diff options
author | lassulus <lassulus@lassul.us> | 2017-10-01 17:54:06 +0200 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2017-10-01 17:54:06 +0200 |
commit | d7f65ea679866f24e4ca52b51bd6f068a6b38195 (patch) | |
tree | 6a09e7cc2a4c9af0507bdc189652c78832a2f952 /lass | |
parent | d973c779eb71749af464edb1ed0216b0d5317eb2 (diff) | |
parent | e62f376e6177f3efb0e0bcd3aad97a991c3b6d60 (diff) |
Merge branch 'master' into staging/17.09
Diffstat (limited to 'lass')
-rw-r--r-- | lass/1systems/archprism/config.nix | 333 | ||||
-rw-r--r-- | lass/1systems/archprism/source.nix | 3 | ||||
-rw-r--r-- | lass/1systems/helios/config.nix | 12 | ||||
-rw-r--r-- | lass/1systems/prism/config.nix | 303 | ||||
-rw-r--r-- | lass/1systems/prism/source.nix | 1 | ||||
-rw-r--r-- | lass/2configs/baseX.nix | 1 | ||||
-rw-r--r-- | lass/2configs/binary-cache/client.nix | 1 | ||||
-rw-r--r-- | lass/2configs/exim-smarthost.nix | 2 | ||||
-rw-r--r-- | lass/2configs/git.nix | 12 | ||||
-rw-r--r-- | lass/2configs/monitoring/monit-alarms.nix | 2 | ||||
-rw-r--r-- | lass/2configs/monitoring/server.nix | 2 | ||||
-rw-r--r-- | lass/2configs/reaktor-retiolum.nix | 15 | ||||
-rw-r--r-- | lass/2configs/repo-sync.nix | 4 | ||||
-rw-r--r-- | lass/2configs/vim.nix | 3 | ||||
-rw-r--r-- | lass/5pkgs/acronym/default.nix | 2 | ||||
-rw-r--r-- | lass/5pkgs/xmonad-lass.nix | 1 |
16 files changed, 503 insertions, 194 deletions
diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix new file mode 100644 index 000000000..69a0476fb --- /dev/null +++ b/lass/1systems/archprism/config.nix @@ -0,0 +1,333 @@ +{ config, lib, pkgs, ... }: +with import <stockholm/lib>; + +let + ip = config.krebs.build.host.nets.internet.ip4.addr; + +in { + imports = [ + <stockholm/lass> + { + networking.interfaces.et0.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = "213.239.205.225"; + networking.nameservers = [ + "8.8.8.8" + ]; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" + ''; + } + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/exim-smarthost.nix> + #<stockholm/lass/2configs/downloading.nix> + <stockholm/lass/2configs/ts3.nix> + <stockholm/lass/2configs/bitlbee.nix> + <stockholm/lass/2configs/weechat.nix> + <stockholm/lass/2configs/privoxy-retiolum.nix> + <stockholm/lass/2configs/radio.nix> + <stockholm/lass/2configs/repo-sync.nix> + <stockholm/lass/2configs/binary-cache/server.nix> + <stockholm/lass/2configs/iodined.nix> + <stockholm/lass/2configs/libvirt.nix> + <stockholm/lass/2configs/hfos.nix> + <stockholm/lass/2configs/monitoring/server.nix> + <stockholm/lass/2configs/monitoring/monit-alarms.nix> + <stockholm/lass/2configs/paste.nix> + <stockholm/lass/2configs/syncthing.nix> + #<stockholm/lass/2configs/reaktor-coders.nix> + <stockholm/lass/2configs/ciko.nix> + <stockholm/lass/2configs/container-networking.nix> + #<stockholm/lass/2configs/reaktor-krebs.nix> + #{ + # lass.pyload.enable = true; + #} + { + imports = [ + <stockholm/lass/2configs/bepasty.nix> + ]; + krebs.bepasty.servers."paste.r".nginx.extraConfig = '' + if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { + return 403; + } + ''; + } + { + users.extraGroups = { + # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories + # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) + # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago + # Docs: man:tmpfiles.d(5) + # man:systemd-tmpfiles(8) + # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) + # Main PID: 19272 (code=exited, status=1/FAILURE) + # + # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE + # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. + # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. + # warning: error(s) occured while switching to the new configuration + lock.gid = 10001; + }; + } + { + boot.loader.grub = { + devices = [ + "/dev/sda" + "/dev/sdb" + ]; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + + fileSystems."/" = { + device = "/dev/pool/nix"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36"; + }; + + fileSystems."/var/download" = { + device = "/dev/pool/download"; + }; + + fileSystems."/srv/http" = { + device = "/dev/pool/http"; + }; + + fileSystems."/srv/o.ubikmedia.de-data" = { + device = "/dev/pool/owncloud-ubik-data"; + }; + + fileSystems."/bku" = { + device = "/dev/pool/bku"; + }; + + fileSystems."/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + + } + { + sound.enable = false; + } + { + nixpkgs.config.allowUnfree = true; + } + { + #stuff for juhulian + users.extraUsers.juhulian = { + name = "juhulian"; + uid = 1339; + home = "/home/juhulian"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + ]; + } + { + environment.systemPackages = [ + pkgs.perlPackages.Plack + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8080"; target = "ACCEPT";} + ]; + } + { + users.users.chat.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH" + ]; + } + { + time.timeZone = "Europe/Berlin"; + } + { + imports = [ + <stockholm/lass/2configs/websites/domsen.nix> + <stockholm/lass/2configs/websites/lassulus.nix> + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport http"; target = "ACCEPT"; } + { predicate = "-p tcp --dport https"; target = "ACCEPT"; } + ]; + } + { + services.tor = { + enable = true; + }; + } + { + lass.ejabberd = { + enable = true; + hosts = [ "lassul.us" ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } + { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } + ]; + } + { + imports = [ + <stockholm/lass/2configs/realwallpaper.nix> + ]; + services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' + alias /var/realwallpaper/realwallpaper.png; + ''; + } + { + environment.systemPackages = with pkgs; [ + mk_sql_pair + ]; + } + { + users.users.tv = { + uid = genid "tv"; + inherit (config.krebs.users.tv) home; + group = "users"; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.tv.pubkey + ]; + }; + users.users.makefu = { + uid = genid "makefu"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.makefu.pubkey + ]; + }; + users.users.nin = { + uid = genid "nin"; + inherit (config.krebs.users.nin) home; + group = "users"; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + extraGroups = [ + "libvirtd" + ]; + }; + } + { + krebs.repo-sync.timerConfig = { + OnBootSec = "15min"; + OnUnitInactiveSec = "90min"; + RandomizedDelaySec = "30min"; + }; + krebs.repo-sync.repos.stockholm.timerConfig = { + OnBootSec = "5min"; + OnUnitInactiveSec = "2min"; + RandomizedDelaySec = "2min"; + }; + } + { + lass.usershadow = { + enable = true; + }; + } + #{ + # krebs.Reaktor.prism = { + # nickname = "Reaktor|lass"; + # channels = [ "#retiolum" ]; + # extraEnviron = { + # REAKTOR_HOST = "ni.r"; + # }; + # plugins = with pkgs.ReaktorPlugins; [ + # sed-plugin + # ]; + # }; + #} + { + #stuff for dritter + users.extraUsers.dritter = { + name = "dritter"; + uid = genid "dritter"; + home = "/home/dritter"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + "download" + ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway" + ]; + }; + } + { + #hotdog + containers.hotdog = { + config = { ... }: { + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.1"; + localAddress = "10.233.2.2"; + }; + } + { + #kaepsele + containers.kaepsele = { + config = { ... }: { + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + tv.pubkey + ]; + }; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.3"; + localAddress = "10.233.2.4"; + }; + } + { + #onondaga + containers.onondaga = { + config = { ... }: { + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + config.krebs.users.nin.pubkey + ]; + }; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.4"; + localAddress = "10.233.2.5"; + }; + } + ]; + + krebs.build.host = config.krebs.hosts.archprism; +} diff --git a/lass/1systems/archprism/source.nix b/lass/1systems/archprism/source.nix new file mode 100644 index 000000000..3e96c1d38 --- /dev/null +++ b/lass/1systems/archprism/source.nix @@ -0,0 +1,3 @@ +import <stockholm/lass/source.nix> { + name = "archprism"; +} diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 37bdc0290..6ff3fbb86 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -11,7 +11,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/otp-ssh.nix> <stockholm/lass/2configs/git.nix> - <stockholm/lass/2configs/fetchWallpaper.nix> { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; @@ -47,6 +46,16 @@ with import <stockholm/lib>; fonts.fontconfig.dpi = 200; lass.myFont = "-schumacher-clean-*-*-*-*-25-*-*-*-*-*-iso10646-1"; } + { #TAPIR, AGATIS, sentral, a3 - foo + services.redis.enable = true; + } + { + krebs.fetchWallpaper = { + enable = true; + url = "http://i.imgur.com/0ktqxSg.png"; + maxTime = 9001; + }; + } ]; krebs.build.host = config.krebs.hosts.helios; @@ -66,6 +75,7 @@ with import <stockholm/lib>; hardware.enableRedistributableFirmware = true; environment.systemPackages = with pkgs; [ + ag vim rxvt_unicode git diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 5983456b3..5b3091a39 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -11,73 +11,20 @@ in { networking.interfaces.et0.ip4 = [ { address = ip; - prefixLength = 24; + prefixLength = 27; } ]; - networking.defaultGateway = "213.239.205.225"; + networking.defaultGateway = "46.4.114.225"; networking.nameservers = [ "8.8.8.8" ]; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0" ''; } - <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/exim-smarthost.nix> - <stockholm/lass/2configs/downloading.nix> - <stockholm/lass/2configs/ts3.nix> - <stockholm/lass/2configs/bitlbee.nix> - <stockholm/lass/2configs/weechat.nix> - <stockholm/lass/2configs/privoxy-retiolum.nix> - <stockholm/lass/2configs/radio.nix> - <stockholm/lass/2configs/repo-sync.nix> - <stockholm/lass/2configs/binary-cache/server.nix> - <stockholm/lass/2configs/iodined.nix> - <stockholm/lass/2configs/libvirt.nix> - <stockholm/lass/2configs/hfos.nix> - <stockholm/lass/2configs/monitoring/server.nix> - <stockholm/lass/2configs/monitoring/monit-alarms.nix> - <stockholm/lass/2configs/paste.nix> - <stockholm/lass/2configs/syncthing.nix> - <stockholm/lass/2configs/reaktor-coders.nix> - <stockholm/lass/2configs/ciko.nix> - <stockholm/lass/2configs/container-networking.nix> - <stockholm/lass/2configs/reaktor-krebs.nix> - { - lass.pyload.enable = true; - } - { - imports = [ - <stockholm/lass/2configs/bepasty.nix> - ]; - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { - return 403; - } - ''; - } - { - users.extraGroups = { - # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories - # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) - # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago - # Docs: man:tmpfiles.d(5) - # man:systemd-tmpfiles(8) - # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) - # Main PID: 19272 (code=exited, status=1/FAILURE) - # - # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE - # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. - # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. - # warning: error(s) occured while switching to the new configuration - lock.gid = 10001; - }; - } { + imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ]; + boot.loader.grub = { devices = [ "/dev/sda" @@ -89,126 +36,98 @@ in { boot.initrd.availableKernelModules = [ "ata_piix" "vmw_pvscsi" + "ahci" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; + fileSystems."/" = { - device = "/dev/pool/nix"; + device = "/dev/pool/nix_root"; fsType = "ext4"; }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36"; + fileSystems."/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; }; fileSystems."/var/download" = { device = "/dev/pool/download"; + fsType = "ext4"; }; fileSystems."/srv/http" = { device = "/dev/pool/http"; + fsType = "ext4"; }; - fileSystems."/srv/o.ubikmedia.de-data" = { - device = "/dev/pool/owncloud-ubik-data"; - }; - - fileSystems."/bku" = { - device = "/dev/pool/bku"; + fileSystems."/home" = { + device = "/dev/pool/home"; + fsType = "ext4"; }; - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; + swapDevices = [ + { label = "swap1"; } + { label = "swap2"; } + ]; - } - { sound.enable = false; - } - { nixpkgs.config.allowUnfree = true; - } - { - #stuff for juhulian - users.extraUsers.juhulian = { - name = "juhulian"; - uid = 1339; - home = "/home/juhulian"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" - ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} - ]; - } - { - environment.systemPackages = [ - pkgs.perlPackages.Plack - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8080"; target = "ACCEPT";} - ]; - } - { - users.users.chat.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH" - ]; - } - { time.timeZone = "Europe/Berlin"; } + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/libvirt.nix> { + services.nginx.enable = true; imports = [ <stockholm/lass/2configs/websites/domsen.nix> <stockholm/lass/2configs/websites/lassulus.nix> ]; + # needed by domsen.nix ^^ + lass.usershadow = { + enable = true; + }; + krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport http"; target = "ACCEPT"; } { predicate = "-p tcp --dport https"; target = "ACCEPT"; } ]; } - { - services.tor = { - enable = true; + { # TODO make new hfos.nix out of this vv + users.users.riot = { + uid = genid "riot"; + isNormalUser = true; + extraGroups = [ "libvirtd" ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange" + ]; }; - } - { - lass.ejabberd = { - enable = true; - hosts = [ "lassul.us" ]; + + # TODO write function for proxy_pass (ssl/nonssl) + services.nginx.virtualHosts."hackerfleet.de" = { + serverAliases = [ + "*.hackerfleet.de" + ]; + locations."/".extraConfig = '' + proxy_pass http://192.168.122.92:80; + ''; + }; + services.nginx.virtualHosts."hackerfleet.de-s" = { + serverName = "hackerfleet.de"; + port = 443; + serverAliases = [ + "*.hackerfleet.de" + ]; + locations."/".extraConfig = '' + proxy_pass http://192.168.122.92:443; + ''; }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } - { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } - ]; - } - { - imports = [ - <stockholm/lass/2configs/realwallpaper.nix> - ]; - services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' - alias /var/realwallpaper/realwallpaper.png; - ''; - } - { - environment.systemPackages = with pkgs; [ - mk_sql_pair - ]; } { users.users.tv = { uid = genid "tv"; - inherit (config.krebs.users.tv) home; - group = "users"; - createHome = true; - useDefaultShell = true; + isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.tv.pubkey ]; @@ -222,56 +141,14 @@ in { }; users.users.nin = { uid = genid "nin"; - inherit (config.krebs.users.nin) home; - group = "users"; - createHome = true; - useDefaultShell = true; + isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.nin.pubkey ]; - extraGroups = [ - "libvirtd" - ]; - }; - } - { - krebs.repo-sync.timerConfig = { - OnBootSec = "15min"; - OnUnitInactiveSec = "90min"; - RandomizedDelaySec = "30min"; - }; - krebs.repo-sync.repos.stockholm.timerConfig = { - OnBootSec = "5min"; - OnUnitInactiveSec = "2min"; - RandomizedDelaySec = "2min"; - }; - } - { - lass.usershadow = { - enable = true; - }; - } - { - krebs.Reaktor.prism = { - nickname = "Reaktor|lass"; - channels = [ "#retiolum" ]; - extraEnviron = { - REAKTOR_HOST = "ni.r"; - }; - plugins = with pkgs.ReaktorPlugins; [ - sed-plugin - ]; }; - } - { - #stuff for dritter users.extraUsers.dritter = { - name = "dritter"; uid = genid "dritter"; - home = "/home/dritter"; - group = "users"; - createHome = true; - useDefaultShell = true; + isNormalUser = true; extraGroups = [ "download" ]; @@ -279,6 +156,13 @@ in { "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway" ]; }; + users.extraUsers.juhulian = { + uid = 1339; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" + ]; + }; } { #hotdog @@ -327,7 +211,60 @@ in { localAddress = "10.233.2.5"; }; } + <stockholm/lass/2configs/exim-smarthost.nix> + <stockholm/lass/2configs/ts3.nix> + <stockholm/lass/2configs/bitlbee.nix> + <stockholm/lass/2configs/weechat.nix> + <stockholm/lass/2configs/privoxy-retiolum.nix> + <stockholm/lass/2configs/radio.nix> + <stockholm/lass/2configs/repo-sync.nix> + <stockholm/lass/2configs/binary-cache/server.nix> + <stockholm/lass/2configs/iodined.nix> + <stockholm/lass/2configs/monitoring/server.nix> + <stockholm/lass/2configs/monitoring/monit-alarms.nix> + <stockholm/lass/2configs/paste.nix> + <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/reaktor-coders.nix> + <stockholm/lass/2configs/reaktor-krebs.nix> + <stockholm/lass/2configs/reaktor-retiolum.nix> + <stockholm/lass/2configs/ciko.nix> + <stockholm/lass/2configs/container-networking.nix> + { # quasi bepasty.nix + imports = [ + <stockholm/lass/2configs/bepasty.nix> + ]; + krebs.bepasty.servers."paste.r".nginx.extraConfig = '' + if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { + return 403; + } + ''; + } + { + services.tor = { + enable = true; + }; + } + { + lass.ejabberd = { + enable = true; + hosts = [ "lassul.us" ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } + { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } + ]; + } + { + imports = [ + <stockholm/lass/2configs/realwallpaper.nix> + ]; + services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' + alias /var/realwallpaper/realwallpaper.png; + ''; + } ]; krebs.build.host = config.krebs.hosts.prism; + # workaround because grub store paths are broken + boot.copyKernels = true; } diff --git a/lass/1systems/prism/source.nix b/lass/1systems/prism/source.nix index 557fbf509..3dbd6c52b 100644 --- a/lass/1systems/prism/source.nix +++ b/lass/1systems/prism/source.nix @@ -1,3 +1,4 @@ +with import <stockholm/lib>; import <stockholm/lass/source.nix> { name = "prism"; } diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 0e0273dcc..f6390ce4d 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -79,6 +79,7 @@ in { youtube-tools rxvt_unicode + termite ]; fonts.fonts = [ diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix index 9dba5fbfb..b0e0a8b88 100644 --- a/lass/2configs/binary-cache/client.nix +++ b/lass/2configs/binary-cache/client.nix @@ -8,6 +8,7 @@ ]; binaryCachePublicKeys = [ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + "cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI=" "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]; }; diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index c9d7a369a..0b56f6f47 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -43,6 +43,8 @@ with import <stockholm/lib>; { from = "radio@lassul.us"; to = lass.mail; } { from = "btce@lassul.us"; to = lass.mail; } { from = "raf@lassul.us"; to = lass.mail; } + { from = "apple@lassul.us"; to = lass.mail; } + { from = "coinbase@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 3991acadc..4a2199b39 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -53,6 +53,10 @@ let cgit.desc = "Good Music collection + tools"; cgit.section = "art"; }; + nix-user-chroot = { + cgit.desc = "Fork of nix-user-chroot my lethalman"; + cgit.section = "software"; + }; } // mapAttrs make-public-repo-silent { }; @@ -73,8 +77,8 @@ let post-receive = pkgs.git-hooks.irc-announce { # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; - channel = "#retiolum"; - server = "ni.r"; + channel = "#xxx"; + server = "irc.r"; verbose = config.krebs.build.host.name == "prism"; # TODO define branches in some kind of option per repo branches = [ "master" "staging*" ]; @@ -94,8 +98,8 @@ let post-receive = pkgs.git-hooks.irc-announce { # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; - |