10 files changed, 131 insertions, 8 deletions

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 2b5fc478c..fd9d56ed2 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -107,8 +107,8 @@ let
 
       # Implements environment.etc."zones/<zone-name>"
       environment.etc = let
-        stripEmptyLines = s: concatStringsSep "\n"
-          (remove "\n" (remove "" (splitString "\n" s)));
+        stripEmptyLines = s: (concatStringsSep "\n"
+          (remove "\n" (remove "" (splitString "\n" s)))) + "\n";
         all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
           ([cfg.zone-head-config] ++ combined-hosts);
         combined-hosts = (mapAttrsToList (name: value: value.extraZones)  cfg.hosts );
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 498282b03..0be166255 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -33,7 +33,7 @@ let
 in {
   hosts = addNames {
     echelon = {
-      cores = 4;
+      cores = 2;
       dc = "lass"; #dc = "cac";
       nets = rec {
         internet = {
@@ -66,6 +66,39 @@ in {
       ssh.privkey.path = <secrets/ssh.id_ed25519>;
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
     };
+    prism = {
+      cores = 4;
+      dc = "lass"; #dc = "cac";
+      nets = rec {
+        internet = {
+          addrs4 = ["213.239.205.240"];
+          aliases = [
+            "prism.internet"
+          ];
+        };
+        retiolum = {
+          via = internet;
+          addrs4 = ["10.243.0.103"];
+          addrs6 = ["42:0000:0000:0000:0000:0000:0000:15ab"];
+          aliases = [
+            "prism.retiolum"
+            "cgit.prism.retiolum"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
+            kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
+            JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
+            AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5
+            jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j
+            anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKVjJrM7fHfHpvZXEA3hmX4JliHl6h6Q8AGOPcu+9fF";
+    };
     fastpoke = {
       dc = "lass";
       nets = rec {
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index d328033cc..2d33b9275 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -164,6 +164,7 @@ with lib;
       dc = "makefu"; #dc = "cac";
       extraZones = {
         "krebsco.de" = ''
+          wiki.euer      IN A  ${head nets.internet.addrs4}
           wry            IN A  ${head nets.internet.addrs4}
           io             IN NS wry.krebsco.de.
           graphs         IN A  ${head nets.internet.addrs4}
@@ -185,9 +186,11 @@ with lib;
           addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"];
           aliases = [
             "graphs.wry.retiolum"
+            "graphs.retiolum"
             "paste.wry.retiolum"
             "paste.retiolum"
             "wry.retiolum"
+            "wiki.makefu.retiolum"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
@@ -213,8 +216,8 @@ with lib;
 
       extraZones = {
         "krebsco.de" = ''
-          omo               IN A      ${head nets.internet.addrs4}
           euer              IN A      ${head nets.internet.addrs4}
+          share.euer        IN A      ${head nets.internet.addrs4}
           gum               IN A      ${head nets.internet.addrs4}
         '';
       };
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index a6c628353..e415d20ab 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -95,8 +95,12 @@ let
 
         ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
           #!/bin/sh
+          mkdir -p "${internal_dir}" "${external_dir}"
           if ! test -e "${cfg.workingDir}/internal/index.html"; then
-            cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/" "${internal_dir}"
+            cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}"
+          fi
+          if ! test -e "${cfg.workingDir}/external/index.html"; then
+            cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}"
           fi
         '';
 
@@ -118,7 +122,6 @@ let
     users.extraUsers.tinc_graphs = {
       uid = 3925439960; #genid tinc_graphs
       home = "/var/spool/tinc_graphs";
-      createHome = true;
     };
 
     krebs.nginx.servers = mkIf cfg.nginx.enable {
diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix
index 80d9f5e93..206bc5697 100644
--- a/krebs/3modules/urlwatch.nix
+++ b/krebs/3modules/urlwatch.nix
@@ -56,6 +56,13 @@ let
         https://nixos.org/channels/nixos-unstable/git-revision
       ];
     };
+    verbose = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        verbose output of urlwatch
+      '';
+    };
   };
 
   urlsFile = toFile "urls" (concatStringsSep "\n" cfg.urls);
@@ -106,7 +113,7 @@ let
 
           cd /tmp
 
-          urlwatch -e --urls="$urlsFile" > changes 2>&1 || :
+          urlwatch -e ${optionalString cfg.verbose "-v"} --urls="$urlsFile" > changes || :
 
           if test -s changes; then
             date=$(date -R)
diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh
index 94c9b0fb5..182a068ef 100644
--- a/krebs/4lib/infest/prepare.sh
+++ b/krebs/4lib/infest/prepare.sh
@@ -11,12 +11,28 @@ prepare() {(
         ;;
       centos)
         case $VERSION_ID in
+          6)
+            prepare_centos "$@"
+            exit
+            ;;
           7)
             prepare_centos "$@"
             exit
             ;;
         esac
         ;;
+      debian)
+        case $VERSION_ID in
+          7)
+            prepare_debian "$@"
+            exit
+            ;;
+          8)
+            prepare_debian "$@"
+            exit
+            ;;
+        esac
+        ;;
     esac
   elif test -e /etc/centos-release; then
     case $(cat /etc/centos-release) in
@@ -31,6 +47,7 @@ prepare() {(
 )}
 
 prepare_arch() {
+  pacman -Sy
   type bzip2 2>/dev/null || pacman -S --noconfirm bzip2
   type git   2>/dev/null || pacman -S --noconfirm git
   type rsync 2>/dev/null || pacman -S --noconfirm rsync
@@ -44,6 +61,14 @@ prepare_centos() {
   prepare_common
 }
 
+prepare_debian() {
+  apt-get update
+  type bzip2 2>/dev/null || apt-get install bzip2
+  type git   2>/dev/null || apt-get install git
+  type rsync 2>/dev/null || apt-get install rsync
+  prepare_common
+}
+
 prepare_common() {
 
   if ! getent group nixbld >/dev/null; then
diff --git a/krebs/5pkgs/collectd-connect-time/default.nix b/krebs/5pkgs/collectd-connect-time/default.nix
new file mode 100644
index 000000000..525388029
--- /dev/null
+++ b/krebs/5pkgs/collectd-connect-time/default.nix
@@ -0,0 +1,15 @@
+{lib, pkgs, pythonPackages, fetchurl, ... }:
+
+pythonPackages.buildPythonPackage rec {
+  name = "collectd-connect-time-${version}";
+  version = "0.3.0";
+  src = fetchurl {
+    url = "https://pypi.python.org/packages/source/c/collectd-connect-time/collectd-connect-time-${version}.tar.gz";
+    sha256 = "0vvrf9py9bwc8hk3scxwg4x2j8jlp2qva0mv4q8d9m4b4mk99c95";
+  };
+  meta = {
+    homepage = https://pypi.python.org/pypi/collectd-connect-time/;
+    description = "TCP Connection time plugin for collectd";
+    license = lib.licenses.wtfpl;
+  };
+}
diff --git a/krebs/5pkgs/tinc_graphs/default.nix b/krebs/5pkgs/tinc_graphs/default.nix
new file mode 100644
index 000000000..e5f1e40e8
--- /dev/null
+++ b/krebs/5pkgs/tinc_graphs/default.nix
@@ -0,0 +1,26 @@
+{stdenv,fetchurl,pkgs,python3Packages, ... }:
+
+python3Packages.buildPythonPackage rec {
+  name = "tinc_graphs-${version}";
+  version = "0.3.9";
+  propagatedBuildInputs = with pkgs;[
+    python3Packages.pygeoip
+    ## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
+  ];
+  src = fetchurl {
+    url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz";
+    sha256 = "0hjmkiclvyjb3707285x4b8mk5aqjcvh383hvkad1h7p1n61qrfx";
+  };
+  preFixup = with pkgs;''
+    wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin"
+    wrapProgram $out/bin/all-the-graphs --prefix PATH : "${imagemagick}/bin:${graphviz}/bin:$out/bin"
+    wrapProgram $out/bin/tinc-stats2json --prefix PATH : "${tinc}/bin"
+  '';
+
+  meta = {
+    homepage = http://krebsco.de/;
+    description = "Create Graphs from Tinc Stats";
+    license = stdenv.lib.licenses.wtfpl;
+  };
+}
+
diff --git a/krebs/Zhosts/gum b/krebs/Zhosts/gum
index f1eaa4eab..d43bb0d08 100644
--- a/krebs/Zhosts/gum
+++ b/krebs/Zhosts/gum
@@ -2,7 +2,6 @@ Address= 195.154.108.70
 Address= 195.154.108.70 53
 Subnet = 10.243.0.211
 Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
-Aliases = paste
 
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
diff --git a/krebs/Zhosts/prism b/krebs/Zhosts/prism
new file mode 100644
index 000000000..4c875631f
--- /dev/null
+++ b/krebs/Zhosts/prism
@@ -0,0 +1,12 @@
+Address = 213.239.205.240
+Subnet = 10.243.0.103
+Subnet = 42:0000:0000:0000:0000:0000:0000:15ab
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
+kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
+JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
+AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5
+jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j
+anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB
+-----END RSA PUBLIC KEY-----