From 55df7c1df55aaa8dc3f48ae83dbd87ce4d3057ba Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 22 Mar 2016 17:40:59 +0100 Subject: [PATCH 001/135] l 1 mors: remove broken pythonenv container --- lass/1systems/mors.nix | 33 --------------------------------- lass/2configs/base.nix | 1 + 2 files changed, 1 insertion(+), 33 deletions(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 1f7a13c56..9b5c92ff3 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -98,39 +98,6 @@ # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } # ]; #} - { - containers.pythonenv = { - config = { - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - - environment = { - systemPackages = with pkgs; [ - git - libxml2 - libxslt - libzip - python27Full - python27Packages.buildout - stdenv - zlib - ]; - - pathsToLink = [ "/include" ]; - - shellInit = '' - # help pip to find libz.so when building lxml - export LIBRARY_PATH=/var/run/current-system/sw/lib - # ditto for header files, e.g. sqlite - export C_INCLUDE_PATH=/var/run/current-system/sw/include - ''; - }; - - }; - }; - } { services.mysql = { enable = true; diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 8017d4270..a50df128e 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -88,6 +88,7 @@ with config.krebs.lib; environment.systemPackages = with pkgs; [ #stockholm git + gnumake jq parallel proot From 780ba9bd1197191d9a6a9bf156683fafaac385b7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 23 Mar 2016 13:44:21 +0100 Subject: [PATCH 002/135] l 2 base: fix hashedPasswords path --- lass/2configs/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index a50df128e..30ab90997 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -10,7 +10,7 @@ with config.krebs.lib; { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) - (import /root/secrets/hashedPasswords.nix); + (import ); } { users.extraUsers = { From e7c6d97f7cfd743f1dc6ad5cf4883daebc20d5ca Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 23 Mar 2016 13:44:41 +0100 Subject: [PATCH 003/135] l 2 downloading: add uriel to authorized_keys --- lass/2configs/downloading.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 115cb8b61..ccd751413 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -20,6 +20,7 @@ in { ]; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey + config.krebs.users.lass-uriel.pubkey ]; }; From 18d0cc3048243d15cf6108ccd05d62390ecf5503 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 23 Mar 2016 13:45:06 +0100 Subject: [PATCH 004/135] l 2 websites domsen: add domsen user --- lass/2configs/websites/domsen.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 109c216c0..895146d25 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -1,6 +1,8 @@ { config, pkgs, ... }: -{ +let + inherit (config.krebs.lib) genid; +in { imports = [ ../../3modules/static_nginx.nix ../../3modules/owncloud_nginx.nix @@ -26,6 +28,15 @@ rootPassword = toString (); }; + users.users.domsen = { + uid = genid "domsen"; + description = "maintenance acc for domsen"; + home = "/home/domsen"; + useDefaultShell = true; + extraGroups = [ "nginx" ]; + createHome = true; + }; + #lass.wordpress = { # "ubikmedia.de" = { # }; From c4350d4f28b3a021791b70d104848f3419ffc498 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 9 Apr 2016 00:18:51 +0200 Subject: [PATCH 005/135] l 1 prism: add new mount for o.ubikmedia.de --- lass/1systems/prism.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 4d40c8d59..9eb1d54d3 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -79,6 +79,10 @@ in { device = "/dev/pool/download"; }; + fileSystems."/srv/http/o.ubikmedia.de" = { + device = "/dev/pool/owncloud-ubik"; + }; + } { sound.enable = false; From fae50b203d7d3211eec1221fb07f97416edc729c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 9 Apr 2016 00:36:22 +0200 Subject: [PATCH 006/135] l 1 prism: update JuiceSSH key --- lass/1systems/prism.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 9eb1d54d3..db4f1f606 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -123,7 +123,7 @@ in { } { users.users.chat.openssh.authorizedKeys.keys = [ - "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH" + "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBQjn/3n283RZkBs2CFqbpukyQ3zkLIjewRpKttPa5d4PUiT7/vOlutWH5EP4BxXQSoeZStx8D2alGjxfK+nfDvRJGGofpm23cN4j4i24Fcam1y1H7wqRXO1qbz5AB3qPg== JuiceSSH" config.krebs.users.lass-uriel.pubkey ]; } From 38e5cc513cabd4a145bb78db71aa7387bb4278fa Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 9 Apr 2016 00:36:38 +0200 Subject: [PATCH 007/135] l 1 prism: allow https in iptables --- lass/1systems/prism.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index db4f1f606..4f6770c38 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -136,7 +136,8 @@ in { ../2configs/websites/domsen.nix ]; krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } + { predicate = "-p tcp --dport http"; target = "ACCEPT"; } + { predicate = "-p tcp --dport https"; target = "ACCEPT"; } ]; } { From 5268f22ee99672a2185b959231208a23fd24f073 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 9 Apr 2016 00:43:33 +0200 Subject: [PATCH 008/135] l 2 fastpoke-pages: remove file --- lass/1systems/cloudkrebs.nix | 1 - lass/2configs/fastpoke-pages.nix | 101 ------------------------------- 2 files changed, 102 deletions(-) delete mode 100644 lass/2configs/fastpoke-pages.nix diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index 98f509050..fb949ce33 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -11,7 +11,6 @@ in { ../2configs/os-templates/CAC-CentOS-7-64bit.nix ../2configs/base.nix ../2configs/retiolum.nix - ../2configs/fastpoke-pages.nix ../2configs/git.nix ../2configs/realwallpaper.nix { diff --git a/lass/2configs/fastpoke-pages.nix b/lass/2configs/fastpoke-pages.nix deleted file mode 100644 index bf6ea8952..000000000 --- a/lass/2configs/fastpoke-pages.nix +++ /dev/null @@ -1,101 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; - -let - createStaticPage = domain: - { - krebs.nginx.servers."${domain}" = { - server-names = [ - "${domain}" - "www.${domain}" - ]; - locations = [ - (nameValuePair "/" '' - root /var/lib/http/${domain}; - '') - ]; - }; - #networking.extraHosts = '' - # 10.243.206.102 ${domain} - #''; - users.extraUsers = { - ${domain} = { - name = domain; - home = "/var/lib/http/${domain}"; - createHome = true; - }; - }; - }; - -in { - imports = map createStaticPage [ - "habsys.de" - "pixelpocket.de" - "karlaskop.de" - "ubikmedia.de" - "apanowicz.de" - ]; - - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - ]; - }; - }; - - - krebs.nginx = { - enable = true; - servers = { - #"habsys.de" = { - # server-names = [ - # "habsys.de" - # "www.habsys.de" - # ]; - # locations = [ - # (nameValuePair "/" '' - # root /var/lib/http/habsys.de; - # '') - # ]; - #}; - - #"karlaskop.de" = { - # server-names = [ - # "karlaskop.de" - # "www.karlaskop.de" - # ]; - # locations = [ - # (nameValuePair "/" '' - # root /var/lib/http/karlaskop.de; - # '') - # ]; - #}; - - #"pixelpocket.de" = { - # server-names = [ - # "pixelpocket.de" - # "www.karlaskop.de" - # ]; - # locations = [ - # (nameValuePair "/" '' - # root /var/lib/http/karlaskop.de; - # '') - # ]; - #}; - - }; - }; - - #services.postgresql = { - # enable = true; - #}; - - #config.services.vsftpd = { - # enable = true; - # userlistEnable = true; - # userlistFile = pkgs.writeFile "vsftpd-userlist" '' - # ''; - #}; -} From 5a85d6b6964a0906df0d562b03415217f50aa17d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 9 Apr 2016 14:14:19 +0200 Subject: [PATCH 009/135] l 1 dishfire: add mount for /srv/http --- lass/1systems/dishfire.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index c7d016cd3..7043809a5 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -26,6 +26,11 @@ fsType = "ext4"; }; + fileSystems."/srv/http" = { + device = "/dev/pool/srv_http"; + fsType = "ext4"; + }; + fileSystems."/boot" = { device = "/dev/vda1"; fsType = "ext4"; From 76be13147a300e9449ab826e009f4c61b9330b60 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 9 Apr 2016 14:14:43 +0200 Subject: [PATCH 010/135] l 2 base: nixpkgs rev 40c586b -> e781a82 --- lass/2configs/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 30ab90997..77646a03e 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -55,7 +55,7 @@ with config.krebs.lib; stockholm = "/home/lass/stockholm"; nixpkgs = { url = https://github.com/NixOS/nixpkgs; - rev = "40c586b7ce2c559374df435f46d673baf711c543"; + rev = "e781a8257b4312f6b138c7d0511c77d8c06ed819"; dev = "/home/lass/src/nixpkgs"; }; } // optionalAttrs config.krebs.build.host.secure { From b8b7ba2890d658081c59bd3d5e2f143f825e47e7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 9 Apr 2016 14:16:07 +0200 Subject: [PATCH 011/135] l 1 mors: remove old test cases --- lass/1systems/mors.nix | 74 ------------------------------------------ 1 file changed, 74 deletions(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 9b5c92ff3..4fa8e412d 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -33,71 +33,6 @@ { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } ]; } - { - #static-nginx-test - imports = [ - ../3modules/static_nginx.nix - ]; - lass.staticPage."testserver.de" = { - #sslEnable = true; - #certificate = "${toString }/testserver.de/server.cert"; - #certificate_key = "${toString }/testserver.de/server.pem"; - ssl = { - enable = true; - certificate = "${toString }/testserver.de/server.cert"; - certificate_key = "${toString }/testserver.de/server.pem"; - }; - }; - networking.extraHosts = '' - 10.243.0.2 testserver.de - ''; - } - #{ - # #wordpress-test - # #imports = singleton (sitesGenerators.createWordpress "testserver.de"); - # imports = [ - # ../3modules/wordpress_nginx.nix - # ]; - # lass.wordpress."testserver.de" = { - # multiSite = { - # "1" = "testserver.de"; - # "2" = "bla.testserver.de"; - # }; - # }; - - # services.mysql = { - # enable = true; - # package = pkgs.mariadb; - # rootPassword = "/mysql_rootPassword"; - # }; - # networking.extraHosts = '' - # 10.243.0.2 testserver.de - # ''; - # krebs.iptables.tables.filter.INPUT.rules = [ - # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } - # ]; - #} - #{ - # #owncloud-test - # #imports = singleton (sitesGenerators.createWordpress "testserver.de"); - # imports = [ - # ../3modules/owncloud_nginx.nix - # ]; - # lass.owncloud."owncloud-test.de" = { - # }; - - # #services.mysql = { - # # enable = true; - # # package = pkgs.mariadb; - # # rootPassword = "/mysql_rootPassword"; - # #}; - # networking.extraHosts = '' - # 10.243.0.2 owncloud-test.de - # ''; - # krebs.iptables.tables.filter.INPUT.rules = [ - # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } - # ]; - #} { services.mysql = { enable = true; @@ -125,15 +60,6 @@ networking.wireless.enable = true; - networking.extraHosts = '' - 213.239.205.240 wohnprojekt-rhh.de - 213.239.205.240 karlaskop.de - 213.239.205.240 makeup.apanowicz.de - 213.239.205.240 pixelpocket.de - 213.239.205.240 reich-gebaeudereinigung.de - 213.239.205.240 o.ubikmedia.de - ''; - hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; From c9529ca1e781f023c1280dd96cb589a2c198177a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 9 Apr 2016 14:16:21 +0200 Subject: [PATCH 012/135] l 2 base: add unpackers to pkgs --- lass/2configs/base.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 77646a03e..88bb3ff60 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -85,6 +85,8 @@ with config.krebs.lib; MANPAGER=most ''; + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs; [ #stockholm git @@ -109,6 +111,11 @@ with config.krebs.lib; #neat utils krebspaste + + #unpack stuff + p7zip + unzip + unrar ]; programs.bash = { From d5ccc03a5cc8d30443d81ff4aba7a613c198d268 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 9 Apr 2016 14:16:47 +0200 Subject: [PATCH 013/135] l 2 games: add user to loot group --- lass/2configs/games.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 6043a8759..0eec97922 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -13,7 +13,7 @@ in { name = "games"; description = "user playing games"; home = "/home/games"; - extraGroups = [ "audio" "video" "input" ]; + extraGroups = [ "audio" "video" "input" "loot" ]; createHome = true; useDefaultShell = true; }; From 9113a203848d9ceab57fd9c1e891066f96443e6e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 9 Apr 2016 14:17:09 +0200 Subject: [PATCH 014/135] l 2 newsbot-js: remove times feed --- lass/2configs/newsbot-js.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index d7c68bd7d..636b44395 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -154,7 +154,6 @@ let telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#news tigsource|http://www.tigsource.com/feed/|#news - times|http://www.thetimes.co.uk/tto/news/rss|#news tinc|http://tinc-vpn.org/news/index.rss|#news topix_b|http://www.topix.com/rss/wire/de/berlin|#news torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news From e907a52246bd206eddd2a48c92f63215ff37a53a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 9 Apr 2016 14:17:30 +0200 Subject: [PATCH 015/135] l 2 pass: remove obsolete startGnuPGAgent --- lass/2configs/pass.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 33eca0a17..610887621 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -6,5 +6,4 @@ gnupg1 ]; - services.xserver.startGnuPGAgent = true; } From b517ea29707efc6677fe8c0e7ff6dadff4de3c3d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 9 Apr 2016 14:21:19 +0200 Subject: [PATCH 016/135] l 4: add website helper functions --- lass/4lib/default.nix | 127 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 125 insertions(+), 2 deletions(-) diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix index a751a2995..d45313894 100644 --- a/lass/4lib/default.nix +++ b/lass/4lib/default.nix @@ -1,10 +1,133 @@ -{ lib, ... }: +{ lib, pkgs, ... }: with lib; -{ +rec { getDefaultGateway = ip: concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); + manageCert = domain: + { + security.acme = { + certs."${domain}" = { + email = "lassulus@gmail.com"; + webroot = "/var/lib/acme/challenges/${domain}"; + plugins = [ + "account_key.json" + "cert.pem" + "key.pem" + "fullchain.pem" + ]; + group = "nginx"; + allowKeysForGroup = true; + }; + }; + + krebs.nginx.servers."${domain}" = { + locations = [ + (nameValuePair "/.well-known/acme-challenge" '' + root /var/lib/acme/challenges/${domain}/; + '') + ]; + }; + }; + + ssl = domain: + { + imports = [ + ( manageCert domain ) + ( activateACME domain ) + ]; + }; + + activateACME = domain: + { + krebs.nginx.servers."${domain}" = { + ssl = { + enable = true; + certificate = "/var/lib/acme/${domain}/cert.pem"; + certificate_key = "/var/lib/acme/${domain}/key.pem"; + }; + }; + }; + + servePage = domain: + { + krebs.nginx.servers."${domain}" = { + server-names = [ + "${domain}" + "www.${domain}" + ]; + locations = [ + (nameValuePair "/" '' + root /srv/http/${domain}; + '') + ]; + }; + }; + + serveOwncloud = domain: + { + krebs.nginx.servers."${domain}" = { + server-names = [ + "${domain}" + "www.${domain}" + ]; + locations = [ + (nameValuePair "/" '' + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + + try_files $uri $uri/ /index.php; + '') + (nameValuePair "~ \.php$" '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include ${pkgs.nginx}/conf/fastcgi.conf; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool; + '') + ]; + extraConfig = '' + root /srv/http/${domain}/; + #index index.php; + access_log /tmp/nginx_acc.log; + error_log /tmp/nginx_err.log; + + # set max upload size + client_max_body_size 10G; + fastcgi_buffers 64 4K; + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + ''; + }; + services.phpfpm.poolConfigs."${domain}" = '' + listen = /srv/http/${domain}/phpfpm.pool + user = nginx + group = nginx + pm = dynamic + pm.max_children = 5 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 3 + listen.owner = nginx + listen.group = nginx + # errors to journal + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; + } From 7af3dfe9bf367f02619881c47060b4645d12f71e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 9 Apr 2016 14:21:39 +0200 Subject: [PATCH 017/135] l 2 websites: use helper functions --- lass/2configs/websites/domsen.nix | 40 +++++++++------- lass/2configs/websites/fritz.nix | 48 ++++++++++++------- lass/2configs/websites/wohnprojekt-rhh.de.nix | 20 +++++--- 3 files changed, 68 insertions(+), 40 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 895146d25..173e87864 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -1,27 +1,33 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: let inherit (config.krebs.lib) genid; + inherit (import ../../4lib { inherit lib pkgs; }) + manageCert + activateACME + ssl + servePage + serveOwncloud; + in { imports = [ - ../../3modules/static_nginx.nix - ../../3modules/owncloud_nginx.nix - ../../3modules/wordpress_nginx.nix + ( ssl "reich-gebaeudereinigung.de" ) + ( servePage "reich-gebaeudereinigung.de" ) + + ( servePage "karlaskop.de" ) + ( manageCert "karlaskop.de" ) + + ( servePage "makeup.apanowicz.de" ) + ( manageCert "makeup.apanowicz.de" ) + + ( servePage "pixelpocket.de" ) + ( manageCert "pixelpocket.de" ) + + ( ssl "o.ubikmedia.de" ) + ( serveOwncloud "o.ubikmedia.de" ) + ]; - lass.staticPage = { - "karlaskop.de" = {}; - "makeup.apanowicz.de" = {}; - "pixelpocket.de" = {}; - "reich-gebaeudereinigung.de" = {}; - }; - - lass.owncloud = { - "o.ubikmedia.de" = { - instanceid = "oc8n8ddbftgh"; - }; - }; - services.mysql = { enable = true; package = pkgs.mariadb; diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 073f3de14..16a240d7c 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -1,23 +1,39 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: -{ +let + inherit (import ../../4lib { inherit lib pkgs; }) + manageCert + activateACME + ssl + servePage + serveOwncloud; +in { imports = [ - ../../3modules/static_nginx.nix - ../../3modules/owncloud_nginx.nix - ../../3modules/wordpress_nginx.nix - ]; + ( manageCert "biostase.de" ) + ( servePage "biostase.de" ) - lass.staticPage = { - "biostase.de" = {}; - "gs-maubach.de" = {}; - "spielwaren-kern.de" = {}; - "societyofsimtech.de" = {}; - "ttf-kleinaspach.de" = {}; - "edsn.de" = {}; - "eab.berkeley.edu" = {}; - "habsys.de" = {}; - }; + ( manageCert "gs-maubach.de" ) + ( servePage "gs-maubach.de" ) + + ( manageCert "spielwaren-kern.de" ) + ( servePage "spielwaren-kern.de" ) + + ( manageCert "societyofsimtech.de" ) + ( servePage "societyofsimtech.de" ) + + ( manageCert "ttf-kleinaspach.de" ) + ( servePage "ttf-kleinaspach.de" ) + + ( manageCert "edsn.de" ) + ( servePage "edsn.de" ) + + ( manageCert "eab.berkeley.edu" ) + ( servePage "eab.berkeley.edu" ) + + ( manageCert "habsys.de" ) + ( servePage "habsys.de" ) + ]; #lass.owncloud = { # "o.ubikmedia.de" = { diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix index ac784d4c7..4e3eb071a 100644 --- a/lass/2configs/websites/wohnprojekt-rhh.de.nix +++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix @@ -1,14 +1,20 @@ -{ config, ... }: +{ config, pkgs, lib, ... }: -{ +let + inherit (config.krebs.lib) genid; + inherit (import ../../4lib { inherit lib pkgs; }) + manageCert + activateACME + ssl + servePage + serveOwncloud; + +in { imports = [ - ../../3modules/static_nginx.nix + ( ssl "wohnprojekt-rhh.de" ) + ( servePage "wohnprojekt-rhh.de" ) ]; - lass.staticPage = { - "wohnprojekt-rhh.de" = {}; - }; - users.users.laura = { home = "/srv/http/wohnprojekt-rhh.de"; createHome = true; From ed37b759286a1989ee3830b0268134a177303d23 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 9 Apr 2016 21:20:35 +0200 Subject: [PATCH 018/135] l 4: update owncloud config to solve errors --- lass/4lib/default.nix | 100 ++++++++++++++++++++++++++++++------------ 1 file changed, 73 insertions(+), 27 deletions(-) diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix index d45313894..4d3adfd1d 100644 --- a/lass/4lib/default.nix +++ b/lass/4lib/default.nix @@ -74,43 +74,89 @@ rec { "${domain}" "www.${domain}" ]; - locations = [ - (nameValuePair "/" '' - # The following 2 rules are only needed with webfinger - rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; - rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; - - rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; - - try_files $uri $uri/ /index.php; - '') - (nameValuePair "~ \.php$" '' - fastcgi_split_path_info ^(.+\.php)(/.+)$; - include ${pkgs.nginx}/conf/fastcgi.conf; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool; - '') - ]; extraConfig = '' - root /srv/http/${domain}/; - #index index.php; - access_log /tmp/nginx_acc.log; - error_log /tmp/nginx_err.log; + # Add headers to serve security related headers + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + # Path to the root of your installation + root /srv/http/${domain}/; # set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; - rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; - rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; - rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + # Disable gzip to avoid the removal of the ETag header + gzip off; + # Uncomment if your server is build with the ngx_pagespeed module + # This module is currently not supported. + #pagespeed off; + + index index.php; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; + + rewrite ^/.well-known/carddav /remote.php/carddav/ permanent; + rewrite ^/.well-known/caldav /remote.php/caldav/ permanent; + + # The following 2 rules are only needed for the user_webfinger app. + # Uncomment it if you're planning to use this app. + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; ''; + locations = [ + (nameValuePair "/robots.txt" '' + allow all; + log_not_found off; + access_log off; + '') + (nameValuePair "~ ^/(build|tests|config|lib|3rdparty|templates|data)/" '' + deny all; + '') + + (nameValuePair "~ ^/(?:autotest|occ|issue|indie|db_|console)" '' + deny all; + '') + + (nameValuePair "/" '' + rewrite ^/remote/(.*) /remote.php last; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ =404; + '') + + (nameValuePair "~ \.php(?:$|/)" '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice + fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool; + fastcgi_intercept_errors on; + '') + + # Adding the cache control header for js and css files + # Make sure it is BELOW the location ~ \.php(?:$|/) { block + (nameValuePair "~* \.(?:css|js)$" '' + add_header Cache-Control "public, max-age=7200"; + # Add headers to serve security related headers + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + # Optional: Don't log access to assets + access_log off; + '') + + # Optional: Don't log access to other assets + (nameValuePair "~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$" '' + access_log off; + '') + ]; }; services.phpfpm.poolConfigs."${domain}" = '' listen = /srv/http/${domain}/phpfpm.pool From c60d7637bd84ab0fc34798f68544d02c34da88c9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 11 Apr 2016 16:43:25 +0200 Subject: [PATCH 019/135] l 1 mors: /mnt/backup is now /bku --- lass/1systems/mors.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 4fa8e412d..0d8db212a 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -99,7 +99,7 @@ fsType = "ext4"; }; - "/mnt/backups" = { + "/bku" = { device = "/dev/big/backups"; fsType = "ext4"; }; From 375277a3c67102fc887b7b67837c8977035d8227 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 11 Apr 2016 16:43:52 +0200 Subject: [PATCH 020/135] l 1 prism: new fileschema for better backups --- lass/1systems/prism.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 80dd8c4e9..09a802b53 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -77,8 +77,16 @@ in { device = "/dev/pool/download"; }; - fileSystems."/srv/http/o.ubikmedia.de" = { - device = "/dev/pool/owncloud-ubik"; + fileSystems."/srv/http" = { + device = "/dev/pool/http"; + }; + + fileSystems."/srv/o.ubikmedia.de-data" = { + device = "/dev/pool/owncloud-ubik-data"; + }; + + fileSystems."/bku" = { + device = "/dev/pool/bku"; }; } From 0a5f8b64b2b34e7d24ee9e7573eebd7937341e01 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 11 Apr 2016 16:47:06 +0200 Subject: [PATCH 021/135] l 1 uriel: add /bku --- lass/1systems/uriel.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index 4e4eca21f..8bb2348e6 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -47,6 +47,11 @@ with builtins; fsType = "ext4"; }; + "/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; + "/boot" = { device = "/dev/sda1"; }; From 1773a9cd92ca2c0d78ba55c9ba16f7580cde388e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 11 Apr 2016 16:49:52 +0200 Subject: [PATCH 022/135] l 4: add more helpers for wordpress hosting --- lass/4lib/default.nix | 80 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix index 4d3adfd1d..e089f022c 100644 --- a/lass/4lib/default.nix +++ b/lass/4lib/default.nix @@ -33,6 +33,34 @@ rec { }; }; + manageCerts = domains: + let + domain = head domains; + in { + security.acme = { + certs."${domain}" = { + email = "lassulus@gmail.com"; + webroot = "/var/lib/acme/challenges/${domain}"; + plugins = [ + "account_key.json" + "key.pem" + "fullchain.pem" + ]; + group = "nginx"; + allowKeysForGroup = true; + extraDomains = genAttrs domains (_: null); + }; + }; + + krebs.nginx.servers."${domain}" = { + locations = [ + (nameValuePair "/.well-known/acme-challenge" '' + root /var/lib/acme/challenges/${domain}/; + '') + ]; + }; + }; + ssl = domain: { imports = [ @@ -176,4 +204,56 @@ rec { ''; }; + serveWordpress = domains: + let + domain = head domains; + + in { + krebs.nginx.servers."${domain}" = { + server-names = domains; + extraConfig = '' + root /srv/http/${domain}/; + index index.php; + access_log /tmp/nginx_acc.log; + error_log /tmp/nginx_err.log; + error_page 404 /404.html; + error_page 500 502 503 504 /50x.html; + ''; + locations = [ + (nameValuePair "/" '' + try_files $uri $uri/ /index.php?$args; + '') + (nameValuePair "~ \.php$" '' + fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool; + include ${pkgs.nginx}/conf/fastcgi.conf; + '') + (nameValuePair "~ /\\." '' + deny all; + '') + #Directives to send expires headers and turn off 404 error logging. + (nameValuePair "~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$" '' + access_log off; + log_not_found off; + expires max; + '') + ]; + }; + services.phpfpm.poolConfigs."${domain}" = '' + listen = /srv/http/${domain}/phpfpm.pool + user = nginx + group = nginx + pm = dynamic + pm.max_children = 5 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 3 + listen.owner = nginx + listen.group = nginx + # errors to journal + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; + } From a638c4eecd55420e3a579763561e4cfa672d1cd5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 11 Apr 2016 16:50:22 +0200 Subject: [PATCH 023/135] l 2 websites domsen: serve wordpress --- lass/2configs/websites/domsen.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 173e87864..b02f31629 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -4,28 +4,32 @@ let inherit (config.krebs.lib) genid; inherit (import ../../4lib { inherit lib pkgs; }) manageCert + manageCerts activateACME ssl servePage - serveOwncloud; + serveOwncloud + serveWordpress; in { imports = [ ( ssl "reich-gebaeudereinigung.de" ) ( servePage "reich-gebaeudereinigung.de" ) - ( servePage "karlaskop.de" ) ( manageCert "karlaskop.de" ) + ( servePage "karlaskop.de" ) - ( servePage "makeup.apanowicz.de" ) ( manageCert "makeup.apanowicz.de" ) + ( servePage "makeup.apanowicz.de" ) - ( servePage "pixelpocket.de" ) ( manageCert "pixelpocket.de" ) + ( servePage "pixelpocket.de" ) ( ssl "o.ubikmedia.de" ) ( serveOwncloud "o.ubikmedia.de" ) + ( manageCerts [ "ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] ) + ( serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] ) ]; services.mysql = { From 72e46878ea759f8909c90d2f5f293bfb8f3a6104 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 11 Apr 2016 16:50:49 +0200 Subject: [PATCH 024/135] l 2 websites: activate sqlBackups --- lass/2configs/websites/domsen.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index b02f31629..cbda7b99e 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -38,6 +38,15 @@ in { rootPassword = toString (); }; + services.mysqlBackup = { + enable = true; + databases = [ + "ubikmedia_de" + "o_ubikmedia_de" + ]; + location = "/bku/sql_dumps"; + }; + users.users.domsen = { uid = genid "domsen"; description = "maintenance acc for domsen"; From 2723a1fcd85ccaf9fea6faa6ec51358f706b8883 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 11 Apr 2016 16:51:12 +0200 Subject: [PATCH 025/135] l 2 websites domsen: add apcu to phpfpm --- lass/2configs/websites/domsen.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index cbda7b99e..1b62bd977 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -56,10 +56,13 @@ in { createHome = true; }; - #lass.wordpress = { - # "ubikmedia.de" = { - # }; - #}; - + services.phpfpm.phpIni = pkgs.runCommand "php.ini" { + options = '' + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + ''; + } '' + cat ${pkgs.php}/etc/php-recommended.ini > $out + echo "$options" >> $out + ''; } From 4bd4e58baa56635f08661a7a5c1dfe9f59a719a7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 11 Apr 2016 16:51:49 +0200 Subject: [PATCH 026/135] l 2: add backups.nix --- lass/2configs/backups.nix | 63 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 lass/2configs/backups.nix diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix new file mode 100644 index 000000000..c3275aece --- /dev/null +++ b/lass/2configs/backups.nix @@ -0,0 +1,63 @@ +{ config, lib, ... }: +with config.krebs.lib; +{ + + krebs.backup.plans = { + } // mapAttrs (_: recursiveUpdate { + snapshots = { + daily = { format = "%Y-%m-%d"; retain = 7; }; + weekly = { format = "%YW%W"; retain = 4; }; + monthly = { format = "%Y-%m"; retain = 12; }; + yearly = { format = "%Y"; }; + }; + }) { + prism-chat-uriel = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/home/chat"; }; + dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-chat"; }; + startAt = "03:00"; + }; + prism-chat-mors = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/home/chat"; }; + dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; }; + startAt = "03:00"; + }; + mors-home-uriel = { + method = "push"; + src = { host = config.krebs.hosts.mors; path = "/home"; }; + dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; }; + startAt = "04:00"; + }; + uriel-home-mors = { + method = "pull"; + src = { host = config.krebs.hosts.uriel; path = "/home"; }; + dst = { host = config.krebs.hosts.mors; path = "/bku/uriel-home"; }; + startAt = "04:00"; + }; + prism-http-uriel = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; + dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-http"; }; + startAt = "04:30"; + }; + prism-http-mors = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; + dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; }; + startAt = "04:30"; + }; + prism-sql-uriel = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; + dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-sql_dumps"; }; + startAt = "05:00"; + }; + prism-sql-mors = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; + dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; }; + startAt = "05:00"; + }; + }; +} From 84c7ba200a02dff803023388d54e2dea8e16ae2f Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 11 Apr 2016 16:52:15 +0200 Subject: [PATCH 027/135] l 2 base: import backups.nix --- lass/2configs/base.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 88bb3ff60..ad5df26e8 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -7,6 +7,7 @@ with config.krebs.lib; ../2configs/zsh.nix ../2configs/mc.nix ../2configs/retiolum.nix + ./backups.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) From 8f20cf974e334157a241dee5ad729eb5708637ee Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 11 Apr 2016 16:52:43 +0200 Subject: [PATCH 028/135] l 4: use fullchain.pem as certificate --- lass/4lib/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix index e089f022c..22a8c3c6e 100644 --- a/lass/4lib/default.nix +++ b/lass/4lib/default.nix @@ -15,7 +15,6 @@ rec { webroot = "/var/lib/acme/challenges/${domain}"; plugins = [ "account_key.json" - "cert.pem" "key.pem" "fullchain.pem" ]; @@ -74,7 +73,7 @@ rec { krebs.nginx.servers."${domain}" = { ssl = { enable = true; - certificate = "/var/lib/acme/${domain}/cert.pem"; + certificate = "/var/lib/acme/${domain}/fullchain.pem"; certificate_key = "/var/lib/acme/${domain}/key.pem"; }; }; From 7023d4141044d9de656f0d52e39650466d709728 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 12 Apr 2016 15:09:08 +0200 Subject: [PATCH 029/135] k 3 iptables: allow REDIRECT target --- krebs/3modules/iptables.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index 9596229de..4b99873a1 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -20,6 +20,7 @@ let flatten length hasAttr + hasPrefix mkEnableOption mkOption mkIf @@ -123,7 +124,7 @@ let buildRule = tn: cn: rule: #target validation test: - assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))); + assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target; #predicate validation test: #maybe use iptables-test From a1d80db7cc499bb9a850250357b0921fa61f5a59 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 12 Apr 2016 15:09:56 +0200 Subject: [PATCH 030/135] l 2 base: remove helios from authorized_keys(root) --- lass/2configs/base.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index ad5df26e8..d83e53772 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -19,7 +19,6 @@ with config.krebs.lib; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey config.krebs.users.lass-uriel.pubkey - config.krebs.users.lass-helios.pubkey ]; }; mainUser = { From be6bfb17365046486abdd3af01f05b0cb99331ea Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 12 Apr 2016 15:11:31 +0200 Subject: [PATCH 031/135] l 2 base: redirect internet ssh port to 45621 --- lass/2configs/base.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index d83e53772..4a4468300 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -173,6 +173,13 @@ with config.krebs.lib; krebs.iptables = { enable = true; tables = { + nat.PREROUTING.rules = [ + { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } + { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } + ]; + nat.OUTPUT.rules = [ + { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } + ]; filter.INPUT.policy = "DROP"; filter.FORWARD.policy = "DROP"; filter.INPUT.rules = [ From 4f04085d5239e2c688a370706f9007edd0a0d5bb Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 12 Apr 2016 15:16:17 +0200 Subject: [PATCH 032/135] l 2: add exim-retiolum.nix --- lass/2configs/exim-retiolum.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 lass/2configs/exim-retiolum.nix diff --git a/lass/2configs/exim-retiolum.nix b/lass/2configs/exim-retiolum.nix new file mode 100644 index 000000000..ea2f553b8 --- /dev/null +++ b/lass/2configs/exim-retiolum.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +{ + krebs.exim-retiolum.enable = true; + krebs.setuid.sendmail = { + filename = "${pkgs.exim}/bin/exim"; + mode = "4111"; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; } + ]; +} From 6da220c50848843a4d6e546a8639d0a573bf210b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 12 Apr 2016 15:16:40 +0200 Subject: [PATCH 033/135] l 2: add exim-smarthost configuration --- lass/2configs/exim-smarthost.nix | 49 ++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 lass/2configs/exim-smarthost.nix diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix new file mode 100644 index 000000000..7f838a316 --- /dev/null +++ b/lass/2configs/exim-smarthost.nix @@ -0,0 +1,49 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +{ + krebs.exim-smarthost = { + enable = true; + #dkim = [ + # { domain = "lassul.us"; } + #]; + sender_domains = [ + "lassul.us" + ]; + relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + config.krebs.hosts.mors + config.krebs.hosts.uriel + config.krebs.hosts.helios + ]; + internet-aliases = with config.krebs.users; [ + { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822 + { from = "lass@lassul.us"; to = lass.mail; } + { from = "lassulus@lassul.us"; to = lass.mail; } + { from = "test@lassul.us"; to = lass.mail; } + ]; + system-aliases = [ + { from = "mailer-daemon"; to = "postmaster"; } + { from = "postmaster"; to = "root"; } + { from = "nobody"; to = "root"; } + { from = "hostmaster"; to = "root"; } + { from = "usenet"; to = "root"; } + { from = "news"; to = "root"; } + { from = "webmaster"; to = "root"; } + { from = "www"; to = "root"; } + { from = "ftp"; to = "root"; } + { from = "abuse"; to = "root"; } + { from = "noc"; to = "root"; } + { from = "security"; to = "root"; } + { from = "root"; to = "lass"; } + ]; + }; + + krebs.setuid.sendmail = { + filename = "${pkgs.exim}/bin/exim"; + mode = "4111"; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } + ]; +} From 3d8689494f994a6849b1815b98dcbd027f59b1c6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 12 Apr 2016 15:16:58 +0200 Subject: [PATCH 034/135] l 2 base: remove exim & sendmail stuff --- lass/2configs/base.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 4a4468300..8c6078ba5 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -45,7 +45,6 @@ with config.krebs.lib; krebs = { enable = true; search-domain = "retiolum"; - exim-retiolum.enable = true; build = { user = config.krebs.users.lass; source = mapAttrs (_: mkDefault) ({ @@ -153,10 +152,6 @@ with config.krebs.lib; ''; }; - security.setuidPrograms = [ - "sendmail" - ]; - services.openssh = { enable = true; hostKeys = [ From fa039a83d8c2d5f2756856794461ac9795a6ee11 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 12 Apr 2016 15:17:42 +0200 Subject: [PATCH 035/135] l 1 *: import exim config from l 2 exim-* --- lass/1systems/cloudkrebs.nix | 1 + lass/1systems/dishfire.nix | 1 + lass/1systems/echelon.nix | 1 + lass/1systems/helios.nix | 1 + lass/1systems/mors.nix | 1 + lass/1systems/prism.nix | 1 + lass/1systems/uriel.nix | 1 + 7 files changed, 7 insertions(+) diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index 636d6a855..82c172050 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -9,6 +9,7 @@ in { ../. ../2configs/os-templates/CAC-CentOS-7-64bit.nix ../2configs/base.nix + ../2configs/exim-retiolum.nix ../2configs/retiolum.nix ../2configs/git.nix ../2configs/realwallpaper.nix diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index 7043809a5..04ebca588 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -5,6 +5,7 @@ ../. ../2configs/base.nix + ../2configs/exim-retiolum.nix ../2configs/git.nix ../2configs/websites/fritz.nix { diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index 80611ee80..e2fa1c5f4 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -9,6 +9,7 @@ in { ../. ../2configs/os-templates/CAC-CentOS-7-64bit.nix ../2configs/base.nix + ../2configs/exim-retiolum.nix ../2configs/retiolum.nix ../2configs/realwallpaper-server.nix ../2configs/privoxy-retiolum.nix diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index cc98c2c5b..0c7c0d8e3 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -5,6 +5,7 @@ with builtins; imports = [ ../. ../2configs/baseX.nix + ../2configs/exim-retiolum.nix ../2configs/browsers.nix ../2configs/programs.nix ../2configs/git.nix diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 0d8db212a..18f86ef91 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -4,6 +4,7 @@ imports = [ ../. ../2configs/baseX.nix + ../2configs/exim-retiolum.nix ../2configs/programs.nix ../2configs/bitcoin.nix ../2configs/browsers.nix diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 09a802b53..e1743c997 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -6,6 +6,7 @@ in { imports = [ ../. ../2configs/base.nix + ../2configs/exim-smarthost.nix ../2configs/downloading.nix ../2configs/git.nix ../2configs/ts3.nix diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index 8bb2348e6..92996c181 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -5,6 +5,7 @@ with builtins; imports = [ ../. ../2configs/baseX.nix + ../2configs/exim-retiolum.nix ../2configs/browsers.nix ../2configs/games.nix ../2configs/pass.nix From 1b717d487791ce6874caa439461d4deeb942a835 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 12 Apr 2016 16:32:58 +0200 Subject: [PATCH 036/135] l 2 exim-smarthost: activate DKIM --- lass/2configs/exim-smarthost.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 7f838a316..f1c682416 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -5,9 +5,9 @@ with config.krebs.lib; { krebs.exim-smarthost = { enable = true; - #dkim = [ - # { domain = "lassul.us"; } - #]; + dkim = [ + { domain = "lassul.us"; } + ]; sender_domains = [ "lassul.us" ]; From 4382ba5b9ddad77a1e0f44b5ff88862678a5d33e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Apr 2016 16:27:41 +0200 Subject: [PATCH 037/135] l 1 dishfire: add /bku mount --- lass/1systems/dishfire.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index 04ebca588..532ccb29a 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -36,6 +36,10 @@ device = "/dev/vda1"; fsType = "ext4"; }; + fileSystems."/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; } { networking.dhcpcd.allowInterfaces = [ From 8a8d2c8ec979b30901e69cb6a0d063968b5c42b6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Apr 2016 16:29:13 +0200 Subject: [PATCH 038/135] l 1 mors: disable test dbs --- lass/1systems/mors.nix | 40 +++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 18f86ef91..6e89b2957 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -34,26 +34,28 @@ { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } ]; } + #{ + # services.mysql = { + # enable = true; + # package = pkgs.mariadb; + # rootPassword = "/mysql_rootPassword"; + # }; + #} + #{ + # services.elasticsearch = { + # enable = true; + # plugins = [ + # # pkgs.elasticsearchPlugins.elasticsearch_kopf + # ]; + # }; + #} + #{ + # services.postgresql = { + # enable = true; + # package = pkgs.postgresql; + # }; + #} { - services.mysql = { - enable = true; - package = pkgs.mariadb; - rootPassword = "/mysql_rootPassword"; - }; - } - { - services.elasticsearch = { - enable = true; - plugins = [ - # pkgs.elasticsearchPlugins.elasticsearch_kopf - ]; - }; - } - { - services.postgresql = { - enable = true; - package = pkgs.postgresql; - }; } ]; From 40ce314996762fe286a5f8d27873cd0ae9fab145 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Apr 2016 16:29:52 +0200 Subject: [PATCH 039/135] l 2 exim-smarthost: add outlook@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index f1c682416..e1aa29c49 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -21,6 +21,7 @@ with config.krebs.lib; { from = "lass@lassul.us"; to = lass.mail; } { from = "lassulus@lassul.us"; to = lass.mail; } { from = "test@lassul.us"; to = lass.mail; } + { from = "outlook@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From 4c4ac83e1fb21611e947c40d612d51bbab91257e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Apr 2016 16:30:17 +0200 Subject: [PATCH 040/135] l 2 backups: more backups --- lass/2configs/backups.nix | 98 ++++++++++++++++++++++++++------------- 1 file changed, 67 insertions(+), 31 deletions(-) diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix index c3275aece..ca9ff20a1 100644 --- a/lass/2configs/backups.nix +++ b/lass/2configs/backups.nix @@ -11,23 +11,77 @@ with config.krebs.lib; yearly = { format = "%Y"; }; }; }) { - prism-chat-uriel = { + dishfire-http-prism = { method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/home/chat"; }; - dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-chat"; }; + src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; + dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; }; startAt = "03:00"; }; + dishfire-http-mors = { + method = "pull"; + src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; + dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; }; + startAt = "03:05"; + }; + dishfire-http-uriel = { + method = "pull"; + src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; + dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-http"; }; + startAt = "03:10"; + }; + dishfire-sql-prism = { + method = "pull"; + src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; + dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; }; + startAt = "03:15"; + }; + dishfire-sql-mors = { + method = "pull"; + src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; + dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; }; + startAt = "03:20"; + }; + dishfire-sql-uriel = { + method = "pull"; + src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; + dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-sql"; }; + startAt = "03:25"; + }; prism-chat-mors = { method = "pull"; src = { host = config.krebs.hosts.prism; path = "/home/chat"; }; dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; }; - startAt = "03:00"; + startAt = "03:30"; }; - mors-home-uriel = { - method = "push"; - src = { host = config.krebs.hosts.mors; path = "/home"; }; - dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; }; - startAt = "04:00"; + prism-chat-uriel = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/home/chat"; }; + dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-chat"; }; + startAt = "03:35"; + }; + prism-sql-mors = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; + dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; }; + startAt = "03:40"; + }; + prism-sql-uriel = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; + dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-sql_dumps"; }; + startAt = "03:45"; + }; + prism-http-mors = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; + dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; }; + startAt = "03:50"; + }; + prism-http-uriel = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; + dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-http"; }; + startAt = "03:55"; }; uriel-home-mors = { method = "pull"; @@ -35,28 +89,10 @@ with config.krebs.lib; dst = { host = config.krebs.hosts.mors; path = "/bku/uriel-home"; }; startAt = "04:00"; }; - prism-http-uriel = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-http"; }; - startAt = "04:30"; - }; - prism-http-mors = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; }; - startAt = "04:30"; - }; - prism-sql-uriel = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-sql_dumps"; }; - startAt = "05:00"; - }; - prism-sql-mors = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; }; + mors-home-uriel = { + method = "push"; + src = { host = config.krebs.hosts.mors; path = "/home"; }; + dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; }; startAt = "05:00"; }; }; From de6e888da9ed85ebbe35fa23569fbd8617734798 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Apr 2016 16:32:04 +0200 Subject: [PATCH 041/135] l websites: use lists in helpers --- lass/2configs/websites/domsen.nix | 22 ++++---- lass/2configs/websites/fritz.nix | 39 +++++++------- lass/2configs/websites/wohnprojekt-rhh.de.nix | 9 ++-- lass/4lib/default.nix | 53 +++++-------------- 4 files changed, 48 insertions(+), 75 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 1b62bd977..caaee96bb 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -13,22 +13,22 @@ let in { imports = [ - ( ssl "reich-gebaeudereinigung.de" ) - ( servePage "reich-gebaeudereinigung.de" ) + ( ssl [ "reich-gebaeudereinigung.de" ]) + ( servePage [ "reich-gebaeudereinigung.de" ]) - ( manageCert "karlaskop.de" ) - ( servePage "karlaskop.de" ) + ( manageCerts [ "karlaskop.de" ]) + ( servePage [ "karlaskop.de" ]) - ( manageCert "makeup.apanowicz.de" ) - ( servePage "makeup.apanowicz.de" ) + ( ssl [ "makeup.apanowicz.de" ]) + ( servePage [ "makeup.apanowicz.de" ]) - ( manageCert "pixelpocket.de" ) - ( servePage "pixelpocket.de" ) + ( manageCerts [ "pixelpocket.de" ]) + ( servePage [ "pixelpocket.de" ]) - ( ssl "o.ubikmedia.de" ) - ( serveOwncloud "o.ubikmedia.de" ) + ( ssl [ "o.ubikmedia.de" ]) + ( serveOwncloud [ "o.ubikmedia.de" ]) - ( manageCerts [ "ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] ) + ( ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] ) ( serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] ) ]; diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 16a240d7c..7a35ba75b 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -2,37 +2,40 @@ let inherit (import ../../4lib { inherit lib pkgs; }) - manageCert + manageCerts activateACME ssl servePage - serveOwncloud; + serveWordpress; in { imports = [ - ( manageCert "biostase.de" ) - ( servePage "biostase.de" ) + #( manageCerts [ "biostase.de" ]) + #( servePage [ "biostase.de" ]) - ( manageCert "gs-maubach.de" ) - ( servePage "gs-maubach.de" ) + #( manageCerts [ "gs-maubach.de" ]) + #( servePage [ "gs-maubach.de" ]) - ( manageCert "spielwaren-kern.de" ) - ( servePage "spielwaren-kern.de" ) + #( manageCerts [ "spielwaren-kern.de" ]) + #( servePage [ "spielwaren-kern.de" ]) - ( manageCert "societyofsimtech.de" ) - ( servePage "societyofsimtech.de" ) + #( manageCerts [ "societyofsimtech.de" ]) + #( servePage [ "societyofsimtech.de" ]) - ( manageCert "ttf-kleinaspach.de" ) - ( servePage "ttf-kleinaspach.de" ) + #( manageCerts [ "ttf-kleinaspach.de" ]) + #( servePage [ "ttf-kleinaspach.de" ]) - ( manageCert "edsn.de" ) - ( servePage "edsn.de" ) + #( manageCerts [ "edsn.de" ]) + #( servePage [ "edsn.de" ]) - ( manageCert "eab.berkeley.edu" ) - ( servePage "eab.berkeley.edu" ) + #( manageCerts [ "eab.berkeley.edu" ]) + #( servePage [ "eab.berkeley.edu" ]) - ( manageCert "habsys.de" ) - ( servePage "habsys.de" ) + ( manageCerts [ "eastuttgart.de" ]) + ( serveWordpress [ "eastuttgart.de" ]) + + ( manageCerts [ "habsys.de" ]) + ( servePage [ "habsys.de" ]) ]; #lass.owncloud = { diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix index 4e3eb071a..858054531 100644 --- a/lass/2configs/websites/wohnprojekt-rhh.de.nix +++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix @@ -3,16 +3,13 @@ let inherit (config.krebs.lib) genid; inherit (import ../../4lib { inherit lib pkgs; }) - manageCert - activateACME ssl - servePage - serveOwncloud; + servePage; in { imports = [ - ( ssl "wohnprojekt-rhh.de" ) - ( servePage "wohnprojekt-rhh.de" ) + ( ssl [ "wohnprojekt-rhh.de" ]) + ( servePage [ "wohnprojekt-rhh.de" ]) ]; users.users.laura = { diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix index 22a8c3c6e..7949154a0 100644 --- a/lass/4lib/default.nix +++ b/lass/4lib/default.nix @@ -7,31 +7,6 @@ rec { getDefaultGateway = ip: concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); - manageCert = domain: - { - security.acme = { - certs."${domain}" = { - email = "lassulus@gmail.com"; - webroot = "/var/lib/acme/challenges/${domain}"; - plugins = [ - "account_key.json" - "key.pem" - "fullchain.pem" - ]; - group = "nginx"; - allowKeysForGroup = true; - }; - }; - - krebs.nginx.servers."${domain}" = { - locations = [ - (nameValuePair "/.well-known/acme-challenge" '' - root /var/lib/acme/challenges/${domain}/; - '') - ]; - }; - }; - manageCerts = domains: let domain = head domains; @@ -60,11 +35,11 @@ rec { }; }; - ssl = domain: + ssl = domains: { imports = [ - ( manageCert domain ) - ( activateACME domain ) + ( manageCerts domains ) + ( activateACME (head domains) ) ]; }; @@ -79,13 +54,12 @@ rec { }; }; - servePage = domain: - { + servePage = domains: + let + domain = head domains; + in { krebs.nginx.servers."${domain}" = { - server-names = [ - "${domain}" - "www.${domain}" - ]; + server-names = domains; locations = [ (nameValuePair "/" '' root /srv/http/${domain}; @@ -94,13 +68,12 @@ rec { }; }; - serveOwncloud = domain: - { + serveOwncloud = domains: + let + domain = head domains; + in { krebs.nginx.servers."${domain}" = { - server-names = [ - "${domain}" - "www.${domain}" - ]; + server-names = domains; extraConfig = '' # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; From 54ec57b51126991409ef2f77b1652496ffc8560f Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Apr 2016 16:32:55 +0200 Subject: [PATCH 042/135] k 3 l: change ssh port to 45621 --- krebs/3modules/lass/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index b4686894e..adca66dad 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -12,6 +12,7 @@ with config.krebs.lib; aliases = [ "dishfire.internet" ]; + ssh.port = 45621; }; retiolum = { via = internet; @@ -44,6 +45,7 @@ with config.krebs.lib; aliases = [ "echelon.internet" ]; + ssh.port = 45621; }; retiolum = { via = internet; @@ -79,6 +81,7 @@ with config.krebs.lib; aliases = [ "prism.internet" ]; + ssh.port = 45621; }; retiolum = { via = internet; @@ -143,6 +146,7 @@ with config.krebs.lib; aliases = [ "cloudkrebs.internet" ]; + ssh.port = 45621; }; retiolum = { via = internet; @@ -174,6 +178,7 @@ with config.krebs.lib; gg23 = { ip4.addr = "10.23.1.12"; aliases = ["uriel.gg23"]; + ssh.port = 45621; }; retiolum = { ip4.addr = "10.243.81.176"; @@ -205,6 +210,7 @@ with config.krebs.lib; gg23 = { ip4.addr = "10.23.1.11"; aliases = ["mors.gg23"]; + ssh.port = 45621; }; retiolum = { ip4.addr = "10.243.0.2"; From c9c10168082f648b2d5c25355f55ab4dce885135 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Apr 2016 16:33:25 +0200 Subject: [PATCH 043/135] l 2 websites fritz: activate mysql & mysqlBackup --- lass/2configs/websites/fritz.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 7a35ba75b..c022dfbe2 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -38,6 +38,20 @@ in { ( servePage [ "habsys.de" ]) ]; + services.mysql = { + enable = true; + package = pkgs.mariadb; + rootPassword = toString (); + }; + + services.mysqlBackup = { + enable = true; + databases = [ + "eastuttgart_de" + ]; + location = "/bku/sql_dumps"; + }; + #lass.owncloud = { # "o.ubikmedia.de" = { # instanceid = "oc8n8ddbftgh"; From 6a009982af81f6591ee026c7f866008a17d4d8f8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Apr 2016 16:34:02 +0200 Subject: [PATCH 044/135] l 4: also serve dotfiles in serveWordpress --- lass/4lib/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix index 7949154a0..30cbced49 100644 --- a/lass/4lib/default.nix +++ b/lass/4lib/default.nix @@ -199,9 +199,9 @@ rec { fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool; include ${pkgs.nginx}/conf/fastcgi.conf; '') - (nameValuePair "~ /\\." '' - deny all; - '') + #(nameValuePair "~ /\\." '' + # deny all; + #'') #Directives to send expires headers and turn off 404 error logging. (nameValuePair "~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$" '' access_log off; From f0863085c7f865069e0d49a99488734abe044c6a Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Apr 2016 16:37:26 +0200 Subject: [PATCH 045/135] l 5: add mk_sql_pair --- lass/5pkgs/default.nix | 1 + lass/5pkgs/mk_sql_pair/default.nix | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 lass/5pkgs/mk_sql_pair/default.nix diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 0c9dd94ca..e113af91f 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -8,6 +8,7 @@ ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {}; vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {}; }; + mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {}; mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {}; xmonad-lass = let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in diff --git a/lass/5pkgs/mk_sql_pair/default.nix b/lass/5pkgs/mk_sql_pair/default.nix new file mode 100644 index 000000000..a9f0d2797 --- /dev/null +++ b/lass/5pkgs/mk_sql_pair/default.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: + +pkgs.writeScriptBin "mk_sql_pair" '' + #!/bin/sh + + name=$1 + password=$2 + + if [ $# -ne 2 ]; then + echo '$1=name, $2=password' + exit 23; + fi + + cat < Date: Wed, 13 Apr 2016 16:40:33 +0200 Subject: [PATCH 046/135] l 5: add urban --- lass/5pkgs/default.nix | 1 + lass/5pkgs/urban/default.nix | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 lass/5pkgs/urban/default.nix diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index e113af91f..1dacf6c7a 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -10,6 +10,7 @@ }; mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {}; mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {}; + urban = pkgs.callPackage ./urban/default.nix {}; xmonad-lass = let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in pkgs.haskellPackages.callPackage src {}; diff --git a/lass/5pkgs/urban/default.nix b/lass/5pkgs/urban/default.nix new file mode 100644 index 000000000..fb8adaed9 --- /dev/null +++ b/lass/5pkgs/urban/default.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: + +pkgs.writeScriptBin "urban" '' + #!/bin/sh + set -euf + term=$1 + curl -LsS 'http://www.urbandictionary.com/define.php?term='"$term" \ + | sed 's/<\/\?a\>[^>]*>//g' \ + | sed 's/<\([^>]*\)>/\n<\1\n/g' \ + | grep . \ + | sed -n '/
' \ + | grep -v '^' \ + | sed ' + s/"/"/g + s/'/'\'''/g + s/>/>/g + s/</>/g + ' +'' From 7cd2fe545b80507c6b5393b6e47f19ed4dfb312f Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Apr 2016 16:47:47 +0200 Subject: [PATCH 047/135] l 1 mors: add some pkgs --- lass/1systems/mors.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 6e89b2957..bdc9c3242 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -189,6 +189,9 @@ get teamspeak_client hashPassword + urban + mk_sql_pair + skype ]; #TODO: fix this shit From 9717e5a2e0cb5b0bf9fae0ec62423af30ecd2051 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Apr 2016 16:48:00 +0200 Subject: [PATCH 048/135] l 1 dishfire: add mk_sql_pair pkg --- lass/1systems/dishfire.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index 532ccb29a..4e3b84bd0 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -50,6 +50,11 @@ { sound.enable = false; } + { + environment.systemPackages = with pkgs; [ + mk_sql_pair + ]; + } ]; krebs.build.host = config.krebs.hosts.dishfire; From 2e8743934061ecb8019c34ee4b1010238e158bf1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 13 Apr 2016 16:48:32 +0200 Subject: [PATCH 049/135] l 5 acronym: refactor code --- lass/5pkgs/acronym/default.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/lass/5pkgs/acronym/default.nix b/lass/5pkgs/acronym/default.nix index 53d5d015a..9f6f95587 100644 --- a/lass/5pkgs/acronym/default.nix +++ b/lass/5pkgs/acronym/default.nix @@ -1,13 +1,16 @@ { pkgs, ... }: pkgs.writeScriptBin "acronym" '' + #! ${pkgs.bash}/bin/bash acro=$1 curl -s http://www.acronymfinder.com/$acro.html \ - | grep 'class="result-list__body__rank"' \ - | sed 's/.*title="\([^"]*\)".*/\1/' \ - | sed 's/^.* - //' \ - | sed "s/'/'/g" + | grep 'class="result-list__body__rank"' \ + | sed ' + s/.*title="\([^"]*\)".*/\1/ + s/^.* - // + s/'/'\'''/g + ' '' From 3b2cb2a3f73ad58c489ae854f829d5a4bf723e17 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Apr 2016 14:39:03 +0200 Subject: [PATCH 050/135] l 2: base.nix -> default.nix --- lass/1systems/cloudkrebs.nix | 2 +- lass/1systems/dishfire.nix | 2 +- lass/1systems/echelon.nix | 2 +- lass/1systems/prism.nix | 2 +- lass/2configs/baseX.nix | 2 +- lass/2configs/{base.nix => default.nix} | 0 6 files changed, 5 insertions(+), 5 deletions(-) rename lass/2configs/{base.nix => default.nix} (100%) diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index 82c172050..1bfb11502 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -8,7 +8,7 @@ in { imports = [ ../. ../2configs/os-templates/CAC-CentOS-7-64bit.nix - ../2configs/base.nix + ../2configs/default.nix ../2configs/exim-retiolum.nix ../2configs/retiolum.nix ../2configs/git.nix diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index 4e3b84bd0..dd1d1e541 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -4,7 +4,7 @@ imports = [ ../. - ../2configs/base.nix + ../2configs/default.nix ../2configs/exim-retiolum.nix ../2configs/git.nix ../2configs/websites/fritz.nix diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index e2fa1c5f4..97734a7bd 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -8,7 +8,7 @@ in { imports = [ ../. ../2configs/os-templates/CAC-CentOS-7-64bit.nix - ../2configs/base.nix + ../2configs/default.nix ../2configs/exim-retiolum.nix ../2configs/retiolum.nix ../2configs/realwallpaper-server.nix diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index e1743c997..6b674a10f 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -5,7 +5,7 @@ let in { imports = [ ../. - ../2configs/base.nix + ../2configs/default.nix ../2configs/exim-smarthost.nix ../2configs/downloading.nix ../2configs/git.nix diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 6c52240af..1e28fdccc 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -4,7 +4,7 @@ let mainUser = config.users.extraUsers.mainUser; in { imports = [ - ./base.nix + ./default.nix #./urxvt.nix ./xserver ]; diff --git a/lass/2configs/base.nix b/lass/2configs/default.nix similarity index 100% rename from lass/2configs/base.nix rename to lass/2configs/default.nix From 49dcb0771e2e0f2592e356e22f9b784b7ec1a158 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Apr 2016 16:15:22 +0200 Subject: [PATCH 051/135] l 1 prism: import privoxy config --- lass/1systems/prism.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 6b674a10f..233ae564c 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -12,6 +12,7 @@ in { ../2configs/ts3.nix ../2configs/bitlbee.nix ../2configs/weechat.nix + ../2configs/privoxy-retiolum.nix { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories From 9a8179c39069a290433add4c8829eceb8a726e98 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Apr 2016 16:16:36 +0200 Subject: [PATCH 052/135] l 1 prism: disable tor client mode --- lass/1systems/prism.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 233ae564c..3eb208935 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -151,7 +151,6 @@ in { { services.tor = { enable = true; - client.enable = true; }; } ]; From 3e59f5fb4c9d110d5f91d60c875ca49a414c2a6f Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 15 Apr 2016 16:19:50 +0200 Subject: [PATCH 053/135] l 2 baseX: add xclip to pkgs --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1e28fdccc..79fc4744f 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -39,6 +39,7 @@ in { push slock sxiv + xclip xorg.xbacklight xsel zathura From 22a9fcdf8e9c3fa47e4ba6cbad47f4f5b74b57ed Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Apr 2016 12:05:49 +0200 Subject: [PATCH 054/135] 2 buildbot-standalone: make everything work again --- lass/2configs/buildbot-standalone.nix | 55 ++++++++++++++++++++------- 1 file changed, 42 insertions(+), 13 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 8c71553fe..604d0728d 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -1,15 +1,16 @@ { lib, config, pkgs, ... }: { - #networking.firewall.allowedTCPPorts = [ 8010 9989 ]; - krebs.buildbot.master = { + krebs.buildbot.master = let + stockholm-mirror-url = http://cgit.prism/stockholm ; + in { slaves = { testslave = "lasspass"; }; change_source.stockholm = '' - stockholm_repo = 'http://cgit.mors/stockholm' + stockholm_repo = '${stockholm-mirror-url}' cs.append(changes.GitPoller( stockholm_repo, - workdir='stockholm-poller', branch='master', + workdir='stockholm-poller', branches=True, project='stockholm', pollinterval=120)) ''; @@ -20,10 +21,12 @@ builderNames=["fast-tests"])) ''; fast-tests-scheduler = '' - # test the master real quick + # test everything real quick sched.append(schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter(branch="master"), - name="fast-master-test", + ## all branches + change_filter=util.ChangeFilter(branch_re=".*"), + # treeStableTimer=10, + name="fast-all-branches", builderNames=["fast-tests"])) ''; }; @@ -38,7 +41,10 @@ deps = [ "gnumake", "jq","nix","rsync" ] # TODO: --pure , prepare ENV in nix-shell command: # SSL_CERT_FILE,LOGNAME,NIX_REMOTE - nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ] + nixshell = ["nix-shell", + "-I", "stockholm=.", + "-I", "nixpkgs=/var/src/nixpkgs", + "-p" ] + deps + [ "--run" ] # prepare addShell function def addShell(factory,**kwargs): @@ -48,13 +54,26 @@ fast-tests = '' f = util.BuildFactory() f.addStep(grab_repo) - addShell(f,name="mors-eval",env=env, - command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"]) + for i in [ "prism", "mors", "echelon" ]: + addShell(f,name="populate-{}".format(i),env=env, + command=nixshell + \ + ["{}( make system={} eval.config.krebs.build.populate \ + | jq -er .)".format("!" if "failing" in i else "",i)]) + + addShell(f,name="build-test-minimal",env=env, + command=nixshell + \ + ["nix-instantiate \ + --show-trace --eval --strict --json \ + -I nixos-config=./shared/1systems/test-minimal-deploy.nix \ + -I secrets=. \ + -A config.system.build.toplevel"] + ) bu.append(util.BuilderConfig(name="fast-tests", slavenames=slavenames, factory=f)) - ''; + + ''; }; enable = true; web.enable = true; @@ -72,7 +91,17 @@ masterhost = "localhost"; username = "testslave"; password = "lasspass"; - packages = with pkgs;[ git nix ]; - extraEnviron = { NIX_PATH="nixpkgs=${toString }"; }; + packages = with pkgs;[ git nix gnumake jq rsync ]; + extraEnviron = { + NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; + }; + }; + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8010"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 9989"; target = "ACCEPT"; } + ]; + }; }; } From 6584cf5b92422c525a60dda5f8381fb10ec763bc Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Apr 2016 12:06:13 +0200 Subject: [PATCH 055/135] l 1 prism: import buildbot-standalone --- lass/1systems/prism.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 3eb208935..2587a8b6e 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -13,6 +13,7 @@ in { ../2configs/bitlbee.nix ../2configs/weechat.nix ../2configs/privoxy-retiolum.nix + ../2configs/buildbot-standalone.nix { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories From 3d7b41fb0bfa8e428bebc58eb42b978d784eed15 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Apr 2016 12:06:50 +0200 Subject: [PATCH 056/135] l 2 exim-smarthost: add aidsballs.de mails --- lass/2configs/exim-smarthost.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index e1aa29c49..2efb6f367 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -10,6 +10,7 @@ with config.krebs.lib; ]; sender_domains = [ "lassul.us" + "aidsballs.de" ]; relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ config.krebs.hosts.mors @@ -22,6 +23,8 @@ with config.krebs.lib; { from = "lassulus@lassul.us"; to = lass.mail; } { from = "test@lassul.us"; to = lass.mail; } { from = "outlook@lassul.us"; to = lass.mail; } + { from = "steuer@aidsballs.de"; to = lass.mail; } + { from = "lass@aidsballs.de"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From e1140ef7ea4c644707b24911f779c276a14a268e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Apr 2016 13:22:43 +0200 Subject: [PATCH 057/135] l 1 dishfire: open http[s] ports --- lass/1systems/dishfire.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index dd1d1e541..b5e551952 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -7,7 +7,6 @@ ../2configs/default.nix ../2configs/exim-retiolum.nix ../2configs/git.nix - ../2configs/websites/fritz.nix { boot.loader.grub = { device = "/dev/vda"; @@ -55,6 +54,15 @@ mk_sql_pair ]; } + { + imports = [ + ../2configs/websites/fritz.nix + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport http"; target = "ACCEPT"; } + { predicate = "-p tcp --dport https"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.dishfire; From 4ee39c0d71bb6a91bb5c64342ede2f5731c9c1e7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Apr 2016 13:23:12 +0200 Subject: [PATCH 058/135] l 2 websites fritz: manage more habsys domains --- lass/2configs/websites/fritz.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index c022dfbe2..0eff39908 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -34,8 +34,8 @@ in { ( manageCerts [ "eastuttgart.de" ]) ( serveWordpress [ "eastuttgart.de" ]) - ( manageCerts [ "habsys.de" ]) - ( servePage [ "habsys.de" ]) + ( manageCerts [ "habsys.de" "habsys.eu" ]) + ( servePage [ "habsys.de" "habsys.eu" ]) ]; services.mysql = { From 2680064f0d6c14204e5ce3796b18bcde633e5f8e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Apr 2016 13:23:38 +0200 Subject: [PATCH 059/135] l 2: add mail.nix --- lass/2configs/mail.nix | 88 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 lass/2configs/mail.nix diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix new file mode 100644 index 000000000..ff4dff090 --- /dev/null +++ b/lass/2configs/mail.nix @@ -0,0 +1,88 @@ +{ pkgs, ... }: + +let + + msmtprc = pkgs.writeText "msmtprc" '' + defaults + logfile ~/.msmtp.log + account prism + host prism.r + account default: prism + ''; + + msmtp = pkgs.writeScriptBin "msmtp" '' + ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@ + ''; + + muttrc = pkgs.writeText "muttrc" '' + # notmuch + set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir + set nm_record = yes + set nm_record_tags = "-inbox me archive" + set virtual_spoolfile=yes # enable virtual folders + set sendmail="msmtp" # enables parsing of outgoing mail + set use_from=yes + set envelope_from=yes + + set index_format="%4C %Z %?GI?%GI& ? %[%d/%b] %-16.15F %?M?(%3M)& ? %s %> %?g?%g?" + + virtual-mailboxes \ + "INBOX" "notmuch://?query=tag:inbox and NOT tag:killed"\ + "Unread" "notmuch://?query=tag:unread"\ + "TODO" "notmuch://?query=tag:TODO"\ + "Starred" "notmuch://?query=tag:*"\ + "Archive" "notmuch://?query=tag:archive"\ + "Sent" "notmuch://?query=tag:sent"\ + "Junk" "notmuch://?query=tag:junk" + + tag-transforms "junk" "k" \ + "unread" "u" \ + "replied" "↻" \ + "TODO" "T" \ + + # notmuch bindings + macro index \\\\ "" # looks up a hand made query + macro index A "+archive -unread -inbox\n" # tag as Archived + macro index + "+*\n" # tag as starred + macro index - "-*\n" # tag as unstarred + + + #killed + bind index d noop + bind pager d noop + + bind pager S noop + macro index S "-inbox -unread +junk\n" # tag as Junk mail + macro pager S "-inbox -unread +junk\n" # tag as Junk mail + + bind index t noop + bind pager t noop + macro index t "+TODO\n" # tag as Archived + + + # sidebar + set sidebar_width = 20 + set sidebar_visible = yes # set to "no" to disable sidebar view at startup + color sidebar_new yellow default + # sidebar bindings + bind index sidebar-prev # got to previous folder in sidebar + bind index sidebar-next # got to next folder in sidebar + bind index sidebar-open # open selected folder from sidebar + # sidebar toggle + macro index ,@) " set sidebar_visible=no; macro index ~ ,@( 'Toggle sidebar'" + macro index ,@( " set sidebar_visible=yes; macro index ~ ,@) 'Toggle sidebar'" + macro index ~ ,@( 'Toggle sidebar' # toggle the sidebar + ''; + + mutt = pkgs.writeScriptBin "mutt" '' + ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@ + ''; + +in { + environment.systemPackages = [ + msmtp + mutt + pkgs.much + pkgs.notmuch + ]; +} From cafbb3102b53c925734dcc48ac30f87e972ee3f4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Apr 2016 13:23:49 +0200 Subject: [PATCH 060/135] l 1 mors: import mail.nix --- lass/1systems/mors.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index bdc9c3242..e0efa4cb3 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -27,6 +27,7 @@ ../2configs/libvirt.nix ../2configs/fetchWallpaper.nix ../2configs/cbase.nix + ../2configs/mail.nix #../2configs/buildbot-standalone.nix { #risk of rain port From b5f18ab839432b07a88ee34e0e98dc343a50e854 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Apr 2016 13:37:23 +0200 Subject: [PATCH 061/135] l 2 mail: use exec and writeDashBin --- lass/2configs/mail.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index ff4dff090..e29b6d9b2 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -10,8 +10,8 @@ let account default: prism ''; - msmtp = pkgs.writeScriptBin "msmtp" '' - ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@ + msmtp = pkgs.writeDashBin "msmtp" '' + exec ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@ ''; muttrc = pkgs.writeText "muttrc" '' @@ -74,8 +74,8 @@ let macro index ~ ,@( 'Toggle sidebar' # toggle the sidebar ''; - mutt = pkgs.writeScriptBin "mutt" '' - ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@ + mutt = pkgs.writeDashBin "mutt" '' + exec ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@ ''; in { From 99d6704398ad24bb42b0dc0a9ca12620caa0220a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Apr 2016 15:44:34 +0200 Subject: [PATCH 062/135] l 1 prism: override nixpkgs for buildbot --- lass/1systems/prism.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 2587a8b6e..4c0b4e690 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -13,7 +13,16 @@ in { ../2configs/bitlbee.nix ../2configs/weechat.nix ../2configs/privoxy-retiolum.nix - ../2configs/buildbot-standalone.nix + { + #we need to use old sqlite for buildbot + imports = [ + ../2configs/buildbot-standalone.nix + ]; + krebs.build.source.nixpkgs = lib.mkForce { + url = https://github.com/NixOS/nixpkgs; + rev = "0d05f172b27e94d9eea3257f42d7e03371e63acc"; + }; + } { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories From 2f99d1f4b7bbc2b6d5f45467d897a65d84f61428 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Apr 2016 16:20:17 +0200 Subject: [PATCH 063/135] k 3 l: update pgp key --- krebs/3modules/lass/default.pgp | 95 ++++++++++++++++----------------- 1 file changed, 47 insertions(+), 48 deletions(-) diff --git a/krebs/3modules/lass/default.pgp b/krebs/3modules/lass/default.pgp index 38e2fa8df..6d985f0e2 100644 --- a/krebs/3modules/lass/default.pgp +++ b/krebs/3modules/lass/default.pgp @@ -1,52 +1,51 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2 -mQINBFSZ3/oBEADYvRPoLdDkASIArXyWR5ccugJQURxMDgphAGrvj6qskSkn0chF -gnc/kcQr4aVTaDFdonSyHjYvspDOZm5BgHAICCu1PL8rkMTGS+vHM5dlwnok6IKy -e2aLjLPq5sHyp4+Zeq1eHe5TQ1cgN0cPdMMnEHd8GQke21pRQ5Vz79s8qRfWlt1Y -+OQ5uY/52iZ9qJ11/N4bPPe/Zm63sRTpGw14i8UCgBAsMQOG1XPUX2/IJc1CC9+1 -Ohn/hPCbIdCbwOs7/HFFMRWmV6w4ul9gr7Js0owkWAS8FNOactS2i2SSwdONetKs -UbCVQ1PubPBZvh2Vij/oUBK5BvfNDR6nRYhOjYbt6PW/Q6bjqGecjnlO98dpcqag -+8bdl1JY9FpE4RzfuRgAFjVbtNztrmm9t6EuOHGZ5ec34TG9+i02ixh0YTEDK/Yt -my2MfIbGUbeIYRKJscqgxKkL6nv4x0lOvs8nDiUmqztGdSdTGni+BAWZz3+1xaJH -DTyQ36qYauBb5FWneRTBeagrDOAvvk/WxS+fMFZpnQovevOQBqxEL62fntikmMFn -ddPgq7R1VPdivvr+BO8yMI8i45Vn9EzIJR02WAp7oAsT966yzopVT4JLT8++CVPh -/VBrFID9yRyWjW5IJPsMsOt7z3UJaP08ua0UG4uVqo6dT6IdR8jKKxYdvwARAQAB -tCBsYXNzdWx1cyA8bGFzc3VsdXNAYWlkc2JhbGxzLmRlPokCPQQTAQoAJwUCVJnf -+gIbAwUJBaOagAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRAyqvthRFEnnviI -D/95QdNgttsly9CUeHKGfNGlJ2NgDepqob/VR2385q7cXCbFftRIsD0vaWYfsQ87 -kbKs3fpeHz8teKqZtMnXYkPIaSK0TcoaqQtyfkmj+agP2YRSkNYonlmmCiCWkodP -2VnnmRUSwHcgxS14xsUHh13JXsU5nTHDAdJqOxUX6l6Lxb989h7Q8wTn5SX1XRVd -0U5P7fNXKvVF34J6uGyWraxQLOqJEEzi82F/61hbI6zVPhxu/R+qmiSqgHIlp0ax -u+8u3eyDVP1q95AMPaL1GsNYDcSl5njbkEbruSmjVcO99cD1ZLAODFJuaa+h/IvQ -HoPnFL3hRo0SHt/RimokboJL7nx5jT/0y+FtGuPMVKUqiLApOfoeWeHWVKgMLV/0 -1+O4jEDRMNSIClI2YHdgyuQPBuHkaYXrrpDpJnYDEz2qAiijx+xIAPzifxebuVFV -NQl/XnXlzTmYrt0GHfCrNZa/ZtsqQqnJSRpydjey+ATGgs+3Oqa6z8lHhYx83ST2 -cGsUmSnzk0TnxXmqwWxb3aGA0kO50atrObWwNXud7n3hu4V0FWwfHXUk8gJxtMN6 -IenjLcI0WyLwSKvTazF6GSgtUhwNgON88eiqLS8CWdop4CEyEUfxFoZeQoS72Yzq -4pSOYPnbRDcBn2zkYaWyCTmf9qvWbZOu0Sl2lfy9n5LiKrkCDQRUmd/6ARAAq+Mt -/9LohA9Qnz/GjE504h38G3USXgEV9/ctr2PXkc2onW67u45trLSYLyCK6kDq3VIN -/3uLt8Pr+IL41NntW1exRtqohVeKI38CCqR5RP9tVxLkyxnpA/SPpSvOjWhyBkph -MRXYta1+nBHwxSaPcc2e+15pk/cYgg0cTY7Nvgo+wL4bgI+b2OHwwIwRov/t4aim -0y63OaCG82NqWrX7i2ONaR8RsZ8RHLnC+TyFaoj0mdp+vp4WFwxbqcIq+Vvn1m5j -gPlkzXK4Yrykp2IULGuj+qZyS043FzZYhbxZoE85zIMtQ5gV/ktaP25+YsU1bwb9 -75FQvdMM827bbOJJ67/l96asQNg1TMzosL8/t9xLPDry4YYu8kRIPZgKWvT0Eg1Q -AWzWJCXplTdPlhj660OCGuuyv/XJIbhqtBVZhIyR7gs6EZHZ6FHax7F41fEWGgSv -WVAMrjrnG4XYAyCP1yiW1i7/ogCzKXYvV42tzBFuPcza6jhBnU17w5E7nwYaEWgA -02Ai7aTK9WDAi8j8emQ8XppU9hqEILSvR5tG4R0YOAUbIUplIpnpf8KcEhNy48ei -MuhiTJBjPyu7bRJoZXvipNPjqhESGlvrcr1QKuEqPLRcfLo3DOt3zgxBqOZZGHKL -ckaud05wevMPK09F7taLgwBCHOmAxiMa5NQVjL8AEQEAAYkCJQQYAQoADwUCVJnf -+gIbDAUJBaOagAAKCRAyqvthRFEnngGYD/wP77ax6yczKT/AHEvqyMMRPigLHIHy -XIWt8uNKwbn1RTXuH9Nj1rtVuj7ck4jscNwmDYeT52ZDxHQjLHWgAG0CBq6afdBi -VwLur6M7jv0EwY/SMed+QD1+a59kiO8+difwLDF+Q50lYQ4fmSGsfdQ4Qxesm92r -Y1Q/xFg1K9MNZbItpzYTE4P+ii4kU5BnWwExX2OEhhlrNUjJhA30HvvUID6bsguq -Jl7mWnGpS5YYqPxiABNI++TzYXQvP95nWGROvdx2vSPuJ756S8VJ81LL7BmQyQzq -8S/ciHjmgtgLRyncqqXl1uJBqtK+50vEFHxJrANdDNzD+K4S7+23DpRsmEl/2ECQ -laGsU6HtYbnr+hc1alE4uNMEN1/a75EFI59BISnUm8jIy1nLhcIXMhFh4JuG7kGk -2ePa4Gv2DafMR8N0WYPIhP3LIIDP0s9gv2QSA+5BmI9OhZDkz9Ubuut1+PMfWCXm -aNmF2Bh8puTffsFxGJSiQ4CXDzuNRqMR5wB0OCnB/WAnuZhRAJhXmgR8FJY+EvTN -PcA1QZIZ0hQGVf8eJ5Gx4W1w2Q6mQCGnCy1XtEkZP0BOP0Or5CMtqP/VSuwaF4wh -4FLYTOLZ7oDr2ErK/bhnpuoPoUU0y3n7AG/nhtmqenlMPLWB246XnEoJMb6Ar8vW -It6jrzDh3+COSQ== -=0gFT +mQINBFcWQhEBEADwt+hHRZxZx05USejn4x5LVWqqg5I2nIzjwI8pVyBra2AmXaMA +SAImFk1W6oM35rwYmez6TG8QC7RPRUrMHX2aAdDwJ/VtU/b87q0ICwlMxYUnikg1 +tsHV4kRB7ukm+Rs0ECMqZzjwdlbiEEfQ6VPUrIBzDHeD0idkC82DonZ6xe083klH +LpO36ckBOtyaoZZspzRu5yB76vsbeviVqsQ9WTQ8GoQk1i6FUbTbtOlvjhtx05Rk +ic66RrfFSM/ElLe5yA96kZd7m/Sn9WIRwRj3clxnT1vAVpMlpISsTutEQtuG3MDX +tT3EPVSSZEEcY1xxlJF+u1JZu4QqqtH+nczjshv+z3HZdmGd7OGqmgI8D3Ly/Ufi +Uyz+ewZbhbgy/XSHqwriUbnMuE9OKxx0LqlQLA59+/icT+upW4TexiHKd6PYeSeJ +kCxUEAmzqxsnilmwbehQrmmhI7uzxT8YxNGjF5mRJ1zOY55praTMKlp3MOxKvVPn +EZSyWm/22CuUZZEX0XR6TBgkL71VoGrlaezADzhHu9i5yBwbNCuiE2CYcS5IuDf+ +GkoKGtWeLbXTXccWOaIItSzlVUcJx3D009kTXeLEo2T1RPpz41LMvqWkUlZg4CA1 +zMAcudsXDtXGJEvS3dZAaiUUdASktzNL/ltuW/CXITJ0V7UjmA0pOyLDOQARAQAB +tBlsYXNzdWx1cyA8bGFzc0BsYXNzdWwudXM+iQI3BBMBCAAhBQJXFkIRAhsDBQsJ +CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEInoKVKXan5NFVsP/RfU4dychz5eadnN +/iCybL2eXCkpNbSJaPVqKKmBqY4oDEqK0NekwgOiWXFuFI6BpNyTW5z1a2PaBgF2 +bG5K/k/aGnzUUqH+LhtMCYr90UjJPtsrgi+C5poL4e2EsPN1SASSOSYFtYY1EQCe +NcYut2foM/PjviJKuS9t/kJxmZn8Vi3+qQKSwys219IQuXqos44aihjnwEL+TR6D +MgcDCW2QSCqB5kfksjustSihDck8ZkT+nISTrSdZVPzROcyBeswN/UqjOUBZd1p1 +sO7SqDaBnzovRD3G4kyscepPWChnOFCIq9tuE2Mai2QliQ4q1Bn0+8uhLPLG+nQI +leL/6pFXY9ecjmpqrSAXEysDUgfpiqJzDtv8WC3fY7wl88/ROiHrgF8x5P4PmUMl +oTfe+BGQar6BNV3rStPsW6Ogm6Mu6WNVXCRIJboM+ev3JdVSGF/ehnmb06EGCIrI +ahWbMViDSAjOvM92By/RJkP8ADCN2ezvdf86Ubyib5EyRoleu0WHvtO1mLQn0pIP +cYCGXrnQlkduC7ENS942hLUq976LPH1ZatM26gaN1MKxN03v+6e9E6jtxUH3wWk1 +oDGddTl+zu4fqUxEAA391sPMhp+DTVxXmPKvpnJivKAsL2Hkg0vKQt6VQNEv2Lgm +G8vdqOcapWLBcddR9d0DpFgkZNQCuQINBFcWQhEBEADgv6HfZQyxuiFpHQbt59s4 +7mA4AmzgjA1GiS73xo16qjwLieKPJWlrgPk4OOwqQpdygZ9LAhH+FIqcGo4wCNKL +1qiMQeQcFOACvLOfxpv8F1TkOc9IbQUoMPxXEYRK/c0ZtaWpe8dy4QL3tDwS/ovk +sCZBpvXdpJXDuccfTQ23UPozWKs21JAIKqbO7p5n86VGr0Co07xmBsxOK6ylK8YM +ftBjugfbxfmFApW2lAsjeDe7J5RY6W5NaeMg/IxTy6wkfoz1UjwtQaRvp1XbWqPz +Ib+mx8AeRQQXzuVKxS20ZVgazSZHg1PYu9PoKTIWK0NLd68CydcQ4q6F3PjNytFH +tDM13q5kWmTU0yFy2OWvy4JAq2z02C+Z+/+nffp0ZfsdEeVNm5ZvlDLmOYMWFzDj +OScYgBYIAvAs3pYV+xl6pxvdTyI3JXed7Q889e36TC3mwUIR4sL+oOfctA7Swzkr +aU8uMCwIE6ppGsxIcXQt15sUjgM5THXzAQXVkbM8i1x9F0JjP7bFMWcIP1pmqcaO +6znM2D/wocY+RO3xYj0GLFgRBW2O/pJUWrWHInpO3mrwZeRMGZix5nZH8U6cvfD5 +9SwIVdyKj6sZklcS2JJclBDrAudYUbckAuV7KI1ZWcU4kVS3joYdWcFQO3vOxJW5 +mGXML9roJXeXN664iNBgpQARAQABiQIfBBgBCAAJBQJXFkIRAhsMAAoJEInoKVKX +an5NGhcP/jkeR/fYPYuYEUWLGBxq2hFhwMssiJ+pwx5Nj+Kh9rLm90LBLCcwBVu0 +ILbaePkPCmin8p9F+AOy11DsWb5lBrlyUqU6+ID9nY/WbNL5ZYl6zIBmuYQ5qFEA +n5NQD6hLllC6wyOqIeKXrnkvFJMW8+W0aYRQh7hhpAzyJz9gawXWvWY45NhWl3Tm +S3LfJbA5nM6uZvO0VU7LERgfwTgPSjMwYVQGtktndy9N4Avi1N02l5BEmuZoXwTC +oQuW6LiAPGE2ztXztyNGnUYUAGMWl22UTezqfU/aOG9Qum+QebwTgBUH4pTgLiV/ +pWxXib517wGkect/0Yd+zcya8lA7x1EzFFMb3i4ToawIz76I2ncIlpC2q31x2nVI +6fBW4kfu8AR7XW9Yyv+plIuva1AeTf+sMc7FSb5CpOmjjLpUfQ96vZvQwarcEip7 +UmOBoAoFdhtwJotskBOje52AUgDIBWZrIfH1bq7/NjAO73UdR1mJkOpY01qQXkED +TiLeIBGYqseCbnJNi1PVOVNEOT4Up3/RSjpAu8dBrXKqx7yS8bKlVk3RsIDlgyb4 +rWMc88uBl57YsjSnQN36LN7j0hPpb0TAD1OsPI1pepsKUAPZKA2EAyLXKyQ3oLqN +DWU4ZWpIi8+RKm3UpWgQ9qN4tuRHvVX/AQjEW1LkhfmR2VIqnrkv +=fgFG -----END PGP PUBLIC KEY BLOCK----- From 90f8f75a2c751efc57679d3c79d77c016062a7d7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Apr 2016 16:57:56 +0200 Subject: [PATCH 064/135] l 2 mail: add gpg stuff --- lass/2configs/mail.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index e29b6d9b2..3c7dfcaf6 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -15,6 +15,13 @@ let ''; muttrc = pkgs.writeText "muttrc" '' + # gpg + source ${pkgs.mutt-kz}/share/doc/mutt-kz/samples/gpg.rc + set pgp_use_gpg_agent = yes + set pgp_sign_as = 0x976A7E4D + set crypt_autosign = yes + set crypt_replyencrypt = yes + # notmuch set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir set nm_record = yes From b8aee5d8f5c325f7b3b01201aadbe048aa2e5bda Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 20 Apr 2016 13:58:10 +0200 Subject: [PATCH 065/135] l 2 default: add iftop to pkgs --- lass/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 8c6078ba5..2f6ffa18e 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -104,6 +104,7 @@ with config.krebs.lib; #network iptables + iftop #stuff for dl aria2 From 18775d670660df408bb8310daa8b507b3b1a3f87 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 20 Apr 2016 13:59:22 +0200 Subject: [PATCH 066/135] l 3: add mysql-backup --- lass/3modules/default.nix | 4 +- lass/3modules/mysql-backup.nix | 86 ++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+), 2 deletions(-) create mode 100644 lass/3modules/mysql-backup.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index f891498c2..71e39d874 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -1,11 +1,11 @@ _: { imports = [ - ./xresources.nix ./folderPerms.nix + ./mysql-backup.nix ./per-user.nix ./urxvtd.nix - ./xresources.nix ./wordpress_nginx.nix + ./xresources.nix ]; } diff --git a/lass/3modules/mysql-backup.nix b/lass/3modules/mysql-backup.nix new file mode 100644 index 000000000..d2ae67171 --- /dev/null +++ b/lass/3modules/mysql-backup.nix @@ -0,0 +1,86 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.lass.mysqlBackup; + + out = { + options.lass.mysqlBackup = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "mysqlBackup"; + config = mkOption { + type = with types; attrsOf (submodule ({ config, ... }: { + options = { + name = mkOption { + type = types.str; + default = config._module.args.name; + }; + startAt = mkOption { + type = with types; nullOr str; # TODO systemd.time(7)'s calendar event + default = "*-*-* 01:15:00"; + }; + user = mkOption { + type = str; + default = "root"; + }; + password = mkOption { + type = nullOr str; + default = null; + description = '' + path to a file containing the mysqlPassword for the specified user. + ''; + }; + databases = mkOption { + type = listOf str; + default = []; + }; + location = mkOption { + type = str; + default = "/bku/sql_dumps"; + }; + }; + })); + description = "configuration for mysqlBackup"; + }; + }; + + imp = { + + #systemd.timers = + # mapAttrs (_: plan: { + # wantedBy = [ "timers.target" ]; + # timerConfig = plan.timerConfig; + #}) cfg.config; + + systemd.services = + mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" { + path = with pkgs; [ + mysql + gzip + ]; + serviceConfig = rec { + ExecStart = start plan; + SyslogIdentifier = ExecStart.name; + Type = "oneshot"; + User = plan.user; + }; + startAt = plan.startAt; + }) cfg.config; + }; + + + start = plan: let + backupScript = plan: db: + "mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz"; + + in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" '' + ${concatMapStringsSep "\n" (backupScript plan) plan.databases} + ''; + + +in out From 20d4383d1f0ed484e402478d92da24d4aed44285 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 20 Apr 2016 13:59:49 +0200 Subject: [PATCH 067/135] l 2 websites: use lass.mysqlBackup --- lass/2configs/websites/domsen.nix | 10 ++++++++++ lass/2configs/websites/fritz.nix | 18 +++++++----------- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index caaee96bb..a6fdad645 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -38,6 +38,16 @@ in { rootPassword = toString (); }; + lass.mysqlBackup = { + enable = true; + config.domsen = { + password = toString (); + databases = [ + "ubikmedia_de" + "o_ubikmedia_de" + ]; + }; + }; services.mysqlBackup = { enable = true; databases = [ diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 0eff39908..b02c2e878 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -44,12 +44,14 @@ in { rootPassword = toString (); }; - services.mysqlBackup = { + lass.mysqlBackup = { enable = true; - databases = [ - "eastuttgart_de" - ]; - location = "/bku/sql_dumps"; + config.fritz = { + password = toString (); + databases = [ + "eastuttgart_de" + ]; + }; }; #lass.owncloud = { @@ -57,10 +59,4 @@ in { # instanceid = "oc8n8ddbftgh"; # }; #}; - - #services.mysql = { - # enable = true; - # package = pkgs.mariadb; - # rootPassword = toString (); - #}; } From f0291b0f6001f9bf050b1fd4ba0001f46d2911e4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 20 Apr 2016 16:36:29 +0200 Subject: [PATCH 068/135] l 2: add krebs-pass --- lass/2configs/krebs-pass.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 lass/2configs/krebs-pass.nix diff --git a/lass/2configs/krebs-pass.nix b/lass/2configs/krebs-pass.nix new file mode 100644 index 000000000..a605bc84b --- /dev/null +++ b/lass/2configs/krebs-pass.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: + +let + + #TODO: tab-completion + krebs-pass = pkgs.writeDashBin "krebs-pass" '' + PASSWORD_STORE_DIR=$HOME/.krebs-pass \ + exec ${pkgs.pass}/bin/pass $@ + ''; + + krebs-passmenu = pkgs.writeDashBin "krebs-passmenu" '' + PASSWORD_STORE_DIR=$HOME/.krebs-pass \ + exec ${pkgs.pass}/bin/passmenu $@ + ''; + +in { + krebs.per-user.lass.packages = [ + krebs-pass + krebs-passmenu + ]; +} From d4cb24edb28d4662b98a7f1dc4bf4ed8b4e89f23 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 20 Apr 2016 16:45:15 +0200 Subject: [PATCH 069/135] l 1 mors: add krebs-pass --- lass/1systems/mors.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index e0efa4cb3..39225abf5 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -28,6 +28,7 @@ ../2configs/fetchWallpaper.nix ../2configs/cbase.nix ../2configs/mail.nix + ../2configs/krebs-pass.nix #../2configs/buildbot-standalone.nix { #risk of rain port From 99b8bfeaec5f3d70148354f128568e15be249b9d Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 25 Apr 2016 15:25:04 +0200 Subject: [PATCH 070/135] l: use i3lock instead of slock --- lass/2configs/xserver/default.nix | 5 +---- lass/5pkgs/xmonad-lass/Main.hs | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 30afd787e..fbae9741f 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -40,10 +40,6 @@ let }; }; - security.setuidPrograms = [ - "slock" - ]; - systemd.services.display-manager.enable = false; services.xserver.enable = true; @@ -96,6 +92,7 @@ let set -efu export PATH; PATH=${makeSearchPath "bin" ([ pkgs.rxvt_unicode + pkgs.i3lock ] ++ config.environment.systemPackages)}:/var/setuid-wrappers settle() {( # Use PATH for a clean journal diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs index 503df3be7..4c267359c 100644 --- a/lass/5pkgs/xmonad-lass/Main.hs +++ b/lass/5pkgs/xmonad-lass/Main.hs @@ -119,7 +119,7 @@ displaySomeException = displayException myKeyMap = - [ ("M4-", spawn "/var/setuid-wrappers/slock") + [ ("M4-", spawn "i3lock -i /tmp/wallpaper.png -f") , ("M4-p", spawn "passmenu --type") --, ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"") , ("", spawn "pactl -- set-sink-volume 0 +4%") From c53e97a0240c566aa73b257d9e59c0dffa224a68 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 25 Apr 2016 15:25:47 +0200 Subject: [PATCH 071/135] l: clean up xmonad config --- lass/2configs/xserver/default.nix | 7 +- lass/5pkgs/xmonad-lass/Main.hs | 148 ++++++------------ .../xmonad-lass/Util/PerWorkspaceConfig.hs | 52 ------ 3 files changed, 46 insertions(+), 161 deletions(-) delete mode 100644 lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index fbae9741f..5b89da093 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -78,12 +78,7 @@ let # XXX JSON is close enough :) XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ - "cr" - "gm" - "ff" - "IM" - "mail" - "stockholm" + "dashboard" ]); }; diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs index 4c267359c..577dc6fe6 100644 --- a/lass/5pkgs/xmonad-lass/Main.hs +++ b/lass/5pkgs/xmonad-lass/Main.hs @@ -5,48 +5,31 @@ module Main where - -import Control.Exception -import Text.Read (readEither) import XMonad -import System.IO (hPutStrLn, stderr) -import System.Environment (getArgs, withArgs, getEnv, getEnvironment) -import System.Posix.Process (executeFile) -import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace - , removeEmptyWorkspace) -import XMonad.Actions.GridSelect -import XMonad.Actions.CycleWS (toggleWS) ---import XMonad.Actions.CopyWindow ( copy ) -import XMonad.Layout.NoBorders ( smartBorders ) + import qualified XMonad.StackSet as W -import Data.Map (Map) -import qualified Data.Map as Map --- TODO import XMonad.Layout.WorkspaceDir -import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) --- import XMonad.Layout.Tabbed ---import XMonad.Layout.MouseResizableTile -import XMonad.Layout.Reflect (reflectVert) -import XMonad.Layout.FixedColumn (FixedColumn(..)) -import XMonad.Hooks.Place (placeHook, smart) -import XMonad.Hooks.FloatNext (floatNextHook) -import XMonad.Actions.PerWorkspaceKeys (chooseAction) -import XMonad.Layout.PerWorkspace (onWorkspace) ---import XMonad.Layout.BinarySpacePartition -import XMonad.Util.EZConfig (additionalKeysP) - -import XMonad.Prompt (autoComplete, defaultXPConfig, XPConfig, mkXPrompt) -import XMonad.Hooks.UrgencyHook (focusUrgent, withUrgencyHook, urgencyBorderColor, BorderUrgencyHook(BorderUrgencyHook)) -import XMonad.Actions.DynamicWorkspaces (addWorkspacePrompt, removeEmptyWorkspace, renameWorkspace, withWorkspace) -import XMonad.Hooks.FloatNext (floatNext, floatNextHook) -import XMonad.Prompt.Workspace +import Control.Exception +import Data.List (isInfixOf) +import System.Environment (getArgs, withArgs, getEnv) +import System.IO (hPutStrLn, stderr) +import Text.Read (readEither) import XMonad.Actions.CopyWindow (copy, kill1) -import qualified Data.Map as M -import XMonad.Hooks.ManageDocks (avoidStruts, manageDocks, ToggleStruts(ToggleStruts)) - ---import XMonad.Actions.Submap -import XMonad.Stockholm.Pager -import XMonad.Stockholm.Rhombus -import XMonad.Stockholm.Shutdown +import XMonad.Actions.CycleWS (toggleWS) +import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) +import XMonad.Actions.DynamicWorkspaces (withWorkspace) +import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch) +import XMonad.Hooks.FloatNext (floatNext) +import XMonad.Hooks.FloatNext (floatNextHook) +import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) +import XMonad.Hooks.Place (placeHook, smart) +import XMonad.Hooks.UrgencyHook (focusUrgent) +import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) +import XMonad.Layout.FixedColumn (FixedColumn(..)) +import XMonad.Layout.NoBorders ( smartBorders ) +import XMonad.Prompt (autoComplete, searchPredicate, XPConfig) +import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) +import XMonad.Stockholm.Shutdown (sendShutdownEvent, handleShutdownEvent) +import XMonad.Util.EZConfig (additionalKeysP) myTerm :: String @@ -67,18 +50,12 @@ mainNoArgs :: IO () mainNoArgs = do workspaces0 <- getWorkspaces0 xmonad' - -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 } - -- urgencyConfig { remindWhen = Every 1 } - -- $ withUrgencyHook borderUrgencyHook "magenta" - -- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never } $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") $ def { terminal = myTerm , modMask = mod4Mask , workspaces = workspaces0 , layoutHook = smartBorders $ myLayoutHook - -- , handleEventHook = myHandleEventHooks <+> handleTimerEvent - --, handleEventHook = handleTimerEvent , manageHook = placeHook (smart (1,0)) <+> floatNextHook , startupHook = spawn "echo emit XMonadStartup" , normalBorderColor = "#1c1c1c" @@ -118,19 +95,19 @@ displaySomeException :: SomeException -> String displaySomeException = displayException +myKeyMap :: [([Char], X ())] myKeyMap = [ ("M4-", spawn "i3lock -i /tmp/wallpaper.png -f") , ("M4-p", spawn "passmenu --type") - --, ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"") , ("", spawn "pactl -- set-sink-volume 0 +4%") , ("", spawn "pactl -- set-sink-volume 0 -4%") , ("", spawn "pactl -- set-sink-mute 0 toggle") , ("", spawn "pactl -- set-source-mute 1 toggle") - , ("", gridselectWorkspace myWSConfig W.view) + , ("", gridselectWorkspace gridConfig W.view) , ("M4-a", focusUrgent) - , ("M4-S-r", renameWorkspace defaultXPConfig) - , ("M4-S-a", addWorkspacePrompt defaultXPConfig) + , ("M4-S-r", renameWorkspace def) + , ("M4-S-a", addWorkspacePrompt def) , ("M4-S-", removeEmptyWorkspace) , ("M4-S-c", kill1) , ("M4-", toggleWS) @@ -139,66 +116,31 @@ myKeyMap = , ("M4-f", floatNext True) , ("M4-b", sendMessage ToggleStruts) - , ("M4-v", withWorkspace myXPConfig (windows . W.view)) - , ("M4-S-v", withWorkspace myXPConfig (windows . W.shift)) - , ("M4-C-v", withWorkspace myXPConfig (windows . copy)) + , ("M4-v", withWorkspace autoXPConfig (windows . W.view)) + , ("M4-S-v", withWorkspace autoXPConfig (windows . W.shift)) + , ("M4-C-v", withWorkspace autoXPConfig (windows . copy)) - -- , (_4 , xK_q ) & \k -> (k, goToSelected myCNConfig { gs_navigate = makeGSNav k } ) - -- , (_4S, xK_q ) & \k -> (k, bringSelected myCNConfig { gs_navigate = makeGSNav k } ) - -- , (_4C, xK_q ) & \k -> (k, withSelectedWindow ( \a -> get >>= \s -> put s { windowset = copyWindow a (W.tag $ W.workspace $ W.current $ windowset s) (windowset s) } ) myCNConfig { gs_navigate = makeGSNav k } ) + , ("M4-q", windowPromptGoto infixAutoXPConfig) + , ("M4-C-q", windowPromptBringCopy infixAutoXPConfig) - --, ("M4-", perWorkspaceAction workspaceConfigs) , ("M4-S-q", return ()) ] -myGSConfig = defaultGSConfig - { gs_cellheight = 50 +autoXPConfig :: XPConfig +autoXPConfig = def + { autoComplete = Just 5000 + } + +infixAutoXPConfig :: XPConfig +infixAutoXPConfig = autoXPConfig + { searchPredicate = isInfixOf + } + +gridConfig :: GSConfig WorkspaceId +gridConfig = def + { gs_cellwidth = 50 + , gs_cellheight = 50 , gs_cellpadding = 2 , gs_navigate = navNSearch , gs_font = myFont } - -myXPConfig :: XPConfig -myXPConfig = defaultXPConfig - { autoComplete = Just 5000 - } - -myWSConfig = myGSConfig - { gs_cellwidth = 50 - } - -pagerConfig :: PagerConfig -pagerConfig = def - { pc_font = myFont - , pc_cellwidth = 64 - --, pc_cellheight = 36 -- TODO automatically keep screen aspect - --, pc_borderwidth = 1 - --, pc_matchcolor = "#f0b000" - , pc_matchmethod = MatchPrefix - --, pc_colors = pagerWorkspaceColors - , pc_windowColors = windowColors - } - where - windowColors _ _ _ True _ = ("#ef4242","#ff2323") - windowColors wsf m c u wf = do - let y = defaultWindowColors wsf m c u wf - if m == False && wf == True - then ("#402020", snd y) - else y - -wGSConfig :: GSConfig Window -wGSConfig = def - { gs_cellheight = 20 - , gs_cellwidth = 192 - , gs_cellpadding = 5 - , gs_font = myFont - , gs_navigate = navNSearch - } - - -(&) :: a -> (a -> c) -> c -(&) = flip ($) - -allWorkspaceNames :: W.StackSet i l a sid sd -> X [i] -allWorkspaceNames ws = - return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws] diff --git a/lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs b/lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs deleted file mode 100644 index bba7c8c60..000000000 --- a/lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs +++ /dev/null @@ -1,52 +0,0 @@ -module Util.PerWorkspaceConfig - ( WorkspaceConfig (..) - , WorkspaceConfigs - , switchToWorkspace - , defaultWorkspaceConfig - , perWorkspaceAction - , perWorkspaceTermAction --- , myLayoutHack - ) -where - -import XMonad -import XMonad.Core (LayoutClass) -import Control.Monad (when) - -import qualified Data.Map as M -import qualified XMonad.StackSet as W - -data WorkspaceConfig l = - WorkspaceConfig - { switchAction :: X () - , startAction :: X () - , keyAction :: X () - , termAction :: X () - } - -type WorkspaceConfigs l = M.Map WorkspaceId (WorkspaceConfig l) - -defaultWorkspaceConfig = WorkspaceConfig - { switchAction = return () - , startAction = return () - , keyAction = return () - , termAction = spawn "urxvtc" - } - -whenLookup wsId cfg a = - when (M.member wsId cfg) (a $ cfg M.! wsId) - -switchToWorkspace :: WorkspaceConfigs l -> WorkspaceId -> X () -switchToWorkspace cfg wsId = do - windows $ W.greedyView wsId - wins <- gets (W.integrate' . W.stack . W.workspace . W.current . windowset) - when (null wins) $ whenLookup wsId cfg startAction - whenLookup wsId cfg switchAction - -perWorkspaceAction :: WorkspaceConfigs l -> X () -perWorkspaceAction cfg = withWindowSet $ \s -> whenLookup (W.currentTag s) cfg keyAction - -perWorkspaceTermAction :: WorkspaceConfigs l -> X () -perWorkspaceTermAction cfg = withWindowSet $ \s -> case M.lookup (W.currentTag s) cfg of - Just x -> termAction x - _ -> termAction defaultWorkspaceConfig From 55e6a59afc94136d994e8041390d4ce2fb2ac9df Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 25 Apr 2016 16:31:08 +0200 Subject: [PATCH 072/135] l 5 xmonad-lass: add minimize windows --- lass/5pkgs/xmonad-lass/Main.hs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs index 577dc6fe6..fe39da4f0 100644 --- a/lass/5pkgs/xmonad-lass/Main.hs +++ b/lass/5pkgs/xmonad-lass/Main.hs @@ -25,7 +25,9 @@ import XMonad.Hooks.Place (placeHook, smart) import XMonad.Hooks.UrgencyHook (focusUrgent) import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) import XMonad.Layout.FixedColumn (FixedColumn(..)) +import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin)) import XMonad.Layout.NoBorders ( smartBorders ) +import XMonad.Operations (withFocused) import XMonad.Prompt (autoComplete, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) import XMonad.Stockholm.Shutdown (sendShutdownEvent, handleShutdownEvent) @@ -65,7 +67,7 @@ mainNoArgs = do myLayoutHook = defLayout where - defLayout = (avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 + defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1) xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO () @@ -120,6 +122,9 @@ myKeyMap = , ("M4-S-v", withWorkspace autoXPConfig (windows . W.shift)) , ("M4-C-v", withWorkspace autoXPConfig (windows . copy)) + , ("M4-m", withFocused minimizeWindow) + , ("M4-S-m", sendMessage RestoreNextMinimizedWin) + , ("M4-q", windowPromptGoto infixAutoXPConfig) , ("M4-C-q", windowPromptBringCopy infixAutoXPConfig) From 42b649ddfc0cd24078a8da334e15e8184dddc491 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 25 Apr 2016 16:31:37 +0200 Subject: [PATCH 073/135] l 5 xmonad-lass: show xmonad state on resume --- lass/5pkgs/xmonad-lass/Main.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs index fe39da4f0..2415b9d83 100644 --- a/lass/5pkgs/xmonad-lass/Main.hs +++ b/lass/5pkgs/xmonad-lass/Main.hs @@ -75,7 +75,7 @@ xmonad' conf = do path <- getEnv "XMONAD_STATE" try (readFile path) >>= \case Right content -> do - hPutStrLn stderr ("resuming from " ++ path) + hPutStrLn stderr ("resuming from " ++ path ++ "; state = " ++ show content) withArgs ("--resume" : lines content) (xmonad conf) Left e -> do hPutStrLn stderr (displaySomeException e) From 842970689be67f4ee8f830ede48aa701b2b17402 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 25 Apr 2016 17:04:09 +0200 Subject: [PATCH 074/135] l 2 backups: backup prism bitlbee --- lass/2configs/backups.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix index ca9ff20a1..81dd14ebd 100644 --- a/lass/2configs/backups.nix +++ b/lass/2configs/backups.nix @@ -47,6 +47,18 @@ with config.krebs.lib; dst = { host = config.krebs.hosts.uriel; path = "/bku/dishfire-sql"; }; startAt = "03:25"; }; + prism-bitlbee-mors = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; }; + dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; }; + startAt = "03:25"; + }; + prism-bitlbee-uriel = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; }; + dst = { host = config.krebs.hosts.uriel; path = "/bku/prism-bitlbee"; }; + startAt = "03:25"; + }; prism-chat-mors = { method = "pull"; src = { host = config.krebs.hosts.prism; path = "/home/chat"; }; From 0266f17bdd9f197234465143de5e558cb6990556 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 25 Apr 2016 17:24:54 +0200 Subject: [PATCH 075/135] l 5 xmonad-lass: style & warnings --- lass/5pkgs/xmonad-lass/Main.hs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs index 2415b9d83..1385be33c 100644 --- a/lass/5pkgs/xmonad-lass/Main.hs +++ b/lass/5pkgs/xmonad-lass/Main.hs @@ -26,8 +26,7 @@ import XMonad.Hooks.UrgencyHook (focusUrgent) import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin)) -import XMonad.Layout.NoBorders ( smartBorders ) -import XMonad.Operations (withFocused) +import XMonad.Layout.NoBorders (smartBorders) import XMonad.Prompt (autoComplete, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) import XMonad.Stockholm.Shutdown (sendShutdownEvent, handleShutdownEvent) From a8dc3819fe4946d3e998bb4e048ef166ccf40e08 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 25 Apr 2016 17:37:06 +0200 Subject: [PATCH 076/135] l 2 websites fritz: enable ssl --- lass/2configs/websites/fritz.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index b02c2e878..632aa1e89 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -31,10 +31,10 @@ in { #( manageCerts [ "eab.berkeley.edu" ]) #( servePage [ "eab.berkeley.edu" ]) - ( manageCerts [ "eastuttgart.de" ]) + ( ssl [ "eastuttgart.de" ]) ( serveWordpress [ "eastuttgart.de" ]) - ( manageCerts [ "habsys.de" "habsys.eu" ]) + ( ssl [ "habsys.de" "habsys.eu" ]) ( servePage [ "habsys.de" "habsys.eu" ]) ]; From e2683844b48cfc1c2e37bc5c3cb116d6782eb593 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 25 Apr 2016 17:57:32 +0200 Subject: [PATCH 077/135] l 5 xmonad-lass: use wallpaper from /var/lib/.. --- lass/5pkgs/xmonad-lass/Main.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs index 1385be33c..277034240 100644 --- a/lass/5pkgs/xmonad-lass/Main.hs +++ b/lass/5pkgs/xmonad-lass/Main.hs @@ -98,7 +98,7 @@ displaySomeException = displayException myKeyMap :: [([Char], X ())] myKeyMap = - [ ("M4-", spawn "i3lock -i /tmp/wallpaper.png -f") + [ ("M4-", spawn "i3lock -i /var/lib/wallpaper/wallpaper -f") , ("M4-p", spawn "passmenu --type") , ("", spawn "pactl -- set-sink-volume 0 +4%") , ("", spawn "pactl -- set-sink-volume 0 -4%") From 558eede973a0c14e93daa695e2d9a595091d14e4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 27 Apr 2016 01:31:26 +0200 Subject: [PATCH 078/135] k 3 fetchWallpaper: use writeDash --- krebs/3modules/fetchWallpaper.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 53fe0839d..e6bb06a95 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -40,9 +40,7 @@ let }; }; - fetchWallpaperScript = pkgs.writeScript "fetchWallpaper" '' - #! ${pkgs.bash}/bin/bash - + fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" '' mkdir -p ${shell.escape cfg.stateDir} curl -s -o ${shell.escape cfg.stateDir}/wallpaper -z ${shell.escape cfg.stateDir}/wallpaper ${shell.escape cfg.url} feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper From 64f493ccbf31f824d0c60821546644d6e0b3d842 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 27 Apr 2016 12:45:08 +0200 Subject: [PATCH 079/135] l 2 pass: install pass only for lass --- lass/2configs/pass.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 610887621..5bd2f2f7f 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - environment.systemPackages = with pkgs; [ + krebs.per-user.lass.packages = with pkgs; [ pass gnupg1 ]; From 2067d4efe941439d8ead5a452b20e96905bea020 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 27 Apr 2016 12:47:31 +0200 Subject: [PATCH 080/135] l 1 helios: mount /bku --- lass/1systems/helios.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 0c7c0d8e3..2437d4c6d 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -53,6 +53,11 @@ with builtins; "/boot" = { device = "/dev/sda1"; }; + + "/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; }; #services.udev.extraRules = '' From 85a8e38057d3b9aaa2efb8eb39f2360a066bf898 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 27 Apr 2016 12:47:53 +0200 Subject: [PATCH 081/135] l 2 backups: add helios backup plans --- lass/2configs/backups.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix index 81dd14ebd..7d3046d43 100644 --- a/lass/2configs/backups.nix +++ b/lass/2configs/backups.nix @@ -107,5 +107,29 @@ with config.krebs.lib; dst = { host = config.krebs.hosts.uriel; path = "/bku/mors-home"; }; startAt = "05:00"; }; + dishfire-http-helios = { + method = "pull"; + src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; + dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-http"; }; + startAt = "12:00"; + }; + dishfire-sql-helios = { + method = "pull"; + src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; + dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-sql"; }; + startAt = "12:15"; + }; + prism-sql-helios = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; + dst = { host = config.krebs.hosts.helios; path = "/bku/prism-sql_dumps"; }; + startAt = "12:30"; + }; + prism-http-helios = { + method = "pull"; + src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; + dst = { host = config.krebs.hosts.helios; path = "/bku/prism-http"; }; + startAt = "12:45"; + }; }; } From e5a82d2a2bf7f21f88c06c6e01647cddb92e063e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 27 Apr 2016 12:48:50 +0200 Subject: [PATCH 082/135] l 1 helios: import fetchWallpaper --- lass/1systems/helios.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 2437d4c6d..97f03870c 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -10,6 +10,7 @@ with builtins; ../2configs/programs.nix ../2configs/git.nix ../2configs/pass.nix + ../2configs/fetchWallpaper.nix #{ # users.extraUsers = { # root = { From ee438ee8b638feb286d229f0df3fb7592afddde6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 27 Apr 2016 12:49:21 +0200 Subject: [PATCH 083/135] l 1 helios: import backups --- lass/1systems/helios.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 97f03870c..bc210c995 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -11,6 +11,7 @@ with builtins; ../2configs/git.nix ../2configs/pass.nix ../2configs/fetchWallpaper.nix + ../2configs/backups.nix #{ # users.extraUsers = { # root = { From 6e85a853cbbf0179e24ef13b19fa409779b4fb77 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 27 Apr 2016 12:49:47 +0200 Subject: [PATCH 084/135] l 2 websites fritz: activate new domains --- lass/2configs/websites/fritz.nix | 37 ++++++++++++++------------------ 1 file changed, 16 insertions(+), 21 deletions(-) diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 632aa1e89..e35615040 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -10,26 +10,23 @@ let in { imports = [ - #( manageCerts [ "biostase.de" ]) - #( servePage [ "biostase.de" ]) + ( manageCerts [ "biostase.de" "www.biostase.de" ]) + #( serveWordpress [ "biostase.de" "www.biostase.de" ]) - #( manageCerts [ "gs-maubach.de" ]) - #( servePage [ "gs-maubach.de" ]) + ( manageCerts [ "radical-dreamers.de" ]) + ( serveWordpress [ "radical-dreamers.de" ]) - #( manageCerts [ "spielwaren-kern.de" ]) - #( servePage [ "spielwaren-kern.de" ]) + ( manageCerts [ "gs-maubach.de" ]) + ( serveWordpress [ "gs-maubach.de" ]) - #( manageCerts [ "societyofsimtech.de" ]) - #( servePage [ "societyofsimtech.de" ]) + ( manageCerts [ "spielwaren-kern.de" ]) + ( serveWordpress [ "spielwaren-kern.de" ]) - #( manageCerts [ "ttf-kleinaspach.de" ]) - #( servePage [ "ttf-kleinaspach.de" ]) + ( manageCerts [ "familienpraxis-korntal.de" ]) + ( servePage [ "familienpraxis-korntal.de" ]) - #( manageCerts [ "edsn.de" ]) - #( servePage [ "edsn.de" ]) - - #( manageCerts [ "eab.berkeley.edu" ]) - #( servePage [ "eab.berkeley.edu" ]) + ( manageCerts [ "ttf-kleinaspach.de" ]) + ( serveWordpress [ "ttf-kleinaspach.de" ]) ( ssl [ "eastuttgart.de" ]) ( serveWordpress [ "eastuttgart.de" ]) @@ -49,14 +46,12 @@ in { config.fritz = { password = toString (); databases = [ + "biostase_de" "eastuttgart_de" + "radical_dreamers_de" + "spielwaren_kern_de" + "ttf_kleinaspach_de" ]; }; }; - - #lass.owncloud = { - # "o.ubikmedia.de" = { - # instanceid = "oc8n8ddbftgh"; - # }; - #}; } From 468be84c69e0b0fcdfd9388ef67f3f352b0c2e0d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 27 Apr 2016 12:51:07 +0200 Subject: [PATCH 085/135] l 2 xserver: add pulseaudioLight to pkgs --- lass/2configs/xserver/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 5b89da093..2252e3e4e 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -88,6 +88,7 @@ let export PATH; PATH=${makeSearchPath "bin" ([ pkgs.rxvt_unicode pkgs.i3lock + pkgs.pulseaudioLight ] ++ config.environment.systemPackages)}:/var/setuid-wrappers settle() {( # Use PATH for a clean journal From 1cc4fb02187f51dd0bec89bf53b8d88e6bae8ebe Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 27 Apr 2016 12:51:47 +0200 Subject: [PATCH 086/135] l: add brightness controls to xmonad --- lass/2configs/xserver/default.nix | 1 + lass/5pkgs/xmonad-lass/Main.hs | 2 ++ 2 files changed, 3 insertions(+) diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 2252e3e4e..e775a575d 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -89,6 +89,7 @@ let pkgs.rxvt_unicode pkgs.i3lock pkgs.pulseaudioLight + pkgs.xorg.xbacklight ] ++ config.environment.systemPackages)}:/var/setuid-wrappers settle() {( # Use PATH for a clean journal diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs index 277034240..3b9f22c18 100644 --- a/lass/5pkgs/xmonad-lass/Main.hs +++ b/lass/5pkgs/xmonad-lass/Main.hs @@ -105,6 +105,8 @@ myKeyMap = , ("", spawn "pactl -- set-sink-mute 0 toggle") , ("", spawn "pactl -- set-source-mute 1 toggle") , ("", gridselectWorkspace gridConfig W.view) + , ("", spawn "xbacklight -steps 1 -time 1 -inc 3") + , ("", spawn "xbacklight -steps 1 -time 1 -dec 3") , ("M4-a", focusUrgent) , ("M4-S-r", renameWorkspace def) From 4b389a3569a14a6a81f4b22d72e676843408b29e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 27 Apr 2016 12:52:16 +0200 Subject: [PATCH 087/135] l 5 mk_sql_pair: fix indent --- lass/5pkgs/mk_sql_pair/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lass/5pkgs/mk_sql_pair/default.nix b/lass/5pkgs/mk_sql_pair/default.nix index a9f0d2797..738a8daf6 100644 --- a/lass/5pkgs/mk_sql_pair/default.nix +++ b/lass/5pkgs/mk_sql_pair/default.nix @@ -12,8 +12,8 @@ pkgs.writeScriptBin "mk_sql_pair" '' fi cat < Date: Wed, 27 Apr 2016 12:53:06 +0200 Subject: [PATCH 088/135] l 5 xmonad-lass: remove unused code --- lass/5pkgs/xmonad-lass/Main.hs | 3 --- 1 file changed, 3 deletions(-) diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs index 3b9f22c18..ddf7b4e6e 100644 --- a/lass/5pkgs/xmonad-lass/Main.hs +++ b/lass/5pkgs/xmonad-lass/Main.hs @@ -36,9 +36,6 @@ import XMonad.Util.EZConfig (additionalKeysP) myTerm :: String myTerm = "urxvtc" -myRootTerm :: String -myRootTerm = "urxvtc -name root-urxvt -e su -" - myFont :: String myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" From 8014c485507bcf32c52ffe179b25b6b45e705afd Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 27 Apr 2016 12:53:59 +0200 Subject: [PATCH 089/135] l 5 xmonad-lass: change GridSelect size --- lass/5pkgs/xmonad-lass/Main.hs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs index ddf7b4e6e..d7c66bf4d 100644 --- a/lass/5pkgs/xmonad-lass/Main.hs +++ b/lass/5pkgs/xmonad-lass/Main.hs @@ -141,8 +141,8 @@ infixAutoXPConfig = autoXPConfig gridConfig :: GSConfig WorkspaceId gridConfig = def - { gs_cellwidth = 50 - , gs_cellheight = 50 + { gs_cellwidth = 100 + , gs_cellheight = 30 , gs_cellpadding = 2 , gs_navigate = navNSearch , gs_font = myFont From d811a50f7cc7c491a4ed2748161d308c848e3875 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 27 Apr 2016 13:07:32 +0200 Subject: [PATCH 090/135] l 2 exim-*: remove redundant setuid code --- lass/2configs/exim-retiolum.nix | 4 ---- lass/2configs/exim-smarthost.nix | 5 ----- 2 files changed, 9 deletions(-) diff --git a/lass/2configs/exim-retiolum.nix b/lass/2configs/exim-retiolum.nix index ea2f553b8..c07b6c15a 100644 --- a/lass/2configs/exim-retiolum.nix +++ b/lass/2configs/exim-retiolum.nix @@ -4,10 +4,6 @@ with config.krebs.lib; { krebs.exim-retiolum.enable = true; - krebs.setuid.sendmail = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; - }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p tcp --dport smtp"; target = "ACCEPT"; } ]; diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 2efb6f367..384e22366 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -42,11 +42,6 @@ with config.krebs.lib; { from = "root"; to = "lass"; } ]; }; - - krebs.setuid.sendmail = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; - }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } ]; From 9feebcc90271ef765e4d381026038187a0edd3b7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 28 Apr 2016 21:33:24 +0200 Subject: [PATCH 091/135] l 2 xserver: sleep in xmonad-stop --- lass/2configs/xserver/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index e775a575d..474181c0f 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -108,7 +108,8 @@ let xmonad-stop = pkgs.writeScriptBin "xmonad-stop" '' #! /bin/sh - exec ${pkgs.xmonad-lass}/bin/xmonad --shutdown + ${pkgs.xmonad-lass}/bin/xmonad --shutdown + ${pkgs.coreutils}/bin/sleep 2s ''; xserver-environment = { From d22a4a59641e26895711ff1795e6c1a7495ed6ff Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 28 Apr 2016 21:39:56 +0200 Subject: [PATCH 092/135] l 2 xserver: restart xmonad on change again --- lass/2configs/xserver/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 474181c0f..980c922fd 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -48,7 +48,7 @@ let wantedBy = [ "multi-user.target" ]; requires = [ "xserver.service" ]; environment = xmonad-environment; - restartIfChanged = false; + restartIfChanged = true; serviceConfig = { ExecStart = "${xmonad-start}/bin/xmonad"; ExecStop = "${xmonad-stop}/bin/xmonad-stop"; From d73ad6b0547c23155e6168fba54ef01c1ff9f4fc Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 28 Apr 2016 22:55:18 +0200 Subject: [PATCH 093/135] l 2: add mpv.nix (with delete.lua) --- lass/2configs/mpv.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 lass/2configs/mpv.nix diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix new file mode 100644 index 000000000..71f1409e0 --- /dev/null +++ b/lass/2configs/mpv.nix @@ -0,0 +1,30 @@ +{ pkgs, ... }: + +let + + mpv-config = pkgs.writeText "mpv-config" '' + script=${deleteCurrentFile} + ''; + mpv = pkgs.writeDashBin "mpv" '' + exec ${pkgs.mpv}/bin/mpv --no-config --include=${mpv-config} $@ + ''; + + deleteCurrentFile = pkgs.writeText "delete.lua" '' + deleted_tmp = "./.graveyard" + + -- Delete the current track by moving it to the `deleted_tmp` location. + function delete_current_track() + track = mp.get_property("path") + os.execute("mkdir -p '" .. deleted_tmp .. "'") + os.execute("mv '" .. track .. "' '" .. deleted_tmp .. "'") + print("'" .. track .. "' deleted.") + end + + mp.add_key_binding("D", "delete_current_track", delete_current_track) + ''; + +in { + krebs.per-user.lass.packages = [ + mpv + ]; +} From db78aedf799868d81c987546d0163fdf9f871061 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 28 Apr 2016 22:56:02 +0200 Subject: [PATCH 094/135] l 2: use mpv.nix instead of systemWide mpv --- lass/2configs/baseX.nix | 2 +- lass/2configs/programs.nix | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 79fc4744f..0a30f84c0 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -7,6 +7,7 @@ in { ./default.nix #./urxvt.nix ./xserver + ./mpv.nix ]; users.extraUsers.mainUser.extraGroups = [ "audio" ]; @@ -44,7 +45,6 @@ in { xsel zathura - mpv mpv-poll yt-next #window manager stuff diff --git a/lass/2configs/programs.nix b/lass/2configs/programs.nix index e4840383f..6cf23deaf 100644 --- a/lass/2configs/programs.nix +++ b/lass/2configs/programs.nix @@ -8,7 +8,6 @@ htop i3lock mosh - mpv pass pavucontrol pv From 413901423926eda89ed5d908d20b421b367996c5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 4 May 2016 17:17:48 +0200 Subject: [PATCH 095/135] l: lass.per-user -> krebs.per-user --- lass/2configs/browsers.nix | 4 +-- lass/3modules/default.nix | 1 - lass/3modules/per-user.nix | 53 -------------------------------------- 3 files changed, 2 insertions(+), 56 deletions(-) delete mode 100644 lass/3modules/per-user.nix diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 47a16d4cb..9e9d15ec4 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -14,7 +14,7 @@ let useDefaultShell = true; createHome = true; }; - lass.per-user.${name}.packages = packages; + krebs.per-user.${name}.packages = packages; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; @@ -35,7 +35,7 @@ let useDefaultShell = true; createHome = true; }; - lass.per-user.${name}.packages = packages; + krebs.per-user.${name}.packages = packages; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 71e39d874..40f18336e 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -3,7 +3,6 @@ _: imports = [ ./folderPerms.nix ./mysql-backup.nix - ./per-user.nix ./urxvtd.nix ./wordpress_nginx.nix ./xresources.nix diff --git a/lass/3modules/per-user.nix b/lass/3modules/per-user.nix deleted file mode 100644 index f8d357ce2..000000000 --- a/lass/3modules/per-user.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; -let - cfg = config.lass.per-user; - - out = { - options.lass.per-user = api; - config = imp; - }; - - api = mkOption { - type = with types; attrsOf (submodule { - options = { - packages = mkOption { - type = listOf path; - default = []; - }; - }; - }); - default = {}; - }; - - imp = { - # - # TODO only shellInit and use well-known paths - # - environment.shellInit = '' - if test -e ${user-profiles}/"$LOGNAME"; then - . ${user-profiles}/"$LOGNAME" - fi - ''; - environment.interactiveShellInit = '' - if test -e ${user-profiles}/"$LOGNAME"; then - . ${user-profiles}/"$LOGNAME" - fi - ''; - environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ]; - }; - - user-profiles = pkgs.runCommand "user-profiles" {} '' - mkdir $out - ${concatStrings (mapAttrsToList (logname: { packages, ... }: '' - cat > $out/${logname} <<\EOF - ${optionalString (length packages > 0) ( - let path = makeSearchPath "bin" packages; in - ''export PATH="$PATH":${escapeShellArg path}'' - )} - EOF - '') cfg)} - ''; - -in out From e4aea49d657a20f8ce4b2c29ade0d0336231699b Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 4 May 2016 17:19:57 +0200 Subject: [PATCH 096/135] l 1 mors: remove skype from pkgs --- lass/1systems/mors.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 39225abf5..e12c8321f 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -193,7 +193,6 @@ hashPassword urban mk_sql_pair - skype ]; #TODO: fix this shit From 22627e6ce73a03fcb909da532bc0ce982d350ad2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 4 May 2016 17:20:15 +0200 Subject: [PATCH 097/135] l 2 default: add psmisc to pkgs --- lass/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 2f6ffa18e..c03e966d5 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -111,6 +111,7 @@ with config.krebs.lib; #neat utils krebspaste + psmisc #unpack stuff p7zip From 4d5dadc8e53f8060e13605c5a93658052d8c2378 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 4 May 2016 17:21:09 +0200 Subject: [PATCH 098/135] l 2 mpv: refactor, add "mark as good" key --- lass/2configs/mpv.nix | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index 71f1409e0..ff5698e4e 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -1,15 +1,34 @@ -{ pkgs, ... }: +{ pkgs, lib, ... }: let mpv-config = pkgs.writeText "mpv-config" '' - script=${deleteCurrentFile} + script=${lib.concatStringsSep "," [ + good + delete + ]} ''; mpv = pkgs.writeDashBin "mpv" '' - exec ${pkgs.mpv}/bin/mpv --no-config --include=${mpv-config} $@ + exec ${pkgs.mpv}/bin/mpv --no-config --include=${mpv-config} "$@" ''; - deleteCurrentFile = pkgs.writeText "delete.lua" '' + moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" '' + tmp_dir = "${dir}" + + function move_current_track_${key}() + track = mp.get_property("path") + os.execute("mkdir -p '" .. tmp_dir .. "'") + os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'") + print("moved '" .. track .. "' to " .. tmp_dir) + end + + mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key}) + ''; + + good = moveToDir "G" "./.good"; + delete = moveToDir "D" "./.graveyard"; + + deleteCurrentTrack = pkgs.writeText "delete.lua" '' deleted_tmp = "./.graveyard" -- Delete the current track by moving it to the `deleted_tmp` location. From ba5ea161f24a66f957c541abfe419bee3aea9982 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 May 2016 11:14:34 +0200 Subject: [PATCH 099/135] k 3 l: update echelon ip --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index adca66dad..d36f35bd6 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -41,7 +41,7 @@ with config.krebs.lib; cores = 2; nets = rec { internet = { - ip4.addr = "162.252.241.33"; + ip4.addr = "104.167.115.184"; aliases = [ "echelon.internet" ]; From 640886ed7f2ffd932948b74edd388ace7a4efe66 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 May 2016 11:15:02 +0200 Subject: [PATCH 100/135] l 1 cloudkrebs: import privoxy-retiolum --- lass/1systems/cloudkrebs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index 1bfb11502..5aa35f5a7 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -13,6 +13,7 @@ in { ../2configs/retiolum.nix ../2configs/git.nix ../2configs/realwallpaper.nix + ../2configs/privoxy-retiolum.nix { networking.interfaces.enp2s1.ip4 = [ { From 3df6f0f98f120c991a18fbe2b906c64bc528366b Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 May 2016 00:20:26 +0200 Subject: [PATCH 101/135] l 2 exim-smarthost: redir wordpress.ubikmedia.de --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 384e22366..84a57205b 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -25,6 +25,7 @@ with config.krebs.lib; { from = "outlook@lassul.us"; to = lass.mail; } { from = "steuer@aidsballs.de"; to = lass.mail; } { from = "lass@aidsballs.de"; to = lass.mail; } + { from = "wordpress@ubikmedia.de"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From d4b67a1fed34a1256de1930598a0f6be42e89df1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 May 2016 00:22:22 +0200 Subject: [PATCH 102/135] l 2 websites domsen: use msmtp as sendmail --- lass/2configs/websites/domsen.nix | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index a6fdad645..001e339a4 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -1,7 +1,10 @@ { config, pkgs, lib, ... }: let - inherit (config.krebs.lib) genid; + inherit (config.krebs.lib) + genid + readFile + ; inherit (import ../../4lib { inherit lib pkgs; }) manageCert manageCerts @@ -11,6 +14,16 @@ let serveOwncloud serveWordpress; + msmtprc = pkgs.writeText "msmtprc" '' + account prism + host localhost + account default: prism + ''; + + sendmail = pkgs.writeDash "msmtp" '' + exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" + ''; + in { imports = [ ( ssl [ "reich-gebaeudereinigung.de" ]) @@ -66,13 +79,10 @@ in { createHome = true; }; - services.phpfpm.phpIni = pkgs.runCommand "php.ini" { - options = '' - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - ''; - } '' - cat ${pkgs.php}/etc/php-recommended.ini > $out - echo "$options" >> $out + services.phpfpm.phpIni = pkgs.writeText "php.ini" '' + ${readFile "${pkgs.php}/etc/php-recommended.ini"} + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + sendmail_path = ${sendmail} -t ''; } From abf23d13053c9c28b4081c37385a7c863c0187d2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 May 2016 11:46:09 +0200 Subject: [PATCH 103/135] k 3 l: update echelon ip --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index d36f35bd6..d88261a82 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -41,7 +41,7 @@ with config.krebs.lib; cores = 2; nets = rec { internet = { - ip4.addr = "104.167.115.184"; + ip4.addr = "104.233.79.118"; aliases = [ "echelon.internet" ]; From 1f3840bedc2ec40be704bbbff9acb615784b967f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 May 2016 11:46:32 +0200 Subject: [PATCH 104/135] l 1 cloudkrebs: serve realwallpaper --- lass/1systems/cloudkrebs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index 5aa35f5a7..a3cc9d7b3 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -13,6 +13,7 @@ in { ../2configs/retiolum.nix ../2configs/git.nix ../2configs/realwallpaper.nix + ../2configs/realwallpaper-server.nix ../2configs/privoxy-retiolum.nix { networking.interfaces.enp2s1.ip4 = [ From 0faab43d096053b455b7cb03518d47088ab98acf Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 May 2016 11:47:07 +0200 Subject: [PATCH 105/135] l 1 helios: add /home lv --- lass/1systems/helios.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index bc210c995..10b00de47 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -56,6 +56,11 @@ with builtins; device = "/dev/sda1"; }; + "/home" = { + device = "/dev/pool/home"; + fsType = "ext4"; + }; + "/bku" = { device = "/dev/pool/bku"; fsType = "ext4"; From 163ee84e61333d7c376b54dc5498c65e8b287a30 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 May 2016 11:47:56 +0200 Subject: [PATCH 106/135] l 2 fetchWallpaper: get wallpaper from cloudkrebs --- lass/2configs/fetchWallpaper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index 9c27706cb..f3b65e816 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -5,7 +5,7 @@ let in { krebs.fetchWallpaper = { enable = true; - url = "echelon/wallpaper.png"; + url = "cloudkrebs/wallpaper.png"; }; } From 127507ccc702bc04140d2585bc01bdb38b7b026d Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 19 May 2016 21:11:16 +0200 Subject: [PATCH 107/135] k 3 l: add shodan --- krebs/3modules/lass/default.nix | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index d88261a82..dddbe881b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -263,6 +263,33 @@ with config.krebs.lib; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7"; }; + shodan = { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.0.4"; + ip6.addr = "42:0:0:0:0:0:0:50d4"; + aliases = [ + "shodan.retiolum" + "shodan.r" + "cgit.shodan.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT + YYZgM2lBkYcDN3/LdGaFFKrQQSGiF90oXA2wFqPuIfycx+1+TENGCzF8pExwbTd7 + ROSVnISbghXYDgr3TqkjpPmnM+piFKymMDBGhxWuy1bw1AUfvRzhQwPAvtjB4VvF + 7AVN/Z9dAZ/LLmYfYq7fL8V7PzQNvR+f5DP6+Eubx0xCuyuo63bWuGgp3pqKupx4 + xsixtMQPuqMBvOUo0SBCCPa9a+6I8dSwqAmKWM5BhmNlNCRDi37mH/m96av7SIiZ + V29hwypVnmLoJEFiDzPMCdiH9wJNpHuHuQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C"; + }; }; users = { From 88e53970c12594d79cc4e617e5ecd99f27067ece Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 19 May 2016 21:16:45 +0200 Subject: [PATCH 108/135] k 3 per-user: use new symlinkJoin interface --- krebs/3modules/per-user.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix index 13da5c4c3..93a7d2293 100644 --- a/krebs/3modules/per-user.nix +++ b/krebs/3modules/per-user.nix @@ -26,7 +26,10 @@ let environment = { etc = flip mapAttrs' cfg (name: { packages, ... }: { name = "per-user/${name}"; - value.source = pkgs.symlinkJoin "per-user.${name}" packages; + value.source = pkgs.symlinkJoin { + name = "per-user.${name}"; + paths = packages; + }; }); profiles = ["/etc/per-user/$LOGNAME"]; }; From 7fdef91d42eecafd57d2f2bc207e6519cc77f941 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 19 May 2016 21:19:17 +0200 Subject: [PATCH 109/135] l 2 xserver: add urxvt to lass' pkgs --- lass/2configs/xserver/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 980c922fd..ee7440c95 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -40,6 +40,10 @@ let }; }; + krebs.per-user.lass.packages = [ + pkgs.rxvt_unicode_with-plugins + ]; + systemd.services.display-manager.enable = false; services.xserver.enable = true; From b047ba85232ca330834bc43dd91f33abb7c6ef4e Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 19 May 2016 21:20:31 +0200 Subject: [PATCH 110/135] l 2 xserver: use pkgs.xorg.xorgserver.out --- lass/2configs/xserver/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index ee7440c95..80c947a7b 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -127,7 +127,7 @@ let xserver = pkgs.writeScriptBin "xserver" '' #! /bin/sh set -efu - exec ${pkgs.xorg.xorgserver}/bin/X \ + exec ${pkgs.xorg.xorgserver.out}/bin/X \ :${toString config.services.xserver.display} \ vt${toString config.services.xserver.tty} \ -config ${import ./xserver.conf.nix args} \ From 98ea195b12870042326f76b2182f64a65eb7e978 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 19 May 2016 23:04:22 +0200 Subject: [PATCH 111/135] l 2 vim: remove unused vim plugins --- lass/2configs/vim.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index b40227c61..8295d9d49 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -147,13 +147,8 @@ in { vimrcConfig.vam.pluginDictionaries = [ { names = [ "brogrammer" - "commentary" - "extradite" "file-line" - "fugitive" "Gundo" - "mustang2" - "unimpaired" ]; } { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } ]; From f46b3153c0c85883c9b3a98291f6d440f83bd717 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 19 May 2016 23:55:29 +0200 Subject: [PATCH 112/135] symlinkJoin: compat --- krebs/5pkgs/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index bcc894b2c..2f9049516 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -36,6 +36,11 @@ with config.krebs.lib; ReaktorPlugins = callPackage ./Reaktor/plugins.nix {}; + # XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d + symlinkJoin = { name, paths, ... }@args: let + x = pkgs.symlinkJoin args; + in if typeOf x != "lambda" then x else pkgs.symlinkJoin name paths; + test = { infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {}; }; From 83fd4722516b6179ead9e6dcac4a42c5dd2ab296 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 May 2016 00:01:28 +0200 Subject: [PATCH 113/135] buildbot sqlalclchemy_migrate_0_7: disable check --- krebs/5pkgs/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 2f9049516..c96e71538 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -36,6 +36,14 @@ with config.krebs.lib; ReaktorPlugins = callPackage ./Reaktor/plugins.nix {}; + buildbot = callPackage { + inherit (pkgs.pythonPackages) twisted jinja2; + dateutil = pkgs.pythonPackages.dateutil_1_5; + sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override { + doCheck = false; + }); + }; + # XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d symlinkJoin = { name, paths, ... }@args: let x = pkgs.symlinkJoin args; From 4425e51f8eb87b4801a851e092eb048af1067192 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 May 2016 00:01:43 +0200 Subject: [PATCH 114/135] l 3: add ejabberd --- lass/3modules/default.nix | 1 + lass/3modules/ejabberd/config.nix | 93 ++++++++++++++++++++++++++++++ lass/3modules/ejabberd/default.nix | 57 ++++++++++++++++++ 3 files changed, 151 insertions(+) create mode 100644 lass/3modules/ejabberd/config.nix create mode 100644 lass/3modules/ejabberd/default.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 40f18336e..380d83a91 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -1,6 +1,7 @@ _: { imports = [ + ./ejabberd ./folderPerms.nix ./mysql-backup.nix ./urxvtd.nix diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix new file mode 100644 index 000000000..9a4882644 --- /dev/null +++ b/lass/3modules/ejabberd/config.nix @@ -0,0 +1,93 @@ +{ config, ... }: with config.krebs.lib; let + cfg = config.lass.ejabberd; + + # XXX this is a placeholder that happens to work the default strings. + toErlang = builtins.toJSON; +in toFile "ejabberd.conf" '' + {loglevel, 3}. + {hosts, ${toErlang cfg.hosts}}. + {listen, + [ + {5222, ejabberd_c2s, [ + starttls, + {certfile, ${toErlang cfg.certfile}}, + {access, c2s}, + {shaper, c2s_shaper}, + {max_stanza_size, 65536} + ]}, + {5269, ejabberd_s2s_in, [ + {shaper, s2s_shaper}, + {max_stanza_size, 131072} + ]}, + {5280, ejabberd_http, [ + captcha, + http_bind, + http_poll, + web_admin + ]} + ]}. + {s2s_use_starttls, required}. + {s2s_certfile, ${toErlang cfg.s2s_certfile}}. + {auth_method, internal}. + {shaper, normal, {maxrate, 1000}}. + {shaper, fast, {maxrate, 50000}}. + {max_fsm_queue, 1000}. + {acl, local, {user_regexp, ""}}. + {access, max_user_sessions, [{10, all}]}. + {access, max_user_offline_messages, [{5000, admin}, {100, all}]}. + {access, local, [{allow, local}]}. + {access, c2s, [{deny, blocked}, + {allow, all}]}. + {access, c2s_shaper, [{none, admin}, + {normal, all}]}. + {access, s2s_shaper, [{fast, all}]}. + {access, announce, [{allow, admin}]}. + {access, configure, [{allow, admin}]}. + {access, muc_admin, [{allow, admin}]}. + {access, muc_create, [{allow, local}]}. + {access, muc, [{allow, all}]}. + {access, pubsub_createnode, [{allow, local}]}. + {access, register, [{allow, local}]}. + {language, "en"}. + {modules, + [ + {mod_adhoc, []}, + {mod_announce, [{access, announce}]}, + {mod_blocking,[]}, + {mod_caps, []}, + {mod_configure,[]}, + {mod_disco, []}, + {mod_irc, []}, + {mod_http_bind, []}, + {mod_last, []}, + {mod_muc, [ + {access, muc}, + {access_create, muc_create}, + {access_persistent, muc_create}, + {access_admin, muc_admin} + ]}, + {mod_offline, [{access_max_user_messages, max_user_offline_messages}]}, + {mod_ping, []}, + {mod_privacy, []}, + {mod_private, []}, + {mod_pubsub, [ + {access_createnode, pubsub_createnode}, + {ignore_pep_from_offline, true}, + {last_item_cache, false}, + {plugins, ["flat", "hometree", "pep"]} + ]}, + {mod_register, [ + {welcome_message, {"Welcome!", + "Hi.\nWelcome to this XMPP server."}}, + {ip_access, [{allow, "127.0.0.0/8"}, + {allow, "0.0.0.0/0"}]}, + {access, register} + ]}, + {mod_roster, []}, + {mod_shared_roster,[]}, + {mod_stats, []}, + {mod_time, []}, + {mod_vcard, []}, + {mod_version, []} + ]}. +'' diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix new file mode 100644 index 000000000..c68f32ef0 --- /dev/null +++ b/lass/3modules/ejabberd/default.nix @@ -0,0 +1,57 @@ +{ config, lib, pkgs, ... }@args: with config.krebs.lib; let + cfg = config.lass.ejabberd; +in { + options.lass.ejabberd = { + enable = mkEnableOption "lass.ejabberd"; + certfile = mkOption { + type = types.str; + }; + hosts = mkOption { + type = with types; listOf str; + }; + pkgs.ejabberdctl = mkOption { + type = types.package; + default = pkgs.writeDashBin "ejabberdctl" '' + set -efu + export SPOOLDIR=${shell.escape cfg.user.home} + export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)} + exec ${pkgs.ejabberd}/bin/ejabberdctl \ + --logs ${shell.escape cfg.user.home} \ + --spool ${shell.escape cfg.user.home} \ + "$@" + ''; + }; + s2s_certfile = mkOption { + type = types.str; + default = cfg.certfile; + }; + user = mkOption { + type = types.user; + default = { + name = "ejabberd"; + home = "/var/ejabberd"; + }; + }; + }; + config = lib.mkIf cfg.enable { + environment.systemPackages = [ cfg.pkgs.ejabberdctl ]; + + systemd.services.ejabberd = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = "yes"; + PermissionsStartOnly = "true"; + SyslogIdentifier = "ejabberd"; + User = cfg.user.name; + ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start"; + }; + }; + + users.users.${cfg.user.name} = { + inherit (cfg.user) home name uid; + createHome = true; + }; + }; +} From ac35c00c0454842b20146fad4be16fce628b6816 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 May 2016 00:02:10 +0200 Subject: [PATCH 115/135] l 1 prism: remove nixpkgs override --- lass/1systems/prism.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 4c0b4e690..e69fc545f 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -18,10 +18,6 @@ in { imports = [ ../2configs/buildbot-standalone.nix ]; - krebs.build.source.nixpkgs = lib.mkForce { - url = https://github.com/NixOS/nixpkgs; - rev = "0d05f172b27e94d9eea3257f42d7e03371e63acc"; - }; } { users.extraGroups = { From 3c4c71436ade88ec1e6e74bd8af4b4d77a03884e Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 May 2016 00:02:29 +0200 Subject: [PATCH 116/135] l 1 prism: start ejabberd & acme --- lass/1systems/prism.nix | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index e69fc545f..406acda5b 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -2,6 +2,10 @@ let ip = config.krebs.build.host.nets.internet.ip4.addr; + + inherit (import ../../4lib { inherit lib pkgs; }) + manageCerts; + in { imports = [ ../. @@ -159,6 +163,38 @@ in { enable = true; }; } + { + security.acme = { + certs."lassul.us" = { + email = "lass@lassul.us"; + webroot = "/var/lib/acme/challenges/lassul.us"; + plugins = [ + "account_key.json" + "key.pem" + "fullchain.pem" + "full.pem" + ]; + user = "ejabberd"; + }; + }; + krebs.nginx.servers."lassul.us" = { + server-names = [ "lassul.us" ]; + locations = [ + (lib.nameValuePair "/.well-known/acme-challenge" '' + root /var/lib/acme/challenges/lassul.us/; + '') + ]; + }; + lass.ejabberd = { + enable = true; + hosts = [ "lassul.us" ]; + certfile = "/var/lib/acme/lassul.us/full.pem"; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } + { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; From 8e095afefce800a60cdd0cd574dd66058c080a4b Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 May 2016 00:03:48 +0200 Subject: [PATCH 117/135] l 2 nixpkgs: e781a82 -> d541e0d --- lass/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index c03e966d5..29938e35c 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -54,7 +54,7 @@ with config.krebs.lib; stockholm = "/home/lass/stockholm"; nixpkgs = { url = https://github.com/NixOS/nixpkgs; - rev = "e781a8257b4312f6b138c7d0511c77d8c06ed819"; + rev = "d541e0dc1c05f5514bf30f8039e687adddb45616"; dev = "/home/lass/src/nixpkgs"; }; } // optionalAttrs config.krebs.build.host.secure { From f91168618f04e6fb49aa5530af12e28c4fbdefe6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 May 2016 00:05:31 +0200 Subject: [PATCH 118/135] l 2 git: add xmonad-stockholm repo --- lass/2configs/git.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 0aab298c7..9ec0f1e1f 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -35,6 +35,7 @@ let newsbot-js = {}; kimsufi-check = {}; realwallpaper = {}; + xmonad-stockholm = {}; }; restricted-repos = mapAttrs make-restricted-repo ( From 0fd95b3228ac1ba7e4e18e4207691ce401471e6a Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 May 2016 00:06:11 +0200 Subject: [PATCH 119/135] l 2 websites domsen: use pgpfpm.phpOptions --- lass/2configs/websites/domsen.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 001e339a4..f31fccd51 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -79,8 +79,7 @@ in { createHome = true; }; - services.phpfpm.phpIni = pkgs.writeText "php.ini" '' - ${readFile "${pkgs.php}/etc/php-recommended.ini"} + services.phpfpm.phpOptions = '' extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so sendmail_path = ${sendmail} -t ''; From 3fea8d651f49ac6a57f99bc6b49a5689e3c74fd8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 May 2016 00:12:43 +0200 Subject: [PATCH 120/135] l: add untilport --- lass/2configs/default.nix | 1 + lass/5pkgs/default.nix | 1 + lass/5pkgs/untilport/default.nix | 18 ++++++++++++++++++ 3 files changed, 20 insertions(+) create mode 100644 lass/5pkgs/untilport/default.nix diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 29938e35c..e38503f1a 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -112,6 +112,7 @@ with config.krebs.lib; #neat utils krebspaste psmisc + untilport #unpack stuff p7zip diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 1dacf6c7a..467867f63 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -10,6 +10,7 @@ }; mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {}; mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {}; + untilport = pkgs.callPackage ./untilport/default.nix {}; urban = pkgs.callPackage ./urban/default.nix {}; xmonad-lass = let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in diff --git a/lass/5pkgs/untilport/default.nix b/lass/5pkgs/untilport/default.nix new file mode 100644 index 000000000..61bcc2b89 --- /dev/null +++ b/lass/5pkgs/untilport/default.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: + +pkgs.writeDashBin "untilport" '' + set -euf + + usage() { + echo 'untiport $target $port' + echo 'Sleeps until the destinated port is reachable.' + echo 'ex: untilport google.de 80 && echo "google is now reachable"' + } + + + if [ $# -ne 2 ]; then + usage + else + until ${pkgs.netcat-openbsd}/bin/nc -z "$@"; do sleep 1; done + fi +'' From 961d1a037dfcf117e0900f8ceff5194e3265df8a Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 May 2016 00:16:46 +0200 Subject: [PATCH 121/135] l 2 mail: add not working pgp stuff --- lass/2configs/mail.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 3c7dfcaf6..72d6f987f 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -21,6 +21,21 @@ let set pgp_sign_as = 0x976A7E4D set crypt_autosign = yes set crypt_replyencrypt = yes + set crypt_verify_sig = yes + set pgp_verify_command = "gpg --no-verbose --batch --output - --verify %s %f" + + macro index \Cv \ + " set my_crypt_verify_sig=\$crypt_verify_sig \ + set crypt_verify_sig=yes \ + set crypt_verify_sig=\$my_crypt_verify_sig" \ + 'Verify PGP signature and open the message' + + macro pager \Cv \ + " set my_crypt_verify_sig=\$crypt_verify_sig \ + set crypt_verify_sig=yes \ + set crypt_verify_sig=\$my_crypt_verify_sig" \ + 'Verify PGP signature' + # notmuch set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir From ba41135bfde877e619c85b77a2fe631b66a37184 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 May 2016 00:17:21 +0200 Subject: [PATCH 122/135] l 1: add shodan --- lass/1systems/shodan.nix | 57 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 lass/1systems/shodan.nix diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix new file mode 100644 index 000000000..873a580d9 --- /dev/null +++ b/lass/1systems/shodan.nix @@ -0,0 +1,57 @@ +{ config, pkgs, ... }: + +with builtins; +{ + imports = [ + ../. + ../2configs/baseX.nix + ../2configs/exim-retiolum.nix + ../2configs/browsers.nix + ../2configs/programs.nix + ../2configs/fetchWallpaper.nix + ../2configs/backups.nix + #{ + # users.extraUsers = { + # root = { + # openssh.authorizedKeys.keys = map readFile [ + # ../../krebs/Zpubkeys/uriel.ssh.pub + # ]; + # }; + # }; + #} + ]; + + krebs.build.host = config.krebs.hosts.shodan; + + networking.wireless.enable = true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + #kernelModules = [ "kvm-intel" "msr" ]; + kernelModules = [ "msr" ]; + }; + fileSystems = { + "/" = { + device = "/dev/pool/nix"; + fsType = "ext4"; + }; + + "/boot" = { + device = "/dev/sda1"; + }; + }; + + #services.udev.extraRules = '' + # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" + # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" + #''; +} From 7c8bd6c55182c0329c27fcd25e01ee9a275297de Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 May 2016 13:45:48 +0200 Subject: [PATCH 123/135] k 3 l: move pubkeys to seperate files --- krebs/3modules/lass/default.nix | 9 +++++---- krebs/3modules/lass/{default.pgp => pgp/mors.pgp} | 0 krebs/3modules/lass/ssh/helios.rsa | 1 + krebs/3modules/lass/ssh/mors.rsa | 1 + krebs/3modules/lass/ssh/uriel.rsa | 1 + 5 files changed, 8 insertions(+), 4 deletions(-) rename krebs/3modules/lass/{default.pgp => pgp/mors.pgp} (100%) create mode 100644 krebs/3modules/lass/ssh/helios.rsa create mode 100644 krebs/3modules/lass/ssh/mors.rsa create mode 100644 krebs/3modules/lass/ssh/uriel.rsa diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index dddbe881b..f28d5d4a0 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -294,17 +294,18 @@ with config.krebs.lib; }; users = { lass = { - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors"; mail = "lass@mors.retiolum"; - pgp.pubkeys.default = builtins.readFile ./default.pgp; + pubkey = builtins.readFile ./ssh/mors.rsa; + pgp.pubkeys.default = builtins.readFile ./pgp/mors.pgp; }; lass-uriel = { - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel"; mail = "lass@uriel.retiolum"; + pubkey = builtins.readFile ./ssh/uriel.rsa; }; lass-helios = { - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios"; mail = "lass@helios.retiolum"; + pubkey = builtins.readFile ./ssh/helios.rsa; + }; }; }; } diff --git a/krebs/3modules/lass/default.pgp b/krebs/3modules/lass/pgp/mors.pgp similarity index 100% rename from krebs/3modules/lass/default.pgp rename to krebs/3modules/lass/pgp/mors.pgp diff --git a/krebs/3modules/lass/ssh/helios.rsa b/krebs/3modules/lass/ssh/helios.rsa new file mode 100644 index 000000000..c2a54b621 --- /dev/null +++ b/krebs/3modules/lass/ssh/helios.rsa @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios diff --git a/krebs/3modules/lass/ssh/mors.rsa b/krebs/3modules/lass/ssh/mors.rsa new file mode 100644 index 000000000..172fd2dda --- /dev/null +++ b/krebs/3modules/lass/ssh/mors.rsa @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors diff --git a/krebs/3modules/lass/ssh/uriel.rsa b/krebs/3modules/lass/ssh/uriel.rsa new file mode 100644 index 000000000..015b57837 --- /dev/null +++ b/krebs/3modules/lass/ssh/uriel.rsa @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel From 41e93449bb78104e8d1525236969a6816d4b28ed Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 May 2016 13:46:41 +0200 Subject: [PATCH 124/135] k 3 l: add shodan keys --- krebs/3modules/lass/default.nix | 4 ++++ krebs/3modules/lass/pgp/shodan.pgp | 30 ++++++++++++++++++++++++++++++ krebs/3modules/lass/ssh/shodan.rsa | 1 + 3 files changed, 35 insertions(+) create mode 100644 krebs/3modules/lass/pgp/shodan.pgp create mode 100644 krebs/3modules/lass/ssh/shodan.rsa diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index f28d5d4a0..03e067f35 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -306,6 +306,10 @@ with config.krebs.lib; mail = "lass@helios.retiolum"; pubkey = builtins.readFile ./ssh/helios.rsa; }; + lass-shodan = { + mail = "lass@shodan.retiolum"; + pubkey = builtins.readFile ./ssh/shodan.rsa; + pgp.pubkeys.default = builtins.readFile ./pgp/shodan.pgp; }; }; } diff --git a/krebs/3modules/lass/pgp/shodan.pgp b/krebs/3modules/lass/pgp/shodan.pgp new file mode 100644 index 000000000..543b05b71 --- /dev/null +++ b/krebs/3modules/lass/pgp/shodan.pgp @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQENBFc/U8EBCADaPobNwlm8oI3cVtDhsdHpW7gyNTloqM1JdUPoJ30kS8xIbKfF +U+UWEj+/G0hXg3jGpqsYKzCegLcZuvKrLuyWas3nFync/KeWjPpmQWh8h/AQ63gi +6FjikRS9iDHEnUBqXXymG6JOo9NrGX7viWcPx+rQzvXOFxVYt1JJY+Ki30tSL+0l +igJBJ+x2qndnlPZE9uyKjYC9+9NlZ04h5WOponTtgIddBlBPhIOAW+f5mBVeWuaK +8wPBY2z98ZIclwdTohCpBRjs/EAEhN+2djSjyJti2TARceMKV2ZLRoUh6bNqj3xV +Y4IkDe47dS8rRmH/xj+9odJjtlbFHDmtElcfABEBAAG0HWxhc3NAc2hvZGFuLnIg +PGxhc3NAc2hvZGFuLnI+iQE3BBMBCAAhBQJXP1PBAhsDBQsJCAcCBhUICQoLAgQW +AgMBAh4BAheAAAoJECOf1I8qjNLnWCsH/Rr70NVjCpqou5JRJqc9NMYJflH8qUSR +xxYsVXaLjf1sa5X0qbq1u5EaYQGsdP7qKuLggoom7CGBhG3WZnfhuLi9y2IXAFo8 +RprBmrTmXgpXqm8IrcWMDJUEwhjUn+x1iCnGUfmbUpIdBIj8HsCfDUmg+WT0GflT +9tfYR0v1vRzK6WWYEobP9abhZdjOHIS8cXDgFVREllKjjOcLzsB23I9g1nlvX3+W +J7iliC4s1OGvcpw0MHl/1KRpSBXK3we0WTNZLIJXr8W+BvURYxhVfbvgjHuv6K0h +J0a/me8nkh05pdRLLGL+C8eFjAXALnTIxgiVNGjtXBAR+/HN2//iG665AQ0EVz9T +wQEIAMsxDQ3Y5SL2gI1EjEuCc6RyTSBmsna9g/wKjzUbcB9zpEN9i85NDRvvfGn6 +ihxI9Z1rvn8zr8MKu9OcZB2XEQDriHUcS4IxnZzdbUIKOtR+1BjZvMKupbw+KHag +WoeUh+tfb50bEMy/Z6Mp5mLOyXMyyiGS3CHJ6sHUXTub6kuHQnAOqiMsqnegZMcS +sF+NpSNoSngC060jgh7fl4T8M3Vuv9NKGu9+0J48QR+LFsKe/7LwRQ9HFSH4sPeD +vQI1BEo4piXthwd6mUHCbish38H77PGO0kKHaJ0HkBu+3tKXP1JJdm9SiN+ypUIB +FyfLpaWf6pcc/0QX6qE4gL00MI0AEQEAAYkBHwQYAQgACQUCVz9TwQIbDAAKCRAj +n9SPKozS5w85B/4o2Zf7oLqjNmOu+YE0fNJmbGCETNotNnE/GToiejNAM9B/rYJe +qjM9/kq0GJKVfKKrBGA0YQy9O847TVW26gPeiEgS7DO1Dl9YiLJJVzUGlOPijTIJ +A3LmMCLU/M3+a/33HGjm7gYk+aRwqOwHeC+f1pder8InoC3ebWupfcQsWkwTVqZk +lrLzoywjqQcdjAYFJp1c0ZxXyrgOS4dIGMU+o+DDCyK/ry9UGd3ZacMqDsyWO51A +iXDMtvVsuxbIP5o3muF9kEX7hx4EF7+MzRI3FjYwlHLNw+v3OVhfOxuPSt71VOiC +G2aT2z4sz8+qbOIIG3JX99osG6v683lvDUCW +=s4OM +-----END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/3modules/lass/ssh/shodan.rsa b/krebs/3modules/lass/ssh/shodan.rsa new file mode 100644 index 000000000..3ee08ad41 --- /dev/null +++ b/krebs/3modules/lass/ssh/shodan.rsa @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDV+EscrUKgsu6iO94lJQ45o0t9QV88H7RrbLCsysgesQqiCbq0XNJKSrKI4T/o5dBNfoHMi4FSuPsF3YzffvMOWmdluHRBIhDJSDiFaraHr1zu7fHDO8gsUf/a3H3LPHtRRoXQFNsIK5NRLR35WpKt+zG6GK/WLBzb2N4MR3Ym5Qo2OepW3pgMWjjbmiUbGGiao9OWgx5tjjT8PLHIWdoEmJsaE5UnOWebqY+xfkWXMLdzMBPyEdCVwUO7X3Ip0Zk/BJFSqtIHBqQtp+njgeRwfkL2xabge3VGALAnQg5iYXzT8kfzIu/wfaoSdGkdPWxMo80KDiJJlpLj1oC3ABmDj01Hgu9p+g5Em0SFevcenspTii3IvYqdq+eg5+pPny4ki9748t6FlWRsrjrmjdQVVMWbhx42+lsyxIYsdXhwWMqNwTNzvY7Fxy3/8XE14pYWCV5eEll2/hSNfI6AcOoJ0vfHvOXsY6GVMYklXDIFzmiJOpyox+DnTahyUqQ6IcLH73vp9boVK31kf8EC7VDp8ms2ZiXz9nfPYltiUOtKKG0gqg9Jgs7xthpX82WYEp2+PXzPCHWs4WXs3OsUzQ8ykXXD2A7JMVBBv0FaMD4aBsOe7hU20/sO+/J/uuPe5xnpI//uFK4KkYCmDHZcZ3Qzh9CQTISwFvOBbYtRWbDo5w== lass@shodan From 77dd5eee24ff9a56883ff39fd2a928f59bb02c10 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 May 2016 13:47:09 +0200 Subject: [PATCH 125/135] l 2: add radio.nix --- lass/2configs/radio.nix | 133 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 lass/2configs/radio.nix diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix new file mode 100644 index 000000000..8cc2a2be7 --- /dev/null +++ b/lass/2configs/radio.nix @@ -0,0 +1,133 @@ +{ config, pkgs, ... }: +let + name = "radio"; + mainUser = config.users.extraUsers.mainUser; + inherit (config.krebs.lib) genid; + + admin-password = import ; + source-password = import ; + +in { + users.users = { + "${name}" = rec { + inherit name; + group = name; + uid = genid name; + description = "radio manager"; + home = "/home/${name}"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + }; + + users.groups = { + "radio" = {}; + }; + + krebs.per-user.${name}.packages = with pkgs; [ + ncmpcpp + mpc_cli + tmux + ]; + + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(${name}) NOPASSWD: ALL + ''; + + services.mpd = { + enable = true; + group = "radio"; + musicDirectory = "/home/radio/the_playlist/music"; + extraConfig = '' + audio_output { + type "shout" + encoding "ogg" + name "my cool stream" + host "localhost" + port "8000" + mount "/radio.ogg" + + # This is the source password in icecast.xml + password "${source-password}" + + # Set either quality or bit rate + # quality "5.0" + bitrate "128" + + format "44100:16:1" + + # Optional Parameters + user "source" + # description "here is my long description" + # genre "jazz" + } # end of audio_output + + ''; + }; + + services.icecast = { + enable = true; + hostname = "config.krebs.build.host.name"; + admin.password = admin-password; + extraConf = '' + + ${source-password} + + ''; + }; + + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; } + ]; + }; + }; + + systemd.timers.radio = { + description = "radio autoadder timer"; + wantedBy = [ "timers.target" ]; + + timerConfig = { + OnCalendar = "*:*"; + }; + }; + + systemd.services.radio = let + autoAdd = pkgs.writeDash "autoAdd" '' + LIMIT=$1 #in secconds + + addRandom () { + mpc add "$(mpc ls | shuf -n1)" + } + + timeLeft () { + playlistDuration=$(mpc --format '%time%' playlist | awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') + currentTime=$(mpc status | awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }') + expr ''${playlistDuration:-0} - ''${currentTime:-0} + } + + if test $(timeLeft) -le $LIMIT; then + addRandom + fi + ''; + in { + description = "radio playlist autoadder"; + after = [ "network.target" ]; + + path = with pkgs; [ + gawk + mpc_cli + ]; + + restartIfChanged = true; + + serviceConfig = { + Restart = "always"; + ExecStart = "${autoAdd} 100"; + }; + }; +} From 3d9cecb7c4481b10e5e833d62d7c35bb3190c196 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 May 2016 13:47:45 +0200 Subject: [PATCH 126/135] l 2 baseX: add nmap to pkgs --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 0a30f84c0..f918db156 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -34,6 +34,7 @@ in { dmenu gitAndTools.qgit + nmap much pavucontrol powertop From 1a0a03a6e5e6001001f37f115834bbfaba555a5b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 May 2016 13:48:46 +0200 Subject: [PATCH 127/135] l 1 mors: remove broken touchpad config --- lass/1systems/mors.nix | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index e12c8321f..e2ab562fa 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -224,16 +224,4 @@ ]; }; }; - - #touchpad config - services.xserver.synaptics = { - enable = true; - accelFactor = "0.035"; - additionalOptions = '' - Option "FingerHigh" "60" - Option "FingerLow" "60" - ''; - tapButtons = false; - twoFingerScroll = true; - }; } From 6aa93b8c99f6c2433178777bb5a2531efac8bbb2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 May 2016 13:49:12 +0200 Subject: [PATCH 128/135] l 1 shodan: add x220 specific config --- lass/1systems/shodan.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 873a580d9..6829428ff 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -19,6 +19,25 @@ with builtins; # }; # }; #} + { + #x220 config from mors + #TODO: make x220 config file (or look in other user dir) + hardware.trackpoint = { + enable = true; + sensitivity = 220; + speed = 0; + emulateWheel = true; + }; + + services.xserver = { + videoDriver = "intel"; + vaapiDrivers = [ pkgs.vaapiIntel ]; + deviceSection = '' + Option "AccelMethod" "sna" + BusID "PCI:0:2:0" + ''; + }; + } ]; krebs.build.host = config.krebs.hosts.shodan; From 7559fbb735ced3a3d6216fdf1bf8ec9e57f25ddb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 May 2016 13:49:31 +0200 Subject: [PATCH 129/135] l 1 prism: import radio.nix --- lass/1systems/prism.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 406acda5b..aa524720d 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -17,6 +17,7 @@ in { ../2configs/bitlbee.nix ../2configs/weechat.nix ../2configs/privoxy-retiolum.nix + ../2configs/radio.nix { #we need to use old sqlite for buildbot imports = [ From 4485965c679916f4b90dc55c7c5c1cd490a4314c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 May 2016 13:50:06 +0200 Subject: [PATCH 130/135] l 2 browsers: add chromium browsers to video group --- lass/2configs/browsers.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 9e9d15ec4..5c32fa46d 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -59,11 +59,11 @@ in { imports = [ ( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] ) - ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "wk" [ "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "fb" [ "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "gm" [ "audio" ] [ pkgs.chromium ] ) ( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] ) + ( createChromiumUser "cr" [ "video" "audio" ] [ pkgs.chromium ] ) + ( createChromiumUser "wk" [ "video" "audio" ] [ pkgs.chromium ] ) + ( createChromiumUser "fb" [ "video" "audio" ] [ pkgs.chromium ] ) + ( createChromiumUser "gm" [ "video" "audio" ] [ pkgs.chromium ] ) ]; nixpkgs.config.packageOverrides = pkgs : { From c7596ab3b400abcb7c4c91793f1b74b36d9525a4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 May 2016 13:50:25 +0200 Subject: [PATCH 131/135] l 2 browsers: remove flash browser --- lass/2configs/browsers.nix | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 5c32fa46d..e230fff43 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -59,20 +59,9 @@ in { imports = [ ( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] ) - ( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] ) ( createChromiumUser "cr" [ "video" "audio" ] [ pkgs.chromium ] ) ( createChromiumUser "wk" [ "video" "audio" ] [ pkgs.chromium ] ) ( createChromiumUser "fb" [ "video" "audio" ] [ pkgs.chromium ] ) ( createChromiumUser "gm" [ "video" "audio" ] [ pkgs.chromium ] ) ]; - - nixpkgs.config.packageOverrides = pkgs : { - flash = pkgs.chromium.override { - # pulseSupport = true; - enablePepperFlash = true; - }; - #chromium = pkgs.chromium.override { - # pulseSupport = true; - #}; - }; } From a6d654ef31d7f832e4cd4774ac22b311f9eae2c1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 May 2016 13:51:06 +0200 Subject: [PATCH 132/135] l 2: add shodan to authorizedKeys --- lass/2configs/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index e38503f1a..ee320b9c9 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -19,6 +19,7 @@ with config.krebs.lib; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey config.krebs.users.lass-uriel.pubkey + config.krebs.users.lass-shodan.pubkey ]; }; mainUser = { @@ -33,6 +34,7 @@ with config.krebs.lib; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey config.krebs.users.lass-uriel.pubkey + config.krebs.users.lass-shodan.pubkey ]; }; }; From 3c8bf3bf1cba7c08812ce3d27a39b8891acad32f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 May 2016 13:51:22 +0200 Subject: [PATCH 133/135] l 2 downloading: remove unneeded file ending --- lass/2configs/downloading.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index ccd751413..3639a743a 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -3,7 +3,7 @@ with config.krebs.lib; let - rpc-password = import ; + rpc-password = import ; in { imports = [ ../3modules/folderPerms.nix From 9740cef28f8e1df956403b49a0856f18189d4084 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 May 2016 13:51:57 +0200 Subject: [PATCH 134/135] l 2 weechat: allow connection from shodan --- lass/2configs/weechat.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index 98f5df42a..5e14871ac 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -16,6 +16,7 @@ in { createHome = true; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey + config.krebs.users.lass-shodan.pubkey ]; }; From 86c16adf7cefac38dcaaf29ea6705e37fe126fe9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 May 2016 13:52:18 +0200 Subject: [PATCH 135/135] l 2 git: add the_playlist repo --- lass/2configs/git.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 9ec0f1e1f..5cbe46351 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -36,6 +36,7 @@ let kimsufi-check = {}; realwallpaper = {}; xmonad-stockholm = {}; + the_playlist = {}; }; restricted-repos = mapAttrs make-restricted-repo (