From 2d79335e34d639657bd0045f9a6b777778a5ad82 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 17 Feb 2016 17:07:16 +0100 Subject: tv.mail: wu -> nomic --- tv/1systems/nomic.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'tv') diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index 2c9775da..c247bf79 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -10,6 +10,7 @@ with config.krebs.lib; ../2configs/hw/AO753.nix ../2configs/exim-retiolum.nix ../2configs/git.nix + ../2configs/mail-client.nix ../2configs/nginx-public_html.nix ../2configs/pulse.nix ../2configs/retiolum.nix -- cgit v1.2.3 From 468f294635523a39eaf1a6794571948066b63a1c Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 17 Feb 2016 17:23:19 +0100 Subject: tv im: init --- tv/1systems/nomic.nix | 1 + tv/1systems/wu.nix | 20 +------------------- tv/2configs/im.nix | 24 ++++++++++++++++++++++++ 3 files changed, 26 insertions(+), 19 deletions(-) create mode 100644 tv/2configs/im.nix (limited to 'tv') diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index c247bf79..45320690 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -10,6 +10,7 @@ with config.krebs.lib; ../2configs/hw/AO753.nix ../2configs/exim-retiolum.nix ../2configs/git.nix + ../2configs/im.nix ../2configs/mail-client.nix ../2configs/nginx-public_html.nix ../2configs/pulse.nix diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 6154e4df..7615c4e8 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -10,6 +10,7 @@ with config.krebs.lib; ../2configs/hw/w110er.nix ../2configs/exim-retiolum.nix ../2configs/git.nix + ../2configs/im.nix ../2configs/mail-client.nix ../2configs/nginx-public_html.nix ../2configs/pulse.nix @@ -23,19 +24,6 @@ with config.krebs.lib; hashPassword haskellPackages.lentil parallel - (pkgs.writeScriptBin "im" '' - #! ${pkgs.bash}/bin/bash - export PATH=${makeSearchPath "bin" (with pkgs; [ - tmux - gnugrep - weechat - ])} - if tmux list-sessions -F\#S | grep -q '^im''$'; then - exec tmux attach -t im - else - exec tmux new -s im weechat - fi - '') # root cryptsetup @@ -201,12 +189,6 @@ with config.krebs.lib; KERNEL=="hpet", GROUP="audio" ''; - services.bitlbee = { - enable = true; - plugins = [ - pkgs.bitlbee-facebook - ]; - }; services.tor.client.enable = true; services.tor.enable = true; services.virtualboxHost.enable = true; diff --git a/tv/2configs/im.nix b/tv/2configs/im.nix new file mode 100644 index 00000000..db1be7f0 --- /dev/null +++ b/tv/2configs/im.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: +with config.krebs.lib; +{ + environment.systemPackages = with pkgs; [ + (pkgs.writeDashBin "im" '' + export PATH=${makeSearchPath "bin" (with pkgs; [ + tmux + gnugrep + weechat + ])} + if tmux list-sessions -F\#S | grep -q '^im''$'; then + exec tmux attach -t im + else + exec tmux new -s im weechat + fi + '') + ]; + services.bitlbee = { + enable = true; + plugins = [ + pkgs.bitlbee-facebook + ]; + }; +} -- cgit v1.2.3 From d71a8863ac10f34bfe30f950f32bbf57427e2ca7 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 17 Feb 2016 17:30:39 +0100 Subject: tv krebs.backup.plans.nomic-home-xu: init --- tv/2configs/backup.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'tv') diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index 641e2d58..decd8b28 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -2,6 +2,18 @@ with config.krebs.lib; { krebs.backup.plans = { + nomic-home-xu = { + method = "push"; + src = { host = config.krebs.hosts.nomic; path = "/home"; }; + dst = { host = config.krebs.hosts.xu; path = "/bku/nomic-home"; }; + startAt = "05:00"; + snapshots = { + daily = { format = "%Y-%m-%d"; retain = 7; }; + weekly = { format = "%YW%W"; retain = 4; }; + monthly = { format = "%Y-%m"; retain = 12; }; + yearly = { format = "%Y"; }; + }; + }; wu-home-xu = { method = "push"; src = { host = config.krebs.hosts.wu; path = "/home"; }; -- cgit v1.2.3 From a042769ee71e20176c5341bdcc029c3ac23646e1 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 17 Feb 2016 17:45:58 +0100 Subject: xu,wu: rm pkgs that belong to xserver --- tv/1systems/wu.nix | 5 ----- tv/1systems/xu.nix | 4 ---- 2 files changed, 9 deletions(-) (limited to 'tv') diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 7615c4e8..2b6dca1c 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -153,11 +153,7 @@ with config.krebs.lib; hardware.opengl.driSupport32Bit = true; environment.systemPackages = with pkgs; [ - xlibs.fontschumachermisc - slock ethtool - #firefoxWrapper # with plugins - #chromiumDevWrapper tinc iptables #jack2 @@ -165,7 +161,6 @@ with config.krebs.lib; security.setuidPrograms = [ "sendmail" # for cron - "slock" ]; services.printing.enable = true; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 5ec1fe52..d4295d3b 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -163,11 +163,7 @@ with config.krebs.lib; #hardware.opengl.driSupport32Bit = true; environment.systemPackages = with pkgs; [ - #xlibs.fontschumachermisc - #slock ethtool - #firefoxWrapper # with plugins - #chromiumDevWrapper tinc iptables #jack2 -- cgit v1.2.3 From 38cc636c8c1b8d95579ad9a980b29b494f383779 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 17 Feb 2016 22:28:02 +0100 Subject: tv sudo: !lecture --- tv/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'tv') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index c4a2d6ba..13699a3d 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -50,6 +50,7 @@ with config.krebs.lib; { security.sudo.extraConfig = '' Defaults mailto="${config.krebs.users.tv.mail}" + Defaults !lecture ''; time.timeZone = "Europe/Berlin"; } -- cgit v1.2.3 From f5d0b2a4020b3bd5150f9861fb27a7faaddbd0b9 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 17 Feb 2016 23:23:13 +0100 Subject: xu-qemu0: disable systemd-networkd-wait-online --- tv/2configs/xu-qemu0.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'tv') diff --git a/tv/2configs/xu-qemu0.nix b/tv/2configs/xu-qemu0.nix index 720a8acd..2b67a8b8 100644 --- a/tv/2configs/xu-qemu0.nix +++ b/tv/2configs/xu-qemu0.nix @@ -27,6 +27,8 @@ with config.krebs.lib; networking.dhcpcd.denyInterfaces = [ "qemubr0" ]; systemd.network.enable = true; + systemd.services.systemd-networkd-wait-online.enable = false; + services.resolved.enable = mkForce false; boot.kernel.sysctl."net.ipv4.ip_forward" = 1; -- cgit v1.2.3 From 970eed274818cb49517fa5ef8b39a30d99302f1e Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 17 Feb 2016 23:35:25 +0100 Subject: tv man: init --- tv/1systems/wu.nix | 3 +-- tv/1systems/xu.nix | 3 +-- tv/2configs/man.nix | 7 +++++++ 3 files changed, 9 insertions(+), 4 deletions(-) create mode 100644 tv/2configs/man.nix (limited to 'tv') diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 2b6dca1c..8c363d9f 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -12,6 +12,7 @@ with config.krebs.lib; ../2configs/git.nix ../2configs/im.nix ../2configs/mail-client.nix + ../2configs/man.nix ../2configs/nginx-public_html.nix ../2configs/pulse.nix ../2configs/retiolum.nix @@ -40,14 +41,12 @@ with config.krebs.lib; haskellPackages.hledger htop jq - manpages mkpasswd netcat nix-repl nmap nq p7zip - posix_man_pages push qrencode texLive diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index d4295d3b..c6a69a85 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -11,6 +11,7 @@ with config.krebs.lib; ../2configs/exim-retiolum.nix ../2configs/git.nix ../2configs/mail-client.nix + ../2configs/man.nix ../2configs/nginx-public_html.nix ../2configs/pulse.nix ../2configs/retiolum.nix @@ -52,7 +53,6 @@ with config.krebs.lib; haskellPackages.hledger htop jq - manpages mkpasswd netcat nix-repl @@ -60,7 +60,6 @@ with config.krebs.lib; nq p7zip pass - posix_man_pages qrencode texLive tmux diff --git a/tv/2configs/man.nix b/tv/2configs/man.nix new file mode 100644 index 00000000..686e574f --- /dev/null +++ b/tv/2configs/man.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + manpages + posix_man_pages + ]; +} -- cgit v1.2.3 From f7d6e2043184401f7007b248fbe3af66b2752351 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 17 Feb 2016 23:35:43 +0100 Subject: tv man: inhibit warning break --- tv/2configs/man.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'tv') diff --git a/tv/2configs/man.nix b/tv/2configs/man.nix index 686e574f..a84e60b7 100644 --- a/tv/2configs/man.nix +++ b/tv/2configs/man.nix @@ -1,5 +1,10 @@ { config, lib, pkgs, ... }: { + environment.etc."man.conf".source = pkgs.runCommand "man.conf" {} '' + ${pkgs.gnused}/bin/sed <${pkgs.man}/lib/man.conf >$out ' + s:^NROFF\t.*:& -Wbreak: + ' + ''; environment.systemPackages = with pkgs; [ manpages posix_man_pages -- cgit v1.2.3 From 7f1abe50ce0989d96c3d275a4d0481962848714f Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 18 Feb 2016 00:50:10 +0100 Subject: xu-qemu0 host: setup iptables --- tv/2configs/xu-qemu0.nix | 18 ++++++++++++------ tv/3modules/iptables.nix | 22 ++++++++++++++++++++++ 2 files changed, 34 insertions(+), 6 deletions(-) (limited to 'tv') diff --git a/tv/2configs/xu-qemu0.nix b/tv/2configs/xu-qemu0.nix index 2b67a8b8..5be4899c 100644 --- a/tv/2configs/xu-qemu0.nix +++ b/tv/2configs/xu-qemu0.nix @@ -15,17 +15,23 @@ in # # make [install] system=xu-qemu0 target_host=10.56.0.101 -# TODO iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT -# TODO iptables -A FORWARD -i qemubr0 -s 10.56.0.1/24 -m conntrack --ctstate NEW -j ACCEPT -# TODO iptables -A POSTROUTING -t nat -j MASQUERADE -# TODO iptables -A INPUT -i qemubr0 -p udp -m udp --dport bootps -j ACCEPT -# TODO iptables -A INPUT -i qemubr0 -p udp -m udp --dport domain -j ACCEPT - with config.krebs.lib; { networking.dhcpcd.denyInterfaces = [ "qemubr0" ]; + tv.iptables.extra = { + nat.POSTROUTING = ["-j MASQUERADE"]; + filter.FORWARD = [ + "-m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT" + "-i qemubr0 -s 10.56.0.1/24 -m conntrack --ctstate NEW -j ACCEPT" + ]; + filter.INPUT = [ + "-i qemubr0 -p udp -m udp --dport bootps -j ACCEPT" + "-i qemubr0 -p udp -m udp --dport domain -j ACCEPT" + ]; + }; + systemd.network.enable = true; systemd.services.systemd-networkd-wait-online.enable = false; diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix index c0fd7ec1..c0e71f24 100644 --- a/tv/3modules/iptables.nix +++ b/tv/3modules/iptables.nix @@ -26,6 +26,21 @@ let type = with types; listOf (either int str); default = []; }; + + extra = { + nat.POSTROUTING = mkOption { + type = with types; listOf str; + default = []; + }; + filter.FORWARD = mkOption { + type = with types; listOf str; + default = []; + }; + filter.INPUT = mkOption { + type = with types; listOf str; + default = []; + }; + }; }; imp = { @@ -57,6 +72,11 @@ let }; }; + formatTable = table: + (concatStringsSep "\n" + (mapAttrsToList + (chain: concatMapStringsSep "\n" (rule: "-A ${chain} ${rule}")) + table)); rules = iptables-version: let accept-echo-request = { @@ -79,6 +99,7 @@ let ${concatMapStringsSep "\n" (rule: "-A OUTPUT ${rule}") [ "-o lo -p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22" ]} + ${formatTable cfg.extra.nat} COMMIT *filter :INPUT DROP [0:0] @@ -94,6 +115,7 @@ let ++ map accept-new-tcp (unique (map toString cfg.input-internet-accept-new-tcp)) ++ ["-i retiolum -j Retiolum"] )} + ${formatTable cfg.extra.filter} ${concatMapStringsSep "\n" (rule: "-A Retiolum ${rule}") ([] ++ optional (cfg.accept-echo-request == "retiolum") accept-echo-request ++ map accept-new-tcp (unique (map toString cfg.input-retiolum-accept-new-tcp)) -- cgit v1.2.3 From db6342f58c534bd2ce631fd81d6956cdd8fe4637 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 18 Feb 2016 02:55:46 +0100 Subject: tv: init backup plans xu-pull-cd-{ejabberd,home} --- tv/2configs/backup.nix | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) (limited to 'tv') diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index decd8b28..b5512662 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -2,41 +2,43 @@ with config.krebs.lib; { krebs.backup.plans = { + } // mapAttrs (_: recursiveUpdate { + snapshots = { + daily = { format = "%Y-%m-%d"; retain = 7; }; + weekly = { format = "%YW%W"; retain = 4; }; + monthly = { format = "%Y-%m"; retain = 12; }; + yearly = { format = "%Y"; }; + }; + }) { nomic-home-xu = { method = "push"; src = { host = config.krebs.hosts.nomic; path = "/home"; }; dst = { host = config.krebs.hosts.xu; path = "/bku/nomic-home"; }; startAt = "05:00"; - snapshots = { - daily = { format = "%Y-%m-%d"; retain = 7; }; - weekly = { format = "%YW%W"; retain = 4; }; - monthly = { format = "%Y-%m"; retain = 12; }; - yearly = { format = "%Y"; }; - }; }; wu-home-xu = { method = "push"; src = { host = config.krebs.hosts.wu; path = "/home"; }; dst = { host = config.krebs.hosts.xu; path = "/bku/wu-home"; }; startAt = "05:00"; - snapshots = { - daily = { format = "%Y-%m-%d"; retain = 7; }; - weekly = { format = "%YW%W"; retain = 4; }; - monthly = { format = "%Y-%m"; retain = 12; }; - yearly = { format = "%Y"; }; - }; }; xu-home-wu = { method = "push"; src = { host = config.krebs.hosts.xu; path = "/home"; }; dst = { host = config.krebs.hosts.wu; path = "/bku/xu-home"; }; startAt = "06:00"; - snapshots = { - daily = { format = "%Y-%m-%d"; retain = 7; }; - weekly = { format = "%YW%W"; retain = 4; }; - monthly = { format = "%Y-%m"; retain = 12; }; - yearly = { format = "%Y"; }; - }; + }; + xu-pull-cd-ejabberd = { + method = "pull"; + src = { host = config.krebs.hosts.cd; path = "/var/ejabberd"; }; + dst = { host = config.krebs.hosts.xu; path = "/bku/cd-ejabberd"; }; + startAt = "07:00"; + }; + xu-pull-cd-home = { + method = "pull"; + src = { host = config.krebs.hosts.cd; path = "/home"; }; + dst = { host = config.krebs.hosts.xu; path = "/bku/cd-home"; }; + startAt = "07:00"; }; } // mapAttrs (_: recursiveUpdate { snapshots = { -- cgit v1.2.3 From ffc47bf80d521635021b3f7a0122092708ebd2bf Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 18 Feb 2016 14:14:30 +0100 Subject: tv urlwatch: filter pypi/vncdotool/json through jq --- tv/2configs/urlwatch.nix | 41 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 38 insertions(+), 3 deletions(-) (limited to 'tv') diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 0106cddf..51b53230 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -1,5 +1,5 @@ -{ config, ... }: - +{ config, pkgs, ... }: +with config.krebs.lib; { krebs.urlwatch = { enable = true; @@ -52,8 +52,43 @@ # is derived from `configFile` in: https://raw.githubusercontent.com/NixOS/nixpkgs/master/nixos/modules/services/x11/xserver.nix - https://pypi.python.org/pypi/vncdotool + { + url = https://pypi.python.org/pypi/vncdotool/json; + filter = "system:${pkgs.jq}/bin/jq -r '.releases|keys[]'"; + } https://api.github.com/repos/kanaka/noVNC/tags ]; + hooksFile = toFile "hooks.py" '' + import subprocess + import urlwatch + + class CaseFilter(urlwatch.filters.FilterBase): + """Filter for piping data through an external process""" + + __kind__ = 'system' + + def filter(self, data, subfilter=None): + if subfilter is None: + raise ValueError('The system filter needs a command') + + proc = subprocess.Popen( + subfilter, + shell=True, + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + + (stdout, stderr) = proc.communicate(data.encode()) + + if proc.returncode != 0: + raise RuntimeError( + "system filter returned non-zero exit status %d; stderr:\n" + % proc.returncode + + stderr.decode() + ) + + return stdout.decode() + ''; }; } -- cgit v1.2.3