From ddb06a55426abe797b4ebad3165c4637c0b6975d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:27:53 +0200 Subject: l mors.r: add btc price getter --- lass/1systems/mors/config.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index cd259d0f..dab1910b 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -141,6 +141,15 @@ with import ; dnsutils generate-secrets + (pkgs.writeDashBin "btc-coinbase" '' + ${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount' + '') + (pkgs.writeDashBin "btc-wex" '' + ${pkgs.curl}/bin/curl -Ss 'https://wex.nz/api/3/ticker/btc_eur' | ${pkgs.jq}/bin/jq '.btc_eur.avg' + '') + (pkgs.writeDashBin "btc-kraken" '' + ${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]' + '') ]; #TODO: fix this shit -- cgit v1.2.3 From b0678507404bba2c12df39c1d21431ddd9102fcb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:28:39 +0200 Subject: l mors.r: add restic backups --- lass/1systems/mors/config.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index dab1910b..c59494e4 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -186,4 +186,34 @@ with import ; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; + + lass.restic = genAttrs [ + "daedalus" + "icarus" + "littleT" + "prism" + "shodan" + "skynet" + ] (dest: { + dirs = [ + "/home/lass/src" + "/home/lass/work" + "/home/lass/.gnupg" + "/home/lass/Maildir" + "/home/lass/stockholm" + "/home/lass/.password-store" + "/home/bitcoin" + "/home/bch" + ]; + passwordFile = (toString ) + "/restic/${dest}"; + repo = "sftp:backup@${dest}.r:/backups/mors"; + #sshPrivateKey = config.krebs.build.host.ssh.privkey.path; + extraArguments = [ + "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" + ]; + timerConfig = { + OnCalendar = "00:05"; + RandomizedDelaySec = "5h"; + }; + }); } -- cgit v1.2.3 From e77030e772899bcc747568752cdb2a997a6972bf Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:30:19 +0200 Subject: l prism.r: use iptables for hackerfleet --- lass/1systems/prism/config.nix | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index c0e4620c..e937db83 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -110,29 +110,13 @@ in { }; # TODO write function for proxy_pass (ssl/nonssl) - services.nginx.virtualHosts."hackerfleet.de" = { - serverAliases = [ - "*.hackerfleet.de" - ]; - locations."/".extraConfig = '' - proxy_pass http://192.168.122.92:80; - ''; - }; - services.nginx.virtualHosts."hackerfleet.de-s" = { - serverName = "hackerfleet.de"; - listen = [ - { - addr = "0.0.0.0"; - port = 443; - } - ]; - serverAliases = [ - "*.hackerfleet.de" - ]; - locations."/".extraConfig = '' - proxy_pass http://192.168.122.92:443; - ''; - }; + + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; } + ]; } { users.users.tv = { -- cgit v1.2.3 From c85c0f1b39aed212bb128c674f194f124a9454ce Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:31:08 +0200 Subject: l prism.r: fix deprecation warnings --- lass/1systems/prism/config.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index e937db83..983604f8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -8,11 +8,15 @@ in { imports = [ { - networking.interfaces.et0.ip4 = [ + networking.interfaces.et0.ipv4.addresses = [ { address = ip; prefixLength = 27; } + { + address = "46.4.114.243"; + prefixLength = 27; + } ]; networking.defaultGateway = "46.4.114.225"; networking.nameservers = [ -- cgit v1.2.3 From 817efa5f9d26effaa4c7a8efd6710fec4eb33300 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 15:14:35 +0200 Subject: l prism.r: kill kaepsele container --- lass/1systems/prism/config.nix | 20 -------------------- 1 file changed, 20 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 983604f8..68f1826b 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -189,26 +189,6 @@ in { localAddress = "10.233.2.2"; }; } - { - #kaepsele - systemd.services."container@kaepsele".reloadIfChanged = mkForce false; - containers.kaepsele = { - config = { ... }: { - imports = [ ]; - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - tv.pubkey - ]; - }; - autoStart = true; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.3"; - localAddress = "10.233.2.4"; - }; - } { #onondaga systemd.services."container@onondaga".reloadIfChanged = mkForce false; -- cgit v1.2.3 From eca81992947815db2700a831aa1ec38a0e70216b Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 16:52:48 +0200 Subject: l: kill legacy backups --- lass/1systems/cabal/config.nix | 1 - lass/1systems/daedalus/config.nix | 1 - lass/1systems/icarus/config.nix | 1 - lass/1systems/littleT/config.nix | 1 - lass/1systems/shodan/config.nix | 1 - lass/1systems/skynet/config.nix | 1 - 6 files changed, 6 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix index 7eba86c5..88f642d6 100644 --- a/lass/1systems/cabal/config.nix +++ b/lass/1systems/cabal/config.nix @@ -13,7 +13,6 @@ - ]; diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 609fae3c..0c7b7b6d 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -8,7 +8,6 @@ with import ; - { diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 46dc5e87..c55d694c 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -14,7 +14,6 @@ - ]; diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index 7211c78e..69c87e5a 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -8,7 +8,6 @@ with import ; - { users.users.blacky = { diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 7fb57544..5877d147 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -15,7 +15,6 @@ with import ; - ]; diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 0b949998..b2210282 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -9,7 +9,6 @@ with import ; # - { # discordius config services.xserver.enable = true; -- cgit v1.2.3 From 72abe80227ec5de5c2f7a55f6e2fe3da46c14538 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 16:55:43 +0200 Subject: l: config for backup target --- lass/1systems/daedalus/config.nix | 1 + lass/1systems/helios/config.nix | 1 + lass/1systems/icarus/config.nix | 1 + lass/1systems/littleT/config.nix | 1 + lass/1systems/mors/config.nix | 1 + lass/1systems/shodan/config.nix | 1 + 6 files changed, 6 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 0c7b7b6d..c15fcdc2 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -10,6 +10,7 @@ with import ; + { # bubsy config users.users.bubsy = { diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index e64cfbe7..557fce1e 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -17,6 +17,7 @@ with import ; + { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index c55d694c..b6a0822b 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -16,6 +16,7 @@ + ]; krebs.build.host = config.krebs.hosts.icarus; diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index 69c87e5a..ef19e8d1 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -8,6 +8,7 @@ with import ; + { users.users.blacky = { diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index c59494e4..c21197f8 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -33,6 +33,7 @@ with import ; + { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 5877d147..42a46c5f 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -17,6 +17,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; -- cgit v1.2.3 From f888226d37abeff6e5c4e61d393a886b16ff0178 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 18:04:46 +0200 Subject: l: RIP echelon.r --- lass/1systems/echelon/config.nix | 50 ---------------------------------------- lass/1systems/echelon/source.nix | 3 --- 2 files changed, 53 deletions(-) delete mode 100644 lass/1systems/echelon/config.nix delete mode 100644 lass/1systems/echelon/source.nix (limited to 'lass/1systems') diff --git a/lass/1systems/echelon/config.nix b/lass/1systems/echelon/config.nix deleted file mode 100644 index 6f96883b..00000000 --- a/lass/1systems/echelon/config.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import { inherit pkgs lib; }) getDefaultGateway; - ip = config.krebs.build.host.nets.internet.ip4.addr; -in { - imports = [ - - - - - - - { - networking.interfaces.enp2s1.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = getDefaultGateway ip; - networking.nameservers = [ - "8.8.8.8" - ]; - - } - { - sound.enable = false; - } - { - users.extraUsers = { - satan = { - name = "satan"; - uid = 1338; - home = "/home/satan"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com" - ]; - }; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.echelon; -} diff --git a/lass/1systems/echelon/source.nix b/lass/1systems/echelon/source.nix deleted file mode 100644 index 96888d5a..00000000 --- a/lass/1systems/echelon/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "echelon"; -} -- cgit v1.2.3 From afb63ca8c747e0604d16d806640e42284061372a Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 19:10:49 +0200 Subject: l mors.r: add redshift --- lass/1systems/mors/config.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index c21197f8..71d02077 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -187,6 +187,10 @@ with import ; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; + services.redshift = { + enable = true; + provider = "geoclue2"; + }; lass.restic = genAttrs [ "daedalus" -- cgit v1.2.3 From 76cd1c70b6643be6262e046f1daba5aaeee71efb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 19:16:12 +0200 Subject: l mors.r: add some pkgs --- lass/1systems/mors/config.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 71d02077..f8a16ad2 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -141,6 +141,8 @@ with import ; dpass dnsutils + woeusb + l-gen-secrets generate-secrets (pkgs.writeDashBin "btc-coinbase" '' ${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount' -- cgit v1.2.3 From 2701bdd97f0f2ea8681b1d66670eb68ea0f11017 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 19:34:36 +0200 Subject: l: use prometheus as monitoring --- lass/1systems/prism/config.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 68f1826b..f8178a20 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -217,13 +217,12 @@ in { - - + { # quasi bepasty.nix imports = [ -- cgit v1.2.3 From 8f81bc6deec5fbcc41d2bc463ceaaa3b203cc2bf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 08:37:44 +0200 Subject: l xerxes.r: remove deprecated nixpkgs override --- lass/1systems/xerxes/source.nix | 6 ------ 1 file changed, 6 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/xerxes/source.nix b/lass/1systems/xerxes/source.nix index 11f5bf79..d256b885 100644 --- a/lass/1systems/xerxes/source.nix +++ b/lass/1systems/xerxes/source.nix @@ -2,10 +2,4 @@ with import ; import { name = "xerxes"; secure = true; - override = { - nixpkgs.git = mkForce { - url = https://github.com/lassulus/nixpkgs; - ref = "3eccd0b"; - }; - }; } -- cgit v1.2.3 From 92c123397188ae6cf115197862e8d79015995356 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 17:26:43 +0200 Subject: l prism.r: run go-shortener --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index f8178a20..7b581d90 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -303,6 +303,7 @@ in { { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; } ]; } + ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 1820b1753011eb42bb9be30011e6fbd11993b201 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 23:18:05 +0200 Subject: l: add red.r --- lass/1systems/prism/config.nix | 28 ++++++++++++++++++++++++++++ lass/1systems/red/config.nix | 30 ++++++++++++++++++++++++++++++ lass/1systems/red/source.nix | 4 ++++ 3 files changed, 62 insertions(+) create mode 100644 lass/1systems/red/config.nix create mode 100644 lass/1systems/red/source.nix (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 7b581d90..d1faf77b 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -304,6 +304,34 @@ in { ]; } + { + environment.systemPackages = [ pkgs.cryptsetup ]; + systemd.services."container@red".reloadIfChanged = mkForce false; + containers.red = { + config = { ... }: { + environment.systemPackages = [ pkgs.git ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.3"; + localAddress = "10.233.2.4"; + }; + services.nginx.virtualHosts."rote-allez-fraktion.de" = { + enableACME = true; + addSSL = true; + locations."/" = { + extraConfig = '' + proxy_set_header Host rote-allez-fraktion.de; + proxy_pass http://10.233.2.4; + ''; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix new file mode 100644 index 00000000..8c60aed6 --- /dev/null +++ b/lass/1systems/red/config.nix @@ -0,0 +1,30 @@ +with import ; +{ config, lib, pkgs, ... }: +let + inherit (import {inherit lib pkgs;}) + servephpBB + ; +in +{ + imports = [ + + + + + + (servephpBB [ "rote-allez-fraktion.de" ]) + ]; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } + ]; + + krebs.build.host = config.krebs.hosts.red; + boot.isContainer = true; + networking.useDHCP = false; + + services.nginx.enable = true; + environment.systemPackages = [ + pkgs.mk_sql_pair + ]; +} diff --git a/lass/1systems/red/source.nix b/lass/1systems/red/source.nix new file mode 100644 index 00000000..f2bad743 --- /dev/null +++ b/lass/1systems/red/source.nix @@ -0,0 +1,4 @@ +import { + name = "red"; + secure = true; +} -- cgit v1.2.3 From 02e24615adeac1ab6062ba83748eafe7418ac3ed Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 May 2018 15:36:07 +0200 Subject: l prism.r: enable ipv4 forwarding --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d1faf77b..89ea749c 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -104,6 +104,7 @@ in { ]; } { # TODO make new hfos.nix out of this vv + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; users.users.riot = { uid = genid "riot"; isNormalUser = true; -- cgit v1.2.3 From 652b540d4b9978e0b01d6dad0feb725fd79a13d4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 May 2018 15:41:42 +0200 Subject: l red.r: env NIX_REMOTE=daemon --- lass/1systems/red/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix index 8c60aed6..31e2de96 100644 --- a/lass/1systems/red/config.nix +++ b/lass/1systems/red/config.nix @@ -24,6 +24,7 @@ in networking.useDHCP = false; services.nginx.enable = true; + environment.variables.NIX_REMOTE = "daemon"; environment.systemPackages = [ pkgs.mk_sql_pair ]; -- cgit v1.2.3 From b847bcdc02ded53c946a8f75dabfbda8ac3498dc Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 2 May 2018 15:53:09 +0200 Subject: l helios.r: update certs --- lass/1systems/helios/config.nix | 37 ++++++++----------------------------- 1 file changed, 8 insertions(+), 29 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 557fce1e..759bb6d0 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -138,35 +138,14 @@ with import ; networking.hostName = lib.mkForce "BLN02NB0162"; security.pki.certificateFiles = [ - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) - - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) - (pkgs.writeText "minio.cert" '' - -----BEGIN CERTIFICATE----- - MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS - MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1 - OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC - AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL - 8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV - YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C - ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM - CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw - hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk - MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw - I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB - CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30 - hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox - jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY - EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM - zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a - qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa - -----END CERTIFICATE----- - '') + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; }) + + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; }) ]; programs.adb.enable = true; -- cgit v1.2.3 From ecc09522d9073386c91fc61838ca418489ab648f Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 May 2018 12:13:14 +0200 Subject: l cabal.r: use as AP --- lass/1systems/cabal/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix index 88f642d6..9ac3cb68 100644 --- a/lass/1systems/cabal/config.nix +++ b/lass/1systems/cabal/config.nix @@ -15,6 +15,7 @@ + ]; krebs.build.host = config.krebs.hosts.cabal; -- cgit v1.2.3 From 7330cce0d46f23036a42e19421ca3b59dc21f9cf Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 May 2018 18:21:39 +0200 Subject: l prism.r: add restic backups --- lass/1systems/prism/config.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 89ea749c..564315e8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -333,6 +333,31 @@ in { }; }; } + { + imports = [ ]; + lass.restic = genAttrs [ + "daedalus" + "icarus" + "littleT" + "mors" + "shodan" + "skynet" + ] (dest: { + dirs = [ + "/home/chat/.weechat" + "/bku/sql_dumps" + ]; + passwordFile = (toString ) + "/restic/${dest}"; + repo = "sftp:backup@${dest}.r:/backups/prism"; + extraArguments = [ + "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" + ]; + timerConfig = { + OnCalendar = "00:05"; + RandomizedDelaySec = "5h"; + }; + }); + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From f4c7c3ebdce7c4a248140d20464fbdf65ea0c921 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 4 May 2018 20:30:19 +0200 Subject: l mors: open chromecast ports --- lass/1systems/mors/config.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index f8a16ad2..586a957c 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -35,9 +35,11 @@ with import ; { - #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ + #risk of rain { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } + #chromecast + { predicate = "-p udp -m multiport --sports 32768:61000 -m multiport --dports 32768:61000"; target = "ACCEPT"; } ]; } { -- cgit v1.2.3 From 67047f9e8dc18e43ce37927b19a6aae62c2ab4a1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 4 May 2018 20:32:23 +0200 Subject: l prism.r: add pubkey to download --- lass/1systems/prism/config.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 564315e8..76aaf0cd 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -358,6 +358,11 @@ in { }; }); } + { + users.users.download.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 24a3d64301ccbc39bdc6e46d5b6201b48311ed80 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 4 May 2018 20:37:21 +0200 Subject: l prism.r: enable nichtparasoup --- lass/1systems/prism/config.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 76aaf0cd..90decc35 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -363,6 +363,22 @@ in { "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" ]; } + { + lass.nichtparasoup.enable = true; + services.nginx = { + enable = true; + virtualHosts.lol = { + forceSSL = true; + enableACME = true; + locations."/".extraConfig = '' + proxy_pass http://localhost:5001; + ''; + serverAliases = [ + "lol.lassul.us" + ]; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 4b9ad61e03c18ae2687d49a365fb4e95ac2dbeec Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 May 2018 19:51:21 +0200 Subject: l icarus.r: add dpass & macchanger --- lass/1systems/icarus/config.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index b6a0822b..f9754ee9 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -33,4 +33,9 @@ SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; + + environment.systemPackages = with pkgs; [ + macchanger + dpass + ]; } -- cgit v1.2.3 From 2dc18fb83a0c8fcd9c4cb04de9470e73c29fcedd Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 May 2018 19:55:38 +0200 Subject: l prism.r: simplify lol.lassul.us nginx --- lass/1systems/prism/config.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 90decc35..d4be2faa 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -367,15 +367,12 @@ in { lass.nichtparasoup.enable = true; services.nginx = { enable = true; - virtualHosts.lol = { + virtualHosts."lol.lassul.us" = { forceSSL = true; enableACME = true; locations."/".extraConfig = '' proxy_pass http://localhost:5001; ''; - serverAliases = [ - "lol.lassul.us" - ]; }; }; } -- cgit v1.2.3 From 06402dba84c42396a911ceff56c15a26b9f5ee9c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 8 May 2018 08:28:21 +0200 Subject: l icarus.r: import wine.nix --- lass/1systems/icarus/config.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index f9754ee9..eb2be586 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -17,6 +17,7 @@ + ]; krebs.build.host = config.krebs.hosts.icarus; @@ -38,4 +39,8 @@ macchanger dpass ]; + services.redshift = { + enable = true; + provider = "geoclue2"; + }; } -- cgit v1.2.3 From 079396f9e11573228bd6cf498f161c49660a7549 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 May 2018 15:18:15 +0200 Subject: l icarus.r: enable adb --- lass/1systems/icarus/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index eb2be586..59cd12af 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -43,4 +43,5 @@ enable = true; provider = "geoclue2"; }; + programs.adb.enable = true; } -- cgit v1.2.3 From 0c0d527bec3a6a3d6435203253edb2ef27f9655b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 May 2018 15:51:24 +0200 Subject: l: hw config into physical.nix --- lass/1systems/cabal/config.nix | 15 ------- lass/1systems/cabal/physical.nix | 12 ++++++ lass/1systems/daedalus/config.nix | 15 ------- lass/1systems/daedalus/physical.nix | 20 +++++++++ lass/1systems/dishfire/config.nix | 34 --------------- lass/1systems/dishfire/physical.nix | 39 +++++++++++++++++ lass/1systems/helios/config.nix | 56 +----------------------- lass/1systems/helios/physical.nix | 65 ++++++++++++++++++++++++++++ lass/1systems/icarus/config.nix | 15 ------- lass/1systems/icarus/physical.nix | 20 +++++++++ lass/1systems/littleT/config.nix | 15 ------- lass/1systems/littleT/physical.nix | 7 +++ lass/1systems/mors/config.nix | 39 ----------------- lass/1systems/mors/physical.nix | 44 +++++++++++++++++++ lass/1systems/prism/config.nix | 83 +----------------------------------- lass/1systems/prism/physical.nix | 85 +++++++++++++++++++++++++++++++++++++ lass/1systems/red/config.nix | 2 - lass/1systems/red/physical.nix | 7 +++ lass/1systems/shodan/config.nix | 42 ------------------ lass/1systems/shodan/physical.nix | 47 ++++++++++++++++++++ lass/1systems/skynet/config.nix | 15 ------- lass/1systems/skynet/physical.nix | 12 ++++++ lass/1systems/uriel/config.nix | 55 ------------------------ lass/1systems/uriel/physical.nix | 59 +++++++++++++++++++++++++ lass/1systems/xerxes/config.nix | 24 ----------- lass/1systems/xerxes/physical.nix | 29 +++++++++++++ 26 files changed, 448 insertions(+), 408 deletions(-) create mode 100644 lass/1systems/cabal/physical.nix create mode 100644 lass/1systems/daedalus/physical.nix create mode 100644 lass/1systems/dishfire/physical.nix create mode 100644 lass/1systems/helios/physical.nix create mode 100644 lass/1systems/icarus/physical.nix create mode 100644 lass/1systems/littleT/physical.nix create mode 100644 lass/1systems/mors/physical.nix create mode 100644 lass/1systems/prism/physical.nix create mode 100644 lass/1systems/red/physical.nix create mode 100644 lass/1systems/shodan/physical.nix create mode 100644 lass/1systems/skynet/physical.nix create mode 100644 lass/1systems/uriel/physical.nix create mode 100644 lass/1systems/xerxes/physical.nix (limited to 'lass/1systems') diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix index 9ac3cb68..b117b511 100644 --- a/lass/1systems/cabal/config.nix +++ b/lass/1systems/cabal/config.nix @@ -3,8 +3,6 @@ { imports = [ - - @@ -19,17 +17,4 @@ ]; krebs.build.host = config.krebs.hosts.cabal; - - #fileSystems = { - # "/bku" = { - # device = "/dev/mapper/pool-bku"; - # fsType = "btrfs"; - # options = ["defaults" "noatime" "ssd" "compress=lzo"]; - # }; - #}; - - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" - # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" - #''; } diff --git a/lass/1systems/cabal/physical.nix b/lass/1systems/cabal/physical.nix new file mode 100644 index 00000000..3cc4af03 --- /dev/null +++ b/lass/1systems/cabal/physical.nix @@ -0,0 +1,12 @@ +{ + imports = [ + ./config.nix + + + ]; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0" + ''; +} diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index c15fcdc2..eafc0d06 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -4,8 +4,6 @@ with import ; { imports = [ - - @@ -94,17 +92,4 @@ with import ; ''; krebs.build.host = config.krebs.hosts.daedalus; - - fileSystems = { - "/bku" = { - device = "/dev/mapper/pool-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" - ''; } diff --git a/lass/1systems/daedalus/physical.nix b/lass/1systems/daedalus/physical.nix new file mode 100644 index 00000000..33a0cb47 --- /dev/null +++ b/lass/1systems/daedalus/physical.nix @@ -0,0 +1,20 @@ +{ + imports = [ + ./config.nix + + + ]; + + fileSystems = { + "/bku" = { + device = "/dev/mapper/pool-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + ''; +} diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix index 7993c763..3d5f3218 100644 --- a/lass/1systems/dishfire/config.nix +++ b/lass/1systems/dishfire/config.nix @@ -4,41 +4,7 @@ imports = [ - - { - boot.loader.grub = { - device = "/dev/vda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "ehci_pci" - "uhci_hcd" - "virtio_pci" - "virtio_blk" - ]; - - fileSystems."/" = { - device = "/dev/mapper/pool-nix"; - fsType = "ext4"; - }; - - fileSystems."/srv/http" = { - device = "/dev/pool/srv_http"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/vda1"; - fsType = "ext4"; - }; - fileSystems."/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; - } { networking.dhcpcd.allowInterfaces = [ "enp*" diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix new file mode 100644 index 00000000..64e3904e --- /dev/null +++ b/lass/1systems/dishfire/physical.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: +{ + imports = [ + ./config.nix + + ]; + + boot.loader.grub = { + device = "/dev/vda"; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "ehci_pci" + "uhci_hcd" + "virtio_pci" + "virtio_blk" + ]; + + fileSystems."/" = { + device = "/dev/mapper/pool-nix"; + fsType = "ext4"; + }; + + fileSystems."/srv/http" = { + device = "/dev/pool/srv_http"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + fileSystems."/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; +} diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 759bb6d0..bd7f75c3 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -12,48 +12,12 @@ with import ; # TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined # - + # - { # automatic hardware detection - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - - fileSystems."/" = { - device = "/dev/pool/root"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/1F60-17C6"; - fsType = "vfat"; - }; - - fileSystems."/home" = { - device = "/dev/pool/home"; - fsType = "btrfs"; - }; - - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - - nix.maxJobs = lib.mkDefault 8; - } - { # crypto stuff - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - devices = [{ - name = "luksroot"; - device = "/dev/nvme0n1p3"; - }]; - }; - } { services.xserver.dpi = 200; fonts.fontconfig.dpi = 200; @@ -99,13 +63,6 @@ with import ; } ]; - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.wireless.enable = true; - hardware.enableRedistributableFirmware = true; - environment.systemPackages = with pkgs; [ ag vim @@ -124,17 +81,6 @@ with import ; services.tlp.enable = true; - services.xserver.videoDrivers = [ "nvidia" ]; - services.xserver.xrandrHeads = [ - { output = "DP-2"; primary = true; } - { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; } - { output = "DP-0"; } - ]; - - services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal - ''; - networking.hostName = lib.mkForce "BLN02NB0162"; security.pki.certificateFiles = [ diff --git a/lass/1systems/helios/physical.nix b/lass/1systems/helios/physical.nix new file mode 100644 index 00000000..549506c2 --- /dev/null +++ b/lass/1systems/helios/physical.nix @@ -0,0 +1,65 @@ +{ + imports = [ + ./config.nix + { # automatic hardware detection + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + + fileSystems."/" = { + device = "/dev/pool/root"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/1F60-17C6"; + fsType = "vfat"; + }; + + fileSystems."/home" = { + device = "/dev/pool/home"; + fsType = "btrfs"; + }; + + fileSystems."/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + + nix.maxJobs = lib.mkDefault 8; + } + { # crypto stuff + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + devices = [{ + name = "luksroot"; + device = "/dev/nvme0n1p3"; + }]; + }; + } + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.wireless.enable = true; + hardware.enableRedistributableFirmware = true; + + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0" + ''; + + services.xserver.videoDrivers = [ "nvidia" ]; + services.xserver.xrandrHeads = [ + { output = "DP-2"; primary = true; } + { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; } + { output = "DP-0"; } + ]; + + services.xserver.displayManager.sessionCommands = '' + ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal + ''; +} diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 59cd12af..d54bd3e9 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -3,8 +3,6 @@ { imports = [ - - @@ -22,19 +20,6 @@ krebs.build.host = config.krebs.hosts.icarus; - fileSystems = { - "/bku" = { - device = "/dev/mapper/pool-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" - ''; - environment.systemPackages = with pkgs; [ macchanger dpass diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix new file mode 100644 index 00000000..6cc77a47 --- /dev/null +++ b/lass/1systems/icarus/physical.nix @@ -0,0 +1,20 @@ +{ + imports = [ + ./config.nix + + + ]; + + fileSystems = { + "/bku" = { + device = "/dev/mapper/pool-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + ''; +} diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index ef19e8d1..44617d3e 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -4,8 +4,6 @@ with import ; { imports = [ - - @@ -68,17 +66,4 @@ with import ; ''; krebs.build.host = config.krebs.hosts.littleT; - - #fileSystems = { - # "/bku" = { - # device = "/dev/mapper/pool-bku"; - # fsType = "btrfs"; - # options = ["defaults" "noatime" "ssd" "compress=lzo"]; - # }; - #}; - - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" - # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" - #''; } diff --git a/lass/1systems/littleT/physical.nix b/lass/1systems/littleT/physical.nix new file mode 100644 index 00000000..9776211a --- /dev/null +++ b/lass/1systems/littleT/physical.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./config.nix + + + ]; +} diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 586a957c..2e6c8bc8 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -4,8 +4,6 @@ with import ; { imports = [ - - @@ -88,43 +86,6 @@ with import ; krebs.build.host = config.krebs.hosts.mors; - fileSystems = { - "/bku" = { - device = "/dev/mapper/pool-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/home/virtual" = { - device = "/dev/mapper/pool-virtual"; - fsType = "ext4"; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0" - ''; - - #TODO activationScripts seem broken, fix them! - #activationScripts - #split up and move into base - system.activationScripts.powertopTunables = '' - #Runtime PMs - echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control' - ''; - environment.systemPackages = with pkgs; [ acronym brain diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix new file mode 100644 index 00000000..f99d6bd5 --- /dev/null +++ b/lass/1systems/mors/physical.nix @@ -0,0 +1,44 @@ +{ + imports = [ + ./config.nix + + + ]; + + fileSystems = { + "/bku" = { + device = "/dev/mapper/pool-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/home/virtual" = { + device = "/dev/mapper/pool-virtual"; + fsType = "ext4"; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0" + ''; + + #TODO activationScripts seem broken, fix them! + #activationScripts + #split up and move into base + system.activationScripts.powertopTunables = '' + #Runtime PMs + echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control' + ''; +} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d4be2faa..c7b877de 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -1,90 +1,9 @@ { config, lib, pkgs, ... }: with import ; -let - ip = config.krebs.build.host.nets.internet.ip4.addr; - -in { +{ imports = [ - { - networking.interfaces.et0.ipv4.addresses = [ - { - address = ip; - prefixLength = 27; - } - { - address = "46.4.114.243"; - prefixLength = 27; - } - ]; - networking.defaultGateway = "46.4.114.225"; - networking.nameservers = [ - "8.8.8.8" - ]; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0" - ''; - } - { - imports = [ ]; - - boot.loader.grub = { - devices = [ - "/dev/sda" - "/dev/sdb" - ]; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - "ahci" "sd_mod" - ]; - - boot.kernelModules = [ "kvm-intel" ]; - - fileSystems."/" = { - device = "/dev/pool/nix_root"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - - fileSystems."/var/download" = { - device = "/dev/pool/download"; - fsType = "ext4"; - }; - - fileSystems."/srv/http" = { - device = "/dev/pool/http"; - fsType = "ext4"; - }; - - fileSystems."/home" = { - device = "/dev/pool/home"; - fsType = "ext4"; - }; - - fileSystems."/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; - - swapDevices = [ - { label = "swap1"; } - { label = "swap2"; } - ]; - - sound.enable = false; - nixpkgs.config.allowUnfree = true; - time.timeZone = "Europe/Berlin"; - } { diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix new file mode 100644 index 00000000..83f127c2 --- /dev/null +++ b/lass/1systems/prism/physical.nix @@ -0,0 +1,85 @@ +{ config, lib, pkgs, ... }: +{ + imports = [ + ./config.nix + { + networking.interfaces.et0.ipv4.addresses = [ + { + address = config.krebs.build.host.nets.internet.ip4.addr; + prefixLength = 27; + } + { + address = "46.4.114.243"; + prefixLength = 27; + } + ]; + networking.defaultGateway = "46.4.114.225"; + networking.nameservers = [ + "8.8.8.8" + ]; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0" + ''; + } + { + imports = [ ]; + + boot.loader.grub = { + devices = [ + "/dev/sda" + "/dev/sdb" + ]; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + "ahci" "sd_mod" + ]; + + boot.kernelModules = [ "kvm-intel" ]; + + fileSystems."/" = { + device = "/dev/pool/nix_root"; + fsType = "ext4"; + }; + + fileSystems."/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + + fileSystems."/var/download" = { + device = "/dev/pool/download"; + fsType = "ext4"; + }; + + fileSystems."/srv/http" = { + device = "/dev/pool/http"; + fsType = "ext4"; + }; + + fileSystems."/home" = { + device = "/dev/pool/home"; + fsType = "ext4"; + }; + + fileSystems."/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; + + swapDevices = [ + { label = "swap1"; } + { label = "swap2"; } + ]; + + sound.enable = false; + nixpkgs.config.allowUnfree = true; + time.timeZone = "Europe/Berlin"; + } + ]; + +} diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix index 31e2de96..04bbf1ee 100644 --- a/lass/1systems/red/config.nix +++ b/lass/1systems/red/config.nix @@ -20,8 +20,6 @@ in ]; krebs.build.host = config.krebs.hosts.red; - boot.isContainer = true; - networking.useDHCP = false; services.nginx.enable = true; environment.variables.NIX_REMOTE = "daemon"; diff --git a/lass/1systems/red/physical.nix b/lass/1systems/red/physical.nix new file mode 100644 index 00000000..b6aa3a89 --- /dev/null +++ b/lass/1systems/red/physical.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = false; +} diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 42a46c5f..8405b0f1 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -4,8 +4,6 @@ with import ; { imports = [ - #TODO reinstall with correct layout and use lass/hw/x220 - @@ -22,46 +20,6 @@ with import ; krebs.build.host = config.krebs.hosts.shodan; - boot = { - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = "/dev/sda"; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; - }; - fileSystems = { - "/" = { - device = "/dev/pool/nix"; - fsType = "btrfs"; - }; - - "/boot" = { - device = "/dev/sda1"; - }; - "/home" = { - device = "/dev/mapper/pool-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - "/bku" = { - device = "/dev/pool/bku"; - fsType = "btrfs"; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" - ''; - services.logind.extraConfig = '' HandleLidSwitch=ignore ''; diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix new file mode 100644 index 00000000..4a550d0a --- /dev/null +++ b/lass/1systems/shodan/physical.nix @@ -0,0 +1,47 @@ +{ + #TODO reinstall with correct layout and use lass/hw/x220 + imports = [ + ./config.nix + + ]; + + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + #kernelModules = [ "kvm-intel" "msr" ]; + }; + fileSystems = { + "/" = { + device = "/dev/pool/nix"; + fsType = "btrfs"; + }; + + "/boot" = { + device = "/dev/sda1"; + }; + "/home" = { +