diff options
author | tv <tv@krebsco.de> | 2017-03-05 00:28:32 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2017-03-05 00:28:32 +0100 |
commit | 4499cc406560963d65b016075ba2df6451c834cd (patch) | |
tree | ffea19187190a105e7b0caf617a0215c02c281da /lass/1systems | |
parent | d7761aed6559adba3cfa61d822165c42c90fc276 (diff) | |
parent | 39fd77b84c7c14d6460722721726b378bdab7acd (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/1systems')
-rw-r--r-- | lass/1systems/mors.nix | 59 | ||||
-rw-r--r-- | lass/1systems/prism.nix | 25 | ||||
-rw-r--r-- | lass/1systems/shodan.nix | 23 |
3 files changed, 48 insertions, 59 deletions
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index a5eaaed9d..bffb08ad3 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -76,56 +76,15 @@ with import <stockholm/lib>; { services.redis.enable = true; } - #{ - # #gitit magic - # imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ]; - # services.gitit = { - # enable = true; - # haskellPackages = pkgs.haskell.packages.ghc7103; - # }; - #} - #{ - # lass.icinga2 = { - # enable = true; - # configFiles = [ - # '' - # template Service "generic-service" { - # max_check_attempts = 3 - # check_interval = 5m - # retry_interval = 1m - # enable_perfdata = true - # } - # apply Service "ping4" { - # } - # '' - # ]; - # }; - # services.mysql = { - # enable = true; - # package = pkgs.mariadb; - # rootPassword = "<secrets>/mysql_rootPassword"; - # }; - # lass.icingaweb2 = { - # enable = true; - # initialRootPasswordHash = "$1$HpWDCehI$ITbAoyfOB6HEN1ftooxZq0"; - # resources = { - # icinga2db = { - # type = "mysql"; - # host = "localhost"; - # user = "icingaweb2"; - # db = "icinga"; - # passfile = <secrets/icinga2-pw>; - # }; - # icingaweb2db = { - # type = "mysql"; - # host = "localhost"; - # user = "icingaweb2"; - # db = "icingaweb2"; - # passfile = <secrets/icinga2-pw>; - # }; - # }; - # }; - #} + { + #ipfs-testing + services.ipfs.enable = true; + } + { + environment.systemPackages = [ + pkgs.krebszones + ]; + } ]; krebs.build.host = config.krebs.hosts.mors; diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index c0c22a0de..b55732f65 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -44,6 +44,7 @@ in { ../2configs/hfos.nix ../2configs/makefu-sip.nix ../2configs/monitoring/server.nix + ../2configs/monitoring/monit-alarms.nix { imports = [ ../2configs/bepasty.nix @@ -164,7 +165,6 @@ in { } { imports = [ - ../2configs/websites/wohnprojekt-rhh.de.nix ../2configs/websites/domsen.nix ../2configs/websites/lassulus.nix ]; @@ -215,7 +215,8 @@ in { } { krebs.repo-sync.timerConfig = { - OnUnitInactiveSec = "5min"; + OnBootSec = "5min"; + OnUnitInactiveSec = "3min"; RandomizedDelaySec = "2min"; }; } @@ -247,7 +248,13 @@ in { ]; } { - krebs.Reaktor.coders = { + krebs.Reaktor.coders = let + lambdabot = (import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs"; + rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; + sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; + }) {}).lambdabot; + in { nickname = "reaktor-lass"; channels = [ "#coders" ]; extraEnviron = { @@ -263,7 +270,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-pl" { pattern = "^@pl (?P<args>.*)$$"; script = pkgs.writeDash "lambda-pl" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@pl $1" ''; @@ -271,7 +278,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-type" { pattern = "^@type (?P<args>.*)$$"; script = pkgs.writeDash "lambda-type" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@type $1" ''; @@ -279,7 +286,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-let" { pattern = "^@let (?P<args>.*)$$"; script = pkgs.writeDash "lambda-let" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@let $1" ''; @@ -287,7 +294,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-run" { pattern = "^@run (?P<args>.*)$$"; script = pkgs.writeDash "lambda-run" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@run $1" ''; @@ -295,7 +302,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-kind" { pattern = "^@kind (?P<args>.*)$$"; script = pkgs.writeDash "lambda-kind" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@kind $1" ''; @@ -303,7 +310,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-kind" { pattern = "^@kind (?P<args>.*)$$"; script = pkgs.writeDash "lambda-kind" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@kind $1" ''; diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 232e91d90..dca616936 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -42,6 +42,29 @@ with import <stockholm/lib>; pkgs.python27Packages.python ]; } + { + krebs.monit = let + echoToIrc = msg: + pkgs.writeDash "echo_irc" '' + set -euf + export LOGNAME=prism-alarm + ${pkgs.irc-announce}/bin/irc-announce \ + ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null + ''; + in { + enable = true; + http.enable = true; + alarms = { + hfos = { + test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'"; + alarm = echoToIrc "test hfos failed"; + }; + }; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.shodan; |