diff options
Diffstat (limited to 'lass')
52 files changed, 382 insertions, 946 deletions
diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix deleted file mode 100644 index 0a2ab1611..000000000 --- a/lass/1systems/archprism/config.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; - -{ - imports = [ - <stockholm/lass> - <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/libvirt.nix> - { # TODO make new hfos.nix out of this vv - boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - users.users.riot = { - uid = genid_uint31 "riot"; - isNormalUser = true; - extraGroups = [ "libvirtd" ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange" - ]; - }; - - # TODO write function for proxy_pass (ssl/nonssl) - - krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 192.168.122.179"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; } - ]; - } - <stockholm/lass/2configs/container-networking.nix> - { - services.taskserver = { - enable = true; - fqdn = "lassul.us"; - listenHost = "::"; - listenPort = 53589; - organisations.lass.users = [ "lass" "android" ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; } - ]; - } - { - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} - ]; - } - ]; - - krebs.build.host = config.krebs.hosts.archprism; - services.earlyoom = { - enable = true; - freeMemThreshold = 5; - }; -} diff --git a/lass/1systems/archprism/physical.nix b/lass/1systems/archprism/physical.nix deleted file mode 100644 index 36de7dc17..000000000 --- a/lass/1systems/archprism/physical.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - imports = [ - ./config.nix - { - boot.kernelParams = [ "net.ifnames=0" ]; - networking = { - defaultGateway = "46.4.114.225"; - # Use google's public DNS server - nameservers = [ "8.8.8.8" ]; - interfaces.eth0 = { - ipAddress = "46.4.114.247"; - prefixLength = 27; - }; - }; - # TODO use this network config - networking.interfaces.eth0.ipv4.addresses = [ - { - address = config.krebs.build.host.nets.internet.ip4.addr; - prefixLength = 27; - } - { - address = "46.4.114.243"; - prefixLength = 27; - } - ]; - #networking.defaultGateway = "46.4.114.225"; - #networking.nameservers = [ - # "8.8.8.8" - #]; - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0" - #''; - } - { - imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ]; - - networking.hostId = "fb4173ea"; - boot.loader.grub = { - devices = [ - "/dev/sda" - "/dev/sdb" - ]; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - "ahci" "sd_mod" - ]; - - boot.kernelModules = [ "kvm-intel" ]; - - sound.enable = false; - nixpkgs.config.allowUnfree = true; - time.timeZone = "Europe/Berlin"; - - fileSystems."/" = { - device = "rpool/root/nixos"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "rpool/home"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d"; - fsType = "ext4"; - }; - - } - ]; - -} diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index f6dc23d20..c4286cca3 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -9,8 +9,8 @@ with import <stockholm/lib>; <stockholm/lass/2configs/blue.nix> <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/sync/sync.nix> <stockholm/lass/2configs/sync/decsync.nix> - <stockholm/lass/2configs/sync/weechat.nix> ]; krebs.build.host = config.krebs.hosts.blue; diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index bd559944a..d84502b3f 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -6,7 +6,6 @@ with import <stockholm/lib>; <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/nfs-dl.nix> { # bubsy config diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index 0b4b50ee4..fbd2d223f 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -9,13 +9,80 @@ with import <stockholm/lib>; <stockholm/lass/2configs/mail.nix> <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/sync/sync.nix> <stockholm/lass/2configs/sync/decsync.nix> <stockholm/lass/2configs/sync/weechat.nix> + + <stockholm/lass/2configs/bitlbee.nix> + <stockholm/lass/2configs/IM.nix> + <stockholm/lass/2configs/muchsync.nix> + <stockholm/lass/2configs/pass.nix> ]; krebs.build.host = config.krebs.hosts.green; - #networking.nameservers = [ "1.1.1.1" ]; + users.users.mainUser.openssh.authorizedKeys.keys = [ + config.krebs.users.lass-android.pubkey + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMe23IAHn4Ow4J4i8M9GJshqvY80U11NKPLum6b1XLn" # weechat ssh tunnel + ]; + + krebs.bindfs = { + "/home/lass/.weechat" = { + source = "/var/state/lass_weechat"; + options = [ + "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}" + "--create-for-user=${toString config.users.users.syncthing.uid}" + ]; + }; + "/home/lass/Maildir" = { + source = "/var/state/lass_mail"; + options = [ + "-M ${toString config.users.users.mainUser.uid}" + ]; + }; + "/home/lass/sync" = { + source = "/var/state/lass_sync"; + options = [ + "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}" + "--create-for-user=${toString config.users.users.syncthing.uid}" + ]; + }; + "/var/lib/bitlbee" = { + source = "/var/state/bitlbee"; + options = [ + "-M ${toString config.users.users.bitlbee.uid}" + ]; + clearTarget = true; + }; + "/home/lass/.ssh" = { + source = "/var/state/lass_ssh"; + options = [ + "-M ${toString config.users.users.mainUser.uid}" + ]; + clearTarget = true; + }; + "/home/lass/.gnupg" = { + source = "/var/state/lass_gnupg"; + options = [ + "-M ${toString config.users.users.mainUser.uid}" + ]; + clearTarget = true; + }; + }; - #time.timeZone = "Europe/Berlin"; + systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" '' + sleep 1 + mkdir -p /home/lass/notmuch + chown lass: /home/lass/notmuch + ln -sfTr /home/lass/notmuch /home/lass/Maildir/.notmuch + + mkdir -p /home/lass/notmuch/muchsync + chown lass: /home/lass/notmuch/muchsync + mkdir -p /home/lass/Maildir/.muchsync + ln -sfTr /home/lass/Maildir/.muchsync /home/lass/notmuch/muchsync/tmp + ''; + + krebs.iptables.tables.nat.PREROUTING.rules = [ + { predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } + ]; } diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix index bd74c29f3..837872bf5 100644 --- a/lass/1systems/icarus/physical.nix +++ b/lass/1systems/icarus/physical.nix @@ -51,12 +51,10 @@ (1, 48, 60) (2, 50, 61) (3, 52, 63) - (6, 60, 65) - (7, 80, 85) - (127, 90, 32767) + (6, 60, 85) + (7, 80, 90) + (127, 89, 32767) ''; services.logind.lidSwitch = "ignore"; - services.logind.lidSwitchDocked = "ignore"; - } diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index eee23ee60..adf8aeeb1 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -7,6 +7,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/blue-host.nix> + <stockholm/lass/2configs/green-host.nix> <stockholm/lass/2configs/syncthing.nix> ]; diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix index 79fbe4c97..79d4f528d 100644 --- a/lass/1systems/morpheus/config.nix +++ b/lass/1systems/morpheus/config.nix @@ -4,6 +4,9 @@ with import <stockholm/lib>; imports = [ <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> + + <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/green-host.nix> ]; krebs.build.host = config.krebs.hosts.morpheus; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index b03d95c49..95b688590 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -18,28 +18,28 @@ with import <stockholm/lib>; <stockholm/lass/2configs/steam.nix> <stockholm/lass/2configs/wine.nix> <stockholm/lass/2configs/git.nix> - <stockholm/lass/2configs/virtualbox.nix> <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/mail.nix> <stockholm/krebs/2configs/ircd.nix> <stockholm/lass/2configs/logf.nix> <stockholm/lass/2configs/syncthing.nix> - <stockholm/lass/2configs/otp-ssh.nix> - <stockholm/lass/2configs/c-base.nix> + <stockholm/lass/2configs/sync/sync.nix> <stockholm/lass/2configs/sync/decsync.nix> <stockholm/lass/2configs/sync/weechat.nix> + #<stockholm/lass/2configs/c-base.nix> <stockholm/lass/2configs/br.nix> <stockholm/lass/2configs/ableton.nix> - <stockholm/lass/2configs/starcraft.nix> <stockholm/lass/2configs/dunst.nix> <stockholm/lass/2configs/rtl-sdr.nix> - <stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/print.nix> - <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/network-manager.nix> <stockholm/lass/2configs/nfs-dl.nix> - #<stockholm/lass/2configs/hardening.nix> - <stockholm/lass/2configs/ppp.nix> + <stockholm/lass/2configs/green-host.nix> + <stockholm/krebs/2configs/news-host.nix> + <stockholm/lass/2configs/ppp/x220-modem.nix> + <stockholm/lass/2configs/ppp/umts-stick.nix> + # <stockholm/lass/2configs/remote-builder/morpheus.nix> + # <stockholm/lass/2configs/remote-builder/prism.nix> { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index f63c6a05a..6f61ea57e 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -118,6 +118,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/iodined.nix> <stockholm/lass/2configs/paste.nix> <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/green-host.nix> <stockholm/lass/2configs/reaktor-coders.nix> <stockholm/lass/2configs/ciko.nix> <stockholm/lass/2configs/container-networking.nix> @@ -138,22 +139,17 @@ with import <stockholm/lib>; }; } { - lass.ejabberd = { - enable = true; - hosts = [ "lassul.us" ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } - { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } - ]; - } - { imports = [ <stockholm/lass/2configs/realwallpaper.nix> ]; - services.nginx.virtualHosts."lassul.us".locations."= /wallpaper.png".extraConfig = '' - alias /var/realwallpaper/realwallpaper.png; - ''; + services.nginx.virtualHosts."lassul.us".locations = { + "= /wallpaper-marker.png".extraConfig = '' + alias /var/realwallpaper/realwallpaper-marker.png; + ''; + "= /wallpaper.png".extraConfig = '' + alias /var/realwallpaper/realwallpaper.png; + ''; + }; } { users.users.jeschli = { @@ -282,8 +278,9 @@ with import <stockholm/lib>; services.murmur = { enable = true; bandwidth = 10000000; + registerName = "lassul.us"; + autobanTime = 30; }; - services.murmur.registerName = "lassul.us"; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} { predicate = "-p udp --dport 64738"; target = "ACCEPT";} @@ -354,6 +351,8 @@ with import <stockholm/lib>; palo.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" "AAAAB3NzaC1yc2EAAAADAQABAAABgQC4ECL9NSCWqs4KVe+FF+2BPtl5Bv5aQPHqnXllCyiESZykwRKLx6/AbF5SbUAUMVZtp9oDSdp28m3BvVeWJ/q7hAbIxUtfd/jp+JBRZ8Kj6K5GzUO7Bhgl/o0A7xEjAeOKHiYuLjdPMcFUyl6Ah4ey/mcQYf6AdU0+hYUDeUlKe/YxxYD6202W0GJq2xGdIqs/TbopT9iaX+sv0wdXDVfFY72nFqOUwJW3u6O2viKKRugrz/eo50Eo3ts7pYz/FpDXExrUvV9Vu/bQ34pa8nKgF3/AKQHgmzljNQSVZKyAV8OY0UFonjBMXCBg2tXtwfnlzdx2SyuQVv55x+0AuRKsi85G2xLpXu1A3921pseBTW6Q6kbYK9eqxAay2c/kNbwNqFnO+nCvQ6Ier/hvGddOtItMu96IuU2E7mPN6WgvM8/3fjJRFWnZxFxqu/k7iH+yYT8qwRgdiSqZc76qvkYEuabdk2itstTRY0A3SpI3hFMZDw/7bxgMZtqpfyoRk5s= philip@shiki11:15 <Profpatsch> AAAAB3NzaC1yc2EAAAADAQABAAABgQC4ECL9NSCWqs4KVe+FF+2BPtl5Bv5aQPHqnXllCyiESZykwRKLx6/AbF5SbUAUMVZtp9oDSdp28m3BvVeWJ/q7hAbIxUtfd/jp+JBRZ8Kj6K5GzUO7Bhgl/o0A7xEjAeOKHiYuLjdPMcFUyl6Ah4ey/mcQYf6AdU0+hYUDeUlKe/YxxYD6202W0GJq2xGdIqs/TbopT9iaX+sv0wdXDVfFY72nFqOUwJW3u6O2viKKRugrz/eo50Eo3ts7pYz/FpDXExrUvV9Vu/bQ34pa8nKgF3/AKQHgmzljNQSVZKyAV8OY0UFonjBMXCBg2tXtwfnlzdx2SyuQVv55x+0AuRKsi85G2xLpXu1A3921pseBTW6Q6kbYK9eqxAay2c/kNbwNqFnO+nCvQ6Ier/hvGddOtItMu96IuU2E7mPN6WgvM8/3fjJRFWnZxFxqu/k7iH+yYT8qwRgdiSqZc76qvkYEuabdk2itstTRY0A3SpI3hFMZDw/7bxgMZtqpfyoRk5s= philip@shiki" + mic92.pubkey + qubasa.pubkey ]; }; }; @@ -412,42 +411,6 @@ with import <stockholm/lib>; ]; }; } - { #macos mounting of yellow - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i wiregrill -p tcp --dport 139"; target = "ACCEPT"; } - { predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; } - { predicate = "-i wiregrill -p udp --dport 137"; target = "ACCEPT"; } - { predicate = "-i wiregrill -p udp --dport 138"; target = "ACCEPT"; } - ]; - users.users.smbguest = { - name = "smbguest"; - uid = config.ids.uids.smbguest; - description = "smb guest user"; - home = "/home/share"; - createHome = true; - }; - services.samba = { - enable = true; - enableNmbd = true; - shares = { - download = { - path = "/var/download/finished"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - ''; - }; - } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 9e01396bc..7695e637b 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -13,19 +13,18 @@ with import <stockholm/lib>; <stockholm/lass/2configs/programs.nix> <stockholm/lass/2configs/wine.nix> <stockholm/lass/2configs/bitcoin.nix> - <stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/blue-host.nix> + <stockholm/lass/2configs/green-host.nix> + <stockholm/krebs/2configs/news-host.nix> <stockholm/lass/2configs/nfs-dl.nix> - <stockholm/lass/2configs/gg23.nix> - <stockholm/lass/2configs/hass> - <stockholm/lass/2configs/br.nix> <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/home-media.nix> + <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/sync/sync.nix> ]; krebs.build.host = config.krebs.hosts.shodan; services.logind.lidSwitch = "ignore"; services.logind.lidSwitchDocked = "ignore"; - } diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 507ccd14d..4da4dffb8 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -6,6 +6,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/blue-host.nix> + <stockholm/lass/2configs/green-host.nix> <stockholm/lass/2configs/power-action.nix> <stockholm/lass/2configs/syncthing.nix> { diff --git a/lass/1systems/styx/config.nix b/lass/1systems/styx/config.nix index 4c3ae1411..016d1480f 100644 --- a/lass/1systems/styx/config.nix +++ b/lass/1systems/styx/config.nix @@ -12,14 +12,17 @@ with import <stockholm/lib>; <stockholm/lass/2configs/browsers.nix> <stockholm/lass/2configs/programs.nix> <stockholm/lass/2configs/nfs-dl.nix> - # <stockholm/lass/2configs/gg23.nix> - # <stockholm/lass/2configs/hass> + <stockholm/lass/2configs/gg23.nix> + <stockholm/lass/2configs/hass> + <stockholm/lass/2configs/green-host.nix> + <stockholm/krebs/2configs/news-host.nix> # <stockholm/lass/2configs/br.nix> <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/home-media.nix> - # <stockholm/lass/2configs/syncthing.nix> - # <stockholm/lass/2configs/sync/sync.nix> + <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/sync/sync.nix> # <stockholm/lass/2configs/idc.nix> + <stockholm/lass/2configs/ppp/umts-stick.nix> ]; krebs.build.host = config.krebs.hosts.styx; @@ -27,6 +30,8 @@ with import <stockholm/lib>; krebs.iptables.tables.filter.INPUT.rules = [ { pred |