summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/lass/default.nix8
-rw-r--r--lass/1systems/helios.nix11
-rw-r--r--lass/1systems/mors.nix3
-rw-r--r--lass/1systems/prism.nix11
-rw-r--r--lass/1systems/uriel.nix9
-rw-r--r--lass/2configs/base.nix4
-rw-r--r--lass/2configs/browsers.nix13
-rw-r--r--lass/2configs/retiolum.nix2
-rw-r--r--lass/2configs/weechat.nix13
-rw-r--r--lass/3modules/newsbot-js.nix2
-rw-r--r--tv/2configs/default.nix1
11 files changed, 41 insertions, 36 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 4bf10ac56..6220a2d6f 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -19,6 +19,7 @@ with config.krebs.lib;
addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"];
aliases = [
"dishfire.retiolum"
+ "dishfire.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -52,6 +53,7 @@ with config.krebs.lib;
"echelon.retiolum"
"cgit.echelon.retiolum"
"go.retiolum"
+ "go.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -83,6 +85,7 @@ with config.krebs.lib;
addrs6 = ["42:0000:0000:0000:0000:0000:0000:15ab"];
aliases = [
"prism.retiolum"
+ "prism.r"
"cgit.prism.retiolum"
];
tinc.pubkey = ''
@@ -114,6 +117,7 @@ with config.krebs.lib;
addrs6 = ["42:422a:194f:ff3b:e196:2f82:5cf5:bc00"];
aliases = [
"fastpoke.retiolum"
+ "fastpoke.r"
"cgit.fastpoke.retiolum"
];
tinc.pubkey = ''
@@ -144,6 +148,7 @@ with config.krebs.lib;
addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f762"];
aliases = [
"cloudkrebs.retiolum"
+ "cloudkrebs.r"
"cgit.cloudkrebs.retiolum"
];
tinc.pubkey = ''
@@ -173,6 +178,7 @@ with config.krebs.lib;
addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"];
aliases = [
"uriel.retiolum"
+ "uriel.r"
"cgit.uriel.retiolum"
];
tinc.pubkey = ''
@@ -203,6 +209,7 @@ with config.krebs.lib;
addrs6 = ["42:0:0:0:0:0:0:dea7"];
aliases = [
"mors.retiolum"
+ "mors.r"
"cgit.mors.retiolum"
];
tinc.pubkey = ''
@@ -229,6 +236,7 @@ with config.krebs.lib;
addrs6 = ["42:0:0:0:0:0:0:7105"];
aliases = [
"helios.retiolum"
+ "helios.r"
"cgit.helios.retiolum"
];
tinc.pubkey = ''
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index 0103b6ec0..2784375c2 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -19,12 +19,11 @@ with builtins;
# };
#}
{
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; }
- ];
- };
+ services.elasticsearch = {
+ enable = true;
+ plugins = [
+ pkgs.elasticsearchPlugins.elasticsearch_kopf
+ ];
};
}
];
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 9f492e2c6..01d69c403 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -328,7 +328,4 @@
tapButtons = false;
twoFingerScroll = true;
};
-
- #for google hangout
- users.extraUsers.gm.extraGroups = [ "audio" "video" ];
}
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 05b3470e5..864e59b21 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -83,10 +83,10 @@ in {
{
sound.enable = false;
}
- {
- #workaround for server dying after 6-7h
- boot.kernelPackages = pkgs.linuxPackages_4_2;
- }
+ #{
+ # #workaround for server dying after 6-7h
+ # boot.kernelPackages = pkgs.linuxPackages_4_2;
+ #}
{
nixpkgs.config.allowUnfree = true;
}
@@ -119,7 +119,8 @@ in {
}
{
users.users.chat.openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJJKlOeAHyi7lToCqRF/hdA2TrtVbrTUd2ayuWsXe9JWiyeyKH/LNY3SrgxCWPZSItE9VK68ghMuVYK/A8IAcgzNhzFYLDxmtsidjiOJBj2ZGsjqevoQ5HuKB/pob8CLW3dr1Rx38Any/XXxpfeO6vemCJMGLTe5gSlrCI+Tk1qNt0Rz+rke73Hwt9wW39g8X3prF2q9ryL9OFCcsoYUE7PIOV9xM1GaDFfTR4bKux7HyFKmG+rBvmJHB5OPW8UAtVZGY/FIChwlmF6QNO5Zym497bG1RCOGplaLpRXVJrmoUkZUO7EazePPxIjz2duWYqFtwl5R9YGy1+a+F58G19DS7wJHM29td117/ZANjRTxE5q/aJm2okJYOVSqhYzdhji+BWVZ5ai7cktpAdtPo++yiZN90LvogXNB64kFxVGuX52xZcA3KLKmvrd47o9k0pzO+oCoArxPFIx0YkHfy/yw7OG8Z+KLK8l9WXWBZO5TpjcydnEcRZ8OEqVhtmDh+9h1zhPphuFBtT1JPbt8m132RUy23qsNRtZ/lnnfQbrxgHPRzVuvA8o4ahOEUdvV9SYnzKb6qMFXGp25EhlcWnR4/toyG6I3paBtByeHkaxjgCuvm9Hob6f/xFr3kEJ4WXTVguyrcFgNg2EcEfdkrTMhNn9OIHEFFQ8whIBv5jlw== JuiceSSH"
+ "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH"
+ config.krebs.users.lass-uriel.pubkey
];
}
{
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 0758164f0..4e4eca21f 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -15,15 +15,6 @@ with builtins;
../2configs/bitlbee.nix
../2configs/weechat.nix
../2configs/skype.nix
- {
- users.extraUsers = {
- root = {
- openssh.authorizedKeys.keys = map readFile [
- ../../krebs/Zpubkeys/uriel.ssh.pub
- ];
- };
- };
- }
];
krebs.build.host = config.krebs.hosts.uriel;
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index d2c96fdaa..af4ee6d27 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -54,8 +54,8 @@ with config.krebs.lib;
#secrets-common = "/home/lass/secrets/common";
stockholm = "/home/lass/stockholm";
nixpkgs = {
- url = https://github.com/Lassulus/nixpkgs;
- rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
+ url = https://github.com/NixOS/nixpkgs;
+ rev = "885acea1dd82b0354ff2b6bcf1268b3031cf93df";
dev = "/home/lass/src/nixpkgs";
};
} // optionalAttrs config.krebs.build.host.secure {
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index eb764068b..47a16d4cb 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -1,6 +1,8 @@
{ config, lib, pkgs, ... }:
let
+ inherit (config.krebs.lib) genid;
+
mainUser = config.users.extraUsers.mainUser;
createChromiumUser = name: extraGroups: packages:
{
@@ -8,6 +10,7 @@ let
inherit name;
inherit extraGroups;
home = "/home/${name}";
+ uid = genid name;
useDefaultShell = true;
createHome = true;
};
@@ -28,6 +31,7 @@ let
inherit name;
inherit extraGroups;
home = "/home/${name}";
+ uid = genid name;
useDefaultShell = true;
createHome = true;
};
@@ -48,16 +52,17 @@ in {
environment.systemPackages = [
(pkgs.writeScriptBin "browser-select" ''
- BROWSER=$(echo -e "ff\ncr\nfb\ngm\nflash" | dmenu)
+ BROWSER=$(echo -e "ff\ncr\nwk\nfb\ngm\nflash" | dmenu)
$BROWSER $@
'')
];
imports = [
- ( createFirefoxUser "ff" [ "audio" ] [ ] )
+ ( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] )
( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
- ( createChromiumUser "fb" [ ] [ pkgs.chromium ] )
- ( createChromiumUser "gm" [ ] [ pkgs.chromium ] )
+ ( createChromiumUser "wk" [ "audio" ] [ pkgs.chromium ] )
+ ( createChromiumUser "fb" [ "audio" ] [ pkgs.chromium ] )
+ ( createChromiumUser "gm" [ "audio" ] [ pkgs.chromium ] )
( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] )
];
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index f8a63706e..1646cdea9 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -16,8 +16,6 @@
enable = true;
connectTo = [
"prism"
- "cloudkrebs"
- "echelon"
"pigstarter"
"gum"
"flap"
diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix
index 6a257f0bb..98f5df42a 100644
--- a/lass/2configs/weechat.nix
+++ b/lass/2configs/weechat.nix
@@ -1,14 +1,17 @@
{ config, lib, pkgs, ... }:
-{
- krebs.per-user.chat.packages = [
- pkgs.weechat
- pkgs.tmux
+let
+ inherit (config.krebs.lib) genid;
+in {
+ krebs.per-user.chat.packages = with pkgs; [
+ mosh
+ tmux
+ weechat
];
users.extraUsers.chat = {
home = "/home/chat";
- uid = lib.genid "chat";
+ uid = genid "chat";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = [
diff --git a/lass/3modules/newsbot-js.nix b/lass/3modules/newsbot-js.nix
index 5e340b26f..0772971da 100644
--- a/lass/3modules/newsbot-js.nix
+++ b/lass/3modules/newsbot-js.nix
@@ -4,6 +4,8 @@ with builtins;
with lib;
let
+ inherit (config.krebs.lib) genid;
+
cfg = config.lass.newsbot-js;
out = {
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 5a1e90bc4..9b83997bb 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -49,6 +49,7 @@ with config.krebs.lib;
}
{
security.sudo.extraConfig = ''
+ Defaults env_keep+="SSH_CLIENT"
Defaults mailto="${config.krebs.users.tv.mail}"
Defaults !lecture
'';