From 3175318eb0542d0751491b7f9e881d50f8ba6741 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Oct 2015 19:46:26 +0200 Subject: m 2 cgit: add tinc_graphs repo --- makefu/2configs/git/cgit-retiolum.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'makefu/2configs') diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 1277a014e..189dd66c8 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -10,6 +10,9 @@ let stockholm = { desc = "Make all the systems into 1systems!"; }; + tinc_graphs = { + desc = "Tinc Advanced Graph Generation"; + }; }; priv-repos = mapAttrs make-priv-repo { -- cgit v1.2.3 From ded0821d9bf7c85e2197cb7811d5f95987ded02e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Oct 2015 23:46:10 +0200 Subject: m 1,2 : wry serves as iodine entry point --- makefu/2configs/base-sources.nix | 6 +++--- makefu/2configs/iodined.nix | 16 ++++++++++++++++ 2 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 makefu/2configs/iodined.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/base-sources.nix b/makefu/2configs/base-sources.nix index 826cd6fef..7e6bebec3 100644 --- a/makefu/2configs/base-sources.nix +++ b/makefu/2configs/base-sources.nix @@ -3,9 +3,9 @@ { krebs.build.source = { git.nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - #url = https://github.com/makefu/nixpkgs; - rev = "dc18f39bfb2f9d1ba62c7e8ad98544bb15cb26b2"; # nixos-15.09 + #url = https://github.com/NixOS/nixpkgs; + url = https://github.com/makefu/nixpkgs; + rev = "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picked iodine }; dir.secrets = { diff --git a/makefu/2configs/iodined.nix b/makefu/2configs/iodined.nix new file mode 100644 index 000000000..db8a1bfed --- /dev/null +++ b/makefu/2configs/iodined.nix @@ -0,0 +1,16 @@ +{ services,builtins,environment,pkgs, ... }: + +let + # TODO: make this a parameter + domain = "io.krebsco.de"; + pw = import ; +in { + + services.iodined = { + enable = true; + domain = domain; + ip = "172.16.10.1/24"; + extraConfig = "-P ${pw}"; + }; + +} -- cgit v1.2.3 From be44341c6ba0d8fe66220f4fe6493a88fdce849b Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 20 Oct 2015 14:25:49 +0200 Subject: m 2 mail: split exim-retiolum --- makefu/2configs/mail-client.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 makefu/2configs/mail-client.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/mail-client.nix b/makefu/2configs/mail-client.nix new file mode 100644 index 000000000..a6ae33d2f --- /dev/null +++ b/makefu/2configs/mail-client.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + environment.systemPackages = with pkgs; [ + msmtp + mutt-kz + notmuch + offlineimap + ]; + +} -- cgit v1.2.3 From 0696c3ff38ff629ad5f184bc458392de748a87b6 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Oct 2015 09:10:21 +0200 Subject: m 2 mail: remove client packages from server config --- makefu/2configs/exim-retiolum.nix | 4 ---- 1 file changed, 4 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/exim-retiolum.nix b/makefu/2configs/exim-retiolum.nix index cebfd7cea..b8c5c5236 100644 --- a/makefu/2configs/exim-retiolum.nix +++ b/makefu/2configs/exim-retiolum.nix @@ -5,10 +5,6 @@ with lib; krebs.exim-retiolum.enable = true; environment.systemPackages = with pkgs; [ msmtp - mutt-kz - notmuch - # TODO: put this somewhere else - offlineimap ]; } -- cgit v1.2.3 From 506f1c0c382a66f3f2e17519004875f793e489f1 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Oct 2015 18:45:32 +0200 Subject: m 2 unstable-sources: sources to unstable nixpkgs --- makefu/2configs/unstable-sources.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 makefu/2configs/unstable-sources.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/unstable-sources.nix b/makefu/2configs/unstable-sources.nix new file mode 100644 index 000000000..f2d28dcaf --- /dev/null +++ b/makefu/2configs/unstable-sources.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: + +{ + krebs.build.source = { + git.nixpkgs = { + url = https://github.com/makefu/nixpkgs; + rev = "984d33884d63d404ff2da76920b8bc8b15471552"; + }; + + dir.secrets = { + host = config.krebs.hosts.pornocauster; + path = "/home/makefu/secrets/${config.krebs.build.host.name}/"; + }; + dir.stockholm = { + host = config.krebs.hosts.pornocauster; + path = toString ../.. ; + }; + }; +} -- cgit v1.2.3 From 6eb195b0bc1b2ecd1a39c842da4d14d4837d98cc Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Oct 2015 18:49:20 +0200 Subject: wry: is the new provider for paste.krebsco.de --- makefu/2configs/bepasty-dual.nix | 52 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 makefu/2configs/bepasty-dual.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix new file mode 100644 index 000000000..fb170957a --- /dev/null +++ b/makefu/2configs/bepasty-dual.nix @@ -0,0 +1,52 @@ +{ config, lib, pkgs, ... }: + +# 1systems should configure itself: +# krebs.bepasty.servers.internal.nginx.listen = [ "80" ] +# krebs.bepasty.servers.external.nginx.listen = [ "80" "443 ssl" ] +# 80 is redirected to 443 ssl + +# secrets used: +# wildcard.krebsco.de.crt +# wildcard.krebsco.de.key +# bepasty-secret.nix <- contains single string + +with lib; +{ + + krebs.nginx.enable = mkDefault true; + krebs.bepasty = { + enable = true; + serveNginx= true; + + servers = { + internal = { + nginx = { + server-names = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; + }; + defaultPermissions = "admin,list,create,read,delete"; + secretKey = import ; + }; + + external = { + nginx = { + server-names = [ "paste.krebsco.de" ]; + extraConfig = '' + ssl_session_cache shared:SSL:1m; + ssl_session_timeout 10m; + ssl_certificate /root/secrets/wildcard.krebsco.de.crt; + ssl_certificate_key /root/secrets/wildcard.krebsco.de.key; + ssl_verify_client off; + proxy_ssl_session_reuse off; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers RC4:HIGH:!aNULL:!MD5; + ssl_prefer_server_ciphers on; + if ($scheme = http){ + return 301 https://$server_name$request_uri; + }''; + }; + defaultPermissions = "read"; + secretKey = import ; + }; + }; + }; +} -- cgit v1.2.3 From 6a425334c78fe6eb30f21f9757554905f09436fa Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 22 Oct 2015 13:43:20 +0200 Subject: m 2 reaktor/random-emoji: html-decode output using xmlstarlet --- makefu/2configs/Reaktor/random-emoji.nix | 1 + makefu/2configs/Reaktor/random-emoji.sh | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/Reaktor/random-emoji.nix b/makefu/2configs/Reaktor/random-emoji.nix index b2d99b36b..3113a826b 100644 --- a/makefu/2configs/Reaktor/random-emoji.nix +++ b/makefu/2configs/Reaktor/random-emoji.nix @@ -12,6 +12,7 @@ let coreutils gnused gnugrep + xmlstarlet curl]); in { # TODO: make origin a variable, <- module is generic enough to handle different origins, not only stockholm diff --git a/makefu/2configs/Reaktor/random-emoji.sh b/makefu/2configs/Reaktor/random-emoji.sh index 913d615be..386aa68b9 100644 --- a/makefu/2configs/Reaktor/random-emoji.sh +++ b/makefu/2configs/Reaktor/random-emoji.sh @@ -2,4 +2,5 @@ curl http://emojicons.com/random -s | \ grep data-text | \ sed -n 's/.*>\(.*\)<\/textarea>/\1/p' | \ - head -n 1 + head -n 1 | \ + xmlstarlet unesc -- cgit v1.2.3