diff options
-rw-r--r-- | krebs/3modules/git.nix | 8 | ||||
-rw-r--r-- | krebs/3modules/tv/default.nix | 2 | ||||
-rw-r--r-- | krebs/4lib/infest/prepare.sh | 10 | ||||
-rw-r--r-- | krebs/5pkgs/kapacitor/default.nix | 23 | ||||
-rw-r--r-- | krebs/5pkgs/telegraf/default.nix | 27 | ||||
-rw-r--r-- | krebs/5pkgs/telegraf/deps-1.1.2.nix | 588 | ||||
-rw-r--r-- | lass/1systems/shodan.nix | 8 | ||||
-rw-r--r-- | lass/2configs/hfos.nix | 2 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 40 | ||||
-rw-r--r-- | lass/3modules/default.nix | 2 | ||||
-rw-r--r-- | lass/3modules/kapacitor.nix | 101 | ||||
-rw-r--r-- | lass/3modules/telegraf.nix | 67 | ||||
-rw-r--r-- | tv/1systems/alnus.nix | 6 | ||||
-rw-r--r-- | tv/1systems/cd.nix | 4 | ||||
-rw-r--r-- | tv/2configs/backup.nix | 12 | ||||
-rw-r--r-- | tv/2configs/git.nix | 6 | ||||
-rw-r--r-- | tv/2configs/vim.nix | 7 | ||||
-rw-r--r-- | tv/3modules/iptables.nix | 16 |
18 files changed, 844 insertions, 85 deletions
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 164831846..a08dbb32c 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -339,9 +339,11 @@ let description = "Git repository hosting user"; shell = "/bin/sh"; openssh.authorizedKeys.keys = - mapAttrsToList (_: makeAuthorizedKey git-ssh-command) - (filterAttrs (_: user: isString user.pubkey) - config.krebs.users); + unique + (sort lessThan + (map (makeAuthorizedKey git-ssh-command) + (filter (user: isString user.pubkey) + (concatMap (getAttr "user") cfg.rules)))); }; }; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index d44c322aa..1220143a7 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -85,7 +85,7 @@ with import <stockholm/lib>; }; nets = { internet = { - ip4.addr = "45.62.237.203"; + ip4.addr = "64.137.177.226"; aliases = [ "cd.i" "cd.krebsco.de" diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index e265b0e67..3f5d66431 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -143,10 +143,10 @@ prepare_common() {( mkdir -p /mnt/boot if mount | grep -Fq ' on /boot type '; then - bootdev=$(mount | grep " on /boot type " | sed 's/ .*//') - mount $bootdev /mnt/boot + bootpart=$(mount | grep ' on /boot type ' | sed 's/ .*//') + mount $bootpart /mnt/boot else - mount --bind /boot/ /mnt/boot + mount --bind /boot /mnt/boot fi fi @@ -155,10 +155,12 @@ prepare_common() {( # prepare install directory # - rootpart=$(mount | grep " on / type" | sed 's/ .*//') + rootpart=$(mount | grep ' on / type ' | sed 's/ .*//') mkdir -p /mnt/etc/nixos mkdir -m 0555 -p /mnt/var/empty + mkdir -p /mnt/var/src + touch /mnt/var/src/.populate if ! mount | grep -Fq "$rootpart on /mnt/root type "; then mkdir -p /mnt/root diff --git a/krebs/5pkgs/kapacitor/default.nix b/krebs/5pkgs/kapacitor/default.nix new file mode 100644 index 000000000..804826941 --- /dev/null +++ b/krebs/5pkgs/kapacitor/default.nix @@ -0,0 +1,23 @@ +{ stdenv, lib, fetchFromGitHub, buildGoPackage }: + +buildGoPackage rec { + name = "kapacitor-${version}"; + version = "1.0.0"; + + goPackagePath = "github.com/influxdata/kapacitor"; + + src = fetchFromGitHub { + owner = "influxdata"; + repo = "kapacitor"; + rev = "v${version}"; + sha256 = "14l9bhj6qdif79s4dyqqbnjgj3m4iarvw0ckld1wdhpdgvl8w9qh"; + }; + + meta = with lib; { + description = "Open source framework for processing, monitoring, and alerting on time series data"; + license = licenses.mit; + homepage = https://influxdata.com/time-series-platform/kapacitor/; + maintainers = with maintainers; [offline]; + platforms = with platforms; linux; + }; +} diff --git a/krebs/5pkgs/telegraf/default.nix b/krebs/5pkgs/telegraf/default.nix new file mode 100644 index 000000000..996c839ac --- /dev/null +++ b/krebs/5pkgs/telegraf/default.nix @@ -0,0 +1,27 @@ +{ lib, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + name = "telegraf-${version}"; + version = "1.1.2"; + + goPackagePath = "github.com/influxdata/telegraf"; + + excludedPackages = "test"; + + src = fetchFromGitHub { + owner = "influxdata"; + repo = "telegraf"; + rev = "${version}"; + sha256 = "0dgrbdyz261j28wcq636125ha4xmfgh4y9shlg8m1y6jqdqd2zf2"; + }; + + goDeps = ./. + builtins.toPath "/deps-${version}.nix"; + + meta = with lib; { + description = "The plugin-driven server agent for collecting & reporting metrics."; + license = licenses.mit; + homepage = https://www.influxdata.com/time-series-platform/telegraf/; + maintainers = with maintainers; [ mic92 roblabla ]; + platforms = platforms.linux; + }; +} diff --git a/krebs/5pkgs/telegraf/deps-1.1.2.nix b/krebs/5pkgs/telegraf/deps-1.1.2.nix new file mode 100644 index 000000000..b62ae44db --- /dev/null +++ b/krebs/5pkgs/telegraf/deps-1.1.2.nix @@ -0,0 +1,588 @@ +# This file was generated by go2nix. +[ + { + goPackagePath = "github.com/Shopify/sarama"; + fetch = { + type = "git"; + url = "https://github.com/Shopify/sarama"; + rev = "8aadb476e66ca998f2f6bb3c993e9a2daa3666b9"; + sha256 = "1ndaddqcll9r22jg9x36acanxv5ds3xwahrm4b6nmmg06670gksv"; + }; + } + { + goPackagePath = "github.com/Sirupsen/logrus"; + fetch = { + type = "git"; + url = "https://github.com/Sirupsen/logrus"; + rev = "219c8cb75c258c552e999735be6df753ffc7afdc"; + sha256 = "04v55846v1535dplldyjhr0yqxl6n1mr4kiy2vz3ragv92xpshr6"; + }; + } + { + goPackagePath = "github.com/aerospike/aerospike-client-go"; + fetch = { + type = "git"; + url = "https://github.com/aerospike/aerospike-client-go"; + rev = "7f3a312c3b2a60ac083ec6da296091c52c795c63"; + sha256 = "05ancqplckvni9xp6xd4bv2pgkfa4v23svfcg27m8xinzi4ry219"; + }; + } + { + goPackagePath = "github.com/amir/raidman"; + fetch = { + type = "git"; + url = "https://github.com/amir/raidman"; + rev = "53c1b967405155bfc8758557863bf2e14f814687"; + sha256 = "08a6zz4akkm7lk02w53vfhkxdf0ikv32x41rc4jyi2qaf0wyw6b4"; + }; + } + { + goPackagePath = "github.com/aws/aws-sdk-go"; + fetch = { + type = "git"; + url = "https://github.com/aws/aws-sdk-go"; + rev = "13a12060f716145019378a10e2806c174356b857"; + sha256 = "09yl85kk2y4ayk44af5rbnkq4vy82vbh2z5ac4vpl2vgv7zyh46h"; + }; + } + { + goPackagePath = "github.com/beorn7/perks"; + fetch = { + type = "git"; + url = "https://github.com/beorn7/perks"; + rev = "3ac7bf7a47d159a033b107610db8a1b6575507a4"; + sha256 = "1qc3l4r818xpvrhshh1sisc5lvl9479qspcfcdbivdyh0apah83r"; + }; + } + { + goPackagePath = "github.com/cenkalti/backoff"; + fetch = { + type = "git"; + url = "https://github.com/cenkalti/backoff"; + rev = "4dc77674aceaabba2c7e3da25d4c823edfb73f99"; + sha256 = "0icf4vrgzksr0g8h6y00rd92h1mym6waf3mbqpf890bkw60gnm0w"; + }; + } + { + goPackagePath = "github.com/couchbase/go-couchbase"; + fetch = { + type = "git"; + url = "https://github.com/couchbase/go-couchbase"; + rev = "cb664315a324d87d19c879d9cc67fda6be8c2ac1"; + sha256 = "1dfw1apwrlfwl7bahb6dy5g9z2vs431l4lpaj3k9bnm13p0awivr"; + }; + } + { + goPackagePath = "github.com/couchbase/gomemcached"; + fetch = { + type = "git"; + url = "https://github.com/couchbase/gomemcached"; + rev = "a5ea6356f648fec6ab89add00edd09151455b4b2"; + sha256 = "00x57qqdv9ciyxiw2y6p4s65sfgi4cs6zi39qlqlw90nh133xnwi"; + }; + } + { + goPackagePath = "github.com/couchbase/goutils"; + fetch = { + type = "git"; + url = "https://github.com/couchbase/goutils"; + rev = "5823a0cbaaa9008406021dc5daf80125ea30bba6"; + sha256 = "15v5ps2i2y2hczwxs2ci4c2w4p3pn3bl7vc5wlaqnc7i14f9285c"; + }; + } + { + goPackagePath = "github.com/dancannon/gorethink"; + fetch = { + type = "git"; + url = "https://github.com/dancannon/gorethink"; + rev = "e7cac92ea2bc52638791a021f212145acfedb1fc"; + sha256 = "0f9gwsqf93qzvfpdwgam7vcfzrrkcj2s9ms4p056kcyxv9snwq3g"; + }; + } + { + goPackagePath = "github.com/davecgh/go-spew"; + fetch = { + type = "git"; + url = "https://github.com/davecgh/go-spew"; + rev = "5215b55f46b2b919f50a1df0eaa5886afe4e3b3d"; + sha256 = "15h9kl73rdbzlfmsdxp13jja5gs7sknvqkpq2qizq3qv3nr1x8dk"; + }; + } + { + goPackagePath = "github.com/docker/engine-api"; + fetch = { + type = "git"; + url = "https://github.com/docker/engine-api"; + rev = "8924d6900370b4c7e7984be5adc61f50a80d7537"; + sha256 = "1klimc3d1a2vfgl14a7js20ricpghq5jzvh8l46kf87ycjwc0q4n"; + }; + } + { + goPackagePath = "github.com/docker/go-connections"; + fetch = { + type = "git"; + url = "https://github.com/docker/go-connections"; + rev = "f549a9393d05688dff0992ef3efd8bbe6c628aeb"; + sha256 = "0k1yf4bimmwxc0qiz997nagfmddbm8nwb0c1q16387m8lgw1gbwg"; + }; + } + { + goPackagePath = "github.com/docker/go-units"; + fetch = { + type = "git"; + url = "https://github.com/docker/go-units"; + rev = "5d2041e26a699eaca682e2ea41c8f891e1060444"; + sha256 = "0hn8xdbaykp046inc4d2mwig5ir89ighma8hk18dfkm8rh1vvr8i"; + }; + } + { + goPackagePath = "github.com/eapache/go-resiliency"; + fetch = { + type = "git"; + url = "https://github.com/eapache/go-resiliency"; + rev = "b86b1ec0dd4209a588dc1285cdd471e73525c0b3"; + sha256 = "1kzv95bh3nidm2cr7iv9lk3s2qiw1i17n8gyl2x6xk6qv8b0bc21"; + }; + } + { + goPackagePath = "github.com/eapache/queue"; + fetch = { + type = "git"; + url = "https://github.com/eapache/queue"; + rev = "ded5959c0d4e360646dc9e9908cff48666781367"; + sha256 = "0inclypw0kln8hsn34c5ww34h0qa9fcqwak93lac5dp59rz5430n"; + }; + } + { + goPackagePath = "github.com/eclipse/paho.mqtt.golang"; + fetch = { + type = "git"; + url = "https://github.com/eclipse/paho.mqtt.golang"; + rev = "0f7a459f04f13a41b7ed752d47944528d4bf9a86"; + sha256 = "13l6mrx9z859r4r7kpa9rsbf4ni7dn6xgz8iyv2xnz53pqffanjh"; + }; + } + { + goPackagePath = "github.com/go-sql-driver/mysql"; + fetch = { + type = "git"; + url = "https://github.com/go-sql-driver/mysql"; + rev = "1fca743146605a172a266e1654e01e5cd5669bee"; + sha256 = "02vbq8j4r3skg3fmiv1wvjqh1542dr515w8f3d42b5lpwc1fsn38"; + }; + } + { + goPackagePath = "github.com/gobwas/glob"; + fetch = { + type = "git"; + url = "https://github.com/gobwas/glob"; + rev = "49571a1557cd20e6a2410adc6421f85b66c730b5"; + sha256 = "16j7pdxajqrl20a737p7kgsngr2f7gkkpgqxxmfkrmgckgkc8cvk"; + }; + } + { + goPackagePath = "github.com/golang/protobuf"; + fetch = { + type = "git"; + url = "https://github.com/golang/protobuf"; + rev = "552c7b9542c194800fd493123b3798ef0a832032"; + sha256 = "1zaw1xxnvgsvfcrv5xkn1f7p87vyh9i6mc44csl11fgc2hvqp6xm"; + }; + } + { + goPackagePath = "github.com/golang/snappy"; + fetch = { + type = "git"; + url = "https://github.com/golang/snappy"; + rev = "d9eb7a3d35ec988b8585d4a0068e462c27d28380"; + sha256 = "0wynarlr1y8sm9y9l29pm9dgflxriiialpwn01066snzjxnpmbyn"; + }; + } + { + goPackagePath = "github.com/gonuts/go-shellquote"; + fetch = { + type = "git"; + url = "https://github.com/gonuts/go-shellquote"; + rev = "e842a11b24c6abfb3dd27af69a17f482e4b483c2"; + sha256 = "19lbz7wl241bsyzsv2ai40b2vnj8c9nl107b6jf9gid3i6h0xydg"; + }; + } + { + goPackagePath = "github.com/gorilla/context"; + fetch = { + type = "git"; + url = "https://github.com/gorilla/context"; + rev = "1ea25387ff6f684839d82767c1733ff4d4d15d0a"; + sha256 = "1nh1nzxcsgd215x4xn59wc4cbqfa8zvhvnnx5p8fkrn4bj1cgak4"; + }; + } + { + goPackagePath = "github.com/gorilla/mux"; + fetch = { + type = "git"; + url = "https://github.com/gorilla/mux"; + rev = "c9e326e2bdec29039a3761c07bece13133863e1e"; + sha256 = "1bplp6v14isjdfpf8328k8bvkn35n451axkxlm822d9h5ccg47g6"; + }; + } + { + goPackagePath = "github.com/hailocab/go-hostpool"; + fetch = { + type = "git"; + url = "https://github.com/hailocab/go-hostpool"; + rev = "e80d13ce29ede4452c43dea11e79b9bc8a15b478"; + sha256 = "05ld4wp3illkbgl043yf8jq9y1ld0zzvrcg8jdij129j50xgfxny"; + }; + } + { + goPackagePath = "github.com/hashicorp/consul"; + fetch = { + type = "git"; + url = "https://github.com/hashicorp/consul"; + rev = "5aa90455ce78d4d41578bafc86305e6e6b28d7d2"; + sha256 = "1xas814kkhwnjg5ghhlkgygcgi5p7h6dczmpbrzzh3yygbfdzxgw"; + }; + } + { + goPackagePath = "github.com/hpcloud/tail"; + fetch = { + type = "git"; + url = "https://github.com/hpcloud/tail"; + rev = "b2940955ab8b26e19d43a43c4da0475dd81bdb56"; + sha256 = "1x266pdfvcymsbdrdsns06qq5qfjb62z6h4512ylhakbm64qkn4s"; + }; + } + { + goPackagePath = "github.com/influxdata/config"; + fetch = { + type = "git"; + url = "https://github.com/influxdata/config"; + rev = "b79f6829346b8d6e78ba73544b1e1038f1f1c9da"; + sha256 = "0k4iywy83n3kq2f58a41rjinj03wp1di67aacpf04p25qmf46c4z"; + }; + } + { + goPackagePath = "github.com/influxdata/influxdb"; + fetch = { + type = "git"; + url = "https://github.com/influxdata/influxdb"; + rev = "fc57c0f7c635df3873f3d64f0ed2100ddc94d5ae"; + sha256 = "07cv1gryp4a84a2acgc8k8alr7jw4jwphf12cby8jjy1br35jrbq"; + }; + } + { + goPackagePath = "github.com/influxdata/toml"; + fetch = { + type = "git"; + url = "https://github.com/influxdata/toml"; + rev = "af4df43894b16e3fd2b788d01bd27ad0776ef2d0"; + sha256 = "1faf51s89sk1z41qfsazmddgwll7jq9xna67k3h3vry86c4vs2j4"; + }; + } + { + goPackagePath = "github.com/influxdata/wlog"; + fetch = { + type = "git"; + url = "https://github.com/influxdata/wlog"; + rev = "7c63b0a71ef8300adc255344d275e10e5c3a71ec"; + sha256 = "04kw4kivxvr3kkmghj3427b1xyhzbhnfr971qfn3lv2vvhs8kpfl"; + }; + } + { + goPackagePath = "github.com/kardianos/osext"; + fetch = { + type = "git"; + url = "https://github.com/kardianos/osext"; + rev = "29ae4ffbc9a6fe9fb2bc5029050ce6996ea1d3bc"; + sha256 = "1mawalaz84i16njkz6f9fd5jxhcbxkbsjnav3cmqq2dncv2hyv8a"; + }; + } + { + goPackagePath = "github.com/kardianos/service"; + fetch = { + type = "git"; + url = "https://github.com/kardianos/service"; + rev = "5e335590050d6d00f3aa270217d288dda1c94d0a"; + sha256 = "1g10qisgywfqj135yyiq63pnbjgr201gz929ydlgyzqq6yk3bn3h"; + }; + } + { + goPackagePath = "github.com/klauspost/crc32"; + fetch = { + type = "git"; + url = "https://github.com/klauspost/crc32"; + rev = "19b0b332c9e4516a6370a0456e6182c3b5036720"; + sha256 = "0fcnsf1m0bzplgp28dz8skza6l7rc65s180x85rzbdl9l3zzi43r"; + }; + } + { + goPackagePath = "github.com/lib/pq"; + fetch = { + type = "git"; + url = "https://github.com/lib/pq"; + rev = "e182dc4027e2ded4b19396d638610f2653295f36"; + sha256 = "1636v3snixapjf7rbjq0xn1sbym7hwckqfla0dm5cr4a5q4fw5cj"; + }; + } + { + goPackagePath = "github.com/matttproud/golang_protobuf_extensions"; + fetch = { + type = "git"; + url = "https://github.com/matttproud/golang_protobuf_extensions"; + rev = "d0c3fe89de86839aecf2e0579c40ba3bb336a453"; + sha256 = "0jkjgpi1s8l9bdbf14fh8050757jqy36kn1l1hxxlb2fjn1pcg0r"; + }; + } + { + goPackagePath = "github.com/miekg/dns"; + fetch = { + type = "git"; + url = "https://github.com/miekg/dns"; + rev = "cce6c130cdb92c752850880fd285bea1d64439dd"; + sha256 = "098gadhfjiijlgq497gbccvf26xrmjvln1fws56m0ljcgszq3jdx"; + }; + } + { + goPackagePath = "github.com/mreiferson/go-snappystream"; + fetch = { + type = "git"; + url = "https://github.com/mreiferson/go-snappystream"; + rev = "028eae7ab5c4c9e2d1cb4c4ca1e53259bbe7e504"; + sha256 = "0jdd5whp74nvg35d9hzydsi3shnb1vrnd7shi9qz4wxap7gcrid6"; + }; + } + { + goPackagePath = "github.com/naoina/go-stringutil"; + fetch = { + type = "git"; + url = "https://github.com/naoina/go-stringutil"; + rev = "6b638e95a32d0c1131db0e7fe83775cbea4a0d0b"; + sha256 = "00831p1wn3rimybk1z8l30787kn1akv5jax5wx743nn76qcmkmc6"; + }; + } + { + goPackagePath = "github.com/nats-io/nats"; + fetch = { + type = "git"; + url = "https://github.com/nats-io/nats"; + rev = "ea8b4fd12ebb823073c0004b9f09ac8748f4f165"; + sha256 = "0i5f6n9k0d2vzdy20sqygmss5j45y72irxsi80grjsh7qkxa6vn1"; + }; + } + { + goPackagePath = "github.com/nats-io/nuid"; + fetch = { + type = "git"; + url = "https://github.com/nats-io/nuid"; + rev = "a5152d67cf63cbfb5d992a395458722a45194715"; + sha256 = "0fphar5bz735wwa7549j31nxnm5a9dyw472gs9zafz0cv7g8np40"; + }; + } + { + goPackagePath = "github.com/nsqio/go-nsq"; + fetch = { + type = "git"; + url = "https://github.com/nsqio/go-nsq"; + rev = "0b80d6f05e15ca1930e0c5e1d540ed627e299980"; + sha256 = "1zi9jazjfzilp2g0xy30dlx9nd9g47cjqrnqxallly97mz9n01xr"; + }; + } + { + goPackagePath = "github.com/opencontainers/runc"; + fetch = { + type = "git"; + url = "https://github.com/opencontainers/runc"; + rev = "89ab7f2ccc1e45ddf6485eaa802c35dcf321dfc8"; + sha256 = "1rnaqcsww7plr430r4ksv9si4l91l25li0bwa1b03g3sn2shirk1"; + }; + } + { + goPackagePath = "github.com/prometheus/client_golang"; + fetch = { + type = "git"; + url = "https://github.com/prometheus/client_golang"; + rev = "18acf9993a863f4c4b40612e19cdd243e7c86831"; + sha256 = "1gyjvwnvgyl0fs4hd2vp5hj1dsafhwb2h55w8zgzdpshvhwrpmhv"; + }; + } + { + goPackagePath = "github.com/prometheus/client_model"; + fetch = { + type = "git"; + url = "https://github.com/prometheus/client_model"; + rev = "fa8ad6fec33561be4280a8f0514318c79d7f6cb6"; + sha256 = "11a7v1fjzhhwsl128znjcf5v7v6129xjgkdpym2lial4lac1dhm9"; + }; + } + { + goPackagePath = "github.com/prometheus/common"; + fetch = { + type = "git"; + url = "https://github.com/prometheus/common"; + rev = "e8eabff8812b05acf522b45fdcd725a785188e37"; + sha256 = "08magd2aw7dqaa8bbv85404zvy120ify61msfpy75az5rdl5anxq"; + }; + } + { + goPackagePath = "github.com/prometheus/procfs"; + fetch = { + type = "git"; + url = "https://github.com/prometheus/procfs"; + rev = "406e5b7bfd8201a36e2bb5f7bdae0b03380c2ce8"; + sha256 = "0yla9hz15pg63394ygs9iiwzsqyv29labl8p424hijwsc9z9nka8"; + }; + } + { + goPackagePath = "github.com/samuel/go-zookeeper"; + fetch = { + type = "git"; + url = "https://github.com/samuel/go-zookeeper"; + rev = "218e9c81c0dd8b3b18172b2bbfad92cc7d6db55f"; + sha256 = "1v0m6wn83v4pbqz6hs7z1h5hbjk7k6npkpl7icvcxdcjd7rmyjp2"; + }; + } + { + goPackagePath = "github.com/shirou/gopsutil"; + fetch = { + type = "git"; + url = "https://github.com/shirou/gopsutil"; + rev = "4d0c402af66c78735c5ccf820dc2ca7de5e4ff08"; + sha256 = "1wkp7chzpz6brq2y0k2mvsf0iaknns279wfsjn5gm6gvih49lqni"; + }; + } + { + goPackagePath = "github.com/soniah/gosnmp"; + fetch = { + type = "git"; + url = "https://github.com/soniah/gosnmp"; + rev = "3fe3beb30fa9700988893c56a63b1df8e1b68c26"; + sha256 = "0a0vlxx1plqj9fi863wd8ajbzl705wgma4qk75v949azgn1yx9ib"; + }; + } + { + goPackagePath = "github.com/streadway/amqp"; + fetch = { + type = "git"; + url = "https://github.com/streadway/amqp"; + rev = "b4f3ceab0337f013208d31348b578d83c0064744"; + sha256 = "1whcg2l6w2q7xrkk8q5y95i90ckq72bpgksii9ibrpyixbx7p5xp"; + }; + } + { + goPackagePath = "github.com/stretchr/testify"; + fetch = { + type = "git"; + url = "https://github.com/stretchr/testify"; + rev = "1f4a1643a57e798696635ea4c126e9127adb7d3c"; + sha256 = "0nam9d68rn8ha8ldif22kkgv6k6ph3y88fp26159wdrs63ca3bzl"; + }; + } + { + goPackagePath = "github.com/vjeantet/grok"; + fetch = { + type = "git"; + url = "https://github.com/vjeantet/grok"; + rev = "83bfdfdfd1a8146795b28e547a8e3c8b28a466c2"; + sha256 = "03zdcg9gy482gbasa7sw4cpw1k1n3dr2q06q80qnkqn268p7hp80"; + }; + } + { + goPackagePath = "github.com/wvanbergen/kafka"; + fetch = { + type = "git"; + url = "https://github.com/wvanbergen/kafka"; + rev = "46f9a1cf3f670edec492029fadded9c2d9e18866"; + sha256 = "1czmbilprffdbwnrq4wcllaqknbq91l6p0ni6b55fkaggnwck694"; + }; + } + { + goPackagePath = "github.com/wvanbergen/kazoo-go"; + fetch = { + type = "git"; + url = "https://github.com/wvanbergen/kazoo-go"; + rev = "0f768712ae6f76454f987c3356177e138df258f8"; + sha256 = "1paaayg03nknbnl3kdl0ybqv4llz7iwry7f29i0bh9srb6c87x16"; + }; + } + { + goPackagePath = "github.com/yuin/gopher-lua"; + fetch = { + type = "git"; + url = "https://github.com/yuin/gopher-lua"; + rev = "bf3808abd44b1e55143a2d7f08571aaa80db1808"; + sha256 = "02m7ly5yzc3snvxlfl9j4ggwd7v0kpvy3pqgqbfr7scdjxdap4nm"; + }; + } + { + goPackagePath = "github.com/zensqlmonitor/go-mssqldb"; + fetch = { + type = "git"; + url = "https://github.com/zensqlmonitor/go-mssqldb"; + rev = "ffe5510c6fa5e15e6d983210ab501c815b56b363"; + sha256 = "079x8ms8lv5p6253ppaxva37k6w04xnd38y8763rr2giswxqzlkl"; + }; + } + { + goPackagePath = "golang.org/x/crypto"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/crypto"; + rev = "c197bcf24cde29d3f73c7b4ac6fd41f4384e8af6"; + sha256 = "1y2bbghi594m8p4pcm9pwrzql06179xj6zvhaghwcc6y0l48rbgp"; + }; + } + { + goPackagePath = "golang.org/x/net"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/net"; + rev = "6acef71eb69611914f7a30939ea9f6e194c78172"; + sha256 = "1fcsv50sbq0lpzrhx3m9jw51wa255fsbqjwsx9iszq4d0gysnnvc"; + }; + } + { + goPackagePath = "golang.org/x/text"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/text"; + rev = "a71fd10341b064c10f4a81ceac72bcf70f26ea34"; + sha256 = "1igxqrgnnb6983fl0yck0xal2hwnkcgbslr7cxyrg7a65vawd0q1"; + }; + } + { + goPackagePath = "gopkg.in/dancannon/gorethink.v1"; + fetch = { + type = "git"; + url = "https://gopkg.in/dancannon/gorethink.v1"; + rev = "7d1af5be49cb5ecc7b177bf387d232050299d6ef"; + sha256 = "0036hcadshka19bcqmq4mm9ssl9qhsx1n96lj1y24mh9g1api8fi"; + }; + } + { + goPackagePath = "gopkg.in/fatih/pool.v2"; + fetch = { + type = "git"; + url = "https://gopkg.in/fatih/pool.v2"; + rev = "cba550ebf9bce999a02e963296d4bc7a486cb715"; + sha256 = "1jlrakgnpvhi2ny87yrsj1gyrcncfzdhypa9i2mlvvzqlj4r0dn0"; + }; + } + { + goPackagePath = "gopkg.in/mgo.v2"; + fetch = { + type = "git"; + url = "https://gopkg.in/mgo.v2"; + rev = "d90005c5262a3463800497ea5a89aed5fe22c886"; + sha256 = "1z81k6mnfk07hkrkw31l16qycyiwa6wzyhysmywgkh58sm5dc9m7"; + }; + } + { + goPackagePath = "gopkg.in/yaml.v2"; + fetch = { + type = "git"; + url = "https://gopkg.in/yaml.v2"; + rev = "a83829b6f1293c91addabc89d0571c246397bbf4"; + sha256 = "1m4dsmk90sbi17571h6pld44zxz7jc4lrnl4f27dpd1l8g5xvjhh"; + }; + } +] diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 095898380..232e91d90 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -59,17 +59,13 @@ with import <stockholm/lib>; fileSystems = { "/" = { device = "/dev/pool/nix"; - fsType = "ext4"; + fsType = "btrfs"; }; "/boot" = { device = "/dev/sda1"; }; - "/home/lass" = { - device = "/dev/pool/home-lass"; - fsType = "ext4"; - }; "/tmp" = { device = "tmpfs"; fsType = "tmpfs"; @@ -77,7 +73,7 @@ with import <stockholm/lib>; }; "/bku" = { device = "/dev/pool/bku"; - fsType = "ext4"; + fsType = "btrfs"; }; }; diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix index f6f09e226..fc211dc92 100644 --- a/lass/2configs/hfos.nix +++ b/lass/2configs/hfos.nix @@ -21,12 +21,14 @@ with import <stockholm/lib>; krebs.iptables.tables.nat.PREROUTING.rules = [ { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 22"; target = "DNAT --to-destination 192.168.122.208:22"; } + { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 25"; target = "DNAT --to-destination 192.168.122.208:25"; } { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 80"; target = "DNAT --to-destination 192.168.122.208:1080"; } { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; } ]; krebs.iptables.tables.filter.FORWARD.rules = [ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 25 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } ]; diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 2bbfe7333..01699001e 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -7,7 +7,6 @@ let genid_signed ; inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;}) - ssl servePage serveOwncloud serveWordpress; @@ -25,47 +24,16 @@ let in { imports = [ ./sqlBackup.nix - (ssl [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (ssl [ "karlaskop.de" "www.karlaskop.de" ]) (servePage [ "karlaskop.de" "www.karlaskop.de" ]) - (ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) (servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) - (ssl [ "pixelpocket.de" ]) (servePage [ "pixelpocket.de" ]) - (ssl [ "o.ubikmedia.de" ]) (serveOwncloud [ "o.ubikmedia.de" ]) - (ssl [ - "ubikmedia.de" - "aldona.ubikmedia.de" - "apanowicz.de" - "nirwanabluete.de" - "aldonasiech.com" - "360gradvideo.tv" - "ubikmedia.eu" - "facts.cloud" - "youthtube.xyz" - "illucloud.eu" - "illucloud.de" - "illucloud.com" - "www.ubikmedia.de" - "www.aldona.ubikmedia.de" - "www.apanowicz.de" - "www.nirwanabluete.de" - "www.aldonasiech.com" - "www.360gradvideo.tv" - "www.ubikmedia.eu" - "www.facts.cloud" - "www.youthtube.xyz" - "www.illucloud.eu" - "www.illucloud.de" - "www.illucloud.com" - ]) (serveWordpress [ "ubikmedia.de" "apanowicz.de" @@ -88,6 +56,14 @@ in { "www.illucloud.eu" "www.illucloud.de" "www.illucloud.com" + "apanowicz.ubikmedia.de" + "karlaskop.ubikmedia.de" + "nb.ubikmedia.de" + "cinevita.ubikmedia.de" + "factscloud.ubikmedia.de" + "youthtube.ubikmedia.de" + "aldona2.ubikmedia.de" + "illucloud.ubikmedia.de" ]) ]; diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index b169fea40..2bf2df8b3 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -9,5 +9,7 @@ _: ./urxvtd.nix ./usershadow.nix ./xresources.nix + ./kapacitor.nix + ./telegraf.nix ]; } diff --git a/lass/3modules/kapacitor.nix b/lass/3modules/kapacitor.nix new file mode 100644 index 000000000..023801987 --- /dev/null +++ b/lass/3modules/kapacitor.nix @@ -0,0 +1,101 @@ +{ config, lib, pkgs, ... }: + +with builtins; +with lib; + +let + cfg = config.lass.kapacitor; + + out = { + options.lass.kapacitor = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "kapacitor"; + dataDir = mkOption { + type = types.str; + default = "/var/lib/kapacitor"; + }; + user = mkOption { + type = types.str; + default = "kapacitor"; + }; + config = mkOption { + type = types.str; + #TODO: find a good default + default = '' + hostname = "localhost" + data_dir = "/home/lass/.kapacitor" + + [http] + bind-address = ":9092" + auth-enabled = false + log-enabled = true + write-tracing = false + pprof-enabled = false + https-enabled = false + https-certificate = "/etc/ssl/kapacitor.pem" + shutdown-timeout = "10s" + shared-secret = "" + + [replay] + dir = "${cfg.dataDir}/replay" + + [storage] + boltdb = "${cfg.dataDir}/kapacitor.db" + + [task] + dir = "${cfg.dataDir}/tasks" + snapshot-interval = "1m0s" + + [[influxdb]] + enabled = true + name = "default" + default = false + urls = ["http://localhost:8086"] + username = "" + password = "" + ssl-ca = "" + ssl-cert = "" + ssl-key = "" + insecure-skip-verify = false + timeout = "0s" + disable-subscriptions = false + subscription-protocol = "http" |