From 809ffa435c4ba759a6cfd7fdffc976499d470d82 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 13 Dec 2015 14:35:30 +0100 Subject: m 2 default: use timesyncd instead of ntpd --- makefu/2configs/default.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 760c7078..51963528 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -80,7 +80,14 @@ with lib; "d /tmp 1777 root root - -" ]; - environment.variables.EDITOR = mkForce "vim"; + environment.variables = { + NIX_PATH = with config.krebs.build.source; with dir; with git; + mkForce (concatStringsSep ":" [ + "nixpkgs=${nixpkgs.target-path}" + "${nixpkgs.target-path}" + ]); + EDITOR = mkForce "vim"; + }; environment.systemPackages = with pkgs; [ jq @@ -124,6 +131,14 @@ with lib; services.cron.enable = false; services.nscd.enable = false; + services.ntp.enable = false; + services.timesyncd.enable = true; + services.ntp.servers = [ + "pool.ntp.org" + "time.windows.com" + "time.apple.com" + "time.nist.gov" + ]; security.setuidPrograms = [ "sendmail" ]; services.journald.extraConfig = '' -- cgit v1.2.3 From c3bd222b9f8c4b7d08a447760ae5ae28b90f217e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:17:21 +0100 Subject: m 2 tinc: add ire as potential supernode --- makefu/2configs/tinc-basic-retiolum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/tinc-basic-retiolum.nix b/makefu/2configs/tinc-basic-retiolum.nix index fd6d1683..2abf4f18 100644 --- a/makefu/2configs/tinc-basic-retiolum.nix +++ b/makefu/2configs/tinc-basic-retiolum.nix @@ -9,6 +9,7 @@ with lib; "gum" "pigstarter" "fastpoke" + "ire" ]; }; } -- cgit v1.2.3 From 27ca97b78f66d6fca96e303cc650cc68065e9a1c Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:18:08 +0100 Subject: k 3 retiolum: add extraConfig --- krebs/3modules/retiolum.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 63364253..28ac6730 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -50,6 +50,14 @@ let ''; }; + extraConfig = mkOption { + type = types.str; + default = ""; + description = '' + Extra Configuration to be appended to tinc.conf + ''; + }; + tincPackage = mkOption { type = types.package; default = pkgs.tinc; @@ -203,6 +211,7 @@ let Interface = ${cfg.network} ${concatStrings (map (c : "ConnectTo = " + c + "\n") cfg.connectTo)} PrivateKeyFile = /tmp/retiolum-rsa_key.priv + ${cfg.extraConfig} EOF # source: krebscode/painload/retiolum/scripts/tinc_setup/tinc-up -- cgit v1.2.3 From 72238439c5c8010323030112b9b041f5d6fd27e3 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:18:34 +0100 Subject: m 1 gum: add extra ports to gum retiolum --- makefu/1systems/gum.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 75607aa4..417a020f 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -14,14 +14,20 @@ in { # ../2configs/iodined.nix ../2configs/git/cgit-retiolum.nix ../2configs/mattermost-docker.nix + ../2configs/nginx/euer.test.nix ]; + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; ###### stable krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; - + krebs.retiolum.extraConfig = '' + ListenAddress = ${external-ip} 53 + ListenAddress = ${external-ip} 655 + ListenAddress = ${external-ip} 21031 + ''; # Chat environment.systemPackages = with pkgs;[ @@ -53,10 +59,18 @@ in { 80 443 # tinc 655 + # tinc-shack + 21032 + # tinc-retiolum + 21031 ]; allowedUDPPorts = [ # tinc 655 53 + # tinc-retiolum + 21031 + # tinc-shack + 21032 ]; }; interfaces.et0.ip4 = [{ -- cgit v1.2.3 From 83208910bbedc70018c5a7f0e4b18baed418f9cf Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:32:20 +0100 Subject: m 2 git: add vbob pubkey --- krebs/Zpubkeys/makefu_vbob.ssh.pub | 1 + makefu/2configs/git/cgit-retiolum.nix | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 krebs/Zpubkeys/makefu_vbob.ssh.pub diff --git a/krebs/Zpubkeys/makefu_vbob.ssh.pub b/krebs/Zpubkeys/makefu_vbob.ssh.pub new file mode 100644 index 00000000..e5063aeb --- /dev/null +++ b/krebs/Zpubkeys/makefu_vbob.ssh.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@nixos diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 304d39fc..5143ca5a 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -24,6 +24,7 @@ let connector-repos = mapAttrs make-priv-repo { connector = { }; + minikrebs = { }; mattermost = { desc = "Mattermost Docker files"; }; @@ -54,7 +55,7 @@ let # TODO: get the list of all krebsministers krebsminister = with config.krebs.users; [ lass tv uriel ]; - all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ]; + all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob ]; all-exco = with config.krebs.users; [ exco ]; priv-rules = repo: set-owners repo all-makefu; @@ -85,6 +86,10 @@ in { name = "makefu-omo" ; pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub; }; + makefu-vbob = { + name = "makefu-vbob" ; + pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_vbob.ssh.pub; + }; makefu-tsp = { name = "makefu-tsp" ; pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub; -- cgit v1.2.3 From c865a5593e240c0a602e1f70b314d139087c4e45 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:32:41 +0100 Subject: k Zhosts: add gum extra port --- krebs/Zhosts/gum | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/Zhosts/gum b/krebs/Zhosts/gum index d43bb0d0..7a1a305d 100644 --- a/krebs/Zhosts/gum +++ b/krebs/Zhosts/gum @@ -1,5 +1,7 @@ Address= 195.154.108.70 Address= 195.154.108.70 53 +Address= 195.154.108.70 21031 + Subnet = 10.243.0.211 Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2 -- cgit v1.2.3 From 83924b9b6c84d7238fd0abb173a2c1dcbfe11ece Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:33:06 +0100 Subject: m 1 vbob:init --- krebs/3modules/makefu/default.nix | 25 ++++++++++++++++++++++ makefu/1systems/vbob.nix | 44 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 makefu/1systems/vbob.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 037abbdf..82a5635d 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -84,6 +84,31 @@ with lib; }; }; }; + + vbob = { + cores = 2; + dc = "makefu"; #vm local + nets = { + retiolum = { + addrs4 = ["10.243.1.91"]; + addrs6 = ["42:0b2c:d90e:e717:03dd:9ac1:0000:a400"]; + aliases = [ + "vbob.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr + 4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI + AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP + hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o + Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s + AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB + -----END RSA PUBLIC KEY----- + + ''; + }; + }; + }; flap = rec { cores = 1; dc = "cac"; #vps diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix new file mode 100644 index 00000000..4d8e8ced --- /dev/null +++ b/makefu/1systems/vbob.nix @@ -0,0 +1,44 @@ +# +# +# +{ config, pkgs, ... }: + +{ + krebs.build.host = config.krebs.hosts.vbob; + krebs.build.target = "root@10.10.10.220"; + imports = + [ # Include the results of the hardware scan. + + ../2configs/main-laptop.nix #< base-gui + + # environment + ../2configs/zsh-user.nix + ../2configs/virtualization.nix + ]; + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + environment.systemPackages = with pkgs;[ + get + ]; + + networking.firewall.allowedTCPPorts = [ + 25 + 80 + ]; + + krebs.retiolum = { + enable = true; + extraConfig = "Proxy = http global.proxy.alcatel-lucent.com 8000"; + hosts = ../../krebs/Zhosts; + connectTo = [ + "gum" + ]; + + }; + networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000"; + fileSystems."/media/share" = { + fsType = "vboxsf"; + device = "share"; + options = "rw,uid=9001,gid=9001"; + }; + +} -- cgit v1.2.3 From 9900811f941abf5e31f3c7b616e3fa27f88ffb35 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:36:36 +0100 Subject: m 2 git: use gum as primary git host --- makefu/2configs/git/cgit-retiolum.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 5143ca5a..68fd976d 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -43,7 +43,7 @@ let hooks = { post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; - verbose = config.krebs.build.host.name == "pnp"; + verbose = config.krebs.build.host.name == "gum"; channel = "#retiolum"; # TODO remove the hardcoded hostname server = "cd.retiolum"; -- cgit v1.2.3 From 6f150af8acf2195188518bf53d0330da7a4bb8f8 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:47:52 +0100 Subject: k Zhosts vbob: init --- krebs/Zhosts/vbob | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 krebs/Zhosts/vbob diff --git a/krebs/Zhosts/vbob b/krebs/Zhosts/vbob new file mode 100644 index 00000000..b233a46b --- /dev/null +++ b/krebs/Zhosts/vbob @@ -0,0 +1,9 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr +4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI +AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP +hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o +Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s +AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB +-----END RSA PUBLIC KEY----- +Subnet = 10.243.1.91/32 -- cgit v1.2.3