From 3ef9a0744e716ab2c5484c253c1cb40dd703e1b0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Jun 2016 22:09:57 +0200 Subject: l 1: move hardware: mors <-> shodan --- lass/1systems/mors.nix | 4 ++-- lass/1systems/shodan.nix | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index a7a1fd25..b044939d 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -131,8 +131,8 @@ }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0" ''; #TODO activationScripts seem broken, fix them! diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 6829428f..b05b9d26 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -69,8 +69,8 @@ with builtins; }; }; - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" - # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" - #''; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + ''; } -- cgit v1.2.3 From b447c3953334947421eb4693f66050c37acf2c34 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Jun 2016 22:11:11 +0200 Subject: l 1 mors: disable broken startupScript --- lass/1systems/mors.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index b044939d..598e502a 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -146,7 +146,7 @@ #Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp] #echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control' #Autosuspend for USB device Biometric Coprocessor - echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control' + #echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control' #Runtime PMs echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' -- cgit v1.2.3 From 85ab676579beac3083b6c278858c0efea4efb358 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Jun 2016 22:11:52 +0200 Subject: l 1 shodan: activate git --- lass/1systems/shodan.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index b05b9d26..9a29682a 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -5,6 +5,7 @@ with builtins; imports = [ ../. ../2configs/baseX.nix + ../2configs/git.nix ../2configs/exim-retiolum.nix ../2configs/browsers.nix ../2configs/programs.nix -- cgit v1.2.3 From fd95a5a2049580ef66886ca15563bcf798d254b2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Jun 2016 22:12:55 +0200 Subject: l 1 shodan: mount /dev/pool/home-lass --- lass/1systems/shodan.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 9a29682a..073d8679 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -68,6 +68,11 @@ with builtins; "/boot" = { device = "/dev/sda1"; }; + + "/home/lass" = { + device = "/dev/pool/home-lass"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' -- cgit v1.2.3 From 3dbb0294269666954a5e7ffa24342c4ad20bbb03 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Jun 2016 22:15:20 +0200 Subject: l 2: bump nixpkgs f632f8e -> 5ae35cd --- lass/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 1c06acf3..5cb2614a 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -57,7 +57,7 @@ with config.krebs.lib; stockholm = "/home/lass/stockholm"; nixpkgs = { url = https://github.com/lassulus/nixpkgs; - rev = "f632f8edaf80ffa8bf0b8c9b9064cae3ccbe3894"; + rev = "5ae35cd00571033901c424001c3878f5974f4992"; dev = "/home/lass/src/nixpkgs"; }; } // optionalAttrs config.krebs.build.host.secure { -- cgit v1.2.3 From 821fec2bcdf811dcca30e0fae40fa7812800ff6c Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Jun 2016 22:17:41 +0200 Subject: l 2 xserver Xresources: steal tv's colors --- lass/2configs/xserver/Xresources.nix | 47 +++++++++++++++++++++++++++++++++--- 1 file changed, 43 insertions(+), 4 deletions(-) diff --git a/lass/2configs/xserver/Xresources.nix b/lass/2configs/xserver/Xresources.nix index e3b0f45d..5d366170 100644 --- a/lass/2configs/xserver/Xresources.nix +++ b/lass/2configs/xserver/Xresources.nix @@ -19,9 +19,48 @@ pkgs.writeText "Xresources" '' URxvt.intensityStyles: false - URxvt*background: #000000 - URxvt*foreground: #ffffff + URxvt*background: #050505 + ! URxvt*background: #041204 + + !URxvt.depth: 32 + !URxvt*background: rgba:0500/0500/0500/cccc + + ! URxvt*background: #080810 + URxvt*foreground: #d0d7d0 + ! URxvt*background: black + ! URxvt*foreground: white + ! URxvt*background: rgb:00/00/40 + ! URxvt*foreground: rgb:a0/a0/d0 + ! XTerm*cursorColor: rgb:00/00/60 + URxvt*cursorColor: #f042b0 + URxvt*cursorColor2: #f0b000 + URxvt*cursorBlink: off + ! URxvt*cursorUnderline: true + ! URxvt*highlightColor: #232323 + ! URxvt*highlightTextColor: #b0ffb0 + + URxvt*.pointerBlank: true + URxvt*.pointerBlankDelay: 987654321 + URxvt*.pointerColor: #f042b0 + URxvt*.pointerColor2: #050505 + + ! URxvt*color0: #000000 + ! URxvt*color1: #c00000 + ! URxvt*color2: #80c070 + URxvt*color3: #c07000 + ! URxvt*color4: #0000c0 + URxvt*color4: #4040c0 + ! URxvt*color5: #c000c0 + ! URxvt*color6: #008080 + URxvt*color7: #c0c0c0 + + URxvt*color8: #707070 + URxvt*color9: #ff6060 + URxvt*color10: #70ff70 + URxvt*color11: #ffff70 + URxvt*color12: #7070ff + URxvt*color13: #ff50ff + URxvt*color14: #70ffff + URxvt*color15: #ffffff - !change unreadable blue - URxvt*color4: #268bd2 '' -- cgit v1.2.3 From 208e8f6c0b1c2c84f0f1dcbdf3fc489b926df190 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Jun 2016 10:43:51 +0200 Subject: l 2 websites domsen: www. for most domains --- lass/2configs/websites/domsen.nix | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 45d09c3b..8322403a 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -23,20 +23,20 @@ let in { imports = [ ./sqlBackup.nix - (ssl [ "reich-gebaeudereinigung.de" ]) - (servePage [ "reich-gebaeudereinigung.de" ]) + (ssl [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) + (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (ssl [ "karlaskop.de" ]) - (servePage [ "karlaskop.de" ]) + (ssl [ "karlaskop.de" "www.karlaskop.de" ]) + (servePage [ "karlaskop.de" "www.karlaskop.de" ]) - (ssl [ "makeup.apanowicz.de" ]) - (servePage [ "makeup.apanowicz.de" ]) + (ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) + (servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) - (ssl [ "pixelpocket.de" ]) - (servePage [ "pixelpocket.de" ]) + (ssl [ "pixelpocket.de" "www.pixelpocket.de" ]) + (servePage [ "pixelpocket.de" "www.pixelpocket.de" ]) - (ssl [ "o.ubikmedia.de" ]) - (serveOwncloud [ "o.ubikmedia.de" ]) + (ssl [ "o.ubikmedia.de" "www.o.ubikmedia.de" ]) + (serveOwncloud [ "o.ubikmedia.de" "www.o.ubikmedia.de" ]) (ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ]) (serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ]) -- cgit v1.2.3 From 9d8980a51eeba08acaa57c2164bfce66b15fe1b6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Jun 2016 20:03:47 +0200 Subject: l 2 websites domsen: enable more www. domains --- lass/2configs/websites/domsen.nix | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 8322403a..d62b58c1 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -38,8 +38,36 @@ in { (ssl [ "o.ubikmedia.de" "www.o.ubikmedia.de" ]) (serveOwncloud [ "o.ubikmedia.de" "www.o.ubikmedia.de" ]) - (ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ]) - (serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ]) + (ssl [ + "ubikmedia.de" + "aldona.ubikmedia.de" + "apanowicz.de" + "nirwanabluete.de" + "aldonasiech.com" + "360gradvideo.tv" + "ubikmedia.eu" + "www.ubikmedia.de" + "www.aldona.ubikmedia.de" + "www.apanowicz.de" + "www.nirwanabluete.de" + "www.aldonasiech.com" + "www.360gradvideo.tv" + "www.ubikmedia.eu" + ]) + (serveWordpress [ + "ubikmedia.de" + "apanowicz.de" + "nirwanabluete.de" + "aldonasiech.com" + "360gradvideo.tv" + "ubikmedia.eu" + "www.apanowicz.de" + "www.nirwanabluete.de" + "www.aldonasiech.com" + "www.360gradvideo.tv" + "www.ubikmedia.eu" + "*.ubikmedia.de" + ]) ]; lass.mysqlBackup.config.all.databases = [ -- cgit v1.2.3 From 8c1257facc7b599dd62a730cf35370d68ff8799b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 7 Jun 2016 20:04:36 +0200 Subject: l 2: bump nixpkgs 5ae35cd -> 2e971b0 --- lass/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 5cb2614a..aa37b8e6 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -57,7 +57,7 @@ with config.krebs.lib; stockholm = "/home/lass/stockholm"; nixpkgs = { url = https://github.com/lassulus/nixpkgs; - rev = "5ae35cd00571033901c424001c3878f5974f4992"; + rev = "2e971b07db3fb77e0590fff09d0b9cb086159caa"; dev = "/home/lass/src/nixpkgs"; }; } // optionalAttrs config.krebs.build.host.secure { -- cgit v1.2.3 From 72335ce00ec759e5b9d7a1468fe517e66948d8ed Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 8 Jun 2016 18:22:15 +0200 Subject: l 1 prism: serve nix-cache --- lass/1systems/prism.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 6ed80ac3..9a9bd473 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -210,6 +210,30 @@ in { '') ]; } + { + services.nix-serve = { + enable = true; + secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + }; + systemd.services.nix-serve = { + requires = ["secret.service"]; + after = ["secret.service"]; + }; + krebs.secret.files.nix-serve-key = { + path = "/run/secret/nix-serve.key"; + owner.name = "nix-serve"; + source-path = toString + "/nix-serve.key"; + }; + krebs.nginx = { + enable = true; + servers.nix-serve = { + server-names = [ "cache.prism.r" ]; + locations = lib.singleton (lib.nameValuePair "/" '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + ''); + }; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 01a66f42e1efe82478cb680bdaa3de4f9388143e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 8 Jun 2016 18:22:35 +0200 Subject: l 2 exim-smarthost: add netzclub@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 8199f2bd..e9527fec 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -28,6 +28,7 @@ with config.krebs.lib; { from = "wordpress@ubikmedia.de"; to = lass.mail; } { from = "finanzamt@lassul.us"; to = lass.mail; } { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; } + { from = "netzclub@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From 82f811474c036daff9b29a4ee1e89784dc781cc9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 8 Jun 2016 18:23:02 +0200 Subject: l 2: activate prism as binary-cache --- lass/2configs/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index aa37b8e6..ce42a1ff 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -40,6 +40,12 @@ with config.krebs.lib; }; }; } + { + nix = { + binaryCaches = ["http://cache.prism.r"]; + binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; + }; + } ]; networking.hostName = config.krebs.build.host.name; -- cgit v1.2.3 From 7fe3cdd804de26f243f2c7698e46f5adaa2355db Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 9 Jun 2016 22:55:28 +0200 Subject: k 3 m: fix filepimp pubkey --- krebs/3modules/makefu/default.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 7d4bef9a..cf875f52 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -232,15 +232,16 @@ with config.krebs.lib; ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"; aliases = [ "filepimp.retiolum" + "filepimp.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY - BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3 - i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7 - 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS - u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa - OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB + MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg + 3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS + wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR + oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X + UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB + 8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB -----END RSA PUBLIC KEY----- ''; }; -- cgit v1.2.3 From 19d5be268368f073401d07f6657cf61827c9d59c Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 10 Jun 2016 10:27:07 +0200 Subject: m 3 umts: use 1509 for wvdial package --- makefu/3modules/umts.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix index e527a5cb..300467e1 100644 --- a/makefu/3modules/umts.nix +++ b/makefu/3modules/umts.nix @@ -3,6 +3,14 @@ with config.krebs.lib; let + nixpkgs-1509 = import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs-channels"; + rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; + sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; + }) {}; + + wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113 + # TODO: currently it is only netzclub umts-bin = pkgs.writeScriptBin "umts" '' #!/bin/sh @@ -62,7 +70,7 @@ let Type = "simple"; Restart = "always"; RestartSec = "10s"; - ExecStart = "${pkgs.wvdial}/bin/wvdial -n"; + ExecStart = "${wvdial}/bin/wvdial -n"; }; }; }; -- cgit v1.2.3 From 14fd045f5bab7252d3fa9d4c909b471312b5399d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 00:26:21 +0200 Subject: l 2 buildbot-standalone: add build-all target --- lass/2configs/buildbot-standalone.nix | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 604d0728..d1be464f 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -29,16 +29,26 @@ name="fast-all-branches", builderNames=["fast-tests"])) ''; + build-all-scheduler = '' + # build all lass hosts + sched.append(schedulers.SingleBranchScheduler( + ## only master + change_filter=util.ChangeFilter(branch_re="master"), + # treeStableTimer=10, + name="prism-master", + builderNames=["build-all"])) + ''; }; builder_pre = '' # prepare grab_repo step for stockholm grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') - env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"} + # TODO: get nixpkgs/stockholm paths from krebs + env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon", "dummy_secrets": "true", "NIX_PATH": "nixpkgs=/var/src/nixpkgs:stockholm=/var/src/stockholm"} # prepare nix-shell # the dependencies which are used by the test script - deps = [ "gnumake", "jq","nix","rsync" ] + deps = [ "gnumake", "jq", "nix", "rsync" ] # TODO: --pure , prepare ENV in nix-shell command: # SSL_CERT_FILE,LOGNAME,NIX_REMOTE nixshell = ["nix-shell", @@ -51,6 +61,24 @@ factory.addStep(steps.ShellCommand(**kwargs)) ''; builder = { + build-all = '' + f = util.BuildFactory() + f.addStep(grab_repo) + #TODO: get hosts via krebs + for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: + addShell(f,name="build-{}".format(i),env=env, + command=nixshell + \ + ["nix-build \ + --show-trace --no-out-link \ + -I nixos-config=./lass/1systems/{}.nix \ + -I secrets=/var/src/stockholm/lass/2configs/tests/dummy-secrets \ + -A config.system.build.toplevel".format(i)]) + + bu.append(util.BuilderConfig(name="build-all", + slavenames=slavenames, + factory=f)) + + ''; fast-tests = '' f = util.BuildFactory() f.addStep(grab_repo) @@ -93,7 +121,7 @@ password = "lasspass"; packages = with pkgs;[ git nix gnumake jq rsync ]; extraEnviron = { - NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; + NIX_PATH="nixpkgs=/var/src/nixpkgs"; }; }; krebs.iptables = { -- cgit v1.2.3 From 05e339626edb6b6a62cda74ee27389fc51b8be41 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 00:27:12 +0200 Subject: l 2: enable dummy_secrets via env --- lass/2configs/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index ce42a1ff..6dcec5c1 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -58,7 +58,10 @@ with config.krebs.lib; user = config.krebs.users.lass; source = mapAttrs (_: mkDefault) ({ nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix"; - secrets = "/home/lass/secrets/${config.krebs.build.host.name}"; + secrets = + if getEnv "dummy_secrets" == "true" + then toString + else "/home/lass/secrets/${config.krebs.build.host.name}"; #secrets-common = "/home/lass/secrets/common"; stockholm = "/home/lass/stockholm"; nixpkgs = { -- cgit v1.2.3 From 0d20b15ae318ac5e9c5d91c857c8abdaf2957556 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 00:27:44 +0200 Subject: k 3 l: add cache.prism.r as alias --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 65da85ac..48ba0049 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -91,6 +91,7 @@ with config.krebs.lib; "prism.retiolum" "prism.r" "cgit.prism.retiolum" + "cache.prism.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From 91fe76414ad9fa217bc48c9e4ecd642dcbb38211 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 00:28:09 +0200 Subject: l 2: add/move some basic pkgs --- lass/2configs/baseX.nix | 2 ++ lass/2configs/default.nix | 3 +++ lass/2configs/radio.nix | 1 - lass/2configs/weechat.nix | 1 - 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 16f7502a..7e969b3e 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -32,6 +32,7 @@ in { environment.systemPackages = with pkgs; [ + acpi dmenu gitAndTools.qgit lm_sensors @@ -44,6 +45,7 @@ in { sxiv xclip xorg.xbacklight + xorg.xhost xsel zathura diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 6dcec5c1..f4a0de35 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -123,8 +123,11 @@ with config.krebs.lib; #neat utils krebspaste + pciutils psmisc + tmux untilport + usbutils #unpack stuff p7zip diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 17be327b..cb21cd44 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -52,7 +52,6 @@ in { print_current ncmpcpp mpc_cli - tmux ]; security.sudo.extraConfig = '' diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index 5e14871a..0bfd9fe6 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -5,7 +5,6 @@ let in { krebs.per-user.chat.packages = with pkgs; [ mosh - tmux weechat ]; -- cgit v1.2.3 From cf0914ddcbc5f06fd82fb67acb885167c1145d21 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 00:28:55 +0200 Subject: l 2 radio: don't use systemds path --- lass/2configs/radio.nix | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index cb21cd44..19fe1408 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -11,7 +11,7 @@ let source-password = import ; add_random = pkgs.writeDashBin "add_random" '' - mpc add "$(mpc ls | shuf -n1)" + ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls | shuf -n1)" ''; skip_track = pkgs.writeDashBin "skip_track" '' @@ -122,8 +122,8 @@ in { LIMIT=$1 #in secconds timeLeft () { - playlistDuration=$(mpc --format '%time%' playlist | awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') - currentTime=$(mpc status | awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }') + playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') + currentTime=$(${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }') expr ''${playlistDuration:-0} - ''${currentTime:-0} } @@ -135,11 +135,6 @@ in { description = "radio playlist autoadder"; after = [ "network.target" ]; - path = with pkgs; [ - gawk - mpc_cli - ]; - restartIfChanged = true; serviceConfig = { -- cgit v1.2.3 From c19c13957a08effbd6f88ac7e7d691ea4a8aaaf5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 00:31:44 +0200 Subject: l 2 radio: don't restart autoAdder --- lass/2configs/radio.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 19fe1408..a5c14afc 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -138,7 +138,6 @@ in { restartIfChanged = true; serviceConfig = { - Restart = "always"; ExecStart = "${autoAdd} 100"; }; }; -- cgit v1.2.3 From 01dc6b6caba709e1bbbd3bac55bfb671a5666810 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 02:51:10 +0200 Subject: l 2 tests: add dummy-secrets --- lass/2configs/tests/dummy-secrets/cbase.txt | 0 lass/2configs/tests/dummy-secrets/hashedPasswords.nix | 1 + lass/2configs/tests/dummy-secrets/icecast-admin-pw | 1 + lass/2configs/tests/dummy-secrets/icecast-source-pw | 1 + lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv | 3 +++ lass/2configs/tests/dummy-secrets/mysql_rootPassword | 1 + lass/2configs/tests/dummy-secrets/nix-serve.key | 1 + lass/2configs/tests/dummy-secrets/repos.nix | 1 + lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv | 4 ++++ lass/2configs/tests/dummy-secrets/ssh.id_ed25519 | 3 +++ lass/2configs/tests/dummy-secrets/ssh.id_rsa | 3 +++ lass/2configs/tests/dummy-secrets/transmission-pw | 1 + 12 files changed, 20 insertions(+) create mode 100644 lass/2configs/tests/dummy-secrets/cbase.txt create mode 100644 lass/2configs/tests/dummy-secrets/hashedPasswords.nix create mode 100644 lass/2configs/tests/dummy-secrets/icecast-admin-pw create mode 100644 lass/2configs/tests/dummy-secrets/icecast-source-pw create mode 100644 lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv create mode 100644 lass/2configs/tests/dummy-secrets/mysql_rootPassword create mode 100644 lass/2configs/tests/dummy-secrets/nix-serve.key create mode 100644 lass/2configs/tests/dummy-secrets/repos.nix create mode 100644 lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv create mode 100644 lass/2configs/tests/dummy-secrets/ssh.id_ed25519 create mode 100644 lass/2configs/tests/dummy-secrets/ssh.id_rsa create mode 100644 lass/2configs/tests/dummy-secrets/transmission-pw diff --git a/lass/2configs/tests/dummy-secrets/cbase.txt b/lass/2configs/tests/dummy-secrets/cbase.txt new file mode 100644 index 00000000..e69de29b diff --git a/lass/2configs/tests/dummy-secrets/hashedPasswords.nix b/lass/2configs/tests/dummy-secrets/hashedPasswords.nix new file mode 100644 index 00000000..0967ef42 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/lass/2configs/tests/dummy-secrets/icecast-admin-pw b/lass/2configs/tests/dummy-secrets/icecast-admin-pw new file mode 100644 index 00000000..16b542ce --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/icecast-admin-pw @@ -0,0 +1 @@ +"blabla" diff --git a/lass/2configs/tests/dummy-secrets/icecast-source-pw b/lass/2configs/tests/dummy-secrets/icecast-source-pw new file mode 100644 index 00000000..16b542ce --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/icecast-source-pw @@ -0,0 +1 @@ +"blabla" diff --git a/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv b/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv new file mode 100644 index 00000000..215a7fa0 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv @@ -0,0 +1,3 @@ +-----BEGIN RSA PRIVATE KEY----- +this is a private key +-----END RSA PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/mysql_rootPassword b/lass/2configs/tests/dummy-secrets/mysql_rootPassword new file mode 100644 index 00000000..922a7447 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/mysql_rootPassword @@ -0,0 +1 @@ +blabla123 diff --git a/lass/2configs/tests/dummy-secrets/nix-serve.key b/lass/2configs/tests/dummy-secrets/nix-serve.key new file mode 100644 index 00000000..91448ad2 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/nix-serve.key @@ -0,0 +1 @@ +key-name:blabla123 diff --git a/lass/2configs/tests/dummy-secrets/repos.nix b/lass/2configs/tests/dummy-secrets/repos.nix new file mode 100644 index 00000000..eed71245 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/repos.nix @@ -0,0 +1 @@ +_: {} diff --git a/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv b/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv new file mode 100644 index 00000000..99a4033f --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv @@ -0,0 +1,4 @@ + +-----BEGIN RSA PRIVATE KEY----- +this is a private key +-----END RSA PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 b/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 new file mode 100644 index 00000000..5c12da0b --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/ssh.id_ed25519 @@ -0,0 +1,3 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +private key bla +-----END OPENSSH PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/ssh.id_rsa b/lass/2configs/tests/dummy-secrets/ssh.id_rsa new file mode 100644 index 00000000..885cf61f --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/ssh.id_rsa @@ -0,0 +1,3 @@ +-----BEGIN RSA PRIVATE KEY----- +private key bla +-----END RSA PRIVATE KEY----- diff --git a/lass/2configs/tests/dummy-secrets/transmission-pw b/lass/2configs/tests/dummy-secrets/transmission-pw new file mode 100644 index 00000000..b71df1a2 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/transmission-pw @@ -0,0 +1 @@ +"krebskrebs123" -- cgit v1.2.3 From a78f3e3ebe7a991caf6c3718929c360891871c37 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 10:55:40 +0200 Subject: l 2 buildbot-standalone: use git dummy-secrets --- lass/2configs/buildbot-standalone.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index d1be464f..151ce562 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -44,7 +44,7 @@ grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') # TODO: get nixpkgs/stockholm paths from krebs - env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon", "dummy_secrets": "true", "NIX_PATH": "nixpkgs=/var/src/nixpkgs:stockholm=/var/src/stockholm"} + env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon", "dummy_secrets": "true"} # prepare nix-shell # the dependencies which are used by the test script @@ -71,7 +71,8 @@ ["nix-build \ --show-trace --no-out-link \ -I nixos-config=./lass/1systems/{}.nix \ - -I secrets=/var/src/stockholm/lass/2configs/tests/dummy-secrets \ + -I secrets=./lass/2configs/tests/dummy-secrets \ + -I stockholm=. \ -A config.system.build.toplevel".format(i)]) bu.append(util.BuilderConfig(name="build-all", -- cgit v1.2.3 From 2a51473d3553459ee8794d78a1eed17e9a86f7eb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 13:57:44 +0200 Subject: l 2 fetchWallpaper: get wallpapar from prism --- lass/2configs/fetchWallpaper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index f3b65e81..d28ae935 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -5,7 +5,7 @@ let in { krebs.fetchWallpaper = { enable = true; - url = "cloudkrebs/wallpaper.png"; + url = "prism/wallpaper.png"; }; } -- cgit v1.2.3 From 75d3e5210d7f50fa6e0bdcae9a5a495f937049f1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 14:53:18 +0200 Subject: l 2: move nixpkgs to seperate file --- lass/2configs/default.nix | 6 +----- lass/2configs/nixpkgs.nix | 8 ++++++++ 2 files changed, 9 insertions(+), 5 deletions(-) create mode 100644 lass/2configs/nixpkgs.nix diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index f4a0de35..da312351 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -7,6 +7,7 @@ with config.krebs.lib; ../2configs/zsh.nix ../2configs/mc.nix ../2configs/retiolum.nix + ../2configs/nixpkgs.nix ./backups.nix { users.extraUsers = @@ -64,11 +65,6 @@ with config.krebs.lib; else "/home/lass/secrets/${config.krebs.build.host.name}"; #secrets-common = "/home/lass/secrets/common"; stockholm = "/home/lass/stockholm"; - nixpkgs = { - url = https://github.com/lassulus/nixpkgs; - rev = "2e971b07db3fb77e0590fff09d0b9cb086159caa"; - dev = "/home/lass/src/nixpkgs"; - }; } // optionalAttrs config.krebs.build.host.secure { #secrets-master = "/home/lass/secrets/master"; }); diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix new file mode 100644 index 00000000..c893011a --- /dev/null +++ b/lass/2configs/nixpkgs.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + krebs.build.source.nixpkgs = { + url = https://github.com/lassulus/nixpkgs; + rev = "f215f9e91e07473e61c9302aaa312c7350e98f0e"; + }; +} -- cgit v1.2.3 From f99ff4bb19ad28cd927a40715cc362c439cb6c16 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 14:56:11 +0200 Subject: l 2 websites domsen: add facts.cloud --- lass/2configs/websites/domsen.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index d62b58c1..6ad55031 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -46,6 +46,7 @@ in { "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" + "facts.cloud" "www.ubikmedia.de" "www.aldona.ubikmedia.de" "www.apanowicz.de" @@ -53,6 +54,7 @@ in { "www.aldonasiech.com" "www.360gradvideo.tv" "www.ubikmedia.eu" + "www.facts.cloud" ]) (serveWordpress [ "ubikmedia.de" @@ -61,12 +63,14 @@ in { "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" + "facts.cloud" + "*.ubikmedia.de" "www.apanowicz.de" "www.nirwanabluete.de" "www.aldonasiech.com" "www.360gradvideo.tv" "www.ubikmedia.eu" - "*.ubikmedia.de" + "www.facts.cloud" ]) ]; -- cgit v1.2.3 From 5d528f4b677167ca212040c8869c956ee8641a7e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 15:47:35 +0200 Subject: l 2 websites domsen: add missing " --- lass/2configs/websites/domsen.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 6ad55031..77563454 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -95,7 +95,7 @@ in { services.phpfpm.phpIni = pkgs.runCommand "php.ini" { options = '' extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - sendmail_path = ${sendmail} -t -i" + sendmail_path = "${sendmail} -t -i" ''; } '' cat ${pkgs.php}/etc/php-recommended.ini > $out -- cgit v1.2.3 From 524849d54ec5a209eed0cafe143fad2d53d436c4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 15:47:56 +0200 Subject: l 2 radio: start radio.service every minute --- lass/2configs/radio.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index a5c14afc..12a4ddf2 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -113,7 +113,7 @@ in { wantedBy = [ "timers.target" ]; timerConfig = { - OnCalendar = "*:*"; + OnCalendar = "*:0/1"; }; }; -- cgit v1.2.3 From 5dfc8d41d91fd6a48fb55e34e2b12d2012d37a38 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 21:01:04 +0200 Subject: l 2 downloading: authorize shodan --- lass/2configs/downloading.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 3639a743..cf9b631c 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -21,6 +21,7 @@ in { openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey config.krebs.users.lass-uriel.pubkey + config.krebs.users.lass-shodan.pubkey ]; }; -- cgit v1.2.3 From 3eee2d3c860629404bf25dc55098f31b9d8bf318 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:43:50 +0200 Subject: ma 1 omo: finish hw merge for omo --- makefu/1systems/omo.nix | 47 +++++++++++++++++++--------------- makefu/2configs/fs/sda-crypto-root.nix | 6 ++--- 2 files changed, 29 insertions(+), 24 deletions(-) diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index fbd06a9c..e71055f5 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -5,9 +5,10 @@ { config, pkgs, lib, ... }: let byid = dev: "/dev/disk/by-id/" + dev; - keyFile = "/dev/disk/by-id/usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; - rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; - homePartition = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN-part3"; + keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; + rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; + rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2"; + primaryInterface = "enp1s0"; # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 # cryptsetup luksAddKey $dev tmpkey # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 @@ -15,14 +16,14 @@ let # omo Chassis: # __FRONT_ - # |* d2 | + # |* d0 | # | | # |* d3 | # | | - # |* d0 | + # |* d3 | # | | - # |* d1 | # |* | + # |* d2 | # | * r0 | # |_______| cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; @@ -38,27 +39,31 @@ in { [ ../. # TODO: unlock home partition via ssh - ../2configs/fs/single-partition-ext4.nix + ../2configs/fs/sda-crypto-root.nix ../2configs/zsh-user.nix ../2configs/exim-retiolum.nix ../2configs/smart-monitor.nix ../2configs/mail-client.nix - ../2configs/share-user-sftp.nix - ../2configs/graphite-standalone.nix + #../2configs/graphite-standalone.nix + #../2configs/share-user-sftp.nix ../2configs/omo-share.nix + + ## as long as pyload is not in nixpkgs: + # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload ]; krebs.retiolum.enable = true; - networking.firewall.trustedInterfaces = [ "enp3s0" ]; + networking.firewall.trustedInterfaces = [ primaryInterface ]; # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net # tcp:80 - nginx for sharing files # tcp:655 udp:655 - tinc # tcp:8111 - graphite + # tcp:8112 - pyload # tcp:9090 - sabnzbd # tcp:9200 - elasticsearch # tcp:5601 - kibana networking.firewall.allowedUDPPorts = [ 655 ]; - networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ]; + networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 8112 9200 9090 ]; # services.openssh.allowSFTP = false; @@ -66,6 +71,9 @@ in { services.sabnzbd.enable = true; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + virtualisation.docker.enable = true; + + # HDD Array stuff services.smartd.devices = builtins.map (x: { device = x; }) allDisks; @@ -76,15 +84,11 @@ in { disks = map toMapper [ 0 1 ]; parity = toMapper 2; }; + fileSystems = let cryptMount = name: { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; - in { - "/home" = { - device = "/dev/mapper/home"; - fsType = "ext4"; - }; - } // cryptMount "crypt0" + in cryptMount "crypt0" // cryptMount "crypt1" // cryptMount "crypt2"; @@ -101,15 +105,16 @@ in { usbkey = name: device: { inherit name device keyFile; keyFileSize = 4096; + allowDiscards = true; }; in [ - (usbkey "home" homePartition) + (usbkey "luksroot" rootPartition) (usbkey "crypt0" cryptDisk0) (usbkey "crypt1" cryptDisk1) (usbkey "crypt2" cryptDisk2) ]; }; - loader.grub.device = rootDisk; + loader.grub.device = lib.mkForce rootDisk; initrd.availableKernelModules = [ "ahci" @@ -121,12 +126,12 @@ in { "usbhid" ]; - kernelModules = [ "kvm-amd" ]; + kernelModules = [ "kvm-intel" ]; extraModulePackages = [ ]; }; hardware.enableAllFirmware = true; - hardware.cpu.amd.updateMicrocode = true; + hardware.cpu.intel.updateMicrocode = true; zramSwap.enable = true; diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix index b82c0e44..5c7cdf71 100644 --- a/makefu/2configs/fs/sda-crypto-root.nix +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -1,16 +1,16 @@ { config, lib, pkgs, ... }: # sda: bootloader grub2 -# sda1: boot ext4 (label nixboot) +# sda1: boot ext4 (label nixboot) - must be unlocked on boot if required: + # boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; # sda2: cryptoluks -> ext4 with config.krebs.lib; { boot = { loader.grub.enable = true; loader.grub.version = 2; - loader.grub.device = "/dev/sda"; + loader.grub.device = lib.mkDefault "/dev/sda"; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; }; -- cgit v1.2.3 From 365b6f3859c5f1a67cfe476a3478f62aeceff5aa Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:44:23 +0200 Subject: ma 2 fingerprint-reader: init --- makefu/2configs/hw/fingerprint-reader.nix | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 makefu/2configs/hw/fingerprint-reader.nix diff --git a/makefu/2configs/hw/fingerprint-reader.nix b/makefu/2configs/hw/fingerprint-reader.nix new file mode 100644 index 00000000..1f2f00b0 --- /dev/null +++ b/makefu/2configs/hw/fingerprint-reader.nix @@ -0,0 +1,6 @@ +_: { + # add fingerprint with fprintd-enroll + services.fprintd.enable = true; + security.pam.services.login.fprintAuth = true; + security.pam.services.xscreensaver.fprintAuth = true; +} -- cgit v1.2.3 From 501897654670ef89a99a45749af63b9e98064dd5 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:44:54 +0200 Subject: ma 1 pornocauster: add boot unlock --- makefu/1systems/pornocauster.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index fa39b121..2fb93798 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -31,6 +31,7 @@ # hardware specifics are in here ../2configs/hw/tp-x220.nix + ../2configs/hw/rtl8812au.nix # mount points ../2configs/fs/sda-crypto-root-home.nix # ../2configs/mediawiki.nix @@ -59,7 +60,6 @@ networking.firewall.allowedUDPPorts = [ 665 ]; krebs.build.host = config.krebs.hosts.pornocauster; - krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11"; krebs.retiolum = { enable = true; @@ -68,4 +68,6 @@ networking.extraHosts = '' 192.168.1.11 omo.local ''; + # hard dependency because otherwise the device will not be unlocked + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; } -- cgit v1.2.3 From 0bfa1dbaf0eae32fe972a42d8f9c9d16caae8b11 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:45:21 +0200 Subject: ma 2 tp-x220: minor tweaks --- makefu/2configs/hw/tp-x220.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/hw/tp-x220.nix b/makefu/2configs/hw/tp-x220.nix index be3d1eb7..1c9a3496 100644 --- a/makefu/2configs/hw/tp-x220.nix +++ b/makefu/2configs/hw/tp-x220.nix @@ -5,7 +5,7 @@ with config.krebs.lib; imports = [ ./tp-x2x0.nix ]; boot = { - kernelModules = [ "kvm-intel" "acpi_call" ]; + kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; }; @@ -28,7 +28,7 @@ with config.krebs.lib; # enable HDMI output switching with pulseaudio hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" '' - ${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"} + ${builtins.readFile "${config.hardware.pulseaudio.package.out}/etc/pulse/default.pa"} load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI" ''; -- cgit v1.2.3 From 50f4b1d79dce0560137f5118eb18b7af4b0e37d8 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:46:16 +0200 Subject: ma 2 tp-x2x0: add remark why to not start charge at 80 --- makefu/2configs/hw/tp-x2x0.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 7f9dc67a..c10ec131 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -22,7 +22,8 @@ with config.krebs.lib; services.tlp.enable = true; services.tlp.extraConfig = '' - START_CHARGE_THRESH_BAT0=80 + # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery + #START_CHARGE_THRESH_BAT0=80 STOP_CHARGE_THRESH_BAT0=95 CPU_SCALING_GOVERNOR_ON_AC=performance -- cgit v1.2.3 From 7dd825bed421a773db185983fdc50d2b5f704c59 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:47:21 +0200 Subject: m 2 defaut: fix .nix-defexpr in activation script" --- makefu/2configs/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 62daed8b..e7366e18 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -154,6 +154,15 @@ with config.krebs.lib; "net.ipv6.conf.default.use_tempaddr" = 2; }; + system.activationScripts.nix-defexpr = '' + (set -euf + for i in /home/makefu /root/;do + f="$i/.nix-defexpr" + rm -fr "$f" + ln -s /var/src/nixpkgs "$f" + done) + ''; + i18n = { consoleKeyMap = "us"; defaultLocale = "en_US.UTF-8"; -- cgit v1.2.3 From b9c0c46b4d0f9907f1b3fc96494be96abc60c8db Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:48:15 +0200 Subject: m shoney: init --- krebs/3modules/makefu/default.nix | 29 +++++++++++++++++++++++++++++ makefu/1systems/shoney.nix | 30 ++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 makefu/1systems/shoney.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index cf875f52..1b4096d0 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -340,6 +340,35 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; + shoney = rec { + cores = 1; + nets = { + internet = { + ip4.addr = "64.137.235.70"; + aliases = [ + "shoney.i" + ]; + }; + retiolum = { + ip4.addr = "10.243.205.131"; + ip6.addr = "42:490d:cd82:d2bb:56d5:abd1:b88b:e8b4"; + aliases = [ + "shoney.retiolum" + "shoney.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAsYXzbotmODJqos+Ilve8WyO2qBti6eMDSOP59Aqb18h8A5b4tCTL + ygDo2xLLzRaINQAxfdaKcdMOWSEkiy1j/pBYs1tfqv4mT6BO+1t8LXz82D+YcT+4 + okGXklZ/H5L+T9cynbpKIwzTrw0DuOUhzs/WRFJU60B4cJ0Tl3IQs5ePX1SevVht + M5n1ob47SCHxEuC+ZLNdLc6KRumcp3Ozk6Yxj3lZ0tqyngxY1C+1kTJwRyw9A7vO + +DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5 + uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; # non-stockholm diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix new file mode 100644 index 00000000..ebe5222c --- /dev/null +++ b/makefu/1systems/shoney.nix @@ -0,0 +1,30 @@ +{ config, pkgs, ... }: +let + ip = "64.137.235.70"; + gw = "64.137.235.1"; +in { + imports = [ + ../. + ../../tv/2configs/hw/CAC.nix + ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix + + ]; + + # minimal resources + services.nixosManual.enable = false; + programs.man.enable = false; + nix.gc.automatic = true; + nix.gc.dates = "03:10"; + + krebs = { + enable = true; + retiolum.enable = true; + build.host = config.krebs.hosts.shoney; + }; + networking.interfaces.enp2s1.ip4 = [ { + address = ip; + prefixLength = 24; + } ]; + networking.defaultGateway = gw; + networking.nameservers = [ "8.8.8.8" ]; +} -- cgit v1.2.3 From f832a63ce045823c1aeafec48fbe32b78ed7cd6d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Jun 2016 21:58:58 +0200 Subject: l 2 newsbot-js: fix some feeds --- lass/2configs/newsbot-js.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index 636b4439..f2b70d83 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -41,7 +41,6 @@ let cryptogon|http://www.cryptogon.com/?feed=rss2|#news csm|http://rss.csmonitor.com/feeds/csm|#news csm_world|http://rss.csmonitor.com/feeds/world|#news - cyberguerrilla|https://www.cyberguerrilla.org/a/2012/?feed=rss2|#news danisch|http://www.danisch.de/blog/feed/|#news dod|http://www.defense.gov/news/afps2.xml|#news dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#news @@ -102,7 +101,7 @@ let npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#news npr_pol|http://www.npr.org/rss/rss.php?id=1012|#news npr_world|http://www.npr.org/rss/rss.php?id=1004|#news - nsa|http://www.nsa.gov/rss.shtml|#news #bullerei + nsa|https://www.nsa.gov/rss.xml|#news #bullerei nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news painload|https://github.com/krebscode/painload/commits/master.atom|#news phys|http://phys.org/rss-feed/|#news -- cgit v1.2.3 From 69c36df9acb0ca85c7412bf2ebb815fe827c0ba9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Jun 2016 13:48:43 +0200 Subject: l 1 mors: add umts config --- lass/1systems/mors.nix | 1 + lass/2configs/umts.nix | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) create mode 100644 lass/2configs/umts.nix diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 598e502a..beb5659d 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -29,6 +29,7 @@ ../2configs/cbase.nix ../2configs/mail.nix ../2configs/krebs-pass.nix + ../2configs/umts.nix #../2configs/buildbot-standalone.nix { #risk of rain port diff --git a/lass/2configs/umts.nix b/lass/2configs/umts.nix new file mode 100644 index 00000000..ddba1b52 --- /dev/null +++ b/lass/2configs/umts.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +let + nixpkgs-1509 = import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs-channels"; + rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; + sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; + }) {}; + + wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113 + + modem-device = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09"; + + # TODO: currently it is only netzclub + umts-bin = pkgs.writeScriptBin "umts" '' + #!/bin/sh + set -euf + systemctl stop wpa_supplicant + systemctl start umts + trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT + echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf + journalctl -xfu umts + systemctl start wpa_supplicant + ''; + + wvdial-defaults = '' + Modem = ${modem-device} + Init1 = AT+CFUN=1 + Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + Stupid mode = 1 + phone= *99# + Username = netzclub + Password = netzclub + ''; + + + out = { + environment.shellAliases = { + umts = "sudo ${umts-bin}/bin/umts"; + }; + + security.sudo.extraConfig = '' + lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts + ''; + + environment.wvdial.dialerDefaults = wvdial-defaults; + + systemd.services.umts = { + description = "UMTS wvdial Service"; + serviceConfig = { + Type = "simple"; + Restart = "always"; + RestartSec = "10s"; + ExecStart = "${wvdial}/bin/wvdial -n"; + }; + }; + }; +in out + -- cgit v1.2.3 From de43b0e6f50e4d044cc0609a3d7d7c7d869552fe Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Jun 2016 13:49:24 +0200 Subject: l 2 websites fritz: activate sendmail --- lass/2configs/websites/fritz.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 63efbecb..c2b8ff11 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -12,6 +12,16 @@ let serveWordpress ; + msmtprc = pkgs.writeText "msmtprc" '' + account localhost + host localhost + account default: localhost + ''; + + sendmail = pkgs.writeDash "msmtp" '' + exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" + ''; + in { imports = [ ./sqlBackup.nix @@ -51,4 +61,14 @@ in { users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.fritz.pubkey ]; + + services.phpfpm.phpIni = pkgs.runCommand "php.ini" { + options = '' + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + sendmail_path = "${sendmail} -t -i" + ''; + } '' + cat ${pkgs.php}/etc/php-recommended.ini > $out + echo "$options" >> $out + ''; } -- cgit v1.2.3 From 2f77b404abc6ad36e75d437ce46ca2f6931fe389 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Jun 2016 14:07:59 +0200 Subject: l 2 umts: start wpa_supplicant again in trap --- lass/2configs/umts.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/2configs/umts.nix b/lass/2configs/umts.nix index ddba1b52..ac5991af 100644 --- a/lass/2configs/umts.nix +++ b/lass/2configs/umts.nix @@ -19,10 +19,9 @@ let set -euf systemctl stop wpa_supplicant systemctl start umts - trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT + trap "systemctl stop umts && systemctl start wpa_supplicant;trap - INT TERM EXIT;exit" INT TERM EXIT echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf journalctl -xfu umts - systemctl start wpa_supplicant ''; wvdial-defaults = '' -- cgit v1.2.3 From f256bbcb11565138e92266e97856438061b623a0 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 13 Jun 2016 16:22:51 +0200 Subject: cp tv/2/*CAC -> makefu/2/ --- makefu/1systems/shoney.nix | 22 ++++++++++++++-------- makefu/1systems/wry.nix | 4 ++-- makefu/2configs/fs/CAC-CentOS-7-64bit.nix | 20 ++++++++++++++++++++ makefu/2configs/hw/CAC.nix | 13 +++++++++++++ 4 files changed, 49 insertions(+), 10 deletions(-) create mode 100644 makefu/2configs/fs/CAC-CentOS-7-64bit.nix create mode 100644 makefu/2configs/hw/CAC.nix diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index ebe5222c..16e89199 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -1,15 +1,19 @@ { config, pkgs, ... }: let - ip = "64.137.235.70"; - gw = "64.137.235.1"; + ip = "64.137.234.215"; + alt-ip = "64.137.234.210"; + extra-ip = "64.137.234.114"; #currently unused + gw = "64.137.234.1"; in { imports = [ ../. - ../../tv/2configs/hw/CAC.nix - ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix + ../2configs/hw/CAC.nix + ../2configs/fs/CAC-CentOS-7-64bit.nix ]; + + # minimal resources services.nixosManual.enable = false; programs.man.enable = false; @@ -21,10 +25,12 @@ in { retiolum.enable = true; build.host = config.krebs.hosts.shoney; }; - networking.interfaces.enp2s1.ip4 = [ { - address = ip; - prefixLength = 24; - } ]; + networking.interfaces.enp2s1.ip4 = [ + { address = ip; prefixLength = 24; } + { address = alt-ip; prefixLength = 24; } + ]; networking.defaultGateway = gw; networking.nameservers = [ "8.8.8.8" ]; + networking.firewall.allowedUDPPorts = [ 655 1655 ]; + networking.firewall.allowedTCPPorts = [ 655 1655 ]; } diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index d9f8ded8..ed48c6ab 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -9,8 +9,8 @@ in { imports = [ ../. # TODO: copy this config or move to krebs - ../../tv/2configs/hw/CAC.nix - ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix + ../2configs/hw/CAC.nix + ../2configs/fs/CAC-CentOS-7-64bit.nix ../2configs/headless.nix ../2configs/bepasty-dual.nix diff --git a/makefu/2configs/fs/CAC-CentOS-7-64bit.nix b/makefu/2configs/fs/CAC-CentOS-7-64bit.nix new file mode 100644 index 00000000..c9eb97f4 --- /dev/null +++ b/makefu/2configs/fs/CAC-CentOS-7-64bit.nix @@ -0,0 +1,20 @@ +_: + +{ + boot.loader.grub = { + device = "/dev/sda"; + }; + fileSystems = { + "/" = { + device = "/dev/centos/root"; + fsType = "xfs"; + }; + "/boot" = { + device = "/dev/sda1"; + fsType = "xfs"; + }; + }; + swapDevices = [ + { device = "/dev/centos/swap"; } + ]; +} diff --git a/makefu/2configs/hw/CAC.nix b/makefu/2configs/hw/CAC.nix new file mode 100644 index 00000000..9ed18344 --- /dev/null +++ b/makefu/2configs/hw/CAC.nix @@ -0,0 +1,13 @@ +_: +{ + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + boot.loader.grub.splashImage = null; + nix = { + daemonIONiceLevel = 1; + daemonNiceLevel = 1; + }; + sound.enable = false; +} -- cgit v1.2.3 From 92fac1a26e0ab67c295d7cb8984d88e9e022ed1e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Jun 2016 18:19:35 +0200 Subject: l 1 dishfire: activate simple exim-smarthost --- lass/1systems/dishfire.nix | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index b5e55195..ec9f5369 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -5,7 +5,7 @@ ../. ../2configs/default.nix - ../2configs/exim-retiolum.nix + #../2configs/exim-retiolum.nix ../2configs/git.nix { boot.loader.grub = { @@ -63,6 +63,35 @@ { predicate = "-p tcp --dport https"; target = "ACCEPT"; } ]; } + { + #TODO: abstract & move to own file + krebs.exim-smarthost = { + enable = true; + relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + config.krebs.hosts.mors + config.krebs.hosts.uriel + config.krebs.hosts.helios + ]; + system-aliases = [ + { from = "mailer-daemon"; to = "postmaster"; } + { from = "postmaster"; to = "root"; } + { from = "nobody"; to = "root"; } + { from = "hostmaster"; to = "root"; } + { from = "usenet"; to = "root"; } + { from = "news"; to = "root"; } + { from = "webmaster"; to = "root"; } + { from = "www"; to = "root"; } + { from = "ftp"; to = "root"; } + { from = "abuse"; to = "root"; } + { from = "noc"; to = "root"; } + { from = "security"; to = "root"; } + { from = "root"; to = "lass"; } + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.dishfire; -- cgit v1.2.3 From d7e928e4b8470d991d6083c87b49d7290c9a0a96 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 13 Jun 2016 21:00:15 +0200 Subject: s 1 wolf: fix interface name --- shared/1systems/wolf.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 53334d6f..dc61414f 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -37,7 +37,7 @@ in networking = { firewall.enable = false; - interfaces.eth0.ip4 = [{ + interfaces.enp0s3.ip4 = [{ address = shack-ip; prefixLength = 20; }]; -- cgit v1.2.3 From 204c89131c06cfe4d0d9a7f95a3946ec5845818f Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 13 Jun 2016 21:00:38 +0200 Subject: s 1 buildbot: re-add treeStableTimer --- shared/2configs/shared-buildbot.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix index 5f3b3530..6c40d996 100644 --- a/shared/2configs/shared-buildbot.nix +++ b/shared/2configs/shared-buildbot.nix @@ -26,7 +26,7 @@ stockholm_repo, workdir='stockholm-poller', branches=True, project='stockholm', - pollinterval=120)) + pollinterval=60)) ''; scheduler = { force-scheduler = '' @@ -43,7 +43,7 @@ sched.append(schedulers.SingleBranchScheduler( ## all branches change_filter=util.ChangeFilter(branch_re=".*"), - # treeStableTimer=10, + treeStableTimer=10, name="fast-all-branches", builderNames=["fast-tests"])) ''; -- cgit v1.2.3 From eaaa96a65e76b313594d0b1155a4ca78ec91aae9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Jun 2016 22:58:00 +0200 Subject: l 2 fetchWallpaper: check for umts --- lass/2configs/fetchWallpaper.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index d28ae935..a724e2e4 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -5,6 +5,7 @@ let in { krebs.fetchWallpaper = { enable = true; + unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; url = "prism/wallpaper.png"; }; } -- cgit v1.2.3 From abd7b0bd28ccf7635d5f14c7e38bb130dddf8d99 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Jun 2016 22:58:41 +0200 Subject: l 2 umts: upgrade wvdial-de