From fc627d0b999edb8bb7c58f2efa7dcbe1ccb83e7d Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 26 Jan 2017 23:44:31 +0100 Subject: l 1 prism: remove obsolete nin stuff --- lass/1systems/prism.nix | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index d8980a10..86c2c741 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -227,6 +227,7 @@ in { }; } { + # Nin stuff users.users.nin = { uid = genid "nin"; inherit (config.krebs.users.nin) home; @@ -240,18 +241,6 @@ in { "libvirtd" ]; }; - krebs.git.rules = [ - { - user = [ config.krebs.users.nin ]; - repo = [ config.krebs.git.repos.stockholm ]; - perm = with git; push "refs/heads/nin" [ fast-forward non-fast-forward create delete merge ]; - } - ]; - krebs.repo-sync.repos.stockholm.nin = { - origin.url = "http://cgit.prism/stockholm"; - origin.ref = "heads/nin"; - mirror.url = "git@${config.networking.hostName}:stockholm"; - }; krebs.iptables.tables.nat.PREROUTING.rules = [ { v6 = false; precedence = 1000; predicate = "-d 213.239.205.240 -p tcp --dport 1337"; target = "DNAT --to-destination 192.168.122.24:22"; } ]; -- cgit v1.2.3 From c363534571075914bc4bdbab2988c809f3499300 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 26 Jan 2017 23:53:46 +0100 Subject: l 1 prism: I'm not proud of this commit --- lass/1systems/prism.nix | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 86c2c741..386bcf81 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -316,16 +316,16 @@ in { script = pkgs.writePython2 "rup" '' #!${pkgs.python2}/bin/python t1 = """ - _. - ;=',_ () - 8===D~~ S" .--`|| - sS \__ || - __.' ( \-->|| - _=/ _./-\/ || - 8===D~~ ((\( /-' -'l || - ) |/ \\ (_)) - \\ \\ - '~ '~ + _. + ;=',_ () + 8===D~~ S" .--`|| + sS \__ || + __.' ( \-->|| + _=/ _./-\/ || + 8===D~~ ((\( /-' -'l || + ) |/ \\ (_)) + \\ \\ + '~ '~ """ print(t1) ''; -- cgit v1.2.3 From 5d76418bcd977d815c0305c88ef611d16cddb7d4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 30 Jan 2017 22:52:25 +0100 Subject: l 1 mors: cleanup --- lass/1systems/mors.nix | 192 +++++++++++++------------------------------------ 1 file changed, 50 insertions(+), 142 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index dde867eb..afe37e95 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -31,13 +31,6 @@ with import ; ]; } #{ - # services.mysql = { - # enable = true; - # package = pkgs.mariadb; - # rootPassword = "/mysql_rootPassword"; - # }; - #} - #{ # services.elasticsearch = { # enable = true; # plugins = [ @@ -83,140 +76,56 @@ with import ; { services.redis.enable = true; } - { - virtualisation.libvirtd.enable = true; - } - { - services.nginx = { - enable = mkDefault true; - virtualHosts = { - "stats.mors" = { - locations = { - "/" = { - proxyPass = "http://localhost:3000/"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - ''; - }; - }; - }; - }; - }; - - services.grafana = { - enable = true; - addr = "127.0.0.1"; - users.allowSignUp = false; - users.allowOrgCreate = false; - users.autoAssignOrg = false; - auth.anonymous.enable = true; - security = import ; # { AdminUser = ""; adminPassword = ""} - }; - - services.graphite = { - api = { - enable = true; - listenAddress = "127.0.0.1"; - port = 18080; - }; - carbon = { - enableCache = true; - # save disk usage by restricting to 1 bulk update per second - config = '' - [cache] - MAX_CACHE_SIZE = inf - MAX_UPDATES_PER_SECOND = 1 - MAX_CREATES_PER_MINUTE = 500 - ''; - storageSchemas = '' - [carbon] - pattern = ^carbon\. - retentions = 60:90d - - [elchos] - patterhn = ^elchos\. - retentions = 10s:30d,60s:3y - - [default] - pattern = .* - retentions = 30s:30d,300s:1y - ''; - }; - }; - - services.collectd = { - enable = true; - include = [ (toString (pkgs.writeText "collectd-graphite-cfg" '' - LoadPlugin write_graphite - - - Host "localhost" - Port "2003" - EscapeCharacter "_" - StoreRates false - AlwaysAppendDS false - - - '')) - ]; - extraConfig = '' - LoadPlugin interface - LoadPlugin battery - LoadPlugin load - LoadPlugin cpu - LoadPlugin entropy - LoadPlugin write_graphite - - Interface "et0" - Interface "wl0" - Interface "retiolum" - - ''; - }; - services.graphite.beacon = { - enable = true; - config = { - graphite_url = "http://localhost:18080"; - cli = { - command = ''${pkgs.irc-announce}/bin/irc-announce irc.freenode.org 6667 mors-beacon-alert \#krebs ' ''${level} ''${name} ''${value}' ''; - }; - smtp = { - from = "beacon@mors.r"; - to = [ - "lass@mors.r" - ]; - }; - normal_handlers = [ - "smtp" - "cli" - ]; - warning_handlers = [ - "smtp" - "cli" - ]; - critical_handlers = [ - "smtp" - "cli" - ]; - alerts = [ - { - name = "testbattery"; - query = "*.battery-0.capacity"; - method = "last_value"; - interval = "1minute"; - logging = "info"; - repeat_interval = "5minute"; - rules = [ - "warning: < 30.0" - "critical: < 10.0" - ]; - } - ]; - }; - }; - } + #{ + # #gitit magic + # imports = [ ]; + # services.gitit = { + # enable = true; + # haskellPackages = pkgs.haskell.packages.ghc7103; + # }; + #} + #{ + # lass.icinga2 = { + # enable = true; + # configFiles = [ + # '' + # template Service "generic-service" { + # max_check_attempts = 3 + # check_interval = 5m + # retry_interval = 1m + # enable_perfdata = true + # } + # apply Service "ping4" { + # } + # '' + # ]; + # }; + # services.mysql = { + # enable = true; + # package = pkgs.mariadb; + # rootPassword = "/mysql_rootPassword"; + # }; + # lass.icingaweb2 = { + # enable = true; + # initialRootPasswordHash = "$1$HpWDCehI$ITbAoyfOB6HEN1ftooxZq0"; + # resources = { + # icinga2db = { + # type = "mysql"; + # host = "localhost"; + # user = "icingaweb2"; + # db = "icinga"; + # passfile = ; + # }; + # icingaweb2db = { + # type = "mysql"; + # host = "localhost"; + # user = "icingaweb2"; + # db = "icingaweb2"; + # passfile = ; + # }; + # }; + # }; + #} ]; krebs.build.host = config.krebs.hosts.mors; @@ -229,7 +138,6 @@ with import ; initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; }; fileSystems = { "/" = { -- cgit v1.2.3 From d9c5f0d8de9e49ac0b406412e781ed1390c6ece6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 30 Jan 2017 22:55:30 +0100 Subject: l 1 prism: remove obsolete public_html --- lass/1systems/prism.nix | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 386bcf81..b89fcf01 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -202,20 +202,6 @@ in { ]; }; } - { - services.nginx = { - enable = true; - virtualHosts.public = { - port = 8088; - locations."~ ^/~(.+?)(/.*)?\$".extraConfig = '' - alias /home/$1/public_html$2; - ''; - }; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8088"; target = "ACCEPT"; } - ]; - } { krebs.repo-sync.timerConfig = { OnCalendar = "*:0/5"; -- cgit v1.2.3 From d70028d9e788c6156ad674678734c546f1fcc246 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 30 Jan 2017 22:58:39 +0100 Subject: l 1 prism: import monitoring server --- lass/1systems/prism.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index b89fcf01..839e52f8 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -43,6 +43,7 @@ in { ../2configs/libvirt.nix ../2configs/hfos.nix ../2configs/makefu-sip.nix + ../2configs/monitoring/server.nix { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories -- cgit v1.2.3 From 8f4ed1af13a6ef0533f36dc22117434aea22a764 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 31 Jan 2017 16:57:56 +0100 Subject: l 1 prism: import bepasty.nix --- lass/1systems/prism.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 839e52f8..b92c8d90 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -44,6 +44,7 @@ in { ../2configs/hfos.nix ../2configs/makefu-sip.nix ../2configs/monitoring/server.nix + ../2configs/bepasty.nix { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories -- cgit v1.2.3 From dfa32223172e6d5324c3d186d4720461e684cd7f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 31 Jan 2017 17:14:30 +0100 Subject: l 1 prism: protect bepasty from external ip --- lass/1systems/prism.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index b92c8d90..5fa86da4 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -44,7 +44,16 @@ in { ../2configs/hfos.nix ../2configs/makefu-sip.nix ../2configs/monitoring/server.nix - ../2configs/bepasty.nix + { + imports = [ + ../2configs/bepasty.nix + ]; + krebs.bepasty.servers."paste.r".nginx.extraConfig = '' + if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { + return 403; + } + ''; + } { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories -- cgit v1.2.3 From 698894853abba6e1730f10a64d35c2a01af96d99 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 3 Feb 2017 00:21:34 +0100 Subject: l 1 mors: remove /mnt/public --- lass/1systems/mors.nix | 5 ----- 1 file changed, 5 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index afe37e95..a5eaaed9 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -174,11 +174,6 @@ with import ; fsType = "ext4"; }; - "/mnt/public" = { - device = "/dev/big/public"; - fsType = "ext4"; - }; - "/mnt/conf" = { device = "/dev/big/conf"; fsType = "ext4"; -- cgit v1.2.3 From 48dc0a6aa973f9c069b860bedaffdb4dd0583b08 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 3 Feb 2017 00:21:49 +0100 Subject: l 1 prism: remvoe sed-plugin from #coders bot --- lass/1systems/prism.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 5fa86da4..f9654ac4 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -258,7 +258,6 @@ in { -XFlexibleInstances -XMultiParamTypeClasses \ -XOverloadedStrings -XFunctionalDependencies \''; in [ - sed-plugin url-title (buildSimpleReaktorPlugin "lambdabot-pl" { pattern = "^@pl (?P.*)$$"; -- cgit v1.2.3