Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
e1a287c78b
@ -21,6 +21,7 @@ let
|
|||||||
./go.nix
|
./go.nix
|
||||||
./iptables.nix
|
./iptables.nix
|
||||||
./lib.nix
|
./lib.nix
|
||||||
|
./newsbot-js.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
./nixpkgs.nix
|
./nixpkgs.nix
|
||||||
./on-failure.nix
|
./on-failure.nix
|
||||||
|
@ -19,6 +19,7 @@ with config.krebs.lib;
|
|||||||
addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"];
|
addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"];
|
||||||
aliases = [
|
aliases = [
|
||||||
"dishfire.retiolum"
|
"dishfire.retiolum"
|
||||||
|
"dishfire.r"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
@ -50,8 +51,10 @@ with config.krebs.lib;
|
|||||||
addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f763"];
|
addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f763"];
|
||||||
aliases = [
|
aliases = [
|
||||||
"echelon.retiolum"
|
"echelon.retiolum"
|
||||||
|
"echelon.r"
|
||||||
"cgit.echelon.retiolum"
|
"cgit.echelon.retiolum"
|
||||||
"go.retiolum"
|
"go.retiolum"
|
||||||
|
"go.r"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
@ -83,6 +86,7 @@ with config.krebs.lib;
|
|||||||
addrs6 = ["42:0000:0000:0000:0000:0000:0000:15ab"];
|
addrs6 = ["42:0000:0000:0000:0000:0000:0000:15ab"];
|
||||||
aliases = [
|
aliases = [
|
||||||
"prism.retiolum"
|
"prism.retiolum"
|
||||||
|
"prism.r"
|
||||||
"cgit.prism.retiolum"
|
"cgit.prism.retiolum"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
@ -114,6 +118,7 @@ with config.krebs.lib;
|
|||||||
addrs6 = ["42:422a:194f:ff3b:e196:2f82:5cf5:bc00"];
|
addrs6 = ["42:422a:194f:ff3b:e196:2f82:5cf5:bc00"];
|
||||||
aliases = [
|
aliases = [
|
||||||
"fastpoke.retiolum"
|
"fastpoke.retiolum"
|
||||||
|
"fastpoke.r"
|
||||||
"cgit.fastpoke.retiolum"
|
"cgit.fastpoke.retiolum"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
@ -128,6 +133,7 @@ with config.krebs.lib;
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRyEogeejET/UlqYYzrla3W2xG771oLK8uTFsVlVQFes4/c++Pp3KryJ/+avb/FQGlUb5YTO2SViZyAPTyw3Anv/8wxryB6ExDcfiiPL9D4Kgk559Gc1C+8vJu3Se3zB9huefllhdwsVkeFrInyWRarH3LNSbBq1TH2Rw/T4wyDVILu/QFxyqECdNzi6sufQ/92rEi3oDqlMbS8f45nbVm9CJpdn7ATwLW1PoBrrYkGll3P7ggOmR45rgldTVCLq3rIrIooiOaOhY1Leq+/sBeDa7fVeRFxFaLGYb9KFjQ4x2kL+3dDv0r726wKhrMQX75g/+Hqkv2di4/AGETI71b";
|
||||||
};
|
};
|
||||||
cloudkrebs = {
|
cloudkrebs = {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
@ -144,6 +150,7 @@ with config.krebs.lib;
|
|||||||
addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f762"];
|
addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f762"];
|
||||||
aliases = [
|
aliases = [
|
||||||
"cloudkrebs.retiolum"
|
"cloudkrebs.retiolum"
|
||||||
|
"cloudkrebs.r"
|
||||||
"cgit.cloudkrebs.retiolum"
|
"cgit.cloudkrebs.retiolum"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
@ -173,6 +180,7 @@ with config.krebs.lib;
|
|||||||
addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"];
|
addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"];
|
||||||
aliases = [
|
aliases = [
|
||||||
"uriel.retiolum"
|
"uriel.retiolum"
|
||||||
|
"uriel.r"
|
||||||
"cgit.uriel.retiolum"
|
"cgit.uriel.retiolum"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
@ -203,6 +211,7 @@ with config.krebs.lib;
|
|||||||
addrs6 = ["42:0:0:0:0:0:0:dea7"];
|
addrs6 = ["42:0:0:0:0:0:0:dea7"];
|
||||||
aliases = [
|
aliases = [
|
||||||
"mors.retiolum"
|
"mors.retiolum"
|
||||||
|
"mors.r"
|
||||||
"cgit.mors.retiolum"
|
"cgit.mors.retiolum"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
@ -229,6 +238,7 @@ with config.krebs.lib;
|
|||||||
addrs6 = ["42:0:0:0:0:0:0:7105"];
|
addrs6 = ["42:0:0:0:0:0:0:7105"];
|
||||||
aliases = [
|
aliases = [
|
||||||
"helios.retiolum"
|
"helios.retiolum"
|
||||||
|
"helios.r"
|
||||||
"cgit.helios.retiolum"
|
"cgit.helios.retiolum"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
@ -253,6 +263,7 @@ with config.krebs.lib;
|
|||||||
lass = {
|
lass = {
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
|
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
|
||||||
mail = "lass@mors.retiolum";
|
mail = "lass@mors.retiolum";
|
||||||
|
pgp.pubkeys.default = builtins.readFile ./default.pgp;
|
||||||
};
|
};
|
||||||
lass-uriel = {
|
lass-uriel = {
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";
|
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";
|
||||||
|
52
krebs/3modules/lass/default.pgp
Normal file
52
krebs/3modules/lass/default.pgp
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: GnuPG v2
|
||||||
|
|
||||||
|
mQINBFSZ3/oBEADYvRPoLdDkASIArXyWR5ccugJQURxMDgphAGrvj6qskSkn0chF
|
||||||
|
gnc/kcQr4aVTaDFdonSyHjYvspDOZm5BgHAICCu1PL8rkMTGS+vHM5dlwnok6IKy
|
||||||
|
e2aLjLPq5sHyp4+Zeq1eHe5TQ1cgN0cPdMMnEHd8GQke21pRQ5Vz79s8qRfWlt1Y
|
||||||
|
+OQ5uY/52iZ9qJ11/N4bPPe/Zm63sRTpGw14i8UCgBAsMQOG1XPUX2/IJc1CC9+1
|
||||||
|
Ohn/hPCbIdCbwOs7/HFFMRWmV6w4ul9gr7Js0owkWAS8FNOactS2i2SSwdONetKs
|
||||||
|
UbCVQ1PubPBZvh2Vij/oUBK5BvfNDR6nRYhOjYbt6PW/Q6bjqGecjnlO98dpcqag
|
||||||
|
+8bdl1JY9FpE4RzfuRgAFjVbtNztrmm9t6EuOHGZ5ec34TG9+i02ixh0YTEDK/Yt
|
||||||
|
my2MfIbGUbeIYRKJscqgxKkL6nv4x0lOvs8nDiUmqztGdSdTGni+BAWZz3+1xaJH
|
||||||
|
DTyQ36qYauBb5FWneRTBeagrDOAvvk/WxS+fMFZpnQovevOQBqxEL62fntikmMFn
|
||||||
|
ddPgq7R1VPdivvr+BO8yMI8i45Vn9EzIJR02WAp7oAsT966yzopVT4JLT8++CVPh
|
||||||
|
/VBrFID9yRyWjW5IJPsMsOt7z3UJaP08ua0UG4uVqo6dT6IdR8jKKxYdvwARAQAB
|
||||||
|
tCBsYXNzdWx1cyA8bGFzc3VsdXNAYWlkc2JhbGxzLmRlPokCPQQTAQoAJwUCVJnf
|
||||||
|
+gIbAwUJBaOagAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRAyqvthRFEnnviI
|
||||||
|
D/95QdNgttsly9CUeHKGfNGlJ2NgDepqob/VR2385q7cXCbFftRIsD0vaWYfsQ87
|
||||||
|
kbKs3fpeHz8teKqZtMnXYkPIaSK0TcoaqQtyfkmj+agP2YRSkNYonlmmCiCWkodP
|
||||||
|
2VnnmRUSwHcgxS14xsUHh13JXsU5nTHDAdJqOxUX6l6Lxb989h7Q8wTn5SX1XRVd
|
||||||
|
0U5P7fNXKvVF34J6uGyWraxQLOqJEEzi82F/61hbI6zVPhxu/R+qmiSqgHIlp0ax
|
||||||
|
u+8u3eyDVP1q95AMPaL1GsNYDcSl5njbkEbruSmjVcO99cD1ZLAODFJuaa+h/IvQ
|
||||||
|
HoPnFL3hRo0SHt/RimokboJL7nx5jT/0y+FtGuPMVKUqiLApOfoeWeHWVKgMLV/0
|
||||||
|
1+O4jEDRMNSIClI2YHdgyuQPBuHkaYXrrpDpJnYDEz2qAiijx+xIAPzifxebuVFV
|
||||||
|
NQl/XnXlzTmYrt0GHfCrNZa/ZtsqQqnJSRpydjey+ATGgs+3Oqa6z8lHhYx83ST2
|
||||||
|
cGsUmSnzk0TnxXmqwWxb3aGA0kO50atrObWwNXud7n3hu4V0FWwfHXUk8gJxtMN6
|
||||||
|
IenjLcI0WyLwSKvTazF6GSgtUhwNgON88eiqLS8CWdop4CEyEUfxFoZeQoS72Yzq
|
||||||
|
4pSOYPnbRDcBn2zkYaWyCTmf9qvWbZOu0Sl2lfy9n5LiKrkCDQRUmd/6ARAAq+Mt
|
||||||
|
/9LohA9Qnz/GjE504h38G3USXgEV9/ctr2PXkc2onW67u45trLSYLyCK6kDq3VIN
|
||||||
|
/3uLt8Pr+IL41NntW1exRtqohVeKI38CCqR5RP9tVxLkyxnpA/SPpSvOjWhyBkph
|
||||||
|
MRXYta1+nBHwxSaPcc2e+15pk/cYgg0cTY7Nvgo+wL4bgI+b2OHwwIwRov/t4aim
|
||||||
|
0y63OaCG82NqWrX7i2ONaR8RsZ8RHLnC+TyFaoj0mdp+vp4WFwxbqcIq+Vvn1m5j
|
||||||
|
gPlkzXK4Yrykp2IULGuj+qZyS043FzZYhbxZoE85zIMtQ5gV/ktaP25+YsU1bwb9
|
||||||
|
75FQvdMM827bbOJJ67/l96asQNg1TMzosL8/t9xLPDry4YYu8kRIPZgKWvT0Eg1Q
|
||||||
|
AWzWJCXplTdPlhj660OCGuuyv/XJIbhqtBVZhIyR7gs6EZHZ6FHax7F41fEWGgSv
|
||||||
|
WVAMrjrnG4XYAyCP1yiW1i7/ogCzKXYvV42tzBFuPcza6jhBnU17w5E7nwYaEWgA
|
||||||
|
02Ai7aTK9WDAi8j8emQ8XppU9hqEILSvR5tG4R0YOAUbIUplIpnpf8KcEhNy48ei
|
||||||
|
MuhiTJBjPyu7bRJoZXvipNPjqhESGlvrcr1QKuEqPLRcfLo3DOt3zgxBqOZZGHKL
|
||||||
|
ckaud05wevMPK09F7taLgwBCHOmAxiMa5NQVjL8AEQEAAYkCJQQYAQoADwUCVJnf
|
||||||
|
+gIbDAUJBaOagAAKCRAyqvthRFEnngGYD/wP77ax6yczKT/AHEvqyMMRPigLHIHy
|
||||||
|
XIWt8uNKwbn1RTXuH9Nj1rtVuj7ck4jscNwmDYeT52ZDxHQjLHWgAG0CBq6afdBi
|
||||||
|
VwLur6M7jv0EwY/SMed+QD1+a59kiO8+difwLDF+Q50lYQ4fmSGsfdQ4Qxesm92r
|
||||||
|
Y1Q/xFg1K9MNZbItpzYTE4P+ii4kU5BnWwExX2OEhhlrNUjJhA30HvvUID6bsguq
|
||||||
|
Jl7mWnGpS5YYqPxiABNI++TzYXQvP95nWGROvdx2vSPuJ756S8VJ81LL7BmQyQzq
|
||||||
|
8S/ciHjmgtgLRyncqqXl1uJBqtK+50vEFHxJrANdDNzD+K4S7+23DpRsmEl/2ECQ
|
||||||
|
laGsU6HtYbnr+hc1alE4uNMEN1/a75EFI59BISnUm8jIy1nLhcIXMhFh4JuG7kGk
|
||||||
|
2ePa4Gv2DafMR8N0WYPIhP3LIIDP0s9gv2QSA+5BmI9OhZDkz9Ubuut1+PMfWCXm
|
||||||
|
aNmF2Bh8puTffsFxGJSiQ4CXDzuNRqMR5wB0OCnB/WAnuZhRAJhXmgR8FJY+EvTN
|
||||||
|
PcA1QZIZ0hQGVf8eJ5Gx4W1w2Q6mQCGnCy1XtEkZP0BOP0Or5CMtqP/VSuwaF4wh
|
||||||
|
4FLYTOLZ7oDr2ErK/bhnpuoPoUU0y3n7AG/nhtmqenlMPLWB246XnEoJMb6Ar8vW
|
||||||
|
It6jrzDh3+COSQ==
|
||||||
|
=0gFT
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
51
krebs/3modules/makefu/brain.pgp
Normal file
51
krebs/3modules/makefu/brain.pgp
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: GnuPG v2
|
||||||
|
|
||||||
|
mQINBFXn/k4BEACmXMbhoAKsMC/gFqBrQq2mgvo8+FnUe4F6JznVh7NiPH0PUdDw
|
||||||
|
jRnK2EEpD+NoDt3A0jtq6C+wnr1V+p/jYAPxRcvv8a7ym+xuA4sBIPrlW1fQIuWF
|
||||||
|
EjYnUVnN16Qa1xJiQQyEDeleAxgg0luOdqBZ0myT84a9O0deN8JM+zwqT/+sLY9c
|
||||||
|
2fVGNv496/mt7Ct294QbS6cfdR26r8PZ1Wfo8cr8UhFfFft0TE267HJdoJ8NBvH/
|
||||||
|
BSEcoaS3kaxk2YyOdAJ1RgEoQY2w1/jeZv5IUyO7azAQUhbqBK7nVbgUd2l3nf4v
|
||||||
|
qmgNvvtcAlccY6L2M8BR6TI4Yw2hfbLOHPVTNjFlMXXX/MDYFFF9+GqmYOjyy5dy
|
||||||
|
8m4qA4ZEoHG9XT+xsZAsHJRFPBacSp2ydoVdlkJsEQnabb78NXLusgBBxhOmvVHe
|
||||||
|
5SeIvsrpn83/aIeHpLUQbzUdK3osERZUBTp9Pr0+dB+UkqThjE3MPntKcawm4cGN
|
||||||
|
dXY6iNXH4gGPOjb5ed0OzDiRS2bVyb0/F2wYXvIPE2e0CwJ0io2rRT410HfpFkWD
|
||||||
|
OPENdlNYb6FCXc4fpGxdtFL0hE6RZqBvwQAN9iDkEj+DxEwUc+yyroFRI25y+T1z
|
||||||
|
68T0xqVfKXUqcOmsACKtjlQ5QcikCj8kC9bNDln7v1Q9argSEJXJDdf3cwARAQAB
|
||||||
|
tBhwdyB1c2VyIDxyb290QGxvY2FsaG9zdD6JAjgEEwECACIFAlXn/k4CGwMGCwkI
|
||||||
|
BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEDtOh4EJ4fmcIecP/1+HMD22wilyb3hQ
|
||||||
|
QLKz+Wx37ZM6w0p9o0lMEeeUpcYPtWeVBqID6vxmqFwIOU5LtkHiE0yO8AcW7TYx
|
||||||
|
14Ql3mPWd594fKXr04mN9RM9wTr09S0P4nqKuq0cR3x5s4C30DoKoUqt3ZKSZRW/
|
||||||
|
4suhvebfYiTjlE5joH4lZy7bMaH2HpvLacZXGcyH7cmYfLuZekf1kNXRDh40IgrH
|
||||||
|
uzsXFoflhLEZouKWiV3mWFo1iIckvTDrFNHuJj5oHP2D3J1RYdbPNP+5yOu/34mt
|
||||||
|
wPK/R6MxXY+zKWZWU59Ll5nx+2wUkIP/MaE9Ubx1W0UdeB4In/Y/HhV2fwd9DFsq
|
||||||
|
cbKofeDRblEdaaTjiqc1MjSxyhPplApgG4389gXX4vszAuyxBq6AecJobYkzmVek
|
||||||
|
EOJVVqDFoT+a70p5hWMP5nQV7dE3jyy1esm6cjF9iv0cRf/GqZAIiNdeo9av56OO
|
||||||
|
H5uwamTwcRrDsy4xWzowUfJDB+nJzlXw08aQRTfczCZ3n5hXvqqxuoweH08hfm/S
|
||||||
|
oa0gU95mCkHYbscaxjXnkEgbuvCiVRhDqd8rZpi5WxNV63zHIaoeXIPVJH0zswIJ
|
||||||
|
MT2LofWB8W8in48rmRvUdzZlm/++c/9+evNyNyAyOmdRk6fP0nHdRmuINyeKc67P
|
||||||
|
0BrVstk/cywbNbpNBt+2uUJCemBBuQINBFXn/k4BEADQYsT81uL8XE9homHLRai0
|
||||||
|
3Xo/gVe5lwXWouzzVImEQIICvmBCjdzA1nPfKvdBcFsBfOro6aefETq/cZeL16It
|
||||||
|
zJKhh2HDJ/7oCuJM0OufkwoSBwJ4f0I+0zXsPZV0+P1ijPaKunYW+YpoFm3z8rLc
|
||||||
|
iX/kxYRgo13jCNphL/TKOoq3ZTREzDcBk9QR8yLTV5i0j1qrlIsAx7iTv1jrC1L6
|
||||||
|
fBZm40+wn0ahz9IgBWWv588i+1f7ekKQBYXi9n2+hSfMQ0ebhW14xG72eXDzV14Q
|
||||||
|
Yra+FNMOCeKhmHH9PnVw0NkwRPbtL92ZySeFMHxhYnBPckqBUuEO12TXUMWA9fzj
|
||||||
|
rpBjJWEtCRCeaSLAe5Nzleb09NKO3z4ghwedef/Cz8XZ+XDIpE/1yTQy0lSuLosw
|
||||||
|
ScmwG9UPYxpWWqJmC+H6GQ0qQmCgmPYG8b20JvnqROmsLooC/xmf4seT8J+fYpKt
|
||||||
|
fkQiuOd8RecW+1jyfr7qy2S3roNgNl7hyzlIHmtGnn3rYC4uCe4VjosvcPmnXP6N
|
||||||
|
Jcck3dQnFxmE+/JS1zdH47nDGJsn5fFrArdfU9DLGjU/L7BJt99vIvif89B2FF/n
|
||||||
|
0cR7bLeY72P1oJw+tgrsjo9uaS9u9vk/J8+Rhf3TIqbHfFh7/42sdkgk3Mqha+Bn
|
||||||
|
wAOpUP3tjdDTwow9/2iYjQARAQABiQIfBBgBAgAJBQJV5/5OAhsMAAoJEDtOh4EJ
|
||||||
|
4fmcTy8P/03eVL9GoarIjwRxYY8U23fU4xNIypkNrjspjJHVRcKJFCyA2/R9toKf
|
||||||
|
0XGJIM2fwBo6beH0rinq8Xm8hrT/gFIWupuDLSTR/km0UD6CtfFOIt+5jw3c5mMR
|
||||||
|
u9DbSWAiRYGzQKYYZUy5mdMG/kokDRSm5D0lO+YnLZtpECZn/Zi5rPKzbGyMus+a
|
||||||
|
fm8a/eNko+Eg6j8FSYBm+d8SKYdoLJN3R7hYji7JuERMs+UZMsuriSAn2Af2Jn1I
|
||||||
|
hc7fiwotrMdNifyWCtYqiFvcrsm8K8EC2J0KsieydBHwCuamlqTrjqVejbITD8Jl
|
||||||
|
ghTGNHe/crP7/XKTjKva+1+VJAHDLylZgcArQSKa+SsWB/GoKB0x9UEWThJ1DLi4
|
||||||
|
j2GhNlCIYZtPBQMu3+2btDj0A3IUQp4aW0nd5+0zz0H7JVrl+pI37uUxTiXCZG9X
|
||||||
|
fjXrcP3niJhraHTG8mWD1v8+cG3NXpv/IZN82Z+sQlpabwjpybag2CeTfhEoFtEl
|
||||||
|
V6ez9wpgBKeDsLDLOB8VRgpsikw9f6H8GAUZe2PjKUwiDtptqa37nU+3A6wPiO2s
|
||||||
|
AWT/7D6vhMpDncp7E9DcsmsU9LNt7D+ISqi4uLKYJcfmqbJOui2YFo3zsYP8TqQD
|
||||||
|
JTZ1lSpFpipJpi6mAzQUS4P3H+aUjeW/LWiSS/YNmGIOAUeB6Y3c
|
||||||
|
=rEQB
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
@ -89,19 +89,14 @@ with config.krebs.lib;
|
|||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
|
MIIBCgKCAQEAnztrijsfao+fmNtwAjqwIDKsRaMP3ECsq2T2zqKvxwCyXk69G9bG
|
||||||
HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
|
RFhWjgaawS9ZhnHSlgWK/vtoR0O9NxpzdU/mvdQijbVGxM02DegjO9qDSIe8EGmA
|
||||||
mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
|
kscW4nDqYtw4rtjOVPfnNiWXbcWD8eiYR0kcSWmSvfOpVvdhTETqduTx5HRHyEFD
|
||||||
n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
|
JRQYR/tJSvVWXmM670PENAPNJFJ4VSJR60s5A+bFT7J/uw7HzJXX28LygJz73Dj2
|
||||||
R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
|
2a4ev0WcZQngLq072h/91R/TOpg+ogUDVhXkQtKyFj7im0287JTL4bXGofZBhzaf
|
||||||
Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
|
+h9dFGs1QLoNyhG/cgt9fog7boSXTelAiQIDAQAB
|
||||||
aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
|
|
||||||
ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
|
|
||||||
KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
|
|
||||||
XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
|
|
||||||
teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
|
|
||||||
-----END RSA PUBLIC KEY-----
|
-----END RSA PUBLIC KEY-----
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||||
@ -548,6 +543,29 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
senderechner = rec {
|
||||||
|
cores = 2;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
addrs4 = ["10.243.0.163"];
|
||||||
|
addrs6 = ["42:b67b:5752:a730:5f28:d80d:6b37:5bda/128"];
|
||||||
|
aliases = [
|
||||||
|
"senderechner.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7
|
||||||
|
lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X
|
||||||
|
rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL
|
||||||
|
inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT
|
||||||
|
BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO
|
||||||
|
OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
muhbaasu = rec {
|
muhbaasu = rec {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
nets = {
|
nets = {
|
||||||
@ -582,17 +600,19 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
|||||||
makefu = {
|
makefu = {
|
||||||
mail = "makefu@pornocauster.retiolum";
|
mail = "makefu@pornocauster.retiolum";
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster";
|
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster";
|
||||||
|
pgp.pubkeys.default = builtins.readFile ./default.pgp;
|
||||||
|
pgp.pubkeys.brain = builtins.readFile ./brain.pgp;
|
||||||
};
|
};
|
||||||
makefu-omo = {
|
makefu-omo = {
|
||||||
inherit (makefu) mail;
|
inherit (makefu) mail pgp;
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch";
|
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch";
|
||||||
};
|
};
|
||||||
makefu-tsp = {
|
makefu-tsp = {
|
||||||
inherit (makefu) mail;
|
inherit (makefu) mail pgp;
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp";
|
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp";
|
||||||
};
|
};
|
||||||
makefu-vbob = {
|
makefu-vbob = {
|
||||||
inherit (makefu) mail;
|
inherit (makefu) mail pgp;
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob";
|
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob";
|
||||||
};
|
};
|
||||||
exco = {
|
exco = {
|
||||||
|
64
krebs/3modules/makefu/default.pgp
Normal file
64
krebs/3modules/makefu/default.pgp
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: GnuPG v2
|
||||||
|
|
||||||
|
mQINBE6quoQBEACemTuY0Ujeygxdyds3ugPbKuIsJMCQSdXAKsCkH4vV5qam8rQP
|
||||||
|
AabpYyQfew9nCUCJa4NkKFrLnGz4d7rl1u5ihVqMctYeJqZdtX88DqqNKQXoqKQv
|
||||||
|
crF5hcZmUtbGe5eyoMV55hiODPVPTVra6pbxWwhqa0pYeXEyDy1BPoqgcP0DUFho
|
||||||
|
yBeoyw71ujgdJZvl5rq6ZVjTGuToNKHn5UBDMu6n0rl9Ha7ukL4Gx8hOhmK8yv87
|
||||||
|
zuUzBRQkTgoC48JA3Bt0kb15ghbOV7D411ZhmhEqWwE/OBk3//6MOGu24Mm0OG8J
|
||||||
|
+tbEMysck0LYe5q5U/2cmGsqlwV6FXLmnPOj6H4XtdTBDVXo/Hp6A8mVR1sSDopc
|
||||||
|
/2TnTwv0cdGOIS1CgxUc/qS6a8h+2UGaLSPnuPBWom163YbO/vgj8Th5q3N2DiRO
|
||||||
|
EP+mGCKn1/cghU7WjMny8z59A7SeZ0rRN8KaMlFEZMlgtQf7/6EjL5Ulo5H0vb2m
|
||||||
|
G5lAfW5xz55Y6M06sEl2wJ4pkgt+jeWRItKQvyqcdFEfiJfuP0+ESmQIMvz2ZnDC
|
||||||
|
ZJzpmjP5uDwqu5THcTHvJ/ptSHRtXEiqqwrpQ0dqtwxLMJtIdgOohVoPAUNTTXcy
|
||||||
|
XmL0qZsLFI2We2v0jgYMcYw1gswsksMLLmnVWlAsBqCALRyu4Ptxrkg9NwARAQAB
|
||||||
|
tB5tYWtlZnUgPHJvb3RAc3ludGF4LWZlaGxlci5kZT6JAjgEEwECACIFAk6quoQC
|
||||||
|
GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEMk6uSvVJeKfr5UP/3vvBlZQ
|
||||||
|
9DjLRBx9YUjbq34LDl/wdDX7Fwsdb+TccUiOgKW2RAXbdnff2r5VRn4VSDUYoFfN
|
||||||
|
qtDrxKl04IWeVwiaTjCJdXp6veSpov5GcmARgPUow8v9Eu2gZw0o1LvW7NFP5e3u
|
||||||
|
YxmSTrlVGZMTCkwIkYoaETseCE0qsahWD0zCM19rAEuTkwKOQo58mXFUzNq829Ex
|
||||||
|
OAv4zIQE6V7SKKOZzXhvBu3s1ql1SDfmciaszMlwwPtwgFBkg1HrFvuimU7zqGkf
|
||||||
|
wQpWt91j8kJZdAC8iUf/7UNh/VZu+n9jtmynunRrY2PgPh6LgeDmiaTbVfHX51/3
|
||||||
|
R01dzzTk0dnqwosNoc1u8Xsb/rTs9LDsncteUGKgiEh+LRjouGGh/C1g58dkF0wP
|
||||||
|
S00dgnEhI9d8ui/yTPa47l3zDSa/m6Nq6oEGVbZDivNDuTV1jfhrs0v3kx50aK0O
|
||||||
|
y+exKMmgxoxeCMZs53iHXiXAcsHSj+Gue6W2jDvRjaPqfxnM3GNd7y9ix8IF43R6
|
||||||
|
n1oAZo7zWA4a5iq8yvBTjKqyDJAKu8C4kYM/9FMJlDgUjWYvNI4BiG1iw0iGVAjt
|
||||||
|
JHz/QEM/7Mg7fw1rtJB/A9ezLJGyiDcc5GwrLIVl6U8stNWF0ZqgtwWKF1lm0Faj
|
||||||
|
mPRDdOVZNTPw61YNqHJGdHVBD0usx3Xg/4V6tC5GZWxpeCBSaWNodGVyIDxGZWxp
|
||||||
|
eC5SaWNodGVyQHN5bnRheC1mZWhsZXIuZGU+iQI4BBMBAgAiBQJSpxSDAhsDBgsJ
|
||||||
|
CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDJOrkr1SXin4w8D/9QY5oTvCmFERHR
|
||||||
|
uUgGyU1hPomIE6RrSxoeqHsMUhUuqNeWYk0T/Oju/sZLlWUuBZHLTXeGPyFEe0/n
|
||||||
|
6ys4cqTSwCKUdB0kQO3GAzPKGmC6C5trQaMpY+A6yVi3He6rN37+XjfjrY+o7Rbl
|
||||||
|
s8K6S3jR/f/MSODjRnGNPTLsuDYKo+d4RwlWv2G+RFHueh4/aef0s3lzoDbmdJiW
|
||||||
|
zXaTqiCKgG34GzQO4hs6MsyG9mJo05qXvMAGgCyRDJkbcmwjgQonlEi6TIJyQ3J2
|
||||||
|
CNLrl2UW5eUFKnZbWGZYL7Ojsq0UnRna6z1L4sxk1kCLxn1Gz8RiisJ1bUOM85vZ
|
||||||
|
dTyFTb9+iC43c2IbLpF139ic+hb6dYJC392cOwrT2UgfUuzqocY2V/HXjVsqsNtL
|
||||||
|
t4tnoZkZhjFMaUe5FQbUYwtA2IqqrqD7iC7ULtclYa2tvW2HIAs4VjocWxfbgY4b
|
||||||
|
He99Ma5xSNL171a34n2ZayjsI8cbYtHvVPTZ8Zs6xqsz8D+o+m0bBxGobOAkb6yN
|
||||||
|
UUdZjo5Jdcr2AxAITEgzgzcWR0sCbn+6Jj7XJuz2SYEtOhZBrY7tONoOkrysCtJD
|
||||||
|
fKOp2RCq60ZHMqoBTyyxtQ6LG/I0bZs7a2/6Wc3O3VhSIGgjSOan7N4G13CJqfFA
|
||||||
|
FfMATGPnK+nYxmVAQ2VR0GxscvjdBLkCDQROqrqEARAAzYUNba4eFVDLlF2SzSra
|
||||||
|
VMyV9eNBdi64tNQVTFDH+bj2KgcPKZXBUXDz+hizOb3jegaBojlbf6LYUgzQMQ96
|
||||||
|
uHcE/mlBhtU1nUYKEH82kblA6UVOrtSyK/2MIX/aoK7C+pKFSIEkl2/V4NtPQ6Ay
|
||||||
|
H+UQ8c6uOP6Z0raaawjZ/rzvxIlVPD0Ou0PtJf6l0UtMQRWpYcwNl3O6JgMFhqP4
|
||||||
|
LipP40aYEuxr9RUynWBb8HzXj1R5imPgF+F47L8EPKDgIqEr6OLWigQ6pBpKM8xP
|
||||||
|
lMQByGvv5Xi35rqMwn2porHwYE5BIUIQcSSSdhSxgwB0G/hlpucX7wtUMheAUFTj
|
||||||
|
sVVK5jirMf30h4NUlpyO1hNblIM+oex96yir8PRZwQFkZ8CFeMDXjsNYUhcqyAJC
|
||||||
|
Lr64XiaX7VdIshcIF07tC/Rjd7qKOs21phzIJ7FkYYFkhh607q6rzH7pBsnckJnX
|
||||||
|
ydFIo412ig4dac2f2FSgZXPYyZ9T6y9raL3Aq1WigOncG+ajpN60/r1pXXggoIgr
|
||||||
|
ZuSMXpklr3z7DZ+M5Vk7EjpTZqfUkcBuS9ObsfX/oIpVaY5MCZobjw4iBEee/t+f
|
||||||
|
4YigdPTWWxoHA259S2dH3MdWzIH515VWjUD4E7Jf9iEoYygT98u3fV/1GHjBsQTg
|
||||||
|
2CTXRCG3xpHnPliLvwkt6z8AEQEAAYkCHwQYAQIACQUCTqq6hAIbDAAKCRDJOrkr
|
||||||
|
1SXin9vjD/46juH2MLa/iyXzbz4QxEHt5/USZ+RFh8Bt5iBEGVvKY97QlOJ6Eq8Z
|
||||||
|
9BMA1z+QpdkU2Rx7H2l9ohA5Kznlz80KUGzkkEwCZTqycLLX2/oq825dqF0H6hJu
|
||||||
|
9R95ltC8xIYvW0KPunnyU4HO+RyVM544vR1KKBTXV/+ojHD2BviDQ41bFNfYjo+N
|
||||||
|
uInrJWCgsxAC1fhnxLjQH74BkBSMF0S85y68EnHbJ/4IAud24shb6blsF1Sjf1CK
|
||||||
|
UX0ZWwbBWj7cMg0pfkczdl7Y7pHJqOr/UrC40jHVO4CX0JrxhOT7u4cvhv0E4Y3O
|
||||||
|
y9+Js7+fM6Ua+YF6TuArOorOCH8vzx6xvM1AW2U5jS3iMglIi6fXEYRuQB9ygPTc
|
||||||
|
wJ/ByBApEKC7O0kA0PhwEF4FTgZntThlaJ+2rsUseONAXqZTJaX+CXtQdw6IVa8n
|
||||||
|
SmXN01YsZzW1qFhbBSYHowqbOxbW9WH0ObtL+bxfJbG8HrVoXZJ5pcytzIDsGbtE
|
||||||
|
1M2AQPZ4CaaWDGEvnM3REo1OOAf3f4Vf9C59suPoKVWqalBb94AhQqka8nZ81jL9
|
||||||
|
tXDt0Yuaj2xroCNstmRFOgXJBWWx59kVdU9yoC2K0AWNrMdHAuyevgscAHsKkXq5
|
||||||
|
4C1xL0RuUlNZ1qcX7Ev7kcLJ1RxRyXZQCbpIUi+UAWuNgEwMEHo1eQ==
|
||||||
|
=rHPd
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
@ -4,10 +4,12 @@ with builtins;
|
|||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.lass.newsbot-js;
|
inherit (config.krebs.lib) genid;
|
||||||
|
|
||||||
|
cfg = config.krebs.newsbot-js;
|
||||||
|
|
||||||
out = {
|
out = {
|
||||||
options.lass.newsbot-js = api;
|
options.krebs.newsbot-js = api;
|
||||||
config = mkIf cfg.enable imp;
|
config = mkIf cfg.enable imp;
|
||||||
};
|
};
|
||||||
|
|
@ -54,6 +54,34 @@ let
|
|||||||
type = with types; string;
|
type = with types; string;
|
||||||
default = "";
|
default = "";
|
||||||
};
|
};
|
||||||
|
ssl = mkOption {
|
||||||
|
type = with types; submodule ({
|
||||||
|
options = {
|
||||||
|
enable = mkEnableOption "ssl";
|
||||||
|
certificate = mkOption {
|
||||||
|
type = str;
|
||||||
|
};
|
||||||
|
certificate_key = mkOption {
|
||||||
|
type = str;
|
||||||
|
};
|
||||||
|
#TODO: check for valid cipher
|
||||||
|
ciphers = mkOption {
|
||||||
|
type = str;
|
||||||
|
default = "AES128+EECDH:AES128+EDH";
|
||||||
|
};
|
||||||
|
prefer_server_ciphers = mkOption {
|
||||||
|
type = bool;
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
|
protocols = mkOption {
|
||||||
|
type = listOf (enum [ "SSLv2" "SSLv3" "TLSv1" "TLSv1.1" "TLSv1.2" ]);
|
||||||
|
default = [ "TLSv1.1" "TLSv1.2" ];
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
default = {};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
default = {};
|
default = {};
|
||||||
@ -89,14 +117,28 @@ let
|
|||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
to-server = { server-names, listen, locations, extraConfig, ... }: ''
|
to-server = { server-names, listen, locations, extraConfig, ssl, ... }:
|
||||||
server {
|
let
|
||||||
${concatMapStringsSep "\n" (x: "listen ${x};") listen}
|
_extraConfig = if ssl.enable then
|
||||||
server_name ${toString server-names};
|
extraConfig + ''
|
||||||
${indent extraConfig}
|
ssl_certificate ${ssl.certificate};
|
||||||
${indent (concatMapStrings to-location locations)}
|
ssl_certificate_key ${ssl.certificate_key};
|
||||||
}
|
${optionalString ssl.prefer_server_ciphers "ssl_prefer_server_ciphers On;"}
|
||||||
'';
|
ssl_ciphers ${ssl.ciphers};
|
||||||
|
ssl_protocols ${toString ssl.protocols};
|
||||||
|
''
|
||||||
|
else
|
||||||
|
extraConfig
|
||||||
|
;
|
||||||
|
|
||||||
|
in ''
|
||||||
|
server {
|
||||||
|
${concatMapStringsSep "\n" (x: "listen ${x};") (listen ++ optional ssl.enable "443 ssl")}
|
||||||
|
server_name ${toString server-names};
|
||||||
|
${indent _extraConfig}
|
||||||
|
${indent (concatMapStrings to-location locations)}
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
|
||||||
in
|
in
|
||||||
out
|
out
|
||||||
|
@ -25,9 +25,9 @@ in nodePackages.buildNodePackage {
|
|||||||
name = "newsbot-js";
|
name = "newsbot-js";
|
||||||
|
|
||||||
src = fetchgit {
|
src = fetchgit {
|
||||||
url = "http://cgit.echelon/newsbot-js/";
|
url = "http://cgit.prism/newsbot-js/";
|
||||||
rev = "802b172d0eed6c9625a9cb5db408f5cc8c01784e";
|
rev = "09e01639be4ea9691cf5b33f7d9057b68ac98079";
|
||||||
sha256 = "794fc7845aca311f7cf7b6bdc109b5a25d0e2299322bc6612edadc477b2536e2";
|
sha256 = "28ffbed66c2efcd194c47823c7d5d5533c80852fc0cf9d9d4ee609c71d50c142";
|
||||||
};
|
};
|
||||||
|
|
||||||
phases = [
|
phases = [
|
@ -19,12 +19,8 @@ with builtins;
|
|||||||
# };
|
# };
|
||||||
#}
|
#}
|
||||||
{
|
{
|
||||||
krebs.iptables = {
|
services.elasticsearch = {
|
||||||
tables = {
|
enable = true;
|
||||||
filter.INPUT.rules = [
|
|
||||||
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
@ -25,6 +25,7 @@
|
|||||||
../2configs/teamviewer.nix
|
../2configs/teamviewer.nix
|
||||||
../2configs/libvirt.nix
|
../2configs/libvirt.nix
|
||||||
../2configs/fetchWallpaper.nix
|
../2configs/fetchWallpaper.nix
|
||||||
|
../2configs/cbase.nix
|
||||||
#../2configs/buildbot-standalone.nix
|
#../2configs/buildbot-standalone.nix
|
||||||
{
|
{
|
||||||
#risk of rain port
|
#risk of rain port
|
||||||
@ -141,10 +142,16 @@
|
|||||||
services.elasticsearch = {
|
services.elasticsearch = {
|
||||||
enable = true;
|
enable = true;
|
||||||
plugins = [
|
plugins = [
|
||||||
pkgs.elasticsearchPlugins.elasticsearch_kopf
|
# pkgs.elasticsearchPlugins.elasticsearch_kopf
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.postgresql;
|
||||||
|
};
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.mors;
|
krebs.build.host = config.krebs.hosts.mors;
|
||||||
@ -270,16 +277,17 @@
|
|||||||
emulateWheel = true;
|
emulateWheel = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.xserver = {
|
#services.xserver = {
|
||||||
videoDriver = "intel";
|
# videoDriver = "intel";
|
||||||
vaapiDrivers = [ pkgs.vaapiIntel ];
|
# vaapiDrivers = [ pkgs.vaapiIntel ];
|
||||||
deviceSection = ''
|
# deviceSection = ''
|
||||||
Option "AccelMethod" "sna"
|
# Option "AccelMethod" "sna"
|
||||||
BusID "PCI:0:2:0"
|
# BusID "PCI:0:2:0"
|
||||||
'';
|
# '';
|
||||||
};
|
#};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
acronym
|
||||||
cac-api
|
cac-api
|
||||||
sshpass
|
sshpass
|
||||||
get
|
get
|
||||||
@ -328,7 +336,4 @@
|
|||||||
tapButtons = false;
|
tapButtons = false;
|
||||||
twoFingerScroll = true;
|
twoFingerScroll = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
#for google hangout
|
|
||||||
users.extraUsers.gm.extraGroups = [ "audio" "video" ];
|
|
||||||
}
|
}
|
||||||
|
@ -83,10 +83,10 @@ in {
|
|||||||
{
|
{
|
||||||
sound.enable = false;
|
sound.enable = false;
|
||||||
}
|
}
|
||||||
{
|
#{
|
||||||
#workaround for server dying after 6-7h
|
# #workaround for server dying after 6-7h
|
||||||
boot.kernelPackages = pkgs.linuxPackages_4_2;
|
# boot.kernelPackages = pkgs.linuxPackages_4_2;
|
||||||
}
|
#}
|
||||||
{
|
{
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
}
|
}
|
||||||
@ -119,7 +119,8 @@ in {
|
|||||||
}
|
}
|
||||||
{
|
{
|
||||||
users.users.chat.openssh.authorizedKeys.keys = [
|
users.users.chat.openssh.authorizedKeys.keys = [
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJJKlOeAHyi7lToCqRF/hdA2TrtVbrTUd2ayuWsXe9JWiyeyKH/LNY3SrgxCWPZSItE9VK68ghMuVYK/A8IAcgzNhzFYLDxmtsidjiOJBj2ZGsjqevoQ5HuKB/pob8CLW3dr1Rx38Any/XXxpfeO6vemCJMGLTe5gSlrCI+Tk1qNt0Rz+rke73Hwt9wW39g8X3prF2q9ryL9OFCcsoYUE7PIOV9xM1GaDFfTR4bKux7HyFKmG+rBvmJHB5OPW8UAtVZGY/FIChwlmF6QNO5Zym497bG1RCOGplaLpRXVJrmoUkZUO7EazePPxIjz2duWYqFtwl5R9YGy1+a+F58G19DS7wJHM29td117/ZANjRTxE5q/aJm2okJYOVSqhYzdhji+BWVZ5ai7cktpAdtPo++yiZN90LvogXNB64kFxVGuX52xZcA3KLKmvrd47o9k0pzO+oCoArxPFIx0YkHfy/yw7OG8Z+KLK8l9WXWBZO5TpjcydnEcRZ8OEqVhtmDh+9h1zhPphuFBtT1JPbt8m132RUy23qsNRtZ/lnnfQbrxgHPRzVuvA8o4ahOEUdvV9SYnzKb6qMFXGp25EhlcWnR4/toyG6I3paBtByeHkaxjgCuvm9Hob6f/xFr3kEJ4WXTVguyrcFgNg2EcEfdkrTMhNn9OIHEFFQ8whIBv5jlw== JuiceSSH"
|
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH"
|
||||||
|
config.krebs.users.lass-uriel.pubkey
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
@ -134,6 +135,12 @@ in {
|
|||||||
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
|
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
services.tor = {
|
||||||
|
enable = true;
|
||||||
|
client.enable = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.prism;
|
krebs.build.host = config.krebs.hosts.prism;
|
||||||
|
@ -15,15 +15,6 @@ with builtins;
|
|||||||
../2configs/bitlbee.nix
|
../2configs/bitlbee.nix
|
||||||
../2configs/weechat.nix
|
../2configs/weechat.nix
|
||||||
../2configs/skype.nix
|
../2configs/skype.nix
|
||||||
{
|
|
||||||
users.extraUsers = {
|
|
||||||
root = {
|
|
||||||
openssh.authorizedKeys.keys = map readFile [
|
|
||||||
../../krebs/Zpubkeys/uriel.ssh.pub
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.uriel;
|
krebs.build.host = config.krebs.hosts.uriel;
|
||||||
|
@ -54,8 +54,8 @@ with config.krebs.lib;
|
|||||||
#secrets-common = "/home/lass/secrets/common";
|
#secrets-common = "/home/lass/secrets/common";
|
||||||
stockholm = "/home/lass/stockholm";
|
stockholm = "/home/lass/stockholm";
|
||||||
nixpkgs = {
|
nixpkgs = {
|
||||||
url = https://github.com/Lassulus/nixpkgs;
|
url = https://github.com/NixOS/nixpkgs;
|
||||||
rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
|
rev = "40c586b7ce2c559374df435f46d673baf711c543";
|
||||||
dev = "/home/lass/src/nixpkgs";
|
dev = "/home/lass/src/nixpkgs";
|
||||||
};
|
};
|
||||||
} // optionalAttrs config.krebs.build.host.secure {
|
} // optionalAttrs config.krebs.build.host.secure {
|
||||||
@ -68,8 +68,9 @@ with config.krebs.lib;
|
|||||||
|
|
||||||
users.mutableUsers = false;
|
users.mutableUsers = false;
|
||||||
|
|
||||||
|
services.timesyncd.enable = true;
|
||||||
|
|
||||||
#why is this on in the first place?
|
#why is this on in the first place?
|
||||||
services.ntp.enable = false;
|
|
||||||
services.nscd.enable = false;
|
services.nscd.enable = false;
|
||||||
|
|
||||||
boot.tmpOnTmpfs = true;
|
boot.tmpOnTmpfs = true;
|
||||||
@ -81,7 +82,7 @@ with config.krebs.lib;
|
|||||||
# multiple-definition-problem when defining environment.variables.EDITOR
|
# multiple-definition-problem when defining environment.variables.EDITOR
|
||||||
environment.extraInit = ''
|
environment.extraInit = ''
|
||||||
EDITOR=vim
|
EDITOR=vim
|
||||||
PAGER=most
|
MANPAGER=most
|
||||||
'';
|
'';
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
@ -104,6 +105,9 @@ with config.krebs.lib;
|
|||||||
|
|
||||||
#stuff for dl
|
#stuff for dl
|
||||||
aria2
|
aria2
|
||||||
|
|
||||||
|
#neat utils
|
||||||
|
krebspaste
|
||||||
];
|
];
|
||||||
|
|
||||||
programs.bash = {
|
programs.bash = {
|
||||||
|
@ -33,16 +33,19 @@ in {
|
|||||||
|
|
||||||
dmenu
|
dmenu
|
||||||
gitAndTools.qgit
|
gitAndTools.qgit
|
||||||
mpv
|
|
||||||
much
|
much
|
||||||
pavucontrol
|
pavucontrol
|
||||||
powertop
|
powertop
|
||||||
push
|
push
|
||||||
slock
|
slock
|
||||||
sxiv
|
sxiv
|
||||||
|
xorg.xbacklight
|
||||||
xsel
|
xsel
|
||||||
zathura
|
zathura
|
||||||
|
|
||||||
|
mpv
|
||||||
|
mpv-poll
|
||||||
|
yt-next
|
||||||
#window manager stuff
|
#window manager stuff
|
||||||
#haskellPackages.xmobar
|
#haskellPackages.xmobar
|
||||||
#haskellPackages.yeganesh
|
#haskellPackages.yeganesh
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
|
inherit (config.krebs.lib) genid;
|
||||||
|
|
||||||
mainUser = config.users.extraUsers.mainUser;
|
mainUser = config.users.extraUsers.mainUser;
|
||||||
createChromiumUser = name: extraGroups: packages:
|
createChromiumUser = name: extraGroups: packages:
|
||||||
{
|
{
|
||||||
@ -8,6 +10,7 @@ let
|
|||||||
inherit name;
|
inherit name;
|
||||||
inherit extraGroups;
|
inherit extraGroups;
|
||||||
home = "/home/${name}";
|
home = "/home/${name}";
|
||||||
|
uid = genid name;
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
@ -28,6 +31,7 @@ let
|
|||||||
inherit name;
|
inherit name;
|
||||||
inherit extraGroups;
|
inherit extraGroups;
|
||||||
home = "/home/${name}";
|
home = "/home/${name}";
|
||||||
|
uid = genid name;
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
@ -48,16 +52,17 @@ in {
|
|||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
(pkgs.writeScriptBin "browser-select" ''
|
(pkgs.writeScriptBin "browser-select" ''
|
||||||
BROWSER=$(echo -e "ff\ncr\nfb\ngm\nflash" | dmenu)
|
BROWSER=$(echo -e "ff\ncr\nwk\nfb\ngm\nflash" | dmenu)
|
||||||
$BROWSER $@
|
$BROWSER $@
|
||||||
'')
|
'')
|
||||||
];
|
];
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
( createFirefoxUser "ff" [ "audio" ] [ ] )
|
( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] )
|
||||||
( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
|
( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
|
||||||
( createChromiumUser "fb" [ ] [ pkgs.chromium ] )
|
( createChromiumUser "wk" [ "audio" ] [ pkgs.chromium ] )
|
||||||
( createChromiumUser "gm" [ ] [ pkgs.chromium ] )
|
( createChromiumUser "fb" [ "audio" ] [ pkgs.chromium ] )
|
||||||
|
( createChromiumUser "gm" [ "audio" ] [ pkgs.chromium ] )
|
||||||
( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] )
|
( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] )
|
||||||
];
|
];
|
||||||
|
|
||||||
|
93
lass/2configs/cbase.nix
Normal file
93
lass/2configs/cbase.nix
Normal file
@ -0,0 +1,93 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (config.krebs.lib) genid;
|
||||||
|
|
||||||
|
in {
|
||||||
|
|
||||||
|
users.extraUsers = {
|
||||||
|
cbasevpn = rec {
|
||||||
|
name = "cbasevpn";
|
||||||
|
uid = genid "cbasevpn";
|
||||||
|
description = "user for running c-base openvpn";
|
||||||
|
home = "/home/${name}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.extraGroups.cbasevpn.gid = genid "cbasevpn";
|
||||||
|
|
||||||
|
services.openvpn.servers = {
|
||||||
|
c-base = {
|
||||||
|
config = ''
|
||||||
|
client
|
||||||
|
dev tap
|
||||||
|
proto tcp
|
||||||
|
remote vpn.ext.c-base.org 1194
|
||||||
|
resolv-retry infinite
|
||||||
|
nobind
|
||||||
|
user cbasevpn
|
||||||
|
group cbasevpn
|
||||||
|
persist-key
|
||||||
|
persist-tun
|
||||||
|
|
||||||
|
auth-nocache
|
||||||
|
#auth-user-pass
|
||||||
|
auth-user-pass ${toString <secrets/cbase.txt>}
|
||||||
|
|
||||||
|
comp-lzo
|
||||||
|
verb 3
|
||||||
|
|
||||||
|
#script-security 2
|
||||||
|
#up /etc/openvpn/update-resolv-conf
|
||||||
|
#down /etc/openvpn/update-resolv-conf
|
||||||
|
|
||||||
|
<ca>
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDUjCCArugAwIBAgIJAOOk8EXgjsf5MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV
|
||||||
|
BAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZj
|
||||||
|
LWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJ
|
||||||
|
ARYQYWRtYXhAYy1iYXNlLm9yZzAeFw0wOTAyMTMwOTE1MzdaFw0xOTAyMTEwOTE1
|
||||||
|
MzdaMHoxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGlu
|
||||||
|
MQ8wDQYDVQQKEwZjLWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEf
|
||||||
|
MB0GCSqGSIb3DQEJARYQYWRtYXhAYy1iYXNlLm9yZzCBnzANBgkqhkiG9w0BAQEF
|
||||||
|
AAOBjQAwgYkCgYEAt3wEgXbqFKxs8z/E4rv13hkRi6J+QdshNzntm7rTOmUsXKE7
|
||||||
|
IEwoJSglrmsDPv4UqE86A7bjW7YYSFjhzxFRkTEHJanyOCF48ZPItVl7Eq7T81co
|
||||||
|
uR+6lAhxnLDrwnPJCC83NzAa6lw8U1DsQRDkayKlrQrtZq6++pFFEvZvt1cCAwEA
|
||||||
|
AaOB3zCB3DAdBgNVHQ4EFgQUqkSbdXS90+HtqXDeAI+PcyTSSHEwgawGA1UdIwSB
|
||||||
|
pDCBoYAUqkSbdXS90+HtqXDeAI+PcyTSSHGhfqR8MHoxCzAJBgNVBAYTAkRFMQsw
|
||||||
|
CQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZjLWJhc2UxGzAZ
|
||||||
|
BgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJARYQYWRtYXhA
|
||||||
|
Yy1iYXNlLm9yZ4IJAOOk8EXgjsf5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
|
||||||
|
BQADgYEAOBANG1H4uEEWk3sbeQoSMeA3LFG1+6MgFGk2WAdeHYuV9GKYBq6/PLP5
|
||||||
|
ffw+FNkiDjLSeSQO88vHYJr2V1v8n/ZoCIT+1VBcDWXTpGz0YxDI1iBauO3tUPzK
|
||||||
|
wGs46RA/S0YwiZw64MaUHd88ZVadjKy9kNoO3w6/vpAS6s/Mh+o=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
</ca>
|
||||||
|
key-direction 1
|
||||||
|
<tls-auth>
|
||||||
|
#
|
||||||
|
# 2048 bit OpenVPN static key
|
||||||
|
#
|
||||||
|
-----BEGIN OpenVPN Static key V1-----
|
||||||
|
5d49aa8c9cec18de7ab6e0b5cd09a368
|
||||||
|
d3f1b8b77e055e448804fa0e14f487cb
|
||||||
|
491681742f96b54a23fb8639aa9ed14e
|
||||||
|
c40b86a5546b888c4f3873f23c956e87
|
||||||
|
169076ec869127ffc85353fd5928871c
|
||||||
|
da19776b79f723abb366fae6cdfe4ad6
|
||||||
|
7ef667b7d05a7b78dfd5ea1d2da276dc
|
||||||
|
5f6c82313fe9c1178c7256b8d1d081b0
|
||||||
|
4c80bc8f21add61fbc52c158579edc1d
|
||||||
|
bbde230afb9d0e531624ce289a17098a
|
||||||
|
3261f9144a9a2a6f0da4250c9eed4086
|
||||||
|
187ec6fa757a454de743a349e32af193
|
||||||
|
e9f8b49b010014bdfb3240d992f2f234
|
||||||
|
581d0ce05d4e07a2b588ad9b0555b704
|
||||||
|
9d5edc28efde59226ec8942feed690a1
|
||||||
|
2acd0c8bc9424d6074d0d495391023b6
|
||||||
|
-----END OpenVPN Static key V1-----
|
||||||
|
</tls-auth>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -187,13 +187,10 @@ let
|
|||||||
hackernews|https://news.ycombinator.com/rss|#news
|
hackernews|https://news.ycombinator.com/rss|#news
|
||||||
'';
|
'';
|
||||||
in {
|
in {
|
||||||
imports = [
|
|
||||||
../3modules/newsbot-js.nix
|
|
||||||
];
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
pkgs.newsbot-js
|
pkgs.newsbot-js
|
||||||
];
|
];
|
||||||
lass.newsbot-js = {
|
krebs.newsbot-js = {
|
||||||
enable = true;
|
enable = true;
|
||||||
ircServer = "localhost";
|
ircServer = "localhost";
|
||||||
feeds = newsfile;
|
feeds = newsfile;
|
||||||
|
@ -16,11 +16,13 @@
|
|||||||
enable = true;
|
enable = true;
|
||||||
connectTo = [
|
connectTo = [
|
||||||
"prism"
|
"prism"
|
||||||
"cloudkrebs"
|
|
||||||
"echelon"
|
|
||||||
"pigstarter"
|
"pigstarter"
|
||||||
"gum"
|
"gum"
|
||||||
"flap"
|
"flap"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
|
tinc = pkgs.tinc_pre;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,13 +1,42 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
customPlugins.mustang2 = pkgs.vimUtils.buildVimPlugin {
|
customPlugins = {
|
||||||
name = "Mustang2";
|
mustang2 = pkgs.vimUtils.buildVimPlugin {
|
||||||
src = pkgs.fetchFromGitHub {
|
name = "Mustang2";
|
||||||
owner = "croaker";
|
src = pkgs.fetchFromGitHub {
|
||||||
repo = "mustang-vim";
|
owner = "croaker";
|
||||||
rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5";
|
repo = "mustang-vim";
|
||||||
sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67";
|
rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5";
|
||||||
|
sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
unimpaired = pkgs.vimUtils.buildVimPlugin {
|
||||||
|
name = "unimpaired-vim";
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "tpope";
|
||||||
|
repo = "vim-unimpaired";
|
||||||
|
rev = "11dc568dbfd7a56866a4354c737515769f08e9fe";
|
||||||
|
sha256 = "1an941j5ckas8l3vkfhchdzjwcray16229rhv3a1d4pbxifwshi8";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
brogrammer = pkgs.vimUtils.buildVimPlugin {
|
||||||
|
name = "brogrammer";
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "marciomazza";
|
||||||
|
repo = "vim-brogrammer-theme";
|
||||||
|
rev = "3e412d8e8909d8d89eb5a4cbe955b5bc0833a3c3";
|
||||||
|
sha256 = "0am1qk8ls74z5ipgf9viacayq08y9i9vd7sxxiivwgsjh2ancbv6";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
file-line = pkgs.vimUtils.buildVimPlugin {
|
||||||
|
name = "file-line";
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "bogado";
|
||||||
|
repo = "file-line";
|
||||||
|
rev = "f9ffa1879ad84ce4a386110446f395bc1795b72a";
|
||||||
|
sha256 = "173n47w9zd01rcyrrmm194v79xq7d1ggzr19n1lsxrqfgr2c1rvk";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -23,7 +52,7 @@ in {
|
|||||||
syntax on
|
syntax on
|
||||||
" TODO autoload colorscheme file
|
" TODO autoload colorscheme file
|
||||||
set background=dark
|
set background=dark
|
||||||
colorscheme mustang
|
colorscheme brogrammer
|
||||||
filetype off
|
filetype off
|
||||||
filetype plugin indent on
|
filetype plugin indent on
|
||||||
|
|
||||||
@ -56,7 +85,8 @@ in {
|
|||||||
vnoremap < <gv
|
vnoremap < <gv
|
||||||
vnoremap > >gv
|
vnoremap > >gv
|
||||||
|
|
||||||
nmap <esc>q :buffer
|
nmap <esc>q :buffer
|
||||||
|
|
||||||
|
|
||||||
"Tabwidth
|
"Tabwidth
|
||||||
set ts=2 sts=2 sw=2 et
|
set ts=2 sts=2 sw=2 et
|
||||||
@ -105,11 +135,26 @@ in {
|
|||||||
|
|
||||||
"esc timeout
|
"esc timeout
|
||||||
set timeoutlen=1000 ttimeoutlen=0
|
set timeoutlen=1000 ttimeoutlen=0
|
||||||
|
|
||||||
|
"foldfunctions
|
||||||
|
inoremap <F9> <C-O>za
|
||||||
|
nnoremap <F9> za
|
||||||
|
onoremap <F9> <C-C>za
|
||||||
|
vnoremap <F9> zf
|
||||||
'';
|
'';
|
||||||
|
|
||||||
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
|
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
|
||||||
vimrcConfig.vam.pluginDictionaries = [
|
vimrcConfig.vam.pluginDictionaries = [
|
||||||
{ names = [ "Gundo" "commentary" "mustang2" ]; }
|
{ names = [
|
||||||
|
"brogrammer"
|
||||||
|
"commentary"
|
||||||
|
"extradite"
|
||||||
|
"file-line"
|
||||||
|
"fugitive"
|
||||||
|
"Gundo"
|
||||||
|
"mustang2"
|
||||||
|
"unimpaired"
|
||||||
|
]; }
|
||||||
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
|
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -1,14 +1,17 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
let
|
||||||
krebs.per-user.chat.packages = [
|
inherit (config.krebs.lib) genid;
|
||||||
pkgs.weechat
|
in {
|
||||||
pkgs.tmux
|
krebs.per-user.chat.packages = with pkgs; [
|
||||||
|
mosh
|
||||||
|
tmux
|
||||||
|
weechat
|
||||||
];
|
];
|
||||||
|
|
||||||
users.extraUsers.chat = {
|
users.extraUsers.chat = {
|
||||||
home = "/home/chat";
|
home = "/home/chat";
|
||||||
uid = lib.genid "chat";
|
uid = genid "chat";
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
|
@ -52,6 +52,7 @@ let
|
|||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
requires = [ "xserver.service" ];
|
requires = [ "xserver.service" ];
|
||||||
environment = xmonad-environment;
|
environment = xmonad-environment;
|
||||||
|
restartIfChanged = false;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${xmonad-start}/bin/xmonad";
|
ExecStart = "${xmonad-start}/bin/xmonad";
|
||||||
ExecStop = "${xmonad-stop}/bin/xmonad-stop";
|
ExecStop = "${xmonad-stop}/bin/xmonad-stop";
|
||||||
|
@ -54,10 +54,6 @@
|
|||||||
|
|
||||||
#eval $( dircolors -b ~/.LS_COLORS )
|
#eval $( dircolors -b ~/.LS_COLORS )
|
||||||
|
|
||||||
#exports
|
|
||||||
export EDITOR='vim'
|
|
||||||
export MANPAGER='most'
|
|
||||||
export PAGER='vim -R -'
|
|
||||||
# export MANPAGER='sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | vim -R -c "set ft=man nonu nomod nolist" -'
|
# export MANPAGER='sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | vim -R -c "set ft=man nonu nomod nolist" -'
|
||||||
|
|
||||||
#beautiful colors
|
#beautiful colors
|
||||||
|
@ -3,7 +3,6 @@ _:
|
|||||||
imports = [
|
imports = [
|
||||||
./xresources.nix
|
./xresources.nix
|
||||||
./folderPerms.nix
|
./folderPerms.nix
|
||||||
./newsbot-js.nix
|
|
||||||
./per-user.nix
|
./per-user.nix
|
||||||
./urxvtd.nix
|
./urxvtd.nix
|
||||||
./xresources.nix
|
./xresources.nix
|
||||||
|
@ -45,24 +45,6 @@ let
|
|||||||
instanceid = mkOption {
|
instanceid = mkOption {
|
||||||
type = str;
|
type = str;
|
||||||
};
|
};
|
||||||
ssl = mkOption {
|
|
||||||
type = with types; submodule ({
|
|
||||||
options = {
|
|
||||||
enable = mkEnableOption "ssl";
|
|
||||||
certificate = mkOption {
|
|
||||||
type = str;
|
|
||||||
};
|
|
||||||
certificate_key = mkOption {
|
|
||||||
type = str;
|
|
||||||
};
|
|
||||||
ciphers = mkOption {
|
|
||||||
type = str;
|
|
||||||
default = "AES128+EECDH:AES128+EDH";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
});
|
|
||||||
default = {};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}));
|
}));
|
||||||
default = {};
|
default = {};
|
||||||
@ -72,7 +54,7 @@ let
|
|||||||
group = config.services.nginx.group;
|
group = config.services.nginx.group;
|
||||||
|
|
||||||
imp = {
|
imp = {
|
||||||
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: {
|
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: {
|
||||||
server-names = [
|
server-names = [
|
||||||
"${domain}"
|
"${domain}"
|
||||||
"www.${domain}"
|
"www.${domain}"
|
||||||
@ -116,16 +98,7 @@ let
|
|||||||
|
|
||||||
error_page 403 /core/templates/403.php;
|
error_page 403 /core/templates/403.php;
|
||||||
error_page 404 /core/templates/404.php;
|
error_page 404 /core/templates/404.php;
|
||||||
${if ssl.enable then ''
|
|
||||||
ssl_certificate ${ssl.certificate};
|
|
||||||
ssl_certificate_key ${ssl.certificate_key};
|
|
||||||
'' else ""}
|
|
||||||
'';
|
'';
|
||||||
listen = (if ssl.enable then
|
|
||||||
[ "80" "443 ssl" ]
|
|
||||||
else
|
|
||||||
"80"
|
|
||||||
);
|
|
||||||
});
|
});
|
||||||
services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: ''
|
services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: ''
|
||||||
listen = ${folder}/phpfpm.pool
|
listen = ${folder}/phpfpm.pool
|
||||||
|
@ -42,10 +42,6 @@ let
|
|||||||
certificate_key = mkOption {
|
certificate_key = mkOption {
|
||||||
type = str;
|
type = str;
|
||||||
};
|
};
|
||||||
ciphers = mkOption {
|
|
||||||
type = str;
|
|
||||||
default = "AES128+EECDH:AES128+EDH";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
default = {};
|
default = {};
|
||||||
@ -74,16 +70,7 @@ let
|
|||||||
deny all;
|
deny all;
|
||||||
'')
|
'')
|
||||||
];
|
];
|
||||||
|
inherit ssl;
|
||||||
listen = (if ssl.enable then
|
|
||||||
[ "80" "443 ssl" ]
|
|
||||||
else
|
|
||||||
"80"
|
|
||||||
);
|
|
||||||
extraConfig = (if ssl.enable then ''
|
|
||||||
ssl_certificate ${ssl.certificate};
|
|
||||||
ssl_certificate_key ${ssl.certificate_key};
|
|
||||||
'' else "");
|
|
||||||
|
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
13
lass/5pkgs/acronym/default.nix
Normal file
13
lass/5pkgs/acronym/default.nix
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
pkgs.writeScriptBin "acronym" ''
|
||||||
|
#! ${pkgs.bash}/bin/bash
|
||||||
|
|
||||||
|
acro=$1
|
||||||
|
|
||||||
|
curl -s http://www.acronymfinder.com/$acro.html \
|
||||||
|
| grep 'class="result-list__body__rank"' \
|
||||||
|
| sed 's/.*title="\([^"]*\)".*/\1/' \
|
||||||
|
| sed 's/^.* - //' \
|
||||||
|
| sed "s/'/'/g"
|
||||||
|
''
|
@ -2,14 +2,16 @@
|
|||||||
|
|
||||||
{
|
{
|
||||||
nixpkgs.config.packageOverrides = rec {
|
nixpkgs.config.packageOverrides = rec {
|
||||||
|
acronym = pkgs.callPackage ./acronym/default.nix {};
|
||||||
firefoxPlugins = {
|
firefoxPlugins = {
|
||||||
noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {};
|
noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {};
|
||||||
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
|
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
|
||||||
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
|
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
|
||||||
};
|
};
|
||||||
newsbot-js = pkgs.callPackage ./newsbot-js/default.nix {};
|
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
|
||||||
xmonad-lass =
|
xmonad-lass =
|
||||||
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
|
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
|
||||||
pkgs.haskellPackages.callPackage src {};
|
pkgs.haskellPackages.callPackage src {};
|
||||||
|
yt-next = pkgs.callPackage ./yt-next/default.nix {};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
40
lass/5pkgs/mpv-poll/default.nix
Normal file
40
lass/5pkgs/mpv-poll/default.nix
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
pkgs.writeScriptBin "mpv-poll" ''
|
||||||
|
#! ${pkgs.bash}/bin/bash
|
||||||
|
|
||||||
|
pl=$1
|
||||||
|
hist=''${HISTORY:-"./mpv_history"}
|
||||||
|
mpv_options=''${MPV_OPTIONS:-""}
|
||||||
|
|
||||||
|
lastYT=""
|
||||||
|
|
||||||
|
play_video () {
|
||||||
|
toPlay=$1
|
||||||
|
echo $toPlay >> $hist
|
||||||
|
mpv $mpv_options $toPlay
|
||||||
|
}
|
||||||
|
|
||||||
|
if ! [ -e $hist ]; then
|
||||||
|
touch $hist
|
||||||
|
fi
|
||||||
|
|
||||||
|
while :
|
||||||
|
do
|
||||||
|
if [ -s $pl ]; then
|
||||||
|
toPlay=$(head -1 $pl)
|
||||||
|
sed -i '1d' $pl
|
||||||
|
if $(echo $toPlay | grep -Eq 'https?://(www.)?youtube.com/watch'); then
|
||||||
|
lastYT=$toPlay
|
||||||
|
fi
|
||||||
|
play_video $toPlay
|
||||||
|
else
|
||||||
|
if [ -n "$lastYT" ]; then
|
||||||
|
next=$(yt-next $lastYT)
|
||||||
|
lastYT=$next
|
||||||
|
play_video $next
|
||||||
|
fi
|
||||||
|
sleep 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
''
|
13
lass/5pkgs/yt-next/default.nix
Normal file
13
lass/5pkgs/yt-next/default.nix
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
pkgs.writeScriptBin "yt-next" ''
|
||||||
|
#! ${pkgs.bash}/bin/bash
|
||||||
|
|
||||||
|
vid=$1
|
||||||
|
num=''${NUM:-1}
|
||||||
|
|
||||||
|
curl -Ls $1 \
|
||||||
|
| grep 'href="/watch?v=' \
|
||||||
|
| head -n$num \
|
||||||
|
| sed 's,.*href="\([^"]*\)".*,https://youtube.com\1,'
|
||||||
|
''
|
@ -1,17 +1,51 @@
|
|||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
with config.krebs.lib;
|
with config.krebs.lib;
|
||||||
{
|
let
|
||||||
|
byid = dev: "/dev/disk/by-id/" + dev;
|
||||||
|
rootDisk = byid "ata-ADATA_SSD_S599_64GB_10460000000000000039";
|
||||||
|
auxDisk = byid "ata-HGST_HTS721010A9E630_JR10006PH3A02F";
|
||||||
|
dataPartition = auxDisk + "-part1";
|
||||||
|
|
||||||
|
allDisks = [ rootDisk auxDisk ];
|
||||||
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
../2configs/fs/single-partition-ext4.nix
|
../.
|
||||||
../2configs/zsh-user.nix
|
../2configs/fs/single-partition-ext4.nix
|
||||||
../.
|
../2configs/zsh-user.nix
|
||||||
|
../2configs/smart-monitor.nix
|
||||||
|
../2configs/exim-retiolum.nix
|
||||||
|
../2configs/virtualization.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
networking.firewall.allowedUDPPorts = [ 80 655 67 ];
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 655 ];
|
||||||
|
networking.firewall.checkReversePath = false;
|
||||||
|
#networking.firewall.enable = false;
|
||||||
|
# virtualisation.nova.enableSingleNode = true;
|
||||||
krebs.retiolum.enable = true;
|
krebs.retiolum.enable = true;
|
||||||
|
|
||||||
boot.loader.grub.device = "/dev/disk/by-id/ata-ADATA_SSD_S599_64GB_10460000000000000039";
|
boot.kernelModules = [ "coretemp" "f71882fg" ];
|
||||||
|
|
||||||
|
hardware.enableAllFirmware = true;
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
networking.wireless.enable = true;
|
||||||
|
|
||||||
|
# TODO smartd omo darth gum all-in-one
|
||||||
|
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
||||||
|
zramSwap.enable = true;
|
||||||
|
|
||||||
|
fileSystems."/data" = {
|
||||||
|
device = dataPartition;
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.loader.grub.device = rootDisk;
|
||||||
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
config.krebs.users.makefu-omo.pubkey
|
config.krebs.users.makefu-omo.pubkey
|
||||||
|
config.krebs.users.makefu-vbob.pubkey
|
||||||
];
|
];
|
||||||
|
|
||||||
|
krebs.build.host = config.krebs.hosts.darth;
|
||||||
}
|
}
|
||||||
|
@ -41,9 +41,16 @@ in {
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
krebs.nginx.servers.cgit.server-names = [
|
krebs.nginx.servers.cgit = {
|
||||||
"cgit.euer.krebsco.de"
|
server-names = [ "cgit.euer.krebsco.de" ];
|
||||||
];
|
listen = [ "${external-ip}:80" "${internal-ip}:80" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# access
|
||||||
|
users.users = {
|
||||||
|
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
|
||||||
|
makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
|
||||||
|
};
|
||||||
|
|
||||||
# Chat
|
# Chat
|
||||||
environment.systemPackages = with pkgs;[
|
environment.systemPackages = with pkgs;[
|
||||||
|
@ -11,7 +11,7 @@ let
|
|||||||
# cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
|
# cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
|
||||||
# cryptsetup luksAddKey $dev tmpkey
|
# cryptsetup luksAddKey $dev tmpkey
|
||||||
# cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096
|
# cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096
|
||||||
# mkfs.ext4 /dev/mapper/crypt0 -L crypt0 -T largefile
|
# mkfs.xfs /dev/mapper/crypt0 -L crypt0
|
||||||
|
|
||||||
# omo Chassis:
|
# omo Chassis:
|
||||||
# __FRONT_
|
# __FRONT_
|
||||||
@ -30,6 +30,8 @@ let
|
|||||||
cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
|
cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
|
||||||
# cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
|
# cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
|
||||||
# all physical disks
|
# all physical disks
|
||||||
|
|
||||||
|
# TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
|
||||||
allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk2 ];
|
allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk2 ];
|
||||||
in {
|
in {
|
||||||
imports =
|
imports =
|
||||||
@ -42,16 +44,21 @@ in {
|
|||||||
../2configs/smart-monitor.nix
|
../2configs/smart-monitor.nix
|
||||||
../2configs/mail-client.nix
|
../2configs/mail-client.nix
|
||||||
../2configs/share-user-sftp.nix
|
../2configs/share-user-sftp.nix
|
||||||
|
../2configs/graphite-standalone.nix
|
||||||
../2configs/omo-share.nix
|
../2configs/omo-share.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.retiolum.enable = true;
|
krebs.retiolum.enable = true;
|
||||||
networking.firewall.trustedInterfaces = [ "enp3s0" ];
|
networking.firewall.trustedInterfaces = [ "enp3s0" ];
|
||||||
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
|
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
|
||||||
# tcp:80 - nginx for sharing files
|
# tcp:80 - nginx for sharing files
|
||||||
# tcp:655 udp:655 - tinc
|
# tcp:655 udp:655 - tinc
|
||||||
# tcp:8080 - sabnzbd
|
# tcp:8111 - graphite
|
||||||
|
# tcp:9090 - sabnzbd
|
||||||
|
# tcp:9200 - elasticsearch
|
||||||
|
# tcp:5601 - kibana
|
||||||
networking.firewall.allowedUDPPorts = [ 655 ];
|
networking.firewall.allowedUDPPorts = [ 655 ];
|
||||||
networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
|
networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ];
|
||||||
|
|
||||||
# services.openssh.allowSFTP = false;
|
# services.openssh.allowSFTP = false;
|
||||||
|
|
||||||
|
@ -36,7 +36,11 @@
|
|||||||
#../2configs/wordpress.nix
|
#../2configs/wordpress.nix
|
||||||
../2configs/nginx/public_html.nix
|
../2configs/nginx/public_html.nix
|
||||||
];
|
];
|
||||||
|
krebs.nginx = {
|
||||||
|
default404 = false;
|
||||||
|
servers.default.listen = [ "80 default_server" ];
|
||||||
|
servers.default.server-names = [ "_" ];
|
||||||
|
};
|
||||||
krebs.retiolum.enable = true;
|
krebs.retiolum.enable = true;
|
||||||
# steam
|
# steam
|
||||||
hardware.opengl.driSupport32Bit = true;
|
hardware.opengl.driSupport32Bit = true;
|
||||||
|
@ -15,11 +15,6 @@
|
|||||||
];
|
];
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
krebs.build.source.upstream-nixpkgs = {
|
|
||||||
url = https://github.com/makefu/nixpkgs;
|
|
||||||
# HTTP Everywhere + libredir
|
|
||||||
rev = "8239ac6";
|
|
||||||
};
|
|
||||||
fileSystems."/nix" = {
|
fileSystems."/nix" = {
|
||||||
device ="/dev/disk/by-label/nixstore";
|
device ="/dev/disk/by-label/nixstore";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
|
@ -10,16 +10,6 @@
|
|||||||
#
|
#
|
||||||
# if this is not enough, check out main-laptop.nix
|
# if this is not enough, check out main-laptop.nix
|
||||||
|
|
||||||
## TODO: .Xdefaults:
|
|
||||||
# URxvt*termName: rxvt
|
|
||||||
# URxvt.scrollBar : false
|
|
||||||
# URxvt*scrollBar_right: false
|
|
||||||
# URxvt*borderLess: false
|
|
||||||
# URxvt.foreground: white
|
|
||||||
# URxvt.background: black
|
|
||||||
# URxvt.urgentOnBell: true
|
|
||||||
# URxvt.visualBell: false
|
|
||||||
# URxvt.font : xft:Terminus
|
|
||||||
|
|
||||||
with config.krebs.lib;
|
with config.krebs.lib;
|
||||||
let
|
let
|
||||||
@ -83,7 +73,9 @@ in
|
|||||||
XTerm*FaceName : Terminus:pixelsize=14
|
XTerm*FaceName : Terminus:pixelsize=14
|
||||||
|
|
||||||
URxvt*termName: rxvt
|
URxvt*termName: rxvt
|
||||||
URxvt.scrollBar : False
|
URxvt*saveLines: 10000
|
||||||
|
URxvt*loginShell: false
|
||||||
|
URxvt.scrollBar : false
|
||||||
URxvt*scrollBar_right: false
|
URxvt*scrollBar_right: false
|
||||||
URxvt*borderLess: false
|
URxvt*borderLess: false
|
||||||
URxvt.foreground: white
|
URxvt.foreground: white
|
||||||
|
@ -125,6 +125,7 @@ with config.krebs.lib;
|
|||||||
|
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
nano = pkgs.runCommand "empty" {} "mkdir -p $out";
|
nano = pkgs.runCommand "empty" {} "mkdir -p $out";
|
||||||
|
tinc = pkgs.tinc_pre;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.cron.enable = false;
|
services.cron.enable = false;
|
||||||
|
@ -19,7 +19,7 @@ with config.krebs.lib;
|
|||||||
"/home" = {
|
"/home" = {
|
||||||
device = "/dev/mapper/main-home";
|
device = "/dev/mapper/main-home";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
options="defaults,discard";
|
options = [ "defaults" "discard" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -18,12 +18,12 @@ with config.krebs.lib;
|
|||||||
"/" = {
|
"/" = {
|
||||||
device = "/dev/mapper/luksroot";
|
device = "/dev/mapper/luksroot";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
options="defaults,discard";
|
options = [ "defaults" "discard" ];
|
||||||
};
|
};
|
||||||
"/boot" = {
|
"/boot" = {
|
||||||
device = "/dev/disk/by-label/nixboot";
|
device = "/dev/disk/by-label/nixboot";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
options="defaults,discard";
|
options = [ "defaults" "discard" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -23,6 +23,7 @@ with config.krebs.lib;
|
|||||||
services.tlp.enable = true;
|
services.tlp.enable = true;
|
||||||
services.tlp.extraConfig = ''
|
services.tlp.extraConfig = ''
|
||||||
START_CHARGE_THRESH_BAT0=80
|
START_CHARGE_THRESH_BAT0=80
|
||||||
|
STOP_CHARGE_THRESH_BAT0=95
|
||||||
|
|
||||||
CPU_SCALING_GOVERNOR_ON_AC=performance
|
CPU_SCALING_GOVERNOR_ON_AC=performance
|
||||||
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
|
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
|
||||||
|
@ -7,7 +7,7 @@ with config.krebs.lib;
|
|||||||
gnupg
|
gnupg
|
||||||
imapfilter
|
imapfilter
|
||||||
msmtp
|
msmtp
|
||||||
mutt-kz
|
mutt
|
||||||
notmuch
|
notmuch
|
||||||
offlineimap
|
offlineimap
|
||||||
openssl
|
openssl
|
||||||
|
15
makefu/2configs/nginx/public_html.nix
Normal file
15
makefu/2configs/nginx/public_html.nix
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
{ config, lib, ... }:
|
||||||
|
|
||||||
|
with config.krebs.lib;
|
||||||
|
|
||||||
|
{
|
||||||
|
krebs.nginx = {
|
||||||
|
enable = true;
|
||||||
|
servers.default.locations = [
|
||||||
|
(nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
|
||||||
|
alias /home/$1/public_html$2;
|
||||||
|
autoindex on;
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
@ -48,6 +48,13 @@ in {
|
|||||||
browseable = "yes";
|
browseable = "yes";
|
||||||
"guest ok" = "yes";
|
"guest ok" = "yes";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
emu = {
|
||||||
|
path = "/media/crypt1/emu";
|
||||||
|
"read only" = "yes";
|
||||||
|
browseable = "yes";
|
||||||
|
"guest ok" = "yes";
|
||||||
|
};
|
||||||
usenet = {
|
usenet = {
|
||||||
path = "/media/crypt0/usenet/dst";
|
path = "/media/crypt0/usenet/dst";
|
||||||
"read only" = "yes";
|
"read only" = "yes";
|
||||||
|
30
makefu/4lib/default.nix
Normal file
30
makefu/4lib/default.nix
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
{ config, lib, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
addDefaultTime = bku-entry: recursiveUpdate {
|
||||||
|
snapshots = {
|
||||||
|
daily = { format = "%Y-%m-%d"; retain = 7; };
|
||||||
|
weekly = { format = "%YW%W"; retain = 4; };
|
||||||
|
monthly = { format = "%Y-%m"; retain = 12; };
|
||||||
|
yearly = { format = "%Y"; };
|
||||||
|
};
|
||||||
|
startAt = "5:23";
|
||||||
|
} bku-entry;
|
||||||
|
|
||||||
|
backup-host = config.krebs.hosts.omo;
|
||||||
|
backup-path = "/media/backup";
|
||||||
|
in {
|
||||||
|
bku = {
|
||||||
|
inherit addDefaultTime;
|
||||||
|
simplePath = addDefaultTime (path: {
|
||||||
|
method = "pull";
|
||||||
|
src = { host = config.krebs.build.host; inherit path; };
|
||||||
|
dst = {
|
||||||
|
host = backup-host;
|
||||||
|
path = backup-path ++ config.krebs.build.host.name
|
||||||
|
++ builtins.replaceStrings ["/"] ["-"] path;
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
|
}
|
@ -10,8 +10,8 @@ with pkgs.pythonPackages;buildPythonPackage rec {
|
|||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "makefu";
|
owner = "makefu";
|
||||||
repo = "mycube-flask";
|
repo = "mycube-flask";
|
||||||
rev = "5f5260a";
|
rev = "48dc6857";
|
||||||
sha256 = "1jx0h81nlmi1xry2vw46rvsanq0sdca6hlq31lhh7klqrg885hgh";
|
sha256 = "1ax1vz6m5982l1mmp9vmywn9nw9p9h4m3ss74zazyspxq1wjim0v";
|
||||||
};
|
};
|
||||||
meta = {
|
meta = {
|
||||||
homepage = https://github.com/makefu/mycube-flask;
|
homepage = https://github.com/makefu/mycube-flask;
|
||||||
|
Loading…
Reference in New Issue
Block a user