summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/1systems/onebutton/config.nix44
-rw-r--r--krebs/1systems/onebutton/source.nix16
-rw-r--r--krebs/2configs/news-spam.nix3
-rw-r--r--krebs/2configs/news.nix2
-rw-r--r--krebs/2configs/shack/worlddomination.nix72
-rw-r--r--krebs/3modules/krebs/default.nix31
-rw-r--r--krebs/3modules/lass/default.nix93
-rw-r--r--krebs/3modules/makefu/default.nix1
-rw-r--r--krebs/3modules/newsbot-js.nix1
-rw-r--r--krebs/5pkgs/simple/Reaktor/plugins.nix23
-rw-r--r--krebs/5pkgs/simple/ejabberd/default.nix27
-rw-r--r--krebs/5pkgs/simple/ejabberd/ejabberdctl.patch32
-rw-r--r--krebs/5pkgs/simple/generate-secrets/default.nix46
-rw-r--r--krebs/5pkgs/simple/kops.nix4
-rw-r--r--krebs/5pkgs/simple/pssh/default.nix36
-rw-r--r--krebs/5pkgs/simple/ucspi-tcp/chmod.patch15
-rw-r--r--krebs/5pkgs/simple/ucspi-tcp/default.nix86
-rw-r--r--krebs/5pkgs/simple/urlwatch/default.nix29
-rw-r--r--krebs/kops.nix2
-rw-r--r--lass/1systems/cabal/config.nix2
-rw-r--r--lass/1systems/daedalus/config.nix2
-rw-r--r--lass/1systems/echelon/config.nix50
-rw-r--r--lass/1systems/helios/config.nix38
-rw-r--r--lass/1systems/icarus/config.nix2
-rw-r--r--lass/1systems/littleT/config.nix2
-rw-r--r--lass/1systems/mors/config.nix46
-rw-r--r--lass/1systems/prism/config.nix89
-rw-r--r--lass/1systems/red/config.nix31
-rw-r--r--lass/1systems/red/source.nix (renamed from lass/1systems/echelon/source.nix)3
-rw-r--r--lass/1systems/shodan/config.nix2
-rw-r--r--lass/1systems/skynet/config.nix1
-rw-r--r--lass/1systems/xerxes/source.nix6
-rw-r--r--lass/2configs/AP.nix77
-rw-r--r--lass/2configs/backup.nix20
-rw-r--r--lass/2configs/backups.nix173
-rw-r--r--lass/2configs/baseX.nix1
-rw-r--r--lass/2configs/bitcoin.nix10
-rw-r--r--lass/2configs/dcso-dev.nix1
-rw-r--r--lass/2configs/default.nix3
-rw-r--r--lass/2configs/dns-stuff.nix16
-rw-r--r--lass/2configs/exim-smarthost.nix1
-rw-r--r--lass/2configs/gc.nix2
-rw-r--r--lass/2configs/git.nix14
-rw-r--r--lass/2configs/go.nix19
-rw-r--r--lass/2configs/mail.nix5
-rw-r--r--lass/2configs/monitoring/client.nix26
-rw-r--r--lass/2configs/monitoring/monit-alarms.nix44
-rw-r--r--lass/2configs/monitoring/node-exporter.nix15
-rw-r--r--lass/2configs/monitoring/prometheus-server.nix217
-rw-r--r--lass/2configs/monitoring/server.nix87
-rw-r--r--lass/2configs/reaktor-coders.nix15
-rw-r--r--lass/2configs/syncthing.nix1
-rw-r--r--lass/2configs/websites/lassulus.nix56
-rw-r--r--lass/2configs/websites/util.nix59
-rw-r--r--lass/2configs/zsh.nix4
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/restic.nix119
-rw-r--r--lass/5pkgs/l-gen-secrets/default.nix (renamed from lass/5pkgs/generate-secrets/default.nix)6
-rw-r--r--lib/types.nix8
-rw-r--r--makefu/1systems/gum/config.nix4
-rw-r--r--makefu/1systems/wbob/config.nix4
-rw-r--r--makefu/1systems/x/config.nix10
-rw-r--r--makefu/2configs/bluetooth-mpd.nix17
-rw-r--r--makefu/2configs/git/cgit-retiolum.nix1
-rw-r--r--makefu/2configs/gui/automatic-diskmount.nix44
-rw-r--r--makefu/2configs/hydra/stockholm.nix1
-rw-r--r--makefu/2configs/main-laptop.nix1
-rw-r--r--makefu/2configs/nginx/misa-felix-hochzeit.ml.nix17
-rw-r--r--makefu/2configs/remote-build/master.nix14
-rw-r--r--makefu/2configs/stats/arafetch.nix19
-rw-r--r--makefu/2configs/urlwatch/default.nix1
-rw-r--r--makefu/5pkgs/ampel/default.nix6
-rw-r--r--makefu/5pkgs/awesomecfg/full.cfg3
-rw-r--r--makefu/5pkgs/devpi/default.nix13
-rw-r--r--makefu/source.nix7
-rw-r--r--nin/2configs/vim.nix1
77 files changed, 1132 insertions, 869 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 98fb88702..662e094d1 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -21,4 +21,5 @@
boot.isContainer = true;
networking.useDHCP = false;
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
+ environment.variables.NIX_REMOTE = "daemon";
}
diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix
new file mode 100644
index 000000000..c634d73ce
--- /dev/null
+++ b/krebs/1systems/onebutton/config.nix
@@ -0,0 +1,44 @@
+{ config, pkgs, lib, ... }:
+{
+ imports = [
+ <stockholm/krebs>
+ <stockholm/krebs/2configs>
+ { # minimal disk usage
+ environment.noXlibs = true;
+ nix.gc.automatic = true;
+ nix.gc.dates = "03:10";
+ programs.info.enable = false;
+ programs.man.enable = false;
+ services.journald.extraConfig = "SystemMaxUse=50M";
+ services.nixosManual.enable = false;
+ }
+ ];
+ krebs.build.host = config.krebs.hosts.onebutton;
+ # NixOS wants to enable GRUB by default
+ boot.loader.grub.enable = false;
+ # Enables the generation of /boot/extlinux/extlinux.conf
+ boot.loader.generic-extlinux-compatible.enable = true;
+
+ # !!! If your board is a Raspberry Pi 1, select this:
+ boot.kernelPackages = pkgs.linuxPackages_rpi;
+
+ nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
+ nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
+
+ # !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
+ # boot.kernelParams = ["cma=32M"];
+
+ fileSystems = {
+ "/boot" = {
+ device = "/dev/disk/by-label/NIXOS_BOOT";
+ fsType = "vfat";
+ };
+ "/" = {
+ device = "/dev/disk/by-label/NIXOS_SD";
+ fsType = "ext4";
+ };
+ };
+
+ swapDevices = [ { device = "/swapfile"; size = 1024; } ];
+ services.openssh.enable = true;
+}
diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix
new file mode 100644
index 000000000..8f25881c9
--- /dev/null
+++ b/krebs/1systems/onebutton/source.nix
@@ -0,0 +1,16 @@
+with import <stockholm/lib>;
+let
+ pkgs = import <nixpkgs> {};
+ nixpkgs = pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs-channels";
+ rev = "6c064e6b"; # only binary cache for unstable arm6
+ sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd";
+ };
+in import <stockholm/krebs/source.nix> {
+ name = "onebutton";
+ override.nixpkgs = mkForce {
+ file = toString nixpkgs;
+ };
+
+}
diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix
index 63848c234..69c503bf9 100644
--- a/krebs/2configs/news-spam.nix
+++ b/krebs/2configs/news-spam.nix
@@ -2,6 +2,7 @@
{
krebs.newsbot-js.news-spam = {
+ urlShortenerHost = "go.lassul.us";
feeds = pkgs.writeText "feeds" ''
[SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
[SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
@@ -120,7 +121,7 @@
[SPAM]sciencemag|http://news.sciencemag.org/rss/current.xml|#snews
[SPAM]scmp|http://www.scmp.com/rss/91/feed|#snews
[SPAM]sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews
- [SPAM]shackspace|http://blog.shackspace.de/?feed=rss2|#snews
+ [SPAM]shackspace|http://shackspace.de/atom.xml|#snews
[SPAM]shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews
[SPAM]sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews
[SPAM]sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 2628c7986..49a5e3459 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -11,7 +11,7 @@
painload|https://github.com/krebscode/painload/commits/master.atom|#news
reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
- shackspace|http://blog.shackspace.de/?feed=rss2|#news
+ shackspace|http://shackspace.de/atom.xml|#news
tinc|http://tinc-vpn.org/news/index.rss|#news
vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
weechat|http://dev.weechat.org/feed/atom|#news
diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix
index 828b6cd70..838c1958e 100644
--- a/krebs/2configs/shack/worlddomination.nix
+++ b/krebs/2configs/shack/worlddomination.nix
@@ -2,8 +2,56 @@
with import <stockholm/lib>;
let
+ pkg = pkgs.stdenv.mkDerivation {
+ name = "worlddomination-2018-04-21";
+ src = pkgs.fetchgit {
+ url = "https://github.com/shackspace/worlddomination/";
+ rev = "1b32403b9";
+ sha256 = "10x7aiil13k3x9wqy95mi1ys999d6fxg5sys3jwv7a1p930gkl1i";
+ };
+ buildInputs = [
+ (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
+ docopt
+ LinkHeader
+ aiocoap
+ grequests
+ paramiko
+ python
+ ]))
+ ];
+ installPhase = ''
+ install -m755 -D backend/push_led.py $out/bin/push-led
+ install -m755 -D backend/loop_single.py $out/bin/loop-single
+ # copy the provided file to the package
+ install -m755 -D backend/wd.lst $out/${wdpath}
+ '';
+ };
pythonPackages = pkgs.python3Packages;
# https://github.com/chrysn/aiocoap
+ grequests = pythonPackages.buildPythonPackage rec {
+ pname = "grequests";
+ version = "0.3.1";
+ name = "${pname}-${version}";
+
+ src = pkgs.fetchFromGitHub {
+ owner = "kennethreitz";
+ repo = "grequests";
+ rev = "d1e70eb";
+ sha256 = "0drfx4fx65k0g5sj0pw8z3q1s0sp7idn2yz8xfb45nd6v82i37hc";
+ };
+
+ doCheck = false;
+
+ propagatedBuildInputs = with pythonPackages; [ requests gevent ];
+
+ meta = with lib;{
+ description = "Asynchronous HTTP requests";
+ homepage = https://github.com/kennethreitz/grequests;
+ license = with licenses; [ bsd2 ];
+ maintainers = with maintainers; [ matejc ];
+ };
+ };
+
aiocoap = pythonPackages.buildPythonPackage {
name = "aiocoap-0.3";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; };
@@ -25,30 +73,6 @@ let
description = "Parse and format link headers according to RFC 5988 \"Web Linking\"";
};
};
- pkg = pkgs.stdenv.mkDerivation {
- name = "worlddomination-2017-06-10";
- src = pkgs.fetchgit {
- url = "https://github.com/shackspace/worlddomination/";
- rev = "72fc9b5";
- sha256 = "05h500rswzypcxy4i22qc1vkc8izbzfqa9m86xg289hjxh133xyf";
- };
- buildInputs = [
- (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
- docopt
- LinkHeader
- aiocoap
- requests
- paramiko
- python
- ]))
- ];
- installPhase = ''
- install -m755 -D backend/push_led.py $out/bin/push-led
- install -m755 -D backend/loop_single.py $out/bin/loop-single
- # copy the provided file to the package
- install -m755 -D backend/wd.lst $out/${wdpath}
- '';
- };
wdpath = "/usr/worlddomination/wd.lst";
esphost = "10.42.24.7"; # esp8266
timeout = 10; # minutes
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 1e626f0a0..a916c1873 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -91,6 +91,37 @@ in {
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp";
};
+ onebutton = {
+ cores = 1;
+ owner = config.krebs.users.krebs;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.101";
+ ip6.addr = "42:0:0:0:0:0:0:101";
+ aliases = [
+ "onebutton.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA11w6votRExwE0ZEiQmPa
+ 9WGNsMfNAZEd14iHaHCZH7UPQEH+cH/T6isGPpaysindroMnqFe9mUf/cdYChb6N
+ aaFreApwGBQaJPUcdy4cfphrFpzmOClpOFuFbnV7ZvAk/wefBad3kUzsq/lK4HvB
+ 7nPKeOB9kljphLrkzuLL/h2yOenMpO2ZdvwxyWN8HKmUNgvpBQjIr+Hka6cgy7Gp
+ pBVFHfSnad/eHeEvq91O/bHxrAxzH5N5DVagPDpkbiWYGl+0XVGP/h0CApr15Ael
+ +j2pJYc0ZlaXIp4KmNRqbd/fLe52JLrWbnFX4rRuY/DhoMqK8kjECEZ7gLiNSpCC
+ KlnlJ2LXX9c+d79ubzl5yLAJ3d6T4IJqkbAWJDuCrj821M9ZDk/qZwerayhrrvkF
+ tMYkQoGSe8MvSOU0rTEoH5iSRwDC7M0XzUe4l8/yZLFyD4Prz/dq6coqANfk/tlE
+ DnH3vDu9lmFvYrLcd6yDWzFfI3mWDJoUa6AKKoScCOaCkRfIM4Aew0i73+h1nJLO
+ 59AAbZIkDYyWs53QniIG4EQteI9y/9j/628nPAVj68V5oIN76RDXfFHWDWq4DxmU
+ PpGVmoIKcKZmnl7RrDomRVpuGMdyQ+kCzIGH3XYe12v8Y5beHZBrd3OajgHZ/Tfp
+ jP873cT6h0hsGm9glgOYho8CAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe ";
+ };
puyak = {
ci = true;
owner = config.krebs.users.krebs;
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 0c3e68c39..48df04bcb 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -9,6 +9,7 @@ with import <stockholm/lib>;
hosts = mapAttrs (_: recursiveUpdate {
owner = config.krebs.users.lass;
ci = true;
+ monitoring = true;
}) {
dishfire = {
cores = 4;
@@ -43,39 +44,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
};
- echelon = {
- cores = 2;
- nets = rec {
- internet = {
- ip4.addr = "64.137.242.41";
- aliases = [
- "echelon.i"
- ];
- ssh.port = 45621;
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.206.103";
- ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f763";
- aliases = [
- "echelon.r"
- "cgit.echelon.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ
- oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX
- MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f
- 4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA
- n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p
- do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
- };
prism = rec {
cores = 4;
extraZones = {
@@ -86,14 +54,17 @@ with import <stockholm/lib>;
"lassul.us" = ''
$TTL 3600
@ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300)
- 60 IN NS ns16.ovh.net.
- 60 IN NS dns16.ovh.net.
- 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- 60 IN TXT v=spf1 mx a:lassul.us -all
- cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- io 60 IN NS ions.lassul.us.
- ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ 60 IN NS ns16.ovh.net.
+ 60 IN NS dns16.ovh.net.
+ 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ 60 IN TXT v=spf1 mx a:lassul.us -all
+ 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
+ default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
+ cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ io 60 IN NS ions.lassul.us.
+ ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
nets = rec {
@@ -149,6 +120,7 @@ with import