diff options
author | tv <tv@krebsco.de> | 2017-06-04 06:20:54 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2017-06-04 06:20:54 +0200 |
commit | 811ceaa243bf5241ca1189871c4426240962f04d (patch) | |
tree | f46006567b5f9279ebd9cb23de3eadb508f83c54 | |
parent | 4f58b884dda57db8106768a22a206d6605d6e3e5 (diff) | |
parent | e50bc4f3eb3dac13bba4ae6158e839a52455c3c3 (diff) |
Merge remote-tracking branch 'prism/master'
45 files changed, 415 insertions, 376 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0e1cbd876..05b7b5078 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -224,32 +224,6 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD"; }; - helios = { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.0.3"; - ip6.addr = "42:0:0:0:0:0:0:7105"; - aliases = [ - "helios.r" - "cgit.helios.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA9SItL2mhQpTl95gjSWRstrDajUnI5YbrVCuaDKfw9gRwMyPNiO/y - Xwv/w4Ri8NCJZLZGkj2vG3X0EfJFBEPTJPTCbF9fP7PqqVs38BD41txLp+NrFxEq - 5fmFk65/eg8ujrNQoOSUGmky/BKqQhWjvxdAWuwjN933wJCcNCxyaUwljHLYEK/I - oIJX+spnFmPwmhW9hsOj8K06eHixT13+0W48GG/ZNcV3x5vWxcKUvZ4Qtzz2iMNB - hud5kae7xMUfFAzCeKF/zsjuyt2d/xQg1WgR8MXGNgYhNJFSXz94r/bivNO6H4vP - Pfjndnh8cD46ADo8woS1nQ19WId+sMbipwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - secure = true; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7"; - }; shodan = { cores = 2; nets = { @@ -339,10 +313,6 @@ with import <stockholm/lib>; mail = "lass@uriel.r"; pubkey = builtins.readFile ./ssh/uriel.rsa; }; - lass-helios = { - mail = "lass@helios.r"; - pubkey = builtins.readFile ./ssh/helios.rsa; - }; lass-shodan = { mail = "lass@shodan.r"; pubkey = builtins.readFile ./ssh/shodan.rsa; diff --git a/krebs/3modules/lass/ssh/helios.rsa b/krebs/3modules/lass/ssh/helios.rsa deleted file mode 100644 index c2a54b621..000000000 --- a/krebs/3modules/lass/ssh/helios.rsa +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 33202d0ab..c95e1761c 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -459,6 +459,7 @@ with import <stockholm/lib>; share.euer IN A ${nets.internet.ip4.addr} mattermost.euer IN A ${nets.internet.ip4.addr} gum IN A ${nets.internet.ip4.addr} + wikisearch IN A ${nets.internet.ip4.addr} pigstarter IN A ${nets.internet.ip4.addr} cgit.euer IN A ${nets.internet.ip4.addr} euer IN A ${nets.internet.ip4.addr} @@ -490,6 +491,7 @@ with import <stockholm/lib>; "tracker.makefu.r" "graph.r" + "search.makefu.r" "wiki.makefu.r" "wiki.gum.r" "blog.makefu.r" diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index 9c77f909d..e12367aca 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -70,7 +70,6 @@ relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ config.krebs.hosts.mors config.krebs.hosts.uriel - config.krebs.hosts.helios ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix deleted file mode 100644 index 99760dfdb..000000000 --- a/lass/1systems/helios.nix +++ /dev/null @@ -1,130 +0,0 @@ -{ config, pkgs, ... }: - -with builtins; -with import <stockholm/lib>; - -{ - imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/exim-retiolum.nix - ../2configs/browsers.nix - ../2configs/programs.nix - ../2configs/git.nix - ../2configs/pass.nix - ../2configs/fetchWallpaper.nix - ../2configs/backups.nix - - #{ - # # conflicting stuff with gnome setup - # # TODO: fix this - # imports = [ - # ../2configs/baseX.nix - # ]; - #} - { - # gnome3 for suja - time.timeZone = "Europe/Berlin"; - services.xserver.enable = true; - services.xserver.desktopManager.xfce.enable = true; - networking.wireless.enable = true; - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - users.users.ferret = { - uid = genid "ferret"; - home = "/home/ferret"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - hashedPassword = "$6$SaneLuyep90p8BPn$0IDbvLgNbRGZL96obWavanTmY6IkBG84vs2b/2oqlpbmTZH3retOYbQKF1uVqu6dD0ZGF4eBq9tqPbwUjRyY00"; - }; - environment.systemPackages = with pkgs; [ - firefox - chromium - maven - arandr - libreoffice - mpv - ]; - } - #{ - # users.extraUsers = { - # root = { - # openssh.authorizedKeys.keys = map readFile [ - # ../../krebs/Zpubkeys/uriel.ssh.pub - # ]; - # }; - # }; - #} - #{ - # services.elasticsearch = { - # enable = true; - # }; - #} - { - krebs.power-action.battery = "BAT1"; - } - ]; - - krebs.build.host = config.krebs.hosts.helios; - - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - boot = { - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = "/dev/sda"; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; - }; - fileSystems = { - "/" = { - device = "/dev/pool/nix"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/sda1"; - }; - - "/home" = { - device = "/dev/pool/home"; - fsType = "ext4"; - }; - - "/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" - # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" - #''; - - services.xserver.synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - additionalOptions = '' - Option "FingerHigh" "60" - Option "FingerLow" "60" - ''; - }; -} diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 01cfe5414..02054a8e5 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: - with import <stockholm/lib>; let @@ -46,6 +45,7 @@ in { ../2configs/monitoring/monit-alarms.nix ../2configs/paste.nix ../2configs/syncthing.nix + ../2configs/coders-irc.nix { imports = [ ../2configs/bepasty.nix @@ -254,103 +254,6 @@ in { ]; } { - krebs.Reaktor.coders = { - nickname = "Reaktor|lass"; - channels = [ "#coders" "#germany" ]; - extraEnviron = { - REAKTOR_HOST = "irc.hackint.org"; - }; - plugins = with pkgs.ReaktorPlugins; let - - lambdabot = (import (pkgs.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs"; - rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; - sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; - }) {}).lambdabot; - - lambdabotflags = '' - -XStandaloneDeriving -XGADTs -XFlexibleContexts \ - -XFlexibleInstances -XMultiParamTypeClasses \ - -XOverloadedStrings -XFunctionalDependencies \''; - in [ - url-title - (buildSimpleReaktorPlugin "lambdabot-pl" { - pattern = "^@pl (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-pl" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@pl $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-type" { - pattern = "^@type (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-type" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@type $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-let" { - pattern = "^@let (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-let" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@let $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-run" { - pattern = "^@run (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-run" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@run $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-kind" { - pattern = "^@kind (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-kind" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@kind $1" - ''; - }) - (buildSimpleReaktorPlugin "lambdabot-kind" { - pattern = "^@kind (?P<args>.*)$$"; - script = pkgs.writeDash "lambda-kind" '' - exec ${lambdabot}/bin/lambdabot \ - ${indent lambdabotflags} - -e "@kind $1" - ''; - }) - (buildSimpleReaktorPlugin "random-unicorn-porn" { - pattern = "^!rup$$"; - script = pkgs.writePython2 "rup" '' - #!${pkgs.python2}/bin/python - t1 = """ - _. - ;=',_ () - 8===D~~ S" .--`|| - sS \__ || - __.' ( \-->|| - _=/ _./-\/ || - 8===D~~ ((\( /-' -'l || - ) |/ \\ (_)) - \\ \\ - '~ '~ - """ - print(t1) - ''; - }) - (buildSimpleReaktorPlugin "ping" { - pattern = "^!ping (?P<args>.*)$$"; - script = pkgs.writeDash "ping" '' - exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1 - ''; - }) - ]; - }; - } - { krebs.Reaktor.prism = { nickname = "Reaktor|lass"; channels = [ "#retiolum" ]; diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix index 22b48f6e8..b20e15dd9 100644 --- a/lass/2configs/backups.nix +++ b/lass/2configs/backups.nix @@ -107,29 +107,5 @@ with import <stockholm/lib>; dst = { host = config.krebs.hosts.shodan; path = "/bku/mors-home"; }; startAt = "05:00"; }; - dishfire-http-helios = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-http"; }; - startAt = "12:00"; - }; - dishfire-sql-helios = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-sql"; }; - startAt = "12:15"; - }; - prism-sql-helios = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.helios; path = "/bku/prism-sql_dumps"; }; - startAt = "12:30"; - }; - prism-http-helios = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.helios; path = "/bku/prism-http"; }; - startAt = "12:45"; - }; }; } diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 62b823c3f..227152482 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -113,7 +113,7 @@ in { ] ) - for i in [ "mors", "uriel", "shodan", "helios", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]: + for i in [ "mors", "uriel", "shodan", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]: addShell(f,name="build-{}".format(i),env=env_lass, command=nixshell + \ ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ diff --git a/lass/2configs/coders-irc.nix b/lass/2configs/coders-irc.nix new file mode 100644 index 000000000..61cc7cfe0 --- /dev/null +++ b/lass/2configs/coders-irc.nix @@ -0,0 +1,92 @@ +{ config, lib, pkgs, ... }: +with import <stockholm/lib>; + +{ + krebs.Reaktor.coders = { + nickname = "Reaktor|lass"; + channels = [ "#coders" "#germany" ]; + extraEnviron = { + REAKTOR_HOST = "irc.hackint.org"; + }; + plugins = with pkgs.ReaktorPlugins; let + + lambdabot = (import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs"; + rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; + sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; + }) {}).lambdabot; + + lambdabotflags = '' + -XStandaloneDeriving -XGADTs -XFlexibleContexts \ + -XFlexibleInstances -XMultiParamTypeClasses \ + -XOverloadedStrings -XFunctionalDependencies \''; + in [ + url-title + (buildSimpleReaktorPlugin "lambdabot-pl" { + pattern = "^@pl (?P<args>.*)$$"; + script = pkgs.writeDash "lambda-pl" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@pl $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-type" { + pattern = "^@type (?P<args>.*)$$"; + script = pkgs.writeDash "lambda-type" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@type $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-let" { + pattern = "^@let (?P<args>.*)$$"; + script = pkgs.writeDash "lambda-let" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@let $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-run" { + pattern = "^@run (?P<args>.*)$$"; + script = pkgs.writeDash "lambda-run" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@run $1" + ''; + }) + (buildSimpleReaktorPlugin "lambdabot-kind" { + pattern = "^@kind (?P<args>.*)$$"; + script = pkgs.writeDash "lambda-kind" '' + exec ${lambdabot}/bin/lambdabot \ + ${indent lambdabotflags} + -e "@kind $1" + ''; + }) + (buildSimpleReaktorPlugin "random-unicorn-porn" { + pattern = "^!rup$$"; + script = pkgs.writePython2 "rup" '' + #!${pkgs.python2}/bin/python + t1 = """ + _. + ;=',_ () + 8===D~~ S" .--`|| + sS \__ || + __.' ( \-->|| + _=/ _./-\/ || + 8===D~~ ((\( /-' -'l || + ) |/ \\ (_)) + \\ \\ + '~ '~ + """ + print(t1) + ''; + }) + (buildSimpleReaktorPlugin "ping" { + pattern = "^!ping (?P<args>.*)$$"; + script = pkgs.writeDash "ping" '' + exec /var/setuid-wrappers/ping -q -c1 "$1" 2>&1 | tail -1 + ''; + }) + ]; + }; +} diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index eb9575018..d32262810 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -15,7 +15,6 @@ with import <stockholm/lib>; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey lass-shodan.pubkey - lass-helios.pubkey lass-icarus.pubkey makefu.pubkey ]; diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 3353cdac0..b8d00e7d4 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -16,7 +16,6 @@ with import <stockholm/lib>; relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ config.krebs.hosts.mors config.krebs.hosts.uriel - config.krebs.hosts.helios ]; internet-aliases = with config.krebs.users; [ { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822 diff --git a/lass/2configs/logf.nix b/lass/2configs/logf.nix index 3c4948db1..03414a745 100644 --- a/lass/2configs/logf.nix +++ b/lass/2configs/logf.nix @@ -8,7 +8,6 @@ let shodan = "51"; icarus = "53"; echelon = "197"; - helios = "199"; cloudkrebs = "119"; }; in { diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index c6620afaa..a3916a2ea 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "f469354"; + ref = "f8dfdd7"; }; } diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 92c446212..519313f57 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -32,7 +32,7 @@ in { ../2configs/tools/sec.nix # services - ../2configs/gum-share.nix + ../2configs/share/gum.nix ../2configs/sabnzbd.nix ../2configs/torrent.nix ../2configs/iodined.nix @@ -48,14 +48,25 @@ in { ../2configs/deployment/mycube.connector.one.nix ../2configs/deployment/graphs.nix ../2configs/deployment/owncloud.nix - ../2configs/deployment/wiki-irc.nix + ../2configs/deployment/wiki-irc-bot ../2configs/deployment/boot-euer.nix + ../2configs/deployment/hound + { + services.taskserver.enable = true; + services.taskserver.fqdn = config.krebs.build.host.name; + services.taskserver.listenHost = "::"; + services.taskserver.organisations.home.users = [ "makefu" ]; + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ''; + } # ../2configs/ipfs.nix ../2configs/syncthing.nix # ../2configs/opentracker.nix - ../2configs/logging/central-stats-client.nix - # ../2configs/logging/central-logging-client.nix + ../2configs/stats/client.nix + # ../2configs/logging/client.nix ]; makefu.dl-dir = "/var/download"; @@ -78,7 +89,6 @@ in { ]; }; - makefu.taskserver.enable = true; # access @@ -122,6 +132,8 @@ in { 21031 # taskserver 53589 + # temp vnc + 18001 ]; allowedUDPPorts = [ # tinc diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 91785a078..0f1b8e0da 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -50,11 +50,13 @@ in { # ../2configs/disable_v6.nix #../2configs/graphite-standalone.nix #../2configs/share-user-sftp.nix - ../2configs/omo-share.nix + ../2configs/share/omo.nix ../2configs/tinc/retiolum.nix - ../2configs/logging/central-stats-server.nix - # ../2configs/logging/central-logging-server.nix - ../2configs/logging/central-stats-client.nix + + # Logging + ../2configs/stats/server.nix #influx + grafana + ../2configs/stats/client.nix + ../2configs/stats/external/aralast.nix # logs to influx # services ../2configs/syncthing.nix @@ -180,7 +182,8 @@ in { uid = 9002; name = "misa"; }; - hardware.enableAllFirmware = true; + # hardware.enableAllFirmware = true; + hardware.enableRedistributableFirmware = true; hardware.cpu.intel.updateMicrocode = true; zramSwap.enable = true; diff --git a/makefu/1systems/studio.nix b/makefu/1systems/studio.nix index 400d9f883..f7d49cac6 100644 --- a/makefu/1sy |