diff options
author | tv <tv@krebsco.de> | 2018-12-18 20:17:03 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2018-12-18 20:17:03 +0100 |
commit | 1fa1fa53062069de970548f88ad0211b4502f18d (patch) | |
tree | 30413fa29c1c43ff7af5ea684d92e613de4af295 /makefu/1systems/gum | |
parent | 8b4428816d1385e1dd5ec9bf0ce44ae0e284130a (diff) | |
parent | 23562e36190e07f338211541ac3d2cc77ebdbafa (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/1systems/gum')
-rw-r--r-- | makefu/1systems/gum/config.nix | 117 | ||||
-rw-r--r-- | makefu/1systems/gum/hardware-config.nix | 11 | ||||
-rw-r--r-- | makefu/1systems/gum/rescue.txt | 4 | ||||
-rw-r--r-- | makefu/1systems/gum/source.nix | 2 |
4 files changed, 61 insertions, 73 deletions
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 3d2cbac6f..dcfa3d0e5 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -4,13 +4,14 @@ with import <stockholm/lib>; let external-ip = config.krebs.build.host.nets.internet.ip4.addr; ext-if = config.makefu.server.primary-itf; + allDisks = [ "/dev/sda" "/dev/sdb" ]; in { imports = [ <stockholm/makefu> ./hardware-config.nix { users.users.lass = { - uid = 9002; + uid = 19002; isNormalUser = true; createHome = true; useDefaultShell = true; @@ -20,8 +21,12 @@ in { ]; }; } + # <stockholm/makefu/2configs/stats/client.nix> + <stockholm/makefu/2configs/stats/netdata-server.nix> + <stockholm/makefu/2configs/headless.nix> - # <stockholm/makefu/2configs/smart-monitor.nix> + <stockholm/makefu/2configs/smart-monitor.nix> + { services.smartd.devices = builtins.map (x: { device = x; }) allDisks; } # Security <stockholm/makefu/2configs/sshd-totp.nix> @@ -30,6 +35,8 @@ in { <stockholm/makefu/2configs/tools/core.nix> <stockholm/makefu/2configs/tools/dev.nix> <stockholm/makefu/2configs/tools/sec.nix> + <stockholm/makefu/2configs/tools/desktop.nix> + <stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/mosh.nix> # <stockholm/makefu/2configs/gui/xpra.nix> @@ -41,17 +48,47 @@ in { <stockholm/makefu/2configs/iodined.nix> # <stockholm/makefu/2configs/backup.nix> <stockholm/makefu/2configs/tinc/retiolum.nix> + { # bonus retiolum config for connecting more hosts + krebs.tinc.retiolum = { + extraConfig = '' + ListenAddress = ${external-ip} 53 + ListenAddress = ${external-ip} 655 + ListenAddress = ${external-ip} 21031 + ''; + connectTo = [ + "prism" "ni" "enklave" "eve" "archprism" + ]; + }; + networking.firewall = { + allowedTCPPorts = + [ + 53 + 655 + 21031 + ]; + allowedUDPPorts = + [ + 53 + 655 + 21031 + ]; + }; + } # ci # <stockholm/makefu/2configs/exim-retiolum.nix> <stockholm/makefu/2configs/git/cgit-retiolum.nix> + <stockholm/makefu/2configs/shack/events-publisher> <stockholm/makefu/2configs/shack/gitlab-runner> <stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/taskd.nix> # services - <stockholm/makefu/2configs/sabnzbd.nix> + # <stockholm/makefu/2configs/sabnzbd.nix> <stockholm/makefu/2configs/mail/mail.euer.nix> + { + krebs.exim.enable = mkForce false; + } # sharing <stockholm/makefu/2configs/share/gum.nix> @@ -59,13 +96,6 @@ in { #<stockholm/makefu/2configs/retroshare.nix> ## <stockholm/makefu/2configs/ipfs.nix> #<stockholm/makefu/2configs/syncthing.nix> - { # ncdc - environment.systemPackages = [ pkgs.ncdc ]; - networking.firewall = { - allowedUDPPorts = [ 51411 ]; - allowedTCPPorts = [ 51411 ]; - }; - } # <stockholm/makefu/2configs/opentracker.nix> ## network @@ -91,17 +121,17 @@ in { #<stockholm/makefu/2configs/nginx/public_html.nix> #<stockholm/makefu/2configs/nginx/update.connector.one.nix> <stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix> - <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix> + # <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix> <stockholm/makefu/2configs/nginx/iso.euer.nix> - <stockholm/makefu/2configs/shack/events-publisher> + <stockholm/krebs/2configs/cache.nsupdate.info.nix> <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> <stockholm/makefu/2configs/deployment/graphs.nix> <stockholm/makefu/2configs/deployment/owncloud.nix> <stockholm/makefu/2configs/deployment/boot-euer.nix> - <stockholm/makefu/2configs/deployment/bgt/hidden_service.nix> + <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix> + <stockholm/makefu/2configs/bgt/hidden_service.nix> - <stockholm/makefu/2configs/stats/client.nix> # <stockholm/makefu/2configs/logging/client.nix> # sharing @@ -115,7 +145,8 @@ in { # krebs infrastructure services <stockholm/makefu/2configs/stats/server.nix> - ]; + ]; + makefu.dl-dir = "/var/download"; services.openssh.hostKeys = [ @@ -125,70 +156,14 @@ in { services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; krebs.build.host = config.krebs.hosts.gum; - krebs.tinc.retiolum = { - extraConfig = '' - ListenAddress = ${external-ip} 53 - ListenAddress = ${external-ip} 655 - ListenAddress = ${external-ip} 21031 - ''; - connectTo = [ - "prism" "ni" "enklave" "dishfire" "echelon" "hotdog" - ]; - }; - - - # access - users.users = { - root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ]; - makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ]; - }; - - # Chat - environment.systemPackages = with pkgs;[ - weechat - bepasty-client-cli - tmux - ]; - - # Hardware - # Network networking = { firewall = { allowPing = true; logRefusedConnections = false; - allowedTCPPorts = [ - # smtp - 25 - # http - 80 443 - # httptunnel - 8080 8443 - # tinc - 655 - # tinc-shack - 21032 - # tinc-retiolum - 21031 - # taskserver - 53589 - # temp vnc - 18001 - # temp reverseshell - 31337 - ]; - allowedUDPPorts = [ - # tinc - 655 53 - # tinc-retiolum - 21031 - # tinc-shack - 21032 - ]; }; nameservers = [ "8.8.8.8" ]; }; users.users.makefu.extraGroups = [ "download" "nginx" ]; - boot.tmpOnTmpfs = true; state = [ "/home/makefu/.weechat" ]; } diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix index bfe29b46c..e9670a5a4 100644 --- a/makefu/1systems/gum/hardware-config.nix +++ b/makefu/1systems/gum/hardware-config.nix @@ -46,7 +46,7 @@ in { "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" "xhci_pci" "ehci_pci" "ahci" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = [ "dm-thin-pool" "kvm-intel" ]; hardware.enableRedistributableFirmware = true; fileSystems."/" = { device = "/dev/mapper/nixos-root"; @@ -56,10 +56,19 @@ in { device = "/dev/mapper/nixos-lib"; fsType = "ext4"; }; + fileSystems."/var/log" = { + device = "/dev/mapper/nixos-log"; + fsType = "ext4"; + }; fileSystems."/var/download" = { device = "/dev/mapper/nixos-download"; fsType = "ext4"; }; + fileSystems."/var/www/binaergewitter" = { + device = "/dev/mapper/nixos-binaergewitter"; + fsType = "ext4"; + options = [ "nofail" ]; + }; fileSystems."/var/lib/borgbackup" = { device = "/dev/mapper/nixos-backup"; fsType = "ext4"; diff --git a/makefu/1systems/gum/rescue.txt b/makefu/1systems/gum/rescue.txt index 30276b7db..0a3ed96ee 100644 --- a/makefu/1systems/gum/rescue.txt +++ b/makefu/1systems/gum/rescue.txt @@ -1,10 +1,14 @@ +ssh gum.i -o StrictHostKeyChecking=no + mount /dev/mapper/nixos-root /mnt mount /dev/sda2 /mnt/boot chroot-prepare /mnt chroot /mnt /bin/sh + journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub) +# ... activating ... export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin /nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix index 6940498f1..1e36c6e87 100644 --- a/makefu/1systems/gum/source.nix +++ b/makefu/1systems/gum/source.nix @@ -1,5 +1,5 @@ { - name="nextgum"; + name="gum"; torrent = true; clever_kexec = true; } |