From c7db9e13cde6ba34afd863d0f9e77410c194039c Mon Sep 17 00:00:00 2001 From: xkey Date: Sat, 4 Sep 2021 14:02:28 +0200 Subject: external: add aleph.r --- krebs/3modules/external/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 75be5832..29c0d34f 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -639,7 +639,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.13.12"; - aliases = [ "catalonia.r" ]; + aliases = [ "catalonia.r" "aleph.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y -- cgit v1.2.3 From 357a021c94dd67be170139b6d9da805adb238ebc Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 5 Sep 2021 21:15:06 +0200 Subject: ma: add rss.makefu.r --- krebs/3modules/makefu/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 30d90bf2..03431ce5 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -233,6 +233,7 @@ in { "wiki.gum.r" "wiki.makefu.r" "warrior.gum.r" + "rss.makefu.r" "sick.makefu.r" "dl.gum.r" "dl.makefu.r" -- cgit v1.2.3 From aaae1b2f5b6532ae6f5def1678957e2a6dc00c28 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Sep 2021 22:09:27 +0200 Subject: hidden-ssh: fix to work with new nixos tor service --- krebs/3modules/hidden-ssh.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix index 1e56e62f..4436a616 100644 --- a/krebs/3modules/hidden-ssh.nix +++ b/krebs/3modules/hidden-ssh.nix @@ -27,14 +27,17 @@ let imp = let torDirectory = "/var/lib/tor"; # from tor.nix - hiddenServiceDir = torDirectory + "/ssh-announce-service"; + hiddenServiceDir = torDirectory + "/onion/hidden-ssh"; in { services.tor = { enable = true; - extraConfig = '' - HiddenServiceDir ${hiddenServiceDir} - HiddenServicePort 22 127.0.0.1:22 - ''; + relay.onionServices.hidden-ssh = { + version = 3; + map = [{ + port = 22; + target.port = 22; + }]; + }; client.enable = true; }; systemd.services.hidden-ssh-announce = { -- cgit v1.2.3 From b471ff4191011b000f60dd2c6dafc6e5ed9458c2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Sep 2021 22:51:37 +0200 Subject: irc-announce: add tls flag --- krebs/3modules/announce-activation.nix | 5 +++++ krebs/3modules/hidden-ssh.nix | 20 ++++++++++++++++---- 2 files changed, 21 insertions(+), 4 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix index 76eb4b13..a40ae8ce 100644 --- a/krebs/3modules/announce-activation.nix +++ b/krebs/3modules/announce-activation.nix @@ -9,6 +9,7 @@ with import ; ${shell.escape (toString cfg.irc.port)} \ ${shell.escape cfg.irc.nick} \ ${shell.escape cfg.irc.channel} \ + ${escapeShellArg cfg.irc.tls} \ "$message" ''; default-get-message = pkgs.writeDash "announce-activation-get-message" '' @@ -50,6 +51,10 @@ in { default = "irc.r"; type = types.hostname; }; + tls = mkOption { + default = false; + type = types.bool; + }; }; }; config = mkIf cfg.enable { diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix index 4436a616..acbe717d 100644 --- a/krebs/3modules/hidden-ssh.nix +++ b/krebs/3modules/hidden-ssh.nix @@ -19,6 +19,14 @@ let type = types.str; default = "irc.hackint.org"; }; + port = mkOption { + type = types.int; + default = 6697; + }; + tls = mkOption { + type = types.bool; + default = true; + }; message = mkOption { type = types.str; default = "SSH Hidden Service at "; @@ -53,10 +61,14 @@ let echo "still waiting for ${hiddenServiceDir}/hostname" sleep 1 done - ${pkgs.untilport}/bin/untilport ${cfg.server} 6667 && \ - ${pkgs.irc-announce}/bin/irc-announce \ - ${cfg.server} 6667 ${config.krebs.build.host.name}-ssh \ - \${cfg.channel} \ + ${pkgs.untilport}/bin/untilport ${escapeShellArg cfg.server} ${toString cfg.port} + + ${pkgs.irc-announce}/bin/irc-announce \ + ${escapeShellArg cfg.server} \ + ${toString cfg.port} \ + "${config.krebs.build.host.name}-ssh" \ + ${escapeShellArg cfg.channel} \ + ${escapeShellArg cfg.tls} \ "${cfg.message}$(cat ${hiddenServiceDir}/hostname)" ''; PrivateTmp = "true"; -- cgit v1.2.3 From 9cebb569811fb7975ca45997b3eb46e518397bec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 6 Sep 2021 18:51:51 +0200 Subject: mic92: restart realwallpaper on failure --- krebs/3modules/realwallpaper.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 76f33396..1fa6012c 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -51,6 +51,7 @@ let serviceConfig = { Type = "simple"; + Restart = "on-failure"; ExecStart = "${pkgs.realwallpaper}/bin/generate-wallpaper"; User = "realwallpaper"; }; -- cgit v1.2.3 From f2287d2024a5e3634ffb2115204aa4065afe2a4f Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Sep 2021 09:22:08 +0200 Subject: l: add mumble.lassul.us for mumble-web --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index b19e2e6f..7ad725cd 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -47,6 +47,7 @@ in { radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { -- cgit v1.2.3 From b8cd625a70fdd8811b8c5bfd0abf17a00c2e628c Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Sep 2021 09:23:02 +0200 Subject: l: add lasspi & domsen-pixel hosts --- krebs/3modules/lass/default.nix | 55 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 7ad725cd..693e04e6 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -786,6 +786,61 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd "; }; + lasspi = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.1.89"; + ip6.addr = r6 "189"; + aliases = [ + "lasspi.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3zUXIiw8/9okrGaxlAR1 + JvoXNxAzLj5wwE2B0A+9ppev7Vl52HJarNoM6+0RN4aZDGMhDWg8J5ZQSdGUNm5F + CIdxE1TwLXxzW5nd7BIb+MVsjtw0pxId7Gxq6Wgtx1QljUdsp8OVrJActqsmXYMl + oYEWdENHRONYTCyhs+Kd18MERyxQCqOXOnD170iaFuCcHiIa2nSOtlk+aIPNIE/P + Qsp7Q0RCRvqd5LszsI7bp3gZL9mgGquQEW+3ZxSaIYHGTdK/zI4PHYpEa7IvdJFS + BJjJj+PbilnSxy7iL826O8ckxBqA0rNS0EynCKCI0DoVimCeklk20vLagDyXiDyC + VW2774j1rF35eIowPTBVJNfquEptNDl9MLV3MC2P8gnCZp5x+7dEwpqsvecBQ7Z8 + +Ry9JZ/zlWi5qT86SrwKKqJqRhWHjZZSRzWdo4ypaNOy0cKHb2DcVfgn38Kf16xs + QM11XLCRE8VLIVl5UFgrF6q/0f8JP1BG8RO90NDsLwIW/EwKiJ9OGFtayvxkmgHP + zgmzgws8cn50762OPkp4OVzVexN77d9N8GU9QXAlsFyn2FJlO26DvFON4fHIf0bP + 6lqI1Up2jAy0eSl2txlxxKbKRlkIaebHulhxIxQ1djA+xPb/5cfasom9Qqwf6/Lc + 287nChBcbY+HlshTe0lZdrkCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "189"; + aliases = [ + "lasspi.w" + ]; + wireguard.pubkey = '' + IIBAiG7jZEliQJJsNUQswLsB5FQFkAfq5IwyHAp71Vw= + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEjYOaTQE9OvvIaWWjO+3/uSy7rvnhnJA48rWYeB2DfB"; + }; + + domsen-pixel = { + nets = { + wiregrill = { + ip4.addr = "10.244.1.17"; + ip6.addr = w6 "d0"; + aliases = [ + "domsen-pixel.w" + ]; + wireguard.pubkey = "cGuBSB1DftIsanbxrSG/i4FiC+TmQrs+Z0uE6SPscHY="; + }; + }; + external = true; + ci = false; + }; + }; users = rec { lass = lass-yubikey; -- cgit v1.2.3 From 68c7f79174ad1d30514a6529fdfd5957d799a4e1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 10 Sep 2021 09:24:12 +0200 Subject: l echelon.r: add syncthing id --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 693e04e6..3419d806 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -784,6 +784,7 @@ in { }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd "; + syncthing.id = "TT4MBZS-YNDZUYO-Y6L4GOK-5IYUCXY-2RKFOSK-5SMZYSR-5QMOXSS-6DNJIAZ"; }; lasspi = { -- cgit v1.2.3 From e7d5d990837981496fd8883c85391132200a5319 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 14 Sep 2021 19:10:16 +0200 Subject: rip Reaktor --- krebs/3modules/Reaktor.nix | 155 --------------------------------------------- krebs/3modules/default.nix | 1 - 2 files changed, 156 deletions(-) delete mode 100644 krebs/3modules/Reaktor.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix deleted file mode 100644 index 2a035d7b..00000000 --- a/krebs/3modules/Reaktor.nix +++ /dev/null @@ -1,155 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - - cfg = config.krebs.Reaktor; - homedir = "/var/lib/Reaktor"; - - out = { - options.krebs.Reaktor = api; - config = mkIf (cfg != {}) imp; - }; - - api = mkOption { - default = {}; - type = with types; attrsOf (submodule ({ options = { - - nickname = mkOption { - default = config.krebs.build.host.name + "|r"; - type = types.str; - description = '' - The nick name of the irc bot. - Defaults to {hostname}|r - ''; - }; - - overrideConfig = mkOption { - default = null; - type = types.nullOr types.str; - description = '' - configuration to be used instead of default ones. - Reaktor default cfg can be retrieved via `reaktor get-config` - ''; - }; - - plugins = mkOption { - default = [pkgs.ReaktorPlugins.nixos-version]; - }; - - workdir = mkOption { - default = "/var/lib/Reaktor"; - type = types.path; - description = '' - path to be used as workdir (home dir is still /var/lib/Reaktor) - ''; - }; - - extraConfig = mkOption { - default = ""; - type = types.str; - description = '' - configuration appended to the default or overridden configuration - ''; - }; - - extraEnviron = mkOption { - default = {}; - type = types.attrsOf types.str; - description = '' - Environment to be provided to the service, can be: - REAKTOR_HOST - REAKTOR_PORT - REAKTOR_STATEDIR - - debug and nickname can be set separately via the Reaktor api - ''; - }; - - channels = mkOption { - default = [ "#krebs" ]; - type = types.listOf types.str; - description = '' - Channels the Reaktor should connect to at startup. - ''; - }; - - debug = mkOption { - default = false; - description = '' - Reaktor debug output - ''; - }; - };})); - }; - - imp = { - # TODO get user per configured bot - # TODO get home from api - # for reaktor get-config - users.extraUsers = singleton rec { - name = "Reaktor"; - uid = genid name; - description = "Reaktor user"; - home = homedir; - createHome = true; - }; - - #users.extraGroups = singleton { - # name = "Reaktor"; - # gid = config.ids.gids.Reaktor; - #}; - - systemd.services = mapAttrs' (name: botcfg: - let - ReaktorConfig = pkgs.writeText "config.py" '' - ${if (isString botcfg.overrideConfig ) then '' - # Overriden Config - ${botcfg.overrideConfig} - '' else ""} - ## Extra Config - ${concatStringsSep "\n" (map (plug: plug.config) botcfg.plugins)} - ${botcfg.extraConfig} - ''; - in nameValuePair "Reaktor-${name}" { - path = with pkgs; [ - git # for nag - jq # for tell - python # for caps - utillinux # flock for tell - ]; - description = "Reaktor IRC Bot"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - environment = { - GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - PYTHONPATH = "${pkgs.Reaktor}/lib/python3.6/site-packages"; - REAKTOR_NICKNAME = botcfg.nickname; - REAKTOR_DEBUG = (if botcfg.debug then "True" else "False"); - REAKTOR_CHANNELS = lib.concatStringsSep "," botcfg.channels; - state_dir = botcfg.workdir; - - } // botcfg.extraEnviron; - serviceConfig= { - ExecStartPre = pkgs.writeScript "Reaktor-init" '' - #! /bin/sh - ${if (isString botcfg.overrideConfig) then - ''cp ${ReaktorConfig} /tmp/reaktor-${name}-config.py'' - else - ''(${pkgs.Reaktor}/bin/reaktor get-config;cat "${ReaktorConfig}" ) > /tmp/reaktor-${name}-config.py'' - } - mkdir -p ${botcfg.workdir} - ''; - ExecStart = "${pkgs.Reaktor}/bin/reaktor run /tmp/reaktor-${name}-config.py"; - PrivateTmp = "true"; - User = "Reaktor"; - Restart = "always"; - RestartSec= "30" ; - }; - } - ) cfg; - - }; - -in -out diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 30ca82b9..149995a2 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -43,7 +43,6 @@ let ./permown.nix ./per-user.nix ./power-action.nix - ./Reaktor.nix ./reaktor2.nix ./realwallpaper.nix ./retiolum-bootstrap.nix -- cgit v1.2.3 From 8a697d68974e8f8d8873120a9d2450babe3bfad0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Sun, 19 Sep 2021 09:22:08 +0200 Subject: external: refactor kmein hosts --- krebs/3modules/external/default.nix | 64 +++---------------------------------- 1 file changed, 5 insertions(+), 59 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 29c0d34f..eff2967e 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -18,42 +18,14 @@ with import ; in { hosts = mapAttrs hostDefaults { - toum = { - owner = config.krebs.users.kmein; - nets = { - retiolum = { - ip4.addr = "10.243.2.3"; - aliases = [ - "toum.r" - "toum.kmein.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2tRtskPP6391+ZX9xzsx - CUotXuqYucYmnUbrRSIlxASVqTmAf3nDOE5EDBBcTdSwnb02JcJW4Zh7+BGgMxjF - GxDPs6ETI28mHK+6rp8TOkMnyDb5mtSGVZPvKJU9fFOt6aAX1J1BzTfwtHtVQq7K - WBzdpeKXlw4dIQ6K6SGmPIPpEh9pE1Xb+GuVljCXKxGJFbW40dmh2ZdadO7umBDu - vRk08jT9/BUnUP6KrZlvyePnG38z6srMrVU+XAHu5D2qZ9y+QIp3kw7Y5JUrNXc7 - 9q9P9TYx15GiIz2mSJKcLVmkLRebsaqdV7dBibPbfdGE+NB+F1FYPGDdW4cnonon - DzzjGm/FDfOCXEnSkYGQDBWpfd/8AWum1xGJxJCPNBJElGE2o5jDWo4Y1b9gHP0M - vARm8AOK8R1pQ7BP+pNMO0gGw2NDrtWiWpTeZ7SqXmZAZ/Gmyen9X+/fowcbTyDH - b9joIuMQeOtxbUV2JprZIdit9NBFSZq/7Re/GBUwjGBm3LabIXFNGKZovx/f9lf8 - r5tVs4SPauiKzZS0K1Gz1NSq+3OXaY5EwVrBUXptYqRT7uyhVloOPRUsqRFeB0Fn - Y5xOpDJ0UiJxgFbdH5Vb81D/VjNO9Q4nZib8wSEuLrYLHGoceQPX4+Ov9IdhIL4B - BMTCaF+VCWC5PCLr0e61KqMCAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - wilde = { + kabsa = { owner = config.krebs.users.kmein; nets = { retiolum = { ip4.addr = "10.243.2.4"; aliases = [ - "wilde.r" - "wilde.kmein.r" + "kabsa.r" + "kabsa.kmein.r" ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- @@ -99,34 +71,6 @@ in { }; }; }; - homeros = { - owner = config.krebs.users.kmein; - nets = { - retiolum = { - ip4.addr = "10.243.2.1"; - aliases = [ - "homeros.r" - "homeros.kmein.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd - ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc - 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v - RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd - vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3 - +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc - QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm - fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh - VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7 - k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX - gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N - mJ/hywVtvLxNkNimyztoKKMCAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; horisa = { cores = 2; owner = config.krebs.users.ulrich; # main laptop @@ -205,6 +149,7 @@ in { aliases = [ "makanek.r" "makanek.kmein.r" + "grafana.kmein.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -317,6 +262,7 @@ in { aliases = [ "zaatar.r" "zaatar.kmein.r" + "radio.kmein.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3