From 7fe3cdd804de26f243f2c7698e46f5adaa2355db Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 9 Jun 2016 22:55:28 +0200 Subject: k 3 m: fix filepimp pubkey --- krebs/3modules/makefu/default.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 7d4bef9a..cf875f52 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -232,15 +232,16 @@ with config.krebs.lib; ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"; aliases = [ "filepimp.retiolum" + "filepimp.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY - BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3 - i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7 - 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS - u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa - OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB + MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg + 3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS + wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR + oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X + UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB + 8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB -----END RSA PUBLIC KEY----- ''; }; -- cgit v1.2.3 From 0d20b15ae318ac5e9c5d91c857c8abdaf2957556 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 11 Jun 2016 00:27:44 +0200 Subject: k 3 l: add cache.prism.r as alias --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 65da85ac..48ba0049 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -91,6 +91,7 @@ with config.krebs.lib; "prism.retiolum" "prism.r" "cgit.prism.retiolum" + "cache.prism.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From b9c0c46b4d0f9907f1b3fc96494be96abc60c8db Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:48:15 +0200 Subject: m shoney: init --- krebs/3modules/makefu/default.nix | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index cf875f52..1b4096d0 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -340,6 +340,35 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; + shoney = rec { + cores = 1; + nets = { + internet = { + ip4.addr = "64.137.235.70"; + aliases = [ + "shoney.i" + ]; + }; + retiolum = { + ip4.addr = "10.243.205.131"; + ip6.addr = "42:490d:cd82:d2bb:56d5:abd1:b88b:e8b4"; + aliases = [ + "shoney.retiolum" + "shoney.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAsYXzbotmODJqos+Ilve8WyO2qBti6eMDSOP59Aqb18h8A5b4tCTL + ygDo2xLLzRaINQAxfdaKcdMOWSEkiy1j/pBYs1tfqv4mT6BO+1t8LXz82D+YcT+4 + okGXklZ/H5L+T9cynbpKIwzTrw0DuOUhzs/WRFJU60B4cJ0Tl3IQs5ePX1SevVht + M5n1ob47SCHxEuC+ZLNdLc6KRumcp3Ozk6Yxj3lZ0tqyngxY1C+1kTJwRyw9A7vO + +DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5 + uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; # non-stockholm -- cgit v1.2.3 From 8656e83d4c5c736541b3f29470f591aa8e84d1e7 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 Jun 2016 01:34:08 +0200 Subject: k 3 ma: update shoney ip after failed deploy :3 --- krebs/3modules/makefu/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 1b4096d0..14cee8e1 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -344,7 +344,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { internet = { - ip4.addr = "64.137.235.70"; + ip4.addr = "64.137.234.215"; aliases = [ "shoney.i" ]; -- cgit v1.2.3 From 1e957a12555d8086d9a42472d5d1abfe5a73ba30 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Jun 2016 22:07:29 +0200 Subject: k 3 l: RIP fastpoke --- krebs/3modules/lass/default.nix | 31 ------------------------------- 1 file changed, 31 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 48ba0049..d561f4c2 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -108,37 +108,6 @@ with config.krebs.lib; ssh.privkey.path = ; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; }; - fastpoke = { - nets = rec { - internet = { - ip4.addr = "193.22.164.36"; - aliases = [ - "fastpoke.internet" - ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.253.152"; - ip6.addr = "42:422a:194f:ff3b:e196:2f82:5cf5:bc00"; - aliases = [ - "fastpoke.retiolum" - "fastpoke.r" - "cgit.fastpoke.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq - DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O - FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ - ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB - EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy - rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRyEogeejET/UlqYYzrla3W2xG771oLK8uTFsVlVQFes4/c++Pp3KryJ/+avb/FQGlUb5YTO2SViZyAPTyw3Anv/8wxryB6ExDcfiiPL9D4Kgk559Gc1C+8vJu3Se3zB9huefllhdwsVkeFrInyWRarH3LNSbBq1TH2Rw/T4wyDVILu/QFxyqECdNzi6sufQ/92rEi3oDqlMbS8f45nbVm9CJpdn7ATwLW1PoBrrYkGll3P7ggOmR45rgldTVCLq3rIrIooiOaOhY1Leq+/sBeDa7fVeRFxFaLGYb9KFjQ4x2kL+3dDv0r726wKhrMQX75g/+Hqkv2di4/AGETI71b"; - }; cloudkrebs = { cores = 1; nets = rec { -- cgit v1.2.3 From 27522d311c70e616f34d61b631ca2d61e61fda36 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Jun 2016 22:09:05 +0200 Subject: k 3 l: add domsen-nas --- krebs/3modules/lass/default.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index d561f4c2..760c2d69 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -108,6 +108,18 @@ with config.krebs.lib; ssh.privkey.path = ; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; }; + domsen-nas = { + nets = rec { + internet = { + aliases = [ + "domsen-nas.internet" + ]; + ip4.addr = "87.138.180.167"; + ssh.port = 2223; + }; + }; + ssh.pubkey = "ssh-dss AAAAB3NzaC1kc3MAAAEBAPH5Hcrc2QzIi7KQLf17N+aUuFfwb7uKxuojzmO3kyb3nMdn3s+rfTCJLWTJeHCeKb6yMpDF1XGXZwVN+omWV8CsA9tivOHYzZws3b0QB/JENjYmhHbNkKijm6EWXSyvsJ2RuFj0PC8+cv77ZFx7VTnrwZk6Excv7v51j+qo5BejLL1ZybISld/n3kQWE+GJqBYJ9zp/25XEl7macH02o58lRhfqygunDlKm4yiq34pfkA7FS4eHNzcXGvmtQlAHeDts1APbKq8OAoYoyCo0gjK9nbAwbfm0yqM51+eIo3H6xLWjSBdMI9guqndNJWps9PpKHa3bvM1xFB3vfoQZ6m8AAAAVAKf8ZCwMgP4ZpqwwNw4vIn1AuLnfAAABAQCVfUrpUWFvf/TXPucJde4CuAmtoMOrjpepAiXK7N9dwGyq/PbVxr4tnJ/RTyNGOFmBroc6/n0MnxR0qmkQPJNtM/Yz+kk+BCgwsyu2uenVOIX/eJFuQPQYiUdktTcgAyChMp99WF4yfKKgv1CDdMkpFi8xgBEN03s1sOKCRNwJ5rlpTNqh9LatuRyzWOIjNd7atkEYIQK92idJgqSmleo+UhJFfoOGjYlRbsnRVbvfqh7GVd7SSydhKhdb2eZjj2J8eMBwHNl1FLtqt02cnFW3FQDdXPbYYakN25z3F3sex/CPuBGJ0HRGq+y/Ynj/m99TPq9vLkzSUQPR4MmQ5feoAAABAG5L9ffMc/8T9dTeF7FEPlS54ka73M+pNY/5ehMykrrS9CVjFmvpeclnxkBpvjt3G5IlvkSsjUEE6kMk7mW9EV+USL0TTU/LavxXD8fLCSiIwResfLDRxjixjxVI1ouZeKNQ6B3tPOWOEIKR5nPlc7iy435nS77/NM3yBFH0KGdepr+3ZmdgWAjDLKjQhNyCz4Joc1IH1Vf5Ccvb6rsaJ91ajiq29iI2ZpLXXIQsS1ZYzO1Gr9xBTNgmzEmeLqFMcxDSJ+rLMF4VDjRdL2zz5BSmv/Ffj2nICMgv/gj3zzuk7zcMpnbvGyA3W8VWb6IjJDvww4rJ21Q2gHBC5XCohJs="; + }; cloudkrebs = { cores = 1; nets = rec { -- cgit v1.2.3 From a7310f526d611cb13f2f98ac46da1ab98d37ee24 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 23 Jun 2016 16:45:06 +0200 Subject: krebs 3 tinc_graphs: allow network different from retiolum --- krebs/3modules/tinc_graphs.nix | 59 ++++++++++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 22 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index dec89d24..0f1bae09 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -20,6 +20,18 @@ let default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat"; }; + hostsPath = mkOption { + type = types.str; + description = "Path to Hosts directory"; + default = "${config.krebs.retiolum.hostsPackage}"; + }; + + network = mkOption { + type = types.str; + description = "Tinc Network to use"; + default = "retiolum"; + }; + nginx = { enable = mkEnableOption "enable tinc_graphs to be served with nginx"; @@ -73,10 +85,10 @@ let }; imp = { - environment.systemPackages = [ pkgs.tinc_graphs]; + environment.systemPackages = [ pkgs.tinc_graphs ]; systemd.timers.tinc_graphs = { description = "Build Tinc Graphs via via timer"; - wantedBy = [ "timers.target"]; + wantedBy = [ "timers.target" ]; timerConfig = cfg.timerConfig; }; systemd.services.tinc_graphs = { @@ -85,7 +97,8 @@ let EXTERNAL_FOLDER = external_dir; INTERNAL_FOLDER = internal_dir; GEODB = cfg.geodbPath; - TINC_HOSTPATH = config.krebs.retiolum.hostsPackage; + TINC_HOSTPATH = cfg.hostsPath; + TINC_NETWORK = cfg.network; }; restartIfChanged = true; @@ -103,7 +116,7 @@ let cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}" fi ''; - ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs"; + ExecStart = ''${pkgs.tinc_graphs}/bin/all-the-graphs "${cfg.network}"''; ExecStartPost = pkgs.writeDash "tinc_graphs-post" '' # TODO: this may break if workingDir is set to something stupid @@ -121,24 +134,26 @@ let uid = genid "tinc_graphs"; home = "/var/spool/tinc_graphs"; }; - - krebs.nginx.servers = mkIf cfg.nginx.enable { - tinc_graphs_complete = mkMerge [ cfg.nginx.complete { - locations = [ - (nameValuePair "/" '' - autoindex on; - root ${internal_dir}; - '') - ]; - }] ; - tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous { - locations = [ - (nameValuePair "/" '' - autoindex on; - root ${external_dir}; - '') - ]; - }]; + krebs.nginx = mkIf cfg.nginx.enable { + enable = mkDefault true; + servers = { + tinc_graphs_complete = mkMerge [ cfg.nginx.complete { + locations = [ + (nameValuePair "/" '' + autoindex on; + root ${internal_dir}; + '') + ]; + }] ; + tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous { + locations = [ + (nameValuePair "/" '' + autoindex on; + root ${external_dir}; + '') + ]; + }]; + }; }; }; -- cgit v1.2.3 From 5894ecc94233b72003ac859fab8b12c8ade7766a Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 23 Jun 2016 16:45:44 +0200 Subject: add siem internal network --- krebs/3modules/makefu/default.nix | 51 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 47 insertions(+), 4 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 14cee8e1..0b58c75c 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -48,6 +48,12 @@ with config.krebs.lib; -----END RSA PUBLIC KEY----- ''; }; + siem = { + ip4.addr = "10.8.10.2"; + aliases = [ + "darth.siem" + ]; + }; }; }; tsp = { @@ -98,6 +104,12 @@ with config.krebs.lib; -----END RSA PUBLIC KEY----- ''; }; + siem = { + ip4.addr = "10.8.10.4"; + aliases = [ + "arch.siem" + ]; + }; }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster"; @@ -184,6 +196,8 @@ with config.krebs.lib; internet = { ip4.addr = "104.233.87.86"; aliases = [ + "wry.i" + "paste.i" "wry.internet" "paste.internet" ]; @@ -194,10 +208,10 @@ with config.krebs.lib; ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad"; aliases = [ "graphs.wry.retiolum" - "graphs.retiolum" + "graphs.r" "graphs.retiolum" "paste.wry.retiolum" - "paste.retiolum" - "wry.retiolum" + "paste.r" "paste.retiolum" + "wry.r" "wry.retiolum" "wiki.makefu.retiolum" "wiki.wry.retiolum" "blog.makefu.retiolum" @@ -343,6 +357,13 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB shoney = rec { cores = 1; nets = { + siem = { + ip4.addr = "10.8.10.1"; + aliases = [ + "sjump.siem" + "graphs.siem" + ]; + }; internet = { ip4.addr = "64.137.234.215"; aliases = [ @@ -456,6 +477,28 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; + lariat = rec { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.64.7"; + aliases = [ + "lariat.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAqiDzxADQYY8cWBH+R5aKSoxaFHLvPvVMgB7R1Y6QVTqD5YUCuINX + eBLFV9idHnHzdZU+xo/c8EFQf0hvyP0z3bcXaiw+RlpEYdK6tuaypJ3870toqWmA + 269H8ufA3DA0hxlY7dwnhg8Rb7KGIlNN8fy4RMGe73PupF5aAmiDiEhPalv4E0qJ + unmk5y1OHQFPxYm++yLo5SVFlcO89jDtGpvg5papp8JvtxTkrshby1lXf/sph3Cv + d1z6h7S+HgT+BMwTZY5dIrwYAcob/t1sRmWsY62P1n02RbiJFm27wg0t/ZcfsI2o + yBjRTiK5ACJaIdpM99/902gJsuJASPGB2QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + soundflower = rec { cores = 1; nets = { @@ -598,6 +641,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; }; + } // { # hosts only maintained in stockholm, not owned by me muhbaasu = rec { cores = 1; nets = { @@ -626,7 +670,6 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; }; }; - } // { # hosts only maintained in stockholm, not owned by me tpsw = { cores = 2; owner = config.krebs.users.ciko; # main laptop -- cgit v1.2.3 From edcc01d8e3e8c86f6329dbd7fc4c125a6da0f397 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 24 Jun 2016 15:24:42 +0200 Subject: k 3 repo-sync: refactor, allow multiple repos --- krebs/3modules/repo-sync.nix | 124 +++++++++++++++++++++++-------------------- 1 file changed, 67 insertions(+), 57 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index c5c806cd..2388c361 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -11,38 +11,39 @@ let api = { enable = mkEnableOption "repo-sync"; - config = mkOption { - type = with types;attrsOf (attrsOf (attrsOf str)); + repos = mkOption { + type = with types;attrsOf (attrsOf (attrsOf (attrsOf str))); example = literalExample '' # see `repo-sync --help` # `ref` provides sane defaults and can be omitted # attrset will be converted to json and be used as config - { + { repo = { makefu = { - origin = { - url = http://github.com/makefu/repo ; - ref = "heads/dev" ; - }; - mirror = { - url = "git@internal:mirror" ; - ref = "heads/github-mirror-dev" ; - }; + origin = { + url = http://github.com/makefu/repo ; + ref = "heads/dev" ; + }; + mirror = { + url = "git@internal:mirror" ; + ref = "heads/github-mirror-dev" ; + }; }; lass = { - origin = { - url = http://github.com/lass/repo ; - }; - mirror = { - url = "git@internal:mirror" ; - }; + origin = { + url = http://github.com/lass/repo ; + }; + mirror = { + url = "git@internal:mirror" ; + }; }; "@latest" = { - mirror = { - url = "git@internal:mirror"; - ref = "heads/master"; - }; + mirror = { + url = "git@internal:mirror"; + ref = "heads/master"; + }; }; + }; }; ''; }; @@ -56,53 +57,62 @@ let type = types.str; default = "/var/lib/repo-sync"; }; + + user = mkOption { + type = types.user; + default = { + name = "repo-sync"; + home = cfg.stateDir; + }; + }; + privateKeyFile = mkOption { - type = types.str; - description = '' - used by repo-sync to identify with ssh service - ''; - default = toString ; + type = types.secret-file; + default = { + path = "${cfg.stateDir}/ssh.priv"; + owner = cfg.user; + source-path = toString + "/repo-sync.ssh.key"; + }; }; + }; - repo-sync-config = pkgs.writeText "repo-sync-config.json" - (builtins.toJSON cfg.config); imp = { - users.users.repo-sync = { - name = "repo-sync"; - uid = genid "repo-sync"; - description = "repo-sync user"; - home = cfg.stateDir; + users.users.${cfg.user.name} = { + inherit (cfg.user) home name uid; createHome = true; + description = "repo-sync user"; }; - systemd.timers.repo-sync = { - description = "repo-sync timer"; - wantedBy = [ "timers.target" ]; + systemd.timers = mapAttrs' (name: repo: + nameValuePair "repo-sync-${name}" { + description = "repo-sync timer"; + wantedBy = [ "timers.target" ]; - timerConfig = cfg.timerConfig; - }; - systemd.services.repo-sync = { - description = "repo-sync"; - after = [ "network.target" ]; + timerConfig = cfg.timerConfig; + } + ) cfg.repos; - path = with pkgs; [ ]; + systemd.services = mapAttrs' (name: repo: + let + repo-sync-config = pkgs.writeText "repo-sync-config-${name}.json" + (builtins.toJSON repo); + in nameValuePair "repo-sync-${name}" { + description = "repo-sync"; + after = [ "network.target" "secret.service" ]; - environment = { - GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv"; - }; + environment = { + GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv"; + }; - serviceConfig = { - Type = "simple"; - PermissionsStartOnly = true; - ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" '' - cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv - chown repo-sync ${cfg.stateDir}/ssh.priv - ''; - ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}"; - WorkingDirectory = cfg.stateDir; - User = "repo-sync"; - }; - }; + serviceConfig = { + Type = "simple"; + PermissionsStartOnly = true; + ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}"; + WorkingDirectory = cfg.stateDir; + User = "repo-sync"; + }; + } + ) cfg.repos; }; in out -- cgit v1.2.3 From 2de4843bae0d2c107d0f971ec40fac522003503c Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 24 Jun 2016 15:27:23 +0200 Subject: k 3 l: add prism-repo-sync pubkey --- krebs/3modules/lass/default.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 760c2d69..5f7afa01 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -296,5 +296,9 @@ with config.krebs.lib; fritz = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; }; + prism-repo-sync = { + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C"; + mail = "lass@prism.r"; + }; }; } -- cgit v1.2.3 From ba0a7978ba56cd0965c7331e6c0aa759ff26a984 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 24 Jun 2016 16:04:04 +0200 Subject: k 3 repo-sync: set REPONAME This is needed to allow multiple repo fetching at the same time --- krebs/3modules/repo-sync.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 2388c361..3f251525 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -103,6 +103,7 @@ let environment = { GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv"; + REPONAME = "${name}.git"; }; serviceConfig = { -- cgit v1.2.3 From fe07d46310e3320161f9c82e021f200ed02fbadf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 17:51:52 +0200 Subject: k 3 l: add user mors-repo-sync --- krebs/3modules/lass/default.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 5f7afa01..d2542041 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -300,5 +300,9 @@ with config.krebs.lib; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C"; mail = "lass@prism.r"; }; + mors-repo-sync = { + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h"; + mail = "lass@mors.r"; + }; }; } -- cgit v1.2.3 From 16b639e50ad2c2cbf33a545f244fb65d28e2f292 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 17:53:11 +0200 Subject: k 3 repo-sync: add unitConfig option --- krebs/3modules/repo-sync.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 3f251525..0725d18f 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -75,6 +75,16 @@ let }; }; + unitConfig = mkOption { + type = types.attrsOf types.str; + description = "Extra unit configuration for fetchWallpaper to define conditions and assertions for the unit"; + example = literalExample '' + # do not start when running on umts + { ConditionPathExists = "!/var/run/ppp0.pid"; } + ''; + default = {}; + }; + }; imp = { @@ -113,6 +123,7 @@ let WorkingDirectory = cfg.stateDir; User = "repo-sync"; }; + unitConfig = cfg.unitConfig; } ) cfg.repos; }; -- cgit v1.2.3 From 13f7ef405bfd84c6f262be6845a0980433b5b773 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 18:20:36 +0200 Subject: k 3 repo-sync: use the privateKeyFile --- krebs/3modules/repo-sync.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 0725d18f..0317d1ec 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -88,6 +88,7 @@ let }; imp = { + krebs.secret.files.repo-sync-key = cfg.privateKeyFile; users.users.${cfg.user.name} = { inherit (cfg.user) home name uid; createHome = true; -- cgit v1.2.3 From 1fcc20aa493161f52e02952800fc29f1c3ee9033 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 19:20:11 +0200 Subject: k 5 git-hooks: add option for branches --- krebs/5pkgs/git-hooks/default.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/5pkgs/git-hooks/default.nix b/krebs/5pkgs/git-hooks/default.nix index c8e8c8f5..6f2cb8b6 100644 --- a/krebs/5pkgs/git-hooks/default.nix +++ b/krebs/5pkgs/git-hooks/default.nix @@ -8,13 +8,14 @@ let }; # TODO irc-announce should return a derivation - irc-announce = { nick, channel, server, port ? 6667, verbose ? false }: '' + irc-announce = { nick, channel, server, port ? 6667, verbose ? false, branches ? [] }: '' #! /bin/sh set -euf export PATH=${makeBinPath (with pkgs; [ coreutils git + gnugrep gnused ])} @@ -54,6 +55,12 @@ let h=$(echo $ref | sed 's:^refs/heads/::') + ${optionalString (branches != []) '' + if ! (echo "$h" | grep -qE "${concatStringsSep "|" branches}"); then + echo "we are not serving this branch: $h" + exit 0 + fi + ''} # empty_tree=$(git hash-object -t tree /dev/null) empty_tree=4b825dc6 -- cgit v1.2.3 From edcdd5f06788b3e748bf7f908b9510cdfd3c13fe Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jun 2016 19:58:41 +0200 Subject: k 5: override buildbots sqlalchemy --- krebs/5pkgs/default.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index f2bbaf7f..f0bda0ee 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -38,13 +38,13 @@ with config.krebs.lib; ReaktorPlugins = callPackage ./Reaktor/plugins.nix {}; - #buildbot = callPackage { - # inherit (pkgs.pythonPackages) twisted jinja2; - # dateutil = pkgs.pythonPackages.dateutil_1_5; - # sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override { - # doCheck = false; - # }); - #}; + buildbot = callPackage { + inherit (pkgs.pythonPackages) twisted jinja2; + dateutil = pkgs.pythonPackages.dateutil_1_5; + sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override { + doCheck = false; + }); + }; # XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d symlinkJoin = { name, paths, ... }@args: let -- cgit v1.2.3 From 1012224e6707324ba075092017a0c2a9421ddfa7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jun 2016 17:24:36 +0200 Subject: little bit of code cleanup --- krebs/3modules/iptables.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index dccc11b3..b610ff3d 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -1,4 +1,4 @@ -arg@{ config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: let inherit (pkgs) writeText; -- cgit v1.2.3 From a8a3ac5640d1243b970dc9c6c788cf3e91a42f31 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jun 2016 17:54:33 +0200 Subject: k 5 Reaktor: fix build on newer nixpkgs --- krebs/5pkgs/Reaktor/default.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'krebs') diff --git a/krebs/5pkgs/Reaktor/default.nix b/krebs/5pkgs/Reaktor/default.nix index c4a36275..fc371082 100644 --- a/krebs/5pkgs/Reaktor/default.nix +++ b/krebs/5pkgs/Reaktor/default.nix @@ -3,6 +3,9 @@ python3Packages.buildPythonPackage rec { name = "Reaktor-${version}"; version = "0.5.1"; + + doCheck = false; + propagatedBuildInputs = with pkgs;[ python3Packages.docopt python3Packages.requests2 -- cgit v1.2.3