diff options
Diffstat (limited to 'lass')
-rw-r--r-- | lass/1systems/daedalus/config.nix | 3 | ||||
-rw-r--r-- | lass/1systems/dishfire/config.nix | 63 | ||||
-rw-r--r-- | lass/1systems/dishfire/physical.nix | 39 | ||||
-rw-r--r-- | lass/1systems/dishfire/source.nix | 3 | ||||
-rw-r--r-- | lass/1systems/helios/config.nix | 43 | ||||
-rw-r--r-- | lass/1systems/mors/config.nix | 3 | ||||
-rw-r--r-- | lass/1systems/prism/config.nix | 4 | ||||
-rw-r--r-- | lass/2configs/exim-smarthost.nix | 2 | ||||
-rw-r--r-- | lass/2configs/git.nix | 17 | ||||
-rw-r--r-- | lass/2configs/reaktor-coders.nix | 6 | ||||
-rw-r--r-- | lass/2configs/repo-sync.nix | 6 | ||||
-rw-r--r-- | lass/krops.nix | 16 |
12 files changed, 41 insertions, 164 deletions
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index eafc0d06c..305b3f70e 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -30,7 +30,8 @@ with import <stockholm/lib>; }; environment.systemPackages = with pkgs; [ pavucontrol - firefox + #firefox + chromium hexchat networkmanagerapplet libreoffice diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix deleted file mode 100644 index 3d5f32180..000000000 --- a/lass/1systems/dishfire/config.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - <stockholm/lass> - <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/git.nix> - { - networking.dhcpcd.allowInterfaces = [ - "enp*" - "eth*" - "ens*" - ]; - } - { - sound.enable = false; - } - { - environment.systemPackages = with pkgs; [ - mk_sql_pair - ]; - } - { - imports = [ - <stockholm/lass/2configs/websites/fritz.nix> - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - { predicate = "-p tcp --dport https"; target = "ACCEPT"; } - ]; - } - { - #TODO: abstract & move to own file - krebs.exim-smarthost = { - enable = true; - relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ - config.krebs.hosts.mors - config.krebs.hosts.uriel - ]; - system-aliases = [ - { from = "mailer-daemon"; to = "postmaster"; } - { from = "postmaster"; to = "root"; } - { from = "nobody"; to = "root"; } - { from = "hostmaster"; to = "root"; } - { from = "usenet"; to = "root"; } - { from = "news"; to = "root"; } - { from = "webmaster"; to = "root"; } - { from = "www"; to = "root"; } - { from = "ftp"; to = "root"; } - { from = "abuse"; to = "root"; } - { from = "noc"; to = "root"; } - { from = "security"; to = "root"; } - { from = "root"; to = "lass"; } - ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } - ]; - } - ]; - - krebs.build.host = config.krebs.hosts.dishfire; -} diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix deleted file mode 100644 index 64e3904e0..000000000 --- a/lass/1systems/dishfire/physical.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - imports = [ - ./config.nix - <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - ]; - - boot.loader.grub = { - device = "/dev/vda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "ehci_pci" - "uhci_hcd" - "virtio_pci" - "virtio_blk" - ]; - - fileSystems."/" = { - device = "/dev/mapper/pool-nix"; - fsType = "ext4"; - }; - - fileSystems."/srv/http" = { - device = "/dev/pool/srv_http"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/vda1"; - fsType = "ext4"; - }; - fileSystems."/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; -} diff --git a/lass/1systems/dishfire/source.nix b/lass/1systems/dishfire/source.nix deleted file mode 100644 index 2445af130..000000000 --- a/lass/1systems/dishfire/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/lass/source.nix> { - name = "dishfire"; -} diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 257e51ee3..68acf12b8 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -1,48 +1,7 @@ with import <stockholm/lib>; -{ config, lib, pkgs, ... }: - +{ pkgs, ... }: { - imports = [ - <stockholm/lass> - <stockholm/lass/2configs/baseX.nix> - <stockholm/lass/2configs/browsers.nix> - <stockholm/lass/2configs/mouse.nix> - <stockholm/lass/2configs/pass.nix> - { - services.xserver.dpi = 200; - fonts.fontconfig.dpi = 200; - lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola"; - lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola"; - lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol"; - } - ]; - krebs.build.host = config.krebs.hosts.helios; - environment.systemPackages = with pkgs; [ - ag - vim - git - rsync - hashPassword - thunderbird dpass - - # we want tensorflow! (with GPU acceleration) - python3Packages.tensorflowWithCuda ]; - - users.users = { - root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass-helios.pubkey - ]; - }; - - services.tlp.enable = true; - - services.printing.drivers = [ pkgs.postscript-lexmark ]; - - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 90e04cad1..5a9c26b9d 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -40,6 +40,9 @@ with import <stockholm/lib>; { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } #chromecast { predicate = "-p udp -m multiport --sports 32768:61000 -m multiport --dports 32768:61000"; target = "ACCEPT"; } + #quake3 + { predicate = "-p tcp --dport 27950:27965"; target = "ACCEPT"; } + { predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; } ]; } { diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index b9fda2949..0f20d1c4e 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -287,6 +287,8 @@ with import <stockholm/lib>; { users.users.download.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse" ]; } { @@ -337,7 +339,7 @@ with import <stockholm/lib>; { # lass-android allowedIPs = [ "10.244.1.2/32" ]; - publicKey = "63+ns9AGv6e6a8WgxiZNFEt1xQT0YKFlEHzRaYJWtmk="; + publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw="; } ]; }; diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 30757964c..191e25831 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -85,6 +85,8 @@ with import <stockholm/lib>; { from = "qwertee@lassul.us"; to = lass.mail; } { from = "zazzle@lassul.us"; to = lass.mail; } { from = "hackbeach@lassul.us"; to = lass.mail; } + { from = "transferwise@lassul.us"; to = lass.mail; } + { from = "cis@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 829e62269..caa7c3065 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -38,6 +38,10 @@ let cgit.desc = "take a description of your disk layout and produce a format script"; cgit.section = "software"; }; + krebspage = { + cgit.desc = "homepage of krebs"; + cgit.section = "configuration"; + }; news = { cgit.desc = "take a rss feed and a timeout and print it to stdout"; cgit.section = "software"; @@ -100,10 +104,12 @@ let # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; channel = "#xxx"; + # TODO define refs in some kind of option per repo + refs = [ + "refs/heads/master" + ]; server = "irc.r"; verbose = config.krebs.build.host.name == "prism"; - # TODO define branches in some kind of option per repo - branches = [ "master" ]; }; }; }; @@ -121,10 +127,13 @@ let # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; channel = "#xxx"; + # TODO define refs in some kind of option per repo + refs = [ + "refs/heads/master" + "refs/heads/staging*" + ]; server = "irc.r"; verbose = false; - # TODO define branches in some kind of option per repo - branches = [ "master" "staging*" ]; }; } // hooks; }; diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 86877df7a..9365582b8 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -106,6 +106,12 @@ with import <stockholm/lib>; exec echo '¯\_(ツ)_/¯' ''; }) + (buildSimpleReaktorPlugin "flip" { + pattern = "^!flip$"; + script = pkgs.writeDash "shrug" '' + exec echo '(╯°□°)╯ ┻━┻' + ''; + }) ]; }; } diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 6a07172fe..8b7d0db71 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -14,10 +14,12 @@ let hooks = mkIf announce (mkDefault { post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; - verbose = false; channel = "#xxx"; + refs = [ + "refs/heads/newest" + ]; server = "irc.r"; - branches = [ "newest" ]; + verbose = false; }; }); }; diff --git a/lass/krops.nix b/lass/krops.nix index 776a3a55d..c5a932206 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -1,4 +1,4 @@ -{ config ? config, name }: let +{ name }: let inherit (import ../krebs/krops.nix { inherit name; }) krebs-source lib @@ -10,7 +10,7 @@ { nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; secrets = if test then { - file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets"; + file = toString ./2configs/tests/dummy-secrets; } else { pass = { dir = "${lib.getEnv "HOME"}/.password-store"; @@ -30,13 +30,11 @@ in { # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) test = pkgs.krops.writeTest "${name}-test" { source = source { test = true; }; - target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src"; + target = "${lib.getEnv "HOME"}/tmp/${name}-stockholm-test"; }; - ci = map (host: - pkgs.krops.writeTest "${host.name}-test" { - source = source { test = true; }; - target = "${lib.getEnv "TMPDIR"}/lass/${host.name}"; - } - ) (lib.filter (host: lib.getAttr "ci" host && host.owner == "lass") (lib.attrValues config.krebs.hosts)); + ci = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/stockholm-build"; + }; } |