From 835ddb0de049850c113de4f9870edb49fff05494 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 18 Jul 2016 18:57:36 +0200 Subject: m 1 vbob: document forticlientsslvpn mess --- makefu/1systems/vbob.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 3fcb173c..4818cea2 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -8,7 +8,7 @@ (toString ) (toString ) ../2configs/main-laptop.nix #< base-gui - # (toString )/extra-hosts.nix + # environment @@ -28,8 +28,15 @@ openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; }; }; + + environment.shellAliases = { + forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn"; + }; + # TODO: for forticleintsslpn + # ln -s /r/current-system/sw/bin/pppd /usr/sbin/pppd + # ln -s /r/current-system/sw/bin/tail /usr/bin/tail environment.systemPackages = with pkgs;[ - fortclientsslvpn + fortclientsslvpn ppp xclip get logstash docker -- cgit v1.2.3 From 46232b30beba336ccc6a1a75e1cc9d66646b5dcc Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 20 Jul 2016 17:18:57 +0200 Subject: makefu: s/krebs\.retiolum/krebs.tinc.retiolum/g --- makefu/1systems/darth.nix | 2 +- makefu/1systems/filepimp.nix | 2 +- makefu/1systems/gum.nix | 4 ++-- makefu/1systems/omo.nix | 2 +- makefu/1systems/pnp.nix | 5 +++-- makefu/1systems/pornocauster.nix | 10 +++++----- makefu/1systems/repunit.nix | 9 +-------- makefu/1systems/shoney.nix | 2 +- makefu/1systems/tsp.nix | 2 +- makefu/1systems/vbob.nix | 8 +------- makefu/1systems/wry.nix | 3 ++- 11 files changed, 19 insertions(+), 30 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index 87029a69..c63dcb49 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -17,6 +17,7 @@ in { ../2configs/exim-retiolum.nix ../2configs/virtualization.nix + ../2configs/tinc/retiolum.nix ../2configs/temp-share-samba.nix ]; services.samba.shares = { @@ -39,7 +40,6 @@ in { }; #networking.firewall.enable = false; - krebs.retiolum.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; hardware.enableAllFirmware = true; diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix index 593f7737..c6966c99 100644 --- a/makefu/1systems/filepimp.nix +++ b/makefu/1systems/filepimp.nix @@ -22,8 +22,8 @@ in { ../. ../2configs/fs/single-partition-ext4.nix ../2configs/smart-monitor.nix + ../2configs/tinc/retiolum.nix ]; - krebs.retiolum.enable = true; krebs.build.host = config.krebs.hosts.filepimp; # AMD N54L boot = { diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 17b2b509..a4e2d176 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -19,6 +19,7 @@ in { ../2configs/deployment/mycube.connector.one.nix ../2configs/exim-retiolum.nix + ../2configs/tinc/retiolum.nix ../2configs/urlwatch.nix ]; @@ -27,8 +28,7 @@ in { ###### stable krebs.build.host = config.krebs.hosts.gum; - krebs.retiolum = { - enable = true; + krebs.tinc.retiolum = { extraConfig = '' ListenAddress = ${external-ip} 53 ListenAddress = ${external-ip} 655 diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 8c24e0ff..e11abd40 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -47,12 +47,12 @@ in { #../2configs/graphite-standalone.nix #../2configs/share-user-sftp.nix ../2configs/omo-share.nix + ../2configs/tinc/retiolum.nix ## as long as pyload is not in nixpkgs: # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload ]; - krebs.retiolum.enable = true; networking.firewall.trustedInterfaces = [ primaryInterface ]; # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net # tcp:80 - nginx for sharing files diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index 4b8d39c8..a460a87e 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -15,11 +15,12 @@ ../2configs/fs/vm-single-partition.nix + ../2configs/tinc/retiolum.nix + # config.system.build.vm - + (toString ) ]; - krebs.retiolum.enable = true; virtualisation.graphics = false; # also export secrets, see Usage above fileSystems = pkgs.lib.mkVMOverride { diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 2ab03091..b683e563 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -38,8 +38,9 @@ #../2configs/wordpress.nix ../2configs/nginx/public_html.nix + ../2configs/tinc/retiolum.nix # temporary modules - # ../2configs/temp/share-samba.nix + ../2configs/temp/share-samba.nix # ../2configs/temp/elkstack.nix # ../2configs/temp/sabnzbd.nix ]; @@ -69,10 +70,9 @@ krebs.build.host = config.krebs.hosts.pornocauster; krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11"; - krebs.retiolum = { - enable = true; - connectTo = [ "omo" "gum" "prism" ]; - }; + + krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ]; + networking.extraHosts = '' 192.168.1.11 omo.local ''; diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix index bf6ff9fb..7102b8f8 100644 --- a/makefu/1systems/repunit.nix +++ b/makefu/1systems/repunit.nix @@ -10,6 +10,7 @@ ../. ../2configs/git/cgit-retiolum.nix + ../2configs/tinc/retiolum.nix ]; krebs.build.host = config.krebs.hosts.repunit; @@ -31,14 +32,6 @@ { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; - krebs.retiolum = { - enable = true; - connectTo = [ - "gum" - "pigstarter" - "fastpoke" - ]; - }; # $ nix-env -qaP | grep wget environment.systemPackages = with pkgs; [ diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index 3a3ac9c7..0e6ae6e1 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -13,6 +13,7 @@ in { ../2configs/save-diskspace.nix ../2configs/hw/CAC.nix ../2configs/fs/CAC-CentOS-7-64bit.nix + ../2configs/tinc/retiolum.nix ]; @@ -21,7 +22,6 @@ in { krebs = { enable = true; - retiolum.enable = true; build.host = config.krebs.hosts.shoney; nginx.enable = true; tinc_graphs = { diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index 302ba6f9..9809abf4 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -17,9 +17,9 @@ ../2configs/zsh-user.nix ../2configs/exim-retiolum.nix + ../2configs/tinc/retiolum.nix ]; # not working in vm - krebs.retiolum.enable = true; krebs.build.host = config.krebs.hosts.tsp; networking.firewall.allowedTCPPorts = [ diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 4818cea2..129a0602 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -11,6 +11,7 @@ # environment + ../2configs/tinc/retiolum.nix ]; # workaround for https://github.com/NixOS/nixpkgs/issues/16641 @@ -52,13 +53,6 @@ 8010 ]; - krebs.retiolum = { - enable = true; - connectTo = [ - "omo" - "gum" - ]; - }; virtualisation.docker.enable = false; fileSystems."/media/share" = { diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 5788cb65..3764ab4b 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -25,8 +25,9 @@ in { # collectd ../2configs/collectd/collectd-base.nix + + ../2configs/tinc/retiolum.nix ]; - krebs.retiolum.enable = true; krebs.build.host = config.krebs.hosts.wry; -- cgit v1.2.3 From e03ae6d79d77e654bb586475b52c7e6aa24ac06f Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 20 Jul 2016 20:35:30 +0200 Subject: m 1 wbob: add missing --- makefu/1systems/wbob.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix index 45b935af..e8e0b091 100644 --- a/makefu/1systems/wbob.nix +++ b/makefu/1systems/wbob.nix @@ -1,5 +1,7 @@ { config, pkgs, ... }: -{ +let rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115"; +in { + makefu.awesome = { modkey = "Mod1"; #TODO: integrate kiosk config into full config by templating the autostart @@ -9,19 +11,19 @@ [ # Include the results of the hardware scan. ../. ../2configs/main-laptop.nix + ../2configs/virtualization.nix + ../2configs/tinc/retiolum.nix ]; krebs = { enable = true; - retiolum.enable = true; build.host = config.krebs.hosts.wbob; }; networking.firewall.allowedUDPPorts = [ 1655 ]; - networking.firewall.allowedTCPPorts = [ 1655 ]; + networking.firewall.allowedTCPPorts = [ 1655 49152 ]; services.tinc.networks.siem = { name = "display"; extraConfig = '' ConnectTo = sjump - Port = 1655 ''; }; @@ -35,12 +37,12 @@ # nuc hardware - boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.device = rootdisk; hardware.cpu.intel.updateMicrocode = true; boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.kernelModules = [ "kvm-intel" ]; fileSystems."/" = { - device = "/dev/sda1"; + device = rootdisk + "-part1"; fsType = "ext4"; }; -- cgit v1.2.3 From 2b862262f2878c9f4ef35894a8343d94f6d636be Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 20 Jul 2016 20:36:16 +0200 Subject: m 1 vbob: comment out extra-hosts --- makefu/1systems/vbob.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 129a0602..27a21631 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -8,7 +8,7 @@ (toString ) (toString ) ../2configs/main-laptop.nix #< base-gui - + # # environment ../2configs/tinc/retiolum.nix -- cgit v1.2.3 From fbe1fcdd8e145493602da65f0a22b1907c2b3a95 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 21 Jul 2016 00:13:01 +0200 Subject: m : update legacy options ,remove honeyd usage in shoney --- makefu/1systems/shoney.nix | 3 --- 1 file changed, 3 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index 0e6ae6e1..7081f6a9 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -17,9 +17,6 @@ in { ]; - environment.systemPackages = [ pkgs.honeyd ]; - services.tinc.networks.siem.name = "sjump"; - krebs = { enable = true; build.host = config.krebs.hosts.shoney; -- cgit v1.2.3