From b9c0c46b4d0f9907f1b3fc96494be96abc60c8db Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 12 Jun 2016 19:48:15 +0200 Subject: m shoney: init --- makefu/1systems/shoney.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 makefu/1systems/shoney.nix (limited to 'makefu/1systems/shoney.nix') diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix new file mode 100644 index 00000000..ebe5222c --- /dev/null +++ b/makefu/1systems/shoney.nix @@ -0,0 +1,30 @@ +{ config, pkgs, ... }: +let + ip = "64.137.235.70"; + gw = "64.137.235.1"; +in { + imports = [ + ../. + ../../tv/2configs/hw/CAC.nix + ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix + + ]; + + # minimal resources + services.nixosManual.enable = false; + programs.man.enable = false; + nix.gc.automatic = true; + nix.gc.dates = "03:10"; + + krebs = { + enable = true; + retiolum.enable = true; + build.host = config.krebs.hosts.shoney; + }; + networking.interfaces.enp2s1.ip4 = [ { + address = ip; + prefixLength = 24; + } ]; + networking.defaultGateway = gw; + networking.nameservers = [ "8.8.8.8" ]; +} -- cgit v1.2.3 From f256bbcb11565138e92266e97856438061b623a0 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 13 Jun 2016 16:22:51 +0200 Subject: cp tv/2/*CAC -> makefu/2/ --- makefu/1systems/shoney.nix | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'makefu/1systems/shoney.nix') diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index ebe5222c..16e89199 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -1,15 +1,19 @@ { config, pkgs, ... }: let - ip = "64.137.235.70"; - gw = "64.137.235.1"; + ip = "64.137.234.215"; + alt-ip = "64.137.234.210"; + extra-ip = "64.137.234.114"; #currently unused + gw = "64.137.234.1"; in { imports = [ ../. - ../../tv/2configs/hw/CAC.nix - ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix + ../2configs/hw/CAC.nix + ../2configs/fs/CAC-CentOS-7-64bit.nix ]; + + # minimal resources services.nixosManual.enable = false; programs.man.enable = false; @@ -21,10 +25,12 @@ in { retiolum.enable = true; build.host = config.krebs.hosts.shoney; }; - networking.interfaces.enp2s1.ip4 = [ { - address = ip; - prefixLength = 24; - } ]; + networking.interfaces.enp2s1.ip4 = [ + { address = ip; prefixLength = 24; } + { address = alt-ip; prefixLength = 24; } + ]; networking.defaultGateway = gw; networking.nameservers = [ "8.8.8.8" ]; + networking.firewall.allowedUDPPorts = [ 655 1655 ]; + networking.firewall.allowedTCPPorts = [ 655 1655 ]; } -- cgit v1.2.3 From 6ac8034a47f840206d999be8ec39fedbc6b7b350 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 Jun 2016 01:33:41 +0200 Subject: ma 1 shoney: init siem tinc --- makefu/1systems/shoney.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'makefu/1systems/shoney.nix') diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index 16e89199..48679fe5 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -13,6 +13,7 @@ in { ]; + services.tinc.networks.siem.name = "sjump"; # minimal resources services.nixosManual.enable = false; @@ -29,6 +30,7 @@ in { { address = ip; prefixLength = 24; } { address = alt-ip; prefixLength = 24; } ]; + networking.defaultGateway = gw; networking.nameservers = [ "8.8.8.8" ]; networking.firewall.allowedUDPPorts = [ 655 1655 ]; -- cgit v1.2.3 From b399ff906dc96c654d989b007c24fe7301ebd848 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 23 Jun 2016 16:57:19 +0200 Subject: ma 1 shoney: enable tinc_graphs for siem tinc --- makefu/1systems/shoney.nix | 46 +++++++++++++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 15 deletions(-) (limited to 'makefu/1systems/shoney.nix') diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index 48679fe5..1fe8871d 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -1,5 +1,7 @@ { config, pkgs, ... }: let + tinc-siem-ip = "10.8.10.1"; + ip = "64.137.234.215"; alt-ip = "64.137.234.210"; extra-ip = "64.137.234.114"; #currently unused @@ -7,32 +9,46 @@ let in { imports = [ ../. + ../2configs/save-diskspace.nix ../2configs/hw/CAC.nix ../2configs/fs/CAC-CentOS-7-64bit.nix - ]; - services.tinc.networks.siem.name = "sjump"; - # minimal resources - services.nixosManual.enable = false; - programs.man.enable = false; - nix.gc.automatic = true; - nix.gc.dates = "03:10"; + services.tinc.networks.siem.name = "sjump"; krebs = { enable = true; retiolum.enable = true; build.host = config.krebs.hosts.shoney; + nginx.enable = true; + tinc_graphs = { + enable = true; + network = "siem"; + hostsPath = "/etc/tinc/siem/hosts"; + nginx = { + enable = true; + # TODO: remove hard-coded hostname + complete = { + listen = [ "${tinc-siem-ip}:80" ]; + server-names = [ "graphs.siem" ]; + }; + }; + }; }; - networking.interfaces.enp2s1.ip4 = [ - { address = ip; prefixLength = 24; } - { address = alt-ip; prefixLength = 24; } - ]; + networking = { + interfaces.enp2s1.ip4 = [ + { address = ip; prefixLength = 24; } + { address = alt-ip; prefixLength = 24; } + ]; - networking.defaultGateway = gw; - networking.nameservers = [ "8.8.8.8" ]; - networking.firewall.allowedUDPPorts = [ 655 1655 ]; - networking.firewall.allowedTCPPorts = [ 655 1655 ]; + defaultGateway = gw; + nameservers = [ "8.8.8.8" ]; + firewall = { + trustedInterfaces = [ "tinc.siem" ]; + allowedUDPPorts = [ 655 1655 ]; + allowedTCPPorts = [ 655 1655 ]; + }; + }; } -- cgit v1.2.3