From 45cb096a879923a0842f67e23ea5f9c36be4831c Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 10 Nov 2015 12:58:09 +0100 Subject: [PATCH 1/5] krebs: expose krebs.populate --- krebs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/default.nix b/krebs/default.nix index bfd6175d9..ad0205426 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -11,6 +11,7 @@ let out = { inherit infest; inherit init; inherit nixos-install; + inherit populate; }; deploy = From 557eefd36b446d73437c933c8ff895b910674aba Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 10 Nov 2015 12:58:32 +0100 Subject: [PATCH 2/5] gum: prepare, add target --- makefu/1systems/gum.nix | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 85cf4c533..a028145ce 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -9,24 +9,23 @@ in { # TODO: copy this config or move to krebs ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix + ../2configs/fs/single-partition-ext4.nix # ../2configs/iodined.nix - # Reaktor - ../2configs/Reaktor/simpleExtend.nix ]; - + boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.splashImage = null; + boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ]; + boot.kernelModules = [ "kvm-intel" ]; + krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; - krebs.Reaktor.enable = true; - - # prepare graphs - krebs.nginx.enable = true; - + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" + ''; networking = { firewall.allowPing = true; - firewall.allowedTCPPorts = [ 80 443 655 ]; - firewall.allowedUDPPorts = [ 655 ]; - interfaces.enp2s1.ip4 = [{ + interfaces.et0.ip4 = [{ address = external-ip; prefixLength = 24; }]; @@ -34,5 +33,4 @@ in { nameservers = [ "8.8.8.8" ]; }; - # based on ../../tv/2configs/CAC-Developer-2.nix } From 94a394539dc7876a027c5d06aa623e507d82781b Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 10 Nov 2015 18:52:50 +0100 Subject: [PATCH 3/5] infest: add curl to debian deps --- krebs/4lib/infest/prepare.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index 182a068ef..0bfc49380 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -66,6 +66,7 @@ prepare_debian() { type bzip2 2>/dev/null || apt-get install bzip2 type git 2>/dev/null || apt-get install git type rsync 2>/dev/null || apt-get install rsync + type curl 2>/dev/null || apt-get install curl prepare_common } From b394c79051fbcf6cf072f2b9af75819d37cd2426 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 10 Nov 2015 18:53:31 +0100 Subject: [PATCH 4/5] m 1 gum:update firewall --- makefu/1systems/gum.nix | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index a028145ce..3a010220e 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -13,18 +13,36 @@ in { # ../2configs/iodined.nix ]; - boot.loader.grub.device = "/dev/sda"; - boot.loader.grub.splashImage = null; - boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ]; - boot.kernelModules = [ "kvm-intel" ]; + krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; + # Hardware + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ]; + boot.kernelModules = [ "kvm-intel" ]; + + # Network + services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" ''; networking = { - firewall.allowPing = true; + firewall = { + allowPing = true; + allowedTCPPorts = [ + # smtp + 25 + # http + 80 443 + # tinc + 655 + ]; + allowedUDPPorts = [ + # tinc + 655 53 + ]; + }; interfaces.et0.ip4 = [{ address = external-ip; prefixLength = 24; From cdc77bf0bc39f9c815ad5bedd47ac3a372c00315 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 10 Nov 2015 19:36:46 +0100 Subject: [PATCH 5/5] m 1 gum: add chat tools --- makefu/1systems/gum.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 3a010220e..8dd347b4f 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -17,6 +17,12 @@ in { krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; + # Chat + environment.systemPackages = with pkgs;[ + weechat + ]; + services.bitlbee.enable = true; + # Hardware boot.loader.grub.device = "/dev/sda"; boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ];