From 43eaeee506939af8dc1d169754c5279b2372a134 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 17:07:59 +0100 Subject: l 3: add telegraf service --- lass/3modules/default.nix | 1 + lass/3modules/telegraf.nix | 67 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 lass/3modules/telegraf.nix (limited to 'lass') diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index b169fea40..1046fb7cd 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -9,5 +9,6 @@ _: ./urxvtd.nix ./usershadow.nix ./xresources.nix + ./telegraf.nix ]; } diff --git a/lass/3modules/telegraf.nix b/lass/3modules/telegraf.nix new file mode 100644 index 000000000..64b323460 --- /dev/null +++ b/lass/3modules/telegraf.nix @@ -0,0 +1,67 @@ +{ config, lib, pkgs, ... }: + +with builtins; +with lib; + +let + cfg = config.lass.telegraf; + + out = { + options.lass.telegraf = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "telegraf"; + dataDir = mkOption { + type = types.str; + default = "/var/lib/telegraf"; + }; + user = mkOption { + type = types.str; + default = "telegraf"; + }; + config = mkOption { + type = types.str; + #TODO: find a good default + default = '' + [agent] + interval = "1s" + + [outputs] + + # Configuration to send data to InfluxDB. + [outputs.influxdb] + urls = ["http://localhost:8086"] + database = "kapacitor_example" + user_agent = "telegraf" + + # Collect metrics about cpu usage + [cpu] + percpu = false + totalcpu = true + drop = ["cpu_time"] + ''; + description = "configuration telegraf is started with"; + }; + }; + + configFile = pkgs.writeText "telegraf.conf" cfg.config; + + imp = { + + systemd.services.telegraf = { + description = "telegraf"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = true; + + serviceConfig = { + Restart = "always"; + ExecStart = "${pkgs.telegraf}/bin/telegraf -config ${configFile}"; + }; + }; + }; + +in out -- cgit v1.2.3 From d8a52b784450909780f771d6550444ed66d6b667 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 17:09:52 +0100 Subject: l 3: add kapacitor service --- lass/3modules/default.nix | 1 + lass/3modules/kapacitor.nix | 101 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+) create mode 100644 lass/3modules/kapacitor.nix (limited to 'lass') diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 1046fb7cd..2bf2df8b3 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -9,6 +9,7 @@ _: ./urxvtd.nix ./usershadow.nix ./xresources.nix + ./kapacitor.nix ./telegraf.nix ]; } diff --git a/lass/3modules/kapacitor.nix b/lass/3modules/kapacitor.nix new file mode 100644 index 000000000..023801987 --- /dev/null +++ b/lass/3modules/kapacitor.nix @@ -0,0 +1,101 @@ +{ config, lib, pkgs, ... }: + +with builtins; +with lib; + +let + cfg = config.lass.kapacitor; + + out = { + options.lass.kapacitor = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "kapacitor"; + dataDir = mkOption { + type = types.str; + default = "/var/lib/kapacitor"; + }; + user = mkOption { + type = types.str; + default = "kapacitor"; + }; + config = mkOption { + type = types.str; + #TODO: find a good default + default = '' + hostname = "localhost" + data_dir = "/home/lass/.kapacitor" + + [http] + bind-address = ":9092" + auth-enabled = false + log-enabled = true + write-tracing = false + pprof-enabled = false + https-enabled = false + https-certificate = "/etc/ssl/kapacitor.pem" + shutdown-timeout = "10s" + shared-secret = "" + + [replay] + dir = "${cfg.dataDir}/replay" + + [storage] + boltdb = "${cfg.dataDir}/kapacitor.db" + + [task] + dir = "${cfg.dataDir}/tasks" + snapshot-interval = "1m0s" + + [[influxdb]] + enabled = true + name = "default" + default = false + urls = ["http://localhost:8086"] + username = "" + password = "" + ssl-ca = "" + ssl-cert = "" + ssl-key = "" + insecure-skip-verify = false + timeout = "0s" + disable-subscriptions = false + subscription-protocol = "http" + udp-bind = "" + udp-buffer = 1000 + udp-read-buffer = 0 + startup-timeout = "5m0s" + subscriptions-sync-interval = "1m0s" + [influxdb.subscriptions] + [influxdb.excluded-subscriptions] + _kapacitor = ["autogen"] + + [logging] + file = "STDERR" + level = "INFO" + ''; + description = "configuration kapacitor is started with"; + }; + }; + + configFile = pkgs.writeText "kapacitor.conf" cfg.config; + + imp = { + + systemd.services.kapacitor = { + description = "kapacitor"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = true; + + serviceConfig = { + Restart = "always"; + ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${configFile}"; + }; + }; + }; + +in out -- cgit v1.2.3 From 4097f5167196dadfa53865769c242126746285d3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 17:12:50 +0100 Subject: l 1 shodan: reinstall with btrfs --- lass/1systems/shodan.nix | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'lass') diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 095898380..232e91d90 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -59,17 +59,13 @@ with import ; fileSystems = { "/" = { device = "/dev/pool/nix"; - fsType = "ext4"; + fsType = "btrfs"; }; "/boot" = { device = "/dev/sda1"; }; - "/home/lass" = { - device = "/dev/pool/home-lass"; - fsType = "ext4"; - }; "/tmp" = { device = "tmpfs"; fsType = "tmpfs"; @@ -77,7 +73,7 @@ with import ; }; "/bku" = { device = "/dev/pool/bku"; - fsType = "ext4"; + fsType = "btrfs"; }; }; -- cgit v1.2.3 From f239cecef9497e41054ecfedde284ecbc9e8364f Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 17:13:24 +0100 Subject: l 2 hfos: forward smtp --- lass/2configs/hfos.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass') diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix index f6f09e226..fc211dc92 100644 --- a/lass/2configs/hfos.nix +++ b/lass/2configs/hfos.nix @@ -21,12 +21,14 @@ with import ; krebs.iptables.tables.nat.PREROUTING.rules = [ { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 22"; target = "DNAT --to-destination 192.168.122.208:22"; } + { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 25"; target = "DNAT --to-destination 192.168.122.208:25"; } { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 80"; target = "DNAT --to-destination 192.168.122.208:1080"; } { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; } ]; krebs.iptables.tables.filter.FORWARD.rules = [ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 25 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } ]; -- cgit v1.2.3 From 154e0cf5cd33ff4a3a5657ed7b01674ba1e6a5e2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 17:14:09 +0100 Subject: l 2 websites domsen: remove obsolete ssl function --- lass/2configs/websites/domsen.nix | 32 -------------------------------- 1 file changed, 32 deletions(-) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 2bbfe7333..9361e3978 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -7,7 +7,6 @@ let genid_signed ; inherit (import {inherit lib pkgs;}) - ssl servePage serveOwncloud serveWordpress; @@ -25,47 +24,16 @@ let in { imports = [ ./sqlBackup.nix - (ssl [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (ssl [ "karlaskop.de" "www.karlaskop.de" ]) (servePage [ "karlaskop.de" "www.karlaskop.de" ]) - (ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) (servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) - (ssl [ "pixelpocket.de" ]) (servePage [ "pixelpocket.de" ]) - (ssl [ "o.ubikmedia.de" ]) (serveOwncloud [ "o.ubikmedia.de" ]) - (ssl [ - "ubikmedia.de" - "aldona.ubikmedia.de" - "apanowicz.de" - "nirwanabluete.de" - "aldonasiech.com" - "360gradvideo.tv" - "ubikmedia.eu" - "facts.cloud" - "youthtube.xyz" - "illucloud.eu" - "illucloud.de" - "illucloud.com" - "www.ubikmedia.de" - "www.aldona.ubikmedia.de" - "www.apanowicz.de" - "www.nirwanabluete.de" - "www.aldonasiech.com" - "www.360gradvideo.tv" - "www.ubikmedia.eu" - "www.facts.cloud" - "www.youthtube.xyz" - "www.illucloud.eu" - "www.illucloud.de" - "www.illucloud.com" - ]) (serveWordpress [ "ubikmedia.de" "apanowicz.de" -- cgit v1.2.3 From 44800f5ca9b79d64836cb1bb4c318b64182ad6aa Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 17:14:25 +0100 Subject: l 2 websites domsen: add ubikmedia subdomains --- lass/2configs/websites/domsen.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 9361e3978..01699001e 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -56,6 +56,14 @@ in { "www.illucloud.eu" "www.illucloud.de" "www.illucloud.com" + "apanowicz.ubikmedia.de" + "karlaskop.ubikmedia.de" + "nb.ubikmedia.de" + "cinevita.ubikmedia.de" + "factscloud.ubikmedia.de" + "youthtube.ubikmedia.de" + "aldona2.ubikmedia.de" + "illucloud.ubikmedia.de" ]) ]; -- cgit v1.2.3 From ab07f1082e060f2fd98f1bd4b4f2c7a05a5c1972 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 19:38:07 +0100 Subject: l 2 nixpkgs: 819c1ab -> d98b556 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 6885ef59d..a33e69bf8 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/lassulus/nixpkgs; - ref = "819c1ab486a9c81d6a6b76c759aedece2df39037"; + ref = "d98b556864f2b3a634e39ed1ae29f47c0e3fae35"; }; } -- cgit v1.2.3 From 79cfd8b26f560e0d792a392efdcc7d7a9e1daf1e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 14:53:48 +0100 Subject: l 2 vim: add flake8 for python style checking --- lass/2configs/vim.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index bfaae24c8..f79e6b807 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -5,6 +5,7 @@ let out = { environment.systemPackages = [ vim + pkgs.pythonPackages.flake8 ]; environment.etc.vimrc.source = vimrc; -- cgit v1.2.3 From 52044fb27391acf4645ce09fcfd2fe85ffc47a94 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 16:17:44 +0100 Subject: l 2 xserver: add copyq to startup --- lass/2configs/xserver/default.nix | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) (limited to 'lass') diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 53c8f9444..cba4db766 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -2,6 +2,24 @@ with import ; let user = config.krebs.build.user; + + copyqConfig = pkgs.writeDash "copyq-config" '' + ${pkgs.copyq}/bin/copyq config check_clipboard true + ${pkgs.copyq}/bin/copyq config check_selection true + ${pkgs.copyq}/bin/copyq config copy_clipboard true + ${pkgs.copyq}/bin/copyq config copy_selection true + + ${pkgs.copyq}/bin/copyq config activate_closes true + ${pkgs.copyq}/bin/copyq config clipboard_notification_lines 0 + ${pkgs.copyq}/bin/copyq config clipboard_tab &clipboard + ${pkgs.copyq}/bin/copyq config disable_tray true + ${pkgs.copyq}/bin/copyq config hide_tabs true + ${pkgs.copyq}/bin/copyq config hide_toolbar true + ${pkgs.copyq}/bin/copyq config item_popup_interval true + ${pkgs.copyq}/bin/copyq config maxitems 1000 + ${pkgs.copyq}/bin/copyq config move true + ${pkgs.copyq}/bin/copyq config text_wrap true + ''; in { environment.systemPackages = [ @@ -109,4 +127,21 @@ in { User = user.name; }; }; + + systemd.services.copyq = { + wantedBy = [ "multi-user.target" ]; + requires = [ "xserver.service" ]; + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + }; + serviceConfig = { + SyslogIdentifier = "copyq"; + ExecStart = "${pkgs.copyq}/bin/copyq"; + ExecStartPost = copyqConfig; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + User = user.name; + }; + }; } -- cgit v1.2.3 From 5631dc07e776c7fb9efe822e70aafe1aab716a59 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 16:18:00 +0100 Subject: l 5 xmonad: add copyq keybinding --- lass/5pkgs/xmonad-lass.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass') diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index ec3ad82af..2f2be6762 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -144,6 +144,8 @@ myKeyMap = , ("M4-C-q", windowPromptBringCopy infixAutoXPConfig) , ("M4-S-q", return ()) + + , ("M4-w", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show") ] forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () -- cgit v1.2.3 From 92e989f69ba14400dc059edd5819a751b19e99da Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 17:27:07 +0100 Subject: l 2: add sshuttle config --- lass/2configs/baseX.nix | 8 ++++++++ lass/2configs/default.nix | 6 ++++++ 2 files changed, 14 insertions(+) (limited to 'lass') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1e796015a..a67c25145 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -13,6 +13,14 @@ in { systemWide = true; }; } + { + krebs.per-user.lass.packages = [ + pkgs.sshuttle + ]; + security.sudo.extraConfig = '' + lass ALL= (root) NOPASSWD:SETENV: ${pkgs.sshuttle}/bin/.sshuttle-wrapped + ''; + } ]; users.extraUsers.mainUser.extraGroups = [ "audio" "video" ]; diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 6fea97728..1cb68a985 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -56,6 +56,12 @@ with import ; SSL_CERT_FILE = ca-bundle; }; }) + { + #for sshuttle + environment.systemPackages = [ + pkgs.pythonPackages.python + ]; + } ]; networking.hostName = config.krebs.build.host.name; -- cgit v1.2.3 From 899bbbd8207679a5384f5d4d191b4072738366b7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 17:28:04 +0100 Subject: l 2 websites domsen: add www.ubikmedia.de --- lass/2configs/websites/domsen.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 01699001e..71eae5b71 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -56,6 +56,7 @@ in { "www.illucloud.eu" "www.illucloud.de" "www.illucloud.com" + "www.ubikmedia.de" "apanowicz.ubikmedia.de" "karlaskop.ubikmedia.de" "nb.ubikmedia.de" -- cgit v1.2.3 From 0e6548c6f6278f2cacdcb9b098a6a92332ecf23e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 19:18:11 +0100 Subject: l 2 hfos: update riot pubkey --- lass/2configs/hfos.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix index fc211dc92..7d4d544aa 100644 --- a/lass/2configs/hfos.nix +++ b/lass/2configs/hfos.nix @@ -7,7 +7,7 @@ with import ; isNormalUser = true; extraGroups = [ "libvirtd" ]; openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5NnADMRySix1kcxQwseHfem/SCDmkbvwc+ZZu7HFz4zss1k4Fh1knsukMY83zlno8p/8bBPWyixLTxuZHNy26af8GP95bvV3brnpRmrijkE4dOlpd+wvPcIyTKNunJvMzNDP/ry9g2GczEZKGWvQZudq/nI54HaCaRWM2kzEMEg8Rr9SGlZEKo8B+8HGVsz1a8USOnm8dqYP9dmfLdpy/s+7yWJSPh8wokvWeOOrahirOhO99ZfXm2gcdHqSKvbD2+4EYEm5w8iFrbYBT2wZ3u9ZOiooL/JuEBBdnDrcqZqeaTw0vOdKPvkUP8/rzRjvIwSkynMSD8fixpdGRNeIB riot@lagrange" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex" config.krebs.users.lass.pubkey ]; }; -- cgit v1.2.3 From fca1c21a1adf837f5312b97e98126fef023eee60 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 19:18:33 +0100 Subject: l 2 websites fritz: remove obsolete ssl function --- lass/2configs/websites/fritz.nix | 9 --------- 1 file changed, 9 deletions(-) (limited to 'lass') diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 00e987116..9bf7e4a9c 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -7,7 +7,6 @@ let head ; inherit (import {inherit lib pkgs;}) - ssl servePage serveWordpress ; @@ -29,28 +28,20 @@ in { imports = [ ./sqlBackup.nix - (ssl [ "radical-dreamers.de" "www.radical-dreamers.de" ]) (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ]) - (ssl [ "gs-maubach.de" "www.gs-maubach.de" ]) (serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ]) - (ssl [ "spielwaren-kern.de" "www.spielwaren-kern.de" ]) (serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ]) - (ssl [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ]) (servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ]) - (ssl [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ]) (serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ]) - (ssl [ "eastuttgart.de" "www.eastuttgart.de" ]) (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ]) - (ssl [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ]) (servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ]) - (ssl [ "goldbarrendiebstahl.radical-dreamers.de" ]) (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ]) ]; -- cgit v1.2.3 From 8616bb393f7c994c78af50f10058434610157e57 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 19:40:32 +0100 Subject: l 1 prism: change sequence of ip addresses --- lass/1systems/prism.nix | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) (limited to 'lass') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 854c98f46..d07acebee 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -12,6 +12,22 @@ let in { imports = [ ../. + { + networking.interfaces.et0.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = "213.239.205.225"; + networking.nameservers = [ + "8.8.8.8" + ]; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" + ''; + + } ../2configs/retiolum.nix ../2configs/exim-smarthost.nix ../2configs/downloading.nix @@ -48,22 +64,6 @@ in { lock.gid = 10001; }; } - { - networking.interfaces.et0.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = "213.239.205.225"; - networking.nameservers = [ - "8.8.8.8" - ]; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" - ''; - - } { boot.loader.grub = { devices = [ -- cgit v1.2.3 From 63d3dd2c8cefdac0aaa0336824b08c46b72c1505 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 12 Jan 2017 00:18:43 +0100 Subject: l 2 retiolum: connect to existing hosts --- lass/2configs/retiolum.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index eba40532d..7a7bf95be 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -16,9 +16,9 @@ enable = true; connectTo = [ "prism" - "pigstarter" "gum" - "flap" + "ni" + "dishfire" ]; }; -- cgit v1.2.3 From 64a7a764198884f5bbb7d04c016c504e5998dc98 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Jan 2017 13:37:12 +0100 Subject: l 2 websites domsen: add joemisch.ubikmedia.de --- lass/2configs/websites/domsen.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 71eae5b71..5ed73a22c 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -57,14 +57,15 @@ in { "www.illucloud.de" "www.illucloud.com" "www.ubikmedia.de" + "aldona2.ubikmedia.de" "apanowicz.ubikmedia.de" - "karlaskop.ubikmedia.de" - "nb.ubikmedia.de" "cinevita.ubikmedia.de" "factscloud.ubikmedia.de" - "youthtube.ubikmedia.de" - "aldona2.ubikmedia.de" "illucloud.ubikmedia.de" + "joemisch.ubikmedia.de" + "karlaskop.ubikmedia.de" + "nb.ubikmedia.de" + "youthtube.ubikmedia.de" ]) ]; -- cgit v1.2.3 From f4a720ea3d257ccd18e3e03b0538e6c18ce4520c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 15 Jan 2017 15:50:57 +0100 Subject: l 1: update macs of some network devices --- lass/1systems/icarus.nix | 4 ++-- lass/1systems/mors.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'lass') diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus.nix index 3998fc177..8402613da 100644 --- a/lass/1systems/icarus.nix +++ b/lass/1systems/icarus.nix @@ -54,7 +54,7 @@ with import ; }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; } diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 012bd359f..19b512dde 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -289,7 +289,7 @@ with import ; services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; #TODO activationScripts seem broken, fix them! -- cgit v1.2.3 From 83dca9729928498c3b28343ab6b12b41ca7bfae8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 15 Jan 2017 15:51:36 +0100 Subject: l 5 xmonad: use @DEFAULT_ sound devices --- lass/5pkgs/xmonad-lass.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lass') diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 2f2be6762..debcf97a5 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -114,10 +114,10 @@ myKeyMap = [ ("M4-", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f") , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") - , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume 0 +4%") - , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume 0 -4%") - , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute 0 toggle") - , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-source-mute 1 toggle") + , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") + , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") + , ("", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -dec 10%") + , ("", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -inc 10") , ("", gridselectWorkspace gridConfig W.view) , ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill") -- cgit v1.2.3 From 242e0fcb6c6ff300d3a7780ed9cd929448ac824c Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 16 Jan 2017 17:25:21 +0100 Subject: l 1 prism: add (temporary) config for nin --- lass/1systems/prism.nix | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index d07acebee..313a18a9c 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -226,6 +226,33 @@ in { enable = true; }; } + { + users.users.nin = { + uid = genid "nin"; + inherit (config.krebs.users.nin) home; + group = "users"; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + extraGroups = [ + "libvirtd" + ]; + }; + krebs.git.rules = [ + { + user = [ config.krebs.users.nin ]; + repo = [ config.krebs.git.repos.stockholm ]; + perm = with git; push "refs/heads/nin" [ fast-forward non-fast-forward create delete merge ]; + } + ]; + krebs.repo-sync.repos.stockholm.nin = { + origin.url = "http://cgit.prism/stockholm"; + origin.ref = "heads/nin"; + mirror.url = "git@${config.networking.hostName}:stockholm"; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 27744a78ff7b4479fd3e1dca6f426dec0e1be9fc Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 16 Jan 2017 17:25:48 +0100 Subject: l 2 git: announce more branches --- lass/2configs/git.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index ded0922b8..d7ec39f2d 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -56,7 +56,8 @@ let channel = "#retiolum"; server = "ni.r"; verbose = config.krebs.build.host.name == "prism"; - branches = [ "master" ]; + # TODO define branches in some kind of option per repo + branches = [ "master" "newest" "nin" ]; }; }; }; -- cgit v1.2.3 From 105d9051dd74374b3ded8b22a43713841293f741 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 16 Jan 2017 17:26:06 +0100 Subject: l 2 hw tp-x220: disable acpi backlight handling --- lass/2configs/hw/tp-x220.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix index 4a7d0bbcd..44b2dcac1 100644 --- a/lass/2configs/hw/tp-x220.nix +++ b/lass/2configs/hw/tp-x220.nix @@ -36,6 +36,7 @@ with import ; boot = { kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; + kernelParams = [ "acpi_backlight=none" ]; }; hardware.opengl.extraPackages = [ -- cgit v1.2.3 From ddd8ebefc6a554bb02a00a00756f19d4a07c727e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 16 Jan 2017 17:29:20 +0100 Subject: l 2 vim: move vimrc to top --- lass/2configs/vim.nix | 162 +++++++++++++++++++++++++------------------------- 1 file changed, 81 insertions(+), 81 deletions(-) (limited to 'lass') diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index f79e6b807..fb8c8ba05 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -14,6 +14,87 @@ let environment.variables.VIMINIT = ":so /etc/vimrc"; }; + vimrc = pkgs.writeText "vimrc" '' + set nocompatible + + set autoindent + set backspace=indent,eol,start + set backup + set backupdir=${dirs.backupdir}/ + set directory=${dirs.swapdir}// + set hlsearch + set incsearch + set mouse=a + set noruler + set pastetoggle= + set runtimepath=${extra-runtimepath},$VIMRUNTIME + set shortmess+=I + set showcmd + set showmatch + set ttimeoutlen=0 + set undodir=${dirs.undodir} + set undofile + set undolevels=1000000 + set undoreload=1000000 + set viminfo='20,<1000,s100,h,n${files.viminfo} + set visualbell + set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o + set wildmenu + set wildmode=longest,full + + set et ts=2 sts=2 sw=2 + + filetype plugin indent on + + set t_Co=256 + colorscheme hack + syntax on + + au Syntax * syn match Garbage containedin=ALL /\s\+$/ + \ | syn match TabStop containedin=ALL /\t\+/ + \ | syn keyword Todo containedin=ALL TODO + + au BufRead,BufNewFile *.hs so ${hs.vim} + + au BufRead,BufNewFile *.nix so ${nix.vim} + + au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile + + "Syntastic config + let g:syntastic_python_checkers=['flake8'] + + nmap q :buffer + nmap :buffer + + cnoremap + + noremap :q + vnoremap < >gv + + nnoremap [5^ :tabp + nnoremap [6^ :tabn + nnoremap [5@ :tabm -1 + nnoremap [6@ :tabm +1 + + nnoremap :tabp + nnoremap :tabn + inoremap :tabp + inoremap :tabn + + " + noremap Oa | noremap! Oa + noremap Ob | noremap! Ob + noremap Oc | noremap! Oc + noremap Od | noremap! Od + " <[C]S-{Up,Down,Right,Left> + noremap [a | noremap! [a + noremap [b | noremap! [b + noremap [c | noremap! [c + noremap [d | noremap! [d + vnoremap u + ''; + extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ pkgs.vimPlugins.Gundo pkgs.vimPlugins.Syntastic @@ -127,87 +208,6 @@ let exec ${pkgs.vim}/bin/vim "$@" ''; - vimrc = pkgs.writeText "vimrc" '' - set nocompatible - - set autoindent - set backspace=indent,eol,start - set backup - set backupdir=${dirs.backupdir}/ - set directory=${dirs.swapdir}// - set hlsearch - set incsearch - set mouse=a - set noruler - set pastetoggle= - set runtimepath=${extra-runtimepath},$VIMRUNTIME - set shortmess+=I - set showcmd - set showmatch - set ttimeoutlen=0 - set undodir=${dirs.undodir} - set undofile - set undolevels=1000000 - set undoreload=1000000 - set viminfo='20,<1000,s100,h,n${files.viminfo} - set visualbell - set wildignore+=*.o,*.class,*.hi,*.dyn_hi,*.dyn_o - set wildmenu - set wildmode=longest,full - - set et ts=2 sts=2 sw=2 - - filetype plugin indent on - - set t_Co=256 - colorscheme hack - syntax on - - au Syntax * syn match Garbage containedin=ALL /\s\+$/ - \ | syn match TabStop containedin=ALL /\t\+/ - \ | syn keyword Todo containedin=ALL TODO - - au BufRead,BufNewFile *.hs so ${hs.vim} - - au BufRead,BufNewFile *.nix so ${nix.vim} - - au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile - - "Syntastic config - let g:syntastic_python_checkers=['flake8'] - - nmap q :buffer - nmap :buffer - - cnoremap - - noremap :q - vnoremap < >gv - - nnoremap [5^ :tabp - nnoremap [6^ :tabn - nnoremap [5@ :tabm -1 - nnoremap [6@ :tabm +1 - - nnoremap :tabp - nnoremap :tabn - inoremap :tabp - inoremap :tabn - - " - noremap Oa | noremap! Oa - noremap Ob | noremap! Ob - noremap Oc | noremap! Oc - noremap Od | noremap! Od - " <[C]S-{Up,Down,Right,Left> - noremap [a | noremap! [a - noremap [b | noremap! [b - noremap [c | noremap! [c - noremap [d | noremap! [d - vnoremap u - ''; - hs.vim = pkgs.writeText "hs.vim" '' syn region String start=+\[[[:alnum:]]*|+ end=+|]+ -- cgit v1.2.3 From 9be93e7ac0a1f385d80452e7d2565ffe343af8dc Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 16 Jan 2017 17:29:41 +0100 Subject: l 5 xmonad: change brightness faster --- lass/5pkgs/xmonad-lass.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index debcf97a5..cf8eaf058 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -116,8 +116,8 @@ myKeyMap = , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") , ("", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") - , ("", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -dec 10%") - , ("", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -inc 10") + , ("", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%") + , ("", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -inc 1") , ("", gridselectWorkspace gridConfig W.view) , ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill") -- cgit v1.2.3 From 670ec1e19f18072fc660417c02bbf2b96a7d3b28 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 15:14:13 +0100 Subject: l 2: set window title for bash --- lass/2configs/default.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 1cb68a985..24f3bd2da 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -162,13 +162,17 @@ with import ; promptInit = '' if test $UID = 0; then PS1='\[\033[1;31m\]\w\[\033[0m\] ' + PROMPT_COMMAND='echo -ne "\033]0;$USER@$PWD\007"' elif test $UID = 1337; then PS1='\[\033[1;32m\]\w\[\033[0m\] ' + PROMPT_COMMAND='echo -ne "\033]0;$PWD\007"' else PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' + PROMPT_COMMAND='echo -ne "\033]0;$USER@$PWD\007"' fi if test -n "$SSH_CLIENT"; then PS1='\[\033[35m\]\h'" $PS1" + PROMPT_COMMAND='echo -ne "\033]0;$HOSTNAME $USER@$PWD\007"' fi ''; }; -- cgit v1.2.3 From 4cb0c9b8708063cb04d567c4548f07667e5403a7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 15:47:41 +0100 Subject: l 2 vim: set window title --- lass/2configs/vim.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass') diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index fb8c8ba05..c3eac8f38 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -42,6 +42,10 @@ let set wildmenu set wildmode=longest,full + set title + set titleold= + set titlestring=(vim)\ %t%(\ %M%)%(\ (%{expand(\"%:p:h\")})%)%(\ %a%)\ -\ %{v:servername} + set et ts=2 sts=2 sw=2 filetype plugin indent on -- cgit v1.2.3 From 4a21d12981e8edcd1f6ec0fd5214a62b72a2957c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 15:57:24 +0100 Subject: l 2: disable zsh --- lass/2configs/default.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 24f3bd2da..033fdd442 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -9,7 +9,6 @@ with import ; ../2configs/mc.nix ../2configs/nixpkgs.nix ../2configs/vim.nix - ../2configs/zsh.nix ./backups.nix { users.extraUsers = -- cgit v1.2.3 From dce67d4a03cc9c9660a7a867d96b67c1de845222 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 15:57:38 +0100 Subject: l 2: show shell PID in window title --- lass/2configs/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lass') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 033fdd442..63114cdb1 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -161,17 +161,17 @@ with import ; promptInit = '' if test $UID = 0; then PS1='\[\033[1;31m\]\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$USER@$PWD\007"' + PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' elif test $UID = 1337; then PS1='\[\033[1;32m\]\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$PWD\007"' + PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"' else PS1='\[\033[1;33m\]\u@\w\[\033[0m\] ' - PROMPT_COMMAND='echo -ne "\033]0;$USER@$PWD\007"' + PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"' fi if test -n "$SSH_CLIENT"; then PS1='\[\033[35m\]\h'" $PS1" - PROMPT_COMMAND='echo -ne "\033]0;$HOSTNAME $USER@$PWD\007"' + PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"' fi ''; }; -- cgit v1.2.3 From 3759182f0c6e8a622a8aeca26a6d2e482344679b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 15:57:52 +0100 Subject: l 2 zsh: set shell of correct user --- lass/2configs/zsh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 442a1d4d9..4d33aa79d 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -118,5 +118,5 @@ fi ''; }; - users.users.${config.krebs.build.user.name}.shell = "/run/current-system/sw/bin/zsh"; + users.users.mainUser.shell = "/run/current-system/sw/bin/zsh"; } -- cgit v1.2.3 From 0a104ff9df7ea99ba2dbfc5d739df1439e6ee64b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 16:24:20 +0100 Subject: l 4: add initscript --- lass/4lib/default.nix | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) (limited to 'lass') diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix index 56943b7ac..0dc7fa8d7 100644 --- a/lass/4lib/default.nix +++ b/lass/4lib/default.nix @@ -7,4 +7,134 @@ rec { getDefaultGateway = ip: concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); + initscript = { pubkey ? config.krebs.users.lass.pubkey, disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca" }: '' + #! /bin/sh + # usage: curl xu/~tv/init | sh + set -efu + # TODO nix-env -f '' -iA jq # if not exists (also version) + # install at tmp location + + + case $(cat /proc/cmdline) in + *' root=LABEL=NIXOS_ISO '*) :;; + *) echo Error: unknown operating system >&2; exit 1;; + esac + + disk=${disk} + + bootdev=${disk}1 + + luksdev=${disk}2 + luksmap=/dev/mapper/${luksmap} + + vgname=${vgname} + + rootdev=/dev/mapper/${vgname}-root + homedev=/dev/mapper/${vgname}-home + bkudev=/dev/mapper/${vgname}-bku + + # + # partitioning + # + + # http://en.wikipedia.org/wiki/GUID_Partition_Table + # undo: + # dd if=/dev/zero bs=512 count=34 of=/dev/sda + # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda) + if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then + parted "$disk" \ + mklabel gpt \ + mkpart ESP fat32 1MiB 1024MiB set 1 boot on \ + mkpart primary 1024MiB 100% + fi + + if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then + echo zonk + exit 23 + fi + + if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then + echo zonk2 + exit 23 + fi + + if ! cryptsetup isLuks "$luksdev"; then + # aes xts-plain64 + cryptsetup luksFormat "$luksdev" \ + -h sha512 \ + --iter-time 5000 + fi + + if ! test -e "$luksmap"; then + cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" + fi + # cryptsetup close + + if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then + pvcreate "$luksmap" + fi + + if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi + + lvchange -a y /dev/mapper/"$vgname" + + if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi + if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi + if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi + + # lvchange -a n "$vgname" + + + # + # formatting + # + + if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then + mkfs.vfat "$bootdev" + fi + + if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then + mkfs.btrfs "$rootdev" + fi + + if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then + mkfs.btrfs "$homedev" + fi + + if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then + mkfs.btrfs "$bkudev" + fi + + + if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then + mount "$rootdev" /mnt + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then + mkdir -m 0000 -p /mnt/boot + mount "$bootdev" /mnt/boot + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then + mkdir -m 0000 -p /mnt/home + mount "$homedev" /mnt/home + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then + mkdir -m 0000 -p /mnt/bku + mount "$bkudev" /mnt/bku + fi + + # umount -R /mnt + + + parted "$disk" print + lsblk "$disk" + + key='${pubkey}' + if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then + mkdir -p /root/.ssh + echo "$key" > /root/.ssh/authorized_keys + fi + systemctl start sshd + ip route + echo READY. + ''; } -- cgit v1.2.3 From 71b3e39cc51895870149f6b616b77deb27ec8ffd Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 16:24:36 +0100 Subject: l 2 websites lassulus: add /init --- lass/2configs/websites/lassulus.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index cfdda05db..ea384195b 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -5,6 +5,7 @@ let inherit (import ) genid ; + inherit (import ../../4lib { inherit lib; }) initscript; in { imports = [ @@ -83,6 +84,7 @@ in { locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; + # TODO make this work! locations."= /ddate".extraConfig = let script = pkgs.writeBash "test" '' echo "hello world" @@ -100,6 +102,10 @@ in { fastcgi_param SCRIPT_NAME ${script}; ''; + locations."/init".extraConfig = '' + alias ${pkgs.writeText "init" (initscript { pubkey = config.krebs.users.lass.pubkey; })}; + ''; + enableSSL = true; extraConfig = "listen 80;"; sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem"; -- cgit v1.2.3 From f216392665662ba375a657ae2431b70bb1ab63cc Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 18:44:08 +0100 Subject: l: move initscript to pkgs --- lass/2configs/websites/lassulus.nix | 9 ++- lass/4lib/default.nix | 130 ---------------------------------- lass/5pkgs/default.nix | 3 +- lass/5pkgs/init/default.nix | 134 ++++++++++++++++++++++++++++++++++++ 4 files changed, 142 insertions(+), 134 deletions(-) create mode 100644 lass/5pkgs/init/default.nix (limited to 'lass') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index ea384195b..024d2eeb2 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -5,7 +5,6 @@ let inherit (import ) genid ; - inherit (import ../../4lib { inherit lib; }) initscript; in { imports = [ @@ -102,8 +101,12 @@ in { fastcgi_param SCRIPT_NAME ${script}; ''; - locations."/init".extraConfig = '' - alias ${pkgs.writeText "init" (initscript { pubkey = config.krebs.users.lass.pubkey; })}; + locations."/init".extraConfig = let + initscript = pkgs.init.override { + pubkey = config.krebs.users.lass.pubkey; + }; + in '' + alias ${initscript}; ''; enableSSL = true; diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix index 0dc7fa8d7..56943b7ac 100644 --- a/lass/4lib/default.nix +++ b/lass/4lib/default.nix @@ -7,134 +7,4 @@ rec { getDefaultGateway = ip: concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); - initscript = { pubkey ? config.krebs.users.lass.pubkey, disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca" }: '' - #! /bin/sh - # usage: curl xu/~tv/init | sh - set -efu - # TODO nix-env -f '' -iA jq # if not exists (also version) - # install at tmp location - - - case $(cat /proc/cmdline) in - *' root=LABEL=NIXOS_ISO '*) :;; - *) echo Error: unknown operating system >&2; exit 1;; - esac - - disk=${disk} - - bootdev=${disk}1 - - luksdev=${disk}2 - luksmap=/dev/mapper/${luksmap} - - vgname=${vgname} - - rootdev=/dev/mapper/${vgname}-root - homedev=/dev/mapper/${vgname}-home - bkudev=/dev/mapper/${vgname}-bku - - # - # partitioning - # - - # http://en.wikipedia.org/wiki/GUID_Partition_Table - # undo: - # dd if=/dev/zero bs=512 count=34 of=/dev/sda - # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda) - if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then - parted "$disk" \ - mklabel gpt \ - mkpart ESP fat32 1MiB 1024MiB set 1 boot on \ - mkpart primary 1024MiB 100% - fi - - if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then - echo zonk - exit 23 - fi - - if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then - echo zonk2 - exit 23 - fi - - if ! cryptsetup isLuks "$luksdev"; then - # aes xts-plain64 - cryptsetup luksFormat "$luksdev" \ - -h sha512 \ - --iter-time 5000 - fi - - if ! test -e "$luksmap"; then - cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" - fi - # cryptsetup close - - if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then - pvcreate "$luksmap" - fi - - if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi - - lvchange -a y /dev/mapper/"$vgname" - - if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi - if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi - if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi - - # lvchange -a n "$vgname" - - - # - # formatting - # - - if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then - mkfs.vfat "$bootdev" - fi - - if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then - mkfs.btrfs "$rootdev" - fi - - if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then - mkfs.btrfs "$homedev" - fi - - if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then - mkfs.btrfs "$bkudev" - fi - - - if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then - mount "$rootdev" /mnt - fi - if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then - mkdir -m 0000 -p /mnt/boot - mount "$bootdev" /mnt/boot - fi - if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then - mkdir -m 0000 -p /mnt/home - mount "$homedev" /mnt/home - fi - if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then - mkdir -m 0000 -p /mnt/bku - mount "$bkudev" /mnt/bku - fi - - # umount -R /mnt - - - parted "$disk" print - lsblk "$disk" - - key='${pubkey}' - if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then - mkdir -p /root/.ssh - echo "$key" > /root/.ssh/authorized_keys - fi - systemctl start sshd - ip route - echo READY. - ''; } diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 0beda7481..e47e3126a 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, ... }@args: { nixpkgs.config.packageOverrides = rec { @@ -11,6 +11,7 @@ ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {}; vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {}; }; + init = pkgs.callPackage ./init/default.nix args; mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {}; mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {}; pop = pkgs.callPackage ./pop/default.nix {}; diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix new file mode 100644 index 000000000..abf2528d7 --- /dev/null +++ b/lass/5pkgs/init/default.nix @@ -0,0 +1,134 @@ +{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca", ... }: + +with lib; + +pkgs.writeText "init" '' + #! /bin/sh + # usage: curl xu/~tv/init | sh + set -efu + # TODO nix-env -f '' -iA jq # if not exists (also version) + # install at tmp location + + + case $(cat /proc/cmdline) in + *' root=LABEL=NIXOS_ISO '*) :;; + *) echo Error: unknown operating system >&2; exit 1;; + esac + + disk=${disk} + + bootdev=${disk}1 + + luksdev=${disk}2 + luksmap=/dev/mapper/${luksmap} + + vgname=${vgname} + + rootdev=/dev/mapper/${vgname}-root + homedev=/dev/mapper/${vgname}-home + bkudev=/dev/mapper/${vgname}-bku + + # + # partitioning + # + + # http://en.wikipedia.org/wiki/GUID_Partition_Table + # undo: + # dd if=/dev/zero bs=512 count=34 of=/dev/sda + # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda) + if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then + parted "$disk" \ + mklabel gpt \ + mkpart ESP fat32 1MiB 1024MiB set 1 boot on \ + mkpart primary 1024MiB 100% + fi + + if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then + echo zonk + exit 23 + fi + + if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then + echo zonk2 + exit 23 + fi + + if ! cryptsetup isLuks "$luksdev"; then + # aes xts-plain64 + cryptsetup luksFormat "$luksdev" \ + -h sha512 \ + --iter-time 5000 + fi + + if ! test -e "$luksmap"; then + cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" + fi + # cryptsetup close + + if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then + pvcreate "$luksmap" + fi + + if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi + + lvchange -a y /dev/mapper/"$vgname" + + if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi + if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi + if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi + + # lvchange -a n "$vgname" + + + # + # formatting + # + + if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then + mkfs.vfat "$bootdev" + fi + + if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then + mkfs.btrfs "$rootdev" + fi + + if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then + mkfs.btrfs "$homedev" + fi + + if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then + mkfs.btrfs "$bkudev" + fi + + + if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then + mount "$rootdev" /mnt + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then + mkdir -m 0000 -p /mnt/boot + mount "$bootdev" /mnt/boot + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then + mkdir -m 0000 -p /mnt/home + mount "$homedev" /mnt/home + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then + mkdir -m 0000 -p /mnt/bku + mount "$bkudev" /mnt/bku + fi + + # umount -R /mnt + + + parted "$disk" print + lsblk "$disk" + + key='${pubkey}' + if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then + mkdir -p /root/.ssh + echo "$key" > /root/.ssh/authorized_keys + fi + systemctl start sshd + ip route + echo READY. +'' -- cgit v1.2.3 From a700fc2a343e8591172d6ce236d53f656e4a0643 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 18 Jan 2017 17:37:59 +0100 Subject: l 2: add screenlock --- lass/2configs/screenlock.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 lass/2configs/screenlock.nix (limited to 'lass') diff --git a/lass/2configs/screenlock.nix b/lass/2configs/screenlock.nix new file mode 100644 index 000000000..237127f69 --- /dev/null +++ b/lass/2configs/screenlock.nix @@ -0,0 +1,17 @@ +{ pkgs, config, ... }: + +{ + systemd.services.screenlock = { + before = [ "sleep.target" ]; + wantedBy = [ "sleep.target" ]; + environment = { + DISPLAY = ":${toString config.services.xserver.display}"; + }; + serviceConfig = { + SyslogIdentifier = "screenlock"; + ExecStart = "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f"; + Type = "forking"; + User = "lass"; + }; + }; +} -- cgit v1.2.3 From 67bee70ab750600e63c75531efb0c216e2280ff3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 18 Jan 2017 17:39:03 +0100 Subject: l 2 baseX: import screenlock.nix --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index a67c25145..e879e8e58 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -7,6 +7,7 @@ in { ./xserver ./mpv.nix ./power-action.nix + ./screenlock.nix { hardware.pulseaudio = { enable = true; -- cgit v1.2.3 From 4075a237bcd4fb74280738b4b6feac1eeb52b47f Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 18 Jan 2017 19:41:22 +0100 Subject: l 2 fetchWallpaper: start directly after xserver --- lass/2configs/fetchWallpaper.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass') diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index a724e2e45..fc5acce31 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -8,5 +8,9 @@ in { unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; url = "prism/wallpaper.png"; }; + systemd.services.fetchWallpaper = { + after = [ "xserver.service" ]; + wantedBy = [ "xserver.service" ]; + }; } -- cgit v1.2.3 From 82149ebb75892267af3b9e0a290f975d15965894 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 18 Jan 2017 19:54:47 +0100 Subject: l 2 nixpkgs: use 3909827 from 16.09 --- lass/2configs/nixpkgs.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index a33e69bf8..27b7c2439 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -2,7 +2,7 @@ { krebs.build.source.nixpkgs.git = { - url = https://github.com/lassulus/nixpkgs; - ref = "d98b556864f2b3a634e39ed1ae29f47c0e3fae35"; + url = https://github.com/nixos/nixpkgs; + ref = "39098270855c171f0824c09d071b606ae991ff87"; }; } -- cgit v1.2.3 From c80d283a55443154d1244f83828d49e61f425c2f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 18:29:21 +0100 Subject: l 5 init: extend to work with x220 seaboot --- lass/5pkgs/init/default.nix | 45 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 35 insertions(+), 10 deletions(-) (limited to 'lass') diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix index abf2528d7..d0339f811 100644 --- a/lass/5pkgs/init/default.nix +++ b/lass/5pkgs/init/default.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca", ... }: +{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "pool", luksmap ? "luksmap", keyfile ? "/root/keyfile", ... }: with lib; @@ -15,11 +15,13 @@ pkgs.writeText "init" '' *) echo Error: unknown operating system >&2; exit 1;; esac + keyfile=${keyfile} + disk=${disk} - bootdev=${disk}1 + bootdev=${disk}2 - luksdev=${disk}2 + luksdev=${disk}3 luksmap=/dev/mapper/${luksmap} vgname=${vgname} @@ -28,6 +30,14 @@ pkgs.writeText "init" '' homedev=/dev/mapper/${vgname}-home bkudev=/dev/mapper/${vgname}-bku + # + #generate keyfile + # + + if ! test -e "$keyfile"; then + dd if=/dev/urandom bs=512 count=2048 of=$keyfile + fi + # # partitioning # @@ -37,13 +47,15 @@ pkgs.writeText "init" '' # dd if=/dev/zero bs=512 count=34 of=/dev/sda # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda) if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then - parted "$disk" \ + parted -a optimal "$disk" \ mklabel gpt \ - mkpart ESP fat32 1MiB 1024MiB set 1 boot on \ + mkpart no-fs 0 1024KiB \ + set 1 bios_grub on \ + mkpart ext2 1025KiB 1024MiB \ mkpart primary 1024MiB 100% fi - if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then + if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ext2; then echo zonk exit 23 fi @@ -55,13 +67,14 @@ pkgs.writeText "init" '' if ! cryptsetup isLuks "$luksdev"; then # aes xts-plain64 - cryptsetup luksFormat "$luksdev" \ + cryptsetup luksFormat "$luksdev" "$keyfile" \ -h sha512 \ --iter-time 5000 fi if ! test -e "$luksmap"; then - cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" + cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" \ + --key-file "$keyfile" fi # cryptsetup close @@ -84,8 +97,8 @@ pkgs.writeText "init" '' # formatting # - if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then - mkfs.vfat "$bootdev" + if ! test "$(blkid -o value -s TYPE "$bootdev")" = ext2; then + mkfs.ext2 "$bootdev" fi if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then @@ -119,6 +132,18 @@ pkgs.writeText "init" '' # umount -R /mnt + # + # dependencies for stockholm + # + + nix-env -iA nixos.git + + mkdir -p /mnt/var/src + touch /mnt/var/src/.populate + + # + # print all the infos + # parted "$disk" print lsblk "$disk" -- cgit v1.2.3 From bd9dddd97fe5b881ac07d52f047e775bbdaf406b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 18:29:49 +0100 Subject: l 1 icarus: now installed with init --- lass/1systems/icarus.nix | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'lass') diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus.nix index 8402613da..7f632e9bf 100644 --- a/lass/1systems/icarus.nix +++ b/lass/1systems/icarus.nix @@ -14,15 +14,6 @@ with import ; ../2configs/fetchWallpaper.nix ../2configs/backups.nix ../2configs/games.nix - #{ - # users.extraUsers = { - # root = { - # openssh.authorizedKeys.keys = map readFile [ - # ../../krebs/Zpubkeys/uriel.ssh.pub - # ]; - # }; - # }; - #} ]; krebs.build.host = config.krebs.hosts.icarus; @@ -32,19 +23,28 @@ with import ; loader.grub.version = 2; loader.grub.device = "/dev/sda"; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; }; fileSystems = { "/" = { - device = "/dev/pool/nix"; + device = "/dev/mapper/pool-root"; fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/bku" = { + device = "/dev/mapper/pool-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/home" = { + device = "/dev/mapper/pool-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; - "/boot" = { - device = "/dev/sda1"; + device = "/dev/sda2"; }; "/tmp" = { device = "tmpfs"; -- cgit v1.2.3 From c3be272e9b699033437a34c37feecd7775c84046 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 18:37:48 +0100 Subject: l 1 prism: forward 1337 to onondaga --- lass/1systems/prism.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 313a18a9c..34d81f099 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -252,6 +252,12 @@ in { origin.ref = "heads/nin"; mirror.url = "git@${config.networking.hostName}:stockholm"; }; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 213.239.205.240 -p tcp --dport 1337"; target = "DNAT --to-destination 192.168.122.24:22"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } + ]; } ]; -- cgit v1.2.3 From 654d32383f782dbd8d3fa198583754ff1d0ca5ec Mon Sep 17 00:00:00 2001 F