diff options
Diffstat (limited to 'makefu/1systems')
| -rw-r--r-- | makefu/1systems/darth.nix | 12 | ||||
| -rw-r--r-- | makefu/1systems/pornocauster.nix | 8 | ||||
| -rw-r--r-- | makefu/1systems/shoney.nix | 46 | ||||
| -rw-r--r-- | makefu/1systems/wry.nix | 9 |
4 files changed, 44 insertions, 31 deletions
diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index 08ac7e66e..5f1d6e121 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -33,16 +33,10 @@ in { firewall = { allowPing = true; logRefusedConnections = false; - allowedUDPPorts = [ 80 655 67 ]; - allowedTCPPorts = [ 80 655 ]; - }; - nat = { - enable = true; - internalIPs = [ "10.8.10.0/24" ]; - #internalInterfaces = [ "tinc.siem" ]; - externalIP = "10.8.8.2"; - externalInterface = "virbr3"; + allowedUDPPorts = [ 80 655 1655 67 ]; + allowedTCPPorts = [ 80 655 1655 ]; }; + # fallback connection to the internal virtual network interfaces.virbr3.ip4 = [{ address = "10.8.8.2"; prefixLength = 24; diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 2fb93798a..7b6c18342 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -44,6 +44,14 @@ # ../2configs/temp/sabnzbd.nix ]; + services.tinc.networks.siem = { + name = "makefu"; + extraConfig = '' + ConnectTo = sdarth + ConnectTo = sjump + ''; + }; + krebs.nginx = { default404 = false; servers.default.listen = [ "80 default_server" ]; diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index 48679fe58..1fe8871d2 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -1,5 +1,7 @@ { config, pkgs, ... }: let + tinc-siem-ip = "10.8.10.1"; + ip = "64.137.234.215"; alt-ip = "64.137.234.210"; extra-ip = "64.137.234.114"; #currently unused @@ -7,32 +9,46 @@ let in { imports = [ ../. + ../2configs/save-diskspace.nix ../2configs/hw/CAC.nix ../2configs/fs/CAC-CentOS-7-64bit.nix - ]; - services.tinc.networks.siem.name = "sjump"; - # minimal resources - services.nixosManual.enable = false; - programs.man.enable = false; - nix.gc.automatic = true; - nix.gc.dates = "03:10"; + services.tinc.networks.siem.name = "sjump"; krebs = { enable = true; retiolum.enable = true; build.host = config.krebs.hosts.shoney; + nginx.enable = true; + tinc_graphs = { + enable = true; + network = "siem"; + hostsPath = "/etc/tinc/siem/hosts"; + nginx = { + enable = true; + # TODO: remove hard-coded hostname + complete = { + listen = [ "${tinc-siem-ip}:80" ]; + server-names = [ "graphs.siem" ]; + }; + }; + }; }; - networking.interfaces.enp2s1.ip4 = [ - { address = ip; prefixLength = 24; } - { address = alt-ip; prefixLength = 24; } - ]; + networking = { + interfaces.enp2s1.ip4 = [ + { address = ip; prefixLength = 24; } + { address = alt-ip; prefixLength = 24; } + ]; - networking.defaultGateway = gw; - networking.nameservers = [ "8.8.8.8" ]; - networking.firewall.allowedUDPPorts = [ 655 1655 ]; - networking.firewall.allowedTCPPorts = [ 655 1655 ]; + defaultGateway = gw; + nameservers = [ "8.8.8.8" ]; + firewall = { + trustedInterfaces = [ "tinc.siem" ]; + allowedUDPPorts = [ 655 1655 ]; + allowedTCPPorts = [ 655 1655 ]; + }; + }; } diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index ed48c6abe..5788cb654 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -11,7 +11,7 @@ in { # TODO: copy this config or move to krebs ../2configs/hw/CAC.nix ../2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/headless.nix + ../2configs/save-diskspace.nix ../2configs/bepasty-dual.nix @@ -27,8 +27,7 @@ in { ../2configs/collectd/collectd-base.nix ]; krebs.retiolum.enable = true; - services.nixosManual.enable = false; - programs.man.enable = false; + krebs.build.host = config.krebs.hosts.wry; krebs.Reaktor = { @@ -83,9 +82,5 @@ in { nameservers = [ "8.8.8.8" ]; }; - # small machine - do not forget to gc every day - nix.gc.automatic = true; - nix.gc.dates = "03:10"; - environment.systemPackages = [ ]; } |