summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-06-30 16:31:05 +0200
committertv <tv@krebsco.de>2016-06-30 16:31:05 +0200
commitd81b068113325fb7604089c3647c365a41804978 (patch)
tree4c43ad2142825ac7c0a7045e5c48a039b25f6786
parent1542f9bbee823025f703e6abf3836905cee416fd (diff)
parentf12578c66f8b7b829c0dec5255f358778c0d3366 (diff)
Merge remote-tracking branch 'prism/master'
-rw-r--r--krebs/3modules/iptables.nix2
-rw-r--r--krebs/3modules/lass/default.nix38
-rw-r--r--krebs/3modules/makefu/default.nix93
-rw-r--r--krebs/3modules/repo-sync.nix135
-rw-r--r--krebs/3modules/tinc_graphs.nix59
-rw-r--r--krebs/5pkgs/Reaktor/default.nix3
-rw-r--r--krebs/5pkgs/default.nix14
-rw-r--r--krebs/5pkgs/git-hooks/default.nix9
-rw-r--r--lass/1systems/cloudkrebs.nix1
-rw-r--r--lass/1systems/dishfire.nix31
-rw-r--r--lass/1systems/echelon.nix2
-rw-r--r--lass/1systems/mors.nix53
-rw-r--r--lass/1systems/prism.nix10
-rw-r--r--lass/1systems/shodan.nix40
-rw-r--r--lass/2configs/baseX.nix13
-rw-r--r--lass/2configs/binary-cache/client.nix9
-rw-r--r--lass/2configs/binary-cache/server.nix30
-rw-r--r--lass/2configs/binary-caches.nix13
-rw-r--r--lass/2configs/buildbot-standalone.nix100
-rw-r--r--lass/2configs/c-base.nix (renamed from lass/2configs/cbase.nix)0
-rw-r--r--lass/2configs/default.nix21
-rw-r--r--lass/2configs/downloading.nix1
-rw-r--r--lass/2configs/exim-smarthost.nix2
-rw-r--r--lass/2configs/fetchWallpaper.nix3
-rw-r--r--lass/2configs/gc.nix8
-rw-r--r--lass/2configs/git.nix13
-rw-r--r--lass/2configs/hw/tp-x220.nix54
-rw-r--r--lass/2configs/mail.nix7
-rw-r--r--lass/2configs/newsbot-js.nix3
-rw-r--r--lass/2configs/nixpkgs.nix8
-rw-r--r--lass/2configs/power-action.nix41
-rw-r--r--lass/2configs/pulse.nix96
-rw-r--r--lass/2configs/radio.nix25
-rw-r--r--lass/2configs/realwallpaper-server.nix32
-rw-r--r--lass/2configs/realwallpaper.nix29
-rw-r--r--lass/2configs/repo-sync.nix106
-rw-r--r--lass/2configs/tests/dummy-secrets/cbase.txt0
-rw-r--r--lass/2configs/tests/dummy-secrets/hashedPasswords.nix1
-rw-r--r--lass/2configs/tests/dummy-secrets/icecast-admin-pw1
-rw-r--r--lass/2configs/tests/dummy-secrets/icecast-source-pw1
-rw-r--r--lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv3
-rw-r--r--lass/2configs/tests/dummy-secrets/mysql_rootPassword1
-rw-r--r--lass/2configs/tests/dummy-secrets/nix-serve.key1
-rw-r--r--lass/2configs/tests/dummy-secrets/repos.nix1
-rw-r--r--lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv4
-rw-r--r--lass/2configs/tests/dummy-secrets/ssh.id_ed255193
-rw-r--r--lass/2configs/tests/dummy-secrets/ssh.id_rsa3
-rw-r--r--lass/2configs/tests/dummy-secrets/transmission-pw1
-rw-r--r--lass/2configs/umts.nix62
-rw-r--r--lass/2configs/vim.nix463
-rw-r--r--lass/2configs/websites/domsen.nix105
-rw-r--r--lass/2configs/websites/fritz.nix39
-rw-r--r--lass/2configs/weechat.nix1
-rw-r--r--lass/2configs/wordpress.nix59
-rw-r--r--lass/2configs/xserver/Xresources.nix47
-rw-r--r--lass/2configs/zsh.nix8
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/power-action.nix93
-rw-r--r--lass/5pkgs/default.nix9
-rw-r--r--lass/5pkgs/q/default.nix185
-rw-r--r--lass/5pkgs/rs/default.nix6
-rw-r--r--lass/5pkgs/xmonad-lass.nix (renamed from lass/5pkgs/xmonad-lass/Main.hs)17
-rw-r--r--lass/5pkgs/xmonad-lass/.gitignore1
-rw-r--r--lass/5pkgs/xmonad-lass/Makefile6
-rw-r--r--lass/5pkgs/xmonad-lass/xmonad.cabal17
-rw-r--r--makefu/1systems/darth.nix24
-rw-r--r--makefu/1systems/omo.nix47
-rw-r--r--makefu/1systems/pornocauster.nix12
-rw-r--r--makefu/1systems/shoney.nix54
-rw-r--r--makefu/1systems/wry.nix13
-rw-r--r--makefu/2configs/default.nix15
-rw-r--r--makefu/2configs/fs/CAC-CentOS-7-64bit.nix20
-rw-r--r--makefu/2configs/fs/sda-crypto-root.nix6
-rw-r--r--makefu/2configs/hw/CAC.nix13
-rw-r--r--makefu/2configs/hw/fingerprint-reader.nix6
-rw-r--r--makefu/2configs/hw/tp-x220.nix4
-rw-r--r--makefu/2configs/hw/tp-x2x0.nix3
-rw-r--r--makefu/2configs/save-diskspace.nix9
-rw-r--r--makefu/3modules/umts.nix10
-rw-r--r--makefu/5pkgs/bintray-upload/default.nix19
-rw-r--r--makefu/5pkgs/default.nix3
-rw-r--r--makefu/6tests/data/secrets/bepasty-secret.nix1
-rw-r--r--makefu/6tests/data/secrets/hashedPasswords.nix1
-rw-r--r--makefu/6tests/data/secrets/iodinepw.nix1
-rw-r--r--makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv0
-rw-r--r--makefu/6tests/data/secrets/retiolum.rsa_key.priv0
-rw-r--r--makefu/6tests/data/secrets/retiolum.rsa_key.pub0
-rw-r--r--makefu/6tests/data/secrets/sambacred0
-rw-r--r--makefu/6tests/data/secrets/ssh.makefu.id_rsa0
-rw-r--r--makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub0
-rw-r--r--makefu/6tests/data/secrets/ssh_host_ed25519_key0
-rw-r--r--makefu/6tests/data/secrets/tinc.krebsco.de.crt0
-rw-r--r--makefu/6tests/data/secrets/tinc.krebsco.de.key0
-rw-r--r--makefu/6tests/data/secrets/tw-pass.ini0
-rw-r--r--makefu/6tests/data/secrets/wildcard.krebsco.de.crt0
-rw-r--r--makefu/6tests/data/secrets/wildcard.krebsco.de.key0
-rw-r--r--shared/1systems/wolf.nix4
-rw-r--r--shared/2configs/shared-buildbot.nix4
98 files changed, 1899 insertions, 613 deletions
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index dccc11b3f..b610ff3d1 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -1,4 +1,4 @@
-arg@{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:
let
inherit (pkgs) writeText;
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 65da85ac4..d2542041f 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -91,6 +91,7 @@ with config.krebs.lib;
"prism.retiolum"
"prism.r"
"cgit.prism.retiolum"
+ "cache.prism.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -107,36 +108,17 @@ with config.krebs.lib;
ssh.privkey.path = <secrets/ssh.id_rsa>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
};
- fastpoke = {
+ domsen-nas = {
nets = rec {
internet = {
- ip4.addr = "193.22.164.36";
aliases = [
- "fastpoke.internet"
+ "domsen-nas.internet"
];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.253.152";
- ip6.addr = "42:422a:194f:ff3b:e196:2f82:5cf5:bc00";
- aliases = [
- "fastpoke.retiolum"
- "fastpoke.r"
- "cgit.fastpoke.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq
- DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O
- FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ
- ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB
- EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy
- rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ ip4.addr = "87.138.180.167";
+ ssh.port = 2223;
};
};
- ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRyEogeejET/UlqYYzrla3W2xG771oLK8uTFsVlVQFes4/c++Pp3KryJ/+avb/FQGlUb5YTO2SViZyAPTyw3Anv/8wxryB6ExDcfiiPL9D4Kgk559Gc1C+8vJu3Se3zB9huefllhdwsVkeFrInyWRarH3LNSbBq1TH2Rw/T4wyDVILu/QFxyqECdNzi6sufQ/92rEi3oDqlMbS8f45nbVm9CJpdn7ATwLW1PoBrrYkGll3P7ggOmR45rgldTVCLq3rIrIooiOaOhY1Leq+/sBeDa7fVeRFxFaLGYb9KFjQ4x2kL+3dDv0r726wKhrMQX75g/+Hqkv2di4/AGETI71b";
+ ssh.pubkey = "ssh-dss AAAAB3NzaC1kc3MAAAEBAPH5Hcrc2QzIi7KQLf17N+aUuFfwb7uKxuojzmO3kyb3nMdn3s+rfTCJLWTJeHCeKb6yMpDF1XGXZwVN+omWV8CsA9tivOHYzZws3b0QB/JENjYmhHbNkKijm6EWXSyvsJ2RuFj0PC8+cv77ZFx7VTnrwZk6Excv7v51j+qo5BejLL1ZybISld/n3kQWE+GJqBYJ9zp/25XEl7macH02o58lRhfqygunDlKm4yiq34pfkA7FS4eHNzcXGvmtQlAHeDts1APbKq8OAoYoyCo0gjK9nbAwbfm0yqM51+eIo3H6xLWjSBdMI9guqndNJWps9PpKHa3bvM1xFB3vfoQZ6m8AAAAVAKf8ZCwMgP4ZpqwwNw4vIn1AuLnfAAABAQCVfUrpUWFvf/TXPucJde4CuAmtoMOrjpepAiXK7N9dwGyq/PbVxr4tnJ/RTyNGOFmBroc6/n0MnxR0qmkQPJNtM/Yz+kk+BCgwsyu2uenVOIX/eJFuQPQYiUdktTcgAyChMp99WF4yfKKgv1CDdMkpFi8xgBEN03s1sOKCRNwJ5rlpTNqh9LatuRyzWOIjNd7atkEYIQK92idJgqSmleo+UhJFfoOGjYlRbsnRVbvfqh7GVd7SSydhKhdb2eZjj2J8eMBwHNl1FLtqt02cnFW3FQDdXPbYYakN25z3F3sex/CPuBGJ0HRGq+y/Ynj/m99TPq9vLkzSUQPR4MmQ5feoAAABAG5L9ffMc/8T9dTeF7FEPlS54ka73M+pNY/5ehMykrrS9CVjFmvpeclnxkBpvjt3G5IlvkSsjUEE6kMk7mW9EV+USL0TTU/LavxXD8fLCSiIwResfLDRxjixjxVI1ouZeKNQ6B3tPOWOEIKR5nPlc7iy435nS77/NM3yBFH0KGdepr+3ZmdgWAjDLKjQhNyCz4Joc1IH1Vf5Ccvb6rsaJ91ajiq29iI2ZpLXXIQsS1ZYzO1Gr9xBTNgmzEmeLqFMcxDSJ+rLMF4VDjRdL2zz5BSmv/Ffj2nICMgv/gj3zzuk7zcMpnbvGyA3W8VWb6IjJDvww4rJ21Q2gHBC5XCohJs=";
};
cloudkrebs = {
cores = 1;
@@ -314,5 +296,13 @@ with config.krebs.lib;
fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
};
+ prism-repo-sync = {
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C";
+ mail = "lass@prism.r";
+ };
+ mors-repo-sync = {
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h";
+ mail = "lass@mors.r";
+ };
};
}
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 7d4bef9ad..0b58c75cb 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -48,6 +48,12 @@ with config.krebs.lib;
-----END RSA PUBLIC KEY-----
'';
};
+ siem = {
+ ip4.addr = "10.8.10.2";
+ aliases = [
+ "darth.siem"
+ ];
+ };
};
};
tsp = {
@@ -98,6 +104,12 @@ with config.krebs.lib;
-----END RSA PUBLIC KEY-----
'';
};
+ siem = {
+ ip4.addr = "10.8.10.4";
+ aliases = [
+ "arch.siem"
+ ];
+ };
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster";
@@ -184,6 +196,8 @@ with config.krebs.lib;
internet = {
ip4.addr = "104.233.87.86";
aliases = [
+ "wry.i"
+ "paste.i"
"wry.internet"
"paste.internet"
];
@@ -194,10 +208,10 @@ with config.krebs.lib;
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
aliases = [
"graphs.wry.retiolum"
- "graphs.retiolum"
+ "graphs.r" "graphs.retiolum"
"paste.wry.retiolum"
- "paste.retiolum"
- "wry.retiolum"
+ "paste.r" "paste.retiolum"
+ "wry.r" "wry.retiolum"
"wiki.makefu.retiolum"
"wiki.wry.retiolum"
"blog.makefu.retiolum"
@@ -232,15 +246,16 @@ with config.krebs.lib;
ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0";
aliases = [
"filepimp.retiolum"
+ "filepimp.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
- BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
- i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
- 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
- u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
- OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
+ MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg
+ 3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS
+ wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR
+ oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X
+ UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
+ 8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
@@ -339,6 +354,42 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
};
+ shoney = rec {
+ cores = 1;
+ nets = {
+ siem = {
+ ip4.addr = "10.8.10.1";
+ aliases = [
+ "sjump.siem"
+ "graphs.siem"
+ ];
+ };
+ internet = {
+ ip4.addr = "64.137.234.215";
+ aliases = [
+ "shoney.i"
+ ];
+ };
+ retiolum = {
+ ip4.addr = "10.243.205.131";
+ ip6.addr = "42:490d:cd82:d2bb:56d5:abd1:b88b:e8b4";
+ aliases = [
+ "shoney.retiolum"
+ "shoney.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAsYXzbotmODJqos+Ilve8WyO2qBti6eMDSOP59Aqb18h8A5b4tCTL
+ ygDo2xLLzRaINQAxfdaKcdMOWSEkiy1j/pBYs1tfqv4mT6BO+1t8LXz82D+YcT+4
+ okGXklZ/H5L+T9cynbpKIwzTrw0DuOUhzs/WRFJU60B4cJ0Tl3IQs5ePX1SevVht
+ M5n1ob47SCHxEuC+ZLNdLc6KRumcp3Ozk6Yxj3lZ0tqyngxY1C+1kTJwRyw9A7vO
+ +DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5
+ uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
# non-stockholm
@@ -426,6 +477,28 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
+ lariat = rec {
+ cores = 2;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.64.7";
+ aliases = [
+ "lariat.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-