From 865aa9c1d0198fbd57342c7593396bf4f007e71f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Apr 2017 23:32:43 +0200 Subject: l 1 mors: disable ipfs --- lass/1systems/mors.nix | 4 ---- 1 file changed, 4 deletions(-) (limited to 'lass') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index c196b391..8891d182 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -76,10 +76,6 @@ with import ; { services.redis.enable = true; } - { - #ipfs-testing - services.ipfs.enable = true; - } { environment.systemPackages = [ pkgs.krebszones -- cgit v1.2.3 From 6a53a331d11fcf1ff1d36645c3bd42c4c9d0c51c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Apr 2017 23:33:54 +0200 Subject: l 1 iso: make sshd work --- lass/1systems/iso.nix | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'lass') diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index bee1c148..01d698c4 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -15,7 +15,6 @@ with import ; krebs.enable = true; krebs.build.user = config.krebs.users.lass; krebs.build.host = config.krebs.hosts.iso; - krebs.build.source.nixos-config.symlink = "stockholm/lass/1systems/${config.krebs.buil.host.name}.nix"; } { nixpkgs.config.allowUnfree = true; @@ -122,18 +121,12 @@ with import ; { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } ]; }; + systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ]; } { krebs.iptables = { enable = true; tables = { - nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } - { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } - ]; - nat.OUTPUT.rules = [ - { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } - ]; filter.INPUT.policy = "DROP"; filter.FORWARD.policy = "DROP"; filter.INPUT.rules = [ -- cgit v1.2.3 From bd58053b7e8123850ca04601505efadace807100 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Apr 2017 23:34:25 +0200 Subject: l 2: add sshn to pkgs --- lass/2configs/default.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 69f8a681..b53efa75 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -151,6 +151,10 @@ with import ; p7zip unzip unrar + + (pkgs.writeDashBin "sshn" '' + ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@" + '') ]; programs.bash = { -- cgit v1.2.3 From cb36b4fb7cd4c51b89328a06ba0b994d627813aa Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Apr 2017 23:35:02 +0200 Subject: l 1 mors: enable tor --- lass/1systems/mors.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 8891d182..d80665a6 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -85,6 +85,12 @@ with import ; #ps vita stuff boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; } + { + services.tor = { + enable = true; + client.enable = true; + }; + } ]; krebs.build.host = config.krebs.hosts.mors; -- cgit v1.2.3 From b3463a3b8227a0732b1c3c4c90998f24c8ab1edf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Apr 2017 23:35:25 +0200 Subject: l 2: add syncthing.nix --- lass/1systems/mors.nix | 1 + lass/1systems/prism.nix | 1 + lass/2configs/syncthing.nix | 12 ++++++++++++ 3 files changed, 14 insertions(+) create mode 100644 lass/2configs/syncthing.nix (limited to 'lass') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index d80665a6..c8d9465d 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -25,6 +25,7 @@ with import ; ../2configs/repo-sync.nix ../2configs/ircd.nix ../2configs/logf.nix + ../2configs/syncthing.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 9c17c443..41a909f1 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -46,6 +46,7 @@ in { ../2configs/monitoring/server.nix ../2configs/monitoring/monit-alarms.nix ../2configs/paste.nix + ../2configs/syncthing.nix { imports = [ ../2configs/bepasty.nix diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix new file mode 100644 index 00000000..cef43d1e --- /dev/null +++ b/lass/2configs/syncthing.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: +with import ; +{ + services.syncthing = { + enable = true; + useInotify = true; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 22000"; target = "ACCEPT";} + { predicate = "-p udp --dport 21027"; target = "ACCEPT";} + ]; +} -- cgit v1.2.3 From 3b0fa5dbe7a7e4f0b6047746545b1ce602f8e65f Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 17 Apr 2017 15:43:10 +0200 Subject: l 2 baseX: remove redundant libvirt --- lass/2configs/baseX.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 3032e244..9c51effd 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -32,8 +32,6 @@ in { time.timeZone = "Europe/Berlin"; - virtualisation.libvirtd.enable = true; - programs.ssh.startAgent = false; services.printing = { -- cgit v1.2.3 From 7c89a9be2b7d41e0feba0a51c6e80bf046179f65 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 18 Apr 2017 17:04:40 +0200 Subject: l 2 buildbot: get stockholm source from cgit.prism --- lass/2configs/buildbot-standalone.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 3006e9df..7b38e44c 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -20,7 +20,7 @@ in { }; config.krebs.buildbot.master = let - stockholm-mirror-url = http://cgit.lassul.us/stockholm ; + stockholm-mirror-url = http://cgit.prism.r/stockholm ; in { workers = { testworker = "lasspass"; -- cgit v1.2.3 From 4e55661dc4e32af76f074f57c035136a7e7b3869 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 18 Apr 2017 17:04:59 +0200 Subject: l 2: set dnscrypt resolver to cs-de --- lass/2configs/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index b53efa75..e964704c 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -64,7 +64,10 @@ with import ; ]; } { - services.dnscrypt-proxy.enable = true; + services.dnscrypt-proxy = { + enable = true; + resolverName = "cs-de"; + }; networking.extraResolvconfConf = '' name_servers='127.0.0.1' ''; -- cgit v1.2.3 From 5443d2b08ba11323844dcd4b4b79c7580c4029ef Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 18 Apr 2017 17:05:18 +0200 Subject: l 2 fetchWallpaper: get new wp from prism --- lass/2configs/fetchWallpaper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index 971be958..31a01c75 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -6,7 +6,7 @@ in { krebs.fetchWallpaper = { enable = true; unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; - url = "prism/wallpaper.png"; + url = "prism/realwallpaper-sat-krebs.png"; maxTime = 10; }; } -- cgit v1.2.3 From 0011f32a343a88ec1b7e5426d271a419bfeb6444 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 18 Apr 2017 19:55:19 +0200 Subject: l 1 iso: enable copytoram --- lass/1systems/iso.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass') diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index 01d698c4..5bbd0c1d 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -11,6 +11,9 @@ with import ; ../2configs/mc.nix ../2configs/nixpkgs.nix ../2configs/vim.nix + { + boot.kernelParams = [ "copytoram" ]; + } { krebs.enable = true; krebs.build.user = config.krebs.users.lass; -- cgit v1.2.3 From d528daf9e8d4ec59b3e5355576eaf001136763cc Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 18 Apr 2017 21:02:17 +0200 Subject: l 2 nixpkgs: 5acb454 -> c85f39e --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 5309c955..5f9800b0 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "5acb454"; + ref = "c85f39e"; }; } -- cgit v1.2.3 From d40738d41573eca83d7e84f8a9946f8d8441a0d0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Apr 2017 00:13:52 +0200 Subject: l 1 iso: hack around buggy /dev/stderr in live iso --- lass/1systems/iso.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'lass') diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index 5bbd0c1d..99399550 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -12,6 +12,27 @@ with import ; ../2configs/nixpkgs.nix ../2configs/vim.nix { + # /dev/stderr doesn't work. I don't know why + # /proc/self doesn't seem to work correctly + # /dev/pts is empty except for 1 file + # my life sucks + nixpkgs.config.packageOverrides = super: { + irc-announce = super.callPackage { + pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [ + pkgs.coreutils + (pkgs.writeDashBin "tee" '' + if test "$1" = /dev/stderr; then + while read -r line; do + echo "$line" + echo "$line" >&2 + done + else + ${super.coreutils}/bin/tee "$@" + fi + '') + ];}; + }; + }; boot.kernelParams = [ "copytoram" ]; } { -- cgit v1.2.3