Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'lassul.us/master'

Browse Source
This commit is contained in:
makefu 2018-11-10 22:05:40 +01:00
commit e3efeb6dd5
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
23 changed files with 110 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
krebs/1systems/hotdog/config.nix
View File

@ -10,7 +10,6 @@
<stockholm/krebs/2configs> <stockholm/krebs/2configs>
<stockholm/krebs/2configs/buildbot-stockholm.nix> <stockholm/krebs/2configs/buildbot-stockholm.nix>
<stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix> <stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/reaktor-retiolum.nix> <stockholm/krebs/2configs/reaktor-retiolum.nix>

1
krebs/3modules/default.nix
View File

@ -201,6 +201,7 @@ let
"cfp@eloop.org" = eloop-ml; "cfp@eloop.org" = eloop-ml;
"kontakt@eloop.org" = eloop-ml; "kontakt@eloop.org" = eloop-ml;
"root@eloop.org" = eloop-ml; "root@eloop.org" = eloop-ml;
"youtube@eloop.org" = eloop-ml;
"eloop2016@krebsco.de" = eloop-ml; "eloop2016@krebsco.de" = eloop-ml;
"eloop2017@krebsco.de" = eloop-ml; "eloop2017@krebsco.de" = eloop-ml;
"postmaster@krebsco.de" = spam-ml; # RFC 822 "postmaster@krebsco.de" = spam-ml; # RFC 822

6
krebs/3modules/lass/default.nix
View File

@ -15,8 +15,9 @@ with import <stockholm/lib>;
cores = 4; cores = 4;
extraZones = { extraZones = {
"krebsco.de" = '' "krebsco.de" = ''
prism IN A ${nets.internet.ip4.addr} cache IN A ${nets.internet.ip4.addr}
paste IN A ${nets.internet.ip4.addr} paste IN A ${nets.internet.ip4.addr}
prism IN A ${nets.internet.ip4.addr}
''; '';
"lassul.us" = '' "lassul.us" = ''
$TTL 3600 $TTL 3600
@ -27,12 +28,13 @@ with import <stockholm/lib>;
60 IN TXT v=spf1 mx a:lassul.us -all 60 IN TXT v=spf1 mx a:lassul.us -all
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
io 60 IN NS ions.lassul.us. io 60 IN NS ions.lassul.us.
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
''; '';
}; };

6
krebs/3modules/tinc.nix
View File

@ -75,6 +75,7 @@ let
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname}
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname}
''} ''}
${tinc.config.tincUpExtra}
''; '';
description = '' description = ''
tinc-up script to be used. Defaults to setting the tinc-up script to be used. Defaults to setting the
@ -83,6 +84,11 @@ let
''; '';
}; };
tincUpExtra = mkOption {
type = types.str;
default = "";
};
tincPackage = mkOption { tincPackage = mkOption {
type = types.package; type = types.package;
default = pkgs.tinc; default = pkgs.tinc;

4
krebs/5pkgs/simple/realwallpaper/default.nix
View File

@ -5,8 +5,8 @@ stdenv.mkDerivation {
src = fetchgit { src = fetchgit {
url = https://github.com/Lassulus/realwallpaper; url = https://github.com/Lassulus/realwallpaper;
rev = "e0563289c2ab592b669ce4549fc40130246e9d79"; rev = "847faebc9b7e87e4bea078e3a2304ec00b4cdfc0";
sha256 = "1zgk8ips2d686216h203w62wrw7zy9z0lrndx9f8z6f1vpvjcmqc"; sha256 = "10zihkwj9vpshlxw2jk67zbsy8g4i8b1y4jzna9fdcsgn7s12jrr";
}; };
phases = [ phases = [

4
lass/1systems/archprism/config.nix
View File

@ -36,10 +36,10 @@ with import <stockholm/lib>;
# TODO write function for proxy_pass (ssl/nonssl) # TODO write function for proxy_pass (ssl/nonssl)
krebs.iptables.tables.filter.FORWARD.rules = [ krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; } { v6 = false; precedence = 1000; predicate = "-d 192.168.122.179"; target = "ACCEPT"; }
]; ];
krebs.iptables.tables.nat.PREROUTING.rules = [ krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; } { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; }
]; ];
} }
{ {

20
lass/1systems/archprism/physical.nix
View File

@ -14,16 +14,16 @@
}; };
}; };
# TODO use this network config # TODO use this network config
#networking.interfaces.et0.ipv4.addresses = [ networking.interfaces.eth0.ipv4.addresses = [
# { {
# address = config.krebs.build.host.nets.internet.ip4.addr; address = config.krebs.build.host.nets.internet.ip4.addr;
# prefixLength = 27; prefixLength = 27;
# } }
# { {
# address = "46.4.114.243"; address = "46.4.114.243";
# prefixLength = 27; prefixLength = 27;
# } }
#]; ];
#networking.defaultGateway = "46.4.114.225"; #networking.defaultGateway = "46.4.114.225";
#networking.nameservers = [ #networking.nameservers = [
# "8.8.8.8" # "8.8.8.8"

2
lass/1systems/prism/config.nix
View File

@ -341,8 +341,6 @@ with import <stockholm/lib>;
]; ];
krebs.build.host = config.krebs.hosts.prism; krebs.build.host = config.krebs.hosts.prism;
# workaround because grub store paths are broken
boot.copyKernels = true;
services.earlyoom = { services.earlyoom = {
enable = true; enable = true;
freeMemThreshold = 5; freeMemThreshold = 5;

119
lass/1systems/prism/physical.nix
View File

@ -1,77 +1,56 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = [ imports = [
./config.nix ./config.nix
{ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
boot.kernelParams = [ "net.ifnames=0" ];
networking = {
defaultGateway = "46.4.114.225";
# Use google's public DNS server
nameservers = [ "8.8.8.8" ];
interfaces.eth0 = {
ipAddress = "46.4.114.247";
prefixLength = 27;
};
};
# TODO use this network config
#networking.interfaces.et0.ipv4.addresses = [
# {
# address = config.krebs.build.host.nets.internet.ip4.addr;
# prefixLength = 27;
# }
# {
# address = "46.4.114.243";
# prefixLength = 27;
# }
#];
#networking.defaultGateway = "46.4.114.225";
#networking.nameservers = [
# "8.8.8.8"
#];
#services.udev.extraRules = ''
# SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
#'';
}
{
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
networking.hostId = "fb4173ea";
boot.loader.grub = {
devices = [
"/dev/sda"
"/dev/sdb"
];
splashImage = null;
};
boot.initrd.availableKernelModules = [
"ata_piix"
"vmw_pvscsi"
"ahci" "sd_mod"
];
boot.kernelModules = [ "kvm-intel" ];
sound.enable = false;
nixpkgs.config.allowUnfree = true;
time.timeZone = "Europe/Berlin";
fileSystems."/" = {
device = "rpool/root/nixos";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/home";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d";
fsType = "ext4";
};
}
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
fileSystems."/" = {
device = "rpool/root/nixos";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/d155d6ff-8e89-4876-a9e7-d1b7ba6a4804";
fsType = "ext4";
};
fileSystems."/srv/http" = {
device = "tank/srv-http";
fsType = "zfs";
};
fileSystems."/var/lib/containers" = {
device = "tank/containers";
fsType = "zfs";
};
fileSystems."/home" = {
device = "tank/home";
fsType = "zfs";
};
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
boot.kernelParams = [ "net.ifnames=0" ];
networking = {
hostId = "2283aaae";
defaultGateway = "95.216.1.129";
# Use google's public DNS server
nameservers = [ "8.8.8.8" ];
interfaces.eth0 = {
ipAddress = "95.216.1.150";
prefixLength = 26;
};
};
} }

2
lass/2configs/binary-cache/server.nix
View File

@ -20,7 +20,7 @@
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts.nix-serve = { virtualHosts.nix-serve = {
serverAliases = [ "cache.prism.r" ]; serverAliases = [ "cache.prism.r" "cache.krebsco.de" "cache.lassul.us" ];
locations."/".extraConfig = '' locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port}; proxy_pass http://localhost:${toString config.services.nix-serve.port};
''; '';

1
lass/2configs/blue.nix
View File

@ -15,6 +15,7 @@ with (import <stockholm/lib>);
dic dic
nmap nmap
git-preview git-preview
l-gen-secrets
]; ];
services.tor.enable = true; services.tor.enable = true;

4
lass/2configs/ciko.nix
View File

@ -19,5 +19,9 @@ with import <stockholm/lib>;
"slash16.net" "slash16.net"
]; ];
}; };
system.activationScripts.user-shadow = ''
${pkgs.coreutils}/bin/chmod +x /home/ciko
'';
} }

1
lass/2configs/exim-smarthost.nix
View File

@ -90,6 +90,7 @@ with import <stockholm/lib>;
{ from = "afra@lassul.us"; to = lass.mail; } { from = "afra@lassul.us"; to = lass.mail; }
{ from = "ksp@lassul.us"; to = lass.mail; } { from = "ksp@lassul.us"; to = lass.mail; }
{ from = "ccc@lassul.us"; to = lass.mail; } { from = "ccc@lassul.us"; to = lass.mail; }
{ from = "neocron@lassul.us"; to = lass.mail; }
]; ];
system-aliases = [ system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; } { from = "mailer-daemon"; to = "postmaster"; }

2
lass/2configs/fetchWallpaper.nix
View File

@ -6,7 +6,7 @@ in {
krebs.fetchWallpaper = { krebs.fetchWallpaper = {
enable = true; enable = true;
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
url = "prism/realwallpaper-sat-krebs.png"; url = "prism/realwallpaper-krebs.png";
maxTime = 10; maxTime = 10;
}; };
} }

2
lass/2configs/games.nix
View File

@ -75,6 +75,8 @@ in {
packages = with pkgs; [ packages = with pkgs; [
ftb ftb
minecraft minecraft
steam-run
dolphinEmu
]; ];
}; };
}; };

4
lass/2configs/git.nix
View File

@ -21,6 +21,10 @@ let
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
]; ];
system.activationScripts.spool-chmod = ''
${pkgs.coreutils}/bin/chmod +x /var/spool
'';
}; };
cgit-clear-cache = pkgs.cgit-clear-cache.override { cgit-clear-cache = pkgs.cgit-clear-cache.override {

2
lass/2configs/mail.nix
View File

@ -51,7 +51,7 @@ let
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
lugs = [ "to:lugs@lug-s.org" ]; lugs = [ "to:lugs@lug-s.org" ];
nix-devel = [ "to:nix-devel@googlegroups.com" ]; nix = [ "to:nix-devel@googlegroups.com" "to:nix@lassul.us" ];
patreon = [ "to:patreon@lassul.us" ]; patreon = [ "to:patreon@lassul.us" ];
paypal = [ "to:paypal@lassul.us" ]; paypal = [ "to:paypal@lassul.us" ];
ptl = [ "to:ptl@posttenebraslab.ch" ]; ptl = [ "to:ptl@posttenebraslab.ch" ];

10
lass/2configs/realwallpaper.nix
View File

@ -1,4 +1,4 @@
{ config, lib, ... }: { config, lib, pkgs, ... }:
let let
hostname = config.krebs.build.host.name; hostname = config.krebs.build.host.name;
@ -9,6 +9,9 @@ let
in { in {
krebs.realwallpaper.enable = true; krebs.realwallpaper.enable = true;
system.activationScripts.user-shadow = ''
${pkgs.coreutils}/bin/chmod +x /var/realwallpaper
'';
services.nginx.virtualHosts.wallpaper = { services.nginx.virtualHosts.wallpaper = {
extraConfig = '' extraConfig = ''
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
@ -22,10 +25,7 @@ in {
locations."/realwallpaper.png".extraConfig = '' locations."/realwallpaper.png".extraConfig = ''
root /var/realwallpaper/; root /var/realwallpaper/;
''; '';
locations."/realwallpaper-sat.png".extraConfig = '' locations."/realwallpaper-krebs.png".extraConfig = ''
root /var/realwallpaper/;
'';
locations."/realwallpaper-sat-krebs.png".extraConfig = ''
root /var/realwallpaper/; root /var/realwallpaper/;
''; '';
}; };

1
lass/2configs/websites/sqlBackup.nix
View File

@ -11,7 +11,6 @@
enable = true; enable = true;
dataDir = "/var/mysql"; dataDir = "/var/mysql";
package = pkgs.mariadb; package = pkgs.mariadb;
rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
}; };
systemd.services.mysql = { systemd.services.mysql = {

4
lass/3modules/ejabberd/config.nix
View File

@ -96,9 +96,9 @@ in /* yaml */ ''
mod_privacy: {} mod_privacy: {}
mod_private: {} mod_private: {}
mod_register: mod_register:
access_from: deny access_from: allow
access: register access: register
ip_access: trusted_network # ip_access: trusted_network
registration_watchers: ${toJSON config.registration_watchers} registration_watchers: ${toJSON config.registration_watchers}
mod_roster: {} mod_roster: {}
mod_shared_roster: {} mod_shared_roster: {}

2
makefu/2configs/fetchWallpaper.nix
View File

@ -8,7 +8,7 @@
timerConfig = { timerConfig = {
OnCalendar = "*:0/30"; OnCalendar = "*:0/30";
}; };
url = "http://prism.r/realwallpaper-sat-krebs.png"; url = "http://prism.r/realwallpaper-krebs.png";
}; };
} }

13
tv/1systems/mu/config.nix
View File

@ -15,7 +15,7 @@ with import <stockholm/lib>;
# hardware configuration # hardware configuration
boot.initrd.luks.devices.muca = { boot.initrd.luks.devices.muca = {
device = "/dev/disk/by-uuid/a8796bb3-6c03-4ddf-b2e4-c2e44c51d352"; device = "/dev/disk/by-uuid/7b24a931-40b6-44a6-ba22-c805cf164e91";
}; };
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ]; boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ];
boot.initrd.availableKernelModules = [ "ahci" ]; boot.initrd.availableKernelModules = [ "ahci" ];
@ -25,16 +25,17 @@ with import <stockholm/lib>;
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/mapper/muvga-root"; device = "/dev/mapper/muvga-root";
fsType = "btrfs"; fsType = "ext4";
options = ["defaults" "noatime" "ssd" "compress=lzo"]; options = [ "defaults" "discard" ];
}; };
"/home" = { "/home" = {
device = "/dev/mapper/muvga-home"; device = "/dev/mapper/muvga-home";
fsType = "btrfs"; fsType = "ext4";
options = ["defaults" "noatime" "ssd" "compress=lzo"]; options = [ "defaults" "discard" ];
}; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/DC38-F165"; device = "/dev/disk/by-uuid/CEB1-9743";
fsType = "vfat";
}; };
}; };

6
tv/5pkgs/simple/q/default.nix
View File

@ -71,6 +71,11 @@ let
'+%Y-%m-%dT%H:%M:%S%:z' '+%Y-%m-%dT%H:%M:%S%:z'
''; '';
q-utcdate = ''
${pkgs.coreutils}/bin/date -u \
'+%Y-%m-%dT%H:%M:%S%:z'
'';
q-gitdir = '' q-gitdir = ''
if test -d .git; then if test -d .git; then
#git status --porcelain #git status --porcelain
@ -295,6 +300,7 @@ pkgs.writeBashBin "q" ''
set -eu set -eu
export PATH=/var/empty export PATH=/var/empty
${q-cal} ${q-cal}
${q-utcdate}
${q-isodate} ${q-isodate}
${q-sgtdate} ${q-sgtdate}
(${q-gitdir}) & (${q-gitdir}) &