diff options
Diffstat (limited to 'lass/2configs')
| -rw-r--r-- | lass/2configs/bepasty.nix | 40 | ||||
| -rw-r--r-- | lass/2configs/buildbot-standalone.nix | 17 | ||||
| -rw-r--r-- | lass/2configs/default.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/downloading.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/fetchWallpaper.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/git.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/hw/tp-x220.nix | 7 | ||||
| -rw-r--r-- | lass/2configs/monitoring/client.nix | 94 | ||||
| -rw-r--r-- | lass/2configs/monitoring/server.nix | 66 | ||||
| -rw-r--r-- | lass/2configs/nixpkgs.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/repo-sync.nix | 4 | ||||
| -rw-r--r-- | lass/2configs/tests/dummy-secrets/bepasty-secret.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/websites/domsen.nix | 1 |
13 files changed, 228 insertions, 10 deletions
diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix new file mode 100644 index 00000000..a3c6d0f2 --- /dev/null +++ b/lass/2configs/bepasty.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; + +# secrets used: +# wildcard.krebsco.de.crt +# wildcard.krebsco.de.key +# bepasty-secret.nix <- contains single string + +with import <stockholm/lib>; +let + secKey = import <secrets/bepasty-secret.nix>; + ext-dom = "paste.lassul.us" ; +in { + + services.nginx.enable = mkDefault true; + krebs.bepasty = { + enable = true; + serveNginx= true; + + servers = { + "paste.r" = { + nginx = { + serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; + }; + defaultPermissions = "admin,list,create,read,delete"; + secretKey = secKey; + }; + + "${ext-dom}" = { + nginx = { + enableSSL = true; + forceSSL = true; + enableACME = true; + }; + defaultPermissions = "read"; + secretKey = secKey; + }; + }; + }; +} diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 7057d0c3..c9e2928b 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -58,6 +58,11 @@ in { "NIX_REMOTE": "daemon", "dummy_secrets": "true", } + env_nin = { + "LOGNAME": "nin", + "NIX_REMOTE": "daemon", + "dummy_secrets": "true", + } env_shared = { "LOGNAME": "shared", "NIX_REMOTE": "daemon", @@ -126,6 +131,18 @@ in { ] ) + for i in [ "hiawatha", "onondaga" ]: + addShell(f,name="build-{}".format(i),env=env_nin, + command=nixshell + \ + ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ + make \ + test \ + target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ + method=build \ + system={}".format(i) + ] + ) + bu.append( util.BuilderConfig( name="build-hosts", diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 911b7738..d1810c00 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -9,6 +9,7 @@ with import <stockholm/lib>; ../2configs/mc.nix ../2configs/nixpkgs.nix ../2configs/vim.nix + ../2configs/monitoring/client.nix ./backups.nix { users.extraUsers = @@ -98,7 +99,6 @@ with import <stockholm/lib>; # multiple-definition-problem when defining environment.variables.EDITOR environment.extraInit = '' EDITOR=vim - MANPAGER=most ''; nixpkgs.config.allowUnfree = true; diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 27b6d22d..eb957501 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -16,6 +16,7 @@ with import <stockholm/lib>; lass.pubkey lass-shodan.pubkey lass-helios.pubkey + lass-icarus.pubkey makefu.pubkey ]; }; diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index cf084ea8..29f32199 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -7,6 +7,7 @@ in { enable = true; unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; url = "prism/wallpaper.png"; + maxTime = 10; }; systemd.services.fetchWallpaper = { after = [ "xmonad.service" ]; diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index d7ec39f2..bdd65ce0 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -57,7 +57,7 @@ let server = "ni.r"; verbose = config.krebs.build.host.name == "prism"; # TODO define branches in some kind of option per repo - branches = [ "master" "newest" "nin" ]; + branches = [ "master" "newest" ]; }; }; }; diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix index ec36fa96..d551cd44 100644 --- a/lass/2configs/hw/tp-x220.nix +++ b/lass/2configs/hw/tp-x220.nix @@ -47,12 +47,5 @@ with import <stockholm/lib>; pkgs.vaapiVdpau ]; - services.xserver = { - videoDriver = "intel"; - deviceSection = '' - Option "AccelMethod" "sna" - ''; - }; - security.rngd.enable = true; } diff --git a/lass/2configs/monitoring/client.nix b/lass/2configs/monitoring/client.nix new file mode 100644 index 00000000..e879d696 --- /dev/null +++ b/lass/2configs/monitoring/client.nix @@ -0,0 +1,94 @@ +{pkgs, config, ...}: +with import <stockholm/lib>; +{ + lass.telegraf = { + enable = true; + interval = "1s"; + + + outputs = '' + [outputs.influxdb] + urls = ["http://prism:8086"] + database = "telegraf_db" + user_agent = "telegraf" + ''; + inputs = [ + '' + [cpu] + percpu = false + totalcpu = true + drop = ["cpu_time"] + '' + '' + [[inputs.mem]] + '' + '' + [[inputs.ping]] + urls = ["8.8.8.8"] + '' + '' + [[inputs.net]] + '' + '' + [[inputs.dns_query]] + servers = ["8.8.8.8"] + '' + ]; + }; + systemd.services.telegraf.path = with pkgs; [ + iputils + lm_sensors + ]; + + services.collectd = { + enable = true; + autoLoadPlugin = true; + extraConfig = '' + Hostname ${config.krebs.build.host.name} + LoadPlugin load + LoadPlugin disk + LoadPlugin memory + Interval 30.0 + + LoadPlugin interface + <Plugin "interface"> + Interface "*Link" + Interface "lo" + Interface "vboxnet*" + Interface "virbr*" + IgnoreSelected true + </Plugin> + + LoadPlugin df + <Plugin "df"> + MountPoint "/nix/store" + FSType "tmpfs" + FSType "binfmt_misc" + FSType "debugfs" + FSType "mqueue" + FSType "hugetlbfs" + FSType "systemd-1" + FSType "cgroup" + FSType "securityfs" + FSType "ramfs" + FSType "proc" + FSType "devpts" + FSType "devtmpfs" + MountPoint "/var/lib/docker/devicemapper" + IgnoreSelected true + </Plugin> + + LoadPlugin cpu + <Plugin cpu> + ReportByCpu true + ReportByState true + ValuesPercentage true + </Plugin> + + LoadPlugin network + <Plugin "network"> + Server "prism" "25826" + </Plugin> + ''; + }; +} diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix new file mode 100644 index 00000000..2e1c15ca --- /dev/null +++ b/lass/2configs/monitoring/server.nix @@ -0,0 +1,66 @@ +{pkgs, config, ...}: +with import <stockholm/lib>; +{ + services.influxdb = { + enable = true; + }; + + services.influxdb.extraConfig = { + meta.hostname = config.krebs.build.host.name; + # meta.logging-enabled = true; + http.bind-address = ":8086"; + admin.bind-address = ":8083"; + monitoring = { + enabled = false; + # write-interval = "24h"; + }; + collectd = [{ + enabled = true; + typesdb = "${pkgs.collectd}/share/collectd/types.db"; + database = "collectd_db"; + port = 25826; + }]; + }; + + lass.kapacitor = + let + echoToIrc = pkgs.writeDash "echo_irc" '' + set -euf + data="$(${pkgs.jq}/bin/jq -r .message)" + export LOGNAME=prism-alarm + ${pkgs.irc-announce}/bin/irc-announce \ + irc.freenode.org 6667 prism-alarm \#krebs-bots "$data" >/dev/null + ''; + in { + enable = true; + alarms = { + test2 = '' + batch + |query(${"'''"} + SELECT mean("usage_user") AS mean + FROM "${config.lass.kapacitor.check_db}"."default"."cpu" + ${"'''"}) + .every(3m) + .period(1m) + .groupBy('host') + |alert() + .crit(lambda: "mean" > 90) + // Whenever we get an alert write it to a file. + .log('/tmp/alerts.log') + .exec('${echoToIrc}') + ''; + }; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; } + { predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; } + { predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; } + ]; + services.grafana = { + enable = true; + addr = "0.0.0.0"; + auth.anonymous.enable = true; + security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""} + }; +} diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 27b7c243..4a1b0379 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "39098270855c171f0824c09d071b606ae991ff87"; + ref = "5fff5a902594b34471b613eb2babcec923e1e1f1"; }; } diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 76576993..b1a26b17 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -44,6 +44,10 @@ let origin.url = "http://cgit.ni.r/${name}"; mirror.url = "${mirror}${name}"; }; + nin = { + origin.url = "http://cgit.onondaga.r/${name}"; + mirror.url = "${mirror}${name}"; + }; lassulus = { origin.url = "http://cgit.prism/${name}"; mirror.url = "${mirror}${name}"; diff --git a/lass/2configs/tests/dummy-secrets/bepasty-secret.nix b/lass/2configs/tests/dummy-secrets/bepasty-secret.nix new file mode 100644 index 00000000..6e08144d --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/bepasty-secret.nix @@ -0,0 +1 @@ +"bla" diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index e79973a6..66fc681b 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -66,6 +66,7 @@ in { "karlaskop.ubikmedia.de" "nb.ubikmedia.de" "youthtube.ubikmedia.de" + "joemisch.com" ]) ]; |