summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/2configs/ircd.nix2
-rw-r--r--krebs/3modules/charybdis.nix110
-rw-r--r--krebs/3modules/default.nix2
-rw-r--r--krebs/3modules/makefu/default.nix92
-rw-r--r--krebs/3modules/nin/default.nix111
-rw-r--r--lass/1systems/prism/config.nix8
-rw-r--r--makefu/1systems/gum/config.nix136
-rw-r--r--makefu/1systems/gum/hardware-config.nix77
-rw-r--r--makefu/1systems/gum/rescue.txt11
-rw-r--r--makefu/1systems/gum/source.nix2
-rw-r--r--makefu/1systems/nextgum/config.nix253
-rw-r--r--makefu/1systems/nextgum/hardware-config.nix99
-rw-r--r--makefu/1systems/nextgum/source.nix5
-rw-r--r--makefu/1systems/nextgum/transfer-config.nix7
-rw-r--r--makefu/1systems/omo/config.nix43
-rw-r--r--makefu/1systems/wbob/config.nix30
-rw-r--r--makefu/1systems/x/config.nix28
-rw-r--r--makefu/2configs/backup.nix52
-rw-r--r--makefu/2configs/backup/server.nix11
-rw-r--r--makefu/2configs/backup/ssh/gum.pub1
-rw-r--r--makefu/2configs/backup/ssh/nextgum.pub1
-rw-r--r--makefu/2configs/backup/ssh/omo.pub1
-rw-r--r--makefu/2configs/backup/ssh/x.pub1
-rw-r--r--makefu/2configs/backup/state.nix25
-rw-r--r--makefu/2configs/bepasty-dual.nix5
-rw-r--r--makefu/2configs/bluetooth-mpd.nix2
-rw-r--r--makefu/2configs/dcpp/airdcpp.nix3
-rw-r--r--makefu/2configs/deployment/bureautomation/hass.nix159
-rw-r--r--makefu/2configs/deployment/bureautomation/home.nix67
-rw-r--r--makefu/2configs/deployment/bureautomation/mpd.nix9
-rw-r--r--makefu/2configs/deployment/graphs.nix5
-rw-r--r--makefu/2configs/deployment/homeautomation/default.nix177
-rw-r--r--makefu/2configs/git/cgit-retiolum.nix1
-rw-r--r--makefu/2configs/gui/base.nix4
-rw-r--r--makefu/2configs/gui/wbob-kiosk.nix32
-rw-r--r--makefu/2configs/home-manager/cli.nix8
-rw-r--r--makefu/2configs/home-manager/default.nix3
-rw-r--r--makefu/2configs/home-manager/desktop.nix52
-rw-r--r--makefu/2configs/home-manager/mail.nix3
-rw-r--r--makefu/2configs/hw/bluetooth.nix5
-rw-r--r--makefu/2configs/hw/network-manager.nix3
-rw-r--r--makefu/2configs/hw/switch.nix10
-rw-r--r--makefu/2configs/laptop-backup.nix12
-rw-r--r--makefu/2configs/nginx/euer.blog.nix1
-rw-r--r--makefu/2configs/nginx/euer.wiki.nix1
-rw-r--r--makefu/2configs/printer.nix10
-rw-r--r--makefu/2configs/rtorrent.nix19
-rw-r--r--makefu/2configs/shack/events-publisher/default.nix (renamed from makefu/2configs/deployment/events-publisher/default.nix)4
-rw-r--r--makefu/2configs/shack/gitlab-runner/default.nix31
-rw-r--r--makefu/2configs/stats/arafetch.nix2
-rw-r--r--makefu/2configs/taskd.nix11
-rw-r--r--makefu/2configs/tools/android-pentest.nix2
-rw-r--r--makefu/2configs/tools/desktop.nix2
-rw-r--r--makefu/2configs/tools/extra-gui.nix1
-rw-r--r--makefu/2configs/tools/media.nix4
-rw-r--r--makefu/2configs/tools/mobility.nix2
-rw-r--r--makefu/2configs/tools/secrets.nix2
-rw-r--r--makefu/2configs/torrent.nix20
-rw-r--r--makefu/2configs/virtualisation/virtualbox.nix21
-rw-r--r--makefu/5pkgs/_4nxci/default.nix (renamed from makefu/5pkgs/4nxci/default.nix)44
-rw-r--r--makefu/5pkgs/awesomecfg/full.cfg6
-rw-r--r--makefu/5pkgs/cozy-audiobooks/default.nix95
-rw-r--r--makefu/5pkgs/custom/inkscape/dxf_fix.patch12
-rw-r--r--makefu/5pkgs/default.nix3
-rw-r--r--makefu/5pkgs/esniper/default.nix32
-rw-r--r--makefu/5pkgs/esniper/find-ca-bundle.patch26
-rw-r--r--makefu/5pkgs/ifdnfc/default.nix45
-rw-r--r--makefu/5pkgs/jd-gui/default.nix36
-rw-r--r--makefu/5pkgs/mcomix/default.nix24
-rw-r--r--makefu/5pkgs/ns-atmosphere-programmer/default.nix36
-rw-r--r--makefu/5pkgs/switch-launcher/default.nix24
-rw-r--r--makefu/5pkgs/targetcli/default.nix64
-rw-r--r--makefu/5pkgs/zj-58/default.nix30
-rw-r--r--makefu/krops.nix2
-rw-r--r--makefu/nixpkgs.json6
-rw-r--r--nin/0tests/dummysecrets/hashedPasswords.nix1
-rw-r--r--nin/0tests/dummysecrets/ssh.id_ed255190
-rw-r--r--nin/1systems/axon/config.nix132
-rw-r--r--nin/1systems/hiawatha/config.nix126
-rw-r--r--nin/1systems/onondaga/config.nix23
-rw-r--r--nin/2configs/ableton.nix20
-rw-r--r--nin/2configs/copyq.nix38
-rw-r--r--nin/2configs/default.nix173
-rw-r--r--nin/2configs/git.nix60
-rw-r--r--nin/2configs/im.nix19
-rw-r--r--nin/2configs/retiolum.nix28
-rw-r--r--nin/2configs/skype.nix27
-rw-r--r--nin/2configs/termite.nix22
-rw-r--r--nin/2configs/vim.nix355
-rw-r--r--nin/2configs/weechat.nix21
-rw-r--r--nin/default.nix7
91 files changed, 998 insertions, 2340 deletions
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 962dbf49c..65972aacc 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -5,7 +5,7 @@
6667 6669
];
- services.charybdis = {
+ krebs.charybdis = {
enable = true;
motd = ''
hello
diff --git a/krebs/3modules/charybdis.nix b/krebs/3modules/charybdis.nix
new file mode 100644
index 000000000..f4a7c1313
--- /dev/null
+++ b/krebs/3modules/charybdis.nix
@@ -0,0 +1,110 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (lib) mkEnableOption mkIf mkOption singleton types;
+ inherit (pkgs) coreutils charybdis;
+ cfg = config.krebs.charybdis;
+
+ configFile = pkgs.writeText "charybdis.conf" ''
+ ${cfg.config}
+ '';
+in
+
+{
+
+ ###### interface
+
+ options = {
+
+ krebs.charybdis = {
+
+ enable = mkEnableOption "Charybdis IRC daemon";
+
+ config = mkOption {
+ type = types.string;
+ description = ''
+ Charybdis IRC daemon configuration file.
+ '';
+ };
+
+ statedir = mkOption {
+ type = types.string;
+ default = "/var/lib/charybdis";
+ description = ''
+ Location of the state directory of charybdis.
+ '';
+ };
+
+ user = mkOption {
+ type = types.string;
+ default = "ircd";
+ description = ''
+ Charybdis IRC daemon user.
+ '';
+ };
+
+ group = mkOption {
+ type = types.string;
+ default = "ircd";
+ description = ''
+ Charybdis IRC daemon group.
+ '';
+ };
+
+ motd = mkOption {
+ type = types.nullOr types.lines;
+ default = null;
+ description = ''
+ Charybdis MOTD text.
+
+ Charybdis will read its MOTD from /etc/charybdis/ircd.motd .
+ If set, the value of this option will be written to this path.
+ '';
+ };
+
+ };
+
+ };
+
+
+ ###### implementation
+
+ config = mkIf cfg.enable (lib.mkMerge [
+ {
+ users.users = singleton {
+ name = cfg.user;
+ description = "Charybdis IRC daemon user";
+ uid = config.ids.uids.ircd;
+ group = cfg.group;
+ };
+
+ users.groups = singleton {
+ name = cfg.group;
+ gid = config.ids.gids.ircd;
+ };
+
+ systemd.services.charybdis = {
+ description = "Charybdis IRC daemon";
+ wantedBy = [ "multi-user.target" ];
+ environment = {
+ BANDB_DBPATH = "${cfg.statedir}/ban.db";
+ };
+ serviceConfig = {
+ ExecStart = "${charybdis}/bin/charybdis -foreground -logfile /dev/stdout -configfile ${configFile}";
+ Group = cfg.group;
+ User = cfg.user;
+ PermissionsStartOnly = true; # preStart needs to run with root permissions
+ };
+ preStart = ''
+ ${coreutils}/bin/mkdir -p ${cfg.statedir}
+ ${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.statedir}
+ '';
+ };
+
+ }
+
+ (mkIf (cfg.motd != null) {
+ environment.etc."charybdis/ircd.motd".text = cfg.motd;
+ })
+ ]);
+}
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 6307649e3..8f2e22acf 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -14,6 +14,7 @@ let
./buildbot/master.nix
./buildbot/slave.nix
./build.nix
+ ./charybdis.nix
./ci.nix
./current.nix
./exim.nix
@@ -111,7 +112,6 @@ let
{ krebs = import ./krebs { inherit config; }; }
{ krebs = import ./lass { inherit config; }; }
{ krebs = import ./makefu { inherit config; }; }
- { krebs = import ./nin { inherit config; }; }
{ krebs = import ./tv { inherit config; }; }
{
krebs.dns.providers = {
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index e2152ea1a..94af67fc7 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -494,6 +494,8 @@ in {
ip6.addr = "42:f9f0::10";
aliases = [
"omo.r"
+ "dcpp.omo.r"
+ "torrent.omo.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -554,7 +556,7 @@ in {
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr";
};
- nextgum = rec {
+ gum = rec {
ci = true;
extraZones = {
"krebsco.de" = ''
@@ -563,6 +565,23 @@ in {
graph IN A ${nets.internet.ip4.addr}
gold IN A ${nets.internet.ip4.addr}
iso.euer IN A ${nets.internet.ip4.addr}
+ wg.euer IN A ${nets.internet.ip4.addr}
+ photostore IN A ${nets.internet.ip4.addr}
+ o.euer IN A ${nets.internet.ip4.addr}
+ mon.euer IN A ${nets.internet.ip4.addr}
+ boot.euer IN A ${nets.internet.ip4.addr}
+ wiki.euer IN A ${nets.internet.ip4.addr}
+ pigstarter IN A ${nets.internet.ip4.addr}
+ cgit.euer IN A ${nets.internet.ip4.addr}
+ git.euer IN A ${nets.internet.ip4.addr}
+ euer IN A ${nets.internet.ip4.addr}
+ share.euer IN A ${nets.internet.ip4.addr}
+ gum IN A ${nets.internet.ip4.addr}
+ wikisearch IN A ${nets.internet.ip4.addr}
+ dl.euer IN A ${nets.internet.ip4.addr}
+ ghook IN A ${nets.internet.ip4.addr}
+ dockerhub IN A ${nets.internet.ip4.addr}
+ io IN NS gum.krebsco.de.
'';
};
cores = 8;
@@ -571,6 +590,7 @@ in {
ip4.addr = "144.76.26.247";
ip6.addr = "2a01:4f8:191:12f6::2";
aliases = [
+ "gum.i"
"nextgum.i"
];
};
@@ -594,65 +614,10 @@ in {
"stats.makefu.r"
"backup.makefu.r"
"dcpp.nextgum.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAucCebFmS96WorD+Br4UQudmAhMlLpacErjwA/u2argBTT2nGHTR8
- aN4e0xf3IYLA+iogLIW/JuQfKLe8evEK21iZ3jleW8N7mbCulhasi/0lqWlirrpO
- npJAiSNF1m7ijoylkEKxtmehze+8ojprUT2hx1ImMlHMWGxvs+TmBbZBMgxAGMJh
- 6cMMDJQi+4d9XrJQ3+XUVK3MkviLA91oIAXsLdFptL6b12siUaz4StQXDJUHemBF
- 3ZwlO+W2Es69ifEhmV6NaDDRcSRdChGbHTz1OU8wYaFNaxWla/iprQQ+jEUldpcN
- VC18QGYRUAgZ0PCIpKurjWNehJFB3zXt+wIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
- };
-
- gum = rec {
- ci = true;
- cores = 2;
-
- extraZones = {
- "krebsco.de" = ''
- share.euer IN A ${nets.internet.ip4.addr}
- mattermost.euer IN A ${nets.internet.ip4.addr}
- gum IN A ${nets.internet.ip4.addr}
- wikisearch IN A ${nets.internet.ip4.addr}
- pigstarter IN A ${nets.internet.ip4.addr}
- cgit.euer IN A ${nets.internet.ip4.addr}
- euer IN A ${nets.internet.ip4.addr}
- o.euer IN A ${nets.internet.ip4.addr}
- git.euer IN A ${nets.internet.ip4.addr}
- dl.euer IN A ${nets.internet.ip4.addr}
- boot.euer IN A ${nets.internet.ip4.addr}
- wiki.euer IN A ${nets.internet.ip4.addr}
- mon.euer IN A ${nets.internet.ip4.addr}
- ghook IN A ${nets.internet.ip4.addr}
- dockerhub IN A ${nets.internet.ip4.addr}
- photostore IN A ${nets.internet.ip4.addr}
- io IN NS gum.krebsco.de.
- '';
- };
- nets = rec {
- internet = {
- ip4.addr = "185.194.143.140";
- ip6.addr = "2a03:4000:1c:43f::1";
- aliases = [
- "gum.i"
- ];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.0.211";
- ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2";
- aliases = [
"gum.r"
"cgit.gum.r"
"o.gum.r"
"tracker.makefu.r"
-
"search.makefu.r"
"wiki.makefu.r"
"wiki.gum.r"
@@ -662,20 +627,19 @@ in {
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
- BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
- i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
- 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
- u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
- OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
+ MIIBCgKCAQEAucCebFmS96WorD+Br4UQudmAhMlLpacErjwA/u2argBTT2nGHTR8
+ aN4e0xf3IYLA+iogLIW/JuQfKLe8evEK21iZ3jleW8N7mbCulhasi/0lqWlirrpO
+ npJAiSNF1m7ijoylkEKxtmehze+8ojprUT2hx1ImMlHMWGxvs+TmBbZBMgxAGMJh
+ 6cMMDJQi+4d9XrJQ3+XUVK3MkviLA91oIAXsLdFptL6b12siUaz4StQXDJUHemBF
+ 3ZwlO+W2Es69ifEhmV6NaDDRcSRdChGbHTz1OU8wYaFNaxWla/iprQQ+jEUldpcN
+ VC18QGYRUAgZ0PCIpKurjWNehJFB3zXt+wIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
- # configured manually
- # ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
};
+
shoney = rec {
ci = true;
cores = 1;
diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix
deleted file mode 100644
index 1531a2c89..000000000
--- a/krebs/3modules/nin/default.nix
+++ /dev/null
@@ -1,111 +0,0 @@
-{ config, ... }:
-
-with import <stockholm/lib>;
-
-{
- hosts = mapAttrs (_: recursiveUpdate {
- owner = config.krebs.users.nin;
- ci = true;
- }) {
- hiawatha = {
- cores = 2;
- nets = {
- retiolum = {
- ip4.addr = "10.243.132.96";
- ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342";
- aliases = [
- "hiawatha.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o
- Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB
- iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E
- UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr
- lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ
- yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
- };
- axon= {
- cores = 2;
- nets = {
- retiolum = {
- ip4.addr = "10.243.134.66";
- ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
- aliases = [
- "axon.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo
-