From 6e28354f923f25b4bddc4835fe1d1457de71412c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 16:36:34 +0200 Subject: l: sync .weechat --- lass/1systems/blue/config.nix | 2 ++ lass/1systems/mors/config.nix | 2 ++ 2 files changed, 4 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index a287f548..43c80d52 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -15,9 +15,11 @@ with import ; krebs.syncthing.folders = [ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } ]; environment.shellAliases = { diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index fa5fb551..52bcc9e1 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -52,10 +52,12 @@ with import ; krebs.syncthing.folders = [ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; } + { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; } + { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } ]; } { -- cgit v1.2.3 From d61f9654f294f4e491e6ff8bb04f34c916d7cf67 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:38:57 +0200 Subject: l daedalus.r: add ublock origin --- lass/1systems/daedalus/config.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index e28fbf2f..56c9c5fb 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -27,6 +27,12 @@ with import ; enable = true; systemWide = true; }; + programs.chromium = { + enable = true; + extensions = [ + "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin + ]; + }; environment.systemPackages = with pkgs; [ pavucontrol #firefox -- cgit v1.2.3 From cef929303a5c0a992aeddedc6aa57d503c7891df Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:39:50 +0200 Subject: l littleT: import green-host --- lass/1systems/littleT/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index eee23ee6..d44e6205 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -8,6 +8,7 @@ with import ; + ]; networking.networkmanager.enable = true; -- cgit v1.2.3 From 0dc099791b311afabf4ce26de98e9ab628b2d2a0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:41:51 +0200 Subject: l mors.r: add dns update scripts --- lass/1systems/mors/config.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 52bcc9e1..3db29a71 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -137,6 +137,18 @@ with import ; (pkgs.writeDashBin "btc-kraken" '' ${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]' '') + (pkgs.writeDashBin "krebsco.de" '' + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + ${pkgs.brain}/bin/brain show krebs-secrets/ovh-secrets.json > "$TMPDIR"/ovh-secrets.json + OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.krebszones}/bin/krebszones import + ${pkgs.coreutils}/bin/rm -rf "$TMPDIR" + '') + (pkgs.writeDashBin "lassul.us" '' + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + ${pkgs.pass}/bin/pass show admin/ovh/api.config > "$TMPDIR"/ovh-secrets.json + OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.ovh-zone}/bin/ovh-zone import /etc/zones/lassul.us lassul.us + ${pkgs.coreutils}/bin/rm -rf "$TMPDIR" + '') ]; #TODO: fix this shit -- cgit v1.2.3 From 8d6957c64f310b38df47da587ee1a01437bd6489 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:48:20 +0200 Subject: l green.r: sync .weechat --- lass/1systems/green/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index 6ae157e3..3abc03c2 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -16,12 +16,13 @@ with import ; krebs.syncthing.folders = [ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } ]; - #networking.nameservers = [ "1.1.1.1" ]; #time.timeZone = "Europe/Berlin"; -- cgit v1.2.3 From 2e6376fbd04000597557e69bce0c00ee0db5277e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:50:47 +0200 Subject: l mors.r: sync the_playlist with prism.r --- lass/1systems/mors/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 3db29a71..706c3f58 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -51,7 +51,7 @@ with import ; { krebs.syncthing.folders = [ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } - { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; } + { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" "prism" ]; } { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ -- cgit v1.2.3 From 631bc1c48068a3649762074178f85e3024bd1736 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 18:10:23 +0200 Subject: l: add more green.r hosts --- lass/1systems/shodan/config.nix | 1 + lass/1systems/skynet/config.nix | 1 + 2 files changed, 2 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 39c0791f..7236d5e9 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -15,6 +15,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 0bf3e6b4..70787e51 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -8,6 +8,7 @@ with import ; + { services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; -- cgit v1.2.3 From ff86e4a137ff28b0a3ef2279d7397aa81cea1c03 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 18:12:47 +0200 Subject: l shodan.r & icarus.r: decrypt via ssh --- lass/1systems/icarus/config.nix | 1 + lass/1systems/shodan/config.nix | 1 + 2 files changed, 2 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 06b1e736..d8c8699a 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -20,6 +20,7 @@ + ]; krebs.build.host = config.krebs.hosts.icarus; diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 7236d5e9..5de87d79 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -16,6 +16,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; -- cgit v1.2.3 From bfff3b0a698bd5a7ea1f90511c2578bdb4828b97 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:00:06 +0200 Subject: l: reorganize syncs --- lass/1systems/blue/config.nix | 11 ++--------- lass/1systems/green/config.nix | 12 ++---------- lass/1systems/mors/config.nix | 6 ++---- 3 files changed, 6 insertions(+), 23 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index 43c80d52..14f4971f 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -9,19 +9,12 @@ with import ; + + ]; krebs.build.host = config.krebs.hosts.blue; - krebs.syncthing.folders = [ - { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } - { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } - ]; - lass.ensure-permissions = [ - { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } - { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } - ]; - environment.shellAliases = { deploy = pkgs.writeDash "deploy" '' set -eu diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index 3abc03c2..0b4b50ee 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -8,21 +8,13 @@ with import ; - # + + ]; krebs.build.host = config.krebs.hosts.green; - krebs.syncthing.folders = [ - { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } - { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } - ]; - lass.ensure-permissions = [ - { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } - { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } - ]; - #networking.nameservers = [ "1.1.1.1" ]; #time.timeZone = "Europe/Berlin"; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 706c3f58..01410cdb 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -26,6 +26,8 @@ with import ; + + @@ -50,14 +52,10 @@ with import ; } { krebs.syncthing.folders = [ - { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" "prism" ]; } - { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ - { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; } - { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } ]; } { -- cgit v1.2.3 From 23e81c6a15f1617fc9064eb13372fb7e12498ff3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:01:03 +0200 Subject: l daedalus.r: add zsnes --- lass/1systems/daedalus/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 56c9c5fb..37a1b6d4 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -47,6 +47,7 @@ with import ; geeqie vlc minecraft + zsnes ]; nixpkgs.config.firefox.enableAdobeFlash = true; services.xserver.enable = true; -- cgit v1.2.3 From ee89afab29f40c70fc863ea1aa27f72ed0411d3d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:01:14 +0200 Subject: l daedalus.r: remove minecraft --- lass/1systems/daedalus/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 37a1b6d4..6e3df12f 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -46,7 +46,6 @@ with import ; wine geeqie vlc - minecraft zsnes ]; nixpkgs.config.firefox.enableAdobeFlash = true; -- cgit v1.2.3 From 61da9d16449409f02509c1c2ec201f8dc7ad87b2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:01:34 +0200 Subject: l iso: fix build --- lass/1systems/iso.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index be064bed..a814cc6b 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -6,7 +6,6 @@ with import ; - { @@ -40,9 +39,10 @@ with import ; networking.hostName = "lass-iso"; } { + nixpkgs.config.packageOverrides = import pkgs; krebs.enable = true; krebs.build.user = config.krebs.users.lass; - krebs.build.host = config.krebs.hosts.iso; + krebs.build.host = {}; } { nixpkgs.config.allowUnfree = true; @@ -174,11 +174,13 @@ with import ; user = "lass"; }; windowManager.default = "xmonad"; - windowManager.session = [{ + windowManager.session = let + xmonad-lass = pkgs.callPackage { inherit config; }; + in [{ name = "xmonad"; start = '' ${pkgs.xorg.xhost}/bin/xhost +LOCAL: - ${pkgs.xmonad-lass}/bin/xmonad & + ${xmonad-lass}/bin/xmonad & waitPID=$! ''; }]; -- cgit v1.2.3 From 9f19b5f9619688a8249c0db5fcc9aec4d2fc7fbf Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:05:20 +0200 Subject: l mors.r: add transgui to pkgs --- lass/1systems/mors/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 01410cdb..69b931a9 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -92,6 +92,7 @@ with import ; pkgs.ovh-zone pkgs.bank pkgs.adb-sync + pkgs.transgui ]; } { -- cgit v1.2.3 From b246b8ac43c0ab552617956357cc12b36d5a18fd Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:08:14 +0200 Subject: l morpheus.r: add autologin --- lass/1systems/morpheus/config.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix index 0d82ba61..cab267d5 100644 --- a/lass/1systems/morpheus/config.nix +++ b/lass/1systems/morpheus/config.nix @@ -30,4 +30,12 @@ with import ; ]; }; }; + + + services.xserver.desktopManager.default = "none"; + services.xserver.displayManager.lightdm.autoLogin = { + enable = true; + user = "lass"; + timeout = 5; + }; } -- cgit v1.2.3 From 40968c0129b389415bdca5647b71b3a82b1ddd15 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:10:20 +0200 Subject: l prism.r: add samba wiregrill share --- lass/1systems/prism/config.nix | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index b3b7ac0d..d7b0b701 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -413,6 +413,42 @@ with import ; ]; }; } + { #macos mounting of yellow + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i wiregrill -p tcp --dport 139"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 137"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 138"; target = "ACCEPT"; } + ]; + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + services.samba = { + enable = true; + enableNmbd = true; + shares = { + download = { + path = "/var/download/finished"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From e4c59ba54992a80671c45d38ab96f7ff0d22b900 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:11:20 +0200 Subject: l yellow.r: reduce transmission journal spam --- lass/1systems/yellow/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 8b3b2814..cda0d0a3 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -31,6 +31,7 @@ with import ; download-dir = "/var/download/finished"; incomplete-dir = "/var/download/incoming"; incomplete-dir-enable = true; + message-level = 1; umask = "002"; rpc-whitelist-enabled = false; rpc-host-whitelist-enabled = false; -- cgit v1.2.3 From d0d3fcb2d2b9ed82dd1ff2864b9fbbd88aa65ff4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:24:50 +0200 Subject: l mors.r: remove chromecast firewall rule --- lass/1systems/mors/config.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 69b931a9..7e183f40 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -43,8 +43,6 @@ with import ; krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } - #chromecast - { predicate = "-p udp -m multiport --sports 32768:61000 -m multiport --dports 32768:61000"; target = "ACCEPT"; } #quake3 { predicate = "-p tcp --dport 27950:27965"; target = "ACCEPT"; } { predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; } -- cgit v1.2.3