From 2912ca43a9607f88780535fc32c5ad0a43d7bd3a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 19:00:04 +0100 Subject: l blue: add l-gen-secrets --- lass/2configs/blue.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index 68f2256cf..4d4a92eb9 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -15,6 +15,7 @@ with (import ); dic nmap git-preview + l-gen-secrets ]; services.tor.enable = true; -- cgit v1.2.3 From 95c9cd185bdd29b19454a771d5a98d7c594d7cdb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 19:02:49 +0100 Subject: l ciko: chmod +x --- lass/2configs/ciko.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix index b08cf9307..6818db460 100644 --- a/lass/2configs/ciko.nix +++ b/lass/2configs/ciko.nix @@ -19,5 +19,9 @@ with import ; "slash16.net" ]; }; + + system.activationScripts.user-shadow = '' + ${pkgs.coreutils}/bin/chmod +x /home/ciko + ''; } -- cgit v1.2.3 From 4a5608ba7bb92450ca5c3ef5567818d65b0330a9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 19:03:08 +0100 Subject: l: add neocron@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 6ef3c8595..733115a74 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -90,6 +90,7 @@ with import ; { from = "afra@lassul.us"; to = lass.mail; } { from = "ksp@lassul.us"; to = lass.mail; } { from = "ccc@lassul.us"; to = lass.mail; } + { from = "neocron@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From 93b4db56dfbb4981e5732cad981fba899c1309ce Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 19:03:43 +0100 Subject: l games: add steam-run & dolphinEmu to pkgs --- lass/2configs/games.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 17c3cf3be..49602898e 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -75,6 +75,8 @@ in { packages = with pkgs; [ ftb minecraft + steam-run + dolphinEmu ]; }; }; -- cgit v1.2.3 From ab6b32baa7282a5127def657dc0e595464b0bf9c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 19:13:01 +0100 Subject: l git: chmod +x /var/spool --- lass/2configs/git.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index c5b5c01fb..62173e33f 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -21,6 +21,10 @@ let krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } ]; + + system.activationScripts.spool-chmod = '' + ${pkgs.coreutils}/bin/chmod +x /var/spool + ''; }; cgit-clear-cache = pkgs.cgit-clear-cache.override { -- cgit v1.2.3 From 1c473c7c203e30aa7f48715c965786350084f901 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 19:15:11 +0100 Subject: l mail: add nix@lassul.us to nix ml --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index e50689254..46939c97e 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -51,7 +51,7 @@ let gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; lugs = [ "to:lugs@lug-s.org" ]; - nix-devel = [ "to:nix-devel@googlegroups.com" ]; + nix = [ "to:nix-devel@googlegroups.com" "to:nix@lassul.us" ]; patreon = [ "to:patreon@lassul.us" ]; paypal = [ "to:paypal@lassul.us" ]; ptl = [ "to:ptl@posttenebraslab.ch" ]; -- cgit v1.2.3 From 70c12e9b021d2b5e532110713a6456ab312f6b64 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 19:38:54 +0100 Subject: l sqlBackup: remove mysql_password --- lass/2configs/websites/sqlBackup.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix index 2fffa6cc9..897e35e61 100644 --- a/lass/2configs/websites/sqlBackup.nix +++ b/lass/2configs/websites/sqlBackup.nix @@ -11,7 +11,6 @@ enable = true; dataDir = "/var/mysql"; package = pkgs.mariadb; - rootPassword = config.krebs.secret.files.mysql_rootPassword.path; }; systemd.services.mysql = { -- cgit v1.2.3 From 96a3e3c35d305699b7f279c3ea2fd0a18c8d6e97 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 21:46:35 +0100 Subject: l realwallpaper: serve realwallpaper-krebs.png --- lass/2configs/realwallpaper.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index 116d66276..16b999817 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -22,10 +22,7 @@ in { locations."/realwallpaper.png".extraConfig = '' root /var/realwallpaper/; ''; - locations."/realwallpaper-sat.png".extraConfig = '' - root /var/realwallpaper/; - ''; - locations."/realwallpaper-sat-krebs.png".extraConfig = '' + locations."/realwallpaper-krebs.png".extraConfig = '' root /var/realwallpaper/; ''; }; -- cgit v1.2.3 From 271871090289d166ea34ae41df63eaa1cf26da19 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 21:45:27 +0100 Subject: l & m: fetchWallpaper: fetch realwallpaper-krebs.png --- lass/2configs/fetchWallpaper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index 31a01c754..e756c3424 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -6,7 +6,7 @@ in { krebs.fetchWallpaper = { enable = true; unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; - url = "prism/realwallpaper-sat-krebs.png"; + url = "prism/realwallpaper-krebs.png"; maxTime = 10; }; } -- cgit v1.2.3 From d41f85b671433be0576f03554e92d4756e608c75 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 21:45:52 +0100 Subject: l binary-cache: serve under cache.{krebsco.de,lassul.us} --- lass/2configs/binary-cache/server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index 991bbeb54..220e41d0a 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -20,7 +20,7 @@ services.nginx = { enable = true; virtualHosts.nix-serve = { - serverAliases = [ "cache.prism.r" ]; + serverAliases = [ "cache.prism.r" "cache.krebsco.de" "cache.lassul.us" ]; locations."/".extraConfig = '' proxy_pass http://localhost:${toString config.services.nix-serve.port}; ''; -- cgit v1.2.3 From 30a6c5219a120b7323e46c621a21da7ab8fc1d29 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 21:46:12 +0100 Subject: l realwallpaper: chmod +x --- lass/2configs/realwallpaper.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index 16b999817..e0cb37f67 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let hostname = config.krebs.build.host.name; @@ -9,6 +9,9 @@ let in { krebs.realwallpaper.enable = true; + system.activationScripts.user-shadow = '' + ${pkgs.coreutils}/bin/chmod +x /var/realwallpaper + ''; services.nginx.virtualHosts.wallpaper = { extraConfig = '' if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { -- cgit v1.2.3 From 0435b6511f87c2f74b4d7b45e28c5eef32116228 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Nov 2018 21:39:29 +0100 Subject: l: add osmocom@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 733115a74..bf43ee7d1 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -91,6 +91,7 @@ with import ; { from = "ksp@lassul.us"; to = lass.mail; } { from = "ccc@lassul.us"; to = lass.mail; } { from = "neocron@lassul.us"; to = lass.mail; } + { from = "osmocom@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From 5e3955c79a0e33a379795be787f5a3496191d35b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:13:48 +0100 Subject: l blue-host: add start/stop scripts --- lass/2configs/blue-host.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 83c235f3e..a40685775 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -20,4 +20,23 @@ with import ; hostAddress = "10.233.2.9"; localAddress = "10.233.2.10"; }; + environment.systemPackages = [ + (pkgs.writeDashBin "start-blue" '' + set -ef + if ping -c1 blue.r; then + echo 'blue is already running. bailing out' + exit 23 + fi + if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then + ${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue + fi + nixos-container start blue + nixos-container run blue -- nixos-rebuild -I /var/src switch + '') + (pkgs.writeDashBin "stop-blue" '' + set -ef + nixos-container stop blue + fusermount -u /var/lib/containers/blue + '') + ]; } -- cgit v1.2.3 From 021d4960dbb1401245bd2a509b4529eae74c49a1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:14:08 +0100 Subject: l blue-host: add rxvt_unicode.terminfo --- lass/2configs/blue-host.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index a40685775..f9da05073 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -8,7 +8,10 @@ with import ; systemd.services."container@blue".reloadIfChanged = mkForce false; containers.blue = { config = { ... }: { - environment.systemPackages = [ pkgs.git ]; + environment.systemPackages = [ + pkgs.git + pkgs.rxvt_unicode.terminfo + ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey -- cgit v1.2.3 From 0646503bfbad54a61315da7d77679722d90e79d8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:14:21 +0100 Subject: l blue-host: don't autostart --- lass/2configs/blue-host.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index f9da05073..2302c70ec 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -17,7 +17,7 @@ with import ; config.krebs.users.lass.pubkey ]; }; - autoStart = true; + autoStart = false; enableTun = true; privateNetwork = true; hostAddress = "10.233.2.9"; -- cgit v1.2.3 From 46e00f3c28fe983516f29192939b98b884311885 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:14:54 +0100 Subject: l prometheus: enable anonymous grafana login --- lass/2configs/monitoring/prometheus-server.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix index aef671636..b7083c776 100644 --- a/lass/2configs/monitoring/prometheus-server.nix +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -177,7 +177,8 @@ addr = "0.0.0.0"; domain = "grafana.example.com"; rootUrl = "https://grafana.example.com/"; - security = import ; # { AdminUser = ""; adminPassword = ""} + auth.anonymous.enable = true; + auth.anonymous.org_role = "Admin"; }; }; services.logstash = { -- cgit v1.2.3 From 64e435e25e830b4be12062c1538db643c17822df Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:15:56 +0100 Subject: l domsen: add xanf user --- lass/2configs/websites/domsen.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 828cab95f..4935268a4 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -139,6 +139,13 @@ in { ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; + users.users.xanf = { + uid = genid_uint31 "xanf"; + home = "/home/xanf"; + useDefaultShell = true; + createHome = true; + }; + users.users.domsen = { uid = genid_uint31 "domsen"; description = "maintenance acc for domsen"; -- cgit v1.2.3 From 81c18a4f44c44dbff4e100316aca28f8db17e14e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:32:04 +0100 Subject: l mail: add more vboxes --- lass/2configs/mail.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 46939c97e..d9589ce86 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -31,6 +31,7 @@ let ''; mailboxes = { + afra = [ "to:afra@afra-berlin.de" ]; c-base = [ "to:c-base.org" ]; coins = [ "to:btce@lassul.us" @@ -49,8 +50,10 @@ let eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; + india = [ "to:hillhackers@lists.hillhacks.in" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; lugs = [ "to:lugs@lug-s.org" ]; + meetup = [ "to:meetup@lassul.us" ]; nix = [ "to:nix-devel@googlegroups.com" "to:nix@lassul.us" ]; patreon = [ "to:patreon@lassul.us" ]; paypal = [ "to:paypal@lassul.us" ]; -- cgit v1.2.3 From 9807d6823b31f36eb6b255cf7a01431e7e44a74e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 23:02:17 +0100 Subject: l blue-host: sync state, start only when safe --- lass/2configs/blue-host.nix | 74 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 66 insertions(+), 8 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 2302c70ec..be9f68c08 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -1,11 +1,28 @@ { config, lib, pkgs, ... }: with import ; +let + all_hosts = [ + "icarus" + "shodan" + "daedalus" + "skynet" + "prism" + ]; + remote_hosts = filter (h: h != config.networking.hostName) all_hosts; -{ +in { imports = [ + { #hack for already defined + systemd.services."container@blue".reloadIfChanged = mkForce false; + systemd.services."container@blue".preStart = '' + ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue' + ''; + systemd.services."container@blue".preStop = '' + /run/wrappers/bin/fusermount -u /var/lib/containers/blue + ''; + } ]; - systemd.services."container@blue".reloadIfChanged = mkForce false; containers.blue = { config = { ... }: { environment.systemPackages = [ @@ -23,10 +40,56 @@ with import ; hostAddress = "10.233.2.9"; localAddress = "10.233.2.10"; }; + + + systemd.services = builtins.listToAttrs (map (host: + let + in nameValuePair "sync-blue-${host}" { + bindsTo = [ "container@blue.service" ]; + wantedBy = [ "container@blue.service" ]; + # ssh needed for rsync + path = [ pkgs.openssh ]; + serviceConfig = { + Restart = "always"; + RestartSec = 10; + ExecStart = pkgs.writeDash "sync-blue-${host}" '' + set -efu + #make sure blue is running + /run/wrappers/bin/ping -c1 blue.r > /dev/null + + #make sure the container is unlocked + ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue' + + #make sure our target is reachable + ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null + + #start sync + ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" '' + settings { + nodaemon = true, + inotifyMode = "CloseWrite or Modify", + } + sync { + default.rsyncssh, + source = "/var/lib/containers/.blue", + host = "${host}.r", + targetdir = "/var/lib/containers/.blue", + ssh = { + binary = "${pkgs.openssh}/bin/ssh"; + identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa", + }, + } + ''} + ''; + }; + unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; + } + ) remote_hosts); + environment.systemPackages = [ (pkgs.writeDashBin "start-blue" '' set -ef - if ping -c1 blue.r; then + if ping -c1 blue.r >/dev/null; then echo 'blue is already running. bailing out' exit 23 fi @@ -36,10 +99,5 @@ with import ; nixos-container start blue nixos-container run blue -- nixos-rebuild -I /var/src switch '') - (pkgs.writeDashBin "stop-blue" '' - set -ef - nixos-container stop blue - fusermount -u /var/lib/containers/blue - '') ]; } -- cgit v1.2.3 From 24a82d39f57be38898519edea6baaf6c04741ecb Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 23:02:48 +0100 Subject: l mail: add hackbeach to india vbox --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index d9589ce86..b5bbea750 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -50,7 +50,7 @@ let eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; - india = [ "to:hillhackers@lists.hillhacks.in" ]; + india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; lugs = [ "to:lugs@lug-s.org" ]; meetup = [ "to:meetup@lassul.us" ]; -- cgit v1.2.3 From 9f9a53723bd79b029d398c0542a686bd8ed56151 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 00:59:40 +0100 Subject: l blue-host: fix permissions --- lass/2configs/blue-host.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index be9f68c08..e80ce326a 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -23,6 +23,12 @@ in { ''; } ]; + + system.activationScripts.containerPermissions = '' + mkdir -p /var/lib/containers + chmod 711 /var/lib/containers + ''; + containers.blue = { config = { ... }: { environment.systemPackages = [ -- cgit v1.2.3 From 304059b1da4ac256d1487e83a7280d0db6615c2d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:00:14 +0100 Subject: l blue-host: sync also owner and group --- lass/2configs/blue-host.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index e80ce326a..6d46cb8c1 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -80,6 +80,10 @@ in { source = "/var/lib/containers/.blue", host = "${host}.r", targetdir = "/var/lib/containers/.blue", + rsync = { + owner = true, + group = true, + }; ssh = { binary = "${pkgs.openssh}/bin/ssh"; identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa", -- cgit v1.2.3 From a1c261d61b243549bb2525da57bf3fada805f7f5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:00:59 +0100 Subject: l blue-host: dry-build blue first --- lass/2configs/blue-host.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 6d46cb8c1..fba996743 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -99,14 +99,15 @@ in { environment.systemPackages = [ (pkgs.writeDashBin "start-blue" '' set -ef - if ping -c1 blue.r >/dev/null; then - echo 'blue is already running. bailing out' - exit 23 - fi if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then ${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue fi nixos-container start blue + nixos-container run blue -- nixos-rebuild -I /var/src dry-build + if ping -c1 blue.r >/dev/null; then + echo 'blue is already running. bailing out' + exit 23 + fi nixos-container run blue -- nixos-rebuild -I /var/src switch '') ]; -- cgit v1.2.3 From f19b35b7ab0a272724d39b8cfd65181e220c727a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:01:16 +0100 Subject: l fetchWallpaper: remove maxTime --- lass/2configs/fetchWallpaper.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index e756c3424..065ee9c42 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -7,7 +7,6 @@ in { enable = true; unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; url = "prism/realwallpaper-krebs.png"; - maxTime = 10; }; } -- cgit v1.2.3 From 8a6fd4d0044259574fec1b16d3ea441aee5eedda Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:01:56 +0100 Subject: l radio: add mp3 stream --- lass/2configs/radio.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index bf6855804..85faded14 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -60,10 +60,25 @@ in { group = "radio"; musicDirectory = "/home/radio/the_playlist/music"; extraConfig = '' + audio_output { + type "shout" + encoding "lame" + name "the_playlist_mp3" + host "localhost" + port "8000" + mount "/radio.mp3" + password "${source-password}" + bitrate "128" + + format "44100:16:2" + + user "source" + genre "good music" + } audio_output { type "shout" encoding "ogg" - name "the_playlist" + name "the_playlist_ogg" host "localhost" port "8000" mount "/radio.ogg" -- cgit v1.2.3 From d1020af2b3aac2d823240627980f846e6dc9797c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 04:01:13 +0100 Subject: l: add ssl for cache.{krebsco.de,lassul.us} --- lass/2configs/binary-cache/server.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index 220e41d0a..86158c468 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -20,7 +20,14 @@ services.nginx = { enable = true; virtualHosts.nix-serve = { - serverAliases = [ "cache.prism.r" "cache.krebsco.de" "cache.lassul.us" ]; + serverAliases = [ "cache.prism.r" ]; + locations."/".extraConfig = '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + ''; + }; + virtualHosts."cache.krebsco.de" = { + serverAliases = [ "cache.lassul.us" ]; + enableACME = true; locations."/".extraConfig = '' proxy_pass http://localhost:${toString config.services.nix-serve.port}; ''; -- cgit v1.2.3 From 42405d18cffbf9ef42ea5e29f0c3ae9ab607471a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 04:01:58 +0100 Subject: l: add lesswrong@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index bf43ee7d1..9bb70d1c2 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -92,6 +92,7 @@ with import ; { from = "ccc@lassul.us"; to = lass.mail; } { from = "neocron@lassul.us"; to = lass.mail; } { from = "osmocom@lassul.us"; to = lass.mail; } + { from = "lesswrong@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From eef1d7877defd7c310dc20f62bf96c7b8f408044 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 04:02:22 +0100 Subject: l mails: add dn42 vbox --- lass/2configs/mail.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index b5bbea750..9ea91ae19 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -47,6 +47,7 @@ let ]; dezentrale = [ "to:dezentrale.space" ]; dhl = [ "to:dhl@lassul.us" ]; + dn42 = [ "to:dn42@lists.nox.tf" ]; eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; -- cgit v1.2.3 From 740f8c8ccfca38d7fc164a8c99bb6df6249c0d22 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:35:00 +0100 Subject: l: move download stuff to yellow.r --- lass/2configs/downloading.nix | 65 ------------------------------------------- 1 file changed, 65 deletions(-) delete mode 100644 lass/2configs/downloading.nix (limited to 'lass/2configs') diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix deleted file mode 100644 index 8d0fb0d02..000000000 --- a/lass/2configs/downloading.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -{ - users.extraUsers = { - download = { - name = "download"; - home = "/var/download"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - lass-shodan.pubkey - lass-icarus.pubkey - lass-daedalus.pubkey - lass-helios.pubkey - makefu.pubkey - wine-mors.pubkey - ]; - }; - - transmission = { - extraGroups = [ - "download" - ]; - }; - }; - - users.extraGroups = { - download = { - members = [ - "download" - "transmission" - ]; - }; - }; - - krebs.rtorrent = { - enable = true; - web = { - enable = true; - port = 9091; - basicAuth = import ; - }; - rutorrent.enable = true; - enableXMLRPC = true; - listenPort = 51413; - downloadDir = "/var/download/finished"; - # dump old torrents into watch folder to have them re-added - watchDir = "/var/download/watch"; - }; - - krebs.iptables = { - enable = true; - tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } - { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } - ]; - }; -} -- cgit v1.2.3 From 2a904d988555629deb043e6641434253d544d480 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:37:02 +0100 Subject: l: add nordvpn@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 9bb70d1c2..1ee45bb41 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -93,6 +93,7 @@ with import ; { from = "neocron@lassul.us"; to = lass.mail; } { from = "osmocom@lassul.us"; to = lass.mail; } { from = "lesswrong@lassul.us"; to = lass.mail; } + { from = "nordvpn@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From 3f5d31bb2ef3ec4b9cc53d742e9303e1577fb260 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:37:42 +0100 Subject: l websites: remove deprecated stuff --- lass/2configs/websites/lassulus.nix | 16 ---------------- 1 file changed, 16 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index b72b20928..6470d86f7 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -66,22 +66,6 @@ in { locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; - locations."/urlaubyay2018".extraConfig = '' - autoindex on; - alias /srv/http/lassul.us-media/india2018; - auth_basic "Restricted Content"; - auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' - paolo:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 - ''}; - ''; - locations."/heilstadt".extraConfig = '' - autoindex on; - alias /srv/http/lassul.us-media/grabowsee2018; - auth_basic "Restricted Content"; - auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' - c-base:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 - ''}; - ''; locations."/krebspage".extraConfig = '' default_type "text/html"; alias ${pkgs.krebspage}/index.html; -- cgit v1.2.3 From 2e81c4edeed70b9e5a94eb06be4692d757e2bce8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:43:01 +0100 Subject: l: add dummy-secret nordvpn.txt --- lass/2configs/tests/dummy-secrets/nordvpn.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 lass/2configs/tests/dummy-secrets/nordvpn.txt (limited to 'lass/2configs') diff --git a/lass/2configs/tests/dummy-secrets/nordvpn.txt b/lass/2configs/tests/dummy-secrets/nordvpn.txt new file mode 100644 index 000000000..e69de29bb -- cgit v1.2.3 From cef8060bedcc33cf4b6e2781bdcbb97c2c0edba4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 07:48:49 +0100 Subject: l: override dmenu with fzfmenu --- lass/2configs/baseX.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 9b44e8f0e..d781f8c71 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -126,6 +126,12 @@ in { restartIfChanged = false; }; + nixpkgs.config.packageOverrides = super: { + dmenu = pkgs.writeDashBin "dmenu" '' + ${pkgs.fzfmenu}/bin/fzfmenu "$@" + ''; + }; + krebs.xresources.enable = true; lass.screenlock.enable = true; } -- cgit v1.2.3 From 0db666620399b996ff2755750f45113f039a8046 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 23:12:06 +0100 Subject: l binary-cache: fix nginx SSL config --- lass/2configs/binary-cache/server.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index 86158c468..d3775b5df 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -26,6 +26,7 @@ ''; }; virtualHosts."cache.krebsco.de" = { + forceSSL = true; serverAliases = [ "cache.lassul.us" ]; enableACME = true; locations."/".extraConfig = '' -- cgit v1.2.3 From 93e951f2b93fc3d3012f15fd27f9866254f90fa3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:46:17 +0100 Subject: l mail: add read/unread bindings --- lass/2configs/mail.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 9ea91ae19..36e797a96 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -174,6 +174,16 @@ let macro pager a "-archive\n" # tag as Archived + bind index U noop + bind index u noop + bind pager U noop + bind pager u noop + macro index U "+unread\n" + macro index u "-unread\n" + macro pager U "+unread\n" + macro pager u "-unread\n" + + bind index t noop bind pager t noop macro index t "" # tag as Archived -- cgit v1.2.3 From 2dc617874e001c25c1caceccd14ef7c1f74f73bc Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 21:27:29 +0100 Subject: l: RIP fritz (uses helsinki) --- lass/2configs/websites/fritz.nix | 70 ---------------------------------------- 1 file changed, 70 deletions(-) delete mode 100644 lass/2configs/websites/fritz.nix (limited to 'lass/2configs') diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix deleted file mode 100644 index 14d6ce9ec..000000000 --- a/lass/2configs/websites/fritz.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - inherit (import ) - genid - head - ; - inherit (import {inherit lib pkgs;}) - servePage - serveWordpress - ; - - msmtprc = pkgs.writeText "msmtprc" '' - account default - host localhost - ''; - - sendmail = pkgs.writeDash "msmtp" '' - exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" - ''; - -in { - - services.nginx.enable = true; - - imports = [ - ./default.nix - ./sqlBackup.nix - - (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ]) - - (serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ]) - - (serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ]) - - (servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ]) - - (serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ]) - - (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ]) - - (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ]) - ]; - - lass.mysqlBackup.config.all.databases = [ - "eastuttgart_de" - "radical_dreamers_de" - "spielwaren_kern_de" - "ttf_kleinaspach_de" - ]; - - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.fritz.pubkey - ]; - - users.users.goldbarrendiebstahl = { - home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de"; - uid = genid "goldbarrendiebstahl"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.fritz.pubkey - ]; - }; - - services.phpfpm.phpOptions = '' - sendmail_path = ${sendmail} -t - ''; -} -- cgit v1.2.3 From c84b3c35f9f248fcf3081fa7eb0cee706fd8ebeb Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 05:02:12 +0100 Subject: l blue-host: sync all permissions --- lass/2configs/blue-host.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index fba996743..9cf294afd 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -81,6 +81,7 @@ in { host = "${host}.r", targetdir = "/var/lib/containers/.blue", rsync = { + archive = true, owner = true, group = true, }; -- cgit v1.2.3