diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 0a848426c..cf72e0d73 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -10,7 +10,6 @@ - diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 8f2e22acf..ca67ce65c 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -201,6 +201,7 @@ let "cfp@eloop.org" = eloop-ml; "kontakt@eloop.org" = eloop-ml; "root@eloop.org" = eloop-ml; + "youtube@eloop.org" = eloop-ml; "eloop2016@krebsco.de" = eloop-ml; "eloop2017@krebsco.de" = eloop-ml; "postmaster@krebsco.de" = spam-ml; # RFC 822 diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 9b9f052a5..836ecb3f6 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -15,8 +15,9 @@ with import ; cores = 4; extraZones = { "krebsco.de" = '' - prism IN A ${nets.internet.ip4.addr} + cache IN A ${nets.internet.ip4.addr} paste IN A ${nets.internet.ip4.addr} + prism IN A ${nets.internet.ip4.addr} ''; "lassul.us" = '' $TTL 3600 @@ -27,12 +28,13 @@ with import ; 60 IN TXT v=spf1 mx a:lassul.us -all 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" + cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index b032f3148..ecd449b09 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -75,6 +75,7 @@ let ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} ''} + ${tinc.config.tincUpExtra} ''; description = '' tinc-up script to be used. Defaults to setting the @@ -83,6 +84,11 @@ let ''; }; + tincUpExtra = mkOption { + type = types.str; + default = ""; + }; + tincPackage = mkOption { type = types.package; default = pkgs.tinc; diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index 15cc277a5..7c9812117 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -5,8 +5,8 @@ stdenv.mkDerivation { src = fetchgit { url = https://github.com/Lassulus/realwallpaper; - rev = "e0563289c2ab592b669ce4549fc40130246e9d79"; - sha256 = "1zgk8ips2d686216h203w62wrw7zy9z0lrndx9f8z6f1vpvjcmqc"; + rev = "847faebc9b7e87e4bea078e3a2304ec00b4cdfc0"; + sha256 = "10zihkwj9vpshlxw2jk67zbsy8g4i8b1y4jzna9fdcsgn7s12jrr"; }; phases = [ diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix index 0a286c6f0..e6eddf8b2 100644 --- a/lass/1systems/archprism/config.nix +++ b/lass/1systems/archprism/config.nix @@ -36,10 +36,10 @@ with import ; # TODO write function for proxy_pass (ssl/nonssl) krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.179"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; } + { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; } ]; } { diff --git a/lass/1systems/archprism/physical.nix b/lass/1systems/archprism/physical.nix index 56348d0ab..36de7dc17 100644 --- a/lass/1systems/archprism/physical.nix +++ b/lass/1systems/archprism/physical.nix @@ -14,16 +14,16 @@ }; }; # TODO use this network config - #networking.interfaces.et0.ipv4.addresses = [ - # { - # address = config.krebs.build.host.nets.internet.ip4.addr; - # prefixLength = 27; - # } - # { - # address = "46.4.114.243"; - # prefixLength = 27; - # } - #]; + networking.interfaces.eth0.ipv4.addresses = [ + { + address = config.krebs.build.host.nets.internet.ip4.addr; + prefixLength = 27; + } + { + address = "46.4.114.243"; + prefixLength = 27; + } + ]; #networking.defaultGateway = "46.4.114.225"; #networking.nameservers = [ # "8.8.8.8" diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 808f35b24..a9fbae695 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -341,8 +341,6 @@ with import ; ]; krebs.build.host = config.krebs.hosts.prism; - # workaround because grub store paths are broken - boot.copyKernels = true; services.earlyoom = { enable = true; freeMemThreshold = 5; diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 56348d0ab..4388c13fa 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -1,77 +1,56 @@ { config, lib, pkgs, ... }: + { + imports = [ ./config.nix - { - boot.kernelParams = [ "net.ifnames=0" ]; - networking = { - defaultGateway = "46.4.114.225"; - # Use google's public DNS server - nameservers = [ "8.8.8.8" ]; - interfaces.eth0 = { - ipAddress = "46.4.114.247"; - prefixLength = 27; - }; - }; - # TODO use this network config - #networking.interfaces.et0.ipv4.addresses = [ - # { - # address = config.krebs.build.host.nets.internet.ip4.addr; - # prefixLength = 27; - # } - # { - # address = "46.4.114.243"; - # prefixLength = 27; - # } - #]; - #networking.defaultGateway = "46.4.114.225"; - #networking.nameservers = [ - # "8.8.8.8" - #]; - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0" - #''; - } - { - imports = [ ]; - - networking.hostId = "fb4173ea"; - boot.loader.grub = { - devices = [ - "/dev/sda" - "/dev/sdb" - ]; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - "ahci" "sd_mod" - ]; - - boot.kernelModules = [ "kvm-intel" ]; - - sound.enable = false; - nixpkgs.config.allowUnfree = true; - time.timeZone = "Europe/Berlin"; - - fileSystems."/" = { - device = "rpool/root/nixos"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "rpool/home"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d"; - fsType = "ext4"; - }; - - } + ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; + + fileSystems."/" = { + device = "rpool/root/nixos"; + fsType = "zfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/d155d6ff-8e89-4876-a9e7-d1b7ba6a4804"; + fsType = "ext4"; + }; + + fileSystems."/srv/http" = { + device = "tank/srv-http"; + fsType = "zfs"; + }; + + fileSystems."/var/lib/containers" = { + device = "tank/containers"; + fsType = "zfs"; + }; + + fileSystems."/home" = { + device = "tank/home"; + fsType = "zfs"; + }; + + nix.maxJobs = lib.mkDefault 8; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ]; + + boot.kernelParams = [ "net.ifnames=0" ]; + networking = { + hostId = "2283aaae"; + defaultGateway = "95.216.1.129"; + # Use google's public DNS server + nameservers = [ "8.8.8.8" ]; + interfaces.eth0 = { + ipAddress = "95.216.1.150"; + prefixLength = 26; + }; + }; } diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index 991bbeb54..220e41d0a 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -20,7 +20,7 @@ services.nginx = { enable = true; virtualHosts.nix-serve = { - serverAliases = [ "cache.prism.r" ]; + serverAliases = [ "cache.prism.r" "cache.krebsco.de" "cache.lassul.us" ]; locations."/".extraConfig = '' proxy_pass http://localhost:${toString config.services.nix-serve.port}; ''; diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index 68f2256cf..4d4a92eb9 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -15,6 +15,7 @@ with (import ); dic nmap git-preview + l-gen-secrets ]; services.tor.enable = true; diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix index b08cf9307..6818db460 100644 --- a/lass/2configs/ciko.nix +++ b/lass/2configs/ciko.nix @@ -19,5 +19,9 @@ with import ; "slash16.net" ]; }; + + system.activationScripts.user-shadow = '' + ${pkgs.coreutils}/bin/chmod +x /home/ciko + ''; } diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 6ef3c8595..733115a74 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -90,6 +90,7 @@ with import ; { from = "afra@lassul.us"; to = lass.mail; } { from = "ksp@lassul.us"; to = lass.mail; } { from = "ccc@lassul.us"; to = lass.mail; } + { from = "neocron@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index 31a01c754..e756c3424 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -6,7 +6,7 @@ in { krebs.fetchWallpaper = { enable = true; unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; - url = "prism/realwallpaper-sat-krebs.png"; + url = "prism/realwallpaper-krebs.png"; maxTime = 10; }; } diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 17c3cf3be..49602898e 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -75,6 +75,8 @@ in { packages = with pkgs; [ ftb minecraft + steam-run + dolphinEmu ]; }; }; diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index c5b5c01fb..62173e33f 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -21,6 +21,10 @@ let krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } ]; + + system.activationScripts.spool-chmod = '' + ${pkgs.coreutils}/bin/chmod +x /var/spool + ''; }; cgit-clear-cache = pkgs.cgit-clear-cache.override { diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index e50689254..46939c97e 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -51,7 +51,7 @@ let gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; lugs = [ "to:lugs@lug-s.org" ]; - nix-devel = [ "to:nix-devel@googlegroups.com" ]; + nix = [ "to:nix-devel@googlegroups.com" "to:nix@lassul.us" ]; patreon = [ "to:patreon@lassul.us" ]; paypal = [ "to:paypal@lassul.us" ]; ptl = [ "to:ptl@posttenebraslab.ch" ]; diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index 116d66276..e0cb37f67 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let hostname = config.krebs.build.host.name; @@ -9,6 +9,9 @@ let in { krebs.realwallpaper.enable = true; + system.activationScripts.user-shadow = '' + ${pkgs.coreutils}/bin/chmod +x /var/realwallpaper + ''; services.nginx.virtualHosts.wallpaper = { extraConfig = '' if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { @@ -22,10 +25,7 @@ in { locations."/realwallpaper.png".extraConfig = '' root /var/realwallpaper/; ''; - locations."/realwallpaper-sat.png".extraConfig = '' - root /var/realwallpaper/; - ''; - locations."/realwallpaper-sat-krebs.png".extraConfig = '' + locations."/realwallpaper-krebs.png".extraConfig = '' root /var/realwallpaper/; ''; }; diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix index 2fffa6cc9..897e35e61 100644 --- a/lass/2configs/websites/sqlBackup.nix +++ b/lass/2configs/websites/sqlBackup.nix @@ -11,7 +11,6 @@ enable = true; dataDir = "/var/mysql"; package = pkgs.mariadb; - rootPassword = config.krebs.secret.files.mysql_rootPassword.path; }; systemd.services.mysql = { diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix index 68bcfa340..e7288313a 100644 --- a/lass/3modules/ejabberd/config.nix +++ b/lass/3modules/ejabberd/config.nix @@ -96,9 +96,9 @@ in /* yaml */ '' mod_privacy: {} mod_private: {} mod_register: - access_from: deny + access_from: allow access: register - ip_access: trusted_network + # ip_access: trusted_network registration_watchers: ${toJSON config.registration_watchers} mod_roster: {} mod_shared_roster: {} diff --git a/makefu/2configs/fetchWallpaper.nix b/makefu/2configs/fetchWallpaper.nix index 16a7a13b2..f63417e8f 100644 --- a/makefu/2configs/fetchWallpaper.nix +++ b/makefu/2configs/fetchWallpaper.nix @@ -8,7 +8,7 @@ timerConfig = { OnCalendar = "*:0/30"; }; - url = "http://prism.r/realwallpaper-sat-krebs.png"; + url = "http://prism.r/realwallpaper-krebs.png"; }; } diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index c26d4ab30..a653ce40d 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -15,7 +15,7 @@ with import ; # hardware configuration boot.initrd.luks.devices.muca = { - device = "/dev/disk/by-uuid/a8796bb3-6c03-4ddf-b2e4-c2e44c51d352"; + device = "/dev/disk/by-uuid/7b24a931-40b6-44a6-ba22-c805cf164e91"; }; boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ]; boot.initrd.availableKernelModules = [ "ahci" ]; @@ -25,16 +25,17 @@ with import ; fileSystems = { "/" = { device = "/dev/mapper/muvga-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; + fsType = "ext4"; + options = [ "defaults" "discard" ]; }; "/home" = { device = "/dev/mapper/muvga-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; + fsType = "ext4"; + options = [ "defaults" "discard" ]; }; "/boot" = { - device = "/dev/disk/by-uuid/DC38-F165"; + device = "/dev/disk/by-uuid/CEB1-9743"; + fsType = "vfat"; }; }; diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix index 655c75e1b..cbcec1bae 100644 --- a/tv/5pkgs/simple/q/default.nix +++ b/tv/5pkgs/simple/q/default.nix @@ -71,6 +71,11 @@ let '+%Y-%m-%dT%H:%M:%S%:z' ''; + q-utcdate = '' + ${pkgs.coreutils}/bin/date -u \ + '+%Y-%m-%dT%H:%M:%S%:z' + ''; + q-gitdir = '' if test -d .git; then #git status --porcelain @@ -295,6 +300,7 @@ pkgs.writeBashBin "q" '' set -eu export PATH=/var/empty ${q-cal} + ${q-utcdate} ${q-isodate} ${q-sgtdate} (${q-gitdir}) &