summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/lass/default.nix6
-rw-r--r--krebs/3modules/tinc.nix6
-rw-r--r--krebs/5pkgs/simple/realwallpaper/default.nix4
-rw-r--r--lass/1systems/archprism/config.nix4
-rw-r--r--lass/1systems/archprism/physical.nix20
-rw-r--r--lass/1systems/prism/config.nix2
-rw-r--r--lass/1systems/prism/physical.nix119
-rw-r--r--lass/2configs/binary-cache/server.nix2
-rw-r--r--lass/2configs/blue.nix1
-rw-r--r--lass/2configs/ciko.nix4
-rw-r--r--lass/2configs/exim-smarthost.nix1
-rw-r--r--lass/2configs/fetchWallpaper.nix2
-rw-r--r--lass/2configs/games.nix2
-rw-r--r--lass/2configs/git.nix4
-rw-r--r--lass/2configs/mail.nix2
-rw-r--r--lass/2configs/realwallpaper.nix10
-rw-r--r--lass/2configs/websites/sqlBackup.nix1
-rw-r--r--lass/3modules/ejabberd/config.nix4
-rw-r--r--makefu/2configs/fetchWallpaper.nix2
-rw-r--r--tv/1systems/mu/config.nix13
-rw-r--r--tv/5pkgs/simple/q/default.nix6
23 files changed, 110 insertions, 107 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 0a848426c..cf72e0d73 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -10,7 +10,6 @@
<stockholm/krebs/2configs>
<stockholm/krebs/2configs/buildbot-stockholm.nix>
- <stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/reaktor-retiolum.nix>
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 8f2e22acf..ca67ce65c 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -201,6 +201,7 @@ let
"cfp@eloop.org" = eloop-ml;
"kontakt@eloop.org" = eloop-ml;
"root@eloop.org" = eloop-ml;
+ "youtube@eloop.org" = eloop-ml;
"eloop2016@krebsco.de" = eloop-ml;
"eloop2017@krebsco.de" = eloop-ml;
"postmaster@krebsco.de" = spam-ml; # RFC 822
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 9b9f052a5..836ecb3f6 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -15,8 +15,9 @@ with import <stockholm/lib>;
cores = 4;
extraZones = {
"krebsco.de" = ''
- prism IN A ${nets.internet.ip4.addr}
+ cache IN A ${nets.internet.ip4.addr}
paste IN A ${nets.internet.ip4.addr}
+ prism IN A ${nets.internet.ip4.addr}
'';
"lassul.us" = ''
$TTL 3600
@@ -27,12 +28,13 @@ with import <stockholm/lib>;
60 IN TXT v=spf1 mx a:lassul.us -all
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
+ cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
io 60 IN NS ions.lassul.us.
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index b032f3148..ecd449b09 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -75,6 +75,7 @@ let
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname}
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname}
''}
+ ${tinc.config.tincUpExtra}
'';
description = ''
tinc-up script to be used. Defaults to setting the
@@ -83,6 +84,11 @@ let
'';
};
+ tincUpExtra = mkOption {
+ type = types.str;
+ default = "";
+ };
+
tincPackage = mkOption {
type = types.package;
default = pkgs.tinc;
diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix
index 15cc277a5..7c9812117 100644
--- a/krebs/5pkgs/simple/realwallpaper/default.nix
+++ b/krebs/5pkgs/simple/realwallpaper/default.nix
@@ -5,8 +5,8 @@ stdenv.mkDerivation {
src = fetchgit {
url = https://github.com/Lassulus/realwallpaper;
- rev = "e0563289c2ab592b669ce4549fc40130246e9d79";
- sha256 = "1zgk8ips2d686216h203w62wrw7zy9z0lrndx9f8z6f1vpvjcmqc";
+ rev = "847faebc9b7e87e4bea078e3a2304ec00b4cdfc0";
+ sha256 = "10zihkwj9vpshlxw2jk67zbsy8g4i8b1y4jzna9fdcsgn7s12jrr";
};
phases = [
diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix
index 0a286c6f0..e6eddf8b2 100644
--- a/lass/1systems/archprism/config.nix
+++ b/lass/1systems/archprism/config.nix
@@ -36,10 +36,10 @@ with import <stockholm/lib>;
# TODO write function for proxy_pass (ssl/nonssl)
krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; }
+ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.179"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.PREROUTING.rules = [
- { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; }
+ { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; }
];
}
{
diff --git a/lass/1systems/archprism/physical.nix b/lass/1systems/archprism/physical.nix
index 56348d0ab..36de7dc17 100644
--- a/lass/1systems/archprism/physical.nix
+++ b/lass/1systems/archprism/physical.nix
@@ -14,16 +14,16 @@
};
};
# TODO use this network config
- #networking.interfaces.et0.ipv4.addresses = [
- # {
- # address = config.krebs.build.host.nets.internet.ip4.addr;
- # prefixLength = 27;
- # }
- # {
- # address = "46.4.114.243";
- # prefixLength = 27;
- # }
- #];
+ networking.interfaces.eth0.ipv4.addresses = [
+ {
+ address = config.krebs.build.host.nets.internet.ip4.addr;
+ prefixLength = 27;
+ }
+ {
+ address = "46.4.114.243";
+ prefixLength = 27;
+ }
+ ];
#networking.defaultGateway = "46.4.114.225";
#networking.nameservers = [
# "8.8.8.8"
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 808f35b24..a9fbae695 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -341,8 +341,6 @@ with import <stockholm/lib>;
];
krebs.build.host = config.krebs.hosts.prism;
- # workaround because grub store paths are broken
- boot.copyKernels = true;
services.earlyoom = {
enable = true;
freeMemThreshold = 5;
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 56348d0ab..4388c13fa 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -1,77 +1,56 @@
{ config, lib, pkgs, ... }:
+
{
+
imports = [
./config.nix
- {
- boot.kernelParams = [ "net.ifnames=0" ];
- networking = {
- defaultGateway = "46.4.114.225";
- # Use google's public DNS server
- nameservers = [ "8.8.8.8" ];
- interfaces.eth0 = {
- ipAddress = "46.4.114.247";
- prefixLength = 27;
- };
- };
- # TODO use this network config
- #networking.interfaces.et0.ipv4.addresses = [
- # {
- # address = config.krebs.build.host.nets.internet.ip4.addr;
- # prefixLength = 27;
- # }
- # {
- # address = "46.4.114.243";
- # prefixLength = 27;
- # }
- #];
- #networking.defaultGateway = "46.4.114.225";
- #networking.nameservers = [
- # "8.8.8.8"
- #];
- #services.udev.extraRules = ''
- # SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
- #'';
- }
- {
- imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
-
- networking.hostId = "fb4173ea";
- boot.loader.grub = {
- devices = [
- "/dev/sda"
- "/dev/sdb"
- ];
- splashImage = null;
- };
-
- boot.initrd.availableKernelModules = [
- "ata_piix"
- "vmw_pvscsi"
- "ahci" "sd_mod"
- ];
-
- boot.kernelModules = [ "kvm-intel" ];
-
- sound.enable = false;
- nixpkgs.config.allowUnfree = true;
- time.timeZone = "Europe/Berlin";
-
- fileSystems."/" = {
- device = "rpool/root/nixos";
- fsType = "zfs";
- };
-
- fileSystems."/home" = {
- device = "rpool/home";
- fsType = "zfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d";
- fsType = "ext4";
- };
-
- }
+ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
+ boot.kernelModules = [ "kvm-intel" ];
+
+ fileSystems."/" = {
+ device = "rpool/root/nixos";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/d155d6ff-8e89-4876-a9e7-d1b7ba6a4804";
+ fsType = "ext4";
+ };
+
+ fileSystems."/srv/http" = {
+ device = "tank/srv-http";
+ fsType = "zfs";
+ };
+
+ fileSystems."/var/lib/containers" = {
+ device = "tank/containers";
+ fsType = "zfs";
+ };
+
+ fileSystems."/home" = {
+ device = "tank/home";
+ fsType = "zfs";
+ };
+
+ nix.maxJobs = lib.mkDefault 8;
+ powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
+
+ boot.kernelParams = [ "net.ifnames=0" ];
+ networking = {
+ hostId = "2283aaae";
+ defaultGateway = "95.216.1.129";
+ # Use google's public DNS server
+ nameservers = [ "8.8.8.8" ];
+ interfaces.eth0 = {
+ ipAddress = "95.216.1.150";
+ prefixLength = 26;
+ };
+ };
}
diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
index 991bbeb54..220e41d0a 100644
--- a/lass/2configs/binary-cache/server.nix
+++ b/lass/2configs/binary-cache/server.nix
@@ -20,7 +20,7 @@
services.nginx = {
enable = true;
virtualHosts.nix-serve = {
- serverAliases = [ "cache.prism.r" ];
+ serverAliases = [ "cache.prism.r" "cache.krebsco.de" "cache.lassul.us" ];
locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
'';
diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix
index 68f2256cf..4d4a92eb9 100644
--- a/lass/2configs/blue.nix
+++ b/lass/2configs/blue.nix
@@ -15,6 +15,7 @@ with (import <stockholm/lib>);
dic
nmap
git-preview
+ l-gen-secrets
];
services.tor.enable = true;
diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix
index b08cf9307..6818db460 100644
--- a/lass/2configs/ciko.nix
+++ b/lass/2configs/ciko.nix
@@ -19,5 +19,9 @@ with import <stockholm/lib>;
"slash16.net"
];
};
+
+ system.activationScripts.user-shadow = ''
+ ${pkgs.coreutils}/bin/chmod +x /home/ciko
+ '';
}
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 6ef3c8595..733115a74 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -90,6 +90,7 @@ with import <stockholm/lib>;
{ from = "afra@lassul.us"; to = lass.mail; }
{ from = "ksp@lassul.us"; to = lass.mail; }
{ from = "ccc@lassul.us"; to = lass.mail; }
+ { from = "neocron@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
index 31a01c754..e756c3424 100644
--- a/lass/2configs/fetchWallpaper.nix
+++ b/lass/2configs/fetchWallpaper.nix
@@ -6,7 +6,7 @@ in {
krebs.fetchWallpaper = {
enable = true;
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
- url = "prism/realwallpaper-sat-krebs.png";
+ url = "prism/realwallpaper-krebs.png";
maxTime = 10;
};
}
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 17c3cf3be..49602898e 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -75,6 +75,8 @@ in {
packages = with pkgs; [
ftb
minecraft
+ steam-run
+ dolphinEmu
];
};
};
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index c5b5c01fb..62173e33f 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -21,6 +21,10 @@ let
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
];
+
+ system.activationScripts.spool-chmod = ''
+ ${pkgs.coreutils}/bin/chmod +x /var/spool
+ '';
};
cgit-clear-cache = pkgs.cgit-clear-cache.override {
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index e50689254..46939c97e 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -51,7 +51,7 @@ let
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
lugs = [ "to:lugs@lug-s.org" ];
- nix-devel = [ "to:nix-devel@googlegroups.com" ];
+ nix = [ "to:nix-devel@googlegroups.com" "to:nix@lassul.us" ];
patreon = [ "to:patreon@lassul.us" ];
paypal = [ "to:paypal@lassul.us" ];
ptl = [ "to:ptl@posttenebraslab.ch" ];
diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix
index 116d66276..e0cb37f67 100644
--- a/lass/2configs/realwallpaper.nix
+++ b/lass/2configs/realwallpaper.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
let
hostname = config.krebs.build.host.name;
@@ -9,6 +9,9 @@ let
in {
krebs.realwallpaper.enable = true;
+ system.activationScripts.user-shadow = ''
+ ${pkgs.coreutils}/bin/chmod +x /var/realwallpaper
+ '';
services.nginx.virtualHosts.wallpaper = {
extraConfig = ''
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
@@ -22,10 +25,7 @@ in {
locations."/realwallpaper.png".extraConfig = ''
root /var/realwallpaper/;
'';
- locations."/realwallpaper-sat.png".extraConfig = ''
- root /var/realwallpaper/;
- '';
- locations."/realwallpaper-sat-krebs.png".extraConfig = ''
+ locations."/realwallpaper-krebs.png".extraConfig = ''
root /var/realwallpaper/;
'';
};
diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix
index 2fffa6cc9..897e35e61 100644
--- a/lass/2configs/websites/sqlBackup.nix
+++ b/lass/2configs/websites/sqlBackup.nix
@@ -11,7 +11,6 @@
enable = true;
dataDir = "/var/mysql";
package = pkgs.mariadb;
- rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
};
systemd.services.mysql = {
diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix
index 68bcfa340..e7288313a 100644
--- a/lass/3modules/ejabberd/config.nix
+++ b/lass/3modules/ejabberd/config.nix
@@ -96,9 +96,9 @@ in /* yaml */ ''
mod_privacy: {}
mod_private: {}
mod_register:
- access_from: deny
+ access_from: allow
access: register
- ip_access: trusted_network
+ # ip_access: trusted_network
registration_watchers: ${toJSON config.registration_watchers}
mod_roster: {}
mod_shared_roster: {}
diff --git a/makefu/2configs/fetchWallpaper.nix b/makefu/2configs/fetchWallpaper.nix
index 16a7a13b2..f63417e8f 100644
--- a/makefu/2configs/fetchWallpaper.nix
+++ b/makefu/2configs/fetchWallpaper.nix
@@ -8,7 +8,7 @@
timerConfig = {
OnCalendar = "*:0/30";
};
- url = "http://prism.r/realwallpaper-sat-krebs.png";
+ url = "http://prism.r/realwallpaper-krebs.png";
};
}
diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix
index c26d4ab30..a653ce40d 100644
--- a/tv/1systems/mu/config.nix
+++ b/tv/1systems/mu/config.nix
@@ -15,7 +15,7 @@ with import <stockholm/lib>;
# hardware configuration
boot.initrd.luks.devices.muca = {
- device = "/dev/disk/by-uuid/a8796bb3-6c03-4ddf-b2e4-c2e44c51d352";
+ device = "/dev/disk/by-uuid/7b24a931-40b6-44a6-ba22-c805cf164e91";
};
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ];
boot.initrd.availableKernelModules = [ "ahci" ];
@@ -25,16 +25,17 @@ with import <stockholm/lib>;
fileSystems = {
"/" = {
device = "/dev/mapper/muvga-root";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ fsType = "ext4";
+ options = [ "defaults" "discard" ];
};
"/home" = {
device = "/dev/mapper/muvga-home";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ fsType = "ext4";
+ options = [ "defaults" "discard" ];
};
"/boot" = {
- device = "/dev/disk/by-uuid/DC38-F165";
+ device = "/dev/disk/by-uuid/CEB1-9743";
+ fsType = "vfat";
};
};
diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix
index 655c75e1b..cbcec1bae 100644
--- a/tv/5pkgs/simple/q/default.nix
+++ b/tv/5pkgs/simple/q/default.nix
@@ -71,6 +71,11 @@ let
'+%Y-%m-%dT%H:%M:%S%:z'
'';
+ q-utcdate = ''
+ ${pkgs.coreutils}/bin/date -u \
+ '+%Y-%m-%dT%H:%M:%S%:z'
+ '';
+
q-gitdir = ''
if test -d .git; then
#git status --porcelain
@@ -295,6 +300,7 @@ pkgs.writeBashBin "q" ''
set -eu
export PATH=/var/empty
${q-cal}
+ ${q-utcdate}
${q-isodate}
${q-sgtdate}
(${q-gitdir}) &