summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/1systems/puyak/config.nix58
-rw-r--r--krebs/1systems/puyak/source.nix3
-rw-r--r--krebs/1systems/wolf/config.nix2
-rw-r--r--krebs/2configs/cgit-mirror.nix45
-rw-r--r--krebs/2configs/default.nix2
-rw-r--r--krebs/2configs/repo-sync.nix91
-rw-r--r--krebs/2configs/secret-passwords.nix6
-rw-r--r--krebs/2configs/shared-buildbot.nix34
-rw-r--r--krebs/3modules/git.nix3
-rw-r--r--krebs/3modules/krebs/default.nix36
-rw-r--r--krebs/6tests/data/secrets/hashedPasswords.nix1
-rw-r--r--lass/2configs/backups.nix88
-rw-r--r--lass/2configs/buildbot-standalone.nix2
-rw-r--r--makefu/1systems/gum/config.nix9
-rw-r--r--makefu/1systems/omo/config.nix35
-rw-r--r--makefu/1systems/studio/source.nix5
-rw-r--r--shell.nix4
-rw-r--r--tv/3modules/ejabberd/config.nix218
-rw-r--r--tv/3modules/ejabberd/default.nix42
-rw-r--r--tv/5pkgs/default.nix4
-rw-r--r--tv/5pkgs/ejabberd/default.nix28
21 files changed, 474 insertions, 242 deletions
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
new file mode 100644
index 000000000..f55da019a
--- /dev/null
+++ b/krebs/1systems/puyak/config.nix
@@ -0,0 +1,58 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ <stockholm/krebs>
+ <stockholm/krebs/2configs>
+ <stockholm/krebs/2configs/secret-passwords.nix>
+
+ <stockholm/krebs/2configs/repo-sync.nix>
+ <stockholm/krebs/2configs/shared-buildbot.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.puyak;
+
+ boot = {
+ loader.systemd-boot.enable = true;
+ loader.efi.canTouchEfiVariables = true;
+
+ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ];
+ initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ };
+
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/pool-root";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/boot" = {
+ device = "/dev/sda2";
+ };
+ "/home" = {
+ device = "/dev/mapper/pool-home";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/tmp" = {
+ device = "tmpfs";
+ fsType = "tmpfs";
+ options = ["nosuid" "nodev" "noatime"];
+ };
+ };
+
+ hardware.enableAllFirmware = true;
+ networking.wireless.enable = true;
+ nixpkgs.config.allowUnfree = true;
+
+ services.logind.extraConfig = ''
+ HandleLidSwitch=ignore
+ '';
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0"
+ '';
+
+}
diff --git a/krebs/1systems/puyak/source.nix b/krebs/1systems/puyak/source.nix
new file mode 100644
index 000000000..a21651899
--- /dev/null
+++ b/krebs/1systems/puyak/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/krebs/source.nix> {
+ name = "puyak";
+}
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index b8cc1b4a1..32e7bd49d 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -11,7 +11,6 @@ in
<stockholm/krebs/2configs/central-stats-client.nix>
<stockholm/krebs/2configs/save-diskspace.nix>
- <stockholm/krebs/2configs/cgit-mirror.nix>
<stockholm/krebs/2configs/graphite.nix>
<stockholm/krebs/2configs/repo-sync.nix>
<stockholm/krebs/2configs/shared-buildbot.nix>
@@ -101,6 +100,7 @@ in
users.extraUsers.root.openssh.authorizedKeys.keys = [
config.krebs.users.ulrich.pubkey
+ config.krebs.users.makefu-omo.pubkey
];
time.timeZone = "Europe/Berlin";
diff --git a/krebs/2configs/cgit-mirror.nix b/krebs/2configs/cgit-mirror.nix
deleted file mode 100644
index c2326a5cc..000000000
--- a/krebs/2configs/cgit-mirror.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- rules = with git; singleton {
- user = [ wolf-repo-sync ];
- repo = [ stockholm-mirror ];
- perm = push ''refs/*'' [ non-fast-forward create delete merge ];
- };
-
- stockholm-mirror = {
- public = true;
- name = "stockholm-mirror";
- cgit.desc = "mirror for all stockholm branches";
- hooks = {
- post-receive = pkgs.git-hooks.irc-announce {
- nick = config.networking.hostName;
- verbose = false;
- channel = "#retiolum";
- server = "ni.r";
- };
- };
- };
-
- wolf-repo-sync = {
- name = "wolf-repo-sync";
- mail = "spam@krebsco.de";
- # TODO put git-sync pubkey somewhere more appropriate
- pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwuAZB3wtAvBJFYh+gWdyGaZU4mtqM2dFXmh2rORlbXeh02msu1uv07ck1VKkQ4LgvCBcBsAOeVa1NTz99eLqutwgcqMCytvRNUCibcoEWwHObsK53KhDJj+zotwlFhnPPeK9+EpOP4ngh/tprJikttos5BwBwe2K+lfiid3fmVPZcTTYa77nCwijimMvWEx6CEjq1wiXMUc4+qcEn8Swbwomz/EEQdNE2hgoC3iMW9RqduTFdIJWnjVi0KaxenX9CvQRGbVK5SSu2gwzN59D/okQOCP6+p1gL5r3QRHSLSSRiEHctVQTkpKOifrtLZGSr5zArEmLd/cOVyssHQPCX repo-sync@wolf'';
- };
-
-in {
- krebs.users.wolf-repo-sync = wolf-repo-sync;
- krebs.git = {
- enable = true;
- cgit = {
- settings = {
- root-title = "Shared Repos";
- root-desc = "keep on krebsing";
- };
- };
- inherit rules;
- repos.stockholm-mirror = stockholm-mirror;
- };
-}
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 53ad56d65..901516e50 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -46,6 +46,6 @@ with import <stockholm/lib>;
# The NixOS release to be compatible with for stateful data such as databases.
- system.stateVersion = "15.09";
+ system.stateVersion = "17.03";
}
diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix
index 637a26e3c..157a30e69 100644
--- a/krebs/2configs/repo-sync.nix
+++ b/krebs/2configs/repo-sync.nix
@@ -1,31 +1,80 @@
{ config, lib, pkgs, ... }:
-with lib;
-{
- krebs.repo-sync = let
- # TODO addMirrorURL function
- mirror = "git@wolf:stockholm-mirror";
- in {
- enable = true;
- repos.stockholm = {
- branches = {
- makefu = {
- origin.url = http://cgit.gum/stockholm ;
- mirror.url = mirror;
+with import <stockholm/lib>;
+
+let
+ mirror = "git@${config.networking.hostName}:";
+
+ defineRepo = name: announce: let
+ repo = {
+ public = true;
+ name = mkDefault "${name}";
+ cgit.desc = mkDefault "mirror for ${name}";
+ cgit.section = mkDefault "mirror";
+ hooks = mkIf announce (mkDefault {
+ post-receive = pkgs.git-hooks.irc-announce {
+ nick = config.networking.hostName;
+ verbose = false;
+ channel = "#retiolum";
+ server = "ni.r";
+ branches = [ "newest" ];
};
- tv = {
- origin.url = http://cgit.ni.r/stockholm;
- mirror.url = mirror;
+ });
+ };
+ in {
+ rules = with git; singleton {
+ user = with config.krebs.users; [
+ config.krebs.users."${config.networking.hostName}-repo-sync"
+ ];
+ repo = [ repo ];
+ perm = push ''refs/*'' [ non-fast-forward create delete merge ];
+ };
+ repos."${name}" = repo;
+ };
+
+ sync-retiolum = name:
+ {
+ krebs.repo-sync.repos.${name} = {
+ branches = {
+ makefu = {
+ origin.url = "http://cgit.gum/${name}";
+ mirror.url = "${mirror}${name}";
+ };
+ tv = {
+ origin.url = "http://cgit.ni.r/${name}";
+ mirror.url = "${mirror}${name}";
+ };
+ nin = {
+ origin.url = "http://cgit.onondaga.r/${name}";
+ mirror.url = "${mirror}${name}";
+ };
+ lassulus = {
+ origin.url = "http://cgit.lassul.us/${name}";
+ mirror.url = "${mirror}${name}";
+ };
};
- lassulus = {
- origin.url = http://cgit.prism/stockholm ;
- mirror.url = mirror;
+ latest = {
+ url = "${mirror}${name}";
+ ref = "heads/newest";
};
};
- latest = {
- url = mirror;
- ref = "heads/master";
+ krebs.git = defineRepo name true;
+ };
+
+in {
+ krebs.repo-sync = {
+ enable = true;
+ };
+ krebs.git = {
+ enable = mkDefault true;
+ cgit = {
+ settings = {
+ root-title = "Shared Repos";
+ root-desc = "keep on krebsing";
};
};
};
+ imports = [
+ (sync-retiolum "stockholm")
+ ];
}
diff --git a/krebs/2configs/secret-passwords.nix b/krebs/2configs/secret-passwords.nix
new file mode 100644
index 000000000..5d265eba6
--- /dev/null
+++ b/krebs/2configs/secret-passwords.nix
@@ -0,0 +1,6 @@
+{ ... }: with import <stockholm/lib>;
+{
+ users.extraUsers =
+ mapAttrs (_: h: { hashedPassword = h; })
+ (import <secrets/hashedPasswords.nix>);
+}
diff --git a/krebs/2configs/shared-buildbot.nix b/krebs/2configs/shared-buildbot.nix
index efb41cc3e..a9e5afc75 100644
--- a/krebs/2configs/shared-buildbot.nix
+++ b/krebs/2configs/shared-buildbot.nix
@@ -1,30 +1,34 @@
{ lib, config, pkgs, ... }:
-# The buildbot config is self-contained and currently provides a way
+# The buildbot config is self-contained and currently provides a way
# to test "krebs" configuration (infrastructure to be used by every krebsminister).
# You can add your own test, test steps as required. Deploy the config on a
# krebs host like wolf and everything should be fine.
# TODO for all users schedule a build for fast tests
-{
+let
+ hostname = config.networking.hostName;
+in {
# due to the fact that we actually build stuff on the box via the daemon,
# /nix/store should be cleaned up automatically as well
- services.nginx.virtualHosts.build = {
- serverAliases = [ "build.wolf.r" ];
- locations."/".extraConfig = ''
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_pass http://localhost:${toString config.krebs.buildbot.master.web.port};
- '';
+ services.nginx = {
+ enable = true;
+ virtualHosts.build = {
+ serverAliases = [ "build.${hostname}.r" ];
+ locations."/".extraConfig = ''
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_pass http://127.0.0.1:${toString config.krebs.buildbot.master.web.port};
+ '';
+ };
};
nix.gc.automatic = true;
nix.gc.dates = "05:23";
- networking.firewall.allowedTCPPorts = [ 8010 9989 ];
+ networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
krebs.buildbot.master = let
- stockholm-mirror-url = http://cgit.wolf.r/stockholm-mirror ;
+ stockholm-mirror-url = "http://cgit.${hostname}.r/stockholm" ;
in {
- secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ];
workers = {
testworker = "krebspass";
};
@@ -155,13 +159,13 @@
};
irc = {
enable = true;
- nick = "wolfbot";
+ nick = "${hostname}bot";
server = "ni.r";
channels = [ { channel = "retiolum"; } ];
allowForce = true;
};
extraConfig = ''
- c['buildbotURL'] = "http://build.wolf.r/"
+ c['buildbotURL'] = "http://build.${hostname}.r/"
'';
};
@@ -173,6 +177,6 @@
packages = with pkgs; [ gnumake jq nix populate ];
# all nix commands will need a working nixpkgs installation
extraEnviron = {
- NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./krebs/1systems/wolf.nix"; };
+ NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./krebs/1systems/${hostname}/config.nix:stockholm=./"; };
};
}
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 884108ebb..93211d9d4 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -569,7 +569,8 @@ let
if ! test -d "$repodir"; then
mkdir -m "$mode" "$repodir"
git init --bare --template=/var/empty "$repodir"
- chown -R git:nogroup "$repodir"
+ # TODO fix correctly with stringAfter
+ chown -R ${toString config.users.users.git.uid}:nogroup "$repodir"
fi
ln -s ${hooks} "$repodir/hooks"
''
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 0aa0cac9d..f751b4f9f 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -30,6 +30,32 @@ let
});
in {
hosts = {
+ puyak = {
+ owner = config.krebs.users.krebs;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.77.2";
+ ip6.addr = "42:0:0:0:0:0:77:2";
+ aliases = [
+ "puyak.r"
+ "build.puyak.r"
+ "cgit.puyak.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAwwDvaVKSJmAi1fpbsmjLz1DQVTgqnx56GkHKbz5sHwAfPVQej955
+ SwotAPBrOT5P3pZ52Pu326SR5nj9XWfN6GD0CkcDQddtRG5OOtUWlvkYzZraNh33
+ p9l8TBgHJKogGe6umbs+4v7pWfbS0k708L2ttwY0ceju6RL6UqShIYB6qhDzwalU
+ p8s7pypl7BwrsTwYkUGleIptiN78cYv/NHvXhvXBuVGz4J0tCH4GMvdTHCah1l1r
+ zwEpKlAq0FD6bgYTJL94Tvxe2xzyr8c+xn1+XbJtMudGmrRjIHS6YupzO/Y2MO7w
+ UkbMKDhYVhSPFEyk6PMm0SU9uAh4I1+8BQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY";
+ };
wolf = {
owner = config.krebs.users.krebs;
nets = {
@@ -70,5 +96,15 @@ in {
krebs = {
pubkey = "lol"; # TODO krebs.users.krebs.pubkey should be unnecessary
};
+ puyak-repo-sync = {
+ name = "puyak-repo-sync";
+ mail = "spam@krebsco.de";
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ+18mG/cV1YbR9PXzuu3ScyV9kENy08OXUntpmgh9H2";
+ };
+ wolf-repo-sync = {
+ name = "wolf-repo-sync";
+ mail = "spam@krebsco.de";
+ pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwuAZB3wtAvBJFYh+gWdyGaZU4mtqM2dFXmh2rORlbXeh02msu1uv07ck1VKkQ4LgvCBcBsAOeVa1NTz99eLqutwgcqMCytvRNUCibcoEWwHObsK53KhDJj+zotwlFhnPPeK9+EpOP4ngh/tprJikttos5BwBwe2K+lfiid3fmVPZcTTYa77nCwijimMvWEx6CEjq1wiXMUc4+qcEn8Swbwomz/EEQdNE2hgoC3iMW9RqduTFdIJWnjVi0KaxenX9CvQRGbVK5SSu2gwzN59D/okQOCP6+p1gL5r3QRHSLSSRiEHctVQTkpKOifrtLZGSr5zArEmLd/cOVyssHQPCX repo-sync@wolf'';
+ };
};
}
diff --git a/krebs/6tests/data/secrets/hashedPasswords.nix b/krebs/6tests/data/secrets/hashedPasswords.nix
new file mode 100644
index 000000000..0967ef424
--- /dev/null
+++ b/krebs/6tests/data/secrets/hashedPasswords.nix
@@ -0,0 +1 @@
+{}
diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix
index b20e15dd9..abc55a0e1 100644
--- a/lass/2configs/backups.nix
+++ b/lass/2configs/backups.nix
@@ -2,6 +2,8 @@
with import <stockholm/lib>;
{
+ # TODO add timerConfig to krebs.backup and randomize startup
+ # TODO define plans more abstract
krebs.backup.plans = {
} // mapAttrs (_: recursiveUpdate {
snapshots = {
@@ -17,6 +19,12 @@ with import <stockholm/lib>;
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; };
startAt = "03:00";
};
+ dishfire-http-icarus = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-http"; };
+ startAt = "03:10";
+ };
dishfire-http-mors = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
@@ -26,7 +34,7 @@ with import <stockholm/lib>;
dishfire-http-shodan = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
- dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-http"; };
+ dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-http"; };
startAt = "03:10";
};
dishfire-sql-prism = {
@@ -35,6 +43,12 @@ with import <stockholm/lib>;
dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; };
startAt = "03:15";
};
+ dishfire-sql-icarus = {
+ method = "pull";
+ src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-sql"; };
+ startAt = "03:25";
+ };
dishfire-sql-mors = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
@@ -44,21 +58,33 @@ with import <stockholm/lib>;
dishfire-sql-shodan = {
method = "pull";
src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
- dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-sql"; };
+ dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-sql"; };
+ startAt = "03:25";
+ };
+ prism-bitlbee-icarus = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
+ dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-bitlbee"; };
startAt = "03:25";
};
prism-bitlbee-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
- dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; };
startAt = "03:25";
};
prism-bitlbee-shodan = {
method = "pull";
- src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
+ src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-bitlbee"; };
startAt = "03:25";
};
+ prism-chat-icarus = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
+ dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-chat"; };
+ startAt = "03:35";
+ };
prism-chat-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
@@ -67,10 +93,16 @@ with import <stockholm/lib>;
};
prism-chat-shodan = {
method = "pull";
- src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
+ src = { host = config.krebs.hosts.prism; path = "/home/chat"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-chat"; };
startAt = "03:35";
};
+ prism-sql-icarus = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-sql_dumps"; };
+ startAt = "03:45";
+ };
prism-sql-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
@@ -79,10 +111,16 @@ with import <stockholm/lib>;
};
prism-sql-shodan = {
method = "pull";
- src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
+ src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-sql_dumps"; };
startAt = "03:45";
};
+ prism-http-icarus = {
+ method = "pull";
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-http"; };
+ startAt = "03:55";
+ };
prism-http-mors = {
method = "pull";
src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
@@ -91,21 +129,45 @@ with import <stockholm/lib>;
};
prism-http-shodan = {
method = "pull";
- src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
+ src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-http"; };
startAt = "03:55";
};
- shodan-home-mors = {
- method = "pull";
- src = { host = config.krebs.hosts.shodan; path = "/home"; };
- dst = { host = config.krebs.hosts.mors; path = "/bku/shodan-home"; };
- startAt = "04:00";
+ icarus-home-mors = {
+ method = "push";
+ src = { host = config.krebs.hosts.icarus; path = "/home"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/icarus-home"; };
+ startAt = "05:00";
+ };
+ icarus-home-shodan = {
+ method = "push";
+ src = { host = config.krebs.hosts.icarus; path = "/home"; };
+ dst = { host = config.krebs.hosts.shodan; path = "/bku/icarus-home"; };
+ startAt = "05:00";
+ };
+ mors-home-icarus = {
+ method = "push";
+ src = { host = config.krebs.hosts.mors; path = "/home"; };
+ dst = { host = config.krebs.hosts.icarus; path = "/bku/mors-home"; };
+ startAt = "05:00";
};
mors-home-shodan = {
method = "push";
- src = { host = config.krebs.hosts.mors; path = "/home"; };
+ src = { host = config.krebs.hosts.mors; path = "/home"; };
dst = { host = config.krebs.hosts.shodan; path = "/bku/mors-home"; };
startAt = "05:00";
};
+ shodan-home-icarus = {
+ method = "pull";
+ src = { host = config.krebs.hosts.shodan; path = "/home"; };
+ dst = { host = config.krebs.hosts.icarus; path = "/bku/shodan-home"; };
+ startAt = "04:00";
+ };
+ shodan-home-mors = {
+ method = "pull";
+ src = { host = config.krebs.hosts.shodan; path = "/home"; };
+ dst = { host = config.krebs.hosts.mors; path = "/bku/shodan-home"; };
+ startAt = "04:00";
+ };
};
}
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 86e7880db..e1fe9fd23 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -80,7 +80,7 @@ in {
]
)
- for i in [ "test-all-krebs-modules", "test-centos7", "test-minimal-deploy", "wolf" ]:
+ for i in [ "puyak", "test-all-krebs-modules", "test-centos7", "test-minimal-deploy", "wolf" ]:
build_host("krebs", i)
for i in [ "mors", "uriel", "shodan", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index aaddd8a68..bbb8cfe11 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -14,7 +14,7 @@ let
in {
imports = [
<stockholm/makefu>
- <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
<stockholm/makefu/2configs/headless.nix>
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
# <stockholm/makefu/2configs/smart-monitor.nix>
@@ -33,6 +33,8 @@ in {
<stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/sec.nix>
+ <stockholm/makefu/2configs/vim.nix>
+ <stockholm/makefu/2configs/zsh-user.nix>
# services
<stockholm/makefu/2configs/share/gum.nix>
@@ -106,7 +108,10 @@ in {
bepasty-client-cli
get
];
- services.bitlbee.enable = true;
+ services.bitlbee = {
+ enable = true;
+ libpurple_plugins = [ pkgs.telegram-purple ];
+ };
# Hardware
boot.loader.grub.device = main-disk;
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 732f1d860..e43b203b4 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -53,14 +53,20 @@ in {
<stockholm/makefu/2configs/share/omo.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
+
# Logging
- <stockholm/makefu/2configs/stats/server.nix #influx + grafana>
+ #influx + grafana
+ <stockholm/makefu/2configs/stats/server.nix>
<stockholm/makefu/2configs/stats/client.nix>
- <stockholm/makefu/2configs/stats/external/aralast.nix # logs to influx>
+ # logs to influx
+ <stockholm/makefu/2configs/stats/external/aralast.nix>
# services
<stockholm/makefu/2configs/syncthing.nix>
<stockholm/makefu/2configs/mqtt.nix>
+
+ # security
+ <stockholm/makefu/2configs/sshd-totp.nix>
# <stockholm/makefu/2configs/logging/central-logging-client.nix>
# <stockholm/makefu/2configs/torrent.nix>
@@ -189,8 +195,29 @@ in {
zramSwap.enable = true;
krebs.Reaktor.reaktor = {
- nickname = "Reaktor|bot";
- channels = [ "#krebs" "#shackspace" "#binaergewitter" ];
+ nickname = "Reaktor|krebs";
+ workdir = "/var/lib/Reaktor/krebs";
+ channels = [ "#krebs" ];
+ plugins = with pkgs.ReaktorPlugins;[
+ stockholm-issue
+ nixos-version
+ sed-plugin
+ random-emoji ];
+ };
+ krebs.Reaktor.reaktor-shack = {
+ nickname = "Reaktor|shack";
+ workdir = "/var/lib/Reaktor/shack";
+ channels = [ "#shackspace" ];
+ plugins = with pkgs.ReaktorPlugins;[
+ shack-correct
+ # stockholm-issue
+ sed-plugin
+ random-emoji ];
+ };
+ krebs.Reaktor.reaktor-bgt = {
+ nickname = "Reaktor|bgt";
+ workdir = "/var/lib/Reaktor/bgt";
+ channels = [ "#binaergewitter" ];
plugins = with pkgs.ReaktorPlugins;[
titlebot
# stockholm-issue
diff --git a/makefu/1systems/studio/source.nix b/makefu/1systems/studio/source.nix
index af0f37809..f662653e7 100644
--- a/makefu/1systems/studio/source.nix
+++ b/makefu/1systems/studio/source.nix
@@ -1,7 +1,4 @@
import <stockholm/makefu/source.nix> {
name="studio";
- override.musnix.git = {
- url = https://github.com/musnix/musnix.git;
- ref = "d8b989f";
- };
+ musnix = true;
}
diff --git a/shell.nix b/shell.nix
index 8c224a5f8..5ea9ff3b7 100644
--- a/shell.nix
+++ b/shell.nix
@@ -47,10 +47,8 @@ let
'';
init.env = pkgs.writeText "init.env" /* sh */ ''
- config=''${config-$user/1systems/$system/config.nix}
source=''${source-$user/1systems/$system/source.nix}
- export config
export source
export system
export target
@@ -98,7 +96,6 @@ let
--readonly-mode \
--show-trace \
--strict \
- -I nixos-config="$config" \
"$source")
echo $_source |
${pkgs.populate}/bin/populate \
@@ -118,7 +115,6 @@ let
STOCKHOLM_VERSION=$STOCKHOLM_VERSION \
nix-shell \
--run $(q \
- config=$config \
system=$system \
target=$target \
using_proxy=true \
diff --git a/tv/3modules/ejabberd/config.nix b/tv/3modules/ejabberd/config.nix
index 29c38fbe4..68bcfa340 100644
--- a/tv/3modules/ejabberd/config.nix
+++ b/tv/3modules/ejabberd/config.nix
@@ -1,93 +1,129 @@
-{ config, ... }: with import <stockholm/lib>; let
- cfg = config.tv.ejabberd;
+with import <stockholm/lib>;
+{ config, ... }: let
- # XXX this is a placeholder that happens to work the default strings.
- toErlang = builtins.toJSON;
-in toFile "ejabberd.conf" ''
- {loglevel, 3}.
- {hosts, ${toErlang cfg.hosts}}.
- {listen,
- [
- {5222, ejabberd_c2s, [
- starttls,
- {certfile, ${toErlang cfg.certfile.path}},
- {access, c2s},
- {shaper, c2s_shaper},
- {max_stanza_size, 65536}
- ]},
- {5269, ejabberd_s2s_in, [
- {shaper, s2s_shaper},
- {max_stanza_size, 131072}
- ]},
- {5280, ejabberd_http, [
- captcha,
- http_bind,
- http_poll,
- web_admin
- ]}
- ]}.
- {s2s_use_starttls, required}.
- {s2s_certfile, ${toErlang cfg.s2s_certfile.path}}.
- {auth_method, internal}.
- {shaper, normal, {maxrate, 1000}}.
- {shaper, fast, {maxrate, 50000}}.
- {max_fsm_queue, 1000}.
- {acl, local, {user_regexp, ""}}.
- {access, max_user_sessions, [{10, all}]}.
- {access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
- {access, local, [{allow, local}]}.
- {access, c2s, [{deny, blocked},
- {allow, all}]}.
- {access, c2s_shaper, [{none, admin},
- {normal, all}]}.
- {access, s2s_shaper, [{fast, all}]}.
- {access, announce, [{allow, admin}]}.
- {access, configure, [{allow, admin}]}.
- {access, muc_admin, [{allow, admin}]}.
- {access, muc_create, [{allow, local}]}.
- {access, muc, [{allow, all}]}.
- {access, pubsub_createnode, [{allow, local}]}.
- {access, register, [{allow, all}]}.
- {language, "en"}.
- {modules,
- [
- {mod_adhoc, []},
- {mod_announce, [{access, announce}]},
- {mod_blocking,[]},
- {mod_caps, []},
- {mod_configure,[]},
- {mod_disco, []},
- {mod_irc, []},
- {mod_http_bind, []},
- {mod_last, []},
- {mod_muc, [
- {access, muc},
- {access_create, muc_create},
- {access_persistent, muc_create},
- {access_admin, muc_admin}
- ]},
- {mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
- {mod_ping, []},
- {mod_privacy, []},
- {mod_private, []},
- {mod_pubsub, [
- {access_createnode, pubsub_createnode},
- {ignore_pep_from_offline, true},
- {last_item_cache, false},
- {plugins, ["flat", "hometree", "pep"]}
- ]},
- {mod_register, [
- {welcome_message, {"Welcome!",