From 9052d190a352ef9b581d084e2edcd95800cadcfe Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 3 Dec 2018 09:20:48 +0100
Subject: ma gum.r: enable download.binaergewitter and cache.nsupdate.info

---
 makefu/1systems/gum/config.nix | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'makefu/1systems/gum/config.nix')

diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 3d2cbac6..a1691da3 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -4,13 +4,14 @@ with import <stockholm/lib>;
 let
   external-ip = config.krebs.build.host.nets.internet.ip4.addr;
   ext-if = config.makefu.server.primary-itf;
+  allDisks = [ "/dev/sda" "/dev/sdb" ];
 in {
   imports = [
       <stockholm/makefu>
       ./hardware-config.nix
       {
         users.users.lass = {
-          uid = 9002;
+          uid = 19002;
           isNormalUser = true;
           createHome = true;
           useDefaultShell = true;
@@ -21,7 +22,7 @@ in {
         };
       }
       <stockholm/makefu/2configs/headless.nix>
-      # <stockholm/makefu/2configs/smart-monitor.nix>
+      <stockholm/makefu/2configs/smart-monitor.nix>
 
       # Security
       <stockholm/makefu/2configs/sshd-totp.nix>
@@ -93,13 +94,15 @@ in {
       <stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
       <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
       <stockholm/makefu/2configs/nginx/iso.euer.nix>
+      <stockholm/krebs/2configs/cache.nsupdate.info.nix>
       <stockholm/makefu/2configs/shack/events-publisher>
 
       <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
       <stockholm/makefu/2configs/deployment/graphs.nix>
       <stockholm/makefu/2configs/deployment/owncloud.nix>
       <stockholm/makefu/2configs/deployment/boot-euer.nix>
-      <stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
+      <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
+      <stockholm/makefu/2configs/bgt/hidden_service.nix>
 
       <stockholm/makefu/2configs/stats/client.nix>
       # <stockholm/makefu/2configs/logging/client.nix>
@@ -132,7 +135,7 @@ in {
       ListenAddress = ${external-ip} 21031
     '';
     connectTo = [
-      "prism" "ni" "enklave" "dishfire" "echelon" "hotdog"
+      "prism" "ni" "enklave" "eve" "archprism"
     ];
   };
 
@@ -189,6 +192,7 @@ in {
     nameservers = [ "8.8.8.8" ];
   };
   users.users.makefu.extraGroups = [ "download" "nginx" ];
+  services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
   boot.tmpOnTmpfs = true;
   state = [ "/home/makefu/.weechat" ];
 }
-- 
cgit v1.2.3


From 1a88a8ae6447528fc505607f680573c501fc2273 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 12 Dec 2018 18:41:51 +0100
Subject: ma events-publisher: use 1.0.0

---
 makefu/1systems/gum/config.nix | 109 +++++++++++++++--------------------------
 1 file changed, 40 insertions(+), 69 deletions(-)

(limited to 'makefu/1systems/gum/config.nix')

diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index a1691da3..dcfa3d0e 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -21,8 +21,12 @@ in {
           ];
         };
       }
+      # <stockholm/makefu/2configs/stats/client.nix>
+      <stockholm/makefu/2configs/stats/netdata-server.nix>
+
       <stockholm/makefu/2configs/headless.nix>
       <stockholm/makefu/2configs/smart-monitor.nix>
+      { services.smartd.devices = builtins.map (x: { device = x; }) allDisks; }
 
       # Security
       <stockholm/makefu/2configs/sshd-totp.nix>
@@ -31,6 +35,8 @@ in {
       <stockholm/makefu/2configs/tools/core.nix>
       <stockholm/makefu/2configs/tools/dev.nix>
       <stockholm/makefu/2configs/tools/sec.nix>
+      <stockholm/makefu/2configs/tools/desktop.nix>
+
       <stockholm/makefu/2configs/zsh-user.nix>
       <stockholm/makefu/2configs/mosh.nix>
       # <stockholm/makefu/2configs/gui/xpra.nix>
@@ -42,17 +48,47 @@ in {
       <stockholm/makefu/2configs/iodined.nix>
       # <stockholm/makefu/2configs/backup.nix>
       <stockholm/makefu/2configs/tinc/retiolum.nix>
+      { # bonus retiolum config for connecting more hosts
+        krebs.tinc.retiolum = {
+          extraConfig = ''
+            ListenAddress = ${external-ip} 53
+            ListenAddress = ${external-ip} 655
+            ListenAddress = ${external-ip} 21031
+          '';
+          connectTo = [
+            "prism" "ni" "enklave" "eve" "archprism"
+          ];
+        };
+        networking.firewall = {
+          allowedTCPPorts =
+          [
+            53
+            655
+            21031
+          ];
+          allowedUDPPorts =
+          [
+            53
+            655
+            21031
+          ];
+        };
+      }
 
       # ci
       # <stockholm/makefu/2configs/exim-retiolum.nix>
       <stockholm/makefu/2configs/git/cgit-retiolum.nix>
+      <stockholm/makefu/2configs/shack/events-publisher>
       <stockholm/makefu/2configs/shack/gitlab-runner>
       <stockholm/makefu/2configs/remote-build/slave.nix>
       <stockholm/makefu/2configs/taskd.nix>
 
       # services
-      <stockholm/makefu/2configs/sabnzbd.nix>
+      # <stockholm/makefu/2configs/sabnzbd.nix>
       <stockholm/makefu/2configs/mail/mail.euer.nix>
+      {
+        krebs.exim.enable = mkForce false;
+      }
 
       # sharing
       <stockholm/makefu/2configs/share/gum.nix>
@@ -60,13 +96,6 @@ in {
       #<stockholm/makefu/2configs/retroshare.nix>
       ## <stockholm/makefu/2configs/ipfs.nix>
       #<stockholm/makefu/2configs/syncthing.nix>
-      { # ncdc
-        environment.systemPackages = [ pkgs.ncdc ];
-        networking.firewall = {
-          allowedUDPPorts = [ 51411 ];
-          allowedTCPPorts = [ 51411 ];
-        };
-      }
       # <stockholm/makefu/2configs/opentracker.nix>
 
       ## network
@@ -92,10 +121,9 @@ in {
       #<stockholm/makefu/2configs/nginx/public_html.nix>
       #<stockholm/makefu/2configs/nginx/update.connector.one.nix>
       <stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
-      <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
+      # <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
       <stockholm/makefu/2configs/nginx/iso.euer.nix>
       <stockholm/krebs/2configs/cache.nsupdate.info.nix>
-      <stockholm/makefu/2configs/shack/events-publisher>
 
       <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
       <stockholm/makefu/2configs/deployment/graphs.nix>
@@ -104,7 +132,6 @@ in {
       <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
       <stockholm/makefu/2configs/bgt/hidden_service.nix>
 
-      <stockholm/makefu/2configs/stats/client.nix>
       # <stockholm/makefu/2configs/logging/client.nix>
 
       # sharing
@@ -118,7 +145,8 @@ in {
 
       # krebs infrastructure services
       <stockholm/makefu/2configs/stats/server.nix>
-  ];
+    ];
+
   makefu.dl-dir = "/var/download";
 
   services.openssh.hostKeys = [
@@ -128,71 +156,14 @@ in {
   services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
   krebs.build.host = config.krebs.hosts.gum;
 
-  krebs.tinc.retiolum = {
-    extraConfig = ''
-      ListenAddress = ${external-ip} 53
-      ListenAddress = ${external-ip} 655
-      ListenAddress = ${external-ip} 21031
-    '';
-    connectTo = [
-      "prism" "ni" "enklave" "eve" "archprism"
-    ];
-  };
-
-
-  # access
-  users.users = {
-    root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
-    makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ];
-  };
-
-  # Chat
-  environment.systemPackages = with pkgs;[
-    weechat
-    bepasty-client-cli
-    tmux
-  ];
-
-  # Hardware
-
   # Network
   networking = {
     firewall = {
         allowPing = true;
         logRefusedConnections = false;
-        allowedTCPPorts = [
-          # smtp
-          25
-          # http
-          80 443
-          # httptunnel
-          8080 8443
-          # tinc
-          655
-          # tinc-shack
-          21032
-          # tinc-retiolum
-          21031
-          # taskserver
-          53589
-          # temp vnc
-          18001
-          # temp reverseshell
-          31337
-        ];
-        allowedUDPPorts = [
-          # tinc
-          655 53
-          # tinc-retiolum
-          21031
-          # tinc-shack
-          21032
-        ];
     };
     nameservers = [ "8.8.8.8" ];
   };
   users.users.makefu.extraGroups = [ "download" "nginx" ];
-  services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
-  boot.tmpOnTmpfs = true;
   state = [ "/home/makefu/.weechat" ];
 }
-- 
cgit v1.2.3