Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2017-05-02 14:14:55 +02:00
commit dd4439bfc8
16 changed files with 148 additions and 112 deletions

View File

@ -427,7 +427,7 @@ with import <stockholm/lib>;
}; };
gum = rec { gum = rec {
cores = 1; cores = 2;
extraZones = { extraZones = {
"krebsco.de" = '' "krebsco.de" = ''
@ -448,7 +448,7 @@ with import <stockholm/lib>;
}; };
nets = rec { nets = rec {
internet = { internet = {
ip4.addr = "195.154.108.70"; ip4.addr = "188.68.40.19";
aliases = [ aliases = [
"gum.i" "gum.i"
]; ];
@ -456,7 +456,7 @@ with import <stockholm/lib>;
retiolum = { retiolum = {
via = internet; via = internet;
ip4.addr = "10.243.0.211"; ip4.addr = "10.243.0.211";
# ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2"; ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2";
aliases = [ aliases = [
"gum.r" "gum.r"
"cgit.gum.r" "cgit.gum.r"

View File

@ -2,23 +2,32 @@
with import <stockholm/lib>; with import <stockholm/lib>;
let let
external-mac = "3a:66:48:8e:82:b2";
external-ip = config.krebs.build.host.nets.internet.ip4.addr; external-ip = config.krebs.build.host.nets.internet.ip4.addr;
external-gw = "188.68.40.1";
external-netmask = 22;
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
in { in {
imports = [ imports = [
../. ../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/headless.nix ../2configs/headless.nix
../2configs/fs/simple-swap.nix
../2configs/fs/single-partition-ext4.nix ../2configs/fs/single-partition-ext4.nix
../2configs/smart-monitor.nix ../2configs/smart-monitor.nix
../2configs/git/cgit-retiolum.nix ../2configs/git/cgit-retiolum.nix
../2configs/backup.nix ../2configs/backup.nix
# ../2configs/mattermost-docker.nix # ../2configs/mattermost-docker.nix
../2configs/disable_v6.nix # ../2configs/disable_v6.nix
../2configs/exim-retiolum.nix ../2configs/exim-retiolum.nix
../2configs/tinc/retiolum.nix ../2configs/tinc/retiolum.nix
../2configs/urlwatch.nix ../2configs/urlwatch.nix
# Tools
../2configs/tools/core.nix
../2configs/tools/dev.nix
../2configs/tools/sec.nix
# services # services
../2configs/gum-share.nix ../2configs/gum-share.nix
../2configs/sabnzbd.nix ../2configs/sabnzbd.nix
@ -46,7 +55,7 @@ in {
# ../2configs/logging/central-logging-client.nix # ../2configs/logging/central-logging-client.nix
]; ];
services.smartd.devices = [ { device = "/dev/sda";} ]; services.smartd.devices = [ { device = main-disk;} ];
makefu.dl-dir = "/var/download"; makefu.dl-dir = "/var/download";
@ -83,16 +92,15 @@ in {
get get
]; ];
services.bitlbee.enable = true; services.bitlbee.enable = true;
systemd.services.bitlbee.environment.BITLBEE_DEBUG="1";
# Hardware # Hardware
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = main-disk;
boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
# Network # Network
services.udev.extraRules = '' services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="et0"
''; '';
boot.kernelParams = [ ]; boot.kernelParams = [ ];
networking = { networking = {
@ -124,9 +132,9 @@ in {
}; };
interfaces.et0.ip4 = [{ interfaces.et0.ip4 = [{
address = external-ip; address = external-ip;
prefixLength = 24; prefixLength = external-netmask;
}]; }];
defaultGateway = "195.154.108.1"; defaultGateway = external-gw;
nameservers = [ "8.8.8.8" ]; nameservers = [ "8.8.8.8" ];
}; };

50
makefu/1systems/iso.nix Normal file
View File

@ -0,0 +1,50 @@
{ config, pkgs, lib, ... }:
with import <stockholm/lib>;
{
imports = [
../.
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
../2configs/tools/core.nix
];
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
krebs.build.host = config.krebs.hosts.iso;
krebs.hidden-ssh.enable = true;
environment.systemPackages = with pkgs; [
aria2
ddrescue
];
environment.extraInit = ''
EDITOR=vim
'';
# iso-specific
boot.kernelParams = [ "copytoram" ];
services.openssh = {
enable = true;
hostKeys = [
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
# enable ssh in the iso boot process
systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
# hack `tee` behavior
nixpkgs.config.packageOverrides = super: {
irc-announce = super.callPackage <stockholm/krebs/5pkgs/irc-announce> {
pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [
pkgs.coreutils
(pkgs.writeDashBin "tee" ''
if test "$1" = /dev/stderr; then
while read -r line; do
echo "$line"
echo "$line" >&2
done
else
${super.coreutils}/bin/tee "$@"
fi
'')
];};
};
};
}

View File

@ -55,7 +55,10 @@ in {
../2configs/logging/central-stats-server.nix ../2configs/logging/central-stats-server.nix
# ../2configs/logging/central-logging-server.nix # ../2configs/logging/central-logging-server.nix
../2configs/logging/central-stats-client.nix ../2configs/logging/central-stats-client.nix
# services
../2configs/syncthing.nix ../2configs/syncthing.nix
../2configs/mqtt.nix
# ../2configs/logging/central-logging-client.nix # ../2configs/logging/central-logging-client.nix
# ../2configs/torrent.nix # ../2configs/torrent.nix

View File

@ -4,7 +4,7 @@ with import <stockholm/lib>;
{ {
imports = [ imports = [
{ {
users.extraUsers = users.users =
mapAttrs (_: h: { hashedPassword = h; }) mapAttrs (_: h: { hashedPassword = h; })
(import <secrets/hashedPasswords.nix>); (import <secrets/hashedPasswords.nix>);
} }
@ -134,6 +134,7 @@ with import <stockholm/lib>;
}; };
environment.shellAliases = { environment.shellAliases = {
# TODO: see .aliases
lsl = "ls -lAtr"; lsl = "ls -lAtr";
psg = "ps -ef | grep"; psg = "ps -ef | grep";
nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml"; nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";

9
makefu/2configs/mqtt.nix Normal file
View File

@ -0,0 +1,9 @@
{ ... }:
{
services.mosquitto = {
enable = true;
host = "0.0.0.0";
users = {};
allowAnonymous = true;
};
}

View File

@ -20,5 +20,6 @@
xdotool xdotool
xorg.xbacklight xorg.xbacklight
scrot scrot
wireshark
]; ];
} }

View File

@ -12,11 +12,11 @@
rsync rsync
exif exif
file file
# fs
ntfs3g ntfs3g
dosfstools
pv pv
proot
sshpass sshpass
populate
usbutils usbutils
p7zip p7zip
hdparm hdparm
@ -27,21 +27,30 @@
sysstat sysstat
which which
weechat weechat
curl
wget
wol wol
tmux tmux
iftop
mkpasswd
# storage
smartmontools smartmontools
cifs-utils cifs-utils
iftop # net
taskwarrior wget
mplayer curl
cac-api # stockholm
cac-panel git
gnumake
jq
parallel
proot
populate
rxvt_unicode.terminfo
krebspaste krebspaste
krebszones
ledger # TODO:
taskwarrior
pass pass
]; ];
} }

View File

@ -2,9 +2,15 @@
{ {
krebs.per-user.makefu.packages = with pkgs;[ krebs.per-user.makefu.packages = with pkgs;[
python35Packages.virtualenv
# embedded
flashrom
mosquitto
libcoap
nodemcu-uploader nodemcu-uploader
esptool esptool
python35Packages.virtualenv cac-api
flashrom cac-panel
krebszones
]; ];
} }

View File

@ -2,12 +2,13 @@
{ {
krebs.per-user.makefu.packages = with pkgs;[ krebs.per-user.makefu.packages = with pkgs;[
inkscape
gimp gimp
inkscape
libreoffice libreoffice
skype
virtmanager
synergy
saleae-logic saleae-logic
skype
synergy
tdesktop
virtmanager
]; ];
} }

View File

@ -8,5 +8,6 @@
calibre calibre
vlc vlc
mumble mumble
mplayer
]; ];
} }

View File

@ -11,6 +11,7 @@
nmap nmap
msf msf
thc-hydra thc-hydra
wireshark borgbackup
ledger
]; ];
} }

View File

@ -1,26 +0,0 @@
{ stdenv, fetchFromGitHub }:
stdenv.mkDerivation rec {
name = "f3-${version}";
version = "6.0";
enableParallelBuilding = true;
src = fetchFromGitHub {
owner = "AltraMayor";
repo = "f3";
rev = "v${version}";
sha256 = "1azi10ba0h9z7m0gmfnyymmfqb8380k9za8hn1rrw1s442hzgnz2";
};
makeFlags = [ "PREFIX=$(out)" ];
patchPhase = "sed -i 's/-oroot -groot//' Makefile";
meta = {
description = "Fight Flash Fraud";
homepage = http://oss.digirati.com.br/f3/;
license = stdenv.lib.licenses.gpl2;
platforms = stdenv.lib.platforms.linux;
maintainers = with stdenv.lib.maintainers; [ makefu ];
};
}

View File

@ -0,0 +1,27 @@
{ lib, stdenv, fetchFromGitHub, autoreconfHook, autoconf-archive, pkgconfig,
gettext, asciidoc, doxygen, libxml2, libxslt, docbook_xsl, ... }:
stdenv.mkDerivation rec {
name = "libcoap-${version}";
version = "4.1.2";
src = fetchFromGitHub {
owner = "obgm";
repo = "libcoap";
rev = "v${version}";
sha256 = "0f0qq15480ja1s03vn8lzw4b3mzdgy46hng4aigi6i6qbzf29kf5";
};
patchPhase = ''
sed -i 's/$(A2X)/& --no-xmllint/' examples/Makefile.am
'';
buildInputs = [ gettext asciidoc doxygen libxml2.bin libxslt docbook_xsl];
nativeBuildInputs = [ autoreconfHook autoconf-archive pkgconfig ];
meta = {
description = "";
homepage = http://coap.technology;
license = stdenv.lib.licenses.gpl2;
platforms = stdenv.lib.platforms.linux;
maintainers = with stdenv.lib.maintainers; [ makefu ];
};
}

View File

@ -1,26 +0,0 @@
{ stdenv, fetchgit, fuse, pkgconfig, which, attr, pandoc, git }:
stdenv.mkDerivation rec {
name = "mergerfs-${version}";
version = "2.16.1";
# not using fetchFromGitHub because of changelog being built with git log
src = fetchgit {
url = "https://github.com/trapexit/mergerfs";
rev = "refs/tags/${version}";
sha256 = "12fqgk54fnnibqiq82p4g2k6qnw3iy6dd64csmlf73yi67za5iwf";
deepClone = true;
};
buildInputs = [ fuse pkgconfig which attr pandoc git ];
makeFlags = [ "PREFIX=$(out)" "XATTR_AVAILABLE=1" ];
meta = {
homepage = https://github.com/trapexit/mergerfs;
description = "a FUSE based union filesystem";
license = stdenv.lib.licenses.isc;
maintainers = [ stdenv.lib.maintainers.makefu ];
};
}

View File

@ -1,29 +0,0 @@
{ stdenv, fetchgit, clang, makeWrapper, gnugrep }:
stdenv.mkDerivation rec {
name = "ps3netsrv-${version}";
version = "1.1.0";
enableParallelBuilding = true;
src = fetchgit {
url = "https://github.com/dirkvdb/ps3netsrv--";
fetchSubmodules = true;
rev = "e54a66cbf142b86e2cffc1701984b95adb921e81"; # latest @ 2016-05-24
sha256 = "09hvmfzqy2jckpsml0z1gkcnar8sigmgs1q66k718fph2d3g54sa";
};
nativeBuildInputs = [ gnugrep ];
buildPhase = "make CXX=g++";
installPhase = ''
mkdir -p $out/bin
cp ps3netsrv++ $out/bin
'';
meta = {
description = "C++ implementation of the ps3netsrv server";
homepage = https://github.com/dirkvdb/ps3netsrv--;
license = stdenv.lib.licenses.mit;
platforms = stdenv.lib.platforms.linux;
maintainers = with stdenv.lib.maintainers; [ makefu ];
};
}