summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2017-10-01 17:54:06 +0200
committerlassulus <lassulus@lassul.us>2017-10-01 17:54:06 +0200
commitd7f65ea679866f24e4ca52b51bd6f068a6b38195 (patch)
tree6a09e7cc2a4c9af0507bdc189652c78832a2f952 /lass
parentd973c779eb71749af464edb1ed0216b0d5317eb2 (diff)
parente62f376e6177f3efb0e0bcd3aad97a991c3b6d60 (diff)
Merge branch 'master' into staging/17.09
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/archprism/config.nix333
-rw-r--r--lass/1systems/archprism/source.nix3
-rw-r--r--lass/1systems/helios/config.nix12
-rw-r--r--lass/1systems/prism/config.nix303
-rw-r--r--lass/1systems/prism/source.nix1
-rw-r--r--lass/2configs/baseX.nix1
-rw-r--r--lass/2configs/binary-cache/client.nix1
-rw-r--r--lass/2configs/exim-smarthost.nix2
-rw-r--r--lass/2configs/git.nix12
-rw-r--r--lass/2configs/monitoring/monit-alarms.nix2
-rw-r--r--lass/2configs/monitoring/server.nix2
-rw-r--r--lass/2configs/reaktor-retiolum.nix15
-rw-r--r--lass/2configs/repo-sync.nix4
-rw-r--r--lass/2configs/vim.nix3
-rw-r--r--lass/5pkgs/acronym/default.nix2
-rw-r--r--lass/5pkgs/xmonad-lass.nix1
16 files changed, 503 insertions, 194 deletions
diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix
new file mode 100644
index 000000000..69a0476fb
--- /dev/null
+++ b/lass/1systems/archprism/config.nix
@@ -0,0 +1,333 @@
+{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
+
+let
+ ip = config.krebs.build.host.nets.internet.ip4.addr;
+
+in {
+ imports = [
+ <stockholm/lass>
+ {
+ networking.interfaces.et0.ip4 = [
+ {
+ address = ip;
+ prefixLength = 24;
+ }
+ ];
+ networking.defaultGateway = "213.239.205.225";
+ networking.nameservers = [
+ "8.8.8.8"
+ ];
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
+ '';
+ }
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/exim-smarthost.nix>
+ #<stockholm/lass/2configs/downloading.nix>
+ <stockholm/lass/2configs/ts3.nix>
+ <stockholm/lass/2configs/bitlbee.nix>
+ <stockholm/lass/2configs/weechat.nix>
+ <stockholm/lass/2configs/privoxy-retiolum.nix>
+ <stockholm/lass/2configs/radio.nix>
+ <stockholm/lass/2configs/repo-sync.nix>
+ <stockholm/lass/2configs/binary-cache/server.nix>
+ <stockholm/lass/2configs/iodined.nix>
+ <stockholm/lass/2configs/libvirt.nix>
+ <stockholm/lass/2configs/hfos.nix>
+ <stockholm/lass/2configs/monitoring/server.nix>
+ <stockholm/lass/2configs/monitoring/monit-alarms.nix>
+ <stockholm/lass/2configs/paste.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ #<stockholm/lass/2configs/reaktor-coders.nix>
+ <stockholm/lass/2configs/ciko.nix>
+ <stockholm/lass/2configs/container-networking.nix>
+ #<stockholm/lass/2configs/reaktor-krebs.nix>
+ #{
+ # lass.pyload.enable = true;
+ #}
+ {
+ imports = [
+ <stockholm/lass/2configs/bepasty.nix>
+ ];
+ krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
+ if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
+ return 403;
+ }
+ '';
+ }
+ {
+ users.extraGroups = {
+ # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
+ # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
+ # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
+ # Docs: man:tmpfiles.d(5)
+ # man:systemd-tmpfiles(8)
+ # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
+ # Main PID: 19272 (code=exited, status=1/FAILURE)
+ #
+ # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
+ # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
+ # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
+ # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
+ # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
+ # warning: error(s) occured while switching to the new configuration
+ lock.gid = 10001;
+ };
+ }
+ {
+ boot.loader.grub = {
+ devices = [
+ "/dev/sda"
+ "/dev/sdb"
+ ];
+ splashImage = null;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "vmw_pvscsi"
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/pool/nix";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36";
+ };
+
+ fileSystems."/var/download" = {
+ device = "/dev/pool/download";
+ };
+
+ fileSystems."/srv/http" = {
+ device = "/dev/pool/http";
+ };
+
+ fileSystems."/srv/o.ubikmedia.de-data" = {
+ device = "/dev/pool/owncloud-ubik-data";
+ };
+
+ fileSystems."/bku" = {
+ device = "/dev/pool/bku";
+ };
+
+ fileSystems."/tmp" = {
+ device = "tmpfs";
+ fsType = "tmpfs";
+ options = ["nosuid" "nodev" "noatime"];
+ };
+
+ }
+ {
+ sound.enable = false;
+ }
+ {
+ nixpkgs.config.allowUnfree = true;
+ }
+ {
+ #stuff for juhulian
+ users.extraUsers.juhulian = {
+ name = "juhulian";
+ uid = 1339;
+ home = "/home/juhulian";
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ extraGroups = [
+ ];
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
+ ];
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
+ ];
+ }
+ {
+ environment.systemPackages = [
+ pkgs.perlPackages.Plack
+ ];
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 8080"; target = "ACCEPT";}
+ ];
+ }
+ {
+ users.users.chat.openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH"
+ ];
+ }
+ {
+ time.timeZone = "Europe/Berlin";
+ }
+ {
+ imports = [
+ <stockholm/lass/2configs/websites/domsen.nix>
+ <stockholm/lass/2configs/websites/lassulus.nix>
+ ];
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
+ ];
+ }
+ {
+ services.tor = {
+ enable = true;
+ };
+ }
+ {
+ lass.ejabberd = {
+ enable = true;
+ hosts = [ "lassul.us" ];
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
+ ];
+ }
+ {
+ imports = [
+ <stockholm/lass/2configs/realwallpaper.nix>
+ ];
+ services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
+ alias /var/realwallpaper/realwallpaper.png;
+ '';
+ }
+ {
+ environment.systemPackages = with pkgs; [
+ mk_sql_pair
+ ];
+ }
+ {
+ users.users.tv = {
+ uid = genid "tv";
+ inherit (config.krebs.users.tv) home;
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.tv.pubkey
+ ];
+ };
+ users.users.makefu = {
+ uid = genid "makefu";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.makefu.pubkey
+ ];
+ };
+ users.users.nin = {
+ uid = genid "nin";
+ inherit (config.krebs.users.nin) home;
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.nin.pubkey
+ ];
+ extraGroups = [
+ "libvirtd"
+ ];
+ };
+ }
+ {
+ krebs.repo-sync.timerConfig = {
+ OnBootSec = "15min";
+ OnUnitInactiveSec = "90min";
+ RandomizedDelaySec = "30min";
+ };
+ krebs.repo-sync.repos.stockholm.timerConfig = {
+ OnBootSec = "5min";
+ OnUnitInactiveSec = "2min";
+ RandomizedDelaySec = "2min";
+ };
+ }
+ {
+ lass.usershadow = {
+ enable = true;
+ };
+ }
+ #{
+ # krebs.Reaktor.prism = {
+ # nickname = "Reaktor|lass";
+ # channels = [ "#retiolum" ];
+ # extraEnviron = {
+ # REAKTOR_HOST = "ni.r";
+ # };
+ # plugins = with pkgs.ReaktorPlugins; [
+ # sed-plugin
+ # ];
+ # };
+ #}
+ {
+ #stuff for dritter
+ users.extraUsers.dritter = {
+ name = "dritter";
+ uid = genid "dritter";
+ home = "/home/dritter";
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ extraGroups = [
+ "download"
+ ];
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
+ ];
+ };
+ }
+ {
+ #hotdog
+ containers.hotdog = {
+ config = { ... }: {
+ services.openssh.enable = true;
+ users.users.root.openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ ];
+ };
+ enableTun = true;
+ privateNetwork = true;
+ hostAddress = "10.233.2.1";
+ localAddress = "10.233.2.2";
+ };
+ }
+ {
+ #kaepsele
+ containers.kaepsele = {
+ config = { ... }: {
+ services.openssh.enable = true;
+ users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
+ lass.pubkey
+ tv.pubkey
+ ];
+ };
+ enableTun = true;
+ privateNetwork = true;
+ hostAddress = "10.233.2.3";
+ localAddress = "10.233.2.4";
+ };
+ }
+ {
+ #onondaga
+ containers.onondaga = {
+ config = { ... }: {
+ services.openssh.enable = true;
+ users.users.root.openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ config.krebs.users.nin.pubkey
+ ];
+ };
+ enableTun = true;
+ privateNetwork = true;
+ hostAddress = "10.233.2.4";
+ localAddress = "10.233.2.5";
+ };
+ }
+ ];
+
+ krebs.build.host = config.krebs.hosts.archprism;
+}
diff --git a/lass/1systems/archprism/source.nix b/lass/1systems/archprism/source.nix
new file mode 100644
index 000000000..3e96c1d38
--- /dev/null
+++ b/lass/1systems/archprism/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/lass/source.nix> {
+ name = "archprism";
+}
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index 37bdc0290..6ff3fbb86 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -11,7 +11,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/otp-ssh.nix>
<stockholm/lass/2configs/git.nix>
- <stockholm/lass/2configs/fetchWallpaper.nix>
{ # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
@@ -47,6 +46,16 @@ with import <stockholm/lib>;
fonts.fontconfig.dpi = 200;
lass.myFont = "-schumacher-clean-*-*-*-*-25-*-*-*-*-*-iso10646-1";
}
+ { #TAPIR, AGATIS, sentral, a3 - foo
+ services.redis.enable = true;
+ }
+ {
+ krebs.fetchWallpaper = {
+ enable = true;
+ url = "http://i.imgur.com/0ktqxSg.png";
+ maxTime = 9001;
+ };
+ }
];
krebs.build.host = config.krebs.hosts.helios;
@@ -66,6 +75,7 @@ with import <stockholm/lib>;
hardware.enableRedistributableFirmware = true;
environment.systemPackages = with pkgs; [
+ ag
vim
rxvt_unicode
git
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 5983456b3..5b3091a39 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -11,73 +11,20 @@ in {
networking.interfaces.et0.ip4 = [
{
address = ip;
- prefixLength = 24;
+ prefixLength = 27;
}
];
- networking.defaultGateway = "213.239.205.225";
+ networking.defaultGateway = "46.4.114.225";
networking.nameservers = [
"8.8.8.8"
];
services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
+ SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
'';
}
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/exim-smarthost.nix>
- <stockholm/lass/2configs/downloading.nix>
- <stockholm/lass/2configs/ts3.nix>
- <stockholm/lass/2configs/bitlbee.nix>
- <stockholm/lass/2configs/weechat.nix>
- <stockholm/lass/2configs/privoxy-retiolum.nix>
- <stockholm/lass/2configs/radio.nix>
- <stockholm/lass/2configs/repo-sync.nix>
- <stockholm/lass/2configs/binary-cache/server.nix>
- <stockholm/lass/2configs/iodined.nix>
- <stockholm/lass/2configs/libvirt.nix>
- <stockholm/lass/2configs/hfos.nix>
- <stockholm/lass/2configs/monitoring/server.nix>
- <stockholm/lass/2configs/monitoring/monit-alarms.nix>
- <stockholm/lass/2configs/paste.nix>
- <stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/reaktor-coders.nix>
- <stockholm/lass/2configs/ciko.nix>
- <stockholm/lass/2configs/container-networking.nix>
- <stockholm/lass/2configs/reaktor-krebs.nix>
- {
- lass.pyload.enable = true;
- }
- {
- imports = [
- <stockholm/lass/2configs/bepasty.nix>
- ];
- krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
- if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
- return 403;
- }
- '';
- }
- {
- users.extraGroups = {
- # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
- # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
- # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
- # Docs: man:tmpfiles.d(5)
- # man:systemd-tmpfiles(8)
- # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
- # Main PID: 19272 (code=exited, status=1/FAILURE)
- #
- # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
- # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
- # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
- # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
- # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
- # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
- # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
- # warning: error(s) occured while switching to the new configuration
- lock.gid = 10001;
- };
- }
{
+ imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
+
boot.loader.grub = {
devices = [
"/dev/sda"
@@ -89,126 +36,98 @@ in {
boot.initrd.availableKernelModules = [
"ata_piix"
"vmw_pvscsi"
+ "ahci" "sd_mod"
];
+ boot.kernelModules = [ "kvm-intel" ];
+
fileSystems."/" = {
- device = "/dev/pool/nix";
+ device = "/dev/pool/nix_root";
fsType = "ext4";
};
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36";
+ fileSystems."/tmp" = {
+ device = "tmpfs";
+ fsType = "tmpfs";
+ options = ["nosuid" "nodev" "noatime"];
};
fileSystems."/var/download" = {
device = "/dev/pool/download";
+ fsType = "ext4";
};
fileSystems."/srv/http" = {
device = "/dev/pool/http";
+ fsType = "ext4";
};
- fileSystems."/srv/o.ubikmedia.de-data" = {
- device = "/dev/pool/owncloud-ubik-data";
- };
-
- fileSystems."/bku" = {
- device = "/dev/pool/bku";
+ fileSystems."/home" = {
+ device = "/dev/pool/home";
+ fsType = "ext4";
};
- fileSystems."/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = ["nosuid" "nodev" "noatime"];
- };
+ swapDevices = [
+ { label = "swap1"; }
+ { label = "swap2"; }
+ ];
- }
- {
sound.enable = false;
- }
- {
nixpkgs.config.allowUnfree = true;
- }
- {
- #stuff for juhulian
- users.extraUsers.juhulian = {
- name = "juhulian";
- uid = 1339;
- home = "/home/juhulian";
- group = "users";
- createHome = true;
- useDefaultShell = true;
- extraGroups = [
- ];
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
- ];
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
- ];
- }
- {
- environment.systemPackages = [
- pkgs.perlPackages.Plack
- ];
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 8080"; target = "ACCEPT";}
- ];
- }
- {
- users.users.chat.openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH"
- ];
- }
- {
time.timeZone = "Europe/Berlin";
}
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/libvirt.nix>
{
+ services.nginx.enable = true;
imports = [
<stockholm/lass/2configs/websites/domsen.nix>
<stockholm/lass/2configs/websites/lassulus.nix>
];
+ # needed by domsen.nix ^^
+ lass.usershadow = {
+ enable = true;
+ };
+
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
];
}
- {
- services.tor = {
- enable = true;
+ { # TODO make new hfos.nix out of this vv
+ users.users.riot = {
+ uid = genid "riot";
+ isNormalUser = true;
+ extraGroups = [ "libvirtd" ];
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
+ ];
};
- }
- {
- lass.ejabberd = {
- enable = true;
- hosts = [ "lassul.us" ];
+
+ # TODO write function for proxy_pass (ssl/nonssl)
+ services.nginx.virtualHosts."hackerfleet.de" = {
+ serverAliases = [
+ "*.hackerfleet.de"
+ ];
+ locations."/".extraConfig = ''
+ proxy_pass http://192.168.122.92:80;
+ '';
+ };
+ services.nginx.virtualHosts."hackerfleet.de-s" = {
+ serverName = "hackerfleet.de";
+ port = 443;
+ serverAliases = [
+ "*.hackerfleet.de"
+ ];
+ locations."/".extraConfig = ''
+ proxy_pass http://192.168.122.92:443;
+ '';
};
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
- ];
- }
- {
- imports = [
- <stockholm/lass/2configs/realwallpaper.nix>
- ];
- services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
- alias /var/realwallpaper/realwallpaper.png;
- '';
- }
- {
- environment.systemPackages = with pkgs; [
- mk_sql_pair
- ];
}
{
users.users.tv = {
uid = genid "tv";
- inherit (config.krebs.users.tv) home;
- group = "users";
- createHome = true;
- useDefaultShell = true;
+ isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.tv.pubkey
];
@@ -222,56 +141,14 @@ in {
};
users.users.nin = {
uid = genid "nin";
- inherit (config.krebs.users.nin) home;
- group = "users";
- createHome = true;
- useDefaultShell = true;
+ isNormalUser = true;
openssh.authorizedKeys.keys = [
config.krebs.users.nin.pubkey
];
- extraGroups = [
- "libvirtd"
- ];
- };
- }
- {
- krebs.repo-sync.timerConfig = {
- OnBootSec = "15min";
- OnUnitInactiveSec = "90min";
- RandomizedDelaySec = "30min";
- };
- krebs.repo-sync.repos.stockholm.timerConfig = {
- OnBootSec = "5min";
- OnUnitInactiveSec = "2min";
- RandomizedDelaySec = "2min";
- };
- }
- {
- lass.usershadow = {
- enable = true;
- };
- }
- {
- krebs.Reaktor.prism = {
- nickname = "Reaktor|lass";
- channels = [ "#retiolum" ];
- extraEnviron = {
- REAKTOR_HOST = "ni.r";
- };
- plugins = with pkgs.ReaktorPlugins; [
- sed-plugin
- ];
};
- }
- {
- #stuff for dritter
users.extraUsers.dritter = {
- name = "dritter";
uid = genid "dritter";
- home = "/home/dritter";
- group = "users";
- createHome = true;
- useDefaultShell = true;
+ isNormalUser = true;
extraGroups = [
"download"
];
@@ -279,6 +156,13 @@ in {
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway"
];
};
+ users.extraUsers.juhulian = {
+ uid = 1339;
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
+ ];
+ };
}
{
#hotdog
@@ -327,7 +211,60 @@ in {
localAddress = "10.233.2.5";
};
}
+ <stockholm/lass/2configs/exim-smarthost.nix>
+ <stockholm/lass/2configs/ts3.nix>
+ <stockholm/lass/2configs/bitlbee.nix>
+ <stockholm/lass/2configs/weechat.nix>
+ <stockholm/lass/2configs/privoxy-retiolum.nix>
+ <stockholm/lass/2configs/radio.nix>
+ <stockholm/lass/2configs/repo-sync.nix>
+ <stockholm/lass/2configs/binary-cache/server.nix>
+ <stockholm/lass/2configs/iodined.nix>
+ <stockholm/lass/2configs/monitoring/server.nix>
+ <stockholm/lass/2configs/monitoring/monit-alarms.nix>
+ <stockholm/lass/2configs/paste.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ <stockholm/lass/2configs/reaktor-coders.nix>
+ <stockholm/lass/2configs/reaktor-krebs.nix>
+ <stockholm/lass/2configs/reaktor-retiolum.nix>
+ <stockholm/lass/2configs/ciko.nix>
+ <stockholm/lass/2configs/container-networking.nix>
+ { # quasi bepasty.nix
+ imports = [
+ <stockholm/lass/2configs/bepasty.nix>
+ ];
+ krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
+ if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
+ return 403;
+ }
+ '';
+ }
+ {
+ services.tor = {
+ enable = true;
+ };
+ }
+ {
+ lass.ejabberd = {
+ enable = true;
+ hosts = [ "lassul.us" ];
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
+ ];
+ }
+ {
+ imports = [
+ <stockholm/lass/2configs/realwallpaper.nix>
+ ];
+ services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
+ alias /var/realwallpaper/realwallpaper.png;
+ '';
+ }
];
krebs.build.host = config.krebs.hosts.prism;
+ # workaround because grub store paths are broken
+ boot.copyKernels = true;
}
diff --git a/lass/1systems/prism/source.nix b/lass/1systems/prism/source.nix
index 557fbf509..3dbd6c52b 100644
--- a/lass/1systems/prism/source.nix
+++ b/lass/1systems/prism/source.nix
@@ -1,3 +1,4 @@
+with import <stockholm/lib>;
import <stockholm/lass/source.nix> {
name = "prism";
}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 0e0273dcc..f6390ce4d 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -79,6 +79,7 @@ in {
youtube-tools
rxvt_unicode
+ termite
];
fonts.fonts = [
diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix
index 9dba5fbfb..b0e0a8b88 100644
--- a/lass/2configs/binary-cache/client.nix
+++ b/lass/2configs/binary-cache/client.nix
@@ -8,6 +8,7 @@
];
binaryCachePublicKeys = [
"cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+ "cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI="
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
];
};
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index c9d7a369a..0b56f6f47 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -43,6 +43,8 @@ with import <stockholm/lib>;
{ from = "radio@lassul.us"; to = lass.mail; }
{ from = "btce@lassul.us"; to = lass.mail; }
{ from = "raf@lassul.us"; to = lass.mail; }
+ { from = "apple@lassul.us"; to = lass.mail; }
+ { from = "coinbase@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 3991acadc..4a2199b39 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -53,6 +53,10 @@ let
cgit.desc = "Good Music collection + tools";
cgit.section = "art";
};
+ nix-user-chroot = {
+ cgit.desc = "Fork of nix-user-chroot my lethalman";
+ cgit.section = "software";
+ };
} // mapAttrs make-public-repo-silent {
};
@@ -73,8 +77,8 @@ let
post-receive = pkgs.git-hooks.irc-announce {
# TODO make nick = config.krebs.build.host.name the default
nick = config.krebs.build.host.name;
- channel = "#retiolum";
- server = "ni.r";
+ channel = "#xxx";
+ server = "irc.r";
verbose = config.krebs.build.host.name == "prism";
# TODO define branches in some kind of option per repo
branches = [ "master" "staging*" ];
@@ -94,8 +98,8 @@ let
post-receive = pkgs.git-hooks.irc-announce {
# TODO make nick = config.krebs.build.host.name the default
nick = config.krebs.build.host.name;
-