Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

m 1 darth: configure with forward-journal, share

Browse Source
This commit is contained in:
makefu 2016-07-11 20:45:16 +02:00
parent 393f5cb5c7
commit b9c2dc13d3
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
3 changed files with 72 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
makefu/1systems/darth.nix
View File

@ -16,16 +16,32 @@ in {
../2configs/smart-monitor.nix ../2configs/smart-monitor.nix
../2configs/exim-retiolum.nix ../2configs/exim-retiolum.nix
../2configs/virtualization.nix ../2configs/virtualization.nix
../2configs/temp-share-samba.nix
]; ];
services.samba.shares = {
isos = {
path = "/data/isos/";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
};
services.tinc.networks.siem = { services.tinc.networks.siem = {
name = "sdarth"; name = "sdarth";
extraConfig = "ConnectTo = sjump"; extraConfig = "ConnectTo = sjump";
}; };
makefu.forward-journal = {
enable = true;
src = "10.8.10.2";
dst = "10.8.10.6";
};
#networking.firewall.enable = false; #networking.firewall.enable = false;
krebs.retiolum.enable = true; krebs.retiolum.enable = true;
boot.kernelModules = [ "coretemp" "f71882fg" ]; boot.kernelModules = [ "coretemp" "f71882fg" ];
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
networking = { networking = {
@ -33,6 +49,7 @@ in {
firewall = { firewall = {
allowPing = true; allowPing = true;
logRefusedConnections = false; logRefusedConnections = false;
trustedInterfaces = [ "eno1" ];
allowedUDPPorts = [ 80 655 1655 67 ]; allowedUDPPorts = [ 80 655 1655 67 ];
allowedTCPPorts = [ 80 655 1655 ]; allowedTCPPorts = [ 80 655 1655 ];
}; };

5
makefu/2configs/temp-share-samba.nix
View File

@ -1,9 +1,12 @@
{config, ... }:{ {config, ... }:{
networking.firewall.allowedUDPPorts = [ 137 138 ];
networking.firewall.allowedTCPPorts = [ 139 445 ];
users.users.smbguest = { users.users.smbguest = {
name = "smbguest"; name = "smbguest";
uid = config.ids.uids.smbguest; uid = config.ids.uids.smbguest;
description = "smb guest user"; description = "smb guest user";
home = "/var/empty"; home = "/home/share";
createHome = true;
}; };
services.samba = { services.samba = {
enable = true; enable = true;

50
makefu/3modules/forward-journal.nix Normal file
View File

@ -0,0 +1,50 @@
{ config, lib, pkgs, ... }:
with config.krebs.lib;
let
cfg = config.makefu.forward-journal;
out = {
options.makefu.forward-journal = api;
config = lib.mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "forward journal via syslog";
src = mkOption {
type = types.str;
description = "syslog host identifier";
default = config.networking.hostName;
};
dst = mkOption {
type = types.str;
description = "syslog host identifier";
default = "";
};
proto = mkOption {
type = types.str;
default = "udp";
};
port = mkOption {
type = types.int;
description = "destination port";
default = 514;
};
};
imp = {
services.syslog-ng = {
enable = true;
extraConfig = ''
template t_remote { template("<$PRI>$DATE ${cfg.src} $PROGRAM[$PID]: $MSG\n"); };
source s_all { system(); internal(); };
destination d_loghost { udp("${cfg.dst}" port(${toString cfg.port}) template(t_remote)); };
log { source(s_all); destination(d_loghost); };
'';
};
};
in
out