makefu: move out to own repo, add vacation-note

5 files changed, 0 insertions, 346 deletions

diff --git a/makefu/2configs/elchos/irc-token.nix b/makefu/2configs/elchos/irc-token.nix
deleted file mode 100644
index 4844bf29f..000000000
--- a/makefu/2configs/elchos/irc-token.nix
+++ /dev/null
@@ -1,77 +0,0 @@
-{pkgs, ...}:
-with import <stockholm/lib>;
-let
-  secret = (import <secrets/elchos-token.nix>);
-in {
-  systemd.services.elchos-irctoken2 = {
-    startAt = "*:0/5";
-    serviceConfig = {
-      RuntimeMaxSec = "20";
-    };
-    script = ''
-      set -euf
-      now=$(date -u +%Y-%m-%dT%H:%M)
-      sleep 5
-      sec=$(cat /tmp/irc-secret)
-      message="The current secret is $sec"
-      echo "$message"
-      LOGNAME=sec-announcer
-      HOSTNAME=$(${pkgs.systemd}/bin/hostnamectl --transient)
-      IRC_SERVER=irc.hackint.org
-      IRC_PORT=6667
-      IRC_NICK=$HOSTNAME-$$
-      IRC_CHANNEL='#eloop'
-
-      export IRC_CHANNEL # for privmsg_cat
-
-      echo2() { echo "$*"; echo "$*" >&2; }
-
-      privmsg_cat() { ${pkgs.gawk}/bin/awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
-
-      tmpdir="$(mktemp -d irc-announce_XXXXXXXX)"
-      cd "$tmpdir"
-      mkfifo ircin
-      trap "
-        rm ircin
-        cd '$OLDPWD'
-        rmdir '$tmpdir'
-        trap - EXIT INT QUIT
-      " EXIT INT QUIT
-
-      {
-        echo2 "USER $LOGNAME 0 * :$LOGNAME@$HOSTNAME"
-        echo2 "NICK $IRC_NICK"
-
-        # wait for MODE message
-        ${pkgs.gnused}/bin/sed -un '/^:[^ ]* MODE /q'
-
-        echo2 "JOIN $IRC_CHANNEL"
-
-        printf '%s' "$message" \
-          | privmsg_cat
-
-        echo2 "PART $IRC_CHANNEL"
-
-        # wait for PART confirmation
-        sed -un '/:'"$IRC_NICK"'![^ ]* PART /q'
-
-        echo2 'QUIT :Gone to have lunch'
-      } < ircin \
-        | ${pkgs.netcat}/bin/netcat "$IRC_SERVER" "$IRC_PORT" |tee -a ircin
-    '';
-  };
-  systemd.services.elchos-create-token = {
-    startAt = "*:0/30";
-    serviceConfig = {
-      RuntimeMaxSec = "20";
-    };
-    script = ''
-      set -euf
-      now=$(date -u +%Y-%m-%dT%H:%M)
-      sec=$(echo -n "${secret}$now" | md5sum | cut -d\  -f1)
-      message="The secret valid for 30 minutes is $sec"
-      echo -n "$sec" > /tmp/irc-secret
-      echo "token for $now (UTC) is $sec"
-    '';
-  };
-}
diff --git a/makefu/2configs/elchos/log.nix b/makefu/2configs/elchos/log.nix
deleted file mode 100644
index 50b40816b..000000000
--- a/makefu/2configs/elchos/log.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-in {
-  networking.firewall.allowedTCPPorts = [ 80 443 514 ];
-  networking.firewall.allowedUDPPorts = [ 80 443 514 ];
-	services.logstash = {
-			enable = true;
-			enableWeb = true;
-      inputConfig = ''
-				syslog {
-          timezone => "Etc/UTC"
-        }
-      '';
-      filterConfig = ''
-        if ( [program] == "proftpd") {
-          kv {
-            field_split => "	"
-          }
-        }
-      '';
-      outputConfig = ''
-        #stdout {
-        #  codec => rubydebug
-        #}
-        elasticsearch { }
-        '';
-	};
-	services.elasticsearch = {
-			enable = true;
-	};
-	services.kibana = {
-			enable = true;
-      port = 9332;
-	};
-  services.nginx = {
-    virtualHosts = {
-      "log.nsupdate.info" = {
-        enableACME = true;
-        forceSSL = true;
-        basicAuth = import <secrets/kibana-auth.nix>;
-        locations = {
-          "/" = {
-            proxyPass = "http://localhost:9332";
-            extraConfig = ''
-              proxy_set_header   Host             $host;
-              proxy_set_header   X-Real-IP        $remote_addr;
-              proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
-            '';
-          };
-        };
-      };
-    };
-  };
-}
diff --git a/makefu/2configs/elchos/search.nix b/makefu/2configs/elchos/search.nix
deleted file mode 100644
index e7b91e6a8..000000000
--- a/makefu/2configs/elchos/search.nix
+++ /dev/null
@@ -1,121 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-# search also generates ddclient entries for all other logs
-
-with import <stockholm/lib>;
-let
-  #primary-itf = "eth0";
-  #primary-itf = "wlp2s0";
-  primary-itf = config.makefu.server.primary-itf;
-  elch-sock = "${config.services.uwsgi.runDir}/uwsgi-elch.sock";
-  ddclientUser = "ddclient";
-  sec = toString <secrets>;
-  nsupdate = import "${sec}/nsupdate-search.nix";
-  stateDir = "/var/spool/ddclient";
-  cfg = "${stateDir}/cfg";
-  ddclientPIDFile = "${stateDir}/ddclient.pid";
-
-  # TODO: correct cert generation requires a `real` internet ip address
-
-  gen-cfg = dict: ''
-    ssl=yes
-    cache=${stateDir}/ddclient.cache
-    pid=${ddclientPIDFile}
-    ${concatStringsSep "\n" (mapAttrsToList (user: pass: ''
-
-      protocol=dyndns2
-      use=if, if=${primary-itf}
-      ssl=yes
-      server=ipv4.nsupdate.info
-      login=${user}
-      password='${pass}'
-      ${user}
-
-      protocol=dyndns2
-      usev6=if, if=${primary-itf}
-      ssl=yes
-      server=ipv6.nsupdate.info
-      login=${user}
-      password='${pass}'
-      ${user}
-    '') dict)}
-  '';
-
-in {
-  users.extraUsers = singleton {
-    name = ddclientUser;
-    uid = genid "ddclient";
-    description = "ddclient daemon user";
-    home = stateDir;
-    createHome = true;
-  };
-  services.redis.enable = mkForce true;
-  services.redis.bind = "127.0.0.1";
-
-  services.uwsgi = {
-    enable = true;
-    user = "nginx";
-    plugins = [ "python3" ];
-    instance = {
-      type = "emperor";
-      vassals = {
-        elchhub = {
-          type = "normal";
-          pythonPackages = self: with self; [ pkgs.elchhub ];
-          socket = elch-sock;
-        };
-      };
-    };
-  };
-
-  services.nginx = {
-    enable = mkDefault true;
-    virtualHosts = {
-      "search.nsupdate.info" = {
-        enableACME = true;
-        forceSSL = true;
-        locations = {
-          "/".extraConfig = ''
-            uwsgi_pass unix://${elch-sock};
-            uwsgi_param         UWSGI_CHDIR     ${pkgs.elchhub}/${pkgs.python3.sitePackages};
-            uwsgi_param         UWSGI_MODULE    elchhub.wsgi;
-            uwsgi_param         UWSGI_CALLABLE  app;
-
-            include ${pkgs.nginx}/conf/uwsgi_params;
-          '';
-        };
-      };
-    };
-  };
-
-  systemd.services = {
-    redis.serviceConfig.LimitNOFILE=10032;
-    elchos-ftp-scanner = {
-      wantedBy = [ "multi-user.target" ];
-      after = [ "ip-up.target" ];
-      serviceConfig = {
-        User = "nginx";
-        ExecStart = "${pkgs.elchhub}/bin/elch-manager";
-      };
-    };
-    ddclient-nsupdate-elchos = {
-      wantedBy = [ "multi-user.target" ];
-      after = [ "ip-up.target" ];
-      serviceConfig = {
-        Type = "forking";
-        User = ddclientUser;
-        PIDFile = ddclientPIDFile;
-        ExecStartPre = pkgs.writeDash "init-nsupdate" ''
-          cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg}
-          chmod 700 ${cfg}
-        '';
-        ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}";
-      };
-    };
-  };
-
-  networking.firewall = {
-    allowedTCPPorts = [ 80 443 ];
-    allowedUDPPorts = [ ];
-  };
-}
diff --git a/makefu/2configs/elchos/stats.nix b/makefu/2configs/elchos/stats.nix
deleted file mode 100644
index 2036b391f..000000000
--- a/makefu/2configs/elchos/stats.nix
+++ /dev/null
@@ -1,86 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-# requires nsupdate to get correct hostname (from ./search.nix)
-# graphite-web on port 8080
-# carbon cache on port 2003 (tcp/udp)
-
-with import <stockholm/lib>;
-{
-
-  networking.firewall = {
-    allowedTCPPorts = [ 2003 80 443 18080 ];
-    allowedUDPPorts = [ 2003 ];
-  };
-
-  services.nginx = {
-    enable = mkDefault true;
-    virtualHosts = {
-      "stats.nsupdate.info" = {
-        enableACME = true;
-        forceSSL = true;
-
-        locations = {
-          "/"  = {
-            proxyPass  = "http://localhost:3000/";
-            extraConfig = ''
-              proxy_set_header   Host             $host;
-              proxy_set_header   X-Real-IP        $remote_addr;
-              proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
-            '';
-          };
-        };
-      };
-    };
-  };
-
-  services.grafana = {
-    enable = true;
-    addr = "127.0.0.1";
-    users.allowSignUp = false;
-    users.allowOrgCreate = false;
-    users.autoAssignOrg = false;
-    auth.anonymous.enable = true;
-    security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
-  };
-
-  services.graphite = {
-   api = {
-      enable = true;
-      # package = pkgs.graphiteApi;
-      #listenAddress = "127.0.0.1";
-      listenAddress = "0.0.0.0";
-      port = 18080;
-    };
-    carbon = {
-      enableCache = true;
-      # save disk usage by restricting to 1 bulk update per second
-      config = ''
-        [cache]
-        MAX_CACHE_SIZE = inf
-        MAX_UPDATES_PER_SECOND = 3
-        MAX_CREATES_PER_MINUTE = 5000
-        LOG_UPDATES = False
-        LOG_CACHE_HITS = False
-        LOG_CACHE_QUEUE_SORTS = False
-        '';
-      storageSchemas = ''
-        [carbon]
-        pattern = ^carbon\.
-        retentions = 60:90d
-
-        [elchos]
-        patterhn = ^elchos\.
-        retentions = 10s:30d,60s:3y
-
-
-        [default]
-        pattern = ^krebs\.
-        retentions = 1s:30d,30s:3m,300s:1y
-        [default]
-        pattern = .*
-        retentions = 30s:30d,300s:1y
-        '';
-    };
-  };
-
-}
diff --git a/makefu/2configs/elchos/test/ftpservers.nix b/makefu/2configs/elchos/test/ftpservers.nix
deleted file mode 100644
index bc7517209..000000000
--- a/makefu/2configs/elchos/test/ftpservers.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{...}:
-{
-  services.vsftpd.anonymousUser = true;
-  services.vsftpd.enable = true;
-  services.vsftpd.chrootlocalUser = true;
-  networking.firewall.allowedTCPPorts = [ 21 ];
-}