summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/lass/default.nix75
-rw-r--r--krebs/3modules/miefda/default.nix39
-rw-r--r--krebs/Zpubkeys/lass.ssh.pub1
-rw-r--r--krebs/Zpubkeys/uriel.ssh.pub1
-rw-r--r--lass/1systems/dishfire.nix45
-rw-r--r--lass/1systems/helios.nix73
-rw-r--r--lass/1systems/mors.nix95
-rw-r--r--lass/1systems/uriel.nix1
-rw-r--r--lass/2configs/base.nix37
-rw-r--r--lass/2configs/baseX.nix1
-rw-r--r--lass/2configs/bitcoin.nix7
-rw-r--r--lass/2configs/browsers.nix2
-rw-r--r--lass/2configs/buildbot-standalone.nix78
-rw-r--r--lass/2configs/git.nix4
-rw-r--r--lass/2configs/newsbot-js.nix2
-rw-r--r--lass/2configs/websites/fritz.nix33
-rw-r--r--lass/2configs/websites/wohnprojekt-rhh.de.nix6
-rw-r--r--lass/2configs/xserver/default.nix8
-rw-r--r--lass/3modules/owncloud_nginx.nix29
-rw-r--r--lass/3modules/static_nginx.nix44
-rw-r--r--lass/3modules/wordpress_nginx.nix29
-rw-r--r--miefda/1systems/bobby.nix102
-rw-r--r--miefda/2configs/git.nix87
-rw-r--r--miefda/2configs/hardware-configuration.nix23
-rw-r--r--miefda/2configs/miefda.nix8
-rw-r--r--miefda/2configs/tinc-basic-retiolum.nix14
-rw-r--r--miefda/2configs/tlp.nix25
-rw-r--r--miefda/2configs/x220t.nix27
-rw-r--r--miefda/5pkgs/default.nix1
-rw-r--r--tv/2configs/git.nix2
31 files changed, 816 insertions, 84 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index e4e5642ce..62db9a5a0 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -84,6 +84,7 @@ let
imp = mkMerge [
{ krebs = import ./lass { inherit lib; }; }
{ krebs = import ./makefu { inherit lib; }; }
+ { krebs = import ./miefda { inherit lib; }; }
{ krebs = import ./mv { inherit lib; }; }
{ krebs = import ./shared { inherit lib; }; }
{ krebs = import ./tv { inherit lib; }; }
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 2b3b285f2..749d3ff49 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -4,6 +4,37 @@ with lib;
{
hosts = {
+ dishfire = {
+ cores = 4;
+ nets = rec {
+ internet = {
+ addrs4 = ["144.76.172.188"];
+ aliases = [
+ "dishfire.internet"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.133.99"];
+ addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"];
+ aliases = [
+ "dishfire.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs
+ Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7
+ uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK
+ R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd
+ vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U
+ HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
+ };
echelon = {
cores = 2;
nets = rec {
@@ -190,32 +221,46 @@ with lib;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
};
- schnabel-ap = {
- nets = {
- gg23 = {
- addrs4 = ["10.23.1.20"];
- aliases = ["schnabel-ap.gg23"];
- };
- };
- };
- Reichsfunk-ap = {
+ helios = {
+ cores = 2;
nets = {
- gg23 = {
- addrs4 = ["10.23.1.10"];
- aliases = ["Reichsfunk-ap.gg23"];
+ retiolum = {
+ addrs4 = ["10.243.0.3"];
+ addrs6 = ["42:0:0:0:0:0:0:7105"];
+ aliases = [
+ "helios.retiolum"
+ "cgit.helios.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA9SItL2mhQpTl95gjSWRstrDajUnI5YbrVCuaDKfw9gRwMyPNiO/y
+ Xwv/w4Ri8NCJZLZGkj2vG3X0EfJFBEPTJPTCbF9fP7PqqVs38BD41txLp+NrFxEq
+ 5fmFk65/eg8ujrNQoOSUGmky/BKqQhWjvxdAWuwjN933wJCcNCxyaUwljHLYEK/I
+ oIJX+spnFmPwmhW9hsOj8K06eHixT13+0W48GG/ZNcV3x5vWxcKUvZ4Qtzz2iMNB
+ hud5kae7xMUfFAzCeKF/zsjuyt2d/xQg1WgR8MXGNgYhNJFSXz94r/bivNO6H4vP
+ Pfjndnh8cD46ADo8woS1nQ19WId+sMbipwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
};
};
+ secure = true;
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7";
};
};
users = {
lass = {
- pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
mail = "lass@mors.retiolum";
};
- uriel = {
- pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
+ lass-uriel = {
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";
mail = "lass@uriel.retiolum";
};
+ lass-helios = {
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios";
+ mail = "lass@helios.retiolum";
+ };
};
}
diff --git a/krebs/3modules/miefda/default.nix b/krebs/3modules/miefda/default.nix
new file mode 100644
index 000000000..0cfa8bd27
--- /dev/null
+++ b/krebs/3modules/miefda/default.nix
@@ -0,0 +1,39 @@
+{ lib, ... }:
+
+with lib;
+
+{
+ hosts = {
+ bobby = {
+ cores = 4;
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.111.112"];
+ addrs6 = ["42:0:0:0:0:0:111:112"];
+ aliases = [
+ "bobby.retiolum"
+ "cgit.bobby.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s
+ uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y
+ Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny
+ 0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+
+ jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu
+ cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ #ssh.privkey.path = <secrets/ssh.ed25519>;
+ #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro";
+ };
+ };
+ users = {
+ miefda = {
+ mail = "miefda@miefda.de";
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVdNCks6mrItKHYIwgW3s+NINFhHqZtLPj3l6TJUWd93ZSuuI6P+Z/0m0G9Z4tWWaXWsOCnzMA2WOKcitBbLcaQxVypJfvmfoA5CVlh4/nf8NfvbMFkVIYPehxR7YoejfKOxPOCNC3248RiD8kqa4/5IF8qdqE+mRQUIZJXvN0jZZ+rGnYo5Z544O9JqsV+VjjOgK0Fchpxf/lC8dnBucIce7gUwi5npwsGQZgSDmRobBRFVDZag1abLFNZN2faI8uqzSlU6KRRapYV266Of7j3kmDokMan4szjP1EexmTWm+arwRiz9p0M5oKs6zofez0mOyF5ux02NB3XIhbJc8CfMjeA7PmSg4ZhghjlSjIOR+1mMIDiDVi6PNLw5atzvpyfYtpf5sWpdIpXCS0lyzIgasqW4gbAiWoFPv5A0mw0QI6UqlxQ8Pdm6R7P6yQxyknrxnvFGMQPiqgl21ssSNA9A+YRd4j0nATntzOeD1bxTZkyU4FtW++0hg3Ph6HiHLfPd9w70wPr7b0RITVnBcN2ZqIO+5NIqQYU801FCNXsTuBh0ueTsVTGJYySUGkmkHyH5spLYdr1Z5w+4W+HgbxPk40pyZJ18S0umL49igxR9NsniucFy1/jqqi0TiDIsHx6vsawFT1F2rq9ZtGaRcJL6Yfz0p+uZC5rc/nI+mMlQ== miefda@nixos";
+ };
+ };
+}
diff --git a/krebs/Zpubkeys/lass.ssh.pub b/krebs/Zpubkeys/lass.ssh.pub
deleted file mode 100644
index 172fd2dda..000000000
--- a/krebs/Zpubkeys/lass.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors
diff --git a/krebs/Zpubkeys/uriel.ssh.pub b/krebs/Zpubkeys/uriel.ssh.pub
deleted file mode 100644
index 015b57837..000000000
--- a/krebs/Zpubkeys/uriel.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
new file mode 100644
index 000000000..cc9836dff
--- /dev/null
+++ b/lass/1systems/dishfire.nix
@@ -0,0 +1,45 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+ ../2configs/base.nix
+ ../2configs/git.nix
+ ../2configs/websites/fritz.nix
+ {
+ boot.loader.grub = {
+ device = "/dev/vda";
+ splashImage = null;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "ehci_pci"
+ "uhci_hcd"
+ "virtio_pci"
+ "virtio_blk"
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/mapper/pool-nix";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/vda1";
+ fsType = "ext4";
+ };
+ }
+ {
+ networking.dhcpcd.allowInterfaces = [
+ "enp*"
+ "eth*"
+ ];
+ }
+ {
+ sound.enable = false;
+ }
+ ];
+
+ krebs.build.host = config.krebs.hosts.dishfire;
+}
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
new file mode 100644
index 000000000..67e3738ea
--- /dev/null
+++ b/lass/1systems/helios.nix
@@ -0,0 +1,73 @@
+{ config, pkgs, ... }:
+
+with builtins;
+{
+ imports = [
+ ../2configs/baseX.nix
+ ../2configs/browsers.nix
+ ../2configs/programs.nix
+ ../2configs/git.nix
+ #{
+ # users.extraUsers = {
+ # root = {
+ # openssh.authorizedKeys.keys = map readFile [
+ # ../../krebs/Zpubkeys/uriel.ssh.pub
+ # ];
+ # };
+ # };
+ #}
+ ];
+
+ krebs.build.host = config.krebs.hosts.helios;
+
+ networking.wireless.enable = true;
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+
+ boot = {
+ loader.grub.enable = true;
+ loader.grub.version = 2;
+ loader.grub.device = "/dev/sda";
+
+ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+ initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ #kernelModules = [ "kvm-intel" "msr" ];
+ kernelModules = [ "msr" ];
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/pool/nix";
+ fsType = "ext4";
+ };
+
+ "/boot" = {
+ device = "/dev/sda1";
+ };
+ };
+
+ #services.udev.extraRules = ''
+ # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
+ # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
+ #'';
+
+ services.xserver = {
+ videoDriver = "intel";
+ vaapiDrivers = [ pkgs.vaapiIntel ];
+ deviceSection = ''
+ Option "AccelMethod" "sna"
+ BusID "PCI:0:2:0"
+ '';
+ };
+
+ services.xserver.synaptics = {
+ enable = true;
+ twoFingerScroll = true;
+ accelFactor = "0.035";
+ additionalOptions = ''
+ Option "FingerHigh" "60"
+ Option "FingerLow" "60"
+ '';
+ };
+}
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 61f57f1f9..ebce93957 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -17,7 +17,6 @@
#../2configs/ircd.nix
../2configs/chromium-patched.nix
../2configs/git.nix
- ../2configs/retiolum.nix
#../2configs/wordpress.nix
../2configs/bitlbee.nix
../2configs/firefoxPatched.nix
@@ -25,6 +24,7 @@
../2configs/teamviewer.nix
../2configs/libvirt.nix
../2configs/fetchWallpaper.nix
+ ../2configs/buildbot-standalone.nix
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
@@ -32,51 +32,70 @@
];
}
{
- #wordpress-test
- #imports = singleton (sitesGenerators.createWordpress "testserver.de");
+ #static-nginx-test
imports = [
- ../3modules/wordpress_nginx.nix
+ ../3modules/static_nginx.nix
];
- lass.wordpress."testserver.de" = {
- multiSite = {
- "1" = "testserver.de";
- "2" = "bla.testserver.de";
+ lass.staticPage."testserver.de" = {
+ #sslEnable = true;
+ #certificate = "${toString <secrets>}/testserver.de/server.cert";
+ #certificate_key = "${toString <secrets>}/testserver.de/server.pem";
+ ssl = {
+ enable = true;
+ certificate = "${toString <secrets>}/testserver.de/server.cert";
+ certificate_key = "${toString <secrets>}/testserver.de/server.pem";
};
};
-
- services.mysql = {
- enable = true;
- package = pkgs.mariadb;
- rootPassword = "<secrets>/mysql_rootPassword";
- };
networking.extraHosts = ''
10.243.0.2 testserver.de
'';
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
- ];
}
- {
- #owncloud-test
- #imports = singleton (sitesGenerators.createWordpress "testserver.de");
- imports = [
- ../3modules/owncloud_nginx.nix
- ];
- lass.owncloud."owncloud-test.de" = {
- };
+ #{
+ # #wordpress-test
+ # #imports = singleton (sitesGenerators.createWordpress "testserver.de");
+ # imports = [
+ # ../3modules/wordpress_nginx.nix
+ # ];
+ # lass.wordpress."testserver.de" = {
+ # multiSite = {
+ # "1" = "testserver.de";
+ # "2" = "bla.testserver.de";
+ # };
+ # };
- #services.mysql = {
- # enable = true;
- # package = pkgs.mariadb;
- # rootPassword = "<secrets>/mysql_rootPassword";
- #};
- networking.extraHosts = ''
- 10.243.0.2 owncloud-test.de
- '';
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
- ];
- }
+ # services.mysql = {
+ # enable = true;
+ # package = pkgs.mariadb;
+ # rootPassword = "<secrets>/mysql_rootPassword";
+ # };
+ # networking.extraHosts = ''
+ # 10.243.0.2 testserver.de
+ # '';
+ # krebs.iptables.tables.filter.INPUT.rules = [
+ # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
+ # ];
+ #}
+ #{
+ # #owncloud-test
+ # #imports = singleton (sitesGenerators.createWordpress "testserver.de");
+ # imports = [
+ # ../3modules/owncloud_nginx.nix
+ # ];
+ # lass.owncloud."owncloud-test.de" = {
+ # };
+
+ # #services.mysql = {
+ # # enable = true;
+ # # package = pkgs.mariadb;
+ # # rootPassword = "<secrets>/mysql_rootPassword";
+ # #};
+ # networking.extraHosts = ''
+ # 10.243.0.2 owncloud-test.de
+ # '';
+ # krebs.iptables.tables.filter.INPUT.rules = [
+ # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
+ # ];
+ #}
];
krebs.build.host = config.krebs.hosts.mors;
@@ -207,7 +226,7 @@
};
environment.systemPackages = with pkgs; [
- cac
+ cac-api
sshpass
get
teamspeak_client
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 1b008cbfd..d53e783d0 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -13,6 +13,7 @@ with builtins;
../2configs/retiolum.nix
../2configs/bitlbee.nix
../2configs/weechat.nix
+ ../2configs/skype.nix
{
users.extraUsers = {
root = {
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 66e12b262..4c73fc0ce 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -17,7 +17,8 @@ with lib;
root = {
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
- config.krebs.users.uriel.pubkey
+ config.krebs.users.lass-uriel.pubkey
+ config.krebs.users.lass-helios.pubkey
];
};
mainUser = {
@@ -31,7 +32,7 @@ with lib;
];
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
- config.krebs.users.uriel.pubkey
+ config.krebs.users.lass-uriel.pubkey
];
};
};
@@ -47,20 +48,21 @@ with lib;
exim-retiolum.enable = true;
build = {
user = config.krebs.users.lass;
- source = {
- git.nixpkgs = {
+ source = mapAttrs (_: mkDefault) ({
+ nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix";
+ nixpkgs = symlink:stockholm/nixpkgs;
+ secrets = "/home/lass/secrets/${config.krebs.build.host.name}";
+ #secrets-common = "/home/lass/secrets/common";
+ stockholm = "/home/lass/stockholm";
+ stockholm-user = "symlink:stockholm/lass";
+ upstream-nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
- rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119";
+ rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
+ dev = "/home/lass/src/nixpkgs";
};
- dir.secrets = {
- host = config.krebs.hosts.mors;
- path = "/home/lass/secrets/${config.krebs.build.host.name}";
- };
- dir.stockholm = {
- host = config.krebs.hosts.mors;
- path = "/home/lass/stockholm";
- };
- };
+ } // optionalAttrs config.krebs.build.host.secure {
+ #secrets-master = "/home/lass/secrets/master";
+ });
};
};
@@ -89,6 +91,7 @@ with lib;
git
jq
parallel
+ proot
#style
most
@@ -176,4 +179,10 @@ with lib;
noipv4ll
'';
+ #CVE-2016-0777 and CVE-2016-0778 workaround
+ #https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
+ programs.ssh.extraConfig = ''
+ UseRoaming no
+ '';
+
}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 0596682df..ede1c7b7b 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -31,6 +31,7 @@ in {
environment.systemPackages = with pkgs; [
+ dmenu
gitAndTools.qgit
mpv
much
diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix
index d3bccbf5c..2f4cd5710 100644
--- a/lass/2configs/bitcoin.nix
+++ b/lass/2configs/bitcoin.nix
@@ -1,6 +1,8 @@
{ config, pkgs, ... }:
-{
+let
+ mainUser = config.users.extraUsers.mainUser;
+in {
environment.systemPackages = with pkgs; [
electrum
];
@@ -14,4 +16,7 @@
createHome = true;
};
};
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL
+ '';
}
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index d36801863..61016fed0 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -54,8 +54,6 @@ in {
];
imports = [
- ../3modules/per-user.nix
- ] ++ [
( createFirefoxUser "ff" [ "audio" ] [ ] )
( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
( createChromiumUser "fb" [ ] [ pkgs.chromium ] )
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
new file mode 100644
index 000000000..8c71553fe
--- /dev/null
+++ b/lass/2configs/buildbot-standalone.nix
@@ -0,0 +1,78 @@
+{ lib, config, pkgs, ... }:
+{
+ #networking.firewall.allowedTCPPorts = [ 8010 9989 ];
+ krebs.buildbot.master = {
+ slaves = {
+ testslave = "lasspass";
+ };
+ change_source.stockholm = ''
+ stockholm_repo = 'http://cgit.mors/stockholm'
+ cs.append(changes.GitPoller(
+ stockholm_repo,
+ workdir='stockholm-poller', branch='master',
+ project='stockholm',
+ pollinterval=120))
+ '';
+ scheduler = {
+ force-scheduler = ''
+ sched.append(schedulers.ForceScheduler(
+ name="force",
+ builderNames=["fast-tests"]))
+ '';
+ fast-tests-scheduler = ''
+ # test the master real quick
+ sched.append(schedulers.SingleBranchScheduler(
+ change_filter=util.ChangeFilter(branch="master"),
+ name="fast-master-test",
+ builderNames=["fast-tests"]))
+ '';
+ };
+ builder_pre = ''
+ # prepare grab_repo step for stockholm
+ grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
+
+ env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"}
+
+ # prepare nix-shell
+ # the dependencies which are used by the test script
+ deps = [ "gnumake", "jq","nix","rsync" ]
+ # TODO: --pure , prepare ENV in nix-shell command:
+ # SSL_CERT_FILE,LOGNAME,NIX_REMOTE
+ nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ]
+
+ # prepare addShell function
+ def addShell(factory,**kwargs):
+ factory.addStep(steps.ShellCommand(**kwargs))
+ '';
+ builder = {
+ fast-tests = ''
+ f = util.BuildFactory()
+ f.addStep(grab_repo)
+ addShell(f,name="mors-eval",env=env,
+ command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"])
+
+ bu.append(util.BuilderConfig(name="fast-tests",
+ slavenames=slavenames,
+ factory=f))
+ '';
+ };
+ enable = true;
+ web.enable = true;
+ irc = {
+ enable = true;
+ nick = "buildbot-lass";
+ server = "cd.retiolum";
+ channels = [ "retiolum" ];
+ allowForce = true;
+ };
+ };
+
+ krebs.buildbot.slave = {
+ enable = true;
+ masterhost = "localhost";
+ username = "testslave";
+ password = "lasspass";
+ packages = with pkgs;[ git nix ];
+ extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
+ };
+}
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 16ecaefec..ac6aae44f 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -69,12 +69,12 @@ let
with git // config.krebs.users;
repo:
singleton {
- user = lass;
+ user = [ lass lass-helios lass-uriel ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
optional repo.public {
- user = [ tv makefu uriel ];
+ user = [ tv makefu miefda ];
repo = [ repo ];
perm = fetch;
} ++
diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix
index 74d09b7fa..4482c4e9d 100644
--- a/lass/2configs/newsbot-js.nix
+++ b/lass/2configs/newsbot-js.nix
@@ -161,7 +161,7 @@ let
torrentfreak|http://feeds.feedburner.com/Torrentfreak|#news
torr_news|http://feed.torrentfreak.com/Torrentfreak/|#news
travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#news
- truther|http://truthernews.wordpress.com/feed/|#news
+ #truther|http://truthernews.wordpress.com/feed/|#news
un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#news
un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#news
un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#news
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
new file mode 100644
index 000000000..073f3de14
--- /dev/null
+++ b/lass/2configs/websites/fritz.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+
+{
+
+ imports = [
+ ../../3modules/static_nginx.nix
+ ../../3modules/owncloud_nginx.nix
+ ../../3modules/wordpress_nginx.nix
+ ];
+
+ lass.staticPage = {
+ "biostase.de" = {};
+ "gs-maubach.de" = {};
+ "spielwaren-kern.de" = {};
+ "societyofsimtech.de" = {};
+ "ttf-kleinaspach.de" = {};
+ "edsn.de" = {};
+ "eab.berkeley.edu" = {};
+ "habsys.de" = {};
+ };
+
+ #lass.owncloud = {
+ # "o.ubikmedia.de" = {
+ # instanceid = "oc8n8ddbftgh";
+ # };
+ #};
+
+ #services.mysql = {
+ # enable = true;
+ # package = pkgs.mariadb;
+ # rootPassword = toString (<secrets/mysql_rootPassword>);
+ #};
+}
diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix
index cd31450c5..ac784d4c7 100644
--- a/lass/2configs/websites/wohnprojekt-rhh.de.nix
+++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix
@@ -8,5 +8,11 @@
lass.staticPage = {
"wohnprojekt-rhh.de" = {};
};
+
+ users.users.laura = {
+ home = "/srv/http/wohnprojekt-rhh.de";
+ createHome = true;
+ useDefaultShell = true;
+ };
}
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index 04d14c7ce..c407bb59e 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -44,7 +44,7 @@ let
"slock"
];
- systemd.services.display-manager = mkForce {};
+ systemd.services.display-manager.enable = false;
services.xserver.enable = true;
@@ -93,9 +93,11 @@ let
xmonad-start = pkgs.writeScriptBin "xmonad" ''
#! ${pkgs.bash}/bin/bash
set -efu
- export PATH; PATH=${makeSearchPath "bin" ([
+ export PATH; PATH=${makeSearchPath "bin" [
+ pkgs.alsaUtils
+ pkgs.pulseaudioLight
pkgs.rxvt_unicode
- ] ++ config.environment.systemPackages)}:/var/setuid-wrappers
+ ]}:/var/setuid-wrappers
settle() {(
# Use PATH for a clean journal
command=''${1##*/}
diff --git a/lass/3modules/owncloud_nginx.nix b/lass/3modules/owncloud_nginx.nix
index 0cb11846c..79c9de1d4 100644
--- a/lass/3modules/owncloud_nginx.nix
+++ b/lass/3modules/owncloud_nginx.nix
@@ -46,8 +46,22 @@ let
type = str;
};
ssl = mkOption {
- type = bool;
- default = false;
+ type = with types; submodule ({
+ options = {
+ enable = mkEnableOption "ssl";
+ certificate = mkOption {
+ type = str;
+ };
+ certificate_key = mkOption {
+ type = str;
+ };