summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/hidden-ssh.nix53
-rw-r--r--krebs/3modules/makefu/default.nix12
-rw-r--r--krebs/3modules/realwallpaper.nix8
-rw-r--r--krebs/3modules/shared/default.nix1
-rw-r--r--krebs/5pkgs/irc-announce/default.nix2
-rw-r--r--krebs/5pkgs/krebspaste/default.nix2
-rw-r--r--krebs/5pkgs/realwallpaper/default.nix8
-rw-r--r--krebs/5pkgs/tinc_graphs/default.nix6
-rw-r--r--lass/1systems/iso.nix36
-rw-r--r--lass/1systems/mors.nix11
-rw-r--r--lass/1systems/prism.nix34
-rw-r--r--lass/2configs/baseX.nix2
-rw-r--r--lass/2configs/buildbot-standalone.nix2
-rw-r--r--lass/2configs/default.nix9
-rw-r--r--lass/2configs/fetchWallpaper.nix2
-rw-r--r--lass/2configs/nixpkgs.nix2
-rw-r--r--lass/2configs/realwallpaper.nix16
-rw-r--r--lass/2configs/syncthing.nix12
-rw-r--r--makefu/1systems/fileleech.nix2
-rw-r--r--makefu/1systems/gum.nix5
-rw-r--r--makefu/1systems/omo.nix5
-rw-r--r--makefu/1systems/shoney.nix2
-rw-r--r--makefu/1systems/x.nix8
-rw-r--r--makefu/2configs/base-gui.nix5
-rw-r--r--makefu/2configs/default.nix4
-rw-r--r--makefu/2configs/deployment/graphs.nix4
-rw-r--r--makefu/2configs/dnscrypt.nix1
-rw-r--r--makefu/2configs/fetchWallpaper.nix2
-rw-r--r--makefu/2configs/ipfs.nix5
-rw-r--r--makefu/2configs/logging/central-stats-server.nix7
-rw-r--r--makefu/2configs/syncthing.nix11
-rw-r--r--makefu/2configs/tools/core-gui.nix2
-rw-r--r--makefu/2configs/tools/core.nix1
-rw-r--r--makefu/2configs/tools/extra-gui.nix1
-rw-r--r--makefu/2configs/tools/sec.nix1
-rw-r--r--makefu/2configs/urxvtd.nix21
-rw-r--r--makefu/5pkgs/awesomecfg/full.cfg2
-rw-r--r--shared/1systems/wolf.nix1
-rw-r--r--shared/2configs/central-stats-client.nix68
-rw-r--r--shared/2configs/shared-buildbot.nix14
41 files changed, 319 insertions, 72 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 605ed28b5..d539d4166 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -20,6 +20,7 @@ let
./github-hosts-sync.nix
./git.nix
./go.nix
+ ./hidden-ssh.nix
./htgen.nix
./iptables.nix
./kapacitor.nix
diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix
new file mode 100644
index 000000000..3930dbf42
--- /dev/null
+++ b/krebs/3modules/hidden-ssh.nix
@@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ cfg = config.krebs.hidden-ssh;
+
+ out = {
+ options.krebs.hidden-ssh = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "hidden SSH announce";
+ };
+
+ imp = let
+ torDirectory = "/var/lib/tor"; # from tor.nix
+ hiddenServiceDir = torDirectory + "/ssh-announce-service";
+ in {
+ services.tor = {
+ enable = true;
+ extraConfig = ''
+ HiddenServiceDir ${hiddenServiceDir}
+ HiddenServicePort 22 127.0.0.1:22
+ '';
+ client.enable = true;
+ };
+ systemd.services.hidden-ssh-announce = {
+ description = "irc announce hidden ssh";
+ after = [ "tor.service" "network-online.target" ];
+ wants = [ "tor.service" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ # ${pkgs.tor}/bin/torify
+ ExecStart = pkgs.writeDash "irc-announce-ssh" ''
+ set -efu
+ until test -e ${hiddenServiceDir}/hostname; do
+ echo "still waiting for ${hiddenServiceDir}/hostname"
+ sleep 1
+ done
+ ${pkgs.irc-announce}/bin/irc-announce \
+ irc.freenode.org 6667 ${config.krebs.build.host.name}-ssh \
+ \#krebs-announce \
+ "SSH Hidden Service at $(cat ${hiddenServiceDir}/hostname)"
+ '';
+ PrivateTmp = "true";
+ User = "tor";
+ Type = "oneshot";
+ };
+ };
+ };
+in
+out
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 56df451b7..cef6a4fd6 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -33,7 +33,7 @@ with import <stockholm/lib>;
nets = {
retiolum = {
ip4.addr = "10.243.113.98";
- ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
+ # ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
aliases = [
"fileleech.r"
];
@@ -247,7 +247,6 @@ with import <stockholm/lib>;
"krebsco.de" = ''
euer IN MX 1 aspmx.l.google.com.
nixos.unstable IN CNAME krebscode.github.io.
- pigstarter IN A ${nets.internet.ip4.addr}
gold IN A ${nets.internet.ip4.addr}
boot IN A ${nets.internet.ip4.addr}
'';
@@ -301,7 +300,7 @@ with import <stockholm/lib>;
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
aliases = [
"wry.r"
- "graphs.wry.r"
+ "graph.wry.r"
"paste.wry.r"
];
tinc.pubkey = ''
@@ -436,12 +435,13 @@ with import <stockholm/lib>;
mattermost.euer IN A ${nets.internet.ip4.addr}
git.euer IN A ${nets.internet.ip4.addr}
gum IN A ${nets.internet.ip4.addr}
+ pigstarter IN A ${nets.internet.ip4.addr}
cgit.euer IN A ${nets.internet.ip4.addr}
o.euer IN A ${nets.internet.ip4.addr}
dl.euer IN A ${nets.internet.ip4.addr}
euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
- graphs IN A ${nets.internet.ip4.addr}
+ graph IN A ${nets.internet.ip4.addr}
'';
};
nets = rec {
@@ -461,7 +461,7 @@ with import <stockholm/lib>;
"o.gum.r"
"tracker.makefu.r"
- "graphs.r"
+ "graph.r"
"wiki.makefu.r"
"wiki.gum.r"
"blog.makefu.r"
@@ -491,7 +491,7 @@ with import <stockholm/lib>;
ip4.prefix = "10.8.10.0/24";
aliases = [
"shoney.siem"
- "graphs.siem"
+ "graph.siem"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix
index f9eae8c92..044811c7d 100644
--- a/krebs/3modules/realwallpaper.nix
+++ b/krebs/3modules/realwallpaper.nix
@@ -32,9 +32,9 @@ let
default = "http://xplanetclouds.com/free/local/clouds_2048.jpg";
};
- outFile = mkOption {
+ marker = mkOption {
type = types.str;
- default = "/tmp/wallpaper.png";
+ default = "http://graph.r/marker.json";
};
timerConfig = mkOption {
@@ -43,7 +43,6 @@ let
OnCalendar = "*:0/15";
};
};
-
};
imp = {
@@ -63,6 +62,7 @@ let
imagemagick
curl
file
+ jq
];
environment = {
@@ -70,7 +70,7 @@ let
nightmap_url = cfg.nightmap;
daymap_url = cfg.daymap;
cloudmap_url = cfg.cloudmap;
- out_file = cfg.outFile;
+ marker_url = cfg.marker;
};
restartIfChanged = true;
diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix
index 5e4935e3a..17179a39f 100644
--- a/krebs/3modules/shared/default.nix
+++ b/krebs/3modules/shared/default.nix
@@ -47,6 +47,7 @@ in {
ip6.addr = "42:0:0:0:0:0:77:1";
aliases = [
"wolf.r"
+ "build.wolf.r"
"cgit.wolf.r"
];
tinc.pubkey = ''
diff --git a/krebs/5pkgs/irc-announce/default.nix b/krebs/5pkgs/irc-announce/default.nix
index e1f4919d5..6eb725b71 100644
--- a/krebs/5pkgs/irc-announce/default.nix
+++ b/krebs/5pkgs/irc-announce/default.nix
@@ -24,7 +24,7 @@ pkgs.writeDashBin "irc-announce" ''
# echo2 and cat2 are used output to both, stdout and stderr
# This is used to see what we send to the irc server. (debug output)
echo2() { echo "$*"; echo "$*" >&2; }
- cat2() { tee /dev/stderr; }
+ cat2() { awk '{print;print > "/dev/stderr"}'; }
# privmsg_cat transforms stdin to a privmsg
privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix
index 8c6676d0e..31ad12780 100644
--- a/krebs/5pkgs/krebspaste/default.nix
+++ b/krebs/5pkgs/krebspaste/default.nix
@@ -2,5 +2,5 @@
# TODO use `execve` instead?
writeDashBin "krebspaste" ''
- exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@"
+ exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" | sed '$ s/$/\/+inline/g'
''
diff --git a/krebs/5pkgs/realwallpaper/default.nix b/krebs/5pkgs/realwallpaper/default.nix
index 4fea977ec..dec2dada4 100644
--- a/krebs/5pkgs/realwallpaper/default.nix
+++ b/krebs/5pkgs/realwallpaper/default.nix
@@ -5,8 +5,8 @@ stdenv.mkDerivation {
src = fetchgit {
url = https://github.com/Lassulus/realwallpaper;
- rev = "c2778c3c235fc32edc8115d533a0d0853ab101c5";
- sha256 = "0yhbjz19zk8sj5dsvccm6skkqq2vardn1yi70qmd5li7qvp17mvs";
+ rev = "b8408cfb295b6ce5b965309b30358ca6c6409efd";
+ sha256 = "0yyl8hhqshw9bx04xs8glvir3c0qzvfrwzmbvyg318mnz5xalcl0";
};
phases = [
@@ -15,10 +15,6 @@ stdenv.mkDerivation {
];
buildInputs = [
- xplanet
- imagemagick
- curl
- file
];
installPhase = ''
diff --git a/krebs/5pkgs/tinc_graphs/default.nix b/krebs/5pkgs/tinc_graphs/default.nix
index e5f1e40e8..20bbc53ba 100644
--- a/krebs/5pkgs/tinc_graphs/default.nix
+++ b/krebs/5pkgs/tinc_graphs/default.nix
@@ -2,14 +2,14 @@
python3Packages.buildPythonPackage rec {
name = "tinc_graphs-${version}";
- version = "0.3.9";
+ version = "0.3.10";
propagatedBuildInputs = with pkgs;[
python3Packages.pygeoip
## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
];
src = fetchurl {
- url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz";
- sha256 = "0hjmkiclvyjb3707285x4b8mk5aqjcvh383hvkad1h7p1n61qrfx";
+ url = "mirror://pypi/t/tinc_graphs/${name}.tar.gz";
+ sha256 = "0f4cvb9424fhfmc0hbzmynzh9528fyhx00ayq1nbpgd1p89yw7mc";
};
preFixup = with pkgs;''
wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin"
diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix
index 9dfbf7cb8..99399550c 100644
--- a/lass/1systems/iso.nix
+++ b/lass/1systems/iso.nix
@@ -12,10 +12,33 @@ with import <stockholm/lib>;
../2configs/nixpkgs.nix
../2configs/vim.nix
{
+ # /dev/stderr doesn't work. I don't know why
+ # /proc/self doesn't seem to work correctly
+ # /dev/pts is empty except for 1 file
+ # my life sucks
+ nixpkgs.config.packageOverrides = super: {
+ irc-announce = super.callPackage <stockholm/krebs/5pkgs/irc-announce> {
+ pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [
+ pkgs.coreutils
+ (pkgs.writeDashBin "tee" ''
+ if test "$1" = /dev/stderr; then
+ while read -r line; do
+ echo "$line"
+ echo "$line" >&2
+ done
+ else
+ ${super.coreutils}/bin/tee "$@"
+ fi
+ '')
+ ];};
+ };
+ };
+ boot.kernelParams = [ "copytoram" ];
+ }
+ {
krebs.enable = true;
krebs.build.user = config.krebs.users.lass;
krebs.build.host = config.krebs.hosts.iso;
- krebs.build.source.nixos-config.symlink = "stockholm/lass/1systems/${config.krebs.buil.host.name}.nix";
}
{
nixpkgs.config.allowUnfree = true;
@@ -122,18 +145,12 @@ with import <stockholm/lib>;
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
+ systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ];
}
{
krebs.iptables = {
enable = true;
tables = {
- nat.PREROUTING.rules = [
- { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
- { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
- ];
- nat.OUTPUT.rules = [
- { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
- ];
filter.INPUT.policy = "DROP";
filter.FORWARD.policy = "DROP";
filter.INPUT.rules = [
@@ -148,5 +165,8 @@ with import <stockholm/lib>;
};
};
}
+ {
+ krebs.hidden-ssh.enable = true;
+ }
];
}
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index c196b391a..c8d9465d5 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -25,6 +25,7 @@ with import <stockholm/lib>;
../2configs/repo-sync.nix
../2configs/ircd.nix
../2configs/logf.nix
+ ../2configs/syncthing.nix
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
@@ -77,10 +78,6 @@ with import <stockholm/lib>;
services.redis.enable = true;
}
{
- #ipfs-testing
- services.ipfs.enable = true;
- }
- {
environment.systemPackages = [
pkgs.krebszones
];
@@ -89,6 +86,12 @@ with import <stockholm/lib>;
#ps vita stuff
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
}
+ {
+ services.tor = {
+ enable = true;
+ client.enable = true;
+ };
+ }
];
krebs.build.host = config.krebs.hosts.mors;
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index e5cbacfc8..41a909f16 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -46,6 +46,7 @@ in {
../2configs/monitoring/server.nix
../2configs/monitoring/monit-alarms.nix
../2configs/paste.nix
+ ../2configs/syncthing.nix
{
imports = [
../2configs/bepasty.nix
@@ -158,7 +159,7 @@ in {
}
{
users.users.chat.openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkmIvB8BekIE2W24+I0gnzkvkEoeulz/zQkDUVJK4oScbIvgTYmcHzQuHJyPueTm67bJCOcYaTwEDNhcR/ZvcyiCQ7Jwa5cLDTkCkcR9LQq8ry5jMNEanvTgrnBIEcwfS7jFpyFb/PRVG6hh2bPOfP+ksFplkq1BTzKt/UTaCBwVEZqi5XuFIlq/MqJg+FIjh+wyeNR5jHtqgAhVjR+YLVNXLgtVPE+dlSfbyRQHuA9FTkUj8BxxnTdwM5Sx33S61ddik1XvRn++IYqFl68fZhzyTME7t/Mvjdz8J7ew2bF2IbJrXt37yQCAOEEp9/RC5OloA7dd/5ZJjZxSzT2HnYROILsYr3S0WV4e+H2G66ZN0ftdUCYh1o5rtY7IrSes6yHsKYbpoij1IAkRkyt2XgEH5EZCk1Omx8AY3ekW1KFIEhz2DZEfnCEjPf4AGCYZ0uy4XEztxzTDkh25TVs/tym1+96qCJ1yAxwWZDbVhS/Z6aSBpsyeDRKcak8qoWVC2dEPdYuTUmwvmo3pmGn/a4UfOLNJTn0jSRjy3kSv1hYzosN4NSYZqEylFB0ABnlqoLpX3tmWtrkiKv19S+djVGxbaaYm3hjPJfds3qCWTJWPvxPPeCE8wGXVLYqOQxa5ZPYeoTwRof5YNSbj5RFYy9sDLTlHl+U4ASTHZM5S3akQ== JuiceSSH"
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH"
];
}
{
@@ -194,7 +195,7 @@ in {
../2configs/realwallpaper.nix
];
services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
- alias /tmp/wallpaper.png;
+ alias /var/realwallpaper/realwallpaper.png;
'';
}
{
@@ -254,19 +255,20 @@ in {
];
}
{
- krebs.Reaktor.coders = let
- lambdabot = (import (pkgs.fetchFromGitHub {
- owner = "NixOS"; repo = "nixpkgs";
- rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
- sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
- }) {}).lambdabot;
- in {
- nickname = "reaktor-lass";
+ krebs.Reaktor.coders = {
+ nickname = "Reaktor|lass";
channels = [ "#coders" ];
extraEnviron = {
REAKTOR_HOST = "irc.hackint.org";
};
plugins = with pkgs.ReaktorPlugins; let
+
+ lambdabot = (import (pkgs.fetchFromGitHub {
+ owner = "NixOS"; repo = "nixpkgs";
+ rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
+ sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
+ }) {}).lambdabot;
+
lambdabotflags = ''
-XStandaloneDeriving -XGADTs -XFlexibleContexts \
-XFlexibleInstances -XMultiParamTypeClasses \
@@ -349,6 +351,18 @@ in {
];
};
}
+ {
+ krebs.Reaktor.prism = {
+ nickname = "Reaktor|lass";
+ channels = [ "#retiolum" ];
+ extraEnviron = {
+ REAKTOR_HOST = "ni.r";
+ };
+ plugins = with pkgs.ReaktorPlugins; [
+ sed-plugin
+ ];
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 3032e244f..9c51effdc 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -32,8 +32,6 @@ in {
time.timeZone = "Europe/Berlin";
- virtualisation.libvirtd.enable = true;
-
programs.ssh.startAgent = false;
services.printing = {
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 3006e9dfb..7b38e44c6 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -20,7 +20,7 @@ in {
};
config.krebs.buildbot.master = let
- stockholm-mirror-url = http://cgit.lassul.us/stockholm ;
+ stockholm-mirror-url = http://cgit.prism.r/stockholm ;
in {
workers = {
testworker = "lasspass";
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 69f8a681e..e964704c3 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -64,7 +64,10 @@ with import <stockholm/lib>;
];
}
{
- services.dnscrypt-proxy.enable = true;
+ services.dnscrypt-proxy = {
+ enable = true;
+ resolverName = "cs-de";
+ };
networking.extraResolvconfConf = ''
name_servers='127.0.0.1'
'';
@@ -151,6 +154,10 @@ with import <stockholm/lib>;
p7zip
unzip
unrar
+
+ (pkgs.writeDashBin "sshn" ''
+ ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
+ '')
];
programs.bash = {
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
index 971be9588..31a01c754 100644
--- a/lass/2configs/fetchWallpaper.nix
+++ b/lass/2configs/fetchWallpaper.nix
@@ -6,7 +6,7 @@ in {
krebs.fetchWallpaper = {
enable = true;
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
- url = "prism/wallpaper.png";
+ url = "prism/realwallpaper-sat-krebs.png";
maxTime = 10;
};
}
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 24437d040..5f9800b0f 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://cgit.lassul.us/nixpkgs;
- ref = "a563923";
+ ref = "c85f39e";
};
}
diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix
index cf9795071..116d66276 100644
--- a/lass/2configs/realwallpaper.nix
+++ b/lass/2configs/realwallpaper.nix
@@ -10,11 +10,23 @@ in {
krebs.realwallpaper.enable = true;
services.nginx.virtualHosts.wallpaper = {
+ extraConfig = ''
+ if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
+ return 403;
+ }
+ '';
serverAliases = [
hostname
+ "${hostname}.r"
];
- locations."/wallpaper.png".extraConfig = ''
- root /tmp/;
+ locations."/realwallpaper.png".extraConfig = ''
+ root /var/realwallpaper/;
+ '';
+ locations."/realwallpaper-sat.png".extraConfig = ''
+ root /var/realwallpaper/;
+ '';
+ locations."/realwallpaper-sat-krebs.png".extraConfig = ''
+ root /var/realwallpaper/;
'';
};
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
new file mode 100644
index 000000000..cef43d1e6
--- /dev/null
+++ b/lass/2configs/syncthing.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ services.syncthing = {
+ enable = true;
+ useInotify = true;
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
+ { predicate = "-p udp --dport 21027"; target = "ACCEPT";}
+ ];
+}
diff --git a/makefu/1systems/fileleech.nix b/makefu/1systems/fileleech.nix
index 4f92c2b90..3aa5a54f8 100644
--- a/makefu/1systems/fileleech.nix
+++ b/makefu/1systems/fileleech.nix
@@ -32,7 +32,6 @@ in {
../2configs/elchos/log.nix
../2configs/elchos/search.nix
../2configs/elchos/stats.nix
- ../2configs/stats-srv.nix
];
systemd.services.grafana.serviceConfig.LimitNOFILE=10032;
@@ -129,6 +128,7 @@ in {
# createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.makefu.pubkey
+ config.krebs.users.lass.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de"
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index c39997ebf..3186f8887 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -35,10 +35,12 @@ in {
../2configs/nginx/update.connector.one.nix
../2configs/deployment/mycube.connector.one.nix
../2configs/deployment/graphs.nix
+ # ../2configs/ipfs.nix
+ ../2configs/syncthing.nix
# ../2configs/opentracker.nix
../2configs/logging/central-stats-client.nix
- ../2configs/logging/central-logging-client.nix
+ # ../2configs/logging/central-logging-client.nix
];
services.smartd.devices = [ { device = "/dev/sda";} ];
@@ -79,7 +81,6 @@ in {
];
services.bitlbee.enable = true;
systemd.services.bitlbee.environment.BITLBEE_DEBUG="1";
- # systemd.services.bitlbee.serviceConfig.ExecStart = "${pkgs.bitlbee}/bin/bitlbee -Dnv -c
# Hardware
boot.loader.grub.device = "/dev/sda";
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index 99303b604..ff34ee843 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -53,9 +53,10 @@ in {
../2configs/omo-share.nix
../2configs/tinc/retiolum.nix
../2configs/logging/central-stats-server.nix
- ../2configs/logging/central-logging-server.nix
+ # ../2configs/logging/central-logging-server.nix
../2configs/logging/central-stats-client.nix
- ../2configs/logging/central-logging-client.nix
+ ../2configs/syncthing.nix
+ # ../2configs/logging/central-logging-client.nix
# ../2configs/torrent.nix
diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix
index 96aeb2856..9f04e97eb 100644
--- a/makefu/1systems/shoney.nix
+++ b/makefu/1systems/shoney.nix
@@ -31,7 +31,7 @@ in {
anonymous-domain = "localhost.localdomain";
anonymous.extraConfig = "return 403;";
complete = {
- serverAliases = [ "graphs.siem" ];
+ serverAliases = [ "graph.siem" ];
extraConfig = ''
if ( $server_addr = "${ip}" ) {
return 403;
diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix
index 9cedc04a8..866aac3bd 100644
--- a/makefu/1systems/x.nix
+++ b/