summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/makefu/default.nix24
-rw-r--r--krebs/5pkgs/apt-cacher-ng/default.nix4
-rw-r--r--krebs/5pkgs/fortclientsslvpn/default.nix2
-rw-r--r--krebs/5pkgs/krebszones/default.nix5
-rw-r--r--krebs/5pkgs/test/infest-cac-centos7/default.nix4
-rw-r--r--krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt88
-rw-r--r--krebs/Zhosts/wbob10
-rw-r--r--makefu/1systems/gum.nix5
-rw-r--r--makefu/1systems/omo.nix55
-rw-r--r--makefu/1systems/pornocauster.nix5
-rw-r--r--makefu/1systems/vbob.nix19
-rw-r--r--makefu/1systems/wbob.nix19
-rw-r--r--makefu/2configs/default.nix9
-rw-r--r--makefu/2configs/git/cgit-retiolum.nix3
-rw-r--r--makefu/2configs/hw/tp-x2x0.nix7
-rw-r--r--makefu/2configs/nginx/omo-share.nix34
-rw-r--r--makefu/2configs/share-user-sftp.nix21
-rw-r--r--makefu/2configs/smart-monitor.nix5
-rw-r--r--makefu/2configs/tinc-basic-retiolum.nix1
-rw-r--r--makefu/2configs/urlwatch.nix1
-rw-r--r--makefu/2configs/vim.nix2
-rw-r--r--makefu/2configs/virtualization.nix1
-rw-r--r--makefu/2configs/wwan.nix36
-rw-r--r--makefu/2configs/zsh-user.nix3
-rw-r--r--makefu/3modules/default.nix1
-rw-r--r--makefu/3modules/umts.nix76
-rw-r--r--makefu/5pkgs/awesomecfg/full.cfg3
-rw-r--r--shared/1systems/test-minimal-deploy.nix2
-rw-r--r--shared/1systems/wolf.nix13
-rw-r--r--shared/2configs/base.nix2
-rw-r--r--shared/2configs/buildbot-standalone.nix11
31 files changed, 400 insertions, 71 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 31516d591..38e773b53 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -297,6 +297,30 @@ with lib;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch";
};
+ wbob = rec {
+ cores = 1;
+ dc = "none";
+ nets = {
+ retiolm = {
+ addrs4 = ["10.243.214.15/32"];
+ addrs6 = ["42:5a02:2c30:c1b1:3f2e:7c19:2496:a732/128"];
+ aliases = [
+ "wbob.retiolum"
+ ];
+ tinc.pubkey = ''
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
+QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
+cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
+khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
+rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
+TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
+-----END RSA PUBLIC KEY-----
+'';
+ };
+ };
+ };
+
gum = rec {
cores = 1;
dc = "online.net"; #root-server
diff --git a/krebs/5pkgs/apt-cacher-ng/default.nix b/krebs/5pkgs/apt-cacher-ng/default.nix
index f253cdba0..f71d17c54 100644
--- a/krebs/5pkgs/apt-cacher-ng/default.nix
+++ b/krebs/5pkgs/apt-cacher-ng/default.nix
@@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "apt-cacher-ng-${version}";
- version = "0.8.6";
+ version = "0.8.8";
src = fetchurl {
url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz";
- sha256 = "0044dfks8djl11fs28jj8894i4rq424xix3d3fkvzz2i6lnp8nr5";
+ sha256 = "0n7yy4h8g7j0g94xngbywmfhrkg9xl3j2c4wzrjknfwvxmqgjivq";
};
NIX_LDFLAGS = "-lpthread";
diff --git a/krebs/5pkgs/fortclientsslvpn/default.nix b/krebs/5pkgs/fortclientsslvpn/default.nix
index 720d4004f..e1c813479 100644
--- a/krebs/5pkgs/fortclientsslvpn/default.nix
+++ b/krebs/5pkgs/fortclientsslvpn/default.nix
@@ -81,7 +81,7 @@ stdenv.mkDerivation rec {
meta = {
homepage = http://www.fortinet.com;
description = "Forticlient SSL-VPN client";
- license = lib.licenses.nonfree;
+ license = lib.licenses.unfree;
maintainers = [ lib.maintainers.makefu ];
};
}
diff --git a/krebs/5pkgs/krebszones/default.nix b/krebs/5pkgs/krebszones/default.nix
index f6fd672dc..9230192bd 100644
--- a/krebs/5pkgs/krebszones/default.nix
+++ b/krebs/5pkgs/krebszones/default.nix
@@ -1,5 +1,10 @@
{ lib, pkgs,python3Packages,fetchurl, ... }:
+# TODO: Prepare a diff of future and current
+## ovh-zone export krebsco.de --config ~/secrets/krebs/cfg.json |sed 's/[ ]\+/ /g' | sort current
+## sed 's/[ ]\+/ /g'/etc/zones/krebsco.de | sort > future
+## diff future.sorted current.sorted
+
python3Packages.buildPythonPackage rec {
name = "krebszones-${version}";
version = "0.4.4";
diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix
index ebea5ae1c..f7b2a5a08 100644
--- a/krebs/5pkgs/test/infest-cac-centos7/default.nix
+++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix
@@ -28,7 +28,9 @@ stdenv.mkDerivation rec {
cp ${src} $out/bin/${shortname}
chmod +x $out/bin/${shortname}
wrapProgram $out/bin/${shortname} \
- --prefix PATH : ${path}
+ --prefix PATH : ${path} \
+ --set SSL_CERT_FILE ${./panel.cloudatcost.com.crt} \
+ --set REQUESTS_CA_BUNDLE ${./panel.cloudatcost.com.crt}
'';
meta = with stdenv.lib; {
homepage = http://krebsco.de;
diff --git a/krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt b/krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt
new file mode 100644
index 000000000..9d02b6bcf
--- /dev/null
+++ b/krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt
@@ -0,0 +1,88 @@
+-----BEGIN CERTIFICATE-----
+MIIFWzCCBEOgAwIBAgIQXWIKGWRZf838+wW1zLdK0DANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlk
+YXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTEwMjMwMDAwMDBaFw0xODEwMjIyMzU5NTlaMF8x
+ITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEeMBwGA1UECxMVRXNzZW50aWFsU1NM
+IFdpbGRjYXJkMRowGAYDVQQDDBEqLmNsb3VkYXRjb3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAM9CyL8uUPoE3zYbvnwtUW69h0f+rkND1/Jsi15EEBFPQqiYCmPiSaJLn6JB
+Hri34t4lArGrPA6K01x18LJqFoYDy5ya37J8Bd4jF3cijWe/IQEWAw0r2ufhd4LTNMvEyJIECida
+LMhBxpORRdijmvEXCf9D0OEGBV3qfizcCH7+VPordCY3y9fwgbk0wAB1lAk29aRosK3gZJceu57Q
+YkEKjee6pZ473+xpCjaeTBUlPuGA95A2jPf8c+QSPegczOd9Hwo4JqAJSjTzzuHiSbEhd+8JIC/P
+6GYVOvwnNqCPuuXsoBy8xBQ8lHuZcWd5sh4MDRvm5YxVFhYN6kOgf1ECAwEAAaOCAd8wggHbMB8G
+A1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSC9dSGoIEPHBTUQJjOxxPg
+lhRLPDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
+KwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczov
+L3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDov
+L2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB
+LmNybDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNv
+bS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzAB
+hhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wLQYDVR0RBCYwJIIRKi5jbG91ZGF0Y29zdC5jb22C
+D2Nsb3VkYXRjb3N0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAPfUXBGDYOQnJuykm8I9cB2rBFVvt
+HgzKIM+SXRz/jRt4HN/fsQkq2mI8SUPigWbtrtL1yim0hHdTR4m6vn7eHqj8erjjEJy16OfyRwp8
+LfjjHvcPxAxiRcFdv+8Pu/o0umqtxmRn4enyAZWhqAp3TBjkJPkJgh/toJqGpE7dN1Jw1AF75rrA
+DXS8J5fcJYZQydJce+kacMHLh4C0Q37NgZKPfM+9jsygqY3Fhqh5GIt/CXNx2vlDPQP87QEtK7y7
+dCGd/MwrdKkUvOpsmqWiO1+02DesZSdIow/YW+8cUhPvYMqpM9zKbqVdRj3FJK56+/xNfNX5tiU1
+1VE7rIcEbw==
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTQwMjEyMDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRp
+b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI7CAhnh
+oFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28ShbXcDow+G+eMGnD4LgYqbSRutA776S9uM
+IO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4Tg
+llfQcBhglo/uLQeTnaG6ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh
+7lgUq/51UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0nc13c
+RTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQYMBaAFLuvfgI9+qbx
+PISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz30O0Oija5zAOBgNVHQ8BAf8EBAMC
+AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYD
+VR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNv
+bW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
+AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRy
+dXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcN
+AQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx
+3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsI
+tG8kO3KdY3RYPBpsP0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdo
+ltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js
+9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxGV/Iz2tDIY+3GH5QFlkoa
+kdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBm
+GqW5prU5wfWYQ//u+aen/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODc
+QgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje
+3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf+AZx
+AeKCINT+b72x
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn
+dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ
+FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+
+5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG
+x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX
+2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL
+OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3
+sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C
+GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5
+WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
+FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt
+rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+
+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg
+tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW
+sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp
+pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA
+zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq
+ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52
+7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I
+LaZRfyHBNVOFBkpdn627G190
+-----END CERTIFICATE-----
diff --git a/krebs/Zhosts/wbob b/krebs/Zhosts/wbob
new file mode 100644
index 000000000..829a59110
--- /dev/null
+++ b/krebs/Zhosts/wbob
@@ -0,0 +1,10 @@
+Subnet = 10.243.214.15/32
+Subnet = 42:5a02:2c30:c1b1:3f2e:7c19:2496:a732/128
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
+QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
+cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
+khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
+rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
+TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 1907424ec..ac7524506 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -21,7 +21,7 @@ in {
];
-
+ services.smartd.devices = [ { device = "/dev/sda";} ];
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
###### stable
@@ -32,6 +32,9 @@ in {
ListenAddress = ${external-ip} 655
ListenAddress = ${external-ip} 21031
'';
+ krebs.nginx.servers.cgit.server-names = [
+ "cgit.euer.krebsco.de"
+ ];
# Chat
environment.systemPackages = with pkgs;[
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index e19205a95..19183fea8 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -27,10 +27,56 @@ in {
../2configs/exim-retiolum.nix
../2configs/smart-monitor.nix
../2configs/mail-client.nix
+ ../2configs/share-user-sftp.nix
+ ../2configs/nginx/omo-share.nix
../3modules
];
- krebs.build.host = config.krebs.hosts.omo;
+ networking.firewall.trustedInterfaces = [ "enp3s0" ];
+ # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
+ # tcp:80 - nginx for sharing files
+ # tcp:655 udp:655 - tinc
+ # tcp:8080 - sabnzbd
+ networking.firewall.allowedUDPPorts = [ 655 ];
+ networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
+
+ # services.openssh.allowSFTP = false;
+ krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
+
+ # samba share /media/crypt1/share
+ users.users.smbguest = {
+ name = "smbguest";
+ uid = config.ids.uids.smbguest;
+ description = "smb guest user";
+ home = "/var/empty";
+ };
+ services.samba = {
+ enable = true;
+ shares = {
+ winshare = {
+ path = "/media/crypt1/share";
+ "read only" = "no";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
+ };
+ extraConfig = ''
+ guest account = smbguest
+ map to guest = bad user
+ # disable printing
+ load printers = no
+ printing = bsd
+ printcap name = /dev/null
+ disable spoolss = yes
+ '';
+ };
+
+ # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
+ services.sabnzbd.enable = true;
+ systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+
+ # HDD Array stuff
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
+
makefu.snapraid = let
toMapper = id: "/media/crypt${builtins.toString id}";
in {
@@ -38,7 +84,6 @@ in {
disks = map toMapper [ 0 1 ];
parity = toMapper 2;
};
- # AMD E350
fileSystems = let
cryptMount = name:
{ "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
@@ -56,6 +101,8 @@ in {
${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
${pkgs.hdparm}/sbin/hdparm -y ${disk}
'') allDisks);
+
+ # crypto unlocking
boot = {
initrd.luks = {
devices = let
@@ -86,11 +133,11 @@ in {
extraModulePackages = [ ];
};
- networking.firewall.allowedUDPPorts = [ 655 ];
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
- #zramSwap.enable = true;
+ zramSwap.enable = true;
zramSwap.numDevices = 2;
+ krebs.build.host = config.krebs.hosts.omo;
}
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 690e26b36..d7fa8edc5 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -35,12 +35,14 @@
# ../2configs/mediawiki.nix
#../2configs/wordpress.nix
];
+ hardware.sane.enable = true;
+ hardware.sane.extraBackends = [ pkgs.samsungUnifiedLinuxDriver ];
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
};
krebs.Reaktor = {
- enable = true;
+ enable = false;
nickname = "makefu|r";
plugins = with pkgs.ReaktorPlugins; [ nixos-version random-emoji ];
};
@@ -59,6 +61,7 @@
hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" ''
${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"}
load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"'';
+ networking.firewall.enable = false;
networking.firewall.allowedTCPPorts = [
25
];
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index b8c02cb67..d95362919 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -2,9 +2,7 @@
#
#
{ lib, config, pkgs, ... }:
-let
- pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
-in {
+{
krebs.build.host = config.krebs.hosts.vbob;
krebs.build.target = "root@10.10.10.220";
imports =
@@ -15,14 +13,13 @@ in {
# environment
];
+ nixpkgs.config.allowUnfree = true;
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
- buildbot = pkgs-unst.buildbot;
- buildbot-slave = pkgs-unst.buildbot-slave;
};
makefu.buildbot.master = {
- enable = true;
+ enable = false;
irc = {
enable = true;
server = "cd.retiolum";
@@ -30,8 +27,9 @@ in {
allowForce = true;
};
};
+ # services.logstash.enable = true;
makefu.buildbot.slave = {
- enable = true;
+ enable = false;
masterhost = "localhost";
username = "testslave";
password = "krebspass";
@@ -41,8 +39,8 @@ in {
krebs.build.source.git.nixpkgs = {
#url = https://github.com/nixos/nixpkgs;
- # HTTP Everywhere
- rev = "a3974e";
+ # HTTP Everywhere + libredir
+ rev = "8239ac6";
};
fileSystems."/nix" = {
device ="/dev/disk/by-label/nixstore";
@@ -56,9 +54,12 @@ in {
};
};
environment.systemPackages = with pkgs;[
+ fortclientsslvpn
buildbot
buildbot-slave
get
+ genid
+ logstash
];
networking.firewall.allowedTCPPorts = [
diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix
new file mode 100644
index 000000000..d6916f006
--- /dev/null
+++ b/makefu/1systems/wbob.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+{
+ imports =
+ [ # Include the results of the hardware scan.
+ ../2configs/main-laptop.nix
+ ];
+ krebs = {
+ enable = true;
+ retiolum.enable = true;
+ build.host = config.krebs.hosts.wbob;
+ };
+ boot.loader.grub.device = "/dev/sda";
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ fileSystems."/" = {
+ device = "/dev/sda1";
+ fsType = "ext4";
+ };
+}
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 7593eaff7..ec1100582 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -13,7 +13,7 @@ with lib;
./vim.nix
];
-
+ nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
krebs = {
enable = true;
search-domain = "retiolum";
@@ -65,7 +65,12 @@ with lib;
time.timeZone = "Europe/Berlin";
#nix.maxJobs = 1;
- programs.ssh.startAgent = false;
+ programs.ssh = {
+ startAgent = false;
+ extraConfig = ''
+ UseRoaming no
+ '';
+ };
services.openssh.enable = true;
nix.useChroot = true;
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 35bb169cf..7d85eb8d1 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -16,6 +16,9 @@ let
desc = "Tinc Advanced Graph Generation";
};
cac = { };
+ init-stockholm = {
+ desc = "Init stuff for stockholm";
+ };
};
priv-repos = mapAttrs make-priv-repo {
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index 047895ce6..ebc72a06e 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -24,5 +24,12 @@ with lib;
services.tlp.enable = true;
services.tlp.extraConfig = ''
START_CHARGE_THRESH_BAT0=80
+
+ CPU_SCALING_GOVERNOR_ON_AC=performance
+ CPU_SCALING_GOVERNOR_ON_BAT=ondemand
+ CPU_MIN_PERF_ON_AC=0
+ CPU_MAX_PERF_ON_AC=100
+ CPU_MIN_PERF_ON_BAT=0
+ CPU_MAX_PERF_ON_BAT=30
'';
}
diff --git a/makefu/2configs/nginx/omo-share.nix b/makefu/2configs/nginx/omo-share.nix
new file mode 100644
index 000000000..ce85e0442
--- /dev/null
+++ b/makefu/2configs/nginx/omo-share.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ hostname = config.krebs.build.host.name;
+ # TODO local-ip from the nets config
+ local-ip = "192.168.1.11";
+ # local-ip = head config.krebs.build.host.nets.retiolum.addrs4;
+in {
+ krebs.nginx = {
+ enable = mkDefault true;
+ servers = {
+ omo-share = {
+ listen = [ "${local-ip}:80" ];
+ locations = singleton (nameValuePair "/" ''
+ autoindex on;
+ root /media;
+ limit_rate_after 100m;
+ limit_rate 5m;
+ mp4_buffer_size 4M;
+ mp4_max_buffer_size 10M;
+ allow all;
+ access_log off;
+ keepalive_timeout 65;
+ keepalive_requests 200;
+ reset_timedout_connection on;
+ sendfile on;
+ tcp_nopush on;
+ gzip off;
+ '');
+ };
+ };
+ };
+}
diff --git a/makefu/2configs/share-user-sftp.nix b/makefu/2configs/share-user-sftp.nix
new file mode 100644
index 000000000..2c93143ec
--- /dev/null
+++ b/makefu/2configs/share-user-sftp.nix
@@ -0,0 +1,21 @@
+{ config, ... }:
+
+{
+ users.users = {
+ share = {
+ uid = 9002;
+ home = "/var/empty";
+ openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
+ };
+ };
+ # we will use internal-sftp to make uncomplicated Chroot work
+ services.openssh.extraConfig = ''
+ Match User share
+ ChrootDirectory /media
+ ForceCommand internal-sftp
+ AllowTcpForwarding no
+ PermitTunnel no
+ X11Forwarding no
+ Match All
+ '';
+}
diff --git a/makefu/2configs/smart-monitor.nix b/makefu/2configs/smart-monitor.nix
index 9b0290a9b..daf3aad01 100644
--- a/makefu/2configs/smart-monitor.nix
+++ b/makefu/2configs/smart-monitor.nix
@@ -3,6 +3,7 @@
krebs.exim-retiolum.enable = lib.mkDefault true;
services.smartd = {
enable = true;
+ autodetect = false;
notifications = {
mail = {
enable = true;
@@ -12,8 +13,6 @@
# short daily, long weekly, check on boot
defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
- devices = lib.mkDefault [{
- device = "/dev/sda";
- }];
+ devices = lib.mkDefault [ ];
};
}
diff --git a/makefu/2configs/tinc-basic-retiolum.nix b/makefu/2configs/tinc-basic-retiolum.nix
index 2abf4f188..f49c596fc 100644
--- a/makefu/2configs/tinc-basic-retiolum.nix
+++ b/makefu/2configs/tinc-basic-retiolum.nix
@@ -4,7 +4,6 @@ with lib;
{
krebs.retiolum = {
enable = true;
- hosts = ../../krebs/Zhosts;
connectTo = [
"gum"
"pigstarter"
diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix
index a83279ba2..f869f5a78 100644
--- a/makefu/2configs/urlwatch.nix
+++ b/makefu/2configs/urlwatch.nix
@@ -29,6 +29,7 @@
https://pypi.python.org/simple/bepasty/
https://pypi.python.org/simple/xstatic/
http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
+ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
];
};
}
diff --git a/makefu/2configs/vim.nix b/makefu/2configs/vim.nix
index 02a46d22a..227d73c81 100644
--- a/makefu/2configs/vim.nix
+++ b/makefu/2configs/vim.nix
@@ -122,7 +122,7 @@ in {
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
vimrcConfig.vam.pluginDictionaries = [
{ names = [ "undotree"
- "YouCompleteMe"
+ # "YouCompleteMe"
"vim-better-whitespace" ]; }
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
];
diff --git a/makefu/2configs/virtualization.nix b/makefu/2configs/virtualization.nix
index b3f8c8284..b90467ab8 100644
--- a/makefu/2configs/virtualization.nix
+++ b/makefu/2configs/virtualization.nix
@@ -5,4 +5,5 @@ let
in {
virtualisation.libvirtd.enable = true;
users.extraUsers.${mainUser.name}.extraGroups = [ "libvirtd" ];
+ networking.firewall.checkReversePath = false; # TODO: unsolved issue in nixpkgs:#9067 [bug]
}
diff --git a/makefu/2configs/wwan.nix b/makefu/2configs/wwan.nix
index 29a610ac6..1e76cd28a 100644
--- a/makefu/2configs/wwan.nix
+++ b/makefu/2configs/wwan.nix
@@ -1,33 +1,9 @@
-{ config, lib, pkgs, ... }:
+_:
-#usage: $ wvdial
-
-let
- mainUser = config.krebs.build.user;
-in {
- environment.systemPackages = with pkgs;[
- wvdial
- ];
-
- environment.shellAliases = {
- umts = "sudo wvdial netzclub";
+{
+ imports = [ ../3modules ];
+ makefu.umts = {
+ enable = true;
+ modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01";
};
-
- # configure for NETZCLUB
- environment.wvdial.dialerDefaults = ''
- Phone = *99***1#
- Dial Command = ATDT
- Modem = /dev/ttyACM0
- Baud = 460800
- Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
- Init2 = ATZ
- Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
- ISDN = 0
- Modem Type = Analog Modem
- Username = netzclub
- Password = netzclub
- Stupid Mode = 1
- Idle Seconds = 0'';
-
- users.extraUsers.${mainUser.name}.extraGroups = [ "dialout" ];
}
diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix
index 1b1762418..f79f258f3 100644
--- a/makefu/2configs/zsh-user.nix
+++ b/makefu/2configs/zsh-user.nix
@@ -19,8 +19,7 @@ in
bindkey -e
# shift-tab
bindkey '^[[Z' reverse-menu-complete
-
- autoload -U compinit && compinit
+ bindkey "\e[3~" delete-char
zstyle ':completion:*' menu select
# load gpg-agent
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index 218c9138e..f007a8418 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -3,6 +3,7 @@ _:
{
imports = [
./snapraid.nix
+ ./umts.nix
];
}
diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix
new file mode 100644
index 000000000..d7be45f62
--- /dev/null
+++ b/makefu/3modules/umts.nix
@@ -0,0 +1,76 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ # TODO: currently it is only netzclub
+ umts-bin = pkgs.writeScriptBin "umts" ''
+ #!/bin/sh
+ set -euf
+ systemctl start umts
+ trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT
+ echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
+ journalctl -xfu umts
+ '';
+
+ wvdial-defaults = ''
+ Phone = *99***1#
+ Dial Command = ATDT
+ Modem = ${cfg.modem-device}
+ Baud = 460800
+ Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
+ Init2 = ATZ
+ Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
+ ISDN = 0
+ Modem Type = Analog Modem
+ Username = netzclub
+ Password = netzclub
+ Stupid Mode = 1
+ Idle Seconds = 0'';
+
+ cfg = config.makefu.umts;
+
+ out = {
+ options.makefu.umts = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "umts";
+
+ modem-device = mkOption {
+ default = "/dev/ttyUSB0";
+ type = types.str;
+ description = ''
+ path to modem device, use <filename>/dev/serial/by-id/...</filename>
+ to avoid race conditions.
+ '';
+ };
+ };
+
+ imp = {
+ environment.shellAliases = {
+ umts = "sudo ${umts-bin}/bin/umts";
+ };
+ environment.systemPackages = [ ];
+
+ environment.wvdial.dialerDefaults = wvdial-defaults;
+
+ systemd.targets.network-umts = {
+ description = "System is running on UMTS";
+ unitConfig.StopWhenUnneeded = true;<