summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/lass/default.nix1
-rw-r--r--lass/1systems/dishfire.nix31
-rw-r--r--lass/1systems/mors.nix7
-rw-r--r--lass/1systems/prism.nix24
-rw-r--r--lass/1systems/shodan.nix14
-rw-r--r--lass/2configs/baseX.nix2
-rw-r--r--lass/2configs/buildbot-standalone.nix35
-rw-r--r--lass/2configs/default.nix21
-rw-r--r--lass/2configs/downloading.nix1
-rw-r--r--lass/2configs/exim-smarthost.nix1
-rw-r--r--lass/2configs/fetchWallpaper.nix3
-rw-r--r--lass/2configs/newsbot-js.nix3
-rw-r--r--lass/2configs/nixpkgs.nix8
-rw-r--r--lass/2configs/radio.nix15
-rw-r--r--lass/2configs/tests/dummy-secrets/cbase.txt0
-rw-r--r--lass/2configs/tests/dummy-secrets/hashedPasswords.nix1
-rw-r--r--lass/2configs/tests/dummy-secrets/icecast-admin-pw1
-rw-r--r--lass/2configs/tests/dummy-secrets/icecast-source-pw1
-rw-r--r--lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv3
-rw-r--r--lass/2configs/tests/dummy-secrets/mysql_rootPassword1
-rw-r--r--lass/2configs/tests/dummy-secrets/nix-serve.key1
-rw-r--r--lass/2configs/tests/dummy-secrets/repos.nix1
-rw-r--r--lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv4
-rw-r--r--lass/2configs/tests/dummy-secrets/ssh.id_ed255193
-rw-r--r--lass/2configs/tests/dummy-secrets/ssh.id_rsa3
-rw-r--r--lass/2configs/tests/dummy-secrets/transmission-pw1
-rw-r--r--lass/2configs/umts.nix62
-rw-r--r--lass/2configs/websites/domsen.nix62
-rw-r--r--lass/2configs/websites/fritz.nix20
-rw-r--r--lass/2configs/weechat.nix1
-rw-r--r--lass/2configs/xserver/Xresources.nix47
-rw-r--r--lass/5pkgs/default.nix1
-rw-r--r--lass/5pkgs/rs/default.nix6
33 files changed, 334 insertions, 51 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 65da85ac4..48ba00494 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -91,6 +91,7 @@ with config.krebs.lib;
"prism.retiolum"
"prism.r"
"cgit.prism.retiolum"
+ "cache.prism.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index b5e551952..ec9f53694 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -5,7 +5,7 @@
../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/default.nix
- ../2configs/exim-retiolum.nix
+ #../2configs/exim-retiolum.nix
../2configs/git.nix
{
boot.loader.grub = {
@@ -63,6 +63,35 @@
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
];
}
+ {
+ #TODO: abstract & move to own file
+ krebs.exim-smarthost = {
+ enable = true;
+ relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
+ config.krebs.hosts.mors
+ config.krebs.hosts.uriel
+ config.krebs.hosts.helios
+ ];
+ system-aliases = [
+ { from = "mailer-daemon"; to = "postmaster"; }
+ { from = "postmaster"; to = "root"; }
+ { from = "nobody"; to = "root"; }
+ { from = "hostmaster"; to = "root"; }
+ { from = "usenet"; to = "root"; }
+ { from = "news"; to = "root"; }
+ { from = "webmaster"; to = "root"; }
+ { from = "www"; to = "root"; }
+ { from = "ftp"; to = "root"; }
+ { from = "abuse"; to = "root"; }
+ { from = "noc"; to = "root"; }
+ { from = "security"; to = "root"; }
+ { from = "root"; to = "lass"; }
+ ];
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.dishfire;
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index a7a1fd253..beb5659d0 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -29,6 +29,7 @@
../2configs/cbase.nix
../2configs/mail.nix
../2configs/krebs-pass.nix
+ ../2configs/umts.nix
#../2configs/buildbot-standalone.nix
{
#risk of rain port
@@ -131,8 +132,8 @@
};
services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+ SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0"
'';
#TODO activationScripts seem broken, fix them!
@@ -146,7 +147,7 @@
#Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp]
#echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control'
#Autosuspend for USB device Biometric Coprocessor
- echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
+ #echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
#Runtime PMs
echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 6ed80ac39..9a9bd4730 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -210,6 +210,30 @@ in {
'')
];
}
+ {
+ services.nix-serve = {
+ enable = true;
+ secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+ };
+ systemd.services.nix-serve = {
+ requires = ["secret.service"];
+ after = ["secret.service"];
+ };
+ krebs.secret.files.nix-serve-key = {
+ path = "/run/secret/nix-serve.key";
+ owner.name = "nix-serve";
+ source-path = toString <secrets> + "/nix-serve.key";
+ };
+ krebs.nginx = {
+ enable = true;
+ servers.nix-serve = {
+ server-names = [ "cache.prism.r" ];
+ locations = lib.singleton (lib.nameValuePair "/" ''
+ proxy_pass http://localhost:${toString config.services.nix-serve.port};
+ '');
+ };
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 6829428ff..073d86790 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -5,6 +5,7 @@ with builtins;
imports = [
../.
../2configs/baseX.nix
+ ../2configs/git.nix
../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/programs.nix
@@ -67,10 +68,15 @@ with builtins;
"/boot" = {
device = "/dev/sda1";
};
+
+ "/home/lass" = {
+ device = "/dev/pool/home-lass";
+ fsType = "ext4";
+ };
};
- #services.udev.extraRules = ''
- # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
- # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
- #'';
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+ '';
}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 16f7502ac..7e969b3ed 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -32,6 +32,7 @@ in {
environment.systemPackages = with pkgs; [
+ acpi
dmenu
gitAndTools.qgit
lm_sensors
@@ -44,6 +45,7 @@ in {
sxiv
xclip
xorg.xbacklight
+ xorg.xhost
xsel
zathura
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 604d0728d..151ce562b 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -29,16 +29,26 @@
name="fast-all-branches",
builderNames=["fast-tests"]))
'';
+ build-all-scheduler = ''
+ # build all lass hosts
+ sched.append(schedulers.SingleBranchScheduler(
+ ## only master
+ change_filter=util.ChangeFilter(branch_re="master"),
+ # treeStableTimer=10,
+ name="prism-master",
+ builderNames=["build-all"]))
+ '';
};
builder_pre = ''
# prepare grab_repo step for stockholm
grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
- env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"}
+ # TODO: get nixpkgs/stockholm paths from krebs
+ env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon", "dummy_secrets": "true"}
# prepare nix-shell
# the dependencies which are used by the test script
- deps = [ "gnumake", "jq","nix","rsync" ]
+ deps = [ "gnumake", "jq", "nix", "rsync" ]
# TODO: --pure , prepare ENV in nix-shell command:
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
nixshell = ["nix-shell",
@@ -51,6 +61,25 @@
factory.addStep(steps.ShellCommand(**kwargs))
'';
builder = {
+ build-all = ''
+ f = util.BuildFactory()
+ f.addStep(grab_repo)
+ #TODO: get hosts via krebs
+ for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
+ addShell(f,name="build-{}".format(i),env=env,
+ command=nixshell + \
+ ["nix-build \
+ --show-trace --no-out-link \
+ -I nixos-config=./lass/1systems/{}.nix \
+ -I secrets=./lass/2configs/tests/dummy-secrets \
+ -I stockholm=. \
+ -A config.system.build.toplevel".format(i)])
+
+ bu.append(util.BuilderConfig(name="build-all",
+ slavenames=slavenames,
+ factory=f))
+
+ '';
fast-tests = ''
f = util.BuildFactory()
f.addStep(grab_repo)
@@ -93,7 +122,7 @@
password = "lasspass";
packages = with pkgs;[ git nix gnumake jq rsync ];
extraEnviron = {
- NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix";
+ NIX_PATH="nixpkgs=/var/src/nixpkgs";
};
};
krebs.iptables = {
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 1c06acf38..deb3c46c2 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -7,6 +7,7 @@ with config.krebs.lib;
../2configs/zsh.nix
../2configs/mc.nix
../2configs/retiolum.nix
+ ../2configs/nixpkgs.nix
./backups.nix
{
users.extraUsers =
@@ -40,6 +41,12 @@ with config.krebs.lib;
};
};
}
+ {
+ nix = {
+ binaryCaches = ["http://cache.prism.r"];
+ binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
+ };
+ }
];
networking.hostName = config.krebs.build.host.name;
@@ -52,14 +59,12 @@ with config.krebs.lib;
user = config.krebs.users.lass;
source = mapAttrs (_: mkDefault) ({
nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix";
- secrets = "/home/lass/secrets/${config.krebs.build.host.name}";
+ secrets =
+ if getEnv "dummy_secrets" == "true"
+ then toString <stockholm/lass/2configs/tests/dummy-secrets>
+ else "/home/lass/secrets/${config.krebs.build.host.name}";
#secrets-common = "/home/lass/secrets/common";
stockholm = "/home/lass/stockholm";
- nixpkgs = {
- url = https://github.com/lassulus/nixpkgs;
- rev = "f632f8edaf80ffa8bf0b8c9b9064cae3ccbe3894";
- dev = "/home/lass/src/nixpkgs";
- };
} // optionalAttrs config.krebs.build.host.secure {
#secrets-master = "/home/lass/secrets/master";
});
@@ -114,8 +119,12 @@ with config.krebs.lib;
#neat utils
krebspaste
+ pciutils
psmisc
+ rs
+ tmux
untilport
+ usbutils
#unpack stuff
p7zip
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 3639a743a..cf9b631c8 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -21,6 +21,7 @@ in {
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-uriel.pubkey
+ config.krebs.users.lass-shodan.pubkey
];
};
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 8199f2bd7..e9527fec5 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -28,6 +28,7 @@ with config.krebs.lib;
{ from = "wordpress@ubikmedia.de"; to = lass.mail; }
{ from = "finanzamt@lassul.us"; to = lass.mail; }
{ from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; }
+ { from = "netzclub@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
index f3b65e816..a724e2e45 100644
--- a/lass/2configs/fetchWallpaper.nix
+++ b/lass/2configs/fetchWallpaper.nix
@@ -5,7 +5,8 @@ let
in {
krebs.fetchWallpaper = {
enable = true;
- url = "cloudkrebs/wallpaper.png";
+ unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
+ url = "prism/wallpaper.png";
};
}
diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix
index 636b44395..f2b70d831 100644
--- a/lass/2configs/newsbot-js.nix
+++ b/lass/2configs/newsbot-js.nix
@@ -41,7 +41,6 @@ let
cryptogon|http://www.cryptogon.com/?feed=rss2|#news
csm|http://rss.csmonitor.com/feeds/csm|#news
csm_world|http://rss.csmonitor.com/feeds/world|#news
- cyberguerrilla|https://www.cyberguerrilla.org/a/2012/?feed=rss2|#news
danisch|http://www.danisch.de/blog/feed/|#news
dod|http://www.defense.gov/news/afps2.xml|#news
dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#news
@@ -102,7 +101,7 @@ let
npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#news
npr_pol|http://www.npr.org/rss/rss.php?id=1012|#news
npr_world|http://www.npr.org/rss/rss.php?id=1004|#news
- nsa|http://www.nsa.gov/rss.shtml|#news #bullerei
+ nsa|https://www.nsa.gov/rss.xml|#news #bullerei
nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news
painload|https://github.com/krebscode/painload/commits/master.atom|#news
phys|http://phys.org/rss-feed/|#news
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
new file mode 100644
index 000000000..c893011a3
--- /dev/null
+++ b/lass/2configs/nixpkgs.nix
@@ -0,0 +1,8 @@
+{ ... }:
+
+{
+ krebs.build.source.nixpkgs = {
+ url = https://github.com/lassulus/nixpkgs;
+ rev = "f215f9e91e07473e61c9302aaa312c7350e98f0e";
+ };
+}
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index 17be327b9..12a4ddf26 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -11,7 +11,7 @@ let
source-password = import <secrets/icecast-source-pw>;
add_random = pkgs.writeDashBin "add_random" ''
- mpc add "$(mpc ls | shuf -n1)"
+ ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls | shuf -n1)"
'';
skip_track = pkgs.writeDashBin "skip_track" ''
@@ -52,7 +52,6 @@ in {
print_current
ncmpcpp
mpc_cli
- tmux
];
security.sudo.extraConfig = ''
@@ -114,7 +113,7 @@ in {
wantedBy = [ "timers.target" ];
timerConfig = {
- OnCalendar = "*:*";
+ OnCalendar = "*:0/1";
};
};
@@ -123,8 +122,8 @@ in {
LIMIT=$1 #in secconds
timeLeft () {
- playlistDuration=$(mpc --format '%time%' playlist | awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}')
- currentTime=$(mpc status | awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }')
+ playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}')
+ currentTime=$(${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }')
expr ''${playlistDuration:-0} - ''${currentTime:-0}
}
@@ -136,15 +135,9 @@ in {
description = "radio playlist autoadder";
after = [ "network.target" ];
- path = with pkgs; [
- gawk
- mpc_cli
- ];
-
restartIfChanged = true;
serviceConfig = {
- Restart = "always";
ExecStart = "${autoAdd} 100";
};
};
diff --git a/lass/2configs/tests/dummy-secrets/cbase.txt b/lass/2configs/tests/dummy-secrets/cbase.txt
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/cbase.txt
diff --git a/lass/2configs/tests/dummy-secrets/hashedPasswords.nix b/lass/2configs/tests/dummy-secrets/hashedPasswords.nix
new file mode 100644
index 000000000..0967ef424
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/hashedPasswords.nix
@@ -0,0 +1 @@
+{}
diff --git a/lass/2configs/tests/dummy-secrets/icecast-admin-pw b/lass/2configs/tests/dummy-secrets/icecast-admin-pw
new file mode 100644
index 000000000..16b542cee
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/icecast-admin-pw
@@ -0,0 +1 @@
+"blabla"
diff --git a/lass/2configs/tests/dummy-secrets/icecast-source-pw b/lass/2configs/tests/dummy-secrets/icecast-source-pw
new file mode 100644
index 000000000..16b542cee
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/icecast-source-pw
@@ -0,0 +1 @@
+"blabla"
diff --git a/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv b/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv
new file mode 100644
index 000000000..215a7fa0c
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv
@@ -0,0 +1,3 @@
+-----BEGIN RSA PRIVATE KEY-----
+this is a private key
+-----END RSA PRIVATE KEY-----
diff --git a/lass/2configs/tests/dummy-secrets/mysql_rootPassword b/lass/2configs/tests/dummy-secrets/mysql_rootPassword
new file mode 100644
index 000000000..922a74472
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/mysql_rootPassword
@@ -0,0 +1 @@
+blabla123
diff --git a/lass/2configs/tests/dummy-secrets/nix-serve.key b/lass/2configs/tests/dummy-secrets/nix-serve.key
new file mode 100644
index 000000000..91448ad2f
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/nix-serve.key
@@ -0,0 +1 @@
+key-name:blabla123
diff --git a/lass/2configs/tests/dummy-secrets/repos.nix b/lass/2configs/tests/dummy-secrets/repos.nix
new file mode 100644
index 000000000..eed712458
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/repos.nix
@@ -0,0 +1 @@
+_: {}
diff --git a/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv b/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv
new file mode 100644
index 000000000..99a4033f6
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv
@@ -0,0 +1,4 @@
+
+-----BEGIN RSA PRIVATE KEY-----
+this is a private key
+-----END RSA PRIVATE KEY-----
diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 b/lass/2configs/tests/dummy-secrets/ssh.id_ed25519
new file mode 100644
index 000000000..5c12da0b3
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/ssh.id_ed25519
@@ -0,0 +1,3 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+private key bla
+-----END OPENSSH PRIVATE KEY-----
diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_rsa b/lass/2configs/tests/dummy-secrets/ssh.id_rsa
new file mode 100644
index 000000000..885cf61f0
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/ssh.id_rsa
@@ -0,0 +1,3 @@
+-----BEGIN RSA PRIVATE KEY-----
+private key bla
+-----END RSA PRIVATE KEY-----
diff --git a/lass/2configs/tests/dummy-secrets/transmission-pw b/lass/2configs/tests/dummy-secrets/transmission-pw
new file mode 100644
index 000000000..b71df1a2d
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/transmission-pw
@@ -0,0 +1 @@
+"krebskrebs123"
diff --git a/lass/2configs/umts.nix b/lass/2configs/umts.nix
new file mode 100644
index 000000000..c1fce9ea2
--- /dev/null
+++ b/lass/2configs/umts.nix
@@ -0,0 +1,62 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+let
+ nixpkgs-1509 = import (pkgs.fetchFromGitHub {
+ owner = "NixOS"; repo = "nixpkgs-channels";
+ rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
+ sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
+ }) {};
+
+ wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113
+
+ modem-device = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09";
+
+ # TODO: currently it is only netzclub
+ umts-bin = pkgs.writeScriptBin "umts" ''
+ #!/bin/sh
+ set -euf
+ systemctl stop wpa_supplicant
+ systemctl start umts
+ trap "systemctl stop umts && systemctl start wpa_supplicant;trap - INT TERM EXIT;exit" INT TERM EXIT
+ echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
+ journalctl -xfu umts
+ '';
+
+ wvdial-defaults = ''
+ Modem = ${modem-device}
+ Init1 = AT+CFUN=1
+ Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
+ Baud = 460800
+ phone= *99#
+ Username = netzclub
+ Password = netzclub
+ Stupid Mode = 1
+ Idle Seconds = 0
+ '';
+
+
+ out = {
+ environment.shellAliases = {
+ umts = "sudo ${umts-bin}/bin/umts";
+ };
+
+ security.sudo.extraConfig = ''
+ lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts
+ '';
+
+ environment.wvdial.dialerDefaults = wvdial-defaults;
+
+ systemd.services.umts = {
+ description = "UMTS wvdial Service";
+ serviceConfig = {
+ Type = "simple";
+ Restart = "always";
+ RestartSec = "10s";
+ ExecStart = "${wvdial}/bin/wvdial -n";
+ };
+ };
+ };
+in out
+
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 45d09c3b9..c69d20633 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -11,9 +11,9 @@ let
serveWordpress;
msmtprc = pkgs.writeText "msmtprc" ''
- account prism
+ account localhost
host localhost
- account default: prism
+ account default: localhost
'';
sendmail = pkgs.writeDash "msmtp" ''
@@ -23,23 +23,55 @@ let
in {
imports = [
./sqlBackup.nix
- (ssl [ "reich-gebaeudereinigung.de" ])
- (servePage [ "reich-gebaeudereinigung.de" ])
+ (ssl [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
+ (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
- (ssl [ "karlaskop.de" ])
- (servePage [ "karlaskop.de" ])
+ (ssl [ "karlaskop.de" "www.karlaskop.de" ])
+ (servePage [ "karlaskop.de" "www.karlaskop.de" ])
- (ssl [ "makeup.apanowicz.de" ])
- (servePage [ "makeup.apanowicz.de" ])
+ (ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
+ (servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ])
- (ssl [ "pixelpocket.de" ])
- (servePage [ "pixelpocket.de" ])
+ (ssl [ "pixelpocket.de" "www.pixelpocket.de" ])
+ (servePage [ "pixelpocket.de" "www.pixelpocket.de" ])
- (ssl [ "o.ubikmedia.de" ])
- (serveOwncloud [ "o.ubikmedia.de" ])
+ (ssl [ "o.ubikmedia.de" "www.o.ubikmedia.de" ])
+ (serveOwncloud [ "o.ubikmedia.de" "www.o.ubikmedia.de" ])
- (ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ])
- (serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ])
+ (ssl [
+ "ubikmedia.de"
+ "aldona.ubikmedia.de"
+ "apanowicz.de"
+ "nirwanabluete.de"
+ "aldonasiech.com"
+ "360gradvideo.tv"
+ "ubikmedia.eu"
+ "facts.cloud"
+ "www.ubikmedia.de"
+ "www.aldona.ubikmedia.de"
+ "www.apanowicz.de"
+ "www.nirwanabluete.de"
+ "www.aldonasiech.com"
+ "www.360gradvideo.tv"
+ "www.ubikmedia.eu"
+ "www.facts.cloud"
+ ])
+ (serveWordpress [
+ "ubikmedia.de"
+ "apanowicz.de"
+ "nirwanabluete.de"
+ "aldonasiech.com"
+ "360gradvideo.tv"
+ "ubikmedia.eu"
+ "facts.cloud"
+ "*.ubikmedia.de"
+ "www.apanowicz.de"
+ "www.nirwanabluete.de"
+ "www.aldonasiech.com"
+ "www.360gradvideo.tv"
+ "www.ubikmedia.eu"
+ "www.facts.cloud"
+ ])
];
lass.mysqlBackup.config.all.databases = [
@@ -63,7 +95,7 @@ in {
services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
options = ''
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
- sendmail_path = ${sendmail} -t -i"
+ sendmail_path = "${sendmail} -t -i"
'';
} ''
cat ${pkgs.php}/etc/php-recommended.ini > $out
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 63efbecb6..c2b8ff116 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -12,6 +12,16 @@ let
serveWordpress
;
+ msmtprc = pkgs.writeText "msmtprc" ''
+ account localhost
+ host localhost
+ account default: localhost
+ '';
+
+ sendmail = pkgs.writeDash "msmtp" ''
+ exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
+ '';
+
in {
imports = [
./sqlBackup.nix
@@ -51,4 +61,14 @@ in {
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.fritz.pubkey
];
+
+ services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
+ options = ''
+ extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+ sendmail_path = "${sendmail} -t -i"
+ '';
+ } ''
+ cat ${pkgs.php}/etc/php-recommended.ini > $out
+ echo "$options" >>