
||||||
services.xserver.windowManager.xmonad.enableContribAndExtras = true;
|
# services.xserver.windowManager.xmonad.enableContribAndExtras = true;
|
||||||
services.xserver.displayManager.sddm.enable = true;
|
# services.xserver.displayManager.sddm.enable = true;
|
||||||
services.xserver.dpi = 100;
|
# services.xserver.dpi = 100;
|
||||||
fonts.fontconfig.dpi = 100;
|
# fonts.fontconfig.dpi = 100;
|
||||||
|
|
||||||
users.extraUsers.jeschli = {
|
users.extraUsers.jeschli = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
|
@ -44,6 +44,9 @@ in {
|
|||||||
display = 11;
|
display = 11;
|
||||||
tty = 11;
|
tty = 11;
|
||||||
|
|
||||||
|
dpi = 100;
|
||||||
|
|
||||||
|
videoDrivers = [ "nvidia" ];
|
||||||
synaptics = {
|
synaptics = {
|
||||||
enable = true;
|
enable = true;
|
||||||
twoFingerScroll = true;
|
twoFingerScroll = true;
|
||||||
|
@ -44,6 +44,7 @@ import XMonad.Layout.Reflect (reflectVert)
|
|||||||
import XMonad.Layout.FixedColumn (FixedColumn(..))
|
import XMonad.Layout.FixedColumn (FixedColumn(..))
|
||||||
import XMonad.Hooks.Place (placeHook, smart)
|
import XMonad.Hooks.Place (placeHook, smart)
|
||||||
import XMonad.Hooks.FloatNext (floatNextHook)
|
import XMonad.Hooks.FloatNext (floatNextHook)
|
||||||
|
import XMonad.Hooks.SetWMName
|
||||||
import XMonad.Actions.PerWorkspaceKeys (chooseAction)
|
import XMonad.Actions.PerWorkspaceKeys (chooseAction)
|
||||||
import XMonad.Layout.PerWorkspace (onWorkspace)
|
import XMonad.Layout.PerWorkspace (onWorkspace)
|
||||||
--import XMonad.Layout.BinarySpacePartition
|
--import XMonad.Layout.BinarySpacePartition
|
||||||
@ -86,7 +87,8 @@ mainNoArgs = do
|
|||||||
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
|
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
|
||||||
--, handleEventHook = handleTimerEvent
|
--, handleEventHook = handleTimerEvent
|
||||||
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
|
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
|
||||||
, startupHook =
|
, startupHook = do
|
||||||
|
setWMName "LG3D"
|
||||||
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
|
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
|
||||||
(\path -> forkFile path [] Nothing)
|
(\path -> forkFile path [] Nothing)
|
||||||
, normalBorderColor = "#1c1c1c"
|
, normalBorderColor = "#1c1c1c"
|
||||||
@ -217,7 +219,7 @@ myKeys conf = Map.fromList $
|
|||||||
pagerConfig :: PagerConfig
|
pagerConfig :: PagerConfig
|
||||||
pagerConfig = def
|
pagerConfig = def
|
||||||
{ pc_font = myFont
|
{ pc_font = myFont
|
||||||
, pc_cellwidth = 64
|
, pc_cellwidth = 256
|
||||||
--, pc_cellheight = 36 -- TODO automatically keep screen aspect
|
--, pc_cellheight = 36 -- TODO automatically keep screen aspect
|
||||||
--, pc_borderwidth = 1
|
--, pc_borderwidth = 1
|
||||||
--, pc_matchcolor = "#f0b000"
|
--, pc_matchcolor = "#f0b000"
|
||||||
|
@ -21,4 +21,5 @@
|
|||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
|
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
|
||||||
|
environment.variables.NIX_REMOTE = "daemon";
|
||||||
}
|
}
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
{
|
{
|
||||||
krebs.newsbot-js.news-spam = {
|
krebs.newsbot-js.news-spam = {
|
||||||
|
urlShortenerHost = "go.lassul.us";
|
||||||
feeds = pkgs.writeText "feeds" ''
|
feeds = pkgs.writeText "feeds" ''
|
||||||
[SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
|
[SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
|
||||||
[SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
|
[SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
|
||||||
|
@ -9,6 +9,7 @@ with import <stockholm/lib>;
|
|||||||
hosts = mapAttrs (_: recursiveUpdate {
|
hosts = mapAttrs (_: recursiveUpdate {
|
||||||
owner = config.krebs.users.lass;
|
owner = config.krebs.users.lass;
|
||||||
ci = true;
|
ci = true;
|
||||||
|
monitoring = true;
|
||||||
}) {
|
}) {
|
||||||
dishfire = {
|
dishfire = {
|
||||||
cores = 4;
|
cores = 4;
|
||||||
@ -43,39 +44,6 @@ with import <stockholm/lib>;
|
|||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
|
||||||
};
|
};
|
||||||
echelon = {
|
|
||||||
cores = 2;
|
|
||||||
nets = rec {
|
|
||||||
internet = {
|
|
||||||
ip4.addr = "64.137.242.41";
|
|
||||||
aliases = [
|
|
||||||
"echelon.i"
|
|
||||||
];
|
|
||||||
ssh.port = 45621;
|
|
||||||
};
|
|
||||||
retiolum = {
|
|
||||||
via = internet;
|
|
||||||
ip4.addr = "10.243.206.103";
|
|
||||||
ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f763";
|
|
||||||
aliases = [
|
|
||||||
"echelon.r"
|
|
||||||
"cgit.echelon.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ
|
|
||||||
oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX
|
|
||||||
MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f
|
|
||||||
4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA
|
|
||||||
n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p
|
|
||||||
do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
|
|
||||||
};
|
|
||||||
prism = rec {
|
prism = rec {
|
||||||
cores = 4;
|
cores = 4;
|
||||||
extraZones = {
|
extraZones = {
|
||||||
@ -90,7 +58,10 @@ with import <stockholm/lib>;
|
|||||||
60 IN NS dns16.ovh.net.
|
60 IN NS dns16.ovh.net.
|
||||||
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
60 IN TXT v=spf1 mx a:lassul.us -all
|
60 IN TXT v=spf1 mx a:lassul.us -all
|
||||||
|
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
|
||||||
|
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
|
||||||
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
io 60 IN NS ions.lassul.us.
|
io 60 IN NS ions.lassul.us.
|
||||||
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
@ -149,6 +120,7 @@ with import <stockholm/lib>;
|
|||||||
};
|
};
|
||||||
domsen-nas = {
|
domsen-nas = {
|
||||||
ci = false;
|
ci = false;
|
||||||
|
monitoring = false;
|
||||||
external = true;
|
external = true;
|
||||||
nets = rec {
|
nets = rec {
|
||||||
internet = {
|
internet = {
|
||||||
@ -161,6 +133,7 @@ with import <stockholm/lib>;
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
uriel = {
|
uriel = {
|
||||||
|
monitoring = false;
|
||||||
cores = 1;
|
cores = 1;
|
||||||
nets = {
|
nets = {
|
||||||
gg23 = {
|
gg23 = {
|
||||||
@ -399,10 +372,12 @@ with import <stockholm/lib>;
|
|||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
|
||||||
};
|
};
|
||||||
iso = {
|
iso = {
|
||||||
|
monitoring = false;
|
||||||
ci = false;
|
ci = false;
|
||||||
cores = 1;
|
cores = 1;
|
||||||
};
|
};
|
||||||
sokrateslaptop = {
|
sokrateslaptop = {
|
||||||
|
monitoring = false;
|
||||||
ci = false;
|
ci = false;
|
||||||
external = true;
|
external = true;
|
||||||
nets = {
|
nets = {
|
||||||
@ -426,6 +401,7 @@ with import <stockholm/lib>;
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
turingmachine = {
|
turingmachine = {
|
||||||
|
monitoring = false;
|
||||||
ci = false;
|
ci = false;
|
||||||
external = true;
|
external = true;
|
||||||
nets = {
|
nets = {
|
||||||
@ -454,6 +430,7 @@ with import <stockholm/lib>;
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
eddie = {
|
eddie = {
|
||||||
|
monitoring = false;
|
||||||
ci = false;
|
ci = false;
|
||||||
external = true;
|
external = true;
|
||||||
nets = rec {
|
nets = rec {
|
||||||
@ -494,6 +471,7 @@ with import <stockholm/lib>;
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
borg = {
|
borg = {
|
||||||
|
monitoring = false;
|
||||||
ci = false;
|
ci = false;
|
||||||
external = true;
|
external = true;
|
||||||
nets = {
|
nets = {
|
||||||
@ -521,6 +499,7 @@ with import <stockholm/lib>;
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
inspector = {
|
inspector = {
|
||||||
|
monitoring = false;
|
||||||
ci = false;
|
ci = false;
|
||||||
external = true;
|
external = true;
|
||||||
nets = rec {
|
nets = rec {
|
||||||
@ -552,6 +531,7 @@ with import <stockholm/lib>;
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
dpdkm = {
|
dpdkm = {
|
||||||
|
monitoring = false;
|
||||||
ci = false;
|
ci = false;
|
||||||
external = true;
|
external = true;
|
||||||
nets = rec {
|
nets = rec {
|
||||||
@ -659,6 +639,37 @@ with import <stockholm/lib>;
|
|||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
|
||||||
};
|
};
|
||||||
|
red = {
|
||||||
|
monitoring = false;
|
||||||
|
cores = 1;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.0.13";
|
||||||
|
ip6.addr = "42:0:0:0:0:0:0:12ed";
|
||||||
|
aliases = [
|
||||||
|
"red.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG
|
||||||
|
4/cqsjvHlffAN8jYDq+GImgREvbiLlFhhHgxwKh0gcDTR8P1xX/00P3/fx/g5bRF
|
||||||
|
Te7LZT2AFmVFFFfx1n9NBweN/gG2/hzB9J8epbWLNT+RzpzHuAoREvDZ+jweSXaI
|
||||||
|
phdmQY2s36yrR3TAShqq0q4cwlXuHT00J+InDutM0mTftBQG/fvYkBhHOfq4WSY0
|
||||||
|
FeMK7DTKNbsqQiKKQ/kvWi7KfTW0F0c7SDpi7BLwbQzP2WbogtGy9MIrw9ZhE6Ox
|
||||||
|
TVdAksPKw0TlYdb16X/MkbzBqTYbxFlmWzpMJABMxIVwAfQx3ZGYvJDdDXmQS2qa
|
||||||
|
mDN2xBb/5pj3fbfp4wbwWlRVSd/AJQtRvaNY24F+UsRJb0WinIguDI6oRZx7Xt8w
|
||||||
|
oYirKqqq1leb3EYUt8TMIXQsOw0/Iq+JJCwB+ZyLLGVNB19XOxdR3RN1JYeZANpE
|
||||||
|
cMSS3SdFGgZ//ZAdhIN5kw9yMeKo6Rnt+Vdz3vZWTuSVp/xYO3IMGXNGAdIWIwrJ
|
||||||
|
7fwSl/rfXGG816h0sD46U0mxd+i68YOtHlzOKe+vMZ4/FJZYd/E5/IDQluV8HLwa
|
||||||
|
5lODfZXUmfStdV+GDA9KVEGUP5xSkC3rMnir66NgHzKpIL002/g/HfGu7O3MrvpW
|
||||||
|
ng7AMvRv5vbsYcJBj2HUhKUCAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
users = {
|
users = {
|
||||||
lass = {
|
lass = {
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
|
|
||||||
krebs-source = {
|
krebs-source = {
|
||||||
nixpkgs.git = {
|
nixpkgs.git = {
|
||||||
ref = "4b4bbce199d3b3a8001ee93495604289b01aaad3";
|
ref = "b50443b5c4ac0f382c49352a892b9d5d970eb4e7";
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
url = https://github.com/NixOS/nixpkgs;
|
||||||
};
|
};
|
||||||
stockholm.file = toString ../.;
|
stockholm.file = toString ../.;
|
||||||
|
@ -13,9 +13,9 @@
|
|||||||
<stockholm/lass/2configs/browsers.nix>
|
<stockholm/lass/2configs/browsers.nix>
|
||||||
<stockholm/lass/2configs/programs.nix>
|
<stockholm/lass/2configs/programs.nix>
|
||||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||||
<stockholm/lass/2configs/backups.nix>
|
|
||||||
<stockholm/lass/2configs/games.nix>
|
<stockholm/lass/2configs/games.nix>
|
||||||
<stockholm/lass/2configs/bitcoin.nix>
|
<stockholm/lass/2configs/bitcoin.nix>
|
||||||
|
<stockholm/lass/2configs/AP.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.cabal;
|
krebs.build.host = config.krebs.hosts.cabal;
|
||||||
|
@ -8,9 +8,9 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/boot/coreboot.nix>
|
<stockholm/lass/2configs/boot/coreboot.nix>
|
||||||
|
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
<stockholm/lass/2configs/backups.nix>
|
|
||||||
<stockholm/lass/2configs/games.nix>
|
<stockholm/lass/2configs/games.nix>
|
||||||
<stockholm/lass/2configs/steam.nix>
|
<stockholm/lass/2configs/steam.nix>
|
||||||
|
<stockholm/lass/2configs/backup.nix>
|
||||||
{
|
{
|
||||||
# bubsy config
|
# bubsy config
|
||||||
users.users.bubsy = {
|
users.users.bubsy = {
|
||||||
|
@ -1,50 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
inherit (import <stockholm/lass/4lib> { inherit pkgs lib; }) getDefaultGateway;
|
|
||||||
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
<stockholm/lass>
|
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
|
||||||
<stockholm/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix>
|
|
||||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
|
||||||
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
|
||||||
<stockholm/lass/2configs/git.nix>
|
|
||||||
{
|
|
||||||
networking.interfaces.enp2s1.ip4 = [
|
|
||||||
{
|
|
||||||
address = ip;
|
|
||||||
prefixLength = 24;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
networking.defaultGateway = getDefaultGateway ip;
|
|
||||||
networking.nameservers = [
|
|
||||||
"8.8.8.8"
|
|
||||||
];
|
|
||||||
|
|
||||||
}
|
|
||||||
{
|
|
||||||
sound.enable = false;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
users.extraUsers = {
|
|
||||||
satan = {
|
|
||||||
name = "satan";
|
|
||||||
uid = 1338;
|
|
||||||
home = "/home/satan";
|
|
||||||
group = "users";
|
|
||||||
createHome = true;
|
|
||||||
useDefaultShell = true;
|
|
||||||
extraGroups = [
|
|
||||||
];
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.echelon;
|
|
||||||
}
|
|
@ -17,6 +17,7 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/dcso-dev.nix>
|
<stockholm/lass/2configs/dcso-dev.nix>
|
||||||
<stockholm/lass/2configs/steam.nix>
|
<stockholm/lass/2configs/steam.nix>
|
||||||
<stockholm/lass/2configs/rtl-sdr.nix>
|
<stockholm/lass/2configs/rtl-sdr.nix>
|
||||||
|
<stockholm/lass/2configs/backup.nix>
|
||||||
{ # automatic hardware detection
|
{ # automatic hardware detection
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
@ -137,35 +138,14 @@ with import <stockholm/lib>;
|
|||||||
networking.hostName = lib.mkForce "BLN02NB0162";
|
networking.hostName = lib.mkForce "BLN02NB0162";
|
||||||
|
|
||||||
security.pki.certificateFiles = [
|
security.pki.certificateFiles = [
|
||||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
|
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
|
||||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
|
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
|
||||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
|
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })
|
||||||
|
|
||||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
|
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
|
||||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
|
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
|
||||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
|
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; })
|
||||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
|
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; })
|
||||||
(pkgs.writeText "minio.cert" ''
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS
|
|
||||||
MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1
|
|
||||||
OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
|
|
||||||
AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL
|
|
||||||
8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV
|
|
||||||
YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C
|
|
||||||
ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM
|
|
||||||
CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw
|
|
||||||
hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk
|
|
||||||
MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw
|
|
||||||
I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB
|
|
||||||
CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30
|
|
||||||
hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox
|
|
||||||
jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY
|
|
||||||
EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM
|
|
||||||
zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a
|
|
||||||
qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
'')
|
|
||||||
];
|
];
|
||||||
|
|
||||||
programs.adb.enable = true;
|
programs.adb.enable = true;
|
||||||
|
@ -14,9 +14,9 @@
|
|||||||
<stockholm/lass/2configs/browsers.nix>
|
<stockholm/lass/2configs/browsers.nix>
|
||||||
<stockholm/lass/2configs/programs.nix>
|
<stockholm/lass/2configs/programs.nix>
|
||||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||||
<stockholm/lass/2configs/backups.nix>
|
|
||||||
<stockholm/lass/2configs/games.nix>
|
<stockholm/lass/2configs/games.nix>
|
||||||
<stockholm/lass/2configs/bitcoin.nix>
|
<stockholm/lass/2configs/bitcoin.nix>
|
||||||
|
<stockholm/lass/2configs/backup.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.icarus;
|
krebs.build.host = config.krebs.hosts.icarus;
|
||||||
|
@ -8,7 +8,7 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
<stockholm/lass/2configs/boot/stock-x220.nix>
|
||||||
|
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
<stockholm/lass/2configs/backups.nix>
|
<stockholm/lass/2configs/backup.nix>
|
||||||
<stockholm/lass/2configs/steam.nix>
|
<stockholm/lass/2configs/steam.nix>
|
||||||
{
|
{
|
||||||
users.users.blacky = {
|
users.users.blacky = {
|
||||||
|
@ -33,6 +33,7 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/ableton.nix>
|
<stockholm/lass/2configs/ableton.nix>
|
||||||
<stockholm/lass/2configs/dunst.nix>
|
<stockholm/lass/2configs/dunst.nix>
|
||||||
<stockholm/lass/2configs/rtl-sdr.nix>
|
<stockholm/lass/2configs/rtl-sdr.nix>
|
||||||
|
<stockholm/lass/2configs/backup.nix>
|
||||||
{
|
{
|
||||||
#risk of rain port
|
#risk of rain port
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
@ -140,6 +141,8 @@ with import <stockholm/lib>;
|
|||||||
dpass
|
dpass
|
||||||
|
|
||||||
dnsutils
|
dnsutils
|
||||||
|
woeusb
|
||||||
|
l-gen-secrets
|
||||||
generate-secrets
|
generate-secrets
|
||||||
(pkgs.writeDashBin "btc-coinbase" ''
|
(pkgs.writeDashBin "btc-coinbase" ''
|
||||||
${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount'
|
${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount'
|
||||||
@ -186,6 +189,10 @@ with import <stockholm/lib>;
|
|||||||
programs.adb.enable = true;
|
programs.adb.enable = true;
|
||||||
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
|
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
|
services.redshift = {
|
||||||
|
enable = true;
|
||||||
|
provider = "geoclue2";
|
||||||
|
};
|
||||||
|
|
||||||
lass.restic = genAttrs [
|
lass.restic = genAttrs [
|
||||||
"daedalus"
|
"daedalus"
|
||||||
|
@ -104,6 +104,7 @@ in {
|
|||||||
];
|
];
|
||||||
}
|
}
|
||||||
{ # TODO make new hfos.nix out of this vv
|
{ # TODO make new hfos.nix out of this vv
|
||||||
|
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||||
users.users.riot = {
|
users.users.riot = {
|
||||||
uid = genid "riot";
|
uid = genid "riot";
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
@ -189,26 +190,6 @@ in {
|
|||||||
localAddress = "10.233.2.2";
|
localAddress = "10.233.2.2";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
|
||||||
#kaepsele
|
|
||||||
systemd.services."container@kaepsele".reloadIfChanged = mkForce false;
|
|
||||||
containers.kaepsele = {
|
|
||||||
config = { ... }: {
|
|
||||||
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
|
|
||||||
environment.systemPackages = [ pkgs.git ];
|
|
||||||
services.openssh.enable = true;
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
|
|
||||||
lass.pubkey
|
|
||||||
tv.pubkey
|
|
||||||
];
|
|
||||||
};
|
|
||||||
autoStart = true;
|
|
||||||
enableTun = true;
|
|
||||||
privateNetwork = true;
|
|
||||||
hostAddress = "10.233.2.3";
|
|
||||||
localAddress = "10.233.2.4";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
#onondaga
|
#onondaga
|
||||||
systemd.services."container@onondaga".reloadIfChanged = mkForce false;
|
systemd.services."container@onondaga".reloadIfChanged = mkForce false;
|
||||||
@ -237,13 +218,12 @@ in {
|
|||||||
<stockholm/lass/2configs/repo-sync.nix>
|
<stockholm/lass/2configs/repo-sync.nix>
|
||||||
<stockholm/lass/2configs/binary-cache/server.nix>
|
<stockholm/lass/2configs/binary-cache/server.nix>
|
||||||
<stockholm/lass/2configs/iodined.nix>
|
<stockholm/lass/2configs/iodined.nix>
|
||||||
<stockholm/lass/2configs/monitoring/server.nix>
|
|
||||||
<stockholm/lass/2configs/monitoring/monit-alarms.nix>
|
|
||||||
<stockholm/lass/2configs/paste.nix>
|
<stockholm/lass/2configs/paste.nix>
|
||||||
<stockholm/lass/2configs/syncthing.nix>
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
<stockholm/lass/2configs/reaktor-coders.nix>
|
<stockholm/lass/2configs/reaktor-coders.nix>
|
||||||
<stockholm/lass/2configs/ciko.nix>
|
<stockholm/lass/2configs/ciko.nix>
|
||||||
<stockholm/lass/2configs/container-networking.nix>
|
<stockholm/lass/2configs/container-networking.nix>
|
||||||
|
<stockholm/lass/2configs/monitoring/prometheus-server.nix>
|
||||||
{ # quasi bepasty.nix
|
{ # quasi bepasty.nix
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/lass/2configs/bepasty.nix>
|
<stockholm/lass/2configs/bepasty.nix>
|
||||||
@ -324,6 +304,35 @@ in {
|
|||||||
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
|
{ predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
<stockholm/lass/2configs/go.nix>
|
||||||
|
{
|
||||||
|
environment.systemPackages = [ pkgs.cryptsetup ];
|
||||||
|
systemd.services."container@red".reloadIfChanged = mkForce false;
|
||||||
|
containers.red = {
|
||||||
|
config = { ... }: {
|
||||||
|
environment.systemPackages = [ pkgs.git ];
|
||||||
|
services.openssh.enable = true;
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
|
config.krebs.users.lass.pubkey
|
||||||
|
];
|
||||||
|
};
|
||||||
|
autoStart = false;
|
||||||
|
enableTun = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "10.233.2.3";
|
||||||
|
localAddress = "10.233.2.4";
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts."rote-allez-fraktion.de" = {
|
||||||
|
enableACME = true;
|
||||||
|
addSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header Host rote-allez-fraktion.de;
|
||||||
|
proxy_pass http://10.233.2.4;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.prism;
|
krebs.build.host = config.krebs.hosts.prism;
|
||||||
|
31
lass/1systems/red/config.nix
Normal file
31
lass/1systems/red/config.nix
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
with import <stockholm/lib>;
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
|
||||||
|
servephpBB
|
||||||
|
;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
<stockholm/lass>
|
||||||
|
<stockholm/lass/2configs>
|
||||||
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
|
<stockholm/lass/2configs/websites>
|
||||||
|
<stockholm/lass/2configs/websites/sqlBackup.nix>
|
||||||
|
(servephpBB [ "rote-allez-fraktion.de" ])
|
||||||
|
];
|
||||||
|
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
|
||||||
|
krebs.build.host = config.krebs.hosts.red;
|
||||||
|
boot.isContainer = true;
|
||||||
|
networking.useDHCP = false;
|
||||||
|
|
||||||
|
services.nginx.enable = true;
|
||||||
|
environment.variables.NIX_REMOTE = "daemon";
|
||||||
|
environment.systemPackages = [
|
||||||
|
pkgs.mk_sql_pair
|
||||||
|
];
|
||||||
|
}
|
@ -1,3 +1,4 @@
|
|||||||
import <stockholm/lass/source.nix> {
|
import <stockholm/lass/source.nix> {
|
||||||
name = "echelon";
|
name = "red";
|
||||||
|
secure = true;
|
||||||
}
|
}
|
@ -15,9 +15,9 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/browsers.nix>
|
<stockholm/lass/2configs/browsers.nix>
|
||||||
<stockholm/lass/2configs/programs.nix>
|
<stockholm/lass/2configs/programs.nix>
|
||||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||||
<stockholm/lass/2configs/backups.nix>
|
|
||||||
<stockholm/lass/2configs/wine.nix>
|
<stockholm/lass/2configs/wine.nix>
|
||||||
<stockholm/lass/2configs/bitcoin.nix>
|
<stockholm/lass/2configs/bitcoin.nix>
|
||||||
|
<stockholm/lass/2configs/backup.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.shodan;
|
krebs.build.host = config.krebs.hosts.shodan;
|
||||||
|
@ -9,7 +9,6 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
#<stockholm/lass/2configs/exim-retiolum.nix>
|
#<stockholm/lass/2configs/exim-retiolum.nix>
|
||||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||||
<stockholm/lass/2configs/backups.nix>
|
|
||||||
{
|
{
|
||||||
# discordius config
|
# discordius config
|
||||||
services.xserver.enable = true;
|
services.xserver.enable = true;
|
||||||
|
@ -2,10 +2,4 @@ with import <stockholm/lib>;
|
|||||||
import <stockholm/lass/source.nix> {
|
import <stockholm/lass/source.nix> {
|
||||||
name = "xerxes";
|
name = "xerxes";
|
||||||
secure = true;
|
secure = true;
|
||||||
override = {
|
|
||||||
nixpkgs.git = mkForce {
|
|
||||||
url = https://github.com/lassulus/nixpkgs;
|
|
||||||
ref = "3eccd0b";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
77
lass/2configs/AP.nix
Normal file
77
lass/2configs/AP.nix
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
let
|
||||||
|
wifi = "wlp0s29u1u2";
|
||||||
|
in {
|
||||||
|
boot.extraModulePackages = [
|
||||||
|
pkgs.linuxPackages.rtl8814au
|
||||||
|
];
|
||||||
|
networking.networkmanager.unmanaged = [ wifi ];
|
||||||
|
|
||||||
|
systemd.services.hostapd = {
|
||||||
|
description = "hostapd wireless AP";
|
||||||
|
path = [ pkgs.hostapd ];
|
||||||
|
wantedBy = [ "network.target" ];
|
||||||
|
|
||||||
|
after = [ "${wifi}-cfg.service" "nat.service" "bind.service" "dhcpd.service" "sys-subsystem-net-devices-${wifi}.device" ];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${pkgs.hostapd}/bin/hostapd ${pkgs.writeText "hostapd.conf" ''
|
||||||
|
interface=${wifi}
|
||||||
|
hw_mode=a
|
||||||
|
channel=36
|
||||||
|
ieee80211d=1
|
||||||
|
country_code=DE
|
||||||
|
ieee80211n=1
|
||||||
|
ieee80211ac=1
|
||||||
|
wmm_enabled=1
|
||||||
|
|
||||||
|
# 5ghz
|
||||||
|
ssid=krebsing
|
||||||
|
auth_algs=1
|
||||||
|
wpa=2
|
||||||
|
wpa_key_mgmt=WPA-PSK
|
||||||
|
rsn_pairwise=CCMP
|
||||||
|
wpa_passphrase=aidsballz
|
||||||
|
''}";
|
||||||
|
Restart = "always";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.interfaces.${wifi}.ipv4.addresses = [
|
||||||
|
{ address = "10.99.0.1"; prefixLength = 24; }
|
||||||
|
];
|
||||||
|
services.dhcpd4 = {
|
||||||
|
enable = true;
|
||||||
|
interfaces = [ wifi ];
|
||||||
|
extraConfig = ''
|
||||||
|
option subnet-mask 255.255.255.0;
|
||||||
|
option routers 10.99.0.1;
|
||||||
|
option domain-name-servers 1.1.1.1, 8.8.8.8;
|
||||||
|
subnet 10.99.0.0 netmask 255.255.255.0 {
|
||||||
|
range 10.99.0.100 10.99.0.200;
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||||
|
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||||
|
{ v6 = false; predicate = "-d 10.99.0.0/24 -o ${wifi} -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
|
||||||
|
{ v6 = false; predicate = "-s 10.99.0.0/24 -i ${wifi}"; target = "ACCEPT"; }
|
||||||
|
{ v6 = false; predicate = "-i ${wifi} -o ${wifi}"; target = "ACCEPT"; }
|
||||||
|
{ v6 = false; predicate = "-o ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
||||||
|
{ v6 = false; predicate = "-i ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
||||||
|
];
|
||||||
|
krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||||
|
{ v6 = false; predicate = "-s 10.99.0.0/24"; target = "ACCEPT"; precedence = 1000; }
|
||||||
|
];
|
||||||
|
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
||||||
|
#TODO find out what this is about?
|
||||||
|
{ v6 = false; predicate = "-s 10.99.0.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
|
||||||
|
{ v6 = false; predicate = "-s 10.99.0.0/24 -d 255.255.255.255"; target = "RETURN"; }
|
||||||
|
|
||||||
|
{ v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24"; target = "MASQUERADE"; }
|
||||||
|
{ v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24 -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; }
|
||||||
|
{ v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24 -p udp"; target = "MASQUERADE --to-ports 1024-65535"; }
|
||||||
|
];
|
||||||
|
}
|
20
lass/2configs/backup.nix
Normal file
20
lass/2configs/backup.nix
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
{ config, lib, ... }:
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
|
||||||
|
{
|
||||||
|
fileSystems = {
|
||||||
|
"/backups" = {
|
||||||
|
device = "/dev/pool/backup";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
users.users.backup = {
|
||||||
|
useDefaultShell = true;
|
||||||
|
home = "/backups";
|
||||||
|
createHome = true;
|
||||||
|
openssh.authorizedKeys.keys = with config.krebs.hosts; [
|
||||||
|
mors.ssh.pubkey
|
||||||
|
prism.ssh.pubkey
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
@ -1,173 +0,0 @@
|
|||||||
{ config, lib, ... }:
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
{
|
|
||||||
|
|
||||||
# TODO add timerConfig to krebs.backup and randomize startup
|
|
||||||
# TODO define plans more abstract
|
|
||||||
krebs.backup.plans = {
|
|
||||||
} // mapAttrs (_: recursiveUpdate {
|
|
||||||
snapshots = {
|
|
||||||
daily = { format = "%Y-%m-%d"; retain = 7; };
|
|
||||||
weekly = { format = "%YW%W"; retain = 4; };
|
|
||||||
monthly = { format = "%Y-%m"; retain = 12; };
|
|
||||||
yearly = { format = "%Y"; };
|
|
||||||
};
|
|
||||||
}) {
|
|
||||||
dishfire-http-prism = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
|
||||||
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; };
|
|
||||||
startAt = "03:00";
|
|
||||||
};
|
|
||||||
dishfire-http-icarus = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
|
||||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-http"; };
|
|
||||||
startAt = "03:10";
|
|
||||||
};
|
|
||||||
dishfire-http-mors = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
|
||||||
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; };
|
|
||||||
startAt = "03:05";
|
|
||||||
};
|
|
||||||
dishfire-http-shodan = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
|
|
||||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-http"; };
|
|
||||||
startAt = "03:10";
|
|
||||||
};
|
|
||||||
dishfire-sql-prism = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
|
||||||
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; };
|
|
||||||
startAt = "03:15";
|
|
||||||
};
|
|
||||||
dishfire-sql-icarus = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
|
||||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-sql"; };
|
|
||||||
startAt = "03:25";
|
|
||||||
};
|
|
||||||
dishfire-sql-mors = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
|
||||||
dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; };
|
|
||||||
startAt = "03:20";
|
|
||||||
};
|
|
||||||
dishfire-sql-shodan = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
|
|
||||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-sql"; };
|
|
||||||
startAt = "03:25";
|
|
||||||
};
|
|
||||||
prism-bitlbee-icarus = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
|
|
||||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-bitlbee"; };
|
|
||||||
startAt = "03:25";
|
|
||||||
};
|
|
||||||
prism-bitlbee-mors = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
|
|
||||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; };
|
|
||||||
startAt = "03:25";
|
|
||||||
};
|
|
||||||
prism-bitlbee-shodan = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
|
|
||||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-bitlbee"; };
|
|
||||||
startAt = "03:25";
|
|
||||||
};
|
|
||||||
prism-chat-icarus = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
|
|
||||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-chat"; };
|
|
||||||
startAt = "03:35";
|
|
||||||
};
|
|
||||||
prism-chat-mors = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
|
|
||||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; };
|
|
||||||
startAt = "03:30";
|
|
||||||
};
|
|
||||||
prism-chat-shodan = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
|
|
||||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-chat"; };
|
|
||||||
startAt = "03:35";
|
|
||||||
};
|
|
||||||
prism-sql-icarus = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
|
||||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-sql_dumps"; };
|
|
||||||
startAt = "03:45";
|
|
||||||
};
|
|
||||||
prism-sql-mors = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
|
||||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; };
|
|
||||||
startAt = "03:40";
|
|
||||||
};
|
|
||||||
prism-sql-shodan = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
|
|
||||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-sql_dumps"; };
|
|
||||||
startAt = "03:45";
|
|
||||||
};
|
|
||||||
prism-http-icarus = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
|
||||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-http"; };
|
|
||||||
startAt = "03:55";
|
|
||||||
};
|
|
||||||
prism-http-mors = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
|
||||||
dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; };
|
|
||||||
startAt = "03:50";
|
|
||||||
};
|
|
||||||
prism-http-shodan = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
|
|
||||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-http"; };
|
|
||||||
startAt = "03:55";
|
|
||||||
};
|
|
||||||
icarus-home-mors = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.icarus; path = "/home"; };
|
|
||||||
dst = { host = config.krebs.hosts.mors; path = "/bku/icarus-home"; };
|
|
||||||
startAt = "05:00";
|
|
||||||
};
|
|
||||||
icarus-home-shodan = {
|
|
||||||
method = "push";
|
|
||||||
src = { host = config.krebs.hosts.icarus; path = "/home"; };
|
|
||||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/icarus-home"; };
|
|
||||||
startAt = "05:00";
|
|
||||||
};
|
|
||||||
mors-home-icarus = {
|
|
||||||
method = "push";
|
|
||||||
src = { host = config.krebs.hosts.mors; path = "/home"; };
|
|
||||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/mors-home"; };
|
|
||||||
startAt = "05:00";
|
|
||||||
};
|
|
||||||
mors-home-shodan = {
|
|
||||||
method = "push";
|
|
||||||
src = { host = config.krebs.hosts.mors; path = "/home"; };
|
|
||||||
dst = { host = config.krebs.hosts.shodan; path = "/bku/mors-home"; };
|
|
||||||
startAt = "05:00";
|
|
||||||
};
|
|
||||||
shodan-home-icarus = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.shodan; path = "/home"; };
|
|
||||||
dst = { host = config.krebs.hosts.icarus; path = "/bku/shodan-home"; };
|
|
||||||
startAt = "04:00";
|
|
||||||
};
|
|
||||||
shodan-home-mors = {
|
|
||||||
method = "pull";
|
|
||||||
src = { host = config.krebs.hosts.shodan; path = "/home"; };
|
|
||||||
dst = { host = config.krebs.hosts.mors; path = "/bku/shodan-home"; };
|
|
||||||
startAt = "04:00";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -9,7 +9,6 @@ in {
|
|||||||
./power-action.nix
|
./power-action.nix
|
||||||
./copyq.nix
|
./copyq.nix
|
||||||
./livestream.nix
|
./livestream.nix
|
||||||
./dns-stuff.nix
|
|
||||||
./urxvt.nix
|
./urxvt.nix
|
||||||
./network-manager.nix
|
./network-manager.nix
|
||||||
{
|
{
|
||||||
|
@ -10,9 +10,6 @@ in {
|
|||||||
krebs.per-user.bitcoin.packages = [
|
krebs.per-user.bitcoin.packages = [
|
||||||
pkgs.electrum
|
pkgs.electrum
|
||||||
];
|
];
|
||||||
krebs.per-user.ethereum.packages = [
|
|
||||||
pkgs.go-ethereum
|
|
||||||
];
|
|
||||||
users.extraUsers = {
|
users.extraUsers = {
|
||||||
bch = {
|
bch = {
|
||||||
name = "bch";
|
name = "bch";
|
||||||
@ -28,13 +25,6 @@ in {
|
|||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
ethereum = {
|
|
||||||
name = "ethereum";
|
|
||||||
description = "user for ethereum stuff";
|
|
||||||
home = "/home/ethereum";
|
|
||||||
useDefaultShell = true;
|
|
||||||
createHome = true;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
security.sudo.extraConfig = ''
|
security.sudo.extraConfig = ''
|
||||||
${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL
|
${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL
|
||||||
|
@ -9,6 +9,7 @@ in {
|
|||||||
dev = {
|
dev = {
|
||||||
name = "dev";
|
name = "dev";
|
||||||
uid = genid "dev";
|
uid = genid "dev";
|
||||||
|
extraGroups = [ "docker" ];
|
||||||
description = "user for collaborative development";
|
description = "user for collaborative development";
|
||||||
home = "/home/dev";
|
home = "/home/dev";
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
|
@ -6,10 +6,9 @@ with import <stockholm/lib>;
|
|||||||
./gc.nix
|
./gc.nix
|
||||||
./mc.nix
|
./mc.nix
|
||||||
./vim.nix
|
./vim.nix
|
||||||
./monitoring/client.nix
|
./monitoring/node-exporter.nix
|
||||||
./zsh.nix
|
./zsh.nix
|
||||||
./htop.nix
|
./htop.nix
|
||||||
./backups.nix
|
|
||||||
./security-workarounds.nix
|
./security-workarounds.nix
|
||||||
{
|
{
|
||||||
users.extraUsers =
|
users.extraUsers =
|
||||||
|
@ -1,16 +0,0 @@
|
|||||||
{ config, pkgs, ... }:
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
{
|
|
||||||
services.dnscrypt-proxy = {
|
|
||||||
enable = true;
|
|
||||||
localAddress = "127.1.0.1";
|
|
||||||
customResolver = {
|
|
||||||
address = config.krebs.hosts.gum.nets.internet.ip4.addr;
|
|
||||||
port = 15251;
|
|
||||||
name = "2.dnscrypt-cert.euer.krebsco.de";
|
|
||||||
key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services.resolved.enable = true;
|
|
||||||
services.resolved.fallbackDns = [ "127.1.0.1" ];
|
|
||||||
}
|
|
@ -79,6 +79,7 @@ with import <stockholm/lib>;
|
|||||||
{ from = "ovh@lassul.us"; to = lass.mail; }
|
{ from = "ovh@lassul.us"; to = lass.mail; }
|
||||||
{ from = "hetzner@lassul.us"; to = lass.mail; }
|
{ from = "hetzner@lassul.us"; to = lass.mail; }
|
||||||
{ from = "allygator@lassul.us"; to = lass.mail; }
|
{ from = "allygator@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "immoscout@lassul.us"; to = lass.mail; }
|
||||||
];
|
];
|
||||||
system-aliases = [
|
system-aliases = [
|
||||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||||
|
@ -3,6 +3,6 @@
|
|||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
{
|
{
|
||||||
nix.gc = {
|
nix.gc = {
|
||||||
automatic = ! elem config.krebs.build.host.name [ "prism" "mors" "helios" ];
|
automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -57,6 +57,16 @@ let
|
|||||||
cgit.desc = "Fork of nix-user-chroot my lethalman";
|
cgit.desc = "Fork of nix-user-chroot my lethalman";
|
||||||
cgit.section = "software";
|
cgit.section = "software";
|
||||||
};
|
};
|
||||||
|
nixos-aws = {
|
||||||
|
collaborators = [ {
|
||||||
|
name = "fabio";
|
||||||
|
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada";
|
||||||
|
} ];
|
||||||
|
};
|
||||||
|
krops = {
|
||||||
|
cgit.desc = "krebs deployment";
|
||||||
|
cgit.section = "software";
|
||||||
|
};
|
||||||
} // mapAttrs make-public-repo-silent {
|
} // mapAttrs make-public-repo-silent {
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -70,8 +80,8 @@ let
|
|||||||
import <secrets/repos.nix> { inherit config lib pkgs; }
|
import <secrets/repos.nix> { inherit config lib pkgs; }
|
||||||
);
|
);
|
||||||
|
|
||||||
make-public-repo = name: { cgit ? {}, ... }: {
|
make-public-repo = name: { cgit ? {}, collaborators ? [], ... }: {
|
||||||
inherit cgit name;
|
inherit cgit collaborators name;
|
||||||
public = true;
|
public = true;
|
||||||
hooks = {
|
hooks = {
|
||||||
post-receive = pkgs.git-hooks.irc-announce {
|
post-receive = pkgs.git-hooks.irc-announce {
|
||||||
|
19
lass/2configs/go.nix
Normal file
19
lass/2configs/go.nix
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
krebs.go = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts.go = {
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_set_header Host go.lassul.us;
|
||||||
|
proxy_pass http://localhost:1337;
|
||||||
|
'';
|
||||||
|
serverAliases = [
|
||||||
|
"go.lassul.us"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -206,8 +206,11 @@ in {
|
|||||||
msmtp
|
msmtp
|
||||||
mutt
|
mutt
|
||||||
pkgs.much
|
pkgs.much
|
||||||
pkgs.notmuch
|
|
||||||
tag-new-mails
|
tag-new-mails
|
||||||
tag-old-mails
|
tag-old-mails
|
||||||
];
|
];
|
||||||
|
|
||||||
|
nixpkgs.config.packageOverrides = opkgs: {
|
||||||
|
notmuch = (opkgs.notmuch.overrideAttrs (o: { doCheck = false; }));
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,26 +0,0 @@
|
|||||||
{pkgs, config, ...}:
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
{
|
|
||||||
services.telegraf = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
extraConfig = {
|
|
||||||
agent.interval = "1s";
|
|
||||||
outputs = {
|
|
||||||
influxdb = {
|
|
||||||
urls = ["http://prism:8086"];
|
|
||||||
database = "telegraf_db";
|
|
||||||
user_agent = "telegraf";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
inputs = {
|
|
||||||
cpu = {
|
|
||||||
percpu = false;
|
|
||||||
totalcpu = true;
|
|
||||||
};
|
|
||||||
mem = {};
|
|
||||||
net = {};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,44 +0,0 @@
|
|||||||
{pkgs, config, ...}:
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
let
|
|
||||||
echoToIrc = msg:
|
|
||||||
pkgs.writeDash "echo_irc" ''
|
|
||||||
set -euf
|
|
||||||
export LOGNAME=prism-alarm
|
|
||||||
${pkgs.irc-announce}/bin/irc-announce \
|
|
||||||
irc.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
|
|
||||||
'';
|
|
||||||
|
|
||||||
in {
|
|
||||||
krebs.monit = {
|
|
||||||
enable = true;
|
|
||||||
http.enable = true;
|
|
||||||
alarms = {
|
|
||||||
nirwanabluete = {
|
|
||||||
test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'";
|
|
||||||
alarm = echoToIrc "test nirwanabluete failed";
|
|
||||||
};
|
|
||||||
ubik = {
|
|
||||||
test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'";
|
|
||||||
alarm = echoToIrc "test ubik failed";
|
|
||||||
};
|
|
||||||
cac-panel = {
|
|
||||||
test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'";
|
|
||||||
alarm = echoToIrc "test cac-panel failed";
|
|
||||||
};
|
|
||||||
radio = {
|
|
||||||
test = pkgs.writeBash "check_stream" ''
|
|
||||||
${pkgs.curl}/bin/curl -sif http://lassul.us:8000/radio.ogg \
|
|
||||||
| ${pkgs.gawk}/bin/awk '/^\r$/{exit}{print $0}' \
|
|
||||||
| ${pkgs.gnugrep}/bin/grep -q "200 OK" || exit "''${PIPESTATUS[0]}"
|
|
||||||
'';
|
|
||||||
alarm = echoToIrc "test radio failed";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
|
||||||
{ predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
|
|
||||||
];
|
|
||||||
}
|
|
||||||
|
|
@ -1,7 +1,9 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
{
|
{
|
||||||
networking.firewall.allowedTCPPorts = [ 9100 ];
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; }
|
||||||
|
{ predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; }
|
||||||
|
];
|
||||||
services.prometheus.exporters = {
|
services.prometheus.exporters = {
|
||||||
node = {
|
node = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -9,6 +9,12 @@
|
|||||||
# useDHCP = true;
|
# useDHCP = true;
|
||||||
#};
|
#};
|
||||||
|
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
prometheus = {
|
prometheus = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -124,11 +130,10 @@
|
|||||||
static_configs = [
|
static_configs = [
|
||||||
{
|
{
|
||||||
targets = [
|
targets = [
|
||||||
"localhost:9100"
|
] ++ map (host: "${host}:9100") (lib.attrNames (lib.filterAttrs (_: host: host.owner.name == "lass" && host.monitoring) config.krebs.hosts));
|
||||||
];
|
#labels = {
|
||||||
labels = {
|
# alias = "prometheus.example.com";
|
||||||
alias = "prometheus.example.com";
|
#};
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
@ -159,7 +164,7 @@
|
|||||||
];
|
];
|
||||||
"webhook_configs" = [
|
"webhook_configs" = [
|
||||||
{
|
{
|
||||||
"url" = "https://example.com/prometheus-alerts";
|
"url" = "http://127.0.0.1:14813/prometheus-alerts";
|
||||||
"send_resolved" = true;
|
"send_resolved" = true;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
@ -176,4 +181,37 @@
|
|||||||
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
|
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
services.logstash = {
|
||||||
|
enable = true;
|
||||||
|
inputConfig = ''
|
||||||
|
http {
|
||||||
|
port => 14813
|
||||||
|
host => "127.0.0.1"
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
filterConfig = ''
|
||||||
|
if ([alerts]) {
|
||||||
|
ruby {
|
||||||
|
code => '
|
||||||
|
lines = []
|
||||||
|
event["alerts"].each {|p|
|
||||||
|
lines << "#{p["labels"]["instance"]}#{p["annotations"]["summary"]} #{p["status"]}"
|
||||||
|
}
|
||||||
|
event["output"] = lines.join("\n")
|
||||||
|
'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
outputConfig = ''
|
||||||
|
file { path => "/tmp/logs.json" codec => "json_lines" }
|
||||||
|
irc {
|
||||||
|
channels => [ "#noise" ]
|
||||||
|
host => "irc.r"
|
||||||
|
nick => "alarm"
|
||||||
|
codec => "json_lines"
|
||||||
|
format => "%{output}"
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
#plugins = [ ];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,87 +0,0 @@
|
|||||||
{pkgs, config, ...}:
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
{
|
|
||||||
services.influxdb.enable = true;
|
|
||||||
|
|
||||||
services.influxdb.extraConfig = {
|
|
||||||
meta.hostname = config.krebs.build.host.name;
|
|
||||||
# meta.logging-enabled = true;
|
|
||||||
http.bind-address = ":8086";
|
|
||||||
admin.bind-address = ":8083";
|
|
||||||
http.log-enabled = false;
|
|
||||||
monitoring = {
|
|
||||||
enabled = false;
|
|
||||||
# write-interval = "24h";
|
|
||||||
};
|
|
||||||
collectd = [{
|
|
||||||
enabled = true;
|
|
||||||
typesdb = "${pkgs.collectd}/share/collectd/types.db";
|
|
||||||
database = "collectd_db";
|
|
||||||
port = 25826;
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
|
|
||||||
krebs.kapacitor =
|
|
||||||
let
|
|
||||||
db = "telegraf_db";
|
|
||||||
echoToIrc = pkgs.writeDash "echo_irc" ''
|
|
||||||
set -euf
|
|
||||||
data="$(${pkgs.jq}/bin/jq -r .message)"
|
|
||||||
export LOGNAME=prism-alarm
|
|
||||||
${pkgs.irc-announce}/bin/irc-announce \
|
|
||||||
irc.r 6667 prism-alarm \#noise "$data" >/dev/null
|
|
||||||
'';
|
|
||||||
in {
|
|
||||||
enable = true;
|
|
||||||
alarms = {
|
|
||||||
cpu = {
|
|
||||||
database = db;
|
|
||||||
text = ''
|
|
||||||
var data = batch
|
|
||||||
|query(${"'''"}
|
|
||||||
SELECT mean("usage_user") AS mean
|
|
||||||
FROM "${db}"."default"."cpu"
|
|
||||||
${"'''"})
|
|
||||||
.period(10m)
|
|
||||||
.every(1m)
|
|
||||||
.groupBy('host')
|
|
||||||
data |alert()
|
|
||||||
.crit(lambda: "mean" > 90)
|
|
||||||
.exec('${echoToIrc}')
|
|
||||||
data |deadman(1.0,5m)
|
|
||||||
.stateChangesOnly()
|
|
||||||
.exec('${echoToIrc}')
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
ram = {
|
|
||||||
database = db;
|
|
||||||
text = ''
|
|
||||||
var data = batch
|
|
||||||
|query(${"'''"}
|
|
||||||
SELECT mean("used_percent") AS mean
|
|
||||||
FROM "${db}"."default"."mem"
|
|
||||||
${"'''"})
|
|
||||||
.period(10m)
|
|
||||||
.every(1m)
|
|
||||||
.groupBy('host')
|
|
||||||
data |alert()
|
|
||||||
.crit(lambda: "mean" > 90)
|
|
||||||
.exec('${echoToIrc}')
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.grafana = {
|
|
||||||
enable = true;
|
|
||||||
addr = "0.0.0.0";
|
|
||||||
auth.anonymous.enable = true;
|
|
||||||
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
|
|
||||||
};
|
|
||||||
|
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
|
||||||
{ predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
|
|
||||||
{ predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
|
|
||||||
{ predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; }
|
|
||||||
];
|
|
||||||
}
|
|
@ -6,66 +6,10 @@ let
|
|||||||
genid
|
genid
|
||||||
;
|
;
|
||||||
|
|
||||||
servephpBB = domains:
|
|
||||||
let
|
|
||||||
domain = head domains;
|
|
||||||
|
|
||||||
in {
|
|
||||||
services.nginx.virtualHosts."${domain}" = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
serverAliases = domains;
|
|
||||||
extraConfig = ''
|
|
||||||
index index.php;
|
|
||||||
root /srv/http/${domain}/;
|
|
||||||
access_log /tmp/nginx_acc.log;
|
|
||||||
error_log /tmp/nginx_err.log;
|
|
||||||
error_page 404 /404.html;
|
|
||||||
error_page 500 502 503 504 /50x.html;
|
|
||||||
client_max_body_size 100m;
|
|
||||||
'';
|
|
||||||
locations."/".extraConfig = ''
|
|
||||||
try_files $uri $uri/ /index.php?$args;
|
|
||||||
'';
|
|
||||||
locations."~ \.php(?:$|/)".extraConfig = ''
|
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
||||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
||||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
||||||
fastcgi_param HTTPS on;
|
|
||||||
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
|
|
||||||
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
|
|
||||||
fastcgi_intercept_errors on;
|
|
||||||
'';
|
|
||||||
#Directives to send expires headers and turn off 404 error logging.
|
|
||||||
locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
|
|
||||||
access_log off;
|
|
||||||
log_not_found off;
|
|
||||||
expires max;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
services.phpfpm.poolConfigs."${domain}" = ''
|
|
||||||
listen = /srv/http/${domain}/phpfpm.pool
|
|
||||||
user = nginx
|
|
||||||
group = nginx
|
|
||||||
pm = dynamic
|
|
||||||
pm.max_children = 25
|
|
||||||
pm.start_servers = 5
|
|
||||||
pm.min_spare_servers = 3
|
|
||||||
pm.max_spare_servers = 20
|
|
||||||
listen.owner = nginx
|
|
||||||
listen.group = nginx
|
|
||||||
php_admin_value[error_log] = 'stderr'
|
|
||||||
php_admin_flag[log_errors] = on
|
|
||||||
catch_workers_output = yes
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
./default.nix
|
./default.nix
|
||||||
../git.nix
|
../git.nix
|
||||||
(servephpBB [ "rote-allez-fraktion.de" ])
|
|
||||||
];
|
];
|
||||||
|
|
||||||
security.acme = {
|
security.acme = {
|
||||||
|
@ -28,6 +28,59 @@ rec {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
servephpBB = domains:
|
||||||
|
let
|
||||||
|
domain = head domains;
|
||||||
|
|
||||||
|
in {
|
||||||
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
|
serverAliases = domains;
|
||||||
|
extraConfig = ''
|
||||||
|
index index.php;
|
||||||
|
root /srv/http/${domain}/;
|
||||||
|
access_log /tmp/nginx_acc.log;
|
||||||
|
error_log /tmp/nginx_err.log;
|
||||||
|
error_page 404 /404.html;
|
||||||
|
error_page 500 502 503 504 /50x.html;
|
||||||
|
client_max_body_size 100m;
|
||||||
|
'';
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
try_files $uri $uri/ /index.php?$args;
|
||||||
|
'';
|
||||||
|
locations."~ \.php(?:$|/)".extraConfig = ''
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||||
|
fastcgi_param HTTPS on;
|
||||||
|
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
|
||||||
|
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
'';
|
||||||
|
#Directives to send expires headers and turn off 404 error logging.
|
||||||
|
locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
|
||||||
|
access_log off;
|
||||||
|
log_not_found off;
|
||||||
|
expires max;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
services.phpfpm.poolConfigs."${domain}" = ''
|
||||||
|
listen = /srv/http/${domain}/phpfpm.pool
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
pm = dynamic
|
||||||
|
pm.max_children = 25
|
||||||
|
pm.start_servers = 5
|
||||||
|
pm.min_spare_servers = 3
|
||||||
|
pm.max_spare_servers = 20
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
php_admin_value[error_log] = 'stderr'
|
||||||
|
php_admin_flag[log_errors] = on
|
||||||
|
catch_workers_output = yes
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
serveOwncloud = domains:
|
serveOwncloud = domains:
|
||||||
let
|
let
|
||||||
domain = head domains;
|
domain = head domains;
|
||||||
|
@ -54,8 +54,8 @@
|
|||||||
eval $(dircolors -b ${pkgs.fetchFromGitHub {
|
eval $(dircolors -b ${pkgs.fetchFromGitHub {
|
||||||
owner = "trapd00r";
|
owner = "trapd00r";
|
||||||
repo = "LS_COLORS";
|
repo = "LS_COLORS";
|
||||||
rev = "master";
|
rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0";
|
||||||
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
|
sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4";
|
||||||
}}/LS_COLORS)
|
}}/LS_COLORS)
|
||||||
alias ls='ls --color'
|
alias ls='ls --color'
|
||||||
zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
|
zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
|
||||||
|
@ -50,6 +50,14 @@ rec {
|
|||||||
default = false;
|
default = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
monitoring = mkOption {
|
||||||
|
description = ''
|
||||||
|
Whether the host should be monitored by monitoring tools like Prometheus.
|
||||||
|
'';
|
||||||
|
type = bool;
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
|
|
||||||
owner = mkOption {
|
owner = mkOption {
|
||||||
type = user;
|
type = user;
|
||||||
};
|
};
|
||||||
|
@ -349,6 +349,7 @@ let
|
|||||||
let b:current_syntax = "nix"
|
let b:current_syntax = "nix"
|
||||||
|
|
||||||
set isk=@,48-57,_,192-255,-,'
|
set isk=@,48-57,_,192-255,-,'
|
||||||
|
set bg=dark
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
out
|
out
|
||||||
|
Loading…
Reference in New Issue
Block a user