From 1f6ba2a01d8ef041323fcb847a0c445365307182 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 29 Jan 2019 19:59:59 +0100 Subject: xmonad-stockholm: arguments in one line --- krebs/5pkgs/haskell/xmonad-stockholm.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/haskell/xmonad-stockholm.nix b/krebs/5pkgs/haskell/xmonad-stockholm.nix index 228d365a..1b197b91 100644 --- a/krebs/5pkgs/haskell/xmonad-stockholm.nix +++ b/krebs/5pkgs/haskell/xmonad-stockholm.nix @@ -1,5 +1,4 @@ -{ mkDerivation, base, containers, fetchgit, filepath, stdenv, unix, X11, X11-xft -, X11-xshape, xmonad, xmonad-contrib +{ mkDerivation, base, containers, fetchgit, filepath, stdenv, unix, X11, X11-xft , X11-xshape, xmonad, xmonad-contrib }: mkDerivation rec { pname = "xmonad-stockholm"; -- cgit v1.2.3 From 397fad23666f0705f03af166ad0b9a7d87104e4d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 May 2019 10:27:57 +0200 Subject: nixpkgs: cf3e277 -> 04954e3 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 0bc3abf9..ae75f607 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "cf3e277dd0bd710af0df667e9364f4bd80c72713", - "date": "2019-04-24T23:55:21+02:00", - "sha256": "1abyadl3sxf67yi65758hq6hf2j07afgp1fmkk7kd94dadx6r6f4", + "rev": "04954e39df88487bf5b6bb5e532520e83a6c22ea", + "date": "2019-05-04T20:25:55-04:00", + "sha256": "1l6wc13mwwhv0msa0596wvsq2j2kxj1wjchdz4v1zzia781rpd8m", "fetchSubmodules": false } -- cgit v1.2.3 From 31df4e128b094a757fff6641db22a042e3da6b8a Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 20 May 2019 11:42:36 +0200 Subject: nixpkgs: 04954e3 -> 705986f --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index ae75f607..811eb826 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "04954e39df88487bf5b6bb5e532520e83a6c22ea", - "date": "2019-05-04T20:25:55-04:00", - "sha256": "1l6wc13mwwhv0msa0596wvsq2j2kxj1wjchdz4v1zzia781rpd8m", + "rev": "705986f5a986be5c5ae13193b487c7ec8ca05f16", + "date": "2019-05-18T20:38:59-04:00", + "sha256": "0zpch2cpl2yx0mp7hnyjd03hqs7rxza9wc2p97njsdzhi56gxwxp", "fetchSubmodules": false } -- cgit v1.2.3 From c74d86cf6a1299ba0a11fcfb2341a8632b147420 Mon Sep 17 00:00:00 2001 From: magenbluten Date: Tue, 21 May 2019 19:43:40 +0200 Subject: mb: add new machines --- krebs/3modules/mb/default.nix | 52 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/mb/default.nix b/krebs/3modules/mb/default.nix index c98db4b2..d6e45ba5 100644 --- a/krebs/3modules/mb/default.nix +++ b/krebs/3modules/mb/default.nix @@ -63,6 +63,58 @@ in { }; }; }; + gr33n = { + nets = { + retiolum = { + ip4.addr = "10.243.42.123"; + aliases = [ + "gr33n.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvcqecLfk8TlGFF7JJpv8 + kjLFNgoNfu9FYRMNG4GSxWL5w+49n6b+GC5ciOC+RJ+N56jfB9JYE0MtbuOmkY5M + JUphuvgOCNhTbBJsjnmG9n02evpxZn9HWypNC3oQCvY2K7vHpIxGKR5PyTVKPO0P + OOYKAbCLD9F2bmuLaBQ/dFXFQxfu3tjvJI9mYDWBpSkh1mYeMZLw2xxnRZLs0bEO + ZWdzxCh9UM/mgb4WYuNED9+sz7MSsaMPAqquarFCguUxhjp6rElGFcNWjXaxA5zt + JGS6VompUViVSHjSaQ5/3VRKoIQjr4NOFYQqLpmB5S2OpiggV6I9OpB7QUGlvcYd + I3j+1AeK11HuEyPqSwxjNCCrI12bSIo3685BPHbl+AMhWGhzrCkAGcOCbAefreXQ + 5v4SaKUIDlCYhN+vyNdlu2jvqQlxfJrPAfBt+jJBK6gMcAEKc7P/Oj4B9Fsl331X + s0kWH5G9t6OhO/Of8/kb2/P+YEbM6zi1QQdZAOr6Cg0y4cMt9zxLWknaM4yEDAXH + oSM33PTv9DOvBjfxRXqOHqOHRq5ayqZdIFgfLUlPTdbWRkhNzjG8f7k7p32m20A6 + Kal+OF//I2c9E9vKFzyepyTcnwi3B8+cFJ74+XYaNApdwHSb1BU/+c3O9RJExZGV + jtTSbSJHU5esECtAuXy1XH8CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + sunsh1n3 = { + nets = { + retiolum = { + ip4.addr = "10.243.42.142"; + aliases = [ + "sunsh1n3.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo2VCqp6mUbyo3n+1XpKf + QavpgRYQyv9wAZzYSYHjxThuLmNb/wERPbWJFMZfAGuku0blKWJISSgFWd9YL7dU + pZQZxfqo/9xnS/r0xIKrKSsBiTZt7JZmTQzj1ri11TIO0S1QPjIP5HsxlZZAw0nz + idEDlKmgWs74FPdezlXqvJyEUKDqL/ZQBtdhZZIDMkSJnCdBzXxKwv+uLVE46ZBf + 4HrtQjcj+dyVMogMIoseAgf5lS6V3pyCM7/NHZFxrIxoIAxSsUoB59i2EbK6aUK5 + yuiWHI6ZHToxN2K/0SX96hzxcwrUmdk49tTHBY0Zhn2ku6NjQPU3LuxgIwrSaSJD + /KWh6XkqR7EsCVN0AIsLvFelI2ckSyNyAlnYbMAHDt7GwHlNp4Lsy+x4ZQ6m0xTY + Z+/jt6sfoMiulPcwWEpqNCCf5A65lF77DldQhH3qYrdQ756n/kOqSfQtPCnVNYXy + LlN5rKCOgxKxxtKkwMUif2OM9RPHpM7wS09Rvek6zpL9ymhU5THF7UylLKxKGjYj + 6dTooyRVQRJdrwIYLrJIy0MfGyYiGAJxf/C0KOOZnJPCW2b51+bo5Zh+BhKZYN8H + C2DEGc8+4h5hX1TAaUfTpfVm3mMTh8H2m9N8Pdl5ji+A0m0IwHDLQyaoskcxSjvU + 9IxYLfkSD6AJqasnHlz0L08CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; }; users = { mb = { -- cgit v1.2.3 From be12b8a41370f50b413376717a5db38edfebd828 Mon Sep 17 00:00:00 2001 From: magenbluten Date: Tue, 21 May 2019 20:23:09 +0200 Subject: mb sunshine.r: disable ci --- krebs/3modules/mb/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/mb/default.nix b/krebs/3modules/mb/default.nix index d6e45ba5..e77811f0 100644 --- a/krebs/3modules/mb/default.nix +++ b/krebs/3modules/mb/default.nix @@ -3,7 +3,6 @@ with import ; hostDefaults = hostName: host: flip recursiveUpdate host { ci = true; - monitoring = true; owner = config.krebs.users.mb; }; @@ -90,6 +89,7 @@ in { }; }; sunsh1n3 = { + ci = false; nets = { retiolum = { ip4.addr = "10.243.42.142"; -- cgit v1.2.3 From 08ddffd7812f9ec42f9946dd2c4f8cc4eb7b656c Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 28 May 2019 09:33:37 +0200 Subject: nixpkgs: 705986f -> e2883c3 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 811eb826..340b926c 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "705986f5a986be5c5ae13193b487c7ec8ca05f16", - "date": "2019-05-18T20:38:59-04:00", - "sha256": "0zpch2cpl2yx0mp7hnyjd03hqs7rxza9wc2p97njsdzhi56gxwxp", + "rev": "e2883c31628ea0f3e00f899062327468a20d1aa1", + "date": "2019-05-27T17:09:30-04:00", + "sha256": "1xrpd8ykr8g3h4b33z69vngh6hfayi51jajbnfm6phhpwgd6mmld", "fetchSubmodules": false } -- cgit v1.2.3 From f846ad7bea7bfb201d3e8c7adbc7e4a4c21c604e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:01:10 +0200 Subject: kruck.r: add video.kruck.r alias --- krebs/3modules/external/palo.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/external/palo.nix b/krebs/3modules/external/palo.nix index cefac095..8510cb9a 100644 --- a/krebs/3modules/external/palo.nix +++ b/krebs/3modules/external/palo.nix @@ -34,7 +34,10 @@ in { retiolum = { ip4.addr = "10.243.23.3"; tinc.port = 720; - aliases = [ "kruck.r" ]; + aliases = [ + "kruck.r" + "video.kruck.r" + ]; tinc.pubkey = tinc-for "palo"; }; }; -- cgit v1.2.3 From c8784043f10e6c5456816e2704f9e01cf1c366ee Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:01:49 +0200 Subject: schasch.r: add syncthing.id --- krebs/3modules/external/palo.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/external/palo.nix b/krebs/3modules/external/palo.nix index 8510cb9a..05808714 100644 --- a/krebs/3modules/external/palo.nix +++ b/krebs/3modules/external/palo.nix @@ -52,6 +52,7 @@ in { tinc.pubkey = tinc-for "palo"; }; }; + syncthing.id = "FLY7DHI-TJLEQBJ-JZNC4YV-NBX53Z2-ZBRWADL-BKSFXYZ-L4FMDVH-MOSEVAQ"; }; workhorse = { owner = config.krebs.users.palo; -- cgit v1.2.3 From 64539ffaa463db7a8d9f01953fba3fd9a2bba0ec Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:02:30 +0200 Subject: l prism.r: add codi.lassul.us --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 41f3852b..f4c8f5c6 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -35,6 +35,7 @@ in { default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} -- cgit v1.2.3 From ac0749765211031c9ac677b2f9c6907457ae60a3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 May 2019 15:18:24 +0200 Subject: syncthing: add more options, remove uneeded id --- krebs/3modules/syncthing.nix | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 897ba1e7..9c6acfb0 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -22,7 +22,7 @@ let getApiKey = pkgs.writeDash "getAPIKey" '' ${pkgs.libxml2}/bin/xmllint \ --xpath 'string(configuration/gui/apikey)'\ - ${config.services.syncthing.dataDir}/config.xml + ${config.services.syncthing.configDir}/config.xml ''; updateConfig = pkgs.writeDash "merge-syncthing-config" '' @@ -31,9 +31,9 @@ let ${pkgs.untilport}/bin/untilport localhost 8384 API_KEY=$(${getApiKey}) CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config) - echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * { - "devices": ${builtins.toJSON devices}, - "folders": ${builtins.toJSON folders} + echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] as $in | $in * { + "devices": (${builtins.toJSON devices}${optionalString (! cfg.overridePeers) " + $in.devices"}), + "folders": (${builtins.toJSON folders}${optionalString (! cfg.overrideFolders) " + $in.folders"}) }' | ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config -d @- ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/restart -X POST ''; @@ -45,11 +45,6 @@ in enable = mkEnableOption "syncthing-init"; - id = mkOption { - type = types.str; - default = config.krebs.build.host.name; - }; - cert = mkOption { type = types.nullOr types.absolute-pathname; default = null; @@ -60,6 +55,13 @@ in default = null; }; + overridePeers = mkOption { + type = types.bool; + default = true; + description = '' + Whether to delete the peers which are not configured via the peers option + ''; + }; peers = mkOption { default = {}; type = types.attrsOf (types.submodule ({ @@ -80,6 +82,13 @@ in })); }; + overrideFolders = mkOption { + type = types.bool; + default = true; + description = '' + Whether to delete the folders which are not configured via the peers option + ''; + }; folders = mkOption { default = {}; type = types.attrsOf (types.submodule ({ config, ... }: { @@ -135,14 +144,14 @@ in systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) { preStart = '' ${optionalString (cfg.cert != null) '' - cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem - chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem - chmod 400 ${config.services.syncthing.dataDir}/cert.pem + cp ${toString cfg.cert} ${config.services.syncthing.configDir}/cert.pem + chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.configDir}/cert.pem + chmod 400 ${config.services.syncthing.configDir}/cert.pem ''} ${optionalString (cfg.key != null) '' - cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem - chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem - chmod 400 ${config.services.syncthing.dataDir}/key.pem + cp ${toString cfg.key} ${config.services.syncthing.configDir}/key.pem + chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.configDir}/key.pem + chmod 400 ${config.services.syncthing.configDir}/key.pem ''} ''; }; -- cgit v1.2.3 From 4caeb3d3f8525721cefa7a74e79781a3b9787eb6 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 12 Jun 2019 09:56:07 +0200 Subject: wolf.r: add declarative gitlab-runner --- krebs/1systems/wolf/config.nix | 1 + krebs/2configs/shack/gitlab-runner.nix | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 krebs/2configs/shack/gitlab-runner.nix (limited to 'krebs') diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index ec883071..995e4966 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -26,6 +26,7 @@ in + { systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate systemd.services.telegraf.environment = { diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix new file mode 100644 index 00000000..57d670ea --- /dev/null +++ b/krebs/2configs/shack/gitlab-runner.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: +let + runner-src = builtins.fetchTarball { + url = "https://gitlab.com/arianvp/nixos-gitlab-runner/-/archive/master/nixos-gitlab-runner-master.tar.gz"; + sha256 = "1s0fy5ny2ygcfvx35xws8xz5ih4z4kdfqlq3r6byxpylw7r52fyi"; + }; +in +{ + systemd.services.gitlab-runner.path = [ + "/run/wrappers" # /run/wrappers/bin/su + "/" # /bin/sh + ]; + imports = [ + "${runner-src}/gitlab-runner.nix" + ]; + services.gitlab-runner2.enable = true; + ## registrationConfigurationFile contains: + # CI_SERVER_URL= + # REGISTRATION_TOKEN= + services.gitlab-runner2.registrationConfigFile = ; +} -- cgit v1.2.3 From 30a90e48b91ba9d09da7cafe8ad81dcc153554d3 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 12 Jun 2019 20:53:02 +0200 Subject: wolf.r: add documentation for imports --- krebs/1systems/wolf/config.nix | 84 +++++++++++------------------------------- 1 file changed, 21 insertions(+), 63 deletions(-) (limited to 'krebs') diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 995e4966..f629c598 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -11,84 +11,42 @@ in - - - + # handle the worlddomination map via coap + + # drivedroid.shack for shackphone # - + # Say if muell will be collected - + + # create samba share for anonymous usage with the laser and 3d printer pc + + # mobile.lounge.mpd.shack + # connect to git.shackspace.de as group runner for rz - { - systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate - systemd.services.telegraf.environment = { - MIBDIRS = pkgs.fetchgit { - url = "http://git.shackspace.de/makefu/modem-mibs.git"; - sha256 = - "1rhrpaascvj5p3dj29hrw79gm39rp0aa787x95m3r2jrcq83ln1k"; - }; # extra mibs like ADSL - }; - services.telegraf = { - enable = true; - extraConfig = { - inputs = { - snmp = { - agents = [ "10.0.1.3:161" ]; - version = 2; - community = "shack"; - name = "snmp"; - field = [ - { - name = "hostname"; - oid = "RFC1213-MIB::sysName.0"; - is_tag = true; - } - { - name = "load-percent"; #cisco - oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.9"; - } - { - name = "uptime"; - oid = "DISMAN-EVENT-MIB::sysUpTimeInstance"; - } - ]; - table = [{ - name = "snmp"; - inherit_tags = [ "hostname" ]; - oid = "IF-MIB::ifXTable"; - field = [{ - name = "ifName"; - oid = "IF-MIB::ifName"; - is_tag = true; - }]; - }]; - }; - }; - outputs = { - influxdb = { - urls = [ "http://${influx-host}:8086" ]; - database = "telegraf"; - write_consistency = "any"; - timeout = "5s"; - }; - }; - }; - }; - } + # Statistics collection and visualization + + ## Collect data from mqtt.shack and store in graphite database + + ## Collect radioactive data and put into graphite + + ## Collect local statistics via collectd and send to collectd + + ## write collectd statistics to wolf.shack + + { services.influxdb.enable = true; } ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) - services.influxdb.enable = true; # local discovery in shackspace nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; @@ -157,10 +115,10 @@ in # fallout of ipv6calypse networking.extraHosts = '' hass.shack 10.42.2.191 - heidi.shack 10.42.2.135 ''; users.extraUsers.root.openssh.authorizedKeys.keys = [ + config.krebs.users."0x4a6f".pubkey config.krebs.users.ulrich.pubkey config.krebs.users.raute.pubkey config.krebs.users.makefu-omo.pubkey -- cgit v1.2.3 From 27f3c2cd53adce6a0dcc6e2b9e917b8da9486d24 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Jun 2019 20:17:45 +0200 Subject: wolf.r: add netbox docker-compose --- krebs/1systems/wolf/config.nix | 2 ++ krebs/2configs/shack/netbox.nix | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 krebs/2configs/shack/netbox.nix (limited to 'krebs') diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index f629c598..7ca0f0ec 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -43,6 +43,8 @@ in ## write collectd statistics to wolf.shack { services.influxdb.enable = true; } + + ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) diff --git a/krebs/2configs/shack/netbox.nix b/krebs/2configs/shack/netbox.nix new file mode 100644 index 00000000..4fb5a7db --- /dev/null +++ b/krebs/2configs/shack/netbox.nix @@ -0,0 +1,39 @@ +{ pkgs, ... }: +{ + environment.systemPackages = [ pkgs.docker-compose ]; + virtualisation.docker.enable = true; + services.nginx = { + enable = true; + virtualHosts."netbox.shack".locations."/".proxyPass = "http://localhost:18080"; + }; + # we store the netbox config there: + # state = [ "/var/lib/netbox" ]; + systemd.services.backup-netbox = { + after = [ "netbox-docker-compose.service" ]; + startAt = "daily"; + path = with pkgs; [ docker-compose docker gzip coreutils ]; + script = '' + cd /var/lib/netbox + mkdir -p backup + docker-compose exec -T -upostgres postgres pg_dumpall \ + | gzip > backup/netdata_$(date -Iseconds).dump.gz + ''; + }; + + systemd.services.netbox-docker-compose = { + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" "docker.service" ]; + environment.VERSION = "v2.5.13"; + serviceConfig = { + WorkingDirectory = "/var/lib/netbox"; + # TODO: grep -q NAPALM_SECRET env/netbox.env + # TODO: grep -q NAPALM_SECRET netbox-netprod-importer/switches.yml + ExecStartPre = "${pkgs.docker-compose}/bin/docker-compose pull"; + ExecStart = "${pkgs.docker-compose}/bin/docker-compose up"; + Restart = "always"; + RestartSec = "10"; + StartLimitIntervalSec = 60; + StartLimitBurst = 3; + }; + }; +} -- cgit v1.2.3 From df8e811695bae334879981c6b2696be226e73f72 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Jun 2019 20:28:32 +0200 Subject: external: add 0x4a6f --- krebs/3modules/external/default.nix | 4 ++++ krebs/3modules/external/ssh/0x4a6f.pub | 1 + 2 files changed, 5 insertions(+) create mode 100644 krebs/3modules/external/ssh/0x4a6f.pub (limited to 'krebs') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 080c259a..70c49cfc 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -487,6 +487,10 @@ in { mail = "shackspace.de@myvdr.de"; pubkey = ssh-for "ulrich"; }; + "0x4a6f" = { + mail = "0x4a6f@shackspace.de"; + pubkey = ssh-for "0x4a6f"; + }; miaoski = { }; filly = { diff --git a/krebs/3modules/external/ssh/0x4a6f.pub b/krebs/3modules/external/ssh/0x4a6f.pub new file mode 100644 index 00000000..1ea084ba --- /dev/null +++ b/krebs/3modules/external/ssh/0x4a6f.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMoQSUz0wcV8tnTKsYO3sO6XG6EHap8R63ihfMHkxPS -- cgit v1.2.3 From 592d157eba8f1b5ba35f1fca64c2905897468f83 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Jun 2019 20:43:32 +0200 Subject: wolf secrets: add shackspace-gitlab-ci --- krebs/0tests/data/secrets/shackspace-gitlab-ci | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 krebs/0tests/data/secrets/shackspace-gitlab-ci (limited to 'krebs') diff --git a/krebs/0tests/data/secrets/shackspace-gitlab-ci b/krebs/0tests/data/secrets/shackspace-gitlab-ci new file mode 100644 index 00000000..e69de29b -- cgit v1.2.3 From 4e7af580d81f02f6d07d38917f124f4b99483603 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 13 Jun 2019 23:30:54 +0200 Subject: krops: get correct secrets --- krebs/krops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/krops.nix b/krebs/krops.nix index 94418fdc..8d38ed5b 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -50,7 +50,7 @@ { nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; secrets = if test then { - file = toString ; + file = toString ./0tests/data/secrets; } else { pass = { dir = "${lib.getEnv "HOME"}/brain"; -- cgit v1.2.3 From b6caea7a6219792d6c3a10567e15a0144a5c994b Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 14 Jun 2019 23:56:07 +0200 Subject: ma wiregrill: update gum, add rockit --- krebs/3modules/makefu/wiregrill/gum.pub | 2 +- krebs/3modules/makefu/wiregrill/rockit.pub | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 krebs/3modules/makefu/wiregrill/rockit.pub (limited to 'krebs') diff --git a/krebs/3modules/makefu/wiregrill/gum.pub b/krebs/3modules/makefu/wiregrill/gum.pub index 4a5f666c..67d6c721 100644 --- a/krebs/3modules/makefu/wiregrill/gum.pub +++ b/krebs/3modules/makefu/wiregrill/gum.pub @@ -1 +1 @@ -yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo= +A7UPKSUaCZaJ9hXv6X4jvcZ+5X+PlS1EmCwxlLBAKH0= diff --git a/krebs/3modules/makefu/wiregrill/rockit.pub b/krebs/3modules/makefu/wiregrill/rockit.pub new file mode 100644 index 00000000..6cb0d960 --- /dev/null +++ b/krebs/3modules/makefu/wiregrill/rockit.pub @@ -0,0 +1 @@ +YmvTL4c13WS6f88ZAz2m/2deL2pnPXI0Ay3edCPE1Qc= -- cgit v1.2.3 From df9b3fa1be5eb3e812f605ea78ac3f7363b52211 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 14 Jun 2019 23:58:24 +0200 Subject: shack/gitlab-runner: remove trailing whitespace --- krebs/2configs/shack/gitlab-runner.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix index 57d670ea..0fd06426 100644 --- a/krebs/2configs/shack/gitlab-runner.nix +++ b/krebs/2configs/shack/gitlab-runner.nix @@ -10,7 +10,7 @@ in "/run/wrappers" # /run/wrappers/bin/su "/" # /bin/sh ]; - imports = [ + imports = [ "${runner-src}/gitlab-runner.nix" ]; services.gitlab-runner2.enable = true; -- cgit v1.2.3 From ec93824f05c8f89e738831c2c059e934cbffafb8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Jun 2019 00:53:35 +0200 Subject: external: add rilke.w --- krebs/3modules/external/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 080c259a..beff63df 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -241,6 +241,13 @@ in { }; }; }; + rilke = { + owner = config.krebs.users.kmein; + nets.wiregrill = { + aliases = [ "rilke.w" ]; + wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ="; + }; + }; rock = { owner = config.krebs.users.Mic92; nets = { @@ -493,4 +500,3 @@ in { }; }; } - -- cgit v1.2.3 From eda35fc0a6e9f9a4d65d4ed6d47ef527bf612e0d Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 15 Jun 2019 01:05:01 +0200 Subject: ma: add rockit, wiregrill for gum --- krebs/3modules/makefu/default.nix | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index b38c9104..dc9ade19 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -143,11 +143,19 @@ in { ci = true; cores = 4; nets = { + lan = { + ip4.addr = "192.168.8.11"; + aliases = [ + "wbob.lan" + "log.wbob.lan" + ]; + }; retiolum = { ip4.addr = "10.243.214.15"; aliases = [ "wbob.r" "hydra.wbob.r" + "log.wbob.r" ]; }; }; @@ -182,6 +190,7 @@ in { wiki.euer IN A ${nets.internet.ip4.addr} wikisearch IN A ${nets.internet.ip4.addr} io IN NS gum.krebsco.de. + mediengewitter IN CNAME over.dose.io. ''; }; cores = 8; @@ -196,13 +205,9 @@ in { }; wiregrill = { via = internet; + ip4.addr = "10.245.0.1"; ip6.addr = w6 "1"; - wireguard = { - subnets = [ - (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR - (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR - ]; - }; + wireguard.port = 51821; }; retiolum = { via = internet; @@ -247,7 +252,6 @@ in { cores = 1; extraZones = { "krebsco.de" = '' - mediengewitter IN A ${nets.internet.ip4.addr} flap IN A ${nets.internet.ip4.addr} ''; }; @@ -281,6 +285,10 @@ in { }; }; }; + rockit = rec { # router@home + cores = 1; + nets.wiregrill.ip4.addr = "10.245.0.2"; + }; senderechner = rec { cores = 2; -- cgit v1.2.3 From cdd1c018ec4a0022cc5d8ddf3ad355952131e8a2 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 15 Jun 2019 01:25:27 +0200 Subject: ma wiregrill: ipv4 for wiregrill LOL! --- krebs/3modules/makefu/default.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index dc9ade19..601762b9 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -205,9 +205,13 @@ in { }; wiregrill = { via = internet; - ip4.addr = "10.245.0.1"; + ip4.addr = "10.244.245.1"; ip6.addr = w6 "1"; wireguard.port = 51821; + wireguard.subnets = [ + (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR + "10.244.245.0/24" # required for routing directly to gum via rockit + ]; }; retiolum = { via = internet; @@ -287,7 +291,7 @@ in { }; rockit = rec { # router@home cores = 1; - nets.wiregrill.ip4.addr = "10.245.0.2"; + nets.wiregrill.ip4.addr = "10.244.245.2"; }; senderechner = rec { -- cgit v1.2.3 From 3fa17455eff14e2f6c6bf4fef06c776a94014938 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Jun 2019 12:20:18 +0200 Subject: nixpkgs: e2883c3 -> 1601f55 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 340b926c..d294ca6d 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "e2883c31628ea0f3e00f899062327468a20d1aa1", - "date": "2019-05-27T17:09:30-04:00", - "sha256": "1xrpd8ykr8g3h4b33z69vngh6hfayi51jajbnfm6phhpwgd6mmld", + "rev": "1601f559e89ba71091faa26888711d4dd24c2d4d", + "date": "2019-06-14T16:14:30-04:00", + "sha256": "0iayyz9617mz6424spwbi9qvmcl8hiql42czxg8mi4ycq4p1k0dx", "fetchSubmodules": false } -- cgit v1.2.3 From ff283af7b255418e2ca75bc54dadaf354d3a4dd7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Jun 2019 18:24:06 +0200 Subject: external: add wilde.r (kmein) --- krebs/3modules/external/default.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index bdbfd1cb..ac656f46 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -43,6 +43,31 @@ in { }; }; }; + wilde = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.4"; + aliases = [ "wilde.r" ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtz/MY5OSxJqrEMv6Iwjk + g/V58MATljj+2bmOuOuPui/AUYHEZX759lHW4MgLjYdNbZEoVq8UgkxNk0KPGlSg + 2lsJ7FneCU7jBSE2iLT1aHuNFFa56KzSThFUl6Nj6Vyg5ghSmDF2tikurtG2q+Ay + uxf5/yEhFUPc1ZxmvJDqVHMeW5RZkuKXH00C7yN+gdcPuuFEFq+OtHNkBVmaxu7L + a8Q6b/QbrwQJAR9FAcm5WSQIj2brv50qnD8pZrU4loVu8dseQIicWkRowC0bzjAo + IHZTbF/S+CK0u0/q395sWRQJISkD+WAZKz5qOGHc4djJHBR3PWgHWBnRdkYqlQYM + C9zA/n4I+Y2BEfTWtgkD2g0dDssNGP5dlgFScGmRclR9pJ/7dsIbIeo9C72c6q3q + sg0EIWggQ8xyWrUTXIMoDXt37htlTSnTgjGsuwRzjotAEMJmgynWRf3br3yYChrq + 10Exq8Lej+iOuKbdAXlwjKEk0qwN7JWft3OzVc2DMtKf7rcZQkBoLfWKzaCTQ4xo + 1Y7d4OlcjbgrkLwHltTaShyosm8kbttdeinyBG1xqQcK11pMO43GFj8om+uKrz57 + lQUVipu6H3WIVGnvLmr0e9MQfThpC1em/7Aq2exn1JNUHhCdEho/mK2x/doiiI+0 + QAD64zPmuo9wsHnSMR2oKs0CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; dpdkm = { owner = config.krebs.users.Mic92; nets = rec { -- cgit v1.2.3 From 3dd3da513c7b28a44a12a86fc8d380f684088aad Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Jun 2019 11:36:55 +0200 Subject: nixpkgs: 1601f55 -> f01ed7b --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index d294ca6d..53340de9 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "1601f559e89ba71091faa26888711d4dd24c2d4d", - "date": "2019-06-14T16:14:30-04:00", - "sha256": "0iayyz9617mz6424spwbi9qvmcl8hiql42czxg8mi4ycq4p1k0dx", + "rev": "f01ed7b38aaa1d5e52951ecf92d06b600eb9e3c8", + "date": "2019-06-18T11:50:10+02:00", + "sha256": "0pnnzss0pig7xh9x9jyyphrnir7smln71ig3h6asv2y3jl6xs9p6", "fetchSubmodules": false } -- cgit v1.2.3 From ad7800ecce810ff4b2e4b300509e628195444274 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Jun 2019 15:22:37 +0200 Subject: nixpkgs: f01ed7b -> d77e3bd --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 53340de9..4118a1dd 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "f01ed7b38aaa1d5e52951ecf92d06b600eb9e3c8", - "date": "2019-06-18T11:50:10+02:00", - "sha256": "0pnnzss0pig7xh9x9jyyphrnir7smln71ig3h6asv2y3jl6xs9p6", + "rev": "d77e3bd661354ea775a8cacc97bb59ddde513c09", + "date": "2019-06-18T23:08:17+02:00", + "sha256": "1m82zs00n6nc0pkdpmd9amm013qxwksjfhzcm6gck3p469q7n866", "fetchSubmodules": false } -- cgit v1.2.3