From 3ef9a0744e716ab2c5484c253c1cb40dd703e1b0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Jun 2016 22:09:57 +0200 Subject: l 1: move hardware: mors <-> shodan --- lass/1systems/mors.nix | 4 ++-- lass/1systems/shodan.nix | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index a7a1fd25..b044939d 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -131,8 +131,8 @@ }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0" ''; #TODO activationScripts seem broken, fix them! diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 6829428f..b05b9d26 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -69,8 +69,8 @@ with builtins; }; }; - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" - # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" - #''; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + ''; } -- cgit v1.2.3 From b447c3953334947421eb4693f66050c37acf2c34 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Jun 2016 22:11:11 +0200 Subject: l 1 mors: disable broken startupScript --- lass/1systems/mors.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index b044939d..598e502a 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -146,7 +146,7 @@ #Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp] #echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control' #Autosuspend for USB device Biometric Coprocessor - echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control' + #echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control' #Runtime PMs echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' -- cgit v1.2.3 From 85ab676579beac3083b6c278858c0efea4efb358 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Jun 2016 22:11:52 +0200 Subject: l 1 shodan: activate git --- lass/1systems/shodan.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index b05b9d26..9a29682a 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -5,6 +5,7 @@ with builtins; imports = [ ../. ../2configs/baseX.nix + ../2configs/git.nix ../2configs/exim-retiolum.nix ../2configs/browsers.nix ../2configs/programs.nix -- cgit v1.2.3 From fd95a5a2049580ef66886ca15563bcf798d254b2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Jun 2016 22:12:55 +0200 Subject: l 1 shodan: mount /dev/pool/home-lass --- lass/1systems/shodan.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 9a29682a..073d8679 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -68,6 +68,11 @@ with builtins; "/boot" = { device = "/dev/sda1"; }; + + "/home/lass" = { + device = "/dev/pool/home-lass"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' -- cgit v1.2.3 From 72335ce00ec759e5b9d7a1468fe517e66948d8ed Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 8 Jun 2016 18:22:15 +0200 Subject: l 1 prism: serve nix-cache --- lass/1systems/prism.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 6ed80ac3..9a9bd473 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -210,6 +210,30 @@ in { '') ]; } + { + services.nix-serve = { + enable = true; + secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + }; + systemd.services.nix-serve = { + requires = ["secret.service"]; + after = ["secret.service"]; + }; + krebs.secret.files.nix-serve-key = { + path = "/run/secret/nix-serve.key"; + owner.name = "nix-serve"; + source-path = toString + "/nix-serve.key"; + }; + krebs.nginx = { + enable = true; + servers.nix-serve = { + server-names = [ "cache.prism.r" ]; + locations = lib.singleton (lib.nameValuePair "/" '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + ''); + }; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 69c36df9acb0ca85c7412bf2ebb815fe827c0ba9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Jun 2016 13:48:43 +0200 Subject: l 1 mors: add umts config --- lass/1systems/mors.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 598e502a..beb5659d 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -29,6 +29,7 @@ ../2configs/cbase.nix ../2configs/mail.nix ../2configs/krebs-pass.nix + ../2configs/umts.nix #../2configs/buildbot-standalone.nix { #risk of rain port -- cgit v1.2.3 From 92fac1a26e0ab67c295d7cb8984d88e9e022ed1e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 13 Jun 2016 18:19:35 +0200 Subject: l 1 dishfire: activate simple exim-smarthost --- lass/1systems/dishfire.nix | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index b5e55195..ec9f5369 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -5,7 +5,7 @@ ../. ../2configs/default.nix - ../2configs/exim-retiolum.nix + #../2configs/exim-retiolum.nix ../2configs/git.nix { boot.loader.grub = { @@ -63,6 +63,35 @@ { predicate = "-p tcp --dport https"; target = "ACCEPT"; } ]; } + { + #TODO: abstract & move to own file + krebs.exim-smarthost = { + enable = true; + relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + config.krebs.hosts.mors + config.krebs.hosts.uriel + config.krebs.hosts.helios + ]; + system-aliases = [ + { from = "mailer-daemon"; to = "postmaster"; } + { from = "postmaster"; to = "root"; } + { from = "nobody"; to = "root"; } + { from = "hostmaster"; to = "root"; } + { from = "usenet"; to = "root"; } + { from = "news"; to = "root"; } + { from = "webmaster"; to = "root"; } + { from = "www"; to = "root"; } + { from = "ftp"; to = "root"; } + { from = "abuse"; to = "root"; } + { from = "noc"; to = "root"; } + { from = "security"; to = "root"; } + { from = "root"; to = "lass"; } + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.dishfire; -- cgit v1.2.3 From 401d80610243f1eac1fcb123f51ce3ea6e2280da Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Jun 2016 19:21:11 +0200 Subject: l 2: rename cbase to c-base --- lass/1systems/mors.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index beb5659d..062e4c29 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -26,11 +26,10 @@ ../2configs/teamviewer.nix ../2configs/libvirt.nix ../2configs/fetchWallpaper.nix - ../2configs/cbase.nix + ../2configs/c-base.nix ../2configs/mail.nix ../2configs/krebs-pass.nix ../2configs/umts.nix - #../2configs/buildbot-standalone.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ -- cgit v1.2.3 From dd1c0e7a587a2580ddb0ca4fd318324bcb21e214 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 24 Jun 2016 15:35:47 +0200 Subject: l 1 prism: activate repo-sync --- lass/1systems/prism.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 9a9bd473..d4207d2e 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -19,6 +19,7 @@ in { ../2configs/privoxy-retiolum.nix ../2configs/radio.nix ../2configs/buildbot-standalone.nix + ../2configs/repo-sync.nix { imports = [ ../2configs/git.nix -- cgit v1.2.3 From 2b74d0defdc3c97ffa5e1f18a5e86637f208d7cb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 25 Jun 2016 18:38:30 +0200 Subject: l: cleanup --- lass/1systems/cloudkrebs.nix | 1 - lass/1systems/echelon.nix | 2 +- lass/1systems/mors.nix | 38 +------------------------------------- lass/1systems/prism.nix | 2 +- lass/1systems/shodan.nix | 26 +------------------------- 5 files changed, 4 insertions(+), 65 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index a3cc9d7b..5aa35f5a 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -13,7 +13,6 @@ in { ../2configs/retiolum.nix ../2configs/git.nix ../2configs/realwallpaper.nix - ../2configs/realwallpaper-server.nix ../2configs/privoxy-retiolum.nix { networking.interfaces.enp2s1.ip4 = [ diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index 97734a7b..8d944ed4 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -11,7 +11,7 @@ in { ../2configs/default.nix ../2configs/exim-retiolum.nix ../2configs/retiolum.nix - ../2configs/realwallpaper-server.nix + ../2configs/realwallpaper.nix ../2configs/privoxy-retiolum.nix ../2configs/git.nix #../2configs/redis.nix diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 062e4c29..cccfa791 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -3,6 +3,7 @@ { imports = [ ../. + ../2configs/hw/tp-x220.nix ../2configs/baseX.nix ../2configs/exim-retiolum.nix ../2configs/programs.nix @@ -14,14 +15,9 @@ ../2configs/elster.nix ../2configs/steam.nix ../2configs/wine.nix - #../2configs/texlive.nix - ../2configs/binary-caches.nix - #../2configs/ircd.nix ../2configs/chromium-patched.nix ../2configs/git.nix - #../2configs/wordpress.nix ../2configs/bitlbee.nix - #../2configs/firefoxPatched.nix ../2configs/skype.nix ../2configs/teamviewer.nix ../2configs/libvirt.nix @@ -57,17 +53,10 @@ # package = pkgs.postgresql; # }; #} - { - } ]; krebs.build.host = config.krebs.hosts.mors; - networking.wireless.enable = true; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - boot = { loader.grub.enable = true; loader.grub.version = 2; @@ -77,7 +66,6 @@ initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; }; fileSystems = { "/" = { @@ -168,22 +156,6 @@ echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control' ''; - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; - environment.systemPackages = with pkgs; [ acronym cac-api @@ -217,12 +189,4 @@ services.mongodb = { enable = true; }; - - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; } - ]; - }; - }; } diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index d4207d2e..34c1ef69 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -203,7 +203,7 @@ in { } { imports = [ - ../2configs/realwallpaper-server.nix + ../2configs/realwallpaper.nix ]; krebs.nginx.servers."lassul.us".locations = [ (lib.nameValuePair "/wallpaper.png" '' diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 073d8679..96d64bda 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -4,6 +4,7 @@ with builtins; { imports = [ ../. + ../2configs/hw/tp-x220.nix ../2configs/baseX.nix ../2configs/git.nix ../2configs/exim-retiolum.nix @@ -20,34 +21,10 @@ with builtins; # }; # }; #} - { - #x220 config from mors - #TODO: make x220 config file (or look in other user dir) - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; - } ]; krebs.build.host = config.krebs.hosts.shodan; - networking.wireless.enable = true; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - boot = { loader.grub.enable = true; loader.grub.version = 2; @@ -57,7 +34,6 @@ with builtins; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; }; fileSystems = { "/" = { -- cgit v1.2.3 From f6d5a9716f8a9dbefbeae19e43b5324f90cb543b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 25 Jun 2016 18:56:39 +0200 Subject: l: move binary-cache config to 2 --- lass/1systems/prism.nix | 25 +------------------------ 1 file changed, 1 insertion(+), 24 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 34c1ef69..8dfc11f6 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -20,6 +20,7 @@ in { ../2configs/radio.nix ../2configs/buildbot-standalone.nix ../2configs/repo-sync.nix + ../2configs/binary-cache/server.nix { imports = [ ../2configs/git.nix @@ -211,30 +212,6 @@ in { '') ]; } - { - services.nix-serve = { - enable = true; - secretKeyFile = config.krebs.secret.files.nix-serve-key.path; - }; - systemd.services.nix-serve = { - requires = ["secret.service"]; - after = ["secret.service"]; - }; - krebs.secret.files.nix-serve-key = { - path = "/run/secret/nix-serve.key"; - owner.name = "nix-serve"; - source-path = toString + "/nix-serve.key"; - }; - krebs.nginx = { - enable = true; - servers.nix-serve = { - server-names = [ "cache.prism.r" ]; - locations = lib.singleton (lib.nameValuePair "/" '' - proxy_pass http://localhost:${toString config.services.nix-serve.port}; - ''); - }; - }; - } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 70d375985262e148238fce406027a161fbd1d765 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 26 Jun 2016 17:55:21 +0200 Subject: l 1 mors: activate repo-sync --- lass/1systems/mors.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index cccfa791..d7b19f2b 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -26,6 +26,7 @@ ../2configs/mail.nix ../2configs/krebs-pass.nix ../2configs/umts.nix + ../2configs/repo-sync.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ -- cgit v1.2.3 From 1012224e6707324ba075092017a0c2a9421ddfa7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jun 2016 17:24:36 +0200 Subject: little bit of code cleanup --- lass/1systems/prism.nix | 6 ------ 1 file changed, 6 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 8dfc11f6..5477a8b8 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -68,8 +68,6 @@ in { } { - #boot.loader.gummiboot.enable = true; - #boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { devices = [ "/dev/sda" @@ -112,10 +110,6 @@ in { { sound.enable = false; } - #{ - # #workaround for server dying after 6-7h - # boot.kernelPackages = pkgs.linuxPackages_4_2; - #} { nixpkgs.config.allowUnfree = true; } -- cgit v1.2.3 From 8fd02a0cccc3cda258956fe400997a2e3ede496d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jun 2016 17:25:12 +0200 Subject: l 1 mors: sync repos once daily --- lass/1systems/mors.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index d7b19f2b..f26f0ed5 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -187,6 +187,10 @@ }; }; + krebs.repo-sync.timerConfig = { + OnCalendar = "00:37"; + }; + services.mongodb = { enable = true; }; -- cgit v1.2.3