summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/git.nix8
-rw-r--r--krebs/3modules/tv/default.nix2
-rw-r--r--krebs/4lib/infest/prepare.sh10
-rw-r--r--krebs/5pkgs/kapacitor/default.nix23
-rw-r--r--krebs/5pkgs/telegraf/default.nix27
-rw-r--r--krebs/5pkgs/telegraf/deps-1.1.2.nix588
-rw-r--r--lass/1systems/shodan.nix8
-rw-r--r--lass/2configs/hfos.nix2
-rw-r--r--lass/2configs/websites/domsen.nix40
-rw-r--r--lass/3modules/default.nix2
-rw-r--r--lass/3modules/kapacitor.nix101
-rw-r--r--lass/3modules/telegraf.nix67
-rw-r--r--tv/1systems/alnus.nix6
-rw-r--r--tv/1systems/cd.nix4
-rw-r--r--tv/2configs/backup.nix12
-rw-r--r--tv/2configs/git.nix6
-rw-r--r--tv/2configs/vim.nix7
-rw-r--r--tv/3modules/iptables.nix16
18 files changed, 844 insertions, 85 deletions
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 164831846..a08dbb32c 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -339,9 +339,11 @@ let
description = "Git repository hosting user";
shell = "/bin/sh";
openssh.authorizedKeys.keys =
- mapAttrsToList (_: makeAuthorizedKey git-ssh-command)
- (filterAttrs (_: user: isString user.pubkey)
- config.krebs.users);
+ unique
+ (sort lessThan
+ (map (makeAuthorizedKey git-ssh-command)
+ (filter (user: isString user.pubkey)
+ (concatMap (getAttr "user") cfg.rules))));
};
};
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index d44c322aa..1220143a7 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -85,7 +85,7 @@ with import <stockholm/lib>;
};
nets = {
internet = {
- ip4.addr = "45.62.237.203";
+ ip4.addr = "64.137.177.226";
aliases = [
"cd.i"
"cd.krebsco.de"
diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh
index e265b0e67..3f5d66431 100644
--- a/krebs/4lib/infest/prepare.sh
+++ b/krebs/4lib/infest/prepare.sh
@@ -143,10 +143,10 @@ prepare_common() {(
mkdir -p /mnt/boot
if mount | grep -Fq ' on /boot type '; then
- bootdev=$(mount | grep " on /boot type " | sed 's/ .*//')
- mount $bootdev /mnt/boot
+ bootpart=$(mount | grep ' on /boot type ' | sed 's/ .*//')
+ mount $bootpart /mnt/boot
else
- mount --bind /boot/ /mnt/boot
+ mount --bind /boot /mnt/boot
fi
fi
@@ -155,10 +155,12 @@ prepare_common() {(
# prepare install directory
#
- rootpart=$(mount | grep " on / type" | sed 's/ .*//')
+ rootpart=$(mount | grep ' on / type ' | sed 's/ .*//')
mkdir -p /mnt/etc/nixos
mkdir -m 0555 -p /mnt/var/empty
+ mkdir -p /mnt/var/src
+ touch /mnt/var/src/.populate
if ! mount | grep -Fq "$rootpart on /mnt/root type "; then
mkdir -p /mnt/root
diff --git a/krebs/5pkgs/kapacitor/default.nix b/krebs/5pkgs/kapacitor/default.nix
new file mode 100644
index 000000000..804826941
--- /dev/null
+++ b/krebs/5pkgs/kapacitor/default.nix
@@ -0,0 +1,23 @@
+{ stdenv, lib, fetchFromGitHub, buildGoPackage }:
+
+buildGoPackage rec {
+ name = "kapacitor-${version}";
+ version = "1.0.0";
+
+ goPackagePath = "github.com/influxdata/kapacitor";
+
+ src = fetchFromGitHub {
+ owner = "influxdata";
+ repo = "kapacitor";
+ rev = "v${version}";
+ sha256 = "14l9bhj6qdif79s4dyqqbnjgj3m4iarvw0ckld1wdhpdgvl8w9qh";
+ };
+
+ meta = with lib; {
+ description = "Open source framework for processing, monitoring, and alerting on time series data";
+ license = licenses.mit;
+ homepage = https://influxdata.com/time-series-platform/kapacitor/;
+ maintainers = with maintainers; [offline];
+ platforms = with platforms; linux;
+ };
+}
diff --git a/krebs/5pkgs/telegraf/default.nix b/krebs/5pkgs/telegraf/default.nix
new file mode 100644
index 000000000..996c839ac
--- /dev/null
+++ b/krebs/5pkgs/telegraf/default.nix
@@ -0,0 +1,27 @@
+{ lib, buildGoPackage, fetchFromGitHub }:
+
+buildGoPackage rec {
+ name = "telegraf-${version}";
+ version = "1.1.2";
+
+ goPackagePath = "github.com/influxdata/telegraf";
+
+ excludedPackages = "test";
+
+ src = fetchFromGitHub {
+ owner = "influxdata";
+ repo = "telegraf";
+ rev = "${version}";
+ sha256 = "0dgrbdyz261j28wcq636125ha4xmfgh4y9shlg8m1y6jqdqd2zf2";
+ };
+
+ goDeps = ./. + builtins.toPath "/deps-${version}.nix";
+
+ meta = with lib; {
+ description = "The plugin-driven server agent for collecting & reporting metrics.";
+ license = licenses.mit;
+ homepage = https://www.influxdata.com/time-series-platform/telegraf/;
+ maintainers = with maintainers; [ mic92 roblabla ];
+ platforms = platforms.linux;
+ };
+}
diff --git a/krebs/5pkgs/telegraf/deps-1.1.2.nix b/krebs/5pkgs/telegraf/deps-1.1.2.nix
new file mode 100644
index 000000000..b62ae44db
--- /dev/null
+++ b/krebs/5pkgs/telegraf/deps-1.1.2.nix
@@ -0,0 +1,588 @@
+# This file was generated by go2nix.
+[
+ {
+ goPackagePath = "github.com/Shopify/sarama";
+ fetch = {
+ type = "git";
+ url = "https://github.com/Shopify/sarama";
+ rev = "8aadb476e66ca998f2f6bb3c993e9a2daa3666b9";
+ sha256 = "1ndaddqcll9r22jg9x36acanxv5ds3xwahrm4b6nmmg06670gksv";
+ };
+ }
+ {
+ goPackagePath = "github.com/Sirupsen/logrus";
+ fetch = {
+ type = "git";
+ url = "https://github.com/Sirupsen/logrus";
+ rev = "219c8cb75c258c552e999735be6df753ffc7afdc";
+ sha256 = "04v55846v1535dplldyjhr0yqxl6n1mr4kiy2vz3ragv92xpshr6";
+ };
+ }
+ {
+ goPackagePath = "github.com/aerospike/aerospike-client-go";
+ fetch = {
+ type = "git";
+ url = "https://github.com/aerospike/aerospike-client-go";
+ rev = "7f3a312c3b2a60ac083ec6da296091c52c795c63";
+ sha256 = "05ancqplckvni9xp6xd4bv2pgkfa4v23svfcg27m8xinzi4ry219";
+ };
+ }
+ {
+ goPackagePath = "github.com/amir/raidman";
+ fetch = {
+ type = "git";
+ url = "https://github.com/amir/raidman";
+ rev = "53c1b967405155bfc8758557863bf2e14f814687";
+ sha256 = "08a6zz4akkm7lk02w53vfhkxdf0ikv32x41rc4jyi2qaf0wyw6b4";
+ };
+ }
+ {
+ goPackagePath = "github.com/aws/aws-sdk-go";
+ fetch = {
+ type = "git";
+ url = "https://github.com/aws/aws-sdk-go";
+ rev = "13a12060f716145019378a10e2806c174356b857";
+ sha256 = "09yl85kk2y4ayk44af5rbnkq4vy82vbh2z5ac4vpl2vgv7zyh46h";
+ };
+ }
+ {
+ goPackagePath = "github.com/beorn7/perks";
+ fetch = {
+ type = "git";
+ url = "https://github.com/beorn7/perks";
+ rev = "3ac7bf7a47d159a033b107610db8a1b6575507a4";
+ sha256 = "1qc3l4r818xpvrhshh1sisc5lvl9479qspcfcdbivdyh0apah83r";
+ };
+ }
+ {
+ goPackagePath = "github.com/cenkalti/backoff";
+ fetch = {
+ type = "git";
+ url = "https://github.com/cenkalti/backoff";
+ rev = "4dc77674aceaabba2c7e3da25d4c823edfb73f99";
+ sha256 = "0icf4vrgzksr0g8h6y00rd92h1mym6waf3mbqpf890bkw60gnm0w";
+ };
+ }
+ {
+ goPackagePath = "github.com/couchbase/go-couchbase";
+ fetch = {
+ type = "git";
+ url = "https://github.com/couchbase/go-couchbase";
+ rev = "cb664315a324d87d19c879d9cc67fda6be8c2ac1";
+ sha256 = "1dfw1apwrlfwl7bahb6dy5g9z2vs431l4lpaj3k9bnm13p0awivr";
+ };
+ }
+ {
+ goPackagePath = "github.com/couchbase/gomemcached";
+ fetch = {
+ type = "git";
+ url = "https://github.com/couchbase/gomemcached";
+ rev = "a5ea6356f648fec6ab89add00edd09151455b4b2";
+ sha256 = "00x57qqdv9ciyxiw2y6p4s65sfgi4cs6zi39qlqlw90nh133xnwi";
+ };
+ }
+ {
+ goPackagePath = "github.com/couchbase/goutils";
+ fetch = {
+ type = "git";
+ url = "https://github.com/couchbase/goutils";
+ rev = "5823a0cbaaa9008406021dc5daf80125ea30bba6";
+ sha256 = "15v5ps2i2y2hczwxs2ci4c2w4p3pn3bl7vc5wlaqnc7i14f9285c";
+ };
+ }
+ {
+ goPackagePath = "github.com/dancannon/gorethink";
+ fetch = {
+ type = "git";
+ url = "https://github.com/dancannon/gorethink";
+ rev = "e7cac92ea2bc52638791a021f212145acfedb1fc";
+ sha256 = "0f9gwsqf93qzvfpdwgam7vcfzrrkcj2s9ms4p056kcyxv9snwq3g";
+ };
+ }
+ {
+ goPackagePath = "github.com/davecgh/go-spew";
+ fetch = {
+ type = "git";
+ url = "https://github.com/davecgh/go-spew";
+ rev = "5215b55f46b2b919f50a1df0eaa5886afe4e3b3d";
+ sha256 = "15h9kl73rdbzlfmsdxp13jja5gs7sknvqkpq2qizq3qv3nr1x8dk";
+ };
+ }
+ {
+ goPackagePath = "github.com/docker/engine-api";
+ fetch = {
+ type = "git";
+ url = "https://github.com/docker/engine-api";
+ rev = "8924d6900370b4c7e7984be5adc61f50a80d7537";
+ sha256 = "1klimc3d1a2vfgl14a7js20ricpghq5jzvh8l46kf87ycjwc0q4n";
+ };
+ }
+ {
+ goPackagePath = "github.com/docker/go-connections";
+ fetch = {
+ type = "git";
+ url = "https://github.com/docker/go-connections";
+ rev = "f549a9393d05688dff0992ef3efd8bbe6c628aeb";
+ sha256 = "0k1yf4bimmwxc0qiz997nagfmddbm8nwb0c1q16387m8lgw1gbwg";
+ };
+ }
+ {
+ goPackagePath = "github.com/docker/go-units";
+ fetch = {
+ type = "git";
+ url = "https://github.com/docker/go-units";
+ rev = "5d2041e26a699eaca682e2ea41c8f891e1060444";
+ sha256 = "0hn8xdbaykp046inc4d2mwig5ir89ighma8hk18dfkm8rh1vvr8i";
+ };
+ }
+ {
+ goPackagePath = "github.com/eapache/go-resiliency";
+ fetch = {
+ type = "git";
+ url = "https://github.com/eapache/go-resiliency";
+ rev = "b86b1ec0dd4209a588dc1285cdd471e73525c0b3";
+ sha256 = "1kzv95bh3nidm2cr7iv9lk3s2qiw1i17n8gyl2x6xk6qv8b0bc21";
+ };
+ }
+ {
+ goPackagePath = "github.com/eapache/queue";
+ fetch = {
+ type = "git";
+ url = "https://github.com/eapache/queue";
+ rev = "ded5959c0d4e360646dc9e9908cff48666781367";
+ sha256 = "0inclypw0kln8hsn34c5ww34h0qa9fcqwak93lac5dp59rz5430n";
+ };
+ }
+ {
+ goPackagePath = "github.com/eclipse/paho.mqtt.golang";
+ fetch = {
+ type = "git";
+ url = "https://github.com/eclipse/paho.mqtt.golang";
+ rev = "0f7a459f04f13a41b7ed752d47944528d4bf9a86";
+ sha256 = "13l6mrx9z859r4r7kpa9rsbf4ni7dn6xgz8iyv2xnz53pqffanjh";
+ };
+ }
+ {
+ goPackagePath = "github.com/go-sql-driver/mysql";
+ fetch = {
+ type = "git";
+ url = "https://github.com/go-sql-driver/mysql";
+ rev = "1fca743146605a172a266e1654e01e5cd5669bee";
+ sha256 = "02vbq8j4r3skg3fmiv1wvjqh1542dr515w8f3d42b5lpwc1fsn38";
+ };
+ }
+ {
+ goPackagePath = "github.com/gobwas/glob";
+ fetch = {
+ type = "git";
+ url = "https://github.com/gobwas/glob";
+ rev = "49571a1557cd20e6a2410adc6421f85b66c730b5";
+ sha256 = "16j7pdxajqrl20a737p7kgsngr2f7gkkpgqxxmfkrmgckgkc8cvk";
+ };
+ }
+ {
+ goPackagePath = "github.com/golang/protobuf";
+ fetch = {
+ type = "git";
+ url = "https://github.com/golang/protobuf";
+ rev = "552c7b9542c194800fd493123b3798ef0a832032";
+ sha256 = "1zaw1xxnvgsvfcrv5xkn1f7p87vyh9i6mc44csl11fgc2hvqp6xm";
+ };
+ }
+ {
+ goPackagePath = "github.com/golang/snappy";
+ fetch = {
+ type = "git";
+ url = "https://github.com/golang/snappy";
+ rev = "d9eb7a3d35ec988b8585d4a0068e462c27d28380";
+ sha256 = "0wynarlr1y8sm9y9l29pm9dgflxriiialpwn01066snzjxnpmbyn";
+ };
+ }
+ {
+ goPackagePath = "github.com/gonuts/go-shellquote";
+ fetch = {
+ type = "git";
+ url = "https://github.com/gonuts/go-shellquote";
+ rev = "e842a11b24c6abfb3dd27af69a17f482e4b483c2";
+ sha256 = "19lbz7wl241bsyzsv2ai40b2vnj8c9nl107b6jf9gid3i6h0xydg";
+ };
+ }
+ {
+ goPackagePath = "github.com/gorilla/context";
+ fetch = {
+ type = "git";
+ url = "https://github.com/gorilla/context";
+ rev = "1ea25387ff6f684839d82767c1733ff4d4d15d0a";
+ sha256 = "1nh1nzxcsgd215x4xn59wc4cbqfa8zvhvnnx5p8fkrn4bj1cgak4";
+ };
+ }
+ {
+ goPackagePath = "github.com/gorilla/mux";
+ fetch = {
+ type = "git";
+ url = "https://github.com/gorilla/mux";
+ rev = "c9e326e2bdec29039a3761c07bece13133863e1e";
+ sha256 = "1bplp6v14isjdfpf8328k8bvkn35n451axkxlm822d9h5ccg47g6";
+ };
+ }
+ {
+ goPackagePath = "github.com/hailocab/go-hostpool";
+ fetch = {
+ type = "git";
+ url = "https://github.com/hailocab/go-hostpool";
+ rev = "e80d13ce29ede4452c43dea11e79b9bc8a15b478";
+ sha256 = "05ld4wp3illkbgl043yf8jq9y1ld0zzvrcg8jdij129j50xgfxny";
+ };
+ }
+ {
+ goPackagePath = "github.com/hashicorp/consul";
+ fetch = {
+ type = "git";
+ url = "https://github.com/hashicorp/consul";
+ rev = "5aa90455ce78d4d41578bafc86305e6e6b28d7d2";
+ sha256 = "1xas814kkhwnjg5ghhlkgygcgi5p7h6dczmpbrzzh3yygbfdzxgw";
+ };
+ }
+ {
+ goPackagePath = "github.com/hpcloud/tail";
+ fetch = {
+ type = "git";
+ url = "https://github.com/hpcloud/tail";
+ rev = "b2940955ab8b26e19d43a43c4da0475dd81bdb56";
+ sha256 = "1x266pdfvcymsbdrdsns06qq5qfjb62z6h4512ylhakbm64qkn4s";
+ };
+ }
+ {
+ goPackagePath = "github.com/influxdata/config";
+ fetch = {
+ type = "git";
+ url = "https://github.com/influxdata/config";
+ rev = "b79f6829346b8d6e78ba73544b1e1038f1f1c9da";
+ sha256 = "0k4iywy83n3kq2f58a41rjinj03wp1di67aacpf04p25qmf46c4z";
+ };
+ }
+ {
+ goPackagePath = "github.com/influxdata/influxdb";
+ fetch = {
+ type = "git";
+ url = "https://github.com/influxdata/influxdb";
+ rev = "fc57c0f7c635df3873f3d64f0ed2100ddc94d5ae";
+ sha256 = "07cv1gryp4a84a2acgc8k8alr7jw4jwphf12cby8jjy1br35jrbq";
+ };
+ }
+ {
+ goPackagePath = "github.com/influxdata/toml";
+ fetch = {
+ type = "git";
+ url = "https://github.com/influxdata/toml";
+ rev = "af4df43894b16e3fd2b788d01bd27ad0776ef2d0";
+ sha256 = "1faf51s89sk1z41qfsazmddgwll7jq9xna67k3h3vry86c4vs2j4";
+ };
+ }
+ {
+ goPackagePath = "github.com/influxdata/wlog";
+ fetch = {
+ type = "git";
+ url = "https://github.com/influxdata/wlog";
+ rev = "7c63b0a71ef8300adc255344d275e10e5c3a71ec";
+ sha256 = "04kw4kivxvr3kkmghj3427b1xyhzbhnfr971qfn3lv2vvhs8kpfl";
+ };
+ }
+ {
+ goPackagePath = "github.com/kardianos/osext";
+ fetch = {
+ type = "git";
+ url = "https://github.com/kardianos/osext";
+ rev = "29ae4ffbc9a6fe9fb2bc5029050ce6996ea1d3bc";
+ sha256 = "1mawalaz84i16njkz6f9fd5jxhcbxkbsjnav3cmqq2dncv2hyv8a";
+ };
+ }
+ {
+ goPackagePath = "github.com/kardianos/service";
+ fetch = {
+ type = "git";
+ url = "https://github.com/kardianos/service";
+ rev = "5e335590050d6d00f3aa270217d288dda1c94d0a";
+ sha256 = "1g10qisgywfqj135yyiq63pnbjgr201gz929ydlgyzqq6yk3bn3h";
+ };
+ }
+ {
+ goPackagePath = "github.com/klauspost/crc32";
+ fetch = {
+ type = "git";
+ url = "https://github.com/klauspost/crc32";
+ rev = "19b0b332c9e4516a6370a0456e6182c3b5036720";
+ sha256 = "0fcnsf1m0bzplgp28dz8skza6l7rc65s180x85rzbdl9l3zzi43r";
+ };
+ }
+ {
+ goPackagePath = "github.com/lib/pq";
+ fetch = {
+ type = "git";
+ url = "https://github.com/lib/pq";
+ rev = "e182dc4027e2ded4b19396d638610f2653295f36";
+ sha256 = "1636v3snixapjf7rbjq0xn1sbym7hwckqfla0dm5cr4a5q4fw5cj";
+ };
+ }
+ {
+ goPackagePath = "github.com/matttproud/golang_protobuf_extensions";
+ fetch = {
+ type = "git";
+ url = "https://github.com/matttproud/golang_protobuf_extensions";
+ rev = "d0c3fe89de86839aecf2e0579c40ba3bb336a453";
+ sha256 = "0jkjgpi1s8l9bdbf14fh8050757jqy36kn1l1hxxlb2fjn1pcg0r";
+ };
+ }
+ {
+ goPackagePath = "github.com/miekg/dns";
+ fetch = {
+ type = "git";
+ url = "https://github.com/miekg/dns";
+ rev = "cce6c130cdb92c752850880fd285bea1d64439dd";
+ sha256 = "098gadhfjiijlgq497gbccvf26xrmjvln1fws56m0ljcgszq3jdx";
+ };
+ }
+ {
+ goPackagePath = "github.com/mreiferson/go-snappystream";
+ fetch = {
+ type = "git";
+ url = "https://github.com/mreiferson/go-snappystream";
+ rev = "028eae7ab5c4c9e2d1cb4c4ca1e53259bbe7e504";
+ sha256 = "0jdd5whp74nvg35d9hzydsi3shnb1vrnd7shi9qz4wxap7gcrid6";
+ };
+ }
+ {
+ goPackagePath = "github.com/naoina/go-stringutil";
+ fetch = {
+ type = "git";
+ url = "https://github.com/naoina/go-stringutil";
+ rev = "6b638e95a32d0c1131db0e7fe83775cbea4a0d0b";
+ sha256 = "00831p1wn3rimybk1z8l30787kn1akv5jax5wx743nn76qcmkmc6";
+ };
+ }
+ {
+ goPackagePath = "github.com/nats-io/nats";
+ fetch = {
+ type = "git";
+ url = "https://github.com/nats-io/nats";
+ rev = "ea8b4fd12ebb823073c0004b9f09ac8748f4f165";
+ sha256 = "0i5f6n9k0d2vzdy20sqygmss5j45y72irxsi80grjsh7qkxa6vn1";
+ };
+ }
+ {
+ goPackagePath = "github.com/nats-io/nuid";
+ fetch = {
+ type = "git";
+ url = "https://github.com/nats-io/nuid";
+ rev = "a5152d67cf63cbfb5d992a395458722a45194715";
+ sha256 = "0fphar5bz735wwa7549j31nxnm5a9dyw472gs9zafz0cv7g8np40";
+ };
+ }
+ {
+ goPackagePath = "github.com/nsqio/go-nsq";
+ fetch = {
+ type = "git";
+ url = "https://github.com/nsqio/go-nsq";
+ rev = "0b80d6f05e15ca1930e0c5e1d540ed627e299980";
+ sha256 = "1zi9jazjfzilp2g0xy30dlx9nd9g47cjqrnqxallly97mz9n01xr";
+ };
+ }
+ {
+ goPackagePath = "github.com/opencontainers/runc";
+ fetch = {
+ type = "git";
+ url = "https://github.com/opencontainers/runc";
+ rev = "89ab7f2ccc1e45ddf6485eaa802c35dcf321dfc8";
+ sha256 = "1rnaqcsww7plr430r4ksv9si4l91l25li0bwa1b03g3sn2shirk1";
+ };
+ }
+ {
+ goPackagePath = "github.com/prometheus/client_golang";
+ fetch = {
+ type = "git";
+ url = "https://github.com/prometheus/client_golang";
+ rev = "18acf9993a863f4c4b40612e19cdd243e7c86831";
+ sha256 = "1gyjvwnvgyl0fs4hd2vp5hj1dsafhwb2h55w8zgzdpshvhwrpmhv";
+ };
+ }
+ {
+ goPackagePath = "github.com/prometheus/client_model";
+ fetch = {
+ type = "git";
+ url = "https://github.com/prometheus/client_model";
+ rev = "fa8ad6fec33561be4280a8f0514318c79d7f6cb6";
+ sha256 = "11a7v1fjzhhwsl128znjcf5v7v6129xjgkdpym2lial4lac1dhm9";
+ };
+ }
+ {
+ goPackagePath = "github.com/prometheus/common";
+ fetch = {
+ type = "git";
+ url = "https://github.com/prometheus/common";
+ rev = "e8eabff8812b05acf522b45fdcd725a785188e37";
+ sha256 = "08magd2aw7dqaa8bbv85404zvy120ify61msfpy75az5rdl5anxq";
+ };
+ }
+ {
+ goPackagePath = "github.com/prometheus/procfs";
+ fetch = {
+ type = "git";
+ url = "https://github.com/prometheus/procfs";
+ rev = "406e5b7bfd8201a36e2bb5f7bdae0b03380c2ce8";
+ sha256 = "0yla9hz15pg63394ygs9iiwzsqyv29labl8p424hijwsc9z9nka8";
+ };
+ }
+ {
+ goPackagePath = "github.com/samuel/go-zookeeper";
+ fetch = {
+ type = "git";
+ url = "https://github.com/samuel/go-zookeeper";
+ rev = "218e9c81c0dd8b3b18172b2bbfad92cc7d6db55f";
+ sha256 = "1v0m6wn83v4pbqz6hs7z1h5hbjk7k6npkpl7icvcxdcjd7rmyjp2";
+ };
+ }
+ {
+ goPackagePath = "github.com/shirou/gopsutil";
+ fetch = {
+ type = "git";
+ url = "https://github.com/shirou/gopsutil";
+ rev = "4d0c402af66c78735c5ccf820dc2ca7de5e4ff08";
+ sha256 = "1wkp7chzpz6brq2y0k2mvsf0iaknns279wfsjn5gm6gvih49lqni";
+ };
+ }
+ {
+ goPackagePath = "github.com/soniah/gosnmp";
+ fetch = {
+ type = "git";
+ url = "https://github.com/soniah/gosnmp";
+ rev = "3fe3beb30fa9700988893c56a63b1df8e1b68c26";
+ sha256 = "0a0vlxx1plqj9fi863wd8ajbzl705wgma4qk75v949azgn1yx9ib";
+ };
+ }
+ {
+ goPackagePath = "github.com/streadway/amqp";
+ fetch = {
+ type = "git";
+ url = "https://github.com/streadway/amqp";
+ rev = "b4f3ceab0337f013208d31348b578d83c0064744";
+ sha256 = "1whcg2l6w2q7xrkk8q5y95i90ckq72bpgksii9ibrpyixbx7p5xp";
+ };
+ }
+ {
+ goPackagePath = "github.com/stretchr/testify";
+ fetch = {
+ type = "git";
+ url = "https://github.com/stretchr/testify";
+ rev = "1f4a1643a57e798696635ea4c126e9127adb7d3c";
+ sha256 = "0nam9d68rn8ha8ldif22kkgv6k6ph3y88fp26159wdrs63ca3bzl";
+ };
+ }
+ {
+ goPackagePath = "github.com/vjeantet/grok";
+ fetch = {
+ type = "git";
+ url = "https://github.com/vjeantet/grok";
+ rev = "83bfdfdfd1a8146795b28e547a8e3c8b28a466c2";
+ sha256 = "03zdcg9gy482gbasa7sw4cpw1k1n3dr2q06q80qnkqn268p7hp80";
+ };
+ }
+ {
+ goPackagePath = "github.com/wvanbergen/kafka";
+ fetch = {
+ type = "git";
+ url = "https://github.com/wvanbergen/kafka";
+ rev = "46f9a1cf3f670edec492029fadded9c2d9e18866";
+ sha256 = "1czmbilprffdbwnrq4wcllaqknbq91l6p0ni6b55fkaggnwck694";
+ };
+ }
+ {
+ goPackagePath = "github.com/wvanbergen/kazoo-go";
+ fetch = {
+ type = "git";
+ url = "https://github.com/wvanbergen/kazoo-go";
+ rev = "0f768712ae6f76454f987c3356177e138df258f8";
+ sha256 = "1paaayg03nknbnl3kdl0ybqv4llz7iwry7f29i0bh9srb6c87x16";
+ };
+ }
+ {
+ goPackagePath = "github.com/yuin/gopher-lua";
+ fetch = {
+ type = "git";
+ url = "https://github.com/yuin/gopher-lua";
+ rev = "bf3808abd44b1e55143a2d7f08571aaa80db1808";
+ sha256 = "02m7ly5yzc3snvxlfl9j4ggwd7v0kpvy3pqgqbfr7scdjxdap4nm";
+ };
+ }
+ {
+ goPackagePath = "github.com/zensqlmonitor/go-mssqldb";
+ fetch = {
+ type = "git";
+ url = "https://github.com/zensqlmonitor/go-mssqldb";
+ rev = "ffe5510c6fa5e15e6d983210ab501c815b56b363";
+ sha256 = "079x8ms8lv5p6253ppaxva37k6w04xnd38y8763rr2giswxqzlkl";
+ };
+ }
+ {
+ goPackagePath = "golang.org/x/crypto";
+ fetch = {
+ type = "git";
+ url = "https://go.googlesource.com/crypto";
+ rev = "c197bcf24cde29d3f73c7b4ac6fd41f4384e8af6";
+ sha256 = "1y2bbghi594m8p4pcm9pwrzql06179xj6zvhaghwcc6y0l48rbgp";
+ };
+ }
+ {
+ goPackagePath = "golang.org/x/net";
+ fetch = {
+ type = "git";
+ url = "https://go.googlesource.com/net";
+ rev = "6acef71eb69611914f7a30939ea9f6e194c78172";
+ sha256 = "1fcsv50sbq0lpzrhx3m9jw51wa255fsbqjwsx9iszq4d0gysnnvc";
+ };
+ }
+ {
+ goPackagePath = "golang.org/x/text";
+ fetch = {
+ type = "git";
+ url = "https://go.googlesource.com/text";
+ rev = "a71fd10341b064c10f4a81ceac72bcf70f26ea34";
+ sha256 = "1igxqrgnnb6983fl0yck0xal2hwnkcgbslr7cxyrg7a65vawd0q1";
+ };
+ }
+ {
+ goPackagePath = "gopkg.in/dancannon/gorethink.v1";
+ fetch = {
+ type = "git";
+ url = "https://gopkg.in/dancannon/gorethink.v1";
+ rev = "7d1af5be49cb5ecc7b177bf387d232050299d6ef";
+ sha256 = "0036hcadshka19bcqmq4mm9ssl9qhsx1n96lj1y24mh9g1api8fi";
+ };
+ }
+ {
+ goPackagePath = "gopkg.in/fatih/pool.v2";
+ fetch = {
+ type = "git";
+ url = "https://gopkg.in/fatih/pool.v2";
+ rev = "cba550ebf9bce999a02e963296d4bc7a486cb715";
+ sha256 = "1jlrakgnpvhi2ny87yrsj1gyrcncfzdhypa9i2mlvvzqlj4r0dn0";
+ };
+ }
+ {
+ goPackagePath = "gopkg.in/mgo.v2";
+ fetch = {
+ type = "git";
+ url = "https://gopkg.in/mgo.v2";
+ rev = "d90005c5262a3463800497ea5a89aed5fe22c886";
+ sha256 = "1z81k6mnfk07hkrkw31l16qycyiwa6wzyhysmywgkh58sm5dc9m7";
+ };
+ }
+ {
+ goPackagePath = "gopkg.in/yaml.v2";
+ fetch = {
+ type = "git";
+ url = "https://gopkg.in/yaml.v2";
+ rev = "a83829b6f1293c91addabc89d0571c246397bbf4";
+ sha256 = "1m4dsmk90sbi17571h6pld44zxz7jc4lrnl4f27dpd1l8g5xvjhh";
+ };
+ }
+]
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 095898380..232e91d90 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -59,17 +59,13 @@ with import <stockholm/lib>;
fileSystems = {
"/" = {
device = "/dev/pool/nix";
- fsType = "ext4";
+ fsType = "btrfs";
};
"/boot" = {
device = "/dev/sda1";
};
- "/home/lass" = {
- device = "/dev/pool/home-lass";
- fsType = "ext4";
- };
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
@@ -77,7 +73,7 @@ with import <stockholm/lib>;
};
"/bku" = {
device = "/dev/pool/bku";
- fsType = "ext4";
+ fsType = "btrfs";
};
};
diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix
index f6f09e226..fc211dc92 100644
--- a/lass/2configs/hfos.nix
+++ b/lass/2configs/hfos.nix
@@ -21,12 +21,14 @@ with import <stockholm/lib>;
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 22"; target = "DNAT --to-destination 192.168.122.208:22"; }
+ { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 25"; target = "DNAT --to-destination 192.168.122.208:25"; }
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 80"; target = "DNAT --to-destination 192.168.122.208:1080"; }
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
];
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
+ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 25 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
];
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 2bbfe7333..01699001e 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -7,7 +7,6 @@ let
genid_signed
;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
- ssl
servePage
serveOwncloud
serveWordpress;
@@ -25,47 +24,16 @@ let
in {
imports = [
./sqlBackup.nix
- (ssl [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
- (ssl [ "karlaskop.de" "www.karlaskop.de" ])
(servePage [ "karlaskop.de" "www.karlaskop.de" ])
- (ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
(servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
- (ssl [ "pixelpocket.de" ])
(servePage [ "pixelpocket.de" ])
- (ssl [ "o.ubikmedia.de" ])
(serveOwncloud [ "o.ubikmedia.de" ])
- (ssl [
- "ubikmedia.de"
- "aldona.ubikmedia.de"
- "apanowicz.de"
- "nirwanabluete.de"
- "aldonasiech.com"
- "360gradvideo.tv"
- "ubikmedia.eu"
- "facts.cloud"
- "youthtube.xyz"
- "illucloud.eu"
- "illucloud.de"
- "illucloud.com"
- "www.ubikmedia.de"
- "www.aldona.ubikmedia.de"
- "www.apanowicz.de"
- "www.nirwanabluete.de"
- "www.aldonasiech.com"
- "www.360gradvideo.tv"
- "www.ubikmedia.eu"
- "www.facts.cloud"
- "www.youthtube.xyz"
- "www.illucloud.eu"
- "www.illucloud.de"
- "www.illucloud.com"
- ])
(serveWordpress [
"ubikmedia.de"
"apanowicz.de"
@@ -88,6 +56,14 @@ in {
"www.illucloud.eu"
"www.illucloud.de"
"www.illucloud.com"
+ "apanowicz.ubikmedia.de"
+ "karlaskop.ubikmedia.de"
+ "nb.ubikmedia.de"
+ "cinevita.ubikmedia.de"
+ "factscloud.ubikmedia.de"
+ "youthtube.ubikmedia.de"
+ "aldona2.ubikmedia.de"
+ "illucloud.ubikmedia.de"
])
];
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index b169fea40..2bf2df8b3 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -9,5 +9,7 @@ _:
./urxvtd.nix
./usershadow.nix
./xresources.nix
+ ./kapacitor.nix
+ ./telegraf.nix
];
}
diff --git a/lass/3modules/kapacitor.nix b/lass/3modules/kapacitor.nix
new file mode 100644
index 000000000..023801987
--- /dev/null
+++ b/lass/3modules/kapacitor.nix
@@ -0,0 +1,101 @@
+{ config, lib, pkgs, ... }:
+
+with builtins;
+with lib;
+
+let
+ cfg = config.lass.kapacitor;
+
+ out = {
+ options.lass.kapacitor = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "kapacitor";
+ dataDir = mkOption {
+ type = types.str;
+ default = "/var/lib/kapacitor";
+ };
+ user = mkOption {
+ type = types.str;
+ default = "kapacitor";
+ };
+ config = mkOption {
+ type = types.str;
+ #TODO: find a good default
+ default = ''
+ hostname = "localhost"
+ data_dir = "/home/lass/.kapacitor"
+
+ [http]
+ bind-address = ":9092"
+ auth-enabled = false
+ log-enabled = true
+ write-tracing = false
+ pprof-enabled = false
+ https-enabled = false
+ https-certificate = "/etc/ssl/kapacitor.pem"
+ shutdown-timeout = "10s"
+ shared-secret = ""
+
+ [replay]
+ dir = "${cfg.dataDir}/replay"
+
+ [storage]
+ boltdb = "${cfg.dataDir}/kapacitor.db"
+
+ [task]
+ dir = "${cfg.dataDir}/tasks"
+ snapshot-interval = "1m0s"
+
+ [[influxdb]]
+ enabled = true
+ name = "default"
+ default = false
+ urls = ["http://localhost:8086"]
+ username = ""
+ password = ""
+ ssl-ca = ""
+ ssl-cert = ""
+ ssl-key = ""
+ insecure-skip-verify = false
+ timeout = "0s"
+ disable-subscriptions = false
+ subscription-protocol = "http"