From 137c49b847a896009972a3fa7ad2f60358c0a643 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 9 Feb 2017 16:57:45 +0100 Subject: l 1 mors: add ipfs testing stuff --- lass/1systems/mors.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index a5eaaed9..d0f835c6 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -126,6 +126,10 @@ with import ; # }; # }; #} + { + #ipfs-testing + services.ipfs.enable = true; + } ]; krebs.build.host = config.krebs.hosts.mors; -- cgit v1.2.3 From bfcf167c38925f5e12619d7afe8565d7df03194b Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Feb 2017 09:44:18 +0100 Subject: l: remove obsolete page --- lass/1systems/prism.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index c0c22a0d..5c6a59c7 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -164,7 +164,6 @@ in { } { imports = [ - ../2configs/websites/wohnprojekt-rhh.de.nix ../2configs/websites/domsen.nix ../2configs/websites/lassulus.nix ]; -- cgit v1.2.3 From 8281365719165547a08cadc37b2c3ff08a119846 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Feb 2017 16:16:01 +0100 Subject: l 1 mors: add krebszones --- lass/1systems/mors.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index d0f835c6..1ad9cd4b 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -130,6 +130,11 @@ with import ; #ipfs-testing services.ipfs.enable = true; } + { + environment.systemPackages = [ + pkgs.krebszones + ]; + } ]; krebs.build.host = config.krebs.hosts.mors; -- cgit v1.2.3 From 0c7740b6e47cf77e155cdd7fc1ae4c0f187e45bb Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Feb 2017 17:17:44 +0100 Subject: l 1 mors: remove dead icinga code --- lass/1systems/mors.nix | 50 -------------------------------------------------- 1 file changed, 50 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 1ad9cd4b..bffb08ad 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -76,56 +76,6 @@ with import ; { services.redis.enable = true; } - #{ - # #gitit magic - # imports = [ ]; - # services.gitit = { - # enable = true; - # haskellPackages = pkgs.haskell.packages.ghc7103; - # }; - #} - #{ - # lass.icinga2 = { - # enable = true; - # configFiles = [ - # '' - # template Service "generic-service" { - # max_check_attempts = 3 - # check_interval = 5m - # retry_interval = 1m - # enable_perfdata = true - # } - # apply Service "ping4" { - # } - # '' - # ]; - # }; - # services.mysql = { - # enable = true; - # package = pkgs.mariadb; - # rootPassword = "/mysql_rootPassword"; - # }; - # lass.icingaweb2 = { - # enable = true; - # initialRootPasswordHash = "$1$HpWDCehI$ITbAoyfOB6HEN1ftooxZq0"; - # resources = { - # icinga2db = { - # type = "mysql"; - # host = "localhost"; - # user = "icingaweb2"; - # db = "icinga"; - # passfile = ; - # }; - # icingaweb2db = { - # type = "mysql"; - # host = "localhost"; - # user = "icingaweb2"; - # db = "icingaweb2"; - # passfile = ; - # }; - # }; - # }; - #} { #ipfs-testing services.ipfs.enable = true; -- cgit v1.2.3 From 08973e5e00cf27b0548c4924ab4afe1768d79217 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Feb 2017 17:17:55 +0100 Subject: l 1 prism: import monit-alarms --- lass/1systems/prism.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 5c6a59c7..a62b5cd7 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -44,6 +44,7 @@ in { ../2configs/hfos.nix ../2configs/makefu-sip.nix ../2configs/monitoring/server.nix + ../2configs/monitoring/monit-alarms.nix { imports = [ ../2configs/bepasty.nix -- cgit v1.2.3 From ef8dbbe206d2eae5a160b4a4a85f0b947cd85e08 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 17 Feb 2017 16:04:41 +0100 Subject: l 1 prism: run repo-sync more often --- lass/1systems/prism.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index a62b5cd7..81520ad5 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -215,7 +215,7 @@ in { } { krebs.repo-sync.timerConfig = { - OnUnitInactiveSec = "5min"; + OnUnitInactiveSec = "3min"; RandomizedDelaySec = "2min"; }; } -- cgit v1.2.3 From d4445947aeacf9f133eaad375106cd1cfad84e25 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Feb 2017 14:30:21 +0100 Subject: l 1 shodan: setup hfos monitoring --- lass/1systems/shodan.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 232e91d9..82622d15 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -42,6 +42,26 @@ with import ; pkgs.python27Packages.python ]; } + { + krebs.monit = let + echoToIrc = msg: + pkgs.writeDash "echo_irc" '' + set -euf + export LOGNAME=prism-alarm + ${pkgs.irc-announce}/bin/irc-announce \ + ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null + ''; + in { + enable = true; + http.enable = true; + alarms = { + hfos = { + test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'"; + alarm = echoToIrc "test hfos failed"; + }; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.shodan; -- cgit v1.2.3 From cf64d51cc5e9b06a6fef68b2f60738b15a522e2e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Feb 2017 18:20:30 +0100 Subject: l 1 shodan: open monit port --- lass/1systems/shodan.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 82622d15..dca61693 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -61,6 +61,9 @@ with import ; }; }; }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; } + ]; } ]; -- cgit v1.2.3 From 836a7186a03623ad34d8c523ae66fc184180a01b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 18 Feb 2017 20:31:42 +0100 Subject: l 1 prism: use lambdabot from nixpkgs lambdabot is broken with LTS Haskell 8.0 so we use the commit prior --- lass/1systems/prism.nix | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 81520ad5..1f983da1 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -247,7 +247,13 @@ in { ]; } { - krebs.Reaktor.coders = { + krebs.Reaktor.coders = let + lambdabot = (import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs"; + rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; + sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; + }) {}).lambdabot; + in { nickname = "reaktor-lass"; channels = [ "#coders" ]; extraEnviron = { @@ -263,7 +269,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-pl" { pattern = "^@pl (?P.*)$$"; script = pkgs.writeDash "lambda-pl" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@pl $1" ''; @@ -271,7 +277,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-type" { pattern = "^@type (?P.*)$$"; script = pkgs.writeDash "lambda-type" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@type $1" ''; @@ -279,7 +285,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-let" { pattern = "^@let (?P.*)$$"; script = pkgs.writeDash "lambda-let" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@let $1" ''; @@ -287,7 +293,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-run" { pattern = "^@run (?P.*)$$"; script = pkgs.writeDash "lambda-run" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@run $1" ''; @@ -295,7 +301,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-kind" { pattern = "^@kind (?P.*)$$"; script = pkgs.writeDash "lambda-kind" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@kind $1" ''; @@ -303,7 +309,7 @@ in { (buildSimpleReaktorPlugin "lambdabot-kind" { pattern = "^@kind (?P.*)$$"; script = pkgs.writeDash "lambda-kind" '' - exec ${pkgs.lambdabot}/bin/lambdabot \ + exec ${lambdabot}/bin/lambdabot \ ${indent lambdabotflags} -e "@kind $1" ''; -- cgit v1.2.3 From 39fd77b84c7c14d6460722721726b378bdab7acd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 5 Mar 2017 00:21:53 +0100 Subject: l 1 prism: start repo-sync 5mins after boot --- lass/1systems/prism.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 1f983da1..b55732f6 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -215,6 +215,7 @@ in { } { krebs.repo-sync.timerConfig = { + OnBootSec = "5min"; OnUnitInactiveSec = "3min"; RandomizedDelaySec = "2min"; }; -- cgit v1.2.3