diff options
31 files changed, 816 insertions, 84 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e4e5642c..62db9a5a 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -84,6 +84,7 @@ let imp = mkMerge [ { krebs = import ./lass { inherit lib; }; } { krebs = import ./makefu { inherit lib; }; } + { krebs = import ./miefda { inherit lib; }; } { krebs = import ./mv { inherit lib; }; } { krebs = import ./shared { inherit lib; }; } { krebs = import ./tv { inherit lib; }; } diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 2b3b285f..749d3ff4 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -4,6 +4,37 @@ with lib; { hosts = { + dishfire = { + cores = 4; + nets = rec { + internet = { + addrs4 = ["144.76.172.188"]; + aliases = [ + "dishfire.internet" + ]; + }; + retiolum = { + via = internet; + addrs4 = ["10.243.133.99"]; + addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"]; + aliases = [ + "dishfire.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs + Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7 + uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK + R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd + vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U + HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy"; + }; echelon = { cores = 2; nets = rec { @@ -190,32 +221,46 @@ with lib; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD"; }; - schnabel-ap = { - nets = { - gg23 = { - addrs4 = ["10.23.1.20"]; - aliases = ["schnabel-ap.gg23"]; - }; - }; - }; - Reichsfunk-ap = { + helios = { + cores = 2; nets = { - gg23 = { - addrs4 = ["10.23.1.10"]; - aliases = ["Reichsfunk-ap.gg23"]; + retiolum = { + addrs4 = ["10.243.0.3"]; + addrs6 = ["42:0:0:0:0:0:0:7105"]; + aliases = [ + "helios.retiolum" + "cgit.helios.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA9SItL2mhQpTl95gjSWRstrDajUnI5YbrVCuaDKfw9gRwMyPNiO/y + Xwv/w4Ri8NCJZLZGkj2vG3X0EfJFBEPTJPTCbF9fP7PqqVs38BD41txLp+NrFxEq + 5fmFk65/eg8ujrNQoOSUGmky/BKqQhWjvxdAWuwjN933wJCcNCxyaUwljHLYEK/I + oIJX+spnFmPwmhW9hsOj8K06eHixT13+0W48GG/ZNcV3x5vWxcKUvZ4Qtzz2iMNB + hud5kae7xMUfFAzCeKF/zsjuyt2d/xQg1WgR8MXGNgYhNJFSXz94r/bivNO6H4vP + Pfjndnh8cD46ADo8woS1nQ19WId+sMbipwIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; }; + secure = true; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7"; }; }; users = { lass = { - pubkey = readFile ../../Zpubkeys/lass.ssh.pub; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors"; mail = "lass@mors.retiolum"; }; - uriel = { - pubkey = readFile ../../Zpubkeys/uriel.ssh.pub; + lass-uriel = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel"; mail = "lass@uriel.retiolum"; }; + lass-helios = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios"; + mail = "lass@helios.retiolum"; + }; }; } diff --git a/krebs/3modules/miefda/default.nix b/krebs/3modules/miefda/default.nix new file mode 100644 index 00000000..0cfa8bd2 --- /dev/null +++ b/krebs/3modules/miefda/default.nix @@ -0,0 +1,39 @@ +{ lib, ... }: + +with lib; + +{ + hosts = { + bobby = { + cores = 4; + nets = { + retiolum = { + addrs4 = ["10.243.111.112"]; + addrs6 = ["42:0:0:0:0:0:111:112"]; + aliases = [ + "bobby.retiolum" + "cgit.bobby.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s + uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y + Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny + 0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+ + jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu + cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + #ssh.privkey.path = <secrets/ssh.ed25519>; + #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro"; + }; + }; + users = { + miefda = { + mail = "miefda@miefda.de"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVdNCks6mrItKHYIwgW3s+NINFhHqZtLPj3l6TJUWd93ZSuuI6P+Z/0m0G9Z4tWWaXWsOCnzMA2WOKcitBbLcaQxVypJfvmfoA5CVlh4/nf8NfvbMFkVIYPehxR7YoejfKOxPOCNC3248RiD8kqa4/5IF8qdqE+mRQUIZJXvN0jZZ+rGnYo5Z544O9JqsV+VjjOgK0Fchpxf/lC8dnBucIce7gUwi5npwsGQZgSDmRobBRFVDZag1abLFNZN2faI8uqzSlU6KRRapYV266Of7j3kmDokMan4szjP1EexmTWm+arwRiz9p0M5oKs6zofez0mOyF5ux02NB3XIhbJc8CfMjeA7PmSg4ZhghjlSjIOR+1mMIDiDVi6PNLw5atzvpyfYtpf5sWpdIpXCS0lyzIgasqW4gbAiWoFPv5A0mw0QI6UqlxQ8Pdm6R7P6yQxyknrxnvFGMQPiqgl21ssSNA9A+YRd4j0nATntzOeD1bxTZkyU4FtW++0hg3Ph6HiHLfPd9w70wPr7b0RITVnBcN2ZqIO+5NIqQYU801FCNXsTuBh0ueTsVTGJYySUGkmkHyH5spLYdr1Z5w+4W+HgbxPk40pyZJ18S0umL49igxR9NsniucFy1/jqqi0TiDIsHx6vsawFT1F2rq9ZtGaRcJL6Yfz0p+uZC5rc/nI+mMlQ== miefda@nixos"; + }; + }; +} diff --git a/krebs/Zpubkeys/lass.ssh.pub b/krebs/Zpubkeys/lass.ssh.pub deleted file mode 100644 index 172fd2dd..00000000 --- a/krebs/Zpubkeys/lass.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors diff --git a/krebs/Zpubkeys/uriel.ssh.pub b/krebs/Zpubkeys/uriel.ssh.pub deleted file mode 100644 index 015b5783..00000000 --- a/krebs/Zpubkeys/uriel.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix new file mode 100644 index 00000000..cc9836df --- /dev/null +++ b/lass/1systems/dishfire.nix @@ -0,0 +1,45 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + ../2configs/base.nix + ../2configs/git.nix + ../2configs/websites/fritz.nix + { + boot.loader.grub = { + device = "/dev/vda"; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "ehci_pci" + "uhci_hcd" + "virtio_pci" + "virtio_blk" + ]; + + fileSystems."/" = { + device = "/dev/mapper/pool-nix"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + } + { + networking.dhcpcd.allowInterfaces = [ + "enp*" + "eth*" + ]; + } + { + sound.enable = false; + } + ]; + + krebs.build.host = config.krebs.hosts.dishfire; +} diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix new file mode 100644 index 00000000..67e3738e --- /dev/null +++ b/lass/1systems/helios.nix @@ -0,0 +1,73 @@ +{ config, pkgs, ... }: + +with builtins; +{ + imports = [ + ../2configs/baseX.nix + ../2configs/browsers.nix + ../2configs/programs.nix + ../2configs/git.nix + #{ + # users.extraUsers = { + # root = { + # openssh.authorizedKeys.keys = map readFile [ + # ../../krebs/Zpubkeys/uriel.ssh.pub + # ]; + # }; + # }; + #} + ]; + + krebs.build.host = config.krebs.hosts.helios; + + networking.wireless.enable = true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + #kernelModules = [ "kvm-intel" "msr" ]; + kernelModules = [ "msr" ]; + }; + fileSystems = { + "/" = { + device = "/dev/pool/nix"; + fsType = "ext4"; + }; + + "/boot" = { + device = "/dev/sda1"; + }; + }; + + #services.udev.extraRules = '' + # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" + # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" + #''; + + services.xserver = { + videoDriver = "intel"; + vaapiDrivers = [ pkgs.vaapiIntel ]; + deviceSection = '' + Option "AccelMethod" "sna" + BusID "PCI:0:2:0" + ''; + }; + + services.xserver.synaptics = { + enable = true; + twoFingerScroll = true; + accelFactor = "0.035"; + additionalOptions = '' + Option "FingerHigh" "60" + Option "FingerLow" "60" + ''; + }; +} diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 61f57f1f..ebce9395 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -17,7 +17,6 @@ #../2configs/ircd.nix ../2configs/chromium-patched.nix ../2configs/git.nix - ../2configs/retiolum.nix #../2configs/wordpress.nix ../2configs/bitlbee.nix ../2configs/firefoxPatched.nix @@ -25,6 +24,7 @@ ../2configs/teamviewer.nix ../2configs/libvirt.nix ../2configs/fetchWallpaper.nix + ../2configs/buildbot-standalone.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ @@ -32,51 +32,70 @@ ]; } { - #wordpress-test - #imports = singleton (sitesGenerators.createWordpress "testserver.de"); + #static-nginx-test imports = [ - ../3modules/wordpress_nginx.nix + ../3modules/static_nginx.nix ]; - lass.wordpress."testserver.de" = { - multiSite = { - "1" = "testserver.de"; - "2" = "bla.testserver.de"; + lass.staticPage."testserver.de" = { + #sslEnable = true; + #certificate = "${toString <secrets>}/testserver.de/server.cert"; + #certificate_key = "${toString <secrets>}/testserver.de/server.pem"; + ssl = { + enable = true; + certificate = "${toString <secrets>}/testserver.de/server.cert"; + certificate_key = "${toString <secrets>}/testserver.de/server.pem"; }; }; - - services.mysql = { - enable = true; - package = pkgs.mariadb; - rootPassword = "<secrets>/mysql_rootPassword"; - }; networking.extraHosts = '' 10.243.0.2 testserver.de ''; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } - ]; } - { - #owncloud-test - #imports = singleton (sitesGenerators.createWordpress "testserver.de"); - imports = [ - ../3modules/owncloud_nginx.nix - ]; - lass.owncloud."owncloud-test.de" = { - }; + #{ + # #wordpress-test + # #imports = singleton (sitesGenerators.createWordpress "testserver.de"); + # imports = [ + # ../3modules/wordpress_nginx.nix + # ]; + # lass.wordpress."testserver.de" = { + # multiSite = { + # "1" = "testserver.de"; + # "2" = "bla.testserver.de"; + # }; + # }; - #services.mysql = { - # enable = true; - # package = pkgs.mariadb; - # rootPassword = "<secrets>/mysql_rootPassword"; - #}; - networking.extraHosts = '' - 10.243.0.2 owncloud-test.de - ''; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } - ]; - } + # services.mysql = { + # enable = true; + # package = pkgs.mariadb; + # rootPassword = "<secrets>/mysql_rootPassword"; + # }; + # networking.extraHosts = '' + # 10.243.0.2 testserver.de + # ''; + # krebs.iptables.tables.filter.INPUT.rules = [ + # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } + # ]; + #} + #{ + # #owncloud-test + # #imports = singleton (sitesGenerators.createWordpress "testserver.de"); + # imports = [ + # ../3modules/owncloud_nginx.nix + # ]; + # lass.owncloud."owncloud-test.de" = { + # }; + + # #services.mysql = { + # # enable = true; + # # package = pkgs.mariadb; + # # rootPassword = "<secrets>/mysql_rootPassword"; + # #}; + # networking.extraHosts = '' + # 10.243.0.2 owncloud-test.de + # ''; + # krebs.iptables.tables.filter.INPUT.rules = [ + # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } + # ]; + #} ]; krebs.build.host = config.krebs.hosts.mors; @@ -207,7 +226,7 @@ }; environment.systemPackages = with pkgs; [ - cac + cac-api sshpass get teamspeak_client diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index 1b008cbf..d53e783d 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -13,6 +13,7 @@ with builtins; ../2configs/retiolum.nix ../2configs/bitlbee.nix ../2configs/weechat.nix + ../2configs/skype.nix { users.extraUsers = { root = { diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 66e12b26..4c73fc0c 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -17,7 +17,8 @@ with lib; root = { openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey - config.krebs.users.uriel.pubkey + config.krebs.users.lass-uriel.pubkey + config.krebs.users.lass-helios.pubkey ]; }; mainUser = { @@ -31,7 +32,7 @@ with lib; ]; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey - config.krebs.users.uriel.pubkey + config.krebs.users.lass-uriel.pubkey ]; }; }; @@ -47,20 +48,21 @@ with lib; exim-retiolum.enable = true; build = { user = config.krebs.users.lass; - source = { - git.nixpkgs = { + source = mapAttrs (_: mkDefault) ({ + nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix"; + nixpkgs = symlink:stockholm/nixpkgs; + secrets = "/home/lass/secrets/${config.krebs.build.host.name}"; + #secrets-common = "/home/lass/secrets/common"; + stockholm = "/home/lass/stockholm"; + stockholm-user = "symlink:stockholm/lass"; + upstream-nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119"; + rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; + dev = "/home/lass/src/nixpkgs"; }; - dir.secrets = { - host = config.krebs.hosts.mors; - path = "/home/lass/secrets/${config.krebs.build.host.name}"; - }; - dir.stockholm = { - host = config.krebs.hosts.mors; - path = "/home/lass/stockholm"; - }; - }; + } // optionalAttrs config.krebs.build.host.secure { + #secrets-master = "/home/lass/secrets/master"; + }); }; }; @@ -89,6 +91,7 @@ with lib; git jq parallel + proot #style most @@ -176,4 +179,10 @@ with lib; noipv4ll ''; + #CVE-2016-0777 and CVE-2016-0778 workaround + #https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt + programs.ssh.extraConfig = '' + UseRoaming no + ''; + } diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 0596682d..ede1c7b7 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -31,6 +31,7 @@ in { environment.systemPackages = with pkgs; [ + dmenu gitAndTools.qgit mpv much diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix index d3bccbf5..2f4cd571 100644 --- a/lass/2configs/bitcoin.nix +++ b/lass/2configs/bitcoin.nix @@ -1,6 +1,8 @@ { config, pkgs, ... }: -{ +let + mainUser = config.users.extraUsers.mainUser; +in { environment.systemPackages = with pkgs; [ electrum ]; @@ -14,4 +16,7 @@ createHome = true; }; }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL + ''; } diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index d3680186..61016fed 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -54,8 +54,6 @@ in { ]; imports = [ - ../3modules/per-user.nix - ] ++ [ ( createFirefoxUser "ff" [ "audio" ] [ ] ) ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] ) ( createChromiumUser "fb" [ ] [ pkgs.chromium ] ) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix new file mode 100644 index 00000000..8c71553f --- /dev/null +++ b/lass/2configs/buildbot-standalone.nix @@ -0,0 +1,78 @@ +{ lib, config, pkgs, ... }: +{ + #networking.firewall.allowedTCPPorts = [ 8010 9989 ]; + krebs.buildbot.master = { + slaves = { + testslave = "lasspass"; + }; + change_source.stockholm = '' + stockholm_repo = 'http://cgit.mors/stockholm' + cs.append(changes.GitPoller( + stockholm_repo, + workdir='stockholm-poller', branch='master', + project='stockholm', + pollinterval=120)) + ''; + scheduler = { + force-scheduler = '' + sched.append(schedulers.ForceScheduler( + name="force", + builderNames=["fast-tests"])) + ''; + fast-tests-scheduler = '' + # test the master real quick + sched.append(schedulers.SingleBranchScheduler( + change_filter=util.ChangeFilter(branch="master"), + name="fast-master-test", + builderNames=["fast-tests"])) + ''; + }; + builder_pre = '' + # prepare grab_repo step for stockholm + grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') + + env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"} + + # prepare nix-shell + # the dependencies which are used by the test script + deps = [ "gnumake", "jq","nix","rsync" ] + # TODO: --pure , prepare ENV in nix-shell command: + # SSL_CERT_FILE,LOGNAME,NIX_REMOTE + nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ] + + # prepare addShell function + def addShell(factory,**kwargs): + factory.addStep(steps.ShellCommand(**kwargs)) + ''; + builder = { + fast-tests = '' + f = util.BuildFactory() + f.addStep(grab_repo) + addShell(f,name="mors-eval",env=env, + command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"]) + + bu.append(util.BuilderConfig(name="fast-tests", + slavenames=slavenames, + factory=f)) + ''; + }; + enable = true; + web.enable = true; + irc = { + enable = true; + nick = "buildbot-lass"; + server = "cd.retiolum"; + channels = [ "retiolum" ]; + allowForce = true; + }; + }; + + krebs.buildbot.slave = { + enable = true; + masterhost = "localhost"; + username = "testslave"; + password = "lasspass"; + packages = with pkgs;[ git nix ]; + extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; }; + }; +} diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 16ecaefe..ac6aae44 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -69,12 +69,12 @@ let with git // config.krebs.users; repo: singleton { - user = lass; + user = [ lass lass-helios lass-uriel ]; repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ optional repo.public { - user = [ tv makefu uriel ]; + user = [ tv makefu miefda ]; repo = [ repo ]; perm = fetch; } ++ diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index 74d09b7f..4482c4e9 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -161,7 +161,7 @@ let torrentfreak|http://feeds.feedburner.com/Torrentfreak|#news torr_news|http://feed.torrentfreak.com/Torrentfreak/|#news travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#news - truther|http://truthernews.wordpress.com/feed/|#news + #truther|http://truthernews.wordpress.com/feed/|#news un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#news un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#news un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#news diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix new file mode 100644 index 00000000..073f3de1 --- /dev/null +++ b/lass/2configs/websites/fritz.nix @@ -0,0 +1,33 @@ +{ config, pkgs, ... }: + +{ + + imports = [ + ../../3modules/static_nginx.nix + ../../3modules/owncloud_nginx.nix + ../../3modules/wordpress_nginx.nix + ]; + + lass.staticPage = { + "biostase.de" = {}; + "gs-maubach.de" = {}; + "spielwaren-kern.de" = {}; + "societyofsimtech.de" = {}; + "ttf-kleinaspach.de" = {}; + "edsn.de" = {}; + "eab.berkeley.edu" = {}; + "habsys.de" = {}; + }; + + #lass.owncloud = { + # "o.ubikmedia.de" = { + # instanceid = "oc8n8ddbftgh"; + # }; + #}; + + #services.mysql = { + # enable = true; + # package = pkgs.mariadb; + # rootPassword = toString (<secrets/mysql_rootPassword>); + #}; +} diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix index cd31450c..ac784d4c 100644 --- a/lass/2configs/websites/wohnprojekt-rhh.de.nix +++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix @@ -8,5 +8,11 @@ lass.staticPage = { "wohnprojekt-rhh.de" = {}; }; + + users.users.laura = { + home = "/srv/http/wohnprojekt-rhh.de"; + createHome = true; + useDefaultShell = true; + }; } diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 04d14c7c..c407bb59 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -44,7 +44,7 @@ let "slock" ]; - systemd.services.display-manager = mkForce {}; + systemd.services.display-manager.enable = false; services.xserver.enable = true; @@ -93,9 +93,11 @@ let xmonad-start = pkgs.writeScriptBin "xmonad" '' #! ${pkgs.bash}/bin/bash set -efu - export PATH; PATH=${makeSearchPath "bin" ([ + export PATH; PATH=${makeSearchPath "bin" [ + pkgs.alsaUtils + pkgs.pulseaudioLight pkgs.rxvt_unicode - ] ++ config.environment.systemPackages)}:/var/setuid-wrappers + ]}:/var/setuid-wrappers settle() {( # Use PATH for a clean journal command=''${1##*/} diff --git a/lass/3modules/owncloud_nginx.nix b/lass/3modules/owncloud_nginx.nix index 0cb11846..79c9de1d 100644 --- a/lass/3modules/owncloud_nginx.nix +++ b/lass/3modules/owncloud_nginx.nix @@ -46,8 +46,22 @@ let type = str; }; ssl = mkOption { - type = bool; - default = false; + type = with types; submodule ({ + options = { + enable = mkEnableOption "ssl"; + certificate = mkOption { + type = str; + }; + certificate_key = mkOption { + type = str; + }; + ciphers = mkOption { + type = str; + default = "AES128+EECDH:AES128+EDH"; |