From 666f030b10d8c8ad3ea92fce5c20e013df598cb8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 21:31:02 +0100 Subject: l helios.r: fix displayManager setup --- lass/1systems/helios/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index c4d99cb2..c4a171d8 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -131,7 +131,7 @@ with import ; ]; services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal + ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal ''; networking.hostName = lib.mkForce "BLN02NB0162"; -- cgit v1.2.3 From d5a7a288ba51b6cc21529f610fcfecd90d2664ea Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Mar 2018 21:31:30 +0100 Subject: l mors.r: minimize deploy script --- lass/1systems/mors/config.nix | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index cbb71ab2..f77bc64c 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -170,31 +170,11 @@ with import ; export PATH=${makeBinPath [ pkgs.bash pkgs.coreutils - pkgs.nix - (pkgs.writeDashBin "is-git-crypt-locked" '' - magic=$(dd status=none if="$1" skip=1 bs=1 count=8) - test "$magic" = GITCRYPT - '') + pkgs.nixUnstable ]} cd ~/stockholm export SYSTEM="$1" - if is-git-crypt-locked ~/secrets/ready; then - echo 'secrets are crypted' >&2 - exit 23 - else - exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' - fi - ''; - predeploy = pkgs.writeDash "predeploy" '' - set -eu - export PATH=${makeBinPath [ - pkgs.bash - pkgs.coreutils - pkgs.nix - ]} - cd ~/stockholm - export SYSTEM="$1" - exec nix-shell -I stockholm="$PWD" --run 'test --system="$SYSTEM" --target="$SYSTEM/var/test/" --force-populate' + exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' ''; }; -- cgit v1.2.3 From 8a0e77e2bbe8147e81ccbf1039a6590369b6100d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 21:57:45 +0100 Subject: l: add cabal --- lass/1systems/cabal/config.nix | 35 +++++++++++++++++++++++++++++++++++ lass/1systems/cabal/source.nix | 4 ++++ 2 files changed, 39 insertions(+) create mode 100644 lass/1systems/cabal/config.nix create mode 100644 lass/1systems/cabal/source.nix (limited to 'lass/1systems') diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix new file mode 100644 index 00000000..7eba86c5 --- /dev/null +++ b/lass/1systems/cabal/config.nix @@ -0,0 +1,35 @@ +{ config, pkgs, ... }: + +{ + imports = [ + + + + + + + + + + + + + + + ]; + + krebs.build.host = config.krebs.hosts.cabal; + + #fileSystems = { + # "/bku" = { + # device = "/dev/mapper/pool-bku"; + # fsType = "btrfs"; + # options = ["defaults" "noatime" "ssd" "compress=lzo"]; + # }; + #}; + + #services.udev.extraRules = '' + # SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + #''; +} diff --git a/lass/1systems/cabal/source.nix b/lass/1systems/cabal/source.nix new file mode 100644 index 00000000..5d9507f3 --- /dev/null +++ b/lass/1systems/cabal/source.nix @@ -0,0 +1,4 @@ +import { + name = "cabal"; + secure = true; +} -- cgit v1.2.3 From fa724ceab0f5f10b253d806326b7c917814412eb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Mar 2018 22:03:25 +0100 Subject: l: use xlockmore as lockscreen --- lass/1systems/helios/config.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index c4a171d8..e64cfbe7 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -168,8 +168,6 @@ with import ; '') ]; - lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f"; - programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; -- cgit v1.2.3 From 665ea5674e0d99f51379d24829436773b9dc2769 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 17:44:34 +0200 Subject: l: add generate-secrets --- lass/1systems/mors/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index f77bc64c..8e805baf 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -140,6 +140,7 @@ with import ; dpass dnsutils + generate-secrets ]; #TODO: fix this shit -- cgit v1.2.3 From 1dd03483619d00d1afc6a278ded0cca6cff2d9ed Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 5 Apr 2018 19:31:39 +0200 Subject: add minimal working kops for stockholm --- lass/1systems/mors/config.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 8e805baf..cd259d0f 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -168,14 +168,8 @@ with import ; environment.shellAliases = { deploy = pkgs.writeDash "deploy" '' set -eu - export PATH=${makeBinPath [ - pkgs.bash - pkgs.coreutils - pkgs.nixUnstable - ]} - cd ~/stockholm export SYSTEM="$1" - exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' + $(nix-build $HOME/stockholm/lass/kops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) ''; }; -- cgit v1.2.3 From ddb06a55426abe797b4ebad3165c4637c0b6975d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:27:53 +0200 Subject: l mors.r: add btc price getter --- lass/1systems/mors/config.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index cd259d0f..dab1910b 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -141,6 +141,15 @@ with import ; dnsutils generate-secrets + (pkgs.writeDashBin "btc-coinbase" '' + ${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount' + '') + (pkgs.writeDashBin "btc-wex" '' + ${pkgs.curl}/bin/curl -Ss 'https://wex.nz/api/3/ticker/btc_eur' | ${pkgs.jq}/bin/jq '.btc_eur.avg' + '') + (pkgs.writeDashBin "btc-kraken" '' + ${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]' + '') ]; #TODO: fix this shit -- cgit v1.2.3 From b0678507404bba2c12df39c1d21431ddd9102fcb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:28:39 +0200 Subject: l mors.r: add restic backups --- lass/1systems/mors/config.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index dab1910b..c59494e4 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -186,4 +186,34 @@ with import ; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; + + lass.restic = genAttrs [ + "daedalus" + "icarus" + "littleT" + "prism" + "shodan" + "skynet" + ] (dest: { + dirs = [ + "/home/lass/src" + "/home/lass/work" + "/home/lass/.gnupg" + "/home/lass/Maildir" + "/home/lass/stockholm" + "/home/lass/.password-store" + "/home/bitcoin" + "/home/bch" + ]; + passwordFile = (toString ) + "/restic/${dest}"; + repo = "sftp:backup@${dest}.r:/backups/mors"; + #sshPrivateKey = config.krebs.build.host.ssh.privkey.path; + extraArguments = [ + "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" + ]; + timerConfig = { + OnCalendar = "00:05"; + RandomizedDelaySec = "5h"; + }; + }); } -- cgit v1.2.3 From e77030e772899bcc747568752cdb2a997a6972bf Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:30:19 +0200 Subject: l prism.r: use iptables for hackerfleet --- lass/1systems/prism/config.nix | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index c0e4620c..e937db83 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -110,29 +110,13 @@ in { }; # TODO write function for proxy_pass (ssl/nonssl) - services.nginx.virtualHosts."hackerfleet.de" = { - serverAliases = [ - "*.hackerfleet.de" - ]; - locations."/".extraConfig = '' - proxy_pass http://192.168.122.92:80; - ''; - }; - services.nginx.virtualHosts."hackerfleet.de-s" = { - serverName = "hackerfleet.de"; - listen = [ - { - addr = "0.0.0.0"; - port = 443; - } - ]; - serverAliases = [ - "*.hackerfleet.de" - ]; - locations."/".extraConfig = '' - proxy_pass http://192.168.122.92:443; - ''; - }; + + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; } + ]; } { users.users.tv = { -- cgit v1.2.3 From c85c0f1b39aed212bb128c674f194f124a9454ce Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:31:08 +0200 Subject: l prism.r: fix deprecation warnings --- lass/1systems/prism/config.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index e937db83..983604f8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -8,11 +8,15 @@ in { imports = [ { - networking.interfaces.et0.ip4 = [ + networking.interfaces.et0.ipv4.addresses = [ { address = ip; prefixLength = 27; } + { + address = "46.4.114.243"; + prefixLength = 27; + } ]; networking.defaultGateway = "46.4.114.225"; networking.nameservers = [ -- cgit v1.2.3 From 817efa5f9d26effaa4c7a8efd6710fec4eb33300 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 15:14:35 +0200 Subject: l prism.r: kill kaepsele container --- lass/1systems/prism/config.nix | 20 -------------------- 1 file changed, 20 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 983604f8..68f1826b 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -189,26 +189,6 @@ in { localAddress = "10.233.2.2"; }; } - { - #kaepsele - systemd.services."container@kaepsele".reloadIfChanged = mkForce false; - containers.kaepsele = { - config = { ... }: { - imports = [ ]; - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - tv.pubkey - ]; - }; - autoStart = true; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.3"; - localAddress = "10.233.2.4"; - }; - } { #onondaga systemd.services."container@onondaga".reloadIfChanged = mkForce false; -- cgit v1.2.3 From eca81992947815db2700a831aa1ec38a0e70216b Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 16:52:48 +0200 Subject: l: kill legacy backups --- lass/1systems/cabal/config.nix | 1 - lass/1systems/daedalus/config.nix | 1 - lass/1systems/icarus/config.nix | 1 - lass/1systems/littleT/config.nix | 1 - lass/1systems/shodan/config.nix | 1 - lass/1systems/skynet/config.nix | 1 - 6 files changed, 6 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix index 7eba86c5..88f642d6 100644 --- a/lass/1systems/cabal/config.nix +++ b/lass/1systems/cabal/config.nix @@ -13,7 +13,6 @@ - ]; diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 609fae3c..0c7b7b6d 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -8,7 +8,6 @@ with import ; - { diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 46dc5e87..c55d694c 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -14,7 +14,6 @@ - ]; diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index 7211c78e..69c87e5a 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -8,7 +8,6 @@ with import ; - { users.users.blacky = { diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 7fb57544..5877d147 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -15,7 +15,6 @@ with import ; - ]; diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 0b949998..b2210282 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -9,7 +9,6 @@ with import ; # - { # discordius config services.xserver.enable = true; -- cgit v1.2.3 From 72abe80227ec5de5c2f7a55f6e2fe3da46c14538 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 16:55:43 +0200 Subject: l: config for backup target --- lass/1systems/daedalus/config.nix | 1 + lass/1systems/helios/config.nix | 1 + lass/1systems/icarus/config.nix | 1 + lass/1systems/littleT/config.nix | 1 + lass/1systems/mors/config.nix | 1 + lass/1systems/shodan/config.nix | 1 + 6 files changed, 6 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 0c7b7b6d..c15fcdc2 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -10,6 +10,7 @@ with import ; + { # bubsy config users.users.bubsy = { diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index e64cfbe7..557fce1e 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -17,6 +17,7 @@ with import ; + { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index c55d694c..b6a0822b 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -16,6 +16,7 @@ + ]; krebs.build.host = config.krebs.hosts.icarus; diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index 69c87e5a..ef19e8d1 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -8,6 +8,7 @@ with import ; + { users.users.blacky = { diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index c59494e4..c21197f8 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -33,6 +33,7 @@ with import ; + { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 5877d147..42a46c5f 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -17,6 +17,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; -- cgit v1.2.3 From f888226d37abeff6e5c4e61d393a886b16ff0178 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 18:04:46 +0200 Subject: l: RIP echelon.r --- lass/1systems/echelon/config.nix | 50 ---------------------------------------- lass/1systems/echelon/source.nix | 3 --- 2 files changed, 53 deletions(-) delete mode 100644 lass/1systems/echelon/config.nix delete mode 100644 lass/1systems/echelon/source.nix (limited to 'lass/1systems') diff --git a/lass/1systems/echelon/config.nix b/lass/1systems/echelon/config.nix deleted file mode 100644 index 6f96883b..00000000 --- a/lass/1systems/echelon/config.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import { inherit pkgs lib; }) getDefaultGateway; - ip = config.krebs.build.host.nets.internet.ip4.addr; -in { - imports = [ - - - - - - - { - networking.interfaces.enp2s1.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = getDefaultGateway ip; - networking.nameservers = [ - "8.8.8.8" - ]; - - } - { - sound.enable = false; - } - { - users.extraUsers = { - satan = { - name = "satan"; - uid = 1338; - home = "/home/satan"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com" - ]; - }; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.echelon; -} diff --git a/lass/1systems/echelon/source.nix b/lass/1systems/echelon/source.nix deleted file mode 100644 index 96888d5a..00000000 --- a/lass/1systems/echelon/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "echelon"; -} -- cgit v1.2.3 From afb63ca8c747e0604d16d806640e42284061372a Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 19:10:49 +0200 Subject: l mors.r: add redshift --- lass/1systems/mors/config.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index c21197f8..71d02077 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -187,6 +187,10 @@ with import ; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; + services.redshift = { + enable = true; + provider = "geoclue2"; + }; lass.restic = genAttrs [ "daedalus" -- cgit v1.2.3 From 76cd1c70b6643be6262e046f1daba5aaeee71efb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 19:16:12 +0200 Subject: l mors.r: add some pkgs --- lass/1systems/mors/config.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 71d02077..f8a16ad2 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -141,6 +141,8 @@ with import ; dpass dnsutils + woeusb + l-gen-secrets generate-secrets (pkgs.writeDashBin "btc-coinbase" '' ${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount' -- cgit v1.2.3 From 2701bdd97f0f2ea8681b1d66670eb68ea0f11017 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 19:34:36 +0200 Subject: l: use prometheus as monitoring --- lass/1systems/prism/config.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 68f1826b..f8178a20 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -217,13 +217,12 @@ in { - - + { # quasi bepasty.nix imports = [ -- cgit v1.2.3 From 8f81bc6deec5fbcc41d2bc463ceaaa3b203cc2bf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 08:37:44 +0200 Subject: l xerxes.r: remove deprecated nixpkgs override --- lass/1systems/xerxes/source.nix | 6 ------ 1 file changed, 6 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/xerxes/source.nix b/lass/1systems/xerxes/source.nix index 11f5bf79..d256b885 100644 --- a/lass/1systems/xerxes/source.nix +++ b/lass/1systems/xerxes/source.nix @@ -2,10 +2,4 @@ with import ; import { name = "xerxes"; secure = true; - override = { - nixpkgs.git = mkForce { - url = https://github.com/lassulus/nixpkgs; - ref = "3eccd0b"; - }; - }; } -- cgit v1.2.3 From 92c123397188ae6cf115197862e8d79015995356 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 17:26:43 +0200 Subject: l prism.r: run go-shortener --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index f8178a20..7b581d90 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -303,6 +303,7 @@ in { { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; } ]; } + ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 1820b1753011eb42bb9be30011e6fbd11993b201 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 23:18:05 +0200 Subject: l: add red.r --- lass/1systems/prism/config.nix | 28 ++++++++++++++++++++++++++++ lass/1systems/red/config.nix | 30 ++++++++++++++++++++++++++++++ lass/1systems/red/source.nix | 4 ++++ 3 files changed, 62 insertions(+) create mode 100644 lass/1systems/red/config.nix create mode 100644 lass/1systems/red/source.nix (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 7b581d90..d1faf77b 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -304,6 +304,34 @@ in { ]; } + { + environment.systemPackages = [ pkgs.cryptsetup ]; + systemd.services."container@red".reloadIfChanged = mkForce false; + containers.red = { + config = { ... }: { + environment.systemPackages = [ pkgs.git ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.3"; + localAddress = "10.233.2.4"; + }; + services.nginx.virtualHosts."rote-allez-fraktion.de" = { + enableACME = true; + addSSL = true; + locations."/" = { + extraConfig = '' + proxy_set_header Host rote-allez-fraktion.de; + proxy_pass http://10.233.2.4; + ''; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix new file mode 100644 index 00000000..8c60aed6 --- /dev/null +++ b/lass/1systems/red/config.nix @@ -0,0 +1,30 @@ +with import ; +{ config, lib, pkgs, ... }: +let + inherit (import {inherit lib pkgs;}) + servephpBB + ; +in +{ + imports = [ + + + + + + (servephpBB [ "rote-allez-fraktion.de" ]) + ]; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } + ]; + + krebs.build.host = config.krebs.hosts.red; + boot.isContainer = true; + networking.useDHCP = false; + + services.nginx.enable = true; + environment.systemPackages = [ + pkgs.mk_sql_pair + ]; +} diff --git a/lass/1systems/red/source.nix b/lass/1systems/red/source.nix new file mode 100644 index 00000000..f2bad743 --- /dev/null +++ b/lass/1systems/red/source.nix @@ -0,0 +1,4 @@ +import { + name = "red"; + secure = true; +} -- cgit v1.2.3 From 02e24615adeac1ab6062ba83748eafe7418ac3ed Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 May 2018 15:36:07 +0200 Subject: l prism.r: enable ipv4 forwarding --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d1faf77b..89ea749c 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -104,6 +104,7 @@ in { ]; } { # TODO make new hfos.nix out of this vv + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; users.users.riot = { uid = genid "riot"; isNormalUser = true; -- cgit v1.2.3 From 652b540d4b9978e0b01d6dad0feb725fd79a13d4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 May 2018 15:41:42 +0200 Subject: l red.r: env NIX_REMOTE=daemon --- lass/1systems/red/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix index 8c60aed6..31e2de96 100644 --- a/lass/1systems/red/config.nix +++ b/lass/1systems/red/config.nix @@ -24,6 +24,7 @@ in networking.useDHCP = false; services.nginx.enable = true; + environment.variables.NIX_REMOTE = "daemon"; environment.systemPackages = [ pkgs.mk_sql_pair ]; -- cgit v1.2.3