19 files changed, 69 insertions, 20 deletions

diff --git a/makefu/1systems/fileleech.nix b/makefu/1systems/fileleech.nix
index 4f92c2b9..3aa5a54f 100644
--- a/makefu/1systems/fileleech.nix
+++ b/makefu/1systems/fileleech.nix
@@ -32,7 +32,6 @@ in {
       ../2configs/elchos/log.nix
       ../2configs/elchos/search.nix
       ../2configs/elchos/stats.nix
-      ../2configs/stats-srv.nix
 
     ];
   systemd.services.grafana.serviceConfig.LimitNOFILE=10032;
@@ -129,6 +128,7 @@ in {
     #  createHome = true;
     openssh.authorizedKeys.keys = [
       config.krebs.users.makefu.pubkey
+      config.krebs.users.lass.pubkey
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13"
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local"
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de"
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index c39997eb..3186f888 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -35,10 +35,12 @@ in {
       ../2configs/nginx/update.connector.one.nix
       ../2configs/deployment/mycube.connector.one.nix
       ../2configs/deployment/graphs.nix
+      # ../2configs/ipfs.nix
+      ../2configs/syncthing.nix
 
       # ../2configs/opentracker.nix
       ../2configs/logging/central-stats-client.nix
-      ../2configs/logging/central-logging-client.nix
+      # ../2configs/logging/central-logging-client.nix
 
   ];
   services.smartd.devices = [ { device = "/dev/sda";} ];
@@ -79,7 +81,6 @@ in {
   ];
   services.bitlbee.enable = true;
   systemd.services.bitlbee.environment.BITLBEE_DEBUG="1";
-  # systemd.services.bitlbee.serviceConfig.ExecStart = "${pkgs.bitlbee}/bin/bitlbee -Dnv -c 
 
   # Hardware
   boot.loader.grub.device = "/dev/sda";
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index 99303b60..ff34ee84 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -53,9 +53,10 @@ in {
       ../2configs/omo-share.nix
       ../2configs/tinc/retiolum.nix
       ../2configs/logging/central-stats-server.nix
-      ../2configs/logging/central-logging-server.nix
+      # ../2configs/logging/central-logging-server.nix
       ../2configs/logging/central-stats-client.nix
-      ../2configs/logging/central-logging-client.nix
+      ../2configs/syncthing.nix
+      # ../2configs/logging/central-logging-client.nix
 
       # ../2configs/torrent.nix
 
diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix
index 96aeb285..9f04e97e 100644
--- a/makefu/1systems/shoney.nix
+++ b/makefu/1systems/shoney.nix
@@ -31,7 +31,7 @@ in {
         anonymous-domain = "localhost.localdomain";
         anonymous.extraConfig = "return 403;";
         complete = {
-          serverAliases = [ "graphs.siem" ];
+          serverAliases = [ "graph.siem" ];
           extraConfig = ''
             if ( $server_addr = "${ip}" ) {
               return 403;
diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix
index 9cedc04a..866aac3b 100644
--- a/makefu/1systems/x.nix
+++ b/makefu/1systems/x.nix
@@ -2,6 +2,7 @@
 #
 #
 { config, pkgs, ... }:
+with import <stockholm/lib>;
 
 {
   imports =
@@ -71,14 +72,9 @@
   makefu.umts.apn = "web.vodafone.de";
 
   nixpkgs.config.allowUnfree = true;
-  krebs.nginx = {
-    default404 = false;
-    servers.default.listen = [ "80 default_server" ];
-    servers.default.server-names = [ "_" ];
-  };
 
   boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
-  environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ];
+  environment.systemPackages = [ pkgs.passwdqc-utils ];
 
   virtualisation.docker.enable = true;
 
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
index ba4c551b..1a19ab36 100644
--- a/makefu/2configs/base-gui.nix
+++ b/makefu/2configs/base-gui.nix
@@ -16,7 +16,10 @@ let
   mainUser = config.krebs.build.user.name;
 in
 {
-  imports = [ ];
+  imports = [
+    ./urxvtd.nix
+  ];
+
   services.xserver = {
     enable = true;
     layout = "us";
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index cd9b4c05..0865c3a3 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -11,7 +11,7 @@ with import <stockholm/lib>;
     ./vim.nix
     ./binary-cache/nixos.nix
   ];
-
+  programs.command-not-found.enable = false;
   nixpkgs.config.allowUnfreePredicate =  (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
   krebs = {
     enable = true;
@@ -22,7 +22,7 @@ with import <stockholm/lib>;
       user = config.krebs.users.makefu;
       source = let
           inherit (config.krebs.build) host user;
-          ref = "2982661"; # unstable @ 2017-03-31 + cups-dymo + snapraid-11.1
+          ref = "4fac473"; # unstable @ 2017-03-31 + command-not-found
       in {
         nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
           {
diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix
index 35a724f6..b33ddece 100644
--- a/makefu/2configs/deployment/graphs.nix
+++ b/makefu/2configs/deployment/graphs.nix
@@ -23,8 +23,8 @@ in {
           }
         '';
         serverAliases = [
-          "graphs.r" "graphs.retiolum"
-          "graphs.${hn}" "graphs.${hn}.retiolum"
+          "graph.r"
+          "graph.${hn}" "graph.${hn}.r"
         ];
       };
       anonymous = {
diff --git a/makefu/2configs/dnscrypt.nix b/makefu/2configs/dnscrypt.nix
index d810456f..6e7ef0f8 100644
--- a/makefu/2configs/dnscrypt.nix
+++ b/makefu/2configs/dnscrypt.nix
@@ -1,5 +1,6 @@
 {
   services.dnscrypt-proxy.enable = true;
+  services.dnscrypt-proxy.resolverName = "cs-de";
   networking.extraResolvconfConf = ''
     name_servers='127.0.0.1'
   '';
diff --git a/makefu/2configs/fetchWallpaper.nix b/makefu/2configs/fetchWallpaper.nix
index fb74919c..16a7a13b 100644
--- a/makefu/2configs/fetchWallpaper.nix
+++ b/makefu/2configs/fetchWallpaper.nix
@@ -8,7 +8,7 @@
     timerConfig = {
       OnCalendar = "*:0/30";
     };
-    url = "http://echelon/wallpaper.png";
+    url = "http://prism.r/realwallpaper-sat-krebs.png";
   };
 
 }
diff --git a/makefu/2configs/ipfs.nix b/makefu/2configs/ipfs.nix
new file mode 100644
index 00000000..cc07e063
--- /dev/null
+++ b/makefu/2configs/ipfs.nix
@@ -0,0 +1,5 @@
+{...}:
+{
+  services.ipfs.enable = true;
+  networking.firewall.allowedTCPPorts = [ 4001 ];
+}
diff --git a/makefu/2configs/logging/central-stats-server.nix b/makefu/2configs/logging/central-stats-server.nix
index 30ad6387..4f7961f3 100644
--- a/makefu/2configs/logging/central-stats-server.nix
+++ b/makefu/2configs/logging/central-stats-server.nix
@@ -71,5 +71,12 @@ in {
     iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
     iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
     iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
+
+    ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
+    ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
+    ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
+    ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
+    ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
+    ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
   '';
 }
diff --git a/makefu/2configs/syncthing.nix b/makefu/2configs/syncthing.nix
new file mode 100644
index 00000000..6b758ea2
--- /dev/null
+++ b/makefu/2configs/syncthing.nix
@@ -0,0 +1,11 @@
+{...}:
+
+with import <stockholm/lib>; {
+  services.syncthing = {
+    enable = true;
+    openDefaultPorts = true;
+    useInotify = true;
+    group = "download";
+  };
+  users.extraGroups.download.gid = genid "download";
+}
diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix
index 6d62e92c..0538647a 100644
--- a/makefu/2configs/tools/core-gui.nix
+++ b/makefu/2configs/tools/core-gui.nix
@@ -12,11 +12,11 @@
     firefox
     keepassx
     pcmanfm
+    evince
     skype
     mirage
     tightvnc
     gnome3.dconf
-    wireshark
     xdotool
     xorg.xbacklight
     scrot
diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix
index 86d72c66..6ae2951e 100644
--- a/makefu/2configs/tools/core.nix
+++ b/makefu/2configs/tools/core.nix
@@ -40,6 +40,7 @@
     cac-api
     cac-panel
     krebspaste
+    krebszones
     ledger
     pass
   ];
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index 9cfacf40..596734dd 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -4,6 +4,7 @@
   krebs.per-user.makefu.packages = with pkgs;[
     inkscape
     gimp
+    libreoffice
     skype
     virtmanager
     synergy
diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix
index 5ab699f3..e53d9ee8 100644
--- a/makefu/2configs/tools/sec.nix
+++ b/makefu/2configs/tools/sec.nix
@@ -11,5 +11,6 @@
     nmap
     msf
     thc-hydra
+    wireshark
   ];
 }
diff --git a/makefu/2configs/urxvtd.nix b/makefu/2configs/urxvtd.nix
new file mode 100644
index 00000000..286b87ab
--- /dev/null
+++ b/makefu/2configs/urxvtd.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+
+let
+	mainUser = config.krebs.build.user.name;
+in {
+  systemd.services.urxvtd = {
+    wantedBy = [ "multi-user.target" ];
+    before = [ "graphical.target" ];
+    reloadIfChanged = true;
+    serviceConfig = {
+      SyslogIdentifier = "urxvtd";
+      ExecReload = "${pkgs.coreutils}/bin/echo NOP";
+      ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd";
+      Restart = "always";
+      RestartSec = "2s";
+      StartLimitBurst = 0;
+      User = mainUser;
+    };
+  };
+	# TODO: sessionCommands from base-gui related to urxvt in this file
+}
diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg
index e43341d2..73ff42e9 100644
--- a/makefu/5pkgs/awesomecfg/full.cfg
+++ b/makefu/5pkgs/awesomecfg/full.cfg
@@ -90,7 +90,7 @@ client.connect_signal("focus", function(c) c.border_color = beautiful.border_foc
 client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end)
 
 -- This is used later as the default terminal and editor to run.
-terminal = "urxvt"
+terminal = "urxvtc"
 editor = os.getenv("EDITOR") or "vim"
 editor_cmd = terminal .. " -e " .. editor
 browser = "firefox"