summaryrefslogtreecommitdiffstats
path: root/makefu/1systems/gum
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2018-12-18 20:17:03 +0100
committertv <tv@krebsco.de>2018-12-18 20:17:03 +0100
commit1fa1fa53062069de970548f88ad0211b4502f18d (patch)
tree30413fa29c1c43ff7af5ea684d92e613de4af295 /makefu/1systems/gum
parent8b4428816d1385e1dd5ec9bf0ce44ae0e284130a (diff)
parent23562e36190e07f338211541ac3d2cc77ebdbafa (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/1systems/gum')
-rw-r--r--makefu/1systems/gum/config.nix117
-rw-r--r--makefu/1systems/gum/hardware-config.nix11
-rw-r--r--makefu/1systems/gum/rescue.txt4
-rw-r--r--makefu/1systems/gum/source.nix2
4 files changed, 61 insertions, 73 deletions
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 3d2cbac6f..dcfa3d0e5 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -4,13 +4,14 @@ with import <stockholm/lib>;
let
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
ext-if = config.makefu.server.primary-itf;
+ allDisks = [ "/dev/sda" "/dev/sdb" ];
in {
imports = [
<stockholm/makefu>
./hardware-config.nix
{
users.users.lass = {
- uid = 9002;
+ uid = 19002;
isNormalUser = true;
createHome = true;
useDefaultShell = true;
@@ -20,8 +21,12 @@ in {
];
};
}
+ # <stockholm/makefu/2configs/stats/client.nix>
+ <stockholm/makefu/2configs/stats/netdata-server.nix>
+
<stockholm/makefu/2configs/headless.nix>
- # <stockholm/makefu/2configs/smart-monitor.nix>
+ <stockholm/makefu/2configs/smart-monitor.nix>
+ { services.smartd.devices = builtins.map (x: { device = x; }) allDisks; }
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
@@ -30,6 +35,8 @@ in {
<stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/sec.nix>
+ <stockholm/makefu/2configs/tools/desktop.nix>
+
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/mosh.nix>
# <stockholm/makefu/2configs/gui/xpra.nix>
@@ -41,17 +48,47 @@ in {
<stockholm/makefu/2configs/iodined.nix>
# <stockholm/makefu/2configs/backup.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
+ { # bonus retiolum config for connecting more hosts
+ krebs.tinc.retiolum = {
+ extraConfig = ''
+ ListenAddress = ${external-ip} 53
+ ListenAddress = ${external-ip} 655
+ ListenAddress = ${external-ip} 21031
+ '';
+ connectTo = [
+ "prism" "ni" "enklave" "eve" "archprism"
+ ];
+ };
+ networking.firewall = {
+ allowedTCPPorts =
+ [
+ 53
+ 655
+ 21031
+ ];
+ allowedUDPPorts =
+ [
+ 53
+ 655
+ 21031
+ ];
+ };
+ }
# ci
# <stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
+ <stockholm/makefu/2configs/shack/events-publisher>
<stockholm/makefu/2configs/shack/gitlab-runner>
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/taskd.nix>
# services
- <stockholm/makefu/2configs/sabnzbd.nix>
+ # <stockholm/makefu/2configs/sabnzbd.nix>
<stockholm/makefu/2configs/mail/mail.euer.nix>
+ {
+ krebs.exim.enable = mkForce false;
+ }
# sharing
<stockholm/makefu/2configs/share/gum.nix>
@@ -59,13 +96,6 @@ in {
#<stockholm/makefu/2configs/retroshare.nix>
## <stockholm/makefu/2configs/ipfs.nix>
#<stockholm/makefu/2configs/syncthing.nix>
- { # ncdc
- environment.systemPackages = [ pkgs.ncdc ];
- networking.firewall = {
- allowedUDPPorts = [ 51411 ];
- allowedTCPPorts = [ 51411 ];
- };
- }
# <stockholm/makefu/2configs/opentracker.nix>
## network
@@ -91,17 +121,17 @@ in {
#<stockholm/makefu/2configs/nginx/public_html.nix>
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
- <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
+ # <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
<stockholm/makefu/2configs/nginx/iso.euer.nix>
- <stockholm/makefu/2configs/shack/events-publisher>
+ <stockholm/krebs/2configs/cache.nsupdate.info.nix>
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
<stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
- <stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
+ <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
+ <stockholm/makefu/2configs/bgt/hidden_service.nix>
- <stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/logging/client.nix>
# sharing
@@ -115,7 +145,8 @@ in {
# krebs infrastructure services
<stockholm/makefu/2configs/stats/server.nix>
- ];
+ ];
+
makefu.dl-dir = "/var/download";
services.openssh.hostKeys = [
@@ -125,70 +156,14 @@ in {
services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
krebs.build.host = config.krebs.hosts.gum;
- krebs.tinc.retiolum = {
- extraConfig = ''
- ListenAddress = ${external-ip} 53
- ListenAddress = ${external-ip} 655
- ListenAddress = ${external-ip} 21031
- '';
- connectTo = [
- "prism" "ni" "enklave" "dishfire" "echelon" "hotdog"
- ];
- };
-
-
- # access
- users.users = {
- root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
- makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ];
- };
-
- # Chat
- environment.systemPackages = with pkgs;[
- weechat
- bepasty-client-cli
- tmux
- ];
-
- # Hardware
-
# Network
networking = {
firewall = {
allowPing = true;
logRefusedConnections = false;
- allowedTCPPorts = [
- # smtp
- 25
- # http
- 80 443
- # httptunnel
- 8080 8443
- # tinc
- 655
- # tinc-shack
- 21032
- # tinc-retiolum
- 21031
- # taskserver
- 53589
- # temp vnc
- 18001
- # temp reverseshell
- 31337
- ];
- allowedUDPPorts = [
- # tinc
- 655 53
- # tinc-retiolum
- 21031
- # tinc-shack
- 21032
- ];
};
nameservers = [ "8.8.8.8" ];
};
users.users.makefu.extraGroups = [ "download" "nginx" ];
- boot.tmpOnTmpfs = true;
state = [ "/home/makefu/.weechat" ];
}
diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix
index bfe29b46c..e9670a5a4 100644
--- a/makefu/1systems/gum/hardware-config.nix
+++ b/makefu/1systems/gum/hardware-config.nix
@@ -46,7 +46,7 @@ in {
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
];
- boot.kernelModules = [ "kvm-intel" ];
+ boot.kernelModules = [ "dm-thin-pool" "kvm-intel" ];
hardware.enableRedistributableFirmware = true;
fileSystems."/" = {
device = "/dev/mapper/nixos-root";
@@ -56,10 +56,19 @@ in {
device = "/dev/mapper/nixos-lib";
fsType = "ext4";
};
+ fileSystems."/var/log" = {
+ device = "/dev/mapper/nixos-log";
+ fsType = "ext4";
+ };
fileSystems."/var/download" = {
device = "/dev/mapper/nixos-download";
fsType = "ext4";
};
+ fileSystems."/var/www/binaergewitter" = {
+ device = "/dev/mapper/nixos-binaergewitter";
+ fsType = "ext4";
+ options = [ "nofail" ];
+ };
fileSystems."/var/lib/borgbackup" = {
device = "/dev/mapper/nixos-backup";
fsType = "ext4";
diff --git a/makefu/1systems/gum/rescue.txt b/makefu/1systems/gum/rescue.txt
index 30276b7db..0a3ed96ee 100644
--- a/makefu/1systems/gum/rescue.txt
+++ b/makefu/1systems/gum/rescue.txt
@@ -1,10 +1,14 @@
+ssh gum.i -o StrictHostKeyChecking=no
+
mount /dev/mapper/nixos-root /mnt
mount /dev/sda2 /mnt/boot
chroot-prepare /mnt
chroot /mnt /bin/sh
+
journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub)
+# ... activating ...
export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin
/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate
diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix
index 6940498f1..1e36c6e87 100644
--- a/makefu/1systems/gum/source.nix
+++ b/makefu/1systems/gum/source.nix
@@ -1,5 +1,5 @@
{
- name="nextgum";
+ name="gum";
torrent = true;
clever_kexec = true;
}