From 2fccbc483dcb6a374b96868bbfaf38fd48853d72 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Nov 2021 14:22:01 +0100 Subject: github-known-hosts: update list --- krebs/3modules/github-known-hosts.nix | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix index 39b9722e..d30b41ee 100644 --- a/krebs/3modules/github-known-hosts.nix +++ b/krebs/3modules/github-known-hosts.nix @@ -2,8 +2,8 @@ services.openssh.knownHosts.github = { hostNames = [ "github.com" - # List generated with - # curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R . + # List generated with (IPv6 addresses are currently ignored): + # curl -sS https://api.github.com/meta | jq -r .git[] | grep -v : | nix-shell -p cidr2glob --run cidr2glob | jq -R . "192.30.252.*" "192.30.253.*" "192.30.254.*" @@ -28,6 +28,22 @@ "140.82.125.*" "140.82.126.*" "140.82.127.*" + "143.55.64.*" + "143.55.65.*" + "143.55.66.*" + "143.55.67.*" + "143.55.68.*" + "143.55.69.*" + "143.55.70.*" + "143.55.71.*" + "143.55.72.*" + "143.55.73.*" + "143.55.74.*" + "143.55.75.*" + "143.55.76.*" + "143.55.77.*" + "143.55.78.*" + "143.55.79.*" "13.114.40.48" "52.192.72.89" "52.69.186.44" @@ -44,6 +60,9 @@ "18.228.52.138" "18.228.67.229" "18.231.5.6" + "20.201.28.151" + "20.205.243.166" + "102.133.202.242" "18.181.13.223" "54.238.117.237" "54.168.17.15" @@ -60,6 +79,9 @@ "54.233.131.104" "18.231.104.233" "18.228.167.86" + "20.201.28.152" + "20.205.243.160" + "102.133.202.246" ]; publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; }; -- cgit v1.2.3 From 85604f02df855b8e37208df1814b4d46cbc1a57f Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Nov 2021 21:19:09 +0100 Subject: krebs.build.profile: fix type --- krebs/3modules/build.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 904deb16..5f961617 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -10,7 +10,7 @@ with import ; }; profile = mkOption { - type = types.absolute-path; + type = types.absolute-pathname; default = "/nix/var/nix/profiles/system"; }; -- cgit v1.2.3 From 53f192125b0d7e273e64f2ab67392adeeb3c521b Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Nov 2021 01:05:28 +0100 Subject: airdcpp: fix default hubs.*.Nick --- krebs/3modules/airdcpp.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 0ac9d335..4ac6e30e 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -45,7 +45,7 @@ let Nick Name for hub ''; type = str; - default = cfg.Nick; + default = cfg.dcpp.Nick; }; Password = mkOption { description = '' -- cgit v1.2.3 From 551cfeadefc95b8c54366b61a49f65783a2b238d Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Nov 2021 01:21:27 +0100 Subject: bepasty-server: fix for manual --- krebs/3modules/bepasty-server.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 051646b6..c374aa9a 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -58,6 +58,7 @@ let permissions will be set to 755 ''; default = config.users.extraUsers.bepasty.home; + defaultText = "\${config.users.extraUsers.bepasty.home}"; }; dataDir = mkOption { @@ -67,6 +68,7 @@ let /var/lib/bepasty-server/data ''; default = "${config.users.extraUsers.bepasty.home}/data"; + defaultText = "\${config.users.extraUsers.bepasty.home}/data"; }; extraConfig = mkOption { -- cgit v1.2.3 From 87f43a3be4da6f575393dcca7c17399ad06d8580 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Nov 2021 04:23:30 +0100 Subject: tinc_graphs: fix for manual --- krebs/3modules/tinc_graphs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 19cce8aa..7a414e6e 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -24,6 +24,7 @@ let type = types.str; description = "Path to Hosts directory"; default = "${config.krebs.tinc.retiolum.hostsPackage}"; + defaultText = "\${config.krebs.tinc.retiolum.hostsPackage}"; }; network = mkOption { @@ -68,6 +69,7 @@ let Defaults to the new users home dir which defaults to /var/cache/tinc_graphs''; default = config.users.extraUsers.tinc_graphs.home; + defaultText = "\${config.users.extraUsers.tinc_graphs.home}"; }; timerConfig = mkOption { -- cgit v1.2.3 From ae0c0de7f1ddc301619415d01831edb7d4640f92 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Nov 2021 01:30:48 +0100 Subject: github-hosts-sync: fix for manual --- krebs/3modules/github-hosts-sync.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index d385ec35..590708aa 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -22,6 +22,7 @@ let ssh-identity-file = mkOption { type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"]; default = toString ; + defaultText = "‹secrets/github-hosts-sync.ssh.id_ed25519›"; }; url = mkOption { type = types.str; -- cgit v1.2.3 From 1247440a3dde4ff28e107cdc0d59ded7990c7124 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Nov 2021 01:54:39 +0100 Subject: tinc: fix for manual --- krebs/3modules/tinc.nix | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index a8a78a43..d0a4ba26 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -81,9 +81,16 @@ let ''} ${tinc.config.tincUpExtra} ''; + defaultText = '' + ip -4 addr add ‹net.ip4.addr› dev ${netname} + ip -4 route add ‹net.ip4.prefix› dev ${netname} + ip -6 addr add ‹net.ip6.addr› dev ${netname} + ip -6 route add ‹net.ip6.prefix› dev ${netname} + ${tinc.config.tincUpExtra} + ''; description = '' tinc-up script to be used. Defaults to setting the - krebs.host.nets..ip4 and ip6 for the new ips and + krebs.host.nets.‹netname›.ip4 and ip6 for the new ips and configures forwarding of the respecitive netmask as subnet. ''; }; @@ -103,6 +110,7 @@ let type = with types; attrsOf host; default = filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts; + defaultText = "‹all-hosts-of-‹netname››"; description = '' Hosts to generate config.krebs.tinc.retiolum.hostsPackage. Note that these hosts must have a network named @@ -138,9 +146,10 @@ let '') tinc.config.hosts)} ''; }; + defaultText = "‹netname›-tinc-hosts"; description = '' Package of tinc host configuration files. By default, a package will - be generated from config.krebs.${tinc.config.netname}.hosts. This + be generated from config.krebs.‹netname›.hosts. This option's main purpose is to expose the generated hosts package to other modules, like config.krebs.tinc_graphs. But it can also be used to provide a custom hosts directory. @@ -168,6 +177,7 @@ let owner = tinc.config.user; source-path = toString + "/${tinc.config.netname}.rsa_key.priv"; }; + defaultText = "‹secrets/‹netname›.rsa_key.priv›"; }; privkey_ed25519 = mkOption { @@ -179,11 +189,12 @@ let owner = tinc.config.user; source-path = toString + "/${tinc.config.netname}.ed25519_key.priv"; }; + defaultText = "‹secrets/‹netname›.ed25519_key.priv›"; }; connectTo = mkOption { type = types.listOf types.str; - ${if tinc.config.netname == "retiolum" then "default" else null} = [ + ${if netname == "retiolum" then "default" else null} = [ "gum" "ni" "prism" @@ -194,8 +205,10 @@ let routeable IPv4 or IPv6 address. In stockholm this can be done by configuring: - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = external-ip - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.tinc.port = 1655; + { + krebs.hosts.‹host›.nets.‹netname›.via.ip4.addr = external-ip; + krebs.hosts.‹host›.nets.‹netname›.tinc.port = 1655; + } ''; }; @@ -205,6 +218,10 @@ let name = tinc.config.netname; home = "/var/lib/${tinc.config.user.name}"; }; + defaultText = { + name = "‹netname›"; + home = "/var/lib/‹netname›"; + }; }; }; })); -- cgit v1.2.3 From 8e5dc749c5d35ee307ed03d91c855331a2d9f3ce Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Nov 2021 03:16:02 +0100 Subject: shadow: fix for manual --- krebs/3modules/shadow.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/shadow.nix b/krebs/3modules/shadow.nix index 9505efb0..f056cfd8 100644 --- a/krebs/3modules/shadow.nix +++ b/krebs/3modules/shadow.nix @@ -55,11 +55,11 @@ in { The overrides file may contain either regular shadow(5) entries like: - <login-name>:<hashed-password>:1:::::: + ‹login-name›:‹hashed-password›:1:::::: Or shortened entries only containing login name and password like: - <login-name>:<hashed-password> + ‹login-name›:‹hashed-password› ''; type = types.nullOr (types.either types.path types.absolute-pathname); }; -- cgit v1.2.3 From 96965e357878f8ee6ff8b62f07542fa37bcc8c3e Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Nov 2021 03:21:04 +0100 Subject: rtorrent: fix for manual --- krebs/3modules/rtorrent.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index e5566f32..4a96f620 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -96,7 +96,7 @@ let basic authentication to be used. If unset, no authentication will be enabled. - Refer to `services.nginx.virtualHosts..basicAuth` + Refer to `services.nginx.virtualHosts.‹name›.basicAuth` ''; default = {}; }; -- cgit v1.2.3 From c8c0f2597f15791fb1c9faa5c8371dc1639dbd89 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Nov 2021 03:22:41 +0100 Subject: git: fix for manual --- krebs/3modules/git.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index d31d91b7..d02ef6a3 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -53,7 +53,7 @@ let control system, using a built in cache to decrease pressure on the git server. cgit in this module is being served via fastcgi nginx.This module - deploys a http://cgit. nginx configuration and enables nginx + deploys a http://cgit.‹hostname› nginx configuration and enables nginx if not yet enabled. ''; }; @@ -207,7 +207,7 @@ let List of users that should be able to do everything with this repo. This option is currently not used by krebs.git but instead can be - used to create rules. See e.g. for + used to create rules. See e.g. ‹stockholm/lass/2configs/git.nix› for an example. ''; }; @@ -222,6 +222,7 @@ let path = mkOption { type = types.str; default = "${cfg.dataDir}/${config.name}"; + defaultText = "${cfg.dataDir}/‹reponame›"; description = '' An absolute path to the repository directory. For non-bare repositories this is the .git-directory. @@ -237,6 +238,7 @@ let url = mkOption { type = types.str; default = config.name; + defaultText = "‹reponame›"; description = '' The relative url used to access the repository. ''; @@ -249,7 +251,7 @@ let List of users that should be able to fetch from this repo. This option is currently not used by krebs.git but instead can be - used to create rules. See e.g. for + used to create rules. See e.g. ‹stockholm/tv/2configs/git.nix› for an example. ''; }; @@ -258,6 +260,7 @@ let description = '' Repository name. ''; + defaultText = "‹reponame›"; }; hooks = mkOption { type = types.attrsOf types.str; -- cgit v1.2.3 From ebd5fbbe053521a397bf645546a8cbcf12713e6c Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Nov 2021 03:23:04 +0100 Subject: buildbot: fix for manual --- krebs/3modules/buildbot/master.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index a845bb28..e55bd95e 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -137,7 +137,7 @@ let type = types.listOf types.str; example = [ "cac.json" ]; description = '' - List of all the secrets in which should be copied into the + List of all the secrets in ‹secrets› which should be copied into the buildbot master directory. ''; }; -- cgit v1.2.3 From 29c59684a33449967373692ebf4a142b887c2901 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Nov 2021 03:53:14 +0100 Subject: exim-smart-host: fix for manual --- krebs/3modules/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index c5969caa..4eb1d641 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -31,6 +31,7 @@ let owner.name = "exim"; source-path = toString + "/${config.domain}.dkim.priv"; }; + defaultText = "‹secrets/‹domain›.dkim.priv›"; }; selector = mkOption { type = types.str; -- cgit v1.2.3 From 07d9619956c07e18076161c21fd573b3ff6bc05c Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Nov 2021 04:22:56 +0100 Subject: github-hosts-sync: fix for manual --- krebs/3modules/github-hosts-sync.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 590708aa..9421576d 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -18,6 +18,7 @@ let srcDir = mkOption { type = types.str; default = "${config.krebs.tinc.retiolum.confDir}/hosts"; + defaultText = "\${config.krebs.tinc.retiolum.confDir}/hosts"; }; ssh-identity-file = mkOption { type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"]; -- cgit v1.2.3 From 13a1eb3fc5470919c519f6f2d3a6f87880759a11 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Nov 2021 04:27:12 +0100 Subject: reaktor2: fix for manual --- krebs/3modules/reaktor2.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix index fcc453fa..26aac5d5 100644 --- a/krebs/3modules/reaktor2.nix +++ b/krebs/3modules/reaktor2.nix @@ -26,11 +26,13 @@ with import ; }; stateDir = mkOption { default = "/var/lib/${self.config.username}"; + defaultText = "/var/lib/‹username›"; readOnly = true; type = types.absolute-pathname; }; systemd-service-name = mkOption { default = "reaktor2${optionalString (name != "default") "-${name}"}"; + defaultText = "reaktor2-‹name› or just reaktor2 if ‹name› is \"default\""; type = types.filename; }; sendDelaySec = mkOption { @@ -39,6 +41,7 @@ with import ; }; username = mkOption { default = self.config.systemd-service-name; + defaultText = "‹systemd-service-name›"; type = types.username; }; useTLS = mkOption { -- cgit v1.2.3 From 6940c3ac830eeaf6b55a2c5009a01438f070553f Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Nov 2021 04:30:33 +0100 Subject: htgen: fix for manual --- krebs/3modules/htgen.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 063bccc6..517dad76 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -13,7 +13,7 @@ let default = {}; type = types.attrsOf (types.submodule ({ config, ... }: { options = { - enable = mkEnableOption "krebs.htgen-${config.name}"; + enable = mkEnableOption "krebs.htgen-${config._module.args.name}"; name = mkOption { type = types.username; @@ -38,6 +38,10 @@ let name = "htgen-${config.name}"; home = "/var/lib/htgen-${config.name}"; }; + defaultText = { + name = "htgen-‹name›"; + home = "/var/lib/htgen-‹name›"; + }; }; }; })); -- cgit v1.2.3 From d7f44debbd9380d71db09eead8bfcaca218f2285 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Nov 2021 04:47:47 +0100 Subject: exim: fix for manual --- krebs/3modules/backup.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 910324f3..c5cb1cae 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -14,7 +14,7 @@ let default = {}; type = types.attrsOf (types.submodule ({ config, ... }: { options = { - enable = mkEnableOption "krebs.backup.${config.name}" // { + enable = mkEnableOption "krebs.backup.${config._module.args.name}" // { default = true; }; method = mkOption { @@ -23,6 +23,7 @@ let name = mkOption { type = types.str; default = config._module.args.name; + defaultText = "‹name›"; }; src = mkOption { type = types.krebs.file-location; -- cgit v1.2.3 From c979f7009f5ff1b2d25158aff1bca0f5be2dba54 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Nov 2021 04:58:14 +0100 Subject: types: fix for manual --- lib/types.nix | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/lib/types.nix b/lib/types.nix index 689a2c80..a5fcd4e6 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -34,7 +34,7 @@ rec { ci = mkOption { description = '' If true, then the host wants to be tested by some CI system. - See + See ‹stockholm/krebs/2configs/buildbot-all.nix› ''; type = bool; default = false; @@ -43,7 +43,7 @@ rec { external = mkOption { description = '' Whether the host is defined externally (in contrast to being defined - in ). This is useful e.g. when legacy and/or adopted + in ‹stockholm›). This is useful e.g. when legacy and/or adopted hosts should be part of retiolum or some other component. ''; type = bool; @@ -102,7 +102,14 @@ rec { default = config._module.args.name; }; via = mkOption { - type = nullOr net; + type = + # XXX break infinite recursion when generating manuals + if config._module.args.name == "‹name›" then + mkOptionType { + name = "‹net›"; + } + else + nullOr net; default = null; }; addrs = mkOption { @@ -128,7 +135,7 @@ rec { }; prefix = mkOption ({ type = cidr4; - } // optionalAttrs (config.name == "retiolum") { + } // optionalAttrs (config._module.args.name == "retiolum") { default = "10.243.0.0/16"; }); }; @@ -144,7 +151,7 @@ rec { }; prefix = mkOption ({ type = cidr6; - } // optionalAttrs (config.name == "retiolum") { + } // optionalAttrs (config._module.args.name == "retiolum") { default = "42::/16"; }); }; @@ -179,6 +186,12 @@ rec { ++ [config.pubkey] ); + defaultText = '' + Address = ‹addr› ‹port› # for each ‹net.via.addrs› + Subnet = ‹addr› # for each ‹net.addrs› + ‹extraConfig› + ‹pubkey› + ''; }; pubkey = mkOption { type = tinc-pubkey; @@ -252,6 +265,7 @@ rec { path = mkOption { type = absolute-pathname; default = "/run/keys/${config.name}"; + defaultText = "/run/keys/‹name›"; }; mode = mkOption { type = file-mode; @@ -267,10 +281,12 @@ rec { service = mkOption { type = systemd.unit-name; default = "secret-${lib.systemd.encodeName config.name}.service"; + defaultText = "secret-‹name›.service"; }; source-path = mkOption { type = str; default = toString + "/${config.name}"; + defaultText = "‹secrets/‹name››"; }; }; }); @@ -379,6 +395,7 @@ rec { home = mkOption { type = absolute-pathname; default = "/home/${config.name}"; + defaultText = "/home/‹name›"; }; mail = mkOption { type = nullOr str; @@ -406,6 +423,7 @@ rec { uid = mkOption { type = int; default = genid_uint31 config.name; + defaultText = "genid_uint31 ‹name›"; }; }; }); @@ -414,10 +432,12 @@ rec { name = mkOption { type = username; default = config._module.args.name; + defaultText = "genid_uint31 ‹name›"; }; gid = mkOption { type = int; default = genid_uint31 config.name; + defaultText = "genid_uint31 ‹name›"; }; }; }); -- cgit v1.2.3 From 348018063ac93f36b145f5600af8be424863e460 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 8 Nov 2021 11:57:39 +0100 Subject: l restic: RIP --- lass/3modules/default.nix | 1 - lass/3modules/restic.nix | 119 ---------------------------------------------- 2 files changed, 120 deletions(-) delete mode 100644 lass/3modules/restic.nix diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 1ce88b23..570bb45b 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -9,7 +9,6 @@ _: ./news.nix ./nichtparasoup.nix ./pyload.nix - ./restic.nix ./screenlock.nix ./usershadow.nix ./xjail.nix diff --git a/lass/3modules/restic.nix b/lass/3modules/restic.nix deleted file mode 100644 index c720793b..00000000 --- a/lass/3modules/restic.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -{ - options.lass.restic = mkOption { - type = types.attrsOf (types.submodule ({ config, ... }: { - options = { - name = mkOption { - type = types.str; - default = config._module.args.name; - }; - passwordFile = mkOption { - type = types.str; - default = toString ; - description = '' - read the repository password from a file. - ''; - example = "/etc/nixos/restic-password"; - - }; - repo = mkOption { - type = types.str; - default = "sftp:backup@prism.r:/backups/${config.name}"; - description = '' - repository to backup to. - ''; - example = "sftp:backup@192.168.1.100:/backups/${config.name}"; - }; - dirs = mkOption { - type = types.listOf types.str; - default = []; - description = '' - which directories to backup. - ''; - example = [ - "/var/lib/postgresql" - "/home/user/backup" - ]; - }; - timerConfig = mkOption { - type = types.attrsOf types.str; - default = { - OnCalendar = "daily"; - }; - description = '' - When to run the backup. See man systemd.timer for details. - ''; - example = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; - }; - user = mkOption { - type = types.str; - default = "root"; - description = '' - As which user the backup should run. - ''; - example = "postgresql"; - }; - extraArguments = mkOption { - type = types.listOf types.str; - default = []; - description = '' - Extra arguments to append to the restic command. - ''; - example = [ - "sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp" - ]; - }; - initialize = mkOption { - type = types.bool; - default = false; - description = '' - Create the repository if it doesn't exist. - ''; - }; - }; - })); - default = {}; - }; - - config = { - systemd.services = - mapAttrs' (_: plan: - let - extraArguments = concatMapStringsSep " " (arg: "-o ${arg}") plan.extraArguments; - connectTo = elemAt (splitString ":" plan.repo) 1; - resticCmd = "${pkgs.restic}/bin/restic ${extraArguments}"; - in nameValuePair "backup.${plan.name}" { - environment = { - RESTIC_PASSWORD_FILE = plan.passwordFile; - RESTIC_REPOSITORY = plan.repo; - }; - path = with pkgs; [ - openssh - ]; - restartIfChanged = false; - serviceConfig = { - ExecStartPre = mkIf plan.initialize (pkgs.writeScript "rustic-${plan.name}-init" '' - #! ${pkgs.bash}/bin/bash - ${resticCmd} snapshots || ${resticCmd} init - ''); - ExecStart = pkgs.writeDash "rustic-${plan.name}" ( - "#! ${pkgs.bash}/bin/bash\n" + - concatMapStringsSep "\n" (dir: "${resticCmd} backup ${dir}") plan.dirs - ); - User = plan.user; - }; - } - ) config.lass.restic; - systemd.timers = - mapAttrs' (_: plan: nameValuePair "backup.${plan.name}" { - wantedBy = [ "timers.target" ]; - timerConfig = plan.timerConfig; - }) config.lass.restic; - }; -} -- cgit v1.2.3 From 14e6157d3017a26f768c6ea7a4e0ca2883830068 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 8 Nov 2021 19:59:03 +0100 Subject: l prism.r: add nets.internet.ip4.prefix --- krebs/3modules/lass/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index e96b4d8b..2475a0d5 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -54,7 +54,10 @@ in { }; nets = rec { internet = { - ip4.addr = "95.216.1.150"; + ip4 = { + addr = "95.216.1.150"; + prefix = "0.0.0.0/0"; + }; aliases = [ "prism.i" "paste.i" -- cgit v1.2.3 From 284de5b5b9e9baed14f7f8dfb7fd53ef6fea9050 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 14 Nov 2021 09:35:35 +0100 Subject: krebs: enable documentation for all modules --- krebs/2configs/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index f56f6045..4c25bc96 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -54,6 +54,9 @@ with import ; config.krebs.users.tv.pubkey ]; + # enable documentation for our modules + documentation.nixos.includeAllModules = true; + # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "17.03"; } -- cgit v1.2.3 From 0c32c00f0be6d95e191e80dc078f7aaa98e38419 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 14 Nov 2021 09:35:47 +0100 Subject: l: enable documentation for all modules --- lass/2configs/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 91922e5c..c3fbc209 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -215,6 +215,8 @@ with import ; noipv4ll ''; + documentation.nixos.includeAllModules = true; + # use 24:00 time format, the default got sneakily changed around 20.03 i18n.defaultLocale = mkDefault "C.UTF-8"; time.timeZone = mkDefault"Europe/Berlin"; -- cgit v1.2.3 From 258abf53968b92cb5b61be2bcb385873cd9d4d9d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 14 Nov 2021 09:36:27 +0100 Subject: types net: add defaults for wiregrill --- lib/types.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/types.nix b/lib/types.nix index a5fcd4e6..d6d52437 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -137,6 +137,8 @@ rec { type = cidr4; } // optionalAttrs (config._module.args.name == "retiolum") { default = "10.243.0.0/16"; + } // optionalAttrs (config._module.args.name == "wiregrill") { + default = "10.244.0.0/16"; }); }; }); @@ -153,6 +155,8 @@ rec { type = cidr6; } // optionalAttrs (config._module.args.name == "retiolum") { default = "42::/16"; + } // optionalAttrs (config._module.args.name == "wiregrill") { + default = "42:1::/32"; }); }; }); @@ -240,6 +244,7 @@ rec { }; }; })); + default = null; }; }; }); -- cgit v1.2.3 From 8c942b148cc949cbc1f7c747303ab4d4cba3ed21 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 14 Nov 2021 09:48:08 +0100 Subject: l xjail: fix for manual --- lass/3modules/xjail.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index 526e12db..f94e7ebb 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -48,6 +48,7 @@ with import ; wm = mkOption { #TODO find type type = types.str; + defaultText = "‹script›"; default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" { executables.xmonad = { extra-depends = [ -- cgit v1.2.3 From b244950e5d0b7ce3ebaf4f63a00f93abab46a893 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 14 Nov 2021 17:13:08 +0100 Subject: l mors.r: remove deprecated restic setup --- lass/1systems/mors/config.nix | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 95b68859..88ac90de 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -183,35 +183,6 @@ with import ; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; - lass.restic = genAttrs [ - "daedalus" - "icarus" - "littleT" - "prism" - "shodan" - "skynet" - ] (dest: { - dirs = [ - "/home/lass/src" - "/home/lass/work" - "/home/lass/.gnupg" - "/home/lass/Maildir" - "/home/lass/stockholm" - "/home/lass/.password-store" - "/home/bitcoin" - "/home/bch" - ]; - passwordFile = (toString ) + "/restic/${dest}"; - repo = "sftp:backup@${dest}.r:/backups/mors"; - #sshPrivateKey = config.krebs.build.host.ssh.privkey.path; - extraArguments = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - ]; - timerConfig = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; - }); virtualisation.libvirtd.enable = true; services.earlyoom = { -- cgit v1.2.3 From ebc830a91ff8c3319ec677ca62fc34a01c9de678 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 14 Nov 2021 17:14:10 +0100 Subject: puyak.r: define cores --- krebs/3modules/krebs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index ec499d63..7da97350 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -158,6 +158,7 @@ in { }; puyak = { ci = true; + cores = 4; nets = { retiolum = { ip4.addr = "10.243.77.2"; -- cgit v1.2.3 From b0f39ae34d1f248a4c1b92946a42418779f69490 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 14 Nov 2021 17:15:17 +0100 Subject: filebitch.r: define shack prefix --- krebs/3modules/krebs/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 7da97350..776b893f 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -39,7 +39,10 @@ in { cores = 4; nets = { shack = { - ip4.addr = "10.42.0.50" ; + ip4 = { + addr = "10.42.0.50" ; + prefix = "10.42.0.0/16"; + }; aliases = [ "filebitch.shack" ]; -- cgit v1.2.3 From a752af84bedc24fdc32004a8760532b3206c0421 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Nov 2021 12:42:28 +0100 Subject: ircaids: utillinux -> unixtools.getopt --- krebs/5pkgs/simple/ircaids/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/ircaids/default.nix b/krebs/5pkgs/simple/ircaids/default.nix index 61d3ee31..a070cf94 100644 --- a/krebs/5pkgs/simple/ircaids/default.nix +++ b/krebs/5pkgs/simple/ircaids/default.nix @@ -25,7 +25,7 @@ stdenv.mkDerivation rec { pkgs.netcat pkgs.nettools pkgs.openssl - pkgs.utillinux + pkgs.unixtools.getopt ]}; ' $out/bin/ircsink ''; -- cgit v1.2.3 From 3ddb425e39fb698bb1fc226e8e6623c33a6f560d Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Nov 2021 13:47:53 +0100 Subject: types net: fix retiolum's ipv6 prefix --- lib/types.nix | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/lib/types.nix b/lib/types.nix index d6d52437..c50969de 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -135,11 +135,10 @@ rec { }; prefix = mkOption ({ type = cidr4; - } // optionalAttrs (config._module.args.name == "retiolum") { - default = "10.243.0.0/16"; - } // optionalAttrs (config._module.args.name == "wiregrill") { - default = "10.244.0.0/16"; - }); + } // { + retiolum.default = "10.243.0.0/16"; + wiregrill.default = "10.244.0.0/16"; + }.${config._module.args.name} or {}); }; }); default = null; @@ -153,11 +152,10 @@ rec { }; prefix = mkOption ({ type = cidr6; - } // optionalAttrs (config._module.args.name == "retiolum") { - default = "42::/16"; - } // optionalAttrs (config._module.args.name == "wiregrill") { - default = "42:1::/32"; - }); + } // { + retiolum.default = "42:0::/32"; + wiregrill.default = "42:1::/32"; + }.${config._module.args.name} or {}); }; }); default = null; -- cgit v1.2.3 From 78f51e530b32b0b98825c55fe5824a8d3f73b375 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 21 Nov 2021 15:18:10 +0100 Subject: nixpkgs: f0869b1 -> 2452847 --- krebs/nixpkgs.json | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 8bfd1652..d6d70faf 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,10 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "f0869b1a2c0b150aac26e10bb5c2364ffb2e804f", - "date": "2021-10-31T15:33:08-07:00", - "path": "/nix/store/60dqlv3rf8dyf041qwx2bblmpd7mp7q6-nixpkgs", - "sha256": "150rrksrjf6w9m3c1ll04xilpglysklfpi636rxwyy318g5xss55", + "rev": "24528474d2b3370f2f23879a557ae2cc92a5d50b", + "date": "2021-11-19T11:04:27+01:00", + "path": "/nix/store/f435816nqq7y14ar1haadw228nbxnh33-nixpkgs", + "sha256": "0pdmqzk1l7cwwfp005kzv0dwnmg8xnskzc745052gdxp8pzh1w45", + "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false -- cgit v1.2.3 From a2768f5f73a8523d3be51f53c9195a5b8fdf1581 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 21 Nov 2021 15:35:20 +0100 Subject: nixpkgs-unstable: b165ce0 -> 715f634 --- krebs/nixpkgs-unstable.json | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 59414740..da23245a 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,10 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "b165ce0c4efbb74246714b5c66b6bcdce8cde175", - "date": "2021-11-01T19:42:18+01:00", - "path": "/nix/store/ccfd4ijkp4rn018sjghkhn4a7gkdq84l-nixpkgs", - "sha256": "1q7n9rk4i8ky2xxiymm72cfq1xra3ss3vkhbwf60rhiblslldgqg", + "rev": "715f63411952c86c8f57ab9e3e3cb866a015b5f2", + "date": "2021-11-17T14:17:56+01:00", + "path": "/nix/store/85yrz3ygrzkgw87fp3j42i1i9f4vf0n0-nixpkgs", + "sha256": "152kxfk11mgwg8gx0s1rgykyydfb7s746yfylvbwk5mk5cv4z9nv", + "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false -- cgit v1.2.3 From 60bebfcec07820c48a845f62cafbbed6fd3a36a4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 21 Nov 2021 18:25:39 +0100 Subject: flameshot: don't patch unknown versions --- krebs/5pkgs/override/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/override/default.nix b/krebs/5pkgs/override/default.nix index 2291132b..c1d8fa3d 100644 --- a/krebs/5pkgs/override/default.nix +++ b/krebs/5pkgs/override/default.nix @@ -20,7 +20,7 @@ self: super: { "0.10.1" = [ ./flameshot/flameshot_imgur_0.9.0.patch ]; - }.${old.version}; + }.${old.version} or []; }); # https://github.com/proot-me/PRoot/issues/106 -- cgit v1.2.3 From 3d1544c785700777ca5e421094cdde930b0de126 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Nov 2021 11:43:25 +0100 Subject: Revert "l: rip dishfire.r" This reverts commit 61e6552da3c48256bf4d17ae691721b3a7d000f2. --- krebs/3modules/lass/default.nix | 39 ++++++++++++++++++++++- lass/1systems/dishfire/config.nix | 63 +++++++++++++++++++++++++++++++++++++ lass/1systems/dishfire/physical.nix | 39 +++++++++++++++++++++++ lass/1systems/dishfire/source.nix | 3 ++ 4 files changed, 143 insertions(+), 1 deletion(-) create mode 100644 lass/1systems/dishfire/config.nix create mode 100644 lass/1systems/dishfire/physical.nix create mode 100644 lass/1systems/dishfire/source.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 2475a0d5..49ba09ec 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -14,7 +14,44 @@ in { dns.providers = { "lassul.us" = "zones"; }; - hosts = mapAttrs hostDefaults { + hosts = mapAttrs (_: recursiveUpdate { + owner = config.krebs.users.lass; + ci = true; + monitoring = true; + }) { + dishfire = { + cores = 4; + nets = rec { + internet = { + ip4.addr = "144.76.172.188"; + aliases = [ + "dishfire.i" + ]; + ssh.port = 45621; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.133.99"; + ip6.addr = "42:0000:0000:0000:0000:0000:d15f:1233"; + aliases = [ + "dishfire.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs + Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7 + uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK + R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd + vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U + HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.port = 993; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy"; + }; prism = rec { cores = 4; extraZones = { diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix new file mode 100644 index 00000000..3d5f3218 --- /dev/null +++ b/lass/1systems/dishfire/config.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + { + networking.dhcpcd.allowInterfaces = [ + "enp*" + "eth*" + "ens*" + ]; + } + { + sound.enable = false; + } + { + environment.systemPackages = with pkgs; [ + mk_sql_pair + ]; + } + { + imports = [ + + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport http"; target = "ACCEPT"; } + { predicate = "-p tcp --dport https"; target = "ACCEPT"; } + ]; + } + { + #TODO: abstract & move to own file + krebs.exim-smarthost = { + enable = true; + relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + config.krebs.hosts.mors + config.krebs.hosts.uriel + ]; + system-aliases = [ + { from = "mailer-daemon"; to = "postmaster"; } + { from = "postmaster"; to = "root"; } + { from = "nobody"; to = "root"; } + { from = "hostmaster"; to = "root"; } + { from = "usenet"; to = "root"; } + { from = "news"; to = "root"; } + { from = "webmaster"; to = "root"; } + { from = "www"; to = "root"; } + { from = "ftp"; to = "root"; } + { from = "abuse"; to = "root"; } + { from = "noc"; to = "root"; } + { from = "security"; to = "root"; } + { from = "root"; to = "lass"; } + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } + ]; + } + ]; + + krebs.build.host = config.krebs.hosts.dishfire; +} diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix new file mode 100644 index 00000000..64e3904e --- /dev/null +++ b/lass/1systems/dishfire/physical.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: +{ + imports = [ + ./config.nix + + ]; + + boot.loader.grub = { + device = "/dev/vda"; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "ehci_pci" + "uhci_hcd" + "virtio_pci" + "virtio_blk" + ]; + + fileSystems."/" = { + device = "/dev/mapper/pool-nix"; + fsType = "ext4"; + }; + + fileSystems."/srv/http" = { + device = "/dev/pool/srv_http"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + fileSystems."/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; +} diff --git a/lass/1systems/dishfire/source.nix b/lass/1systems/dishfire/source.nix new file mode 100644 index 00000000..2445af13 --- /dev/null +++ b/lass/1systems/dishfire/source.nix @@ -0,0 +1,3 @@ +import { + name = "dishfire"; +} -- cgit v1.2.3 From ff9a042e70779e860d7a07a24e3ffb1f40119c32 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Nov 2021 12:47:06 +0100 Subject: l dishfire.r: revive with minimal config --- krebs/3modules/lass/default.nix | 9 ++++--- lass/1systems/dishfire/config.nix | 53 ------------------------------------- lass/1systems/dishfire/physical.nix | 44 +++++++++--------------------- lass/1systems/dishfire/source.nix | 3 --- 4 files changed, 19 insertions(+), 90 deletions(-) delete mode 100644 lass/1systems/dishfire/source.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 49ba09ec..1f118b8b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -23,7 +23,10 @@ in { cores = 4; nets = rec { internet = { - ip4.addr = "144.76.172.188"; + ip4 = rec { + addr = "157.90.232.92"; + prefix = "${addr}/32"; + }; aliases = [ "dishfire.i" ]; @@ -32,7 +35,7 @@ in { retiolum = { via = internet; ip4.addr = "10.243.133.99"; - ip6.addr = "42:0000:0000:0000:0000:0000:d15f:1233"; + ip6.addr = r6 "d15f:1233"; aliases = [ "dishfire.r" ]; @@ -46,7 +49,7 @@ in { HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB -----END RSA PUBLIC KEY----- ''; - tinc.port = 993; + tinc.port = 655; }; }; ssh.privkey.path = ; diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix index 3d5f3218..b814d718 100644 --- a/lass/1systems/dishfire/config.nix +++ b/lass/1systems/dishfire/config.nix @@ -4,59 +4,6 @@ imports = [ - - { - networking.dhcpcd.allowInterfaces = [ - "enp*" - "eth*" - "ens*" - ]; - } - { - sound.enable = false; - } - { - environment.systemPackages = with pkgs; [ - mk_sql_pair - ]; - } - { - imports = [ - - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - { predicate = "-p tcp --dport https"; target = "ACCEPT"; } - ]; - } - { - #TODO: abstract & move to own file - krebs.exim-smarthost = { - enable = true; - relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ - config.krebs.hosts.mors - config.krebs.hosts.uriel - ]; - system-aliases = [ - { from = "mailer-daemon"; to = "postmaster"; } - { from = "postmaster"; to = "root"; } - { from = "nobody"; to = "root"; } - { from = "hostmaster"; to = "root"; } - { from = "usenet"; to = "root"; } - { from = "news"; to = "root"; } - { from = "webmaster"; to = "root"; } - { from = "www"; to = "root"; } - { from = "ftp"; to = "root"; } - { from = "abuse"; to = "root"; } - { from = "noc"; to = "root"; } - { from = "security"; to = "root"; } - { from = "root"; to = "lass"; } - ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } - ]; - } ]; krebs.build.host = config.krebs.hosts.dishfire; diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix index 64e3904e..ca013132 100644 --- a/lass/1systems/dishfire/physical.nix +++ b/lass/1systems/dishfire/physical.nix @@ -1,39 +1,21 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, modulesPath, ... }: + { imports = [ ./config.nix - - ]; - - boot.loader.grub = { - device = "/dev/vda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "ehci_pci" - "uhci_hcd" - "virtio_pci" - "virtio_blk" + (modulesPath + "/profiles/qemu-guest.nix") ]; - fileSystems."/" = { - device = "/dev/mapper/pool-nix"; - fsType = "ext4"; - }; + boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + boot.loader.grub.devices = [ "/dev/sda" ]; - fileSystems."/srv/http" = { - device = "/dev/pool/srv_http"; - fsType = "ext4"; - }; + fileSystems."/" = + { device = "/dev/disk/by-uuid/84053adc-49bc-4e02-8a19-3838bf3a43fd"; + fsType = "ext4"; + }; - fileSystems."/boot" = { - device = "/dev/vda1"; - fsType = "ext4"; - }; - fileSystems."/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; + swapDevices = [ ]; } diff --git a/lass/1systems/dishfire/source.nix b/lass/1systems/dishfire/source.nix deleted file mode 100644 index 2445af13..00000000 --- a/lass/1systems/dishfire/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "dishfire"; -} -- cgit v1.2.3 From 4c7abec39771cbd47dc091c674a0429f5c757ebc Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 23 Nov 2021 15:28:06 +0100 Subject: types tinc: add weight option --- lib/types.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/lib/types.nix b/lib/types.nix index c50969de..6755eef0 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -187,6 +187,8 @@ rec { [config.extraConfig] ++ [config.pubkey] + ++ + optional (config.weight != null) "Weight = ${toString config.weight}" ); defaultText = '' Address = ‹addr› ‹port› # for each ‹net.via.addrs› @@ -217,6 +219,15 @@ rec { description = "tinc subnets"; default = []; }; + weight = mkOption { + type = nullOr int; + description = '' + global tinc weight (latency in ms) of this particular node. + can be set to some high value to make it unprobable to be used as router. + if set to null, tinc will autogenerate the value based on latency. + ''; + default = if net.via != null then null else 300; + }; }; })); default = null; -- cgit v1.2.3