Merge remote-tracking branch 'gum/master'

This commit is contained in:
tv 2016-04-07 20:29:33 +02:00
commit e1a287c78b
46 changed files with 683 additions and 172 deletions

View File

@ -21,6 +21,7 @@ let
./go.nix
./iptables.nix
./lib.nix
./newsbot-js.nix
./nginx.nix
./nixpkgs.nix
./on-failure.nix

View File

@ -19,6 +19,7 @@ with config.krebs.lib;
addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"];
aliases = [
"dishfire.retiolum"
"dishfire.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@ -50,8 +51,10 @@ with config.krebs.lib;
addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f763"];
aliases = [
"echelon.retiolum"
"echelon.r"
"cgit.echelon.retiolum"
"go.retiolum"
"go.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@ -83,6 +86,7 @@ with config.krebs.lib;
addrs6 = ["42:0000:0000:0000:0000:0000:0000:15ab"];
aliases = [
"prism.retiolum"
"prism.r"
"cgit.prism.retiolum"
];
tinc.pubkey = ''
@ -114,6 +118,7 @@ with config.krebs.lib;
addrs6 = ["42:422a:194f:ff3b:e196:2f82:5cf5:bc00"];
aliases = [
"fastpoke.retiolum"
"fastpoke.r"
"cgit.fastpoke.retiolum"
];
tinc.pubkey = ''
@ -128,6 +133,7 @@ with config.krebs.lib;
'';
};
};
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRyEogeejET/UlqYYzrla3W2xG771oLK8uTFsVlVQFes4/c++Pp3KryJ/+avb/FQGlUb5YTO2SViZyAPTyw3Anv/8wxryB6ExDcfiiPL9D4Kgk559Gc1C+8vJu3Se3zB9huefllhdwsVkeFrInyWRarH3LNSbBq1TH2Rw/T4wyDVILu/QFxyqECdNzi6sufQ/92rEi3oDqlMbS8f45nbVm9CJpdn7ATwLW1PoBrrYkGll3P7ggOmR45rgldTVCLq3rIrIooiOaOhY1Leq+/sBeDa7fVeRFxFaLGYb9KFjQ4x2kL+3dDv0r726wKhrMQX75g/+Hqkv2di4/AGETI71b";
};
cloudkrebs = {
cores = 1;
@ -144,6 +150,7 @@ with config.krebs.lib;
addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f762"];
aliases = [
"cloudkrebs.retiolum"
"cloudkrebs.r"
"cgit.cloudkrebs.retiolum"
];
tinc.pubkey = ''
@ -173,6 +180,7 @@ with config.krebs.lib;
addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"];
aliases = [
"uriel.retiolum"
"uriel.r"
"cgit.uriel.retiolum"
];
tinc.pubkey = ''
@ -203,6 +211,7 @@ with config.krebs.lib;
addrs6 = ["42:0:0:0:0:0:0:dea7"];
aliases = [
"mors.retiolum"
"mors.r"
"cgit.mors.retiolum"
];
tinc.pubkey = ''
@ -229,6 +238,7 @@ with config.krebs.lib;
addrs6 = ["42:0:0:0:0:0:0:7105"];
aliases = [
"helios.retiolum"
"helios.r"
"cgit.helios.retiolum"
];
tinc.pubkey = ''
@ -253,6 +263,7 @@ with config.krebs.lib;
lass = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
mail = "lass@mors.retiolum";
pgp.pubkeys.default = builtins.readFile ./default.pgp;
};
lass-uriel = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";

View File

@ -0,0 +1,52 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQINBFSZ3/oBEADYvRPoLdDkASIArXyWR5ccugJQURxMDgphAGrvj6qskSkn0chF
gnc/kcQr4aVTaDFdonSyHjYvspDOZm5BgHAICCu1PL8rkMTGS+vHM5dlwnok6IKy
e2aLjLPq5sHyp4+Zeq1eHe5TQ1cgN0cPdMMnEHd8GQke21pRQ5Vz79s8qRfWlt1Y
+OQ5uY/52iZ9qJ11/N4bPPe/Zm63sRTpGw14i8UCgBAsMQOG1XPUX2/IJc1CC9+1
Ohn/hPCbIdCbwOs7/HFFMRWmV6w4ul9gr7Js0owkWAS8FNOactS2i2SSwdONetKs
UbCVQ1PubPBZvh2Vij/oUBK5BvfNDR6nRYhOjYbt6PW/Q6bjqGecjnlO98dpcqag
+8bdl1JY9FpE4RzfuRgAFjVbtNztrmm9t6EuOHGZ5ec34TG9+i02ixh0YTEDK/Yt
my2MfIbGUbeIYRKJscqgxKkL6nv4x0lOvs8nDiUmqztGdSdTGni+BAWZz3+1xaJH
DTyQ36qYauBb5FWneRTBeagrDOAvvk/WxS+fMFZpnQovevOQBqxEL62fntikmMFn
ddPgq7R1VPdivvr+BO8yMI8i45Vn9EzIJR02WAp7oAsT966yzopVT4JLT8++CVPh
/VBrFID9yRyWjW5IJPsMsOt7z3UJaP08ua0UG4uVqo6dT6IdR8jKKxYdvwARAQAB
tCBsYXNzdWx1cyA8bGFzc3VsdXNAYWlkc2JhbGxzLmRlPokCPQQTAQoAJwUCVJnf
+gIbAwUJBaOagAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRAyqvthRFEnnviI
D/95QdNgttsly9CUeHKGfNGlJ2NgDepqob/VR2385q7cXCbFftRIsD0vaWYfsQ87
kbKs3fpeHz8teKqZtMnXYkPIaSK0TcoaqQtyfkmj+agP2YRSkNYonlmmCiCWkodP
2VnnmRUSwHcgxS14xsUHh13JXsU5nTHDAdJqOxUX6l6Lxb989h7Q8wTn5SX1XRVd
0U5P7fNXKvVF34J6uGyWraxQLOqJEEzi82F/61hbI6zVPhxu/R+qmiSqgHIlp0ax
u+8u3eyDVP1q95AMPaL1GsNYDcSl5njbkEbruSmjVcO99cD1ZLAODFJuaa+h/IvQ
HoPnFL3hRo0SHt/RimokboJL7nx5jT/0y+FtGuPMVKUqiLApOfoeWeHWVKgMLV/0
1+O4jEDRMNSIClI2YHdgyuQPBuHkaYXrrpDpJnYDEz2qAiijx+xIAPzifxebuVFV
NQl/XnXlzTmYrt0GHfCrNZa/ZtsqQqnJSRpydjey+ATGgs+3Oqa6z8lHhYx83ST2
cGsUmSnzk0TnxXmqwWxb3aGA0kO50atrObWwNXud7n3hu4V0FWwfHXUk8gJxtMN6
IenjLcI0WyLwSKvTazF6GSgtUhwNgON88eiqLS8CWdop4CEyEUfxFoZeQoS72Yzq
4pSOYPnbRDcBn2zkYaWyCTmf9qvWbZOu0Sl2lfy9n5LiKrkCDQRUmd/6ARAAq+Mt
/9LohA9Qnz/GjE504h38G3USXgEV9/ctr2PXkc2onW67u45trLSYLyCK6kDq3VIN
/3uLt8Pr+IL41NntW1exRtqohVeKI38CCqR5RP9tVxLkyxnpA/SPpSvOjWhyBkph
MRXYta1+nBHwxSaPcc2e+15pk/cYgg0cTY7Nvgo+wL4bgI+b2OHwwIwRov/t4aim
0y63OaCG82NqWrX7i2ONaR8RsZ8RHLnC+TyFaoj0mdp+vp4WFwxbqcIq+Vvn1m5j
gPlkzXK4Yrykp2IULGuj+qZyS043FzZYhbxZoE85zIMtQ5gV/ktaP25+YsU1bwb9
75FQvdMM827bbOJJ67/l96asQNg1TMzosL8/t9xLPDry4YYu8kRIPZgKWvT0Eg1Q
AWzWJCXplTdPlhj660OCGuuyv/XJIbhqtBVZhIyR7gs6EZHZ6FHax7F41fEWGgSv
WVAMrjrnG4XYAyCP1yiW1i7/ogCzKXYvV42tzBFuPcza6jhBnU17w5E7nwYaEWgA
02Ai7aTK9WDAi8j8emQ8XppU9hqEILSvR5tG4R0YOAUbIUplIpnpf8KcEhNy48ei
MuhiTJBjPyu7bRJoZXvipNPjqhESGlvrcr1QKuEqPLRcfLo3DOt3zgxBqOZZGHKL
ckaud05wevMPK09F7taLgwBCHOmAxiMa5NQVjL8AEQEAAYkCJQQYAQoADwUCVJnf
+gIbDAUJBaOagAAKCRAyqvthRFEnngGYD/wP77ax6yczKT/AHEvqyMMRPigLHIHy
XIWt8uNKwbn1RTXuH9Nj1rtVuj7ck4jscNwmDYeT52ZDxHQjLHWgAG0CBq6afdBi
VwLur6M7jv0EwY/SMed+QD1+a59kiO8+difwLDF+Q50lYQ4fmSGsfdQ4Qxesm92r
Y1Q/xFg1K9MNZbItpzYTE4P+ii4kU5BnWwExX2OEhhlrNUjJhA30HvvUID6bsguq
Jl7mWnGpS5YYqPxiABNI++TzYXQvP95nWGROvdx2vSPuJ756S8VJ81LL7BmQyQzq
8S/ciHjmgtgLRyncqqXl1uJBqtK+50vEFHxJrANdDNzD+K4S7+23DpRsmEl/2ECQ
laGsU6HtYbnr+hc1alE4uNMEN1/a75EFI59BISnUm8jIy1nLhcIXMhFh4JuG7kGk
2ePa4Gv2DafMR8N0WYPIhP3LIIDP0s9gv2QSA+5BmI9OhZDkz9Ubuut1+PMfWCXm
aNmF2Bh8puTffsFxGJSiQ4CXDzuNRqMR5wB0OCnB/WAnuZhRAJhXmgR8FJY+EvTN
PcA1QZIZ0hQGVf8eJ5Gx4W1w2Q6mQCGnCy1XtEkZP0BOP0Or5CMtqP/VSuwaF4wh
4FLYTOLZ7oDr2ErK/bhnpuoPoUU0y3n7AG/nhtmqenlMPLWB246XnEoJMb6Ar8vW
It6jrzDh3+COSQ==
=0gFT
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -0,0 +1,51 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQINBFXn/k4BEACmXMbhoAKsMC/gFqBrQq2mgvo8+FnUe4F6JznVh7NiPH0PUdDw
jRnK2EEpD+NoDt3A0jtq6C+wnr1V+p/jYAPxRcvv8a7ym+xuA4sBIPrlW1fQIuWF
EjYnUVnN16Qa1xJiQQyEDeleAxgg0luOdqBZ0myT84a9O0deN8JM+zwqT/+sLY9c
2fVGNv496/mt7Ct294QbS6cfdR26r8PZ1Wfo8cr8UhFfFft0TE267HJdoJ8NBvH/
BSEcoaS3kaxk2YyOdAJ1RgEoQY2w1/jeZv5IUyO7azAQUhbqBK7nVbgUd2l3nf4v
qmgNvvtcAlccY6L2M8BR6TI4Yw2hfbLOHPVTNjFlMXXX/MDYFFF9+GqmYOjyy5dy
8m4qA4ZEoHG9XT+xsZAsHJRFPBacSp2ydoVdlkJsEQnabb78NXLusgBBxhOmvVHe
5SeIvsrpn83/aIeHpLUQbzUdK3osERZUBTp9Pr0+dB+UkqThjE3MPntKcawm4cGN
dXY6iNXH4gGPOjb5ed0OzDiRS2bVyb0/F2wYXvIPE2e0CwJ0io2rRT410HfpFkWD
OPENdlNYb6FCXc4fpGxdtFL0hE6RZqBvwQAN9iDkEj+DxEwUc+yyroFRI25y+T1z
68T0xqVfKXUqcOmsACKtjlQ5QcikCj8kC9bNDln7v1Q9argSEJXJDdf3cwARAQAB
tBhwdyB1c2VyIDxyb290QGxvY2FsaG9zdD6JAjgEEwECACIFAlXn/k4CGwMGCwkI
BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEDtOh4EJ4fmcIecP/1+HMD22wilyb3hQ
QLKz+Wx37ZM6w0p9o0lMEeeUpcYPtWeVBqID6vxmqFwIOU5LtkHiE0yO8AcW7TYx
14Ql3mPWd594fKXr04mN9RM9wTr09S0P4nqKuq0cR3x5s4C30DoKoUqt3ZKSZRW/
4suhvebfYiTjlE5joH4lZy7bMaH2HpvLacZXGcyH7cmYfLuZekf1kNXRDh40IgrH
uzsXFoflhLEZouKWiV3mWFo1iIckvTDrFNHuJj5oHP2D3J1RYdbPNP+5yOu/34mt
wPK/R6MxXY+zKWZWU59Ll5nx+2wUkIP/MaE9Ubx1W0UdeB4In/Y/HhV2fwd9DFsq
cbKofeDRblEdaaTjiqc1MjSxyhPplApgG4389gXX4vszAuyxBq6AecJobYkzmVek
EOJVVqDFoT+a70p5hWMP5nQV7dE3jyy1esm6cjF9iv0cRf/GqZAIiNdeo9av56OO
H5uwamTwcRrDsy4xWzowUfJDB+nJzlXw08aQRTfczCZ3n5hXvqqxuoweH08hfm/S
oa0gU95mCkHYbscaxjXnkEgbuvCiVRhDqd8rZpi5WxNV63zHIaoeXIPVJH0zswIJ
MT2LofWB8W8in48rmRvUdzZlm/++c/9+evNyNyAyOmdRk6fP0nHdRmuINyeKc67P
0BrVstk/cywbNbpNBt+2uUJCemBBuQINBFXn/k4BEADQYsT81uL8XE9homHLRai0
3Xo/gVe5lwXWouzzVImEQIICvmBCjdzA1nPfKvdBcFsBfOro6aefETq/cZeL16It
zJKhh2HDJ/7oCuJM0OufkwoSBwJ4f0I+0zXsPZV0+P1ijPaKunYW+YpoFm3z8rLc
iX/kxYRgo13jCNphL/TKOoq3ZTREzDcBk9QR8yLTV5i0j1qrlIsAx7iTv1jrC1L6
fBZm40+wn0ahz9IgBWWv588i+1f7ekKQBYXi9n2+hSfMQ0ebhW14xG72eXDzV14Q
Yra+FNMOCeKhmHH9PnVw0NkwRPbtL92ZySeFMHxhYnBPckqBUuEO12TXUMWA9fzj
rpBjJWEtCRCeaSLAe5Nzleb09NKO3z4ghwedef/Cz8XZ+XDIpE/1yTQy0lSuLosw
ScmwG9UPYxpWWqJmC+H6GQ0qQmCgmPYG8b20JvnqROmsLooC/xmf4seT8J+fYpKt
fkQiuOd8RecW+1jyfr7qy2S3roNgNl7hyzlIHmtGnn3rYC4uCe4VjosvcPmnXP6N
Jcck3dQnFxmE+/JS1zdH47nDGJsn5fFrArdfU9DLGjU/L7BJt99vIvif89B2FF/n
0cR7bLeY72P1oJw+tgrsjo9uaS9u9vk/J8+Rhf3TIqbHfFh7/42sdkgk3Mqha+Bn
wAOpUP3tjdDTwow9/2iYjQARAQABiQIfBBgBAgAJBQJV5/5OAhsMAAoJEDtOh4EJ
4fmcTy8P/03eVL9GoarIjwRxYY8U23fU4xNIypkNrjspjJHVRcKJFCyA2/R9toKf
0XGJIM2fwBo6beH0rinq8Xm8hrT/gFIWupuDLSTR/km0UD6CtfFOIt+5jw3c5mMR
u9DbSWAiRYGzQKYYZUy5mdMG/kokDRSm5D0lO+YnLZtpECZn/Zi5rPKzbGyMus+a
fm8a/eNko+Eg6j8FSYBm+d8SKYdoLJN3R7hYji7JuERMs+UZMsuriSAn2Af2Jn1I
hc7fiwotrMdNifyWCtYqiFvcrsm8K8EC2J0KsieydBHwCuamlqTrjqVejbITD8Jl
ghTGNHe/crP7/XKTjKva+1+VJAHDLylZgcArQSKa+SsWB/GoKB0x9UEWThJ1DLi4
j2GhNlCIYZtPBQMu3+2btDj0A3IUQp4aW0nd5+0zz0H7JVrl+pI37uUxTiXCZG9X
fjXrcP3niJhraHTG8mWD1v8+cG3NXpv/IZN82Z+sQlpabwjpybag2CeTfhEoFtEl
V6ez9wpgBKeDsLDLOB8VRgpsikw9f6H8GAUZe2PjKUwiDtptqa37nU+3A6wPiO2s
AWT/7D6vhMpDncp7E9DcsmsU9LNt7D+ISqi4uLKYJcfmqbJOui2YFo3zsYP8TqQD
JTZ1lSpFpipJpi6mAzQUS4P3H+aUjeW/LWiSS/YNmGIOAUeB6Y3c
=rEQB
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -89,19 +89,14 @@ with config.krebs.lib;
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
MIIBCgKCAQEAnztrijsfao+fmNtwAjqwIDKsRaMP3ECsq2T2zqKvxwCyXk69G9bG
RFhWjgaawS9ZhnHSlgWK/vtoR0O9NxpzdU/mvdQijbVGxM02DegjO9qDSIe8EGmA
kscW4nDqYtw4rtjOVPfnNiWXbcWD8eiYR0kcSWmSvfOpVvdhTETqduTx5HRHyEFD
JRQYR/tJSvVWXmM670PENAPNJFJ4VSJR60s5A+bFT7J/uw7HzJXX28LygJz73Dj2
2a4ev0WcZQngLq072h/91R/TOpg+ogUDVhXkQtKyFj7im0287JTL4bXGofZBhzaf
+h9dFGs1QLoNyhG/cgt9fog7boSXTelAiQIDAQAB
-----END RSA PUBLIC KEY-----
'';
'';
};
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
@ -548,6 +543,29 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
senderechner = rec {
cores = 2;
nets = {
retiolum = {
addrs4 = ["10.243.0.163"];
addrs6 = ["42:b67b:5752:a730:5f28:d80d:6b37:5bda/128"];
aliases = [
"senderechner.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7
lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X
rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL
inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT
BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO
OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
muhbaasu = rec {
cores = 1;
nets = {
@ -582,17 +600,19 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
makefu = {
mail = "makefu@pornocauster.retiolum";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster";
pgp.pubkeys.default = builtins.readFile ./default.pgp;
pgp.pubkeys.brain = builtins.readFile ./brain.pgp;
};
makefu-omo = {
inherit (makefu) mail;
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch";
};
makefu-tsp = {
inherit (makefu) mail;
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp";
};
makefu-vbob = {
inherit (makefu) mail;
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob";
};
exco = {

View File

@ -0,0 +1,64 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQINBE6quoQBEACemTuY0Ujeygxdyds3ugPbKuIsJMCQSdXAKsCkH4vV5qam8rQP
AabpYyQfew9nCUCJa4NkKFrLnGz4d7rl1u5ihVqMctYeJqZdtX88DqqNKQXoqKQv
crF5hcZmUtbGe5eyoMV55hiODPVPTVra6pbxWwhqa0pYeXEyDy1BPoqgcP0DUFho
yBeoyw71ujgdJZvl5rq6ZVjTGuToNKHn5UBDMu6n0rl9Ha7ukL4Gx8hOhmK8yv87
zuUzBRQkTgoC48JA3Bt0kb15ghbOV7D411ZhmhEqWwE/OBk3//6MOGu24Mm0OG8J
+tbEMysck0LYe5q5U/2cmGsqlwV6FXLmnPOj6H4XtdTBDVXo/Hp6A8mVR1sSDopc
/2TnTwv0cdGOIS1CgxUc/qS6a8h+2UGaLSPnuPBWom163YbO/vgj8Th5q3N2DiRO
EP+mGCKn1/cghU7WjMny8z59A7SeZ0rRN8KaMlFEZMlgtQf7/6EjL5Ulo5H0vb2m
G5lAfW5xz55Y6M06sEl2wJ4pkgt+jeWRItKQvyqcdFEfiJfuP0+ESmQIMvz2ZnDC
ZJzpmjP5uDwqu5THcTHvJ/ptSHRtXEiqqwrpQ0dqtwxLMJtIdgOohVoPAUNTTXcy
XmL0qZsLFI2We2v0jgYMcYw1gswsksMLLmnVWlAsBqCALRyu4Ptxrkg9NwARAQAB
tB5tYWtlZnUgPHJvb3RAc3ludGF4LWZlaGxlci5kZT6JAjgEEwECACIFAk6quoQC
GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEMk6uSvVJeKfr5UP/3vvBlZQ
9DjLRBx9YUjbq34LDl/wdDX7Fwsdb+TccUiOgKW2RAXbdnff2r5VRn4VSDUYoFfN
qtDrxKl04IWeVwiaTjCJdXp6veSpov5GcmARgPUow8v9Eu2gZw0o1LvW7NFP5e3u
YxmSTrlVGZMTCkwIkYoaETseCE0qsahWD0zCM19rAEuTkwKOQo58mXFUzNq829Ex
OAv4zIQE6V7SKKOZzXhvBu3s1ql1SDfmciaszMlwwPtwgFBkg1HrFvuimU7zqGkf
wQpWt91j8kJZdAC8iUf/7UNh/VZu+n9jtmynunRrY2PgPh6LgeDmiaTbVfHX51/3
R01dzzTk0dnqwosNoc1u8Xsb/rTs9LDsncteUGKgiEh+LRjouGGh/C1g58dkF0wP
S00dgnEhI9d8ui/yTPa47l3zDSa/m6Nq6oEGVbZDivNDuTV1jfhrs0v3kx50aK0O
y+exKMmgxoxeCMZs53iHXiXAcsHSj+Gue6W2jDvRjaPqfxnM3GNd7y9ix8IF43R6
n1oAZo7zWA4a5iq8yvBTjKqyDJAKu8C4kYM/9FMJlDgUjWYvNI4BiG1iw0iGVAjt
JHz/QEM/7Mg7fw1rtJB/A9ezLJGyiDcc5GwrLIVl6U8stNWF0ZqgtwWKF1lm0Faj
mPRDdOVZNTPw61YNqHJGdHVBD0usx3Xg/4V6tC5GZWxpeCBSaWNodGVyIDxGZWxp
eC5SaWNodGVyQHN5bnRheC1mZWhsZXIuZGU+iQI4BBMBAgAiBQJSpxSDAhsDBgsJ
CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDJOrkr1SXin4w8D/9QY5oTvCmFERHR
uUgGyU1hPomIE6RrSxoeqHsMUhUuqNeWYk0T/Oju/sZLlWUuBZHLTXeGPyFEe0/n
6ys4cqTSwCKUdB0kQO3GAzPKGmC6C5trQaMpY+A6yVi3He6rN37+XjfjrY+o7Rbl
s8K6S3jR/f/MSODjRnGNPTLsuDYKo+d4RwlWv2G+RFHueh4/aef0s3lzoDbmdJiW
zXaTqiCKgG34GzQO4hs6MsyG9mJo05qXvMAGgCyRDJkbcmwjgQonlEi6TIJyQ3J2
CNLrl2UW5eUFKnZbWGZYL7Ojsq0UnRna6z1L4sxk1kCLxn1Gz8RiisJ1bUOM85vZ
dTyFTb9+iC43c2IbLpF139ic+hb6dYJC392cOwrT2UgfUuzqocY2V/HXjVsqsNtL
t4tnoZkZhjFMaUe5FQbUYwtA2IqqrqD7iC7ULtclYa2tvW2HIAs4VjocWxfbgY4b
He99Ma5xSNL171a34n2ZayjsI8cbYtHvVPTZ8Zs6xqsz8D+o+m0bBxGobOAkb6yN
UUdZjo5Jdcr2AxAITEgzgzcWR0sCbn+6Jj7XJuz2SYEtOhZBrY7tONoOkrysCtJD
fKOp2RCq60ZHMqoBTyyxtQ6LG/I0bZs7a2/6Wc3O3VhSIGgjSOan7N4G13CJqfFA
FfMATGPnK+nYxmVAQ2VR0GxscvjdBLkCDQROqrqEARAAzYUNba4eFVDLlF2SzSra
VMyV9eNBdi64tNQVTFDH+bj2KgcPKZXBUXDz+hizOb3jegaBojlbf6LYUgzQMQ96
uHcE/mlBhtU1nUYKEH82kblA6UVOrtSyK/2MIX/aoK7C+pKFSIEkl2/V4NtPQ6Ay
H+UQ8c6uOP6Z0raaawjZ/rzvxIlVPD0Ou0PtJf6l0UtMQRWpYcwNl3O6JgMFhqP4
LipP40aYEuxr9RUynWBb8HzXj1R5imPgF+F47L8EPKDgIqEr6OLWigQ6pBpKM8xP
lMQByGvv5Xi35rqMwn2porHwYE5BIUIQcSSSdhSxgwB0G/hlpucX7wtUMheAUFTj
sVVK5jirMf30h4NUlpyO1hNblIM+oex96yir8PRZwQFkZ8CFeMDXjsNYUhcqyAJC
Lr64XiaX7VdIshcIF07tC/Rjd7qKOs21phzIJ7FkYYFkhh607q6rzH7pBsnckJnX
ydFIo412ig4dac2f2FSgZXPYyZ9T6y9raL3Aq1WigOncG+ajpN60/r1pXXggoIgr
ZuSMXpklr3z7DZ+M5Vk7EjpTZqfUkcBuS9ObsfX/oIpVaY5MCZobjw4iBEee/t+f
4YigdPTWWxoHA259S2dH3MdWzIH515VWjUD4E7Jf9iEoYygT98u3fV/1GHjBsQTg
2CTXRCG3xpHnPliLvwkt6z8AEQEAAYkCHwQYAQIACQUCTqq6hAIbDAAKCRDJOrkr
1SXin9vjD/46juH2MLa/iyXzbz4QxEHt5/USZ+RFh8Bt5iBEGVvKY97QlOJ6Eq8Z
9BMA1z+QpdkU2Rx7H2l9ohA5Kznlz80KUGzkkEwCZTqycLLX2/oq825dqF0H6hJu
9R95ltC8xIYvW0KPunnyU4HO+RyVM544vR1KKBTXV/+ojHD2BviDQ41bFNfYjo+N
uInrJWCgsxAC1fhnxLjQH74BkBSMF0S85y68EnHbJ/4IAud24shb6blsF1Sjf1CK
UX0ZWwbBWj7cMg0pfkczdl7Y7pHJqOr/UrC40jHVO4CX0JrxhOT7u4cvhv0E4Y3O
y9+Js7+fM6Ua+YF6TuArOorOCH8vzx6xvM1AW2U5jS3iMglIi6fXEYRuQB9ygPTc
wJ/ByBApEKC7O0kA0PhwEF4FTgZntThlaJ+2rsUseONAXqZTJaX+CXtQdw6IVa8n
SmXN01YsZzW1qFhbBSYHowqbOxbW9WH0ObtL+bxfJbG8HrVoXZJ5pcytzIDsGbtE
1M2AQPZ4CaaWDGEvnM3REo1OOAf3f4Vf9C59suPoKVWqalBb94AhQqka8nZ81jL9
tXDt0Yuaj2xroCNstmRFOgXJBWWx59kVdU9yoC2K0AWNrMdHAuyevgscAHsKkXq5
4C1xL0RuUlNZ1qcX7Ev7kcLJ1RxRyXZQCbpIUi+UAWuNgEwMEHo1eQ==
=rHPd
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -4,10 +4,12 @@ with builtins;
with lib;
let
cfg = config.lass.newsbot-js;
inherit (config.krebs.lib) genid;
cfg = config.krebs.newsbot-js;
out = {
options.lass.newsbot-js = api;
options.krebs.newsbot-js = api;
config = mkIf cfg.enable imp;
};

View File

@ -54,6 +54,34 @@ let
type = with types; string;
default = "";
};
ssl = mkOption {
type = with types; submodule ({
options = {
enable = mkEnableOption "ssl";
certificate = mkOption {
type = str;
};
certificate_key = mkOption {
type = str;
};
#TODO: check for valid cipher
ciphers = mkOption {
type = str;
default = "AES128+EECDH:AES128+EDH";
};
prefer_server_ciphers = mkOption {
type = bool;
default = true;
};
protocols = mkOption {
type = listOf (enum [ "SSLv2" "SSLv3" "TLSv1" "TLSv1.1" "TLSv1.2" ]);
default = [ "TLSv1.1" "TLSv1.2" ];
};
};
});
default = {};
};
};
});
default = {};
@ -89,14 +117,28 @@ let
}
'';
to-server = { server-names, listen, locations, extraConfig, ... }: ''
server {
${concatMapStringsSep "\n" (x: "listen ${x};") listen}
server_name ${toString server-names};
${indent extraConfig}
${indent (concatMapStrings to-location locations)}
}
'';
to-server = { server-names, listen, locations, extraConfig, ssl, ... }:
let
_extraConfig = if ssl.enable then
extraConfig + ''
ssl_certificate ${ssl.certificate};
ssl_certificate_key ${ssl.certificate_key};
${optionalString ssl.prefer_server_ciphers "ssl_prefer_server_ciphers On;"}
ssl_ciphers ${ssl.ciphers};
ssl_protocols ${toString ssl.protocols};
''
else
extraConfig
;
in ''
server {
${concatMapStringsSep "\n" (x: "listen ${x};") (listen ++ optional ssl.enable "443 ssl")}
server_name ${toString server-names};
${indent _extraConfig}
${indent (concatMapStrings to-location locations)}
}
'';
in
out

View File

@ -25,9 +25,9 @@ in nodePackages.buildNodePackage {
name = "newsbot-js";
src = fetchgit {
url = "http://cgit.echelon/newsbot-js/";
rev = "802b172d0eed6c9625a9cb5db408f5cc8c01784e";
sha256 = "794fc7845aca311f7cf7b6bdc109b5a25d0e2299322bc6612edadc477b2536e2";
url = "http://cgit.prism/newsbot-js/";
rev = "09e01639be4ea9691cf5b33f7d9057b68ac98079";
sha256 = "28ffbed66c2efcd194c47823c7d5d5533c80852fc0cf9d9d4ee609c71d50c142";
};
phases = [

View File

@ -19,12 +19,8 @@ with builtins;
# };
#}
{
krebs.iptables = {
tables = {
filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; }
];
};
services.elasticsearch = {
enable = true;
};
}
];

View File

@ -25,6 +25,7 @@
../2configs/teamviewer.nix
../2configs/libvirt.nix
../2configs/fetchWallpaper.nix
../2configs/cbase.nix
#../2configs/buildbot-standalone.nix
{
#risk of rain port
@ -141,10 +142,16 @@
services.elasticsearch = {
enable = true;
plugins = [
pkgs.elasticsearchPlugins.elasticsearch_kopf
# pkgs.elasticsearchPlugins.elasticsearch_kopf
];
};
}
{
services.postgresql = {
enable = true;
package = pkgs.postgresql;
};
}
];
krebs.build.host = config.krebs.hosts.mors;
@ -270,16 +277,17 @@
emulateWheel = true;
};
services.xserver = {
videoDriver = "intel";
vaapiDrivers = [ pkgs.vaapiIntel ];
deviceSection = ''
Option "AccelMethod" "sna"
BusID "PCI:0:2:0"
'';
};
#services.xserver = {
# videoDriver = "intel";
# vaapiDrivers = [ pkgs.vaapiIntel ];
# deviceSection = ''
# Option "AccelMethod" "sna"
# BusID "PCI:0:2:0"
# '';
#};
environment.systemPackages = with pkgs; [
acronym
cac-api
sshpass
get
@ -328,7 +336,4 @@
tapButtons = false;
twoFingerScroll = true;
};
#for google hangout
users.extraUsers.gm.extraGroups = [ "audio" "video" ];
}

View File

@ -83,10 +83,10 @@ in {
{
sound.enable = false;
}
{
#workaround for server dying after 6-7h
boot.kernelPackages = pkgs.linuxPackages_4_2;
}
#{
# #workaround for server dying after 6-7h
# boot.kernelPackages = pkgs.linuxPackages_4_2;
#}
{
nixpkgs.config.allowUnfree = true;
}
@ -119,7 +119,8 @@ in {
}
{
users.users.chat.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJJKlOeAHyi7lToCqRF/hdA2TrtVbrTUd2ayuWsXe9JWiyeyKH/LNY3SrgxCWPZSItE9VK68ghMuVYK/A8IAcgzNhzFYLDxmtsidjiOJBj2ZGsjqevoQ5HuKB/pob8CLW3dr1Rx38Any/XXxpfeO6vemCJMGLTe5gSlrCI+Tk1qNt0Rz+rke73Hwt9wW39g8X3prF2q9ryL9OFCcsoYUE7PIOV9xM1GaDFfTR4bKux7HyFKmG+rBvmJHB5OPW8UAtVZGY/FIChwlmF6QNO5Zym497bG1RCOGplaLpRXVJrmoUkZUO7EazePPxIjz2duWYqFtwl5R9YGy1+a+F58G19DS7wJHM29td117/ZANjRTxE5q/aJm2okJYOVSqhYzdhji+BWVZ5ai7cktpAdtPo++yiZN90LvogXNB64kFxVGuX52xZcA3KLKmvrd47o9k0pzO+oCoArxPFIx0YkHfy/yw7OG8Z+KLK8l9WXWBZO5TpjcydnEcRZ8OEqVhtmDh+9h1zhPphuFBtT1JPbt8m132RUy23qsNRtZ/lnnfQbrxgHPRzVuvA8o4ahOEUdvV9SYnzKb6qMFXGp25EhlcWnR4/toyG6I3paBtByeHkaxjgCuvm9Hob6f/xFr3kEJ4WXTVguyrcFgNg2EcEfdkrTMhNn9OIHEFFQ8whIBv5jlw== JuiceSSH"
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH"
config.krebs.users.lass-uriel.pubkey
];
}
{
@ -134,6 +135,12 @@ in {
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
];
}
{
services.tor = {
enable = true;
client.enable = true;
};
}
];
krebs.build.host = config.krebs.hosts.prism;

View File

@ -15,15 +15,6 @@ with builtins;
../2configs/bitlbee.nix
../2configs/weechat.nix
../2configs/skype.nix
{
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = map readFile [
../../krebs/Zpubkeys/uriel.ssh.pub
];
};
};
}
];
krebs.build.host = config.krebs.hosts.uriel;

View File

@ -54,8 +54,8 @@ with config.krebs.lib;
#secrets-common = "/home/lass/secrets/common";
stockholm = "/home/lass/stockholm";
nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
url = https://github.com/NixOS/nixpkgs;
rev = "40c586b7ce2c559374df435f46d673baf711c543";
dev = "/home/lass/src/nixpkgs";
};
} // optionalAttrs config.krebs.build.host.secure {
@ -68,8 +68,9 @@ with config.krebs.lib;
users.mutableUsers = false;
services.timesyncd.enable = true;
#why is this on in the first place?
services.ntp.enable = false;
services.nscd.enable = false;
boot.tmpOnTmpfs = true;
@ -81,7 +82,7 @@ with config.krebs.lib;
# multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = ''
EDITOR=vim
PAGER=most
MANPAGER=most
'';
environment.systemPackages = with pkgs; [
@ -104,6 +105,9 @@ with config.krebs.lib;
#stuff for dl
aria2
#neat utils
krebspaste
];
programs.bash = {

View File

@ -33,16 +33,19 @@ in {
dmenu
gitAndTools.qgit
mpv
much
pavucontrol
powertop
push
slock
sxiv
xorg.xbacklight
xsel
zathura
mpv
mpv-poll
yt-next
#window manager stuff
#haskellPackages.xmobar
#haskellPackages.yeganesh

View File

@ -1,6 +1,8 @@
{ config, lib, pkgs, ... }:
let
inherit (config.krebs.lib) genid;
mainUser = config.users.extraUsers.mainUser;
createChromiumUser = name: extraGroups: packages:
{
@ -8,6 +10,7 @@ let
inherit name;
inherit extraGroups;
home = "/home/${name}";
uid = genid name;
useDefaultShell = true;
createHome = true;
};
@ -28,6 +31,7 @@ let
inherit name;
inherit extraGroups;
home = "/home/${name}";
uid = genid name;
useDefaultShell = true;
createHome = true;
};
@ -48,16 +52,17 @@ in {
environment.systemPackages = [
(pkgs.writeScriptBin "browser-select" ''
BROWSER=$(echo -e "ff\ncr\nfb\ngm\nflash" | dmenu)
BROWSER=$(echo -e "ff\ncr\nwk\nfb\ngm\nflash" | dmenu)
$BROWSER $@
'')
];
imports = [
( createFirefoxUser "ff" [ "audio" ] [ ] )
( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] )
( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
( createChromiumUser "fb" [ ] [ pkgs.chromium ] )
( createChromiumUser "gm" [ ] [ pkgs.chromium ] )
( createChromiumUser "wk" [ "audio" ] [ pkgs.chromium ] )
( createChromiumUser "fb" [ "audio" ] [ pkgs.chromium ] )
( createChromiumUser "gm" [ "audio" ] [ pkgs.chromium ] )
( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] )
];

93
lass/2configs/cbase.nix Normal file
View File

@ -0,0 +1,93 @@
{ config, lib, pkgs, ... }:
let
inherit (config.krebs.lib) genid;
in {
users.extraUsers = {
cbasevpn = rec {
name = "cbasevpn";
uid = genid "cbasevpn";
description = "user for running c-base openvpn";
home = "/home/${name}";
};
};
users.extraGroups.cbasevpn.gid = genid "cbasevpn";
services.openvpn.servers = {
c-base = {
config = ''
client
dev tap
proto tcp
remote vpn.ext.c-base.org 1194
resolv-retry infinite
nobind
user cbasevpn
group cbasevpn
persist-key
persist-tun
auth-nocache
#auth-user-pass
auth-user-pass ${toString <secrets/cbase.txt>}
comp-lzo
verb 3
#script-security 2
#up /etc/openvpn/update-resolv-conf
#down /etc/openvpn/update-resolv-conf
<ca>
-----BEGIN CERTIFICATE-----
MIIDUjCCArugAwIBAgIJAOOk8EXgjsf5MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV
BAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZj
LWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJ
ARYQYWRtYXhAYy1iYXNlLm9yZzAeFw0wOTAyMTMwOTE1MzdaFw0xOTAyMTEwOTE1
MzdaMHoxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGlu
MQ8wDQYDVQQKEwZjLWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEf
MB0GCSqGSIb3DQEJARYQYWRtYXhAYy1iYXNlLm9yZzCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAt3wEgXbqFKxs8z/E4rv13hkRi6J+QdshNzntm7rTOmUsXKE7
IEwoJSglrmsDPv4UqE86A7bjW7YYSFjhzxFRkTEHJanyOCF48ZPItVl7Eq7T81co
uR+6lAhxnLDrwnPJCC83NzAa6lw8U1DsQRDkayKlrQrtZq6++pFFEvZvt1cCAwEA
AaOB3zCB3DAdBgNVHQ4EFgQUqkSbdXS90+HtqXDeAI+PcyTSSHEwgawGA1UdIwSB
pDCBoYAUqkSbdXS90+HtqXDeAI+PcyTSSHGhfqR8MHoxCzAJBgNVBAYTAkRFMQsw
CQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZjLWJhc2UxGzAZ
BgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJARYQYWRtYXhA
Yy1iYXNlLm9yZ4IJAOOk8EXgjsf5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
BQADgYEAOBANG1H4uEEWk3sbeQoSMeA3LFG1+6MgFGk2WAdeHYuV9GKYBq6/PLP5
ffw+FNkiDjLSeSQO88vHYJr2V1v8n/ZoCIT+1VBcDWXTpGz0YxDI1iBauO3tUPzK
wGs46RA/S0YwiZw64MaUHd88ZVadjKy9kNoO3w6/vpAS6s/Mh+o=
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
5d49aa8c9cec18de7ab6e0b5cd09a368
d3f1b8b77e055e448804fa0e14f487cb
491681742f96b54a23fb8639aa9ed14e
c40b86a5546b888c4f3873f23c956e87
169076ec869127ffc85353fd5928871c
da19776b79f723abb366fae6cdfe4ad6
7ef667b7d05a7b78dfd5ea1d2da276dc
5f6c82313fe9c1178c7256b8d1d081b0
4c80bc8f21add61fbc52c158579edc1d
bbde230afb9d0e531624ce289a17098a
3261f9144a9a2a6f0da4250c9eed4086
187ec6fa757a454de743a349e32af193
e9f8b49b010014bdfb3240d992f2f234
581d0ce05d4e07a2b588ad9b0555b704
9d5edc28efde59226ec8942feed690a1
2acd0c8bc9424d6074d0d495391023b6
-----END OpenVPN Static key V1-----
</tls-auth>
'';
};
};
}

View File

@ -187,13 +187,10 @@ let
hackernews|https://news.ycombinator.com/rss|#news
'';
in {
imports = [
../3modules/newsbot-js.nix
];
environment.systemPackages = [
pkgs.newsbot-js
];
lass.newsbot-js = {
krebs.newsbot-js = {
enable = true;
ircServer = "localhost";
feeds = newsfile;

View File

@ -16,11 +16,13 @@
enable = true;
connectTo = [
"prism"
"cloudkrebs"
"echelon"
"pigstarter"
"gum"
"flap"
];
};
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
};
}

View File

@ -1,13 +1,42 @@
{ config, pkgs, ... }:
let
customPlugins.mustang2 = pkgs.vimUtils.buildVimPlugin {
name = "Mustang2";
src = pkgs.fetchFromGitHub {
owner = "croaker";
repo = "mustang-vim";
rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5";
sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67";
customPlugins = {
mustang2 = pkgs.vimUtils.buildVimPlugin {
name = "Mustang2";
src = pkgs.fetchFromGitHub {
owner = "croaker";
repo = "mustang-vim";
rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5";
sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67";
};
};
unimpaired = pkgs.vimUtils.buildVimPlugin {
name = "unimpaired-vim";
src = pkgs.fetchFromGitHub {
owner = "tpope";
repo = "vim-unimpaired";
rev = "11dc568dbfd7a56866a4354c737515769f08e9fe";
sha256 = "1an941j5ckas8l3vkfhchdzjwcray16229rhv3a1d4pbxifwshi8";
};
};
brogrammer = pkgs.vimUtils.buildVimPlugin {
name = "brogrammer";
src = pkgs.fetchFromGitHub {
owner = "marciomazza";
repo = "vim-brogrammer-theme";
rev = "3e412d8e8909d8d89eb5a4cbe955b5bc0833a3c3";
sha256 = "0am1qk8ls74z5ipgf9viacayq08y9i9vd7sxxiivwgsjh2ancbv6";
};
};
file-line = pkgs.vimUtils.buildVimPlugin {
name = "file-line";
src = pkgs.fetchFromGitHub {
owner = "bogado";
repo = "file-line";
rev = "f9ffa1879ad84ce4a386110446f395bc1795b72a";
sha256 = "173n47w9zd01rcyrrmm194v79xq7d1ggzr19n1lsxrqfgr2c1rvk";
};
};
};
@ -23,7 +52,7 @@ in {
syntax on
" TODO autoload colorscheme file
set background=dark
colorscheme mustang
colorscheme brogrammer
filetype off
filetype plugin indent on
@ -56,7 +85,8 @@ in {
vnoremap < <gv
vnoremap > >gv
nmap <esc>q :buffer
nmap <esc>q :buffer
"Tabwidth
set ts=2 sts=2 sw=2 et
@ -105,11 +135,26 @@ in {
"esc timeout
set timeoutlen=1000 ttimeoutlen=0
"foldfunctions
inoremap <F9> <C-O>za
nnoremap <F9> za
onoremap <F9> <C-C>za
vnoremap <F9> zf
'';
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
vimrcConfig.vam.pluginDictionaries = [
{ names = [ "Gundo" "commentary" "mustang2" ]; }
{ names = [
"brogrammer"
"commentary"
"extradite"
"file-line"
"fugitive"
"Gundo"
"mustang2"
"unimpaired"
]; }
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
];

View File

@ -1,14 +1,17 @@
{ config, lib, pkgs, ... }:
{
krebs.per-user.chat.packages = [
pkgs.weechat
pkgs.tmux
let
inherit (config.krebs.lib) genid;
in {
krebs.per-user.chat.packages = with pkgs; [
mosh
tmux
weechat
];
users.extraUsers.chat = {
home = "/home/chat";
uid = lib.genid "chat";
uid = genid "chat";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = [

View File

@ -52,6 +52,7 @@ let
wantedBy = [ "multi-user.target" ];
requires = [ "xserver.service" ];
environment = xmonad-environment;
restartIfChanged = false;
serviceConfig = {
ExecStart = "${xmonad-start}/bin/xmonad";
ExecStop = "${xmonad-stop}/bin/xmonad-stop";

View File

@ -54,10 +54,6 @@
#eval $( dircolors -b ~/.LS_COLORS )
#exports
export EDITOR='vim'
export MANPAGER='most'
export PAGER='vim -R -'
# export MANPAGER='sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | vim -R -c "set ft=man nonu nomod nolist" -'
#beautiful colors

View File

@ -3,7 +3,6 @@ _:
imports = [
./xresources.nix
./folderPerms.nix
./newsbot-js.nix
./per-user.nix
./urxvtd.nix
./xresources.nix

View File

@ -45,24 +45,6 @@ let
instanceid = mkOption {
type = str;
};
ssl = mkOption {
type = with types; submodule ({
options = {
enable = mkEnableOption "ssl";
certificate = mkOption {
type = str;
};
certificate_key = mkOption {
type = str;
};
ciphers = mkOption {
type = str;
default = "AES128+EECDH:AES128+EDH";
};
};
});
default = {};
};
};
}));
default = {};
@ -72,7 +54,7 @@ let
group = config.services.nginx.group;
imp = {
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: {
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: {
server-names = [
"${domain}"
"www.${domain}"
@ -116,16 +98,7 @@ let
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
${if ssl.enable then ''
ssl_certificate ${ssl.certificate};
ssl_certificate_key ${ssl.certificate_key};
'' else ""}
'';
listen = (if ssl.enable then
[ "80" "443 ssl" ]
else
"80"
);
});
services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: ''
listen = ${folder}/phpfpm.pool

View File

@ -42,10 +42,6 @@ let
certificate_key = mkOption {
type = str;
};
ciphers = mkOption {
type = str;
default = "AES128+EECDH:AES128+EDH";
};
};
});
default = {};
@ -74,16 +70,7 @@ let
deny all;
'')
];
listen = (if ssl.enable then
[ "80" "443 ssl" ]
else
"80"
);
extraConfig = (if ssl.enable then ''
ssl_certificate ${ssl.certificate};
ssl_certificate_key ${ssl.certificate_key};
'' else "");
inherit ssl;
});
};

View File

@ -0,0 +1,13 @@
{ pkgs, ... }:
pkgs.writeScriptBin "acronym" ''
#! ${pkgs.bash}/bin/bash
acro=$1
curl -s http://www.acronymfinder.com/$acro.html \
| grep 'class="result-list__body__rank"' \
| sed 's/.*title="\([^"]*\)".*/\1/' \
| sed 's/^.* - //' \
| sed "s/&#39;/'/g"
''

View File

@ -2,14 +2,16 @@
{
nixpkgs.config.packageOverrides = rec {
acronym = pkgs.callPackage ./acronym/default.nix {};
firefoxPlugins = {
noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {};
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
};
newsbot-js = pkgs.callPackage ./newsbot-js/default.nix {};
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
xmonad-lass =
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
pkgs.haskellPackages.callPackage src {};
yt-next = pkgs.callPackage ./yt-next/default.nix {};
};
}

View File

@ -0,0 +1,40 @@
{ pkgs, ... }:
pkgs.writeScriptBin "mpv-poll" ''
#! ${pkgs.bash}/bin/bash
pl=$1
hist=''${HISTORY:-"./mpv_history"}
mpv_options=''${MPV_OPTIONS:-""}
lastYT=""
play_video () {
toPlay=$1
echo $toPlay >> $hist
mpv $mpv_options $toPlay
}
if ! [ -e $hist ]; then
touch $hist
fi
while :
do
if [ -s $pl ]; then
toPlay=$(head -1 $pl)
sed -i '1d' $pl
if $(echo $toPlay | grep -Eq 'https?://(www.)?youtube.com/watch'); then
lastYT=$toPlay
fi
play_video $toPlay
else
if [ -n "$lastYT" ]; then
next=$(yt-next $lastYT)
lastYT=$next
play_video $next
fi
sleep 1
fi
done
''

View File

@ -0,0 +1,13 @@
{ pkgs, ... }:
pkgs.writeScriptBin "yt-next" ''
#! ${pkgs.bash}/bin/bash
vid=$1
num=''${NUM:-1}
curl -Ls $1 \
| grep 'href="/watch?v=' \
| head -n$num \
| sed 's,.*href="\([^"]*\)".*,https://youtube.com\1,'
''

View File

@ -1,17 +1,51 @@
{ config, pkgs, lib, ... }:
with config.krebs.lib;
{
let
byid = dev: "/dev/disk/by-id/" + dev;
rootDisk = byid "ata-ADATA_SSD_S599_64GB_10460000000000000039";
auxDisk = byid "ata-HGST_HTS721010A9E630_JR10006PH3A02F";
dataPartition = auxDisk + "-part1";
allDisks = [ rootDisk auxDisk ];
in {
imports = [
../2configs/fs/single-partition-ext4.nix
../2configs/zsh-user.nix
../.
../.
../2configs/fs/single-partition-ext4.nix
../2configs/zsh-user.nix
../2configs/smart-monitor.nix
../2configs/exim-retiolum.nix
../2configs/virtualization.nix
];
networking.firewall.allowedUDPPorts = [ 80 655 67 ];
networking.firewall.allowedTCPPorts = [ 80 655 ];
networking.firewall.checkReversePath = false;
#networking.firewall.enable = false;
# virtualisation.nova.enableSingleNode = true;
krebs.retiolum.enable = true;
boot.loader.grub.device = "/dev/disk/by-id/ata-ADATA_SSD_S599_64GB_10460000000000000039";
boot.kernelModules = [ "coretemp" "f71882fg" ];
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
networking.wireless.enable = true;
# TODO smartd omo darth gum all-in-one
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
zramSwap.enable = true;
fileSystems."/data" = {
device = dataPartition;
fsType = "ext4";
};
boot.loader.grub.device = rootDisk;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.makefu-omo.pubkey
config.krebs.users.makefu-vbob.pubkey
];
krebs.build.host = config.krebs.hosts.darth;
}

View File

@ -41,9 +41,16 @@ in {
];
};
krebs.nginx.servers.cgit.server-names = [
"cgit.euer.krebsco.de"
];
krebs.nginx.servers.cgit = {
server-names = [ "cgit.euer.krebsco.de" ];
listen = [ "${external-ip}:80" "${internal-ip}:80" ];
};
# access
users.users = {
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
};
# Chat
environment.systemPackages = with pkgs;[

View File

@ -11,7 +11,7 @@ let
# cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
# cryptsetup luksAddKey $dev tmpkey
# cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096
# mkfs.ext4 /dev/mapper/crypt0 -L crypt0 -T largefile
# mkfs.xfs /dev/mapper/crypt0 -L crypt0
# omo Chassis:
# __FRONT_
@ -30,6 +30,8 @@ let
cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
# cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
# all physical disks
# TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk2 ];
in {
imports =
@ -42,16 +44,21 @@ in {
../2configs/smart-monitor.nix
../2configs/mail-client.nix
../2configs/share-user-sftp.nix
../2configs/graphite-standalone.nix
../2configs/omo-share.nix
];
krebs.retiolum.enable = true;
networking.firewall.trustedInterfaces = [ "enp3s0" ];
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
# tcp:80 - nginx for sharing files
# tcp:655 udp:655 - tinc
# tcp:8080 - sabnzbd
# tcp:8111 - graphite
# tcp:9090 - sabnzbd
# tcp:9200 - elasticsearch
# tcp:5601 - kibana
networking.firewall.allowedUDPPorts = [ 655 ];
networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ];
# services.openssh.allowSFTP = false;

View File

@ -36,7 +36,11 @@
#../2configs/wordpress.nix
../2configs/nginx/public_html.nix
];
krebs.nginx = {
default404 = false;
servers.default.listen = [ "80 default_server" ];
servers.default.server-names = [ "_" ];
};
krebs.retiolum.enable = true;
# steam
hardware.opengl.driSupport32Bit = true;

View File

@ -15,11 +15,6 @@
];
nixpkgs.config.allowUnfree = true;
krebs.build.source.upstream-nixpkgs = {
url = https://github.com/makefu/nixpkgs;
# HTTP Everywhere + libredir
rev = "8239ac6";
};
fileSystems."/nix" = {
device ="/dev/disk/by-label/nixstore";
fsType = "ext4";

View File

@ -10,16 +10,6 @@
#
# if this is not enough, check out main-laptop.nix
## TODO: .Xdefaults:
# URxvt*termName: rxvt
# URxvt.scrollBar : false
# URxvt*scrollBar_right: false
# URxvt*borderLess: false
# URxvt.foreground: white
# URxvt.background: black
# URxvt.urgentOnBell: true
# URxvt.visualBell: false
# URxvt.font : xft:Terminus
with config.krebs.lib;
let
@ -83,7 +73,9 @@ in
XTerm*FaceName : Terminus:pixelsize=14
URxvt*termName: rxvt
URxvt.scrollBar : False
URxvt*saveLines: 10000
URxvt*loginShell: false
URxvt.scrollBar : false
URxvt*scrollBar_right: false
URxvt*borderLess: false
URxvt.foreground: white

View File

@ -125,6 +125,7 @@ with config.krebs.lib;
nixpkgs.config.packageOverrides = pkgs: {
nano = pkgs.runCommand "empty" {} "mkdir -p $out";
tinc = pkgs.tinc_pre;
};
services.cron.enable = false;

View File

@ -19,7 +19,7 @@ with config.krebs.lib;
"/home" = {
device = "/dev/mapper/main-home";
fsType = "ext4";
options="defaults,discard";
options = [ "defaults" "discard" ];
};
};
}

View File

@ -18,12 +18,12 @@ with config.krebs.lib;
"/" = {
device = "/dev/mapper/luksroot";
fsType = "ext4";
options="defaults,discard";
options = [ "defaults" "discard" ];
};
"/boot" = {
device = "/dev/disk/by-label/nixboot";
fsType = "ext4";
options="defaults,discard";
options = [ "defaults" "discard" ];
};
};
}

View File

@ -23,6 +23,7 @@ with config.krebs.lib;
services.tlp.enable = true;
services.tlp.extraConfig = ''
START_CHARGE_THRESH_BAT0=80
STOP_CHARGE_THRESH_BAT0=95
CPU_SCALING_GOVERNOR_ON_AC=performance
CPU_SCALING_GOVERNOR_ON_BAT=ondemand

View File

@ -7,7 +7,7 @@ with config.krebs.lib;
gnupg
imapfilter
msmtp
mutt-kz
mutt
notmuch
offlineimap
openssl

View File

@ -0,0 +1,15 @@
{ config, lib, ... }:
with config.krebs.lib;
{
krebs.nginx = {
enable = true;
servers.default.locations = [
(nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
alias /home/$1/public_html$2;
autoindex on;
'')
];
};
}

View File

@ -48,6 +48,13 @@ in {
browseable = "yes";
"guest ok" = "yes";
};
emu = {
path = "/media/crypt1/emu";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
usenet = {
path = "/media/crypt0/usenet/dst";
"read only" = "yes";

30
makefu/4lib/default.nix Normal file
View File

@ -0,0 +1,30 @@
{ config, lib, ... }:
with lib;
let
addDefaultTime = bku-entry: recursiveUpdate {
snapshots = {
daily = { format = "%Y-%m-%d"; retain = 7; };
weekly = { format = "%YW%W"; retain = 4; };
monthly = { format = "%Y-%m"; retain = 12; };
yearly = { format = "%Y"; };
};
startAt = "5:23";
} bku-entry;
backup-host = config.krebs.hosts.omo;
backup-path = "/media/backup";
in {
bku = {
inherit addDefaultTime;
simplePath = addDefaultTime (path: {
method = "pull";
src = { host = config.krebs.build.host; inherit path; };
dst = {
host = backup-host;
path = backup-path ++ config.krebs.build.host.name
++ builtins.replaceStrings ["/"] ["-"] path;
};
});
};
}

View File

@ -10,8 +10,8 @@ with pkgs.pythonPackages;buildPythonPackage rec {
src = fetchFromGitHub {
owner = "makefu";
repo = "mycube-flask";
rev = "5f5260a";
sha256 = "1jx0h81nlmi1xry2vw46rvsanq0sdca6hlq31lhh7klqrg885hgh";
rev = "48dc6857";
sha256 = "1ax1vz6m5982l1mmp9vmywn9nw9p9h4m3ss74zazyspxq1wjim0v";
};
meta = {
homepage = https://github.com/makefu/mycube-flask;