Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse Source
This commit is contained in:
tv 2017-10-03 18:48:18 +02:00
commit d567c2c21e
33 changed files with 113 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
krebs/2configs/gitlab-runner-shackspace.nix
View File

@ -1,4 +1,4 @@
{ config, ... }:
{ config, pkgs, ... }:
let
url = "https://git.shackspace.de/";
# generate token from CI-token via:
@ -6,7 +6,7 @@ let
## cat /etc/gitlab-runner/config.toml
token = import <secrets/shackspace-gitlab-ci-token.nix> ;
in {
systemd.services.gitlab-runner.path = [
systemd.services.gitlab-runner.path = [
"/run/wrappers" # /run/wrappers/bin/su
"/" # /bin/sh
];
@ -16,19 +16,18 @@ in {
enable = true;
# configFile, configOptions and gracefulTimeout not yet in stable
# gracefulTimeout = "120min";
configText = ''
concurrent = 1
check_interval = 0
[[runners]]
name = "krebs-shell"
url = "${url}"
token = "${token}"
executor = "shell"
shell = "sh"
environment = ["PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"]
[runners.cache]
configFile = pkgs.writeText "gitlab-runner.cfg" ''
concurrent = 1
check_interval = 0
[[runners]]
name = "krebs-shell"
url = "${url}"
token = "${token}"
executor = "shell"
shell = "sh"
environment = ["PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"]
[runners.cache]
'';
};
}

2
krebs/2configs/shack/muell_caller.nix
View File

@ -12,7 +12,7 @@ let
buildInputs = [
(pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
docopt
requests2
requests
paramiko
python
]))

2
krebs/2configs/shack/radioactive.nix
View File

@ -12,7 +12,7 @@ let
buildInputs = [
(pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
docopt
requests2
requests
python
]))
];

2
krebs/2configs/shack/worlddomination.nix
View File

@ -37,7 +37,7 @@ let
docopt
LinkHeader
aiocoap
requests2
requests
paramiko
python
]))

2
krebs/3modules/bepasty-server.nix
View File

@ -3,7 +3,7 @@
with import <stockholm/lib>;
let
gunicorn = pkgs.pythonPackages.gunicorn;
bepasty = pkgs.pythonPackages.bepasty-server;
bepasty = pkgs.bepasty;
gevent = pkgs.pythonPackages.gevent;
python = pkgs.pythonPackages.python;
cfg = config.krebs.bepasty;

4
krebs/3modules/lass/default.nix
View File

@ -515,6 +515,10 @@ with import <stockholm/lib>;
pubkey = builtins.readFile ./ssh/mors.rsa;
pgp.pubkeys.default = builtins.readFile ./pgp/mors.pgp;
};
lass-android = {
mail = "lassulus@gmail.com";
pubkey = builtins.readFile ./ssh/android.rsa;
};
lass-helios = {
mail = "lass@helios.r";
pubkey = builtins.readFile ./ssh/helios.rsa;

1
krebs/3modules/lass/ssh/android.rsa Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGgImN/9D4yJBjYlkAvT3X45kzt4n8hmgsqPcdcHWNC7fofWG4fZe8NNrTLdKsK+xYxTstj49l8Vb3YDvw4fAyyyhms/eFRlD2BRqAISwc39EIeTC4g3PXNeUtUGdczXKxsJf5iWf4kxUrUOuZ3FeKxeYXDMSqzzk1oKalhWNl4PmgRc5FzjeRJ2WziilwFq7ntLswoeTBW3c53fbcp3XuPza3M1/sN3NHJx9ZMpWVfJhZ/CXr+nqpc25ZIr5HZVZbgDTyJQimlTF5JCfU0NiiBIh7ep7x4o93tARmilit7+mWUkkxk6ba+zG6nr+s+zyd85AFAYRioOEczbC6mI44UZUB11KkEzOon5JWSA8pK+DPqsqhFkwWYMHLXZp8zemdp9kushRZ6nuI9MzBwacngro1vAvDL6jrS5MR7zf7rMAo6wexovWoEowvZz629mjC3OAt9iOm4VJdvEmq+rHLfjjznVEY6llF7DUu2QNEazaXhxZH9V9N1gyubIE97SQVqmwDrf8BGC0Hq+hC4OOweqfo4XP0etbqAfDozZbqcqyE1m9Bj8DpjrSXka1PuJf5fgEtoxPadd2qdiHMfIx9sM+4uu2nI5aFvWO3OlJmhF80QzNdFzZWjsyvJ24C1/a2FAyzoab1Sg9ljstQThseTtvlXcX8jfFn0U3RbgXgCgOWad3Oy9vA0OCdsHut0nzv3UO+T5+wv2+lvE3QSSKOlmVtdKMhCFb+Rg+FliKxyd820h9yR3wDYmkurVkAxaj8Kx5MaY/7aypOi8fRAV2FSDtCKkuMyPv4xEtdPi/4lj55pRBEO8lJkeb+WurCzZ7ZeaPdrW1YIQtToPpiz3dXeRhkts6jq8247xIplzHh9Iu18gOrnZ+ygn70g19x842vvcfLQNAghDPS93msJdSe+EtulMCwNTjUaF9LyzhW9ptLG9NmwgbT5kGsFiRw3BFdyfcQVWVzDhuP3hPPx+hjiZtFfpIKpxV9MjO1xQ830Ngk3JpSphMZTQ432yfvu9yEsUWmAa8ax1jxJ361AiIp0U2xioJmdVd3E2sxkpOUYqE89IR9X6hS3fH38Gc5IL5+BnhuZvRgXuA+nrqdU4pMB3TIoC5oXlOMRXpxaS91YiO4ERx2t6WkBRCoaDuRWnLpewV6lhjwi1+4Emlrs2q1R0K64emZTv7O1MKwWRHOlBJD3HLyCCS763OzYW4mEQcfBAQtbm6sTooJ+D/zbmYgbnZt0z/nP9R/n25pzlSPpZ49fCiRV7QN6D9mksISTz8qIiCzNBn1F7DUewXqkrdPopl4npeNVcOyyo7P1lFFGde+jq/7REdzD+vno1h9+17WZbyzQtlOyipQYzb6l4QuXq/zejJrELJAQdN4yRQq5NJzIh0HXaPnPC083T791moBflyqiwPEIWsSMfILqSqL1jVVNgvV4fHnMixgH2zK9f0EyE3fG9PnuRribPR2DlESqpHZTcBixgh660EPKh0gCLYoWKgU= lass-android@XperiaXCompact

25
krebs/3modules/makefu/default.nix
View File

@ -4,6 +4,31 @@ with import <stockholm/lib>;
{
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
cake = rec {
cores = 1;
ci = false;
nets = {
retiolum = {
ip4.addr = "10.243.136.236";
ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee1";
aliases = [
"cake.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu
jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+
MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq
6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7
36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP
MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake";
};
drop = rec {
ci = true;
cores = 1;

6
krebs/3modules/tinc.nix
View File

@ -1,5 +1,5 @@
{ config, pkgs, lib, ... }:
with import <stockholm/lib>;
{ config, pkgs, ... }:
let
out = {
options.krebs.tinc = api;
@ -11,7 +11,7 @@ let
description = ''
define a tinc network
'';
type = with types; attrsOf (submodule (tinc: {
type = types.attrsOf (types.submodule (tinc: {
options = let
netname = tinc.config._module.args.name;
in {
@ -116,7 +116,7 @@ let
phases = [ "installPhase" ];
installPhase = ''
mkdir $out
${concatStrings (lib.mapAttrsToList (_: host: ''
${concatStrings (mapAttrsToList (_: host: ''
echo ${shell.escape host.nets."${tinc.config.netname}".tinc.config} \
> $out/${shell.escape host.name}
'') tinc.config.hosts)}

2
krebs/5pkgs/simple/Reaktor/default.nix
View File

@ -8,7 +8,7 @@ python3Packages.buildPythonPackage rec {
propagatedBuildInputs = with pkgs;[
python3Packages.docopt
python3Packages.requests2
python3Packages.requests
];
src = fetchurl {
url = "https://pypi.python.org/packages/source/R/Reaktor/Reaktor-${version}.tar.gz";

2
krebs/5pkgs/simple/bepasty-client-cli/default.nix
View File

@ -5,7 +5,7 @@ with pythonPackages; buildPythonPackage rec {
propagatedBuildInputs = [
python_magic
click
requests2
requests
];
src = fetchFromGitHub {

2
krebs/5pkgs/simple/cac-panel/default.nix
View File

@ -11,7 +11,7 @@ python3Packages.buildPythonPackage rec {
propagatedBuildInputs = with python3Packages; [
docopt
requests2
requests
beautifulsoup4
];
}

2
krebs/5pkgs/simple/treq/default.nix
View File

@ -11,7 +11,7 @@ pythonPackages.buildPythonPackage rec {
propagatedBuildInputs = with pythonPackages; [
twisted
pyopenssl
requests2
requests
service-identity
];
}

2
krebs/5pkgs/simple/urlwatch/default.nix
View File

@ -13,7 +13,7 @@ python3Packages.buildPythonPackage rec {
minidb
pycodestyle
pyyaml
requests2
requests
];
meta = {

2
krebs/source.nix
View File

@ -14,6 +14,6 @@ in
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "8ed299faacbf8813fc47b4fca34f32b835d6481e"; # nixos-17.03 @ 2017-09-09
ref = "07ca7b64d2ff2fa7a79e4eab1aba70ff746fed8c"; # nixos-17.09 @ 2017-10-02
};
}

5
lass/1systems/archprism/config.nix
View File

@ -156,11 +156,6 @@ in {
{ predicate = "-p tcp --dport 8080"; target = "ACCEPT";}
];
}
{
users.users.chat.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH"
];
}
{
time.timeZone = "Europe/Berlin";
}

7
lass/1systems/prism/config.nix
View File

@ -115,7 +115,12 @@ in {
};
services.nginx.virtualHosts."hackerfleet.de-s" = {
serverName = "hackerfleet.de";
port = 443;
listen = [
{
addr = "0.0.0.0";
port = 443;
}
];
serverAliases = [
"*.hackerfleet.de"
];

1
lass/2configs/bepasty.nix
View File

@ -31,7 +31,6 @@ in {
} //
genAttrs ext-doms (ext-dom: {
nginx = {
enableSSL = true;
forceSSL = true;
enableACME = true;
};

5
lass/2configs/copyq.nix
View File

@ -25,12 +25,15 @@ in {
environment = {
DISPLAY = ":0";
};
path = with pkgs; [
qt5.full
];
serviceConfig = {
SyslogIdentifier = "copyq";
ExecStart = "${pkgs.copyq}/bin/copyq";
ExecStartPost = copyqConfig;
Restart = "always";
RestartSec = "2s";
RestartSec = "15s";
StartLimitBurst = 0;
User = "lass";
};

3
lass/2configs/websites/sqlBackup.nix
View File

@ -3,12 +3,13 @@
{
krebs.secret.files.mysql_rootPassword = {
path = "${config.services.mysql.dataDir}/mysql_rootPassword";
owner.name = "root";
owner.name = "mysql";
source-path = toString <secrets> + "/mysql_rootPassword";
};
services.mysql = {
enable = true;
dataDir = "/var/mysql";
package = pkgs.mariadb;
rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
};

14
lass/2configs/weechat.nix
View File

@ -13,13 +13,19 @@ in {
uid = genid "chat";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-shodan.pubkey
config.krebs.users.lass-icarus.pubkey
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-shodan.pubkey
lass-icarus.pubkey
lass-android.pubkey
];
};
# mosh
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
];
#systemd.services.chat = {
# description = "chat environment setup";
# after = [ "network.target" ];

2
lass/2configs/wine.nix
View File

@ -5,7 +5,7 @@ let
in {
krebs.per-user.wine.packages = with pkgs; [
wineFull
wine
#(wineFull.override { wineBuild = "wine64"; })
];
users.users= {

3
lass/5pkgs/default.nix
View File

@ -4,9 +4,6 @@
nixpkgs.config.packageOverrides = rec {
acronym = pkgs.callPackage ./acronym/default.nix {};
dpass = pkgs.callPackage ./dpass {};
ejabberd = pkgs.callPackage ./ejabberd {
erlang = pkgs.erlangR16;
};
firefoxPlugins = {
noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {};
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};

28
lass/5pkgs/ejabberd/default.nix
View File

@ -1,28 +0,0 @@
{stdenv, fetchurl, expat, erlang, zlib, openssl, pam, lib}:
stdenv.mkDerivation rec {
version = "2.1.13";
name = "ejabberd-${version}";
src = fetchurl {
url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz";
sha256 = "0vf8mfrx7vr3c5h3nfp3qcgwf2kmzq20rjv1h9sk3nimwir1q3d8";
};
buildInputs = [ expat erlang zlib openssl pam ];
patchPhase = ''
sed -i \
-e "s|erl \\\|${erlang}/bin/erl \\\|" \
-e 's|EXEC_CMD=\"sh -c\"|EXEC_CMD=\"${stdenv.shell} -c\"|' \
src/ejabberdctl.template
'';
preConfigure = ''
cd src
'';
configureFlags = ["--enable-pam"];
meta = {
description = "Open-source XMPP application server written in Erlang";
license = stdenv.lib.licenses.gpl2;
homepage = http://www.ejabberd.im;
maintainers = [ lib.maintainers.sander ];
};
}

9
lass/source.nix
View File

@ -9,13 +9,8 @@ in
{
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
nixpkgs.git = {
url = http://cgit.lassul.us/nixpkgs;
# nixos-17.03
# + copytoram:
# 87a4615 & 334ac4f
# + acme permissions for groups
# fd7a8f1
ref = "2d3b4fe";
url = https://github.com/nixos/nixpkgs;
ref = "07ca7b6";
};
secrets.file = getAttr builder {
buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;

20
makefu/1systems/cake/config.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, pkgs, ... }:
{
imports = [
<stockholm/makefu>
# configure your hw:
# <stockholm/makefu/2configs/hw/CAC.nix>
# <stockholm/makefu/2configs/fs/CAC-CentOS-7-64bit.nix>
# <stockholm/makefu/2configs/save-diskspace.nix
];
krebs = {
enable = true;
tinc.retiolum.enable = true;
build.host = config.krebs.hosts.cake;
};
# You want to change these :)
boot.loader.grub.device = "/dev/sda";
fileSystems."/" = {
device = "/dev/sda1";
};
}

3
makefu/1systems/cake/source.nix Normal file
View File

@ -0,0 +1,3 @@
import <stockholm/makefu/source.nix> {
name="cake";
}

5
makefu/1systems/pnp/config.nix
View File

@ -34,10 +34,11 @@
krebs.Reaktor.debug = {
debug = true;
extraEnviron = {
REAKTOR_HOST = "ni.r";
# TODO: remove hard-coded server
REAKTOR_HOST = "irc.r";
};
plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ];
channels = [ "#retiolum" ];
channels = [ "#xxx" ];
};
krebs.build.host = config.krebs.hosts.pnp;

4
makefu/2configs/git/brain-retiolum.nix
View File

@ -19,9 +19,9 @@ let
post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;
verbose = true;
channel = "#retiolum";
channel = "#xxx";
# TODO remove the hardcoded hostname
server = "ni.r";
server = "irc.r";
};
};
};

4
makefu/2configs/git/cgit-retiolum.nix
View File

@ -57,9 +57,9 @@ let
post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;
verbose = config.krebs.build.host.name == "gum";
channel = "#retiolum";
channel = "#xxx";
# TODO remove the hardcoded hostname
server = "ni.r";
server = "irc.r";
};
};
};

2
makefu/2configs/stats/server.nix
View File

@ -2,7 +2,7 @@
with import <stockholm/lib>;
let
irc-server = "ni.r";
irc-server = "rc.r";
irc-nick = "m-alarm";
collectd-port = 25826;
influx-port = 8086;

1
makefu/2configs/tools/core-gui.nix
View File

@ -13,7 +13,6 @@
keepassx
pcmanfm
evince
skype
mirage
tightvnc
gnome3.dconf

2
makefu/2configs/tools/extra-gui.nix
View File

@ -6,7 +6,7 @@
gimp
inkscape
libreoffice
skype
# skype
synergy
tdesktop
virtmanager