summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/1systems/hotdog/config.nix4
-rw-r--r--krebs/2configs/nscd-fix.nix24
-rw-r--r--krebs/2configs/reaktor-krebs.nix26
-rw-r--r--krebs/2configs/reaktor-retiolum.nix17
-rw-r--r--krebs/2configs/reaktor2.nix168
-rw-r--r--krebs/3modules/external/default.nix29
-rw-r--r--krebs/3modules/reaktor2.nix10
-rwxr-xr-xkrebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py2
-rw-r--r--krebs/5pkgs/simple/reaktor2-plugins.nix106
-rw-r--r--krebs/nixpkgs.json6
-rw-r--r--lass/1systems/prism/config.nix15
-rw-r--r--lass/1systems/prism/physical.nix14
-rw-r--r--lass/1systems/yellow/config.nix92
-rw-r--r--lass/2configs/default.nix5
-rw-r--r--lass/2configs/exim-smarthost.nix1
-rw-r--r--lass/2configs/games.nix1
-rw-r--r--lass/2configs/websites/domsen.nix24
-rw-r--r--makefu/1systems/cake/config.nix41
-rw-r--r--makefu/1systems/cake/hardware-config.nix42
-rw-r--r--makefu/1systems/gum/config.nix4
-rw-r--r--makefu/1systems/gum/hardware-config.nix2
-rw-r--r--makefu/1systems/gum/source.nix1
-rw-r--r--makefu/1systems/x/config.nix1
-rw-r--r--makefu/2configs/bureautomation/hass.nix19
-rw-r--r--makefu/2configs/default.nix2
-rw-r--r--makefu/2configs/gui/base.nix1
-rw-r--r--makefu/2configs/home-manager/desktop.nix4
-rw-r--r--makefu/2configs/home-manager/zsh.nix2
-rw-r--r--makefu/2configs/hw/malduino_elite.nix15
-rw-r--r--makefu/2configs/printer.nix3
-rw-r--r--makefu/2configs/tools/android-pentest.nix1
-rw-r--r--makefu/2configs/tools/dev.nix1
-rw-r--r--makefu/5pkgs/baidudl/default.nix23
-rw-r--r--makefu/5pkgs/default.nix10
-rw-r--r--makefu/krops.nix2
-rw-r--r--makefu/nixpkgs.json6
36 files changed, 552 insertions, 172 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index cf72e0d73..916073375 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -12,8 +12,8 @@
<stockholm/krebs/2configs/buildbot-stockholm.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix>
- <stockholm/krebs/2configs/reaktor-retiolum.nix>
- <stockholm/krebs/2configs/reaktor-krebs.nix>
+ <stockholm/krebs/2configs/nscd-fix.nix>
+ <stockholm/krebs/2configs/reaktor2.nix>
<stockholm/krebs/2configs/repo-sync.nix>
];
diff --git a/krebs/2configs/nscd-fix.nix b/krebs/2configs/nscd-fix.nix
new file mode 100644
index 000000000..20dc3bae4
--- /dev/null
+++ b/krebs/2configs/nscd-fix.nix
@@ -0,0 +1,24 @@
+{ pkgs, ... }:
+with import <stockholm/lib>;
+let
+ versionOlderThan = v:
+ compareVersions
+ (versions.majorMinor version)
+ (versions.majorMinor v)
+ == -1;
+
+ enable =
+ versionOlderThan "19.03";
+ warning = ''
+ Using custom services.nscd.config because
+ https://github.com/NixOS/nixpkgs/pull/50316
+ '';
+in
+ optionalAttrs enable (trace warning {
+ services.nscd.enable = mkForce true;
+ services.nscd.config = mkForce (readFile (pkgs.fetchurl {
+ url = https://raw.githubusercontent.com/arianvp/nixpkgs/1d5f4cb/nixos/modules/services/system/nscd.conf;
+ sha256 = "1jlddk38lyynjn51zx3xi1nc29ahajyh0qg48qbq6dqlsrn3wxqs";
+ }));
+ })
+
diff --git a/krebs/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix
deleted file mode 100644
index 862c9b991..000000000
--- a/krebs/2configs/reaktor-krebs.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-{
- krebs.Reaktor.krebs = {
- nickname = "Reaktor|krebs";
- channels = [
- "#krebs"
- "#nixos-wiki"
- ];
- extraEnviron = {
- REAKTOR_HOST = "irc.freenode.org";
- REAKTOR_NICKSERV_PASSWORD = "/var/lib/Reaktor/reaktor_nickserv_password";
- };
- plugins = with pkgs.ReaktorPlugins; [
- sed-plugin
- ] ++
- (attrValues (task "agenda"))
- ;
- };
- krebs.secret.files.nix-serve-key = {
- path = "/var/lib/Reaktor/reaktor_nickserv_password";
- owner.name = "Reaktor";
- source-path = toString <secrets> + "/reaktor_nickserv_password";
- };
-}
diff --git a/krebs/2configs/reaktor-retiolum.nix b/krebs/2configs/reaktor-retiolum.nix
deleted file mode 100644
index 69fc4b202..000000000
--- a/krebs/2configs/reaktor-retiolum.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-{
- krebs.Reaktor.retiolum = {
- nickname = "Reaktor|lass";
- channels = [ "#noise" "#xxx" ];
- extraEnviron = {
- REAKTOR_HOST = "irc.r";
- };
- plugins = with pkgs.ReaktorPlugins; [
- sed-plugin
- ] ++
- (attrValues (task "agenda"))
- ;
- };
-}
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
new file mode 100644
index 000000000..f1e59142e
--- /dev/null
+++ b/krebs/2configs/reaktor2.nix
@@ -0,0 +1,168 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }:
+
+let
+ #for shared state directory
+ stateDir = config.krebs.reaktor2.r.stateDir;
+
+ generators = pkgs.reaktor2-plugins.generators;
+ hooks = pkgs.reaktor2-plugins.hooks;
+ commands = pkgs.reaktor2-plugins.commands;
+
+ task = name: let
+ rcFile = builtins.toFile "taskrc" ''
+ confirmation=no
+ '';
+ in {
+ pattern = "^${name}-([a-z]+)(?::\\s*(.*))?";
+ activate = "match";
+ command = 1;
+ arguments = [2];
+ commands = {
+ add = {
+ env = {
+ TASKDATA = "${stateDir}/${name}";
+ };
+ filename = pkgs.writeDash "${name}-task-add" ''
+ ${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$*"
+ '';
+ };
+ list = {
+ env = {
+ TASKDATA = "${stateDir}/${name}";
+ };
+ filename = pkgs.writeDash "${name}-task-list" ''
+ ${pkgs.taskwarrior}/bin/task rc:${rcFile} export | ${pkgs.jq}/bin/jq -r '.[] | select(.id != 0) | "\(.id) \(.description)"'
+ '';
+ };
+ delete = {
+ env = {
+ TASKDATA = "${stateDir}/${name}";
+ };
+ filename = pkgs.writeDash "${name}-task-delete" ''
+ ${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$*"
+ '';
+ };
+ done = {
+ env = {
+ TASKDATA = "${stateDir}/${name}";
+ };
+ filename = pkgs.writeDash "${name}-task-done" ''
+ ${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$*"
+ '';
+ };
+ };
+ };
+
+ systemPlugin = {
+ plugin = "system";
+ config = {
+ workdir = stateDir;
+ hooks.JOIN = [
+ {
+ activate = "always";
+ command = {
+ filename =
+ "${pkgs.Reaktor.src}/reaktor/commands/tell-on_join";
+ env = {
+ PATH = makeBinPath [
+ pkgs.coreutils # XXX env, touch
+ pkgs.jq # XXX sed
+ pkgs.utillinux # XXX flock
+ ];
+ state_file = "${stateDir}/tell.json";
+ };
+ };
+ }
+ ];
+ hooks.PRIVMSG = [
+ {
+ pattern = "^bier bal(ance)*$";
+ activate = "match";
+ command = {
+ env = {
+ state_file = "${stateDir}/ledger";
+ };
+ filename = pkgs.writeDash "bier-balance" ''
+ ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
+ | ${pkgs.coreutils}/bin/tail +2 \
+ | ${pkgs.miller}/bin/mlr --icsv --opprint cat
+ '';
+ };
+ }
+ {
+ pattern = ''^(\S+)\s+([+-][1-9][0-9]*)\s+(\S+)$'';
+ activate = "match";
+ arguments = [1 2 3];
+ command = {
+ env = {
+ # TODO; get state as argument
+ state_file = "${stateDir}/ledger";
+ };
+ filename = pkgs.writeDash "ledger-add" ''
+ set -x
+ tonick=$1
+ amt=$2
+ unit=$3
+ printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file
+ '';
+ };
+ }
+ hooks.sed
+ (generators.command_hook {
+ inherit (commands) hello random-emoji nixos-version stockholm-issue;
+ tell = {
+ filename =
+ "${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg";
+ env = {
+ PATH = makeBinPath [
+ pkgs.coreutils # XXX date, env
+ pkgs.jq # XXX sed
+ pkgs.utillinux # XXX flock
+ ];
+ state_file = "${stateDir}/tell.txt";
+ };
+ };
+ })
+ (task "agenda")
+ ];
+ };
+ };
+
+in {
+
+ krebs.reaktor2 = {
+ freenode = {
+ hostname = "irc.freenode.org";
+ nick = "reaktor2|krebs";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#krebs"
+ ];
+ };
+ }
+ systemPlugin
+ ];
+ user = "reaktor2";
+ };
+ r = {
+ nick = "reaktor2|krebs";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#noise"
+ "#xxx"
+ ];
+ };
+ }
+ systemPlugin
+ ];
+ user = "reaktor2";
+ };
+ };
+}
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index a7ec0e158..089113ac6 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -84,8 +84,8 @@ in {
nets = rec {
internet = {
# eve.thalheim.io
- ip4.addr = "188.68.39.17";
- ip6.addr = "2a03:4000:13:31e::1";
+ ip4.addr = "95.216.112.61";
+ ip6.addr = "2a01:4f9:2b:1605::1";
aliases = [ "eve.i" ];
};
retiolum = {
@@ -141,6 +141,29 @@ in {
};
};
};
+ idontcare = {
+ owner = config.krebs.users.Mic92;
+ nets = rec {
+ retiolum = {
+ addrs = [
+ config.krebs.hosts.idontcare.nets.retiolum.ip4.addr
+ config.krebs.hosts.idontcare.nets.retiolum.ip6.addr
+ ];
+ ip4.addr = "10.243.29.177";
+ aliases = [ "idontcare.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAxmmbQLVXcnCU9Vg9TCoJxfq/RyNfzaTj8XJsn4Kpo3CvQOwFzL6O
+ qZnbG55WjPjPumuFgtUdHA/G8mgtrTVaIRbVE9ck2l2wWFzMWxORzuvDbMh5xP8A
+ OW2Z2qjlH6O9GTBCzpYyHuyBWCjtiN4x9zEqxkIsBARKOylAoy3zQIiiQF0d72An
+ lqKFi9vYUU90zo9rP8BTzx2ZsEWb28xhHUlwf1+vgaOHI1jI99gnr12dVYl/i/Hb
+ O28gDUogfpP/5pWFAHJ+53ZscHo8/Y7imjiKgGXmOHywoXOsKQ67M6ROEU/0xPnw
+ jKmq2p7zTJk2mDhphjePi5idd5yKNX5Q3wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
justraute = {
owner = config.krebs.users.raute; # laptop
nets = {
@@ -393,7 +416,7 @@ in {
pubkey = ssh-for "kmein";
};
Mic92 = {
- mail = "joerg@higgsboson.tk";
+ mail = "joerg@thalheim.io";
pubkey = ssh-for "Mic92";
};
palo = {
diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix
index 3dd86503f..3f263d010 100644
--- a/krebs/3modules/reaktor2.nix
+++ b/krebs/3modules/reaktor2.nix
@@ -25,7 +25,7 @@ with import <stockholm/lib>;
type = types.listOf types.attrs;
};
stateDir = mkOption {
- default = "/var/lib/${self.config.systemd-service-name}";
+ default = "/var/lib/${self.config.user}";
readOnly = true;
type = types.absolute-pathname;
};
@@ -33,6 +33,10 @@ with import <stockholm/lib>;
default = "reaktor2${optionalString (name != "default") "-${name}"}";
type = types.filename;
};
+ user = mkOption {
+ default = self.config.systemd-service-name;
+ type = types.str;
+ };
useTLS = mkOption {
default = self.config.port == "6697";
type = types.bool;
@@ -47,10 +51,10 @@ with import <stockholm/lib>;
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
- User = cfg.systemd-service-name;
+ User = cfg.user;
Group = "reaktor2";
DynamicUser = true;
- StateDirectory = cfg.systemd-service-name;
+ StateDirectory = cfg.user;
ExecStart = let
configFile = pkgs.writeJSON configFileName configValue;
configFileName = "${cfg.systemd-service-name}.config.json";
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py
index ecb03917b..4925b25bb 100755
--- a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py
+++ b/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py
@@ -46,7 +46,7 @@ if is_regex(line):
print('to many lines, skipped')
else:
if last.strip() != ret.strip():
- print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip()))
+ print("\x02{}\x02 meant: {}".format(usr, ret.strip()))
if ret:
d[usr] = ret
diff --git a/krebs/5pkgs/simple/reaktor2-plugins.nix b/krebs/5pkgs/simple/reaktor2-plugins.nix
new file mode 100644
index 000000000..fcbcd6365
--- /dev/null
+++ b/krebs/5pkgs/simple/reaktor2-plugins.nix
@@ -0,0 +1,106 @@
+{ lib, pkgs, ... }:
+with import <stockholm/lib>;
+
+rec {
+ generators = {
+ command_hook = commands: {
+ pattern =
+ "^\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$";
+ command = 1;
+ arguments = [2];
+ commands = commands;
+ };
+ };
+
+ commands = {
+
+ hello = {
+ filename = "${pkgs.Reaktor.src}/reaktor/commands/hello";
+ };
+
+ random-emoji = {
+ filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh>;
+ env = {
+ PATH = makeBinPath (with pkgs; [ coreutils gnused gnugrep xmlstarlet wget ]);
+ };
+ };
+
+ nixos-version = {
+ filename = pkgs.writeDash "nixos-version" ''
+ . /etc/os-release
+ echo "$PRETTY_NAME"
+ '';
+ };
+
+ stockholm-issue = {
+ filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh>;
+ env = {
+ PATH = makeBinPath (with pkgs; [ coreutils git gnused haskellPackages.lentil ]);
+ origin = "http://cgit.gum/stockholm";
+ state_dir = "/tmp/stockholm-issue";
+ };
+ };
+
+ };
+
+ hooks = {
+
+ sed = {
+ activate = "always";
+ pattern = "^(.*)$";
+ arguments = [1];
+ command = {
+ env = {
+ PATH = makeBinPath (with pkgs; [ gnused ]);
+ state_dir = "/tmp";
+ };
+ filename = pkgs.writeDash "sed-plugin" ''
+ set -efu
+ exec ${pkgs.python3}/bin/python \
+ ${<stockholm/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py>} "$@"
+ '';
+ };
+ };
+
+ shack-correct = {
+ activate = "match";
+ pattern = "^(.*Shack.*)$";
+ arguments = [1];
+ command.filename = <stockholm/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh>;
+ };
+
+
+ url-title = {
+ #pattern = "^.*(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$";
+ pattern = "^.*(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$";
+ activate = "match";
+ arguments = [1];
+ command = {
+ filename = pkgs.writePython3 "url-title" { deps = with pkgs.python3Packages; [ beautifulsoup4 lxml ]; } ''
+ import cgi
+ import sys
+ import urllib.request
+ from bs4 import BeautifulSoup
+
+ try:
+ req = urllib.request.Request(sys.argv[1])
+ req.add_header('user-agent', 'Reaktor-url-title')
+ resp = urllib.request.urlopen(req)
+ if resp.headers['content-type'].find('text/html') >= 0:
+ soup = BeautifulSoup(resp.read(16000), "lxml")
+ title = soup.find('title').string
+
+ if len(title.split('\n')) > 5:
+ title = '\n'.join(title.split('\n')[:5])
+
+ print(title[:450])
+ else:
+ cd_header = resp.headers['content-disposition']
+ print(cgi.parse_header(cd_header)[1]['filename'])
+ except: # noqa: E722
+ pass
+ '';
+ };
+ };
+ };
+}
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index d3f681a65..614d5bccf 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "0396345b79436f54920f7eb651ab42acf2eb7973",
- "date": "2018-12-30T21:22:33-05:00",
- "sha256": "10wd0wsair6dlilgaviqw2p9spgcf8qg736bzs08jha0f4zfqjs4",
+ "rev": "97e0d53d669cd07f0750a42fd535524b3cdd46d1",
+ "date": "2019-01-15T00:11:44+01:00",
+ "sha256": "111xa7qn9142dar29cil4br2mvn8f1rbiy310lkhwl73126fq8dw",
"fetchSubmodules": false
}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index df2778bef..23746d210 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -36,10 +36,10 @@ with import <stockholm/lib>;
# TODO write function for proxy_pass (ssl/nonssl)
krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; }
+ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.PREROUTING.rules = [
- { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; }
+ { v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; }
];
}
{
@@ -379,6 +379,7 @@ with import <stockholm/lib>;
name = "download";
home = "/var/download";
useDefaultShell = true;
+ uid = genid "download";
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-shodan.pubkey
@@ -420,6 +421,16 @@ with import <stockholm/lib>;
{ predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
];
}
+ {
+ nix.trustedUsers = [ "Mic92" ];
+ users.users.Mic92 = {
+ uid = genid_uint31 "Mic92";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.Mic92.pubkey
+ ];
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index a2b5efb29..9a84e9d63 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -63,9 +63,15 @@
defaultGateway = "95.216.1.129";
# Use google's public DNS server
nameservers = [ "8.8.8.8" ];
- interfaces.eth0 = {
- ipAddress = "95.216.1.150";
- prefixLength = 26;
- };
+ interfaces.eth0.ipv4.addresses = [
+ {
+ address = "95.216.1.150";
+ prefixLength = 26;
+ }
+ {
+ address = "95.216.1.130";
+ prefixLength = 26;
+ }
+ ];
};
}
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 58fa564a1..9d8bcd7be 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -88,7 +88,7 @@ with import <stockholm/lib>;
client
dev tun
proto udp
- remote 82.102.16.229 1194
+ remote 89.249.65.83 1194
resolv-retry infinite
remote-random
nobind
@@ -103,13 +103,9 @@ with import <stockholm/lib>;
reneg-sec 0
comp-lzo no
- explicit-exit-notify 3
-
remote-cert-tls server
- #mute 10000
auth-user-pass ${toString <secrets/nordvpn.txt>}
-
verb 3
pull
fast-io
@@ -118,32 +114,33 @@ with import <stockholm/lib>;
<ca>
-----BEGIN CERTIFICATE-----
- MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
- VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH
- Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw
- bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y
- ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG
- A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT
- B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2
- cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v
- cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG
- UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny
- mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X
- +D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT
- ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI
- 583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA
- VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT
- Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh
- MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ
- MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy
- Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW
- EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG
- SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ
- e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW
- //DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB
- wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB
- KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p
- lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9
+ MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ
+ MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2
+ MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV
+ BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI
+ hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF
+ kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr
+ XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU
+ eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV
+ skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu
+ MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA
+ 37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR
+ hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s
+ Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy
+ WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6
+ MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST
+ LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG
+ SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g
+ nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/
+ k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S
+ DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/
+ pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo
+ k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp
+ +RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd
+ NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa
+ wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC
+ VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S
+ PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA==
-----END CERTIFICATE-----
</ca>
key-direction 1
@@ -152,23 +149,24 @@ with import <stockholm/lib>;
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
- 49b2f54c6ee58d2d97331681bb577d55
- 054f56d92b743c31e80b684de0388702
- ad3bf51088cd88f3fac7eb0729f2263c
- 51d82a6eb7e2ed4ae6dfa65b1ac764d0
- b9dedf1379c1b29b36396d64cb6fd6b2
- e61f869f9a13001dadc02db171f04c4d
- c46d1132c1f31709e7b54a6eabae3ea8
- fbd2681363c185f4cb1be5aa42a27c31
- 21db7b2187fd11c1acf224a0d5a44466
- b4b5a3cc34ec0227fe40007e8b379654
- f1e8e2b63c6b46ee7ab6f1bd82f57837
- 92c209e8f25bc9ed493cb5c1d891ae72
- 7f54f4693c5b20f136ca23e639fd8ea0
- 865b4e22dd2af43e13e6b075f12427b2
- 08af9ffd09c56baa694165f57fe2697a
- 3377fa34aebcba587c79941d83deaf45
+ e685bdaf659a25a200e2b9e39e51ff03
+ 0fc72cf1ce07232bd8b2be5e6c670143
+ f51e937e670eee09d4f2ea5a6e4e6996
+ 5db852c275351b86fc4ca892d78ae002
+ d6f70d029bd79c4d1c26cf14e9588033
+ cf639f8a74809f29f72b9d58f9b8f5fe
+ fc7938eade40e9fed6cb92184abb2cc1
+ 0eb1a296df243b251df0643d53724cdb
+ 5a92a1d6cb817804c4a9319b57d53be5
+ 80815bcfcb2df55018cc83fc43bc7ff8
+ 2d51f9b88364776ee9d12fc85cc7ea5b
+ 9741c4f598c485316db066d52db4540e
+ 212e1518a9bd4828219e24b20d88f598
+ a196c9de96012090e333519ae18d3509
+ 9427e7b372d348d352dc4c85e18cd4b9
+ 3f8a56ddb2e64eb67adfc9b337157ff4
-----END OpenVPN Static key V1-----
</tls-auth>
+
'';
}
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 69e697a1d..2547e8bac 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -2,6 +2,7 @@ with import <stockholm/lib>;
{ config, pkgs, ... }:
{
imports = [
+ <stockholm/krebs/2configs/nscd-fix.nix>
./binary-cache/client.nix
./gc.nix
./mc.nix
@@ -81,9 +82,6 @@ with import <stockholm/lib>;
services.timesyncd.enable = mkForce true;
- #why is this on in the first place?
- services.nscd.enable = false;
-
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
@@ -115,6 +113,7 @@ wit