summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornin <nin@c-base.org>2018-02-27 22:30:49 +0100
committernin <nin@c-base.org>2018-02-27 22:30:49 +0100
commit01289f333143fa145fe585812d05672efd3f3ebe (patch)
treed6de52e9914cd6489cbad61ae7c6fb60ad472c41
parentf20bf1a7ba146b3ffe3f2e470614d12885cbce61 (diff)
parent9e67031cb878c0bcdcde39a7b7b746111de6719a (diff)
Merge remote-tracking branch 'prism/master'
Diffstat
-rw-r--r--krebs/3modules/default.nix6
-rw-r--r--krebs/3modules/lass/default.nix30
-rw-r--r--krebs/3modules/lass/ssh/daedalus.rsa1
-rw-r--r--krebs/3modules/lass/ssh/icarus.rsa2
-rw-r--r--krebs/3modules/makefu/default.nix5
-rw-r--r--krebs/5pkgs/simple/exim/default.nix64
-rw-r--r--krebs/source.nix2
-rw-r--r--lass/1systems/helios/config.nix42
-rw-r--r--lass/1systems/mors/config.nix9
-rw-r--r--lass/1systems/prism/config.nix23
-rw-r--r--lass/1systems/shodan/config.nix4
-rw-r--r--lass/2configs/IM.nix1
-rw-r--r--lass/2configs/baseX.nix6
-rw-r--r--lass/2configs/dcso-dev.nix8
-rw-r--r--lass/2configs/downloading.nix2
-rw-r--r--lass/2configs/dunst.nix277
-rw-r--r--lass/2configs/exim-smarthost.nix11
-rw-r--r--lass/2configs/logf.nix4
-rw-r--r--lass/2configs/mail.nix38
-rw-r--r--lass/2configs/minecraft.nix1
-rw-r--r--lass/2configs/network-manager.nix24
-rw-r--r--lass/2configs/rtl-sdr.nix6
-rw-r--r--lass/2configs/vim.nix6
-rw-r--r--lass/2configs/websites/util.nix1
-rw-r--r--lass/2configs/wine.nix15
-rw-r--r--lass/2configs/zsh.nix7
-rw-r--r--lass/3modules/xserver/default.nix6
-rw-r--r--lass/5pkgs/xmonad-lass.nix19
-rw-r--r--makefu/1systems/gum/config.nix5
-rw-r--r--makefu/1systems/omo/config.nix13
-rw-r--r--makefu/1systems/sdev/config.nix26
-rw-r--r--makefu/1systems/vbob/config.nix41
-rw-r--r--makefu/1systems/wbob/config.nix6
-rw-r--r--makefu/1systems/x/config.nix72
-rw-r--r--makefu/2configs/git/cgit-retiolum.nix1
-rw-r--r--makefu/2configs/hw/vbox-guest.nix16
-rw-r--r--makefu/2configs/hydra/stockholm.nix34
-rw-r--r--makefu/2configs/tools/mobility.nix2
-rw-r--r--makefu/2configs/tools/studio.nix4
-rw-r--r--makefu/2configs/urlwatch/default.nix4
-rw-r--r--makefu/5pkgs/default.nix2
-rw-r--r--makefu/5pkgs/programs-db/default.nix12
-rw-r--r--makefu/6tests/data/secrets/torrent-secrets/auth.nix1
-rw-r--r--makefu/source.nix3
-rw-r--r--tv/2configs/gitrepos.nix5
45 files changed, 672 insertions, 195 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 9c343309a..6fe01e466 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -233,6 +233,7 @@ let
"github.com"
# List generated with
# curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
+ "192.30.252.*"
"192.30.253.*"
"192.30.254.*"
"192.30.255.*"
@@ -240,9 +241,12 @@ let
"185.199.109.*"
"185.199.110.*"
"185.199.111.*"
- "18.195.85.27"
+ "13.229.188.59"
+ "13.250.177.223"
"18.194.104.89"
+ "18.195.85.27"
"35.159.8.160"
+ "52.74.223.119"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 1634a62ac..e269d1fa1 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -551,6 +551,32 @@ with import <stockholm/lib>;
};
};
};
+ dpdkm = {
+ ci = false;
+ external = true;
+ nets = rec {
+ retiolum = {
+ ip4.addr = "10.243.29.173";
+ ip6.addr = "42:4992:6a6d:900::1";
+ aliases = [ "dpdkm.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
+ NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
+ qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
+ X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
+ f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
+ bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
+ Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
+ B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
+ tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
+ dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
+ mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
xerxes = {
cores = 2;
nets = rec {
@@ -624,6 +650,10 @@ with import <stockholm/lib>;
mail = "lass@xerxes.r";
pubkey = builtins.readFile ./ssh/xerxes.rsa;
};
+ lass-daedalus = {
+ mail = "lass@daedalus.r";
+ pubkey = builtins.readFile ./ssh/daedalus.rsa;
+ };
fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
};
diff --git a/krebs/3modules/lass/ssh/daedalus.rsa b/krebs/3modules/lass/ssh/daedalus.rsa
new file mode 100644
index 000000000..ad4847974
--- /dev/null
+++ b/krebs/3modules/lass/ssh/daedalus.rsa
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgF3311cZ/JV7lOzo/Crmy6pi0oBYu5klbTb8lU/Yic55XVRyYFtm+KGrNvqkcFgOx803aS7jogJ1N6HCdUAaEl5MzlkOX++h97ihZ/NeQZKDjYEEQYl4ElmIbCRiddpDm0HVX1OGSCtUzhlyDHJ8ieMCb+QVNrpwovlQnp53c/+Z6rGSZWgBMrzP7stlw+XjC1Alhi1M5L+bJfroa7cEcF+J5ZN+J2mWSmkPiQ6+iuk9zRkc5ELO1Vz4MsLoeKwbJrz+uuNVsY7u070pHtsLwbAsYU5vOWJeN/vtEwy51SY/so30FowvivTD9jIJ0xcmAdC56XjWaxttKuqUVBjJqhwqsUI6+AxLESekFXzkfghmG+AJPPkb2pvpVF3k0Ivn14bFBuFv0T2qPHq68Fs19WLTZn+dK3V+RfVkI6bEZaMOUezyBv59yFEY42wMISPw53jkaWqKIxyGCBECi3XlbeQ61FkwE9TElSY+NmoeMu6jPWw7XGDY4Jt6mtKiYu3hVqI5pg4hq3bxB8r2W7LnkDiYfArbzwmrc2zAmgJtY60/Pcwq7hP3LSDEuDDc4gYgpkLNwHjs+CLWqpbQffCFv+oOZj8G92if+dMBOUSBCr6FDqH6wLxZp2cfhud0p/0kLz09nv/PcRohOHdaQSEW7OAhJ5kgg3DuxhwUwOf/3UX5iLvm4WwE/mb7Iki4U3AENKHUWQ7TOrXcQq9AJX57e9CTI+N4phtzp9qur8vjVl2OpYl2Qb/0yQSGM+4wQ/nM4acePMk80oXLb3OJBlPp0CswzoI7kFBD0TUOnFTCkrJWPaZhgjQXyvCzgFKAvXgqWy4riczqLhdBAhc1vT3a18HsqKXE3mhJa6Kjl6r/ZQaDl2zw7uLmWTHhGuUI9w487L36extGuC3Tv8zEvu2UHqhdEcaSDzRQYcv1kRobfhTWjzFHzdA97Kkc+HuFfJk3MzchsjCxqIuDP4r5YauMBMHAIsUlP7Ar/t29WreAGJbCCd2oulkFL+P+8Sp6SksMMhKQvuRcj74n6BETfailv64z2FjT+qzkCsr/gzvWD08EJRZUCpidX2WfMoL396nBf+EgwhFykqoFg2jlJJ7Vggod8CSHUSeBkslhNk/tkv4y+NnsAIgNluVZlxIeKj1UgazohSNQVRHozs2lkuK0Ytl4TsFrE0X3ar7LpwEVvCLj3eh2kg4kNKNN/vOwWxvMlF9uCBq5FUHaBCst/OXeigjfGZ0ZK5iHsZN+R/iIlG+3V3VN1Rm29aPJPSuAgwl/lfPUfUP5c8QiwnDgdHqMi7VcuCpEtcTLjqDHBssqosRTLodcIZY6qLepm5kQgJ2FfcTPi+ZwT3Z/IFH6p/H7NeVbb8rVYeF/zqDJiWbI+gDy0xFnGgOLpFSBdHq679FjtjZk7Exgz3rVD+QsoSB8VYVOSqpHB1LQyQ2qBry+33CNpxlX5GaaLx5sbEKEguaJ+9R7Mbf8zQMa8EAXhqoT96kIj66IEk= lass@daedalus
diff --git a/krebs/3modules/lass/ssh/icarus.rsa b/krebs/3modules/lass/ssh/icarus.rsa
index e3cb74081..1126c331e 100644
--- a/krebs/3modules/lass/ssh/icarus.rsa
+++ b/krebs/3modules/lass/ssh/icarus.rsa
@@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDm4qnRU8/Zyb+7x/QxW1grN+i1qcN39Sr/TSkBdccAPyfPdk8ph/G+wZKgsyr9sl5CgbA4hOsqDBN97dp4dKghKARuk0GldHDgo+2odWwBTa4EOSmE4Bfj3z7r9tW33Y+ujy55L4w5Qw21lj51mbhc0qvC/03xypEeKsLM0RtNAf8TsdGMPGmbha7uCF75VjFJvrHysbjonh6ZQ+Or8N0MSNABZ9oawJQxxBUqtLFhnq20zCJmm281f9GS/EaGYwcpOjiHd4fj3XWyfEIJRK/LRBZXkidvVDN7mhOQY3G+qiGZfPeyged9CRDRFoc5QbZ43NtrmPS+yUtjHQZKynkjI0lA00fegRzb0FkEJmYSy1Vdqgj338CjNwcuTaKJTw2EotMqMuHyk1FllnphafJtgMTMLIGoZRTpJpC91gbP0MGTnRoCwD4McZcz1YD3cxng101QsLsDv/FPxzbyxr+P6rjBB6eP6IhP4k4ALjWzoMURdCo1BW4//zt+PXImUpcX2+urtAMmVBQ8BwZry1hsEcR+r6C1Yb+jzeWGnvtfjXSFv+ZjpA0eEnqeKeh3LDCxybjkok51zdTe97EZ0sDAnKcnrVzpXJwehY02E2N9Sw1HhvWIUUulr09a2bC2rYR7HWryOjaEzT2aKmUyrxPkflCawB8gn2iSbVMWK74VJw== lass@icarus
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgEuFS5MwYQRF+0MKAQvyv6O+0ky0QnOKGMVZgFXE4g2JrByTCXQAeQmyJquM1wl9IRD63res8ZguMoAz2PkHfNbRSSsR7pH/G3DaJRl0VGf14zO3bjBbogQ45j1Bwxi78h44SDmuBAkp0t76ca16kWGhwEVt03+8sqmbLV90RjHZlrFw2sDgTu35SDz1q/ZzkdyFP3xSIBUnsQD64qRLMx64yLcBp0uu2h7gBBCVyA1T+VR3Nc1yIOyv0nUaqEHz+CDATtFlgGTgT6cCXoIPN0QAuIa3pDxt7htD/POsWuFbpbqrBQVcgun5s3J5X0OmNyoqGqqubcycvuYipZUjBCxyTb7RxCqj2oR8alSaeGZm64I0VSGX/iSCtXKaEJqBbxwNUgDH6B2oUeZbRwgPl/SG8vBku1oKzt/36IBoY8HttcosqLkfTquyyO7KVtOBu04geCmmiqJpSV4j5iYMxvrD0AQ3JJmrcbzUYoCGxlYO19TPsa+Ybhn/E8suach75+DIPj5LacYAh9Wjirw67Kg5QyYEt8XGTR2xxF78CFi0JGBRcyorPfFPLznmVntqJLe6dGNL3njgdD0Ocz8V5ktk1pjY5D2nG8GXfd45NQl2QjTLYnYX4dGuudBXth0nEJMv/MRHZrXVViIqwazdq4mA5z1Yu4Tb3l17d2cAZobzdut6JuZbd7itXAPIiY0vEWXr8lpEuE8Uz9mz8aPxZlhmHSXvNcwhq+i2+cFO8OPwUGbnE2cAHpymlQ3aDRgpptAIMU2LjIAblqsvA72asJpuRqu7ZOoy0vVRCOhktIzZXWR9hF5/CM/7NZ5skvHzYlmgkvnuu4jDDGusF32Zyiip0WJg+Iijqe8VpOqCup5UEF5QG32yQwaZDrKd71hq7Z1xNe0vEPN8yCxpes8hWafYY9m8YRrUduDVlOon7SzmdU76RPn2oF6udCGP7A/hEeRiwrDaRuIwchh99Xw3LioxXNzLYB1aXd+yKuZyhW+witC20ISdyZz7JPIrb49JCGH8FtbcDzD1B8Xd1By34POfhxriSr9UG5Hj9LGbA3/aKMOajZdcbrKXorUrKdhAuZv1z4rjW5iwYgXF2G/nseeCOw+DPEcB3GexsyCTUzSjJ6fy3Aqlzppwttx5MfkbNhPZWRCfDX3i0g8e0aFlgvlj99aGgUQeEpYg8peZhe1lxl25Ftc0R7pYmXPDeCY1yWxZiXZ3YtVVr43c/FEaQHXfkZ2I+t5lG6CmgJhhYjUry5Sx4/NgfBvpmU22cIBWNmyTn9q3gDFmeoIiTwlF654K7NnsWrdKr2L2fGI10Xe/J/GYkkzX39e5bToQPXh23gUfIr7faYEPBsVU/SaEkWNHojzf/NKjPT0utvlFr0HqnFYSdk4wpWzcrhii7E/UhgKvpA/k2Vlj4ZhkejfZXQWxRbJzejkVSJcUGim+Dt1WUZJXVOgEkJ3WA6z+ha2FN2sBDdvRKlad55aelvRrbu3/vPzEuE= lass@icarus
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 56e5c6b82..e137da7ca 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -503,6 +503,7 @@ with import <stockholm/lib>;
# ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
aliases = [
"wbob.r"
+ "hydra.wbob.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -1038,6 +1039,10 @@ with import <stockholm/lib>;
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x";
};
+ makefu-remote-builder = {
+ inherit (makefu) mail pgp;
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild";
+ };
makefu-bob = {
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";
diff --git a/krebs/5pkgs/simple/exim/default.nix b/krebs/5pkgs/simple/exim/default.nix
deleted file mode 100644
index 4911c1d9c..000000000
--- a/krebs/5pkgs/simple/exim/default.nix
+++ /dev/null
@@ -1,64 +0,0 @@
-{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }:
-
-stdenv.mkDerivation rec {
- name = "exim-4.90.1";
-
- src = fetchurl {
- url = "http://ftp.exim.org/pub/exim/exim4/${name}.tar.xz";
- sha256 = "09ppq8l7cah6dcqwdvpa6r12i6fdcd9lvxlfp18mggj3438xz62w";
- };
-
- nativeBuildInputs = [ pkgconfig ];
- buildInputs = [ coreutils db openssl pcre perl ];
-
- preBuild = ''
- sed '
- s:^\(BIN_DIRECTORY\)=.*:\1='"$out"'/bin:
- s:^\(CONFIGURE_FILE\)=.*:\1=/etc/exim.conf:
- s:^\(EXIM_USER\)=.*:\1=ref\:nobody:
- s:^\(SPOOL_DIRECTORY\)=.*:\1=/exim-homeless-shelter:
- s:^# \(SUPPORT_MAILDIR\)=.*:\1=yes:
- s:^EXIM_MONITOR=.*$:# &:
- s:^\(FIXED_NEVER_USERS\)=root$:\1=0:
- s:^# \(WITH_CONTENT_SCAN\)=.*:\1=yes:
- s:^# \(AUTH_PLAINTEXT\)=.*:\1=yes:
- s:^# \(SUPPORT_TLS\)=.*:\1=yes:
- s:^# \(USE_OPENSSL_PC=openssl\)$:\1:
- s:^# \(LOG_FILE_PATH=syslog\)$:\1:
- s:^# \(HAVE_IPV6=yes\)$:\1:
- s:^# \(CHOWN_COMMAND\)=.*:\1=${coreutils}/bin/chown:
- s:^# \(CHGRP_COMMAND\)=.*:\1=${coreutils}/bin/chgrp:
- s:^# \(CHMOD_COMMAND\)=.*:\1=${coreutils}/bin/chmod:
- s:^# \(MV_COMMAND\)=.*:\1=${coreutils}/bin/mv:
- s:^# \(RM_COMMAND\)=.*:\1=${coreutils}/bin/rm:
- s:^# \(TOUCH_COMMAND\)=.*:\1=${coreutils}/bin/touch:
- s:^# \(PERL_COMMAND\)=.*:\1=${perl}/bin/perl:
- #/^\s*#.*/d
- #/^\s*$/d
- ' < src/EDITME > Local/Makefile
- '';
-
- installPhase = ''
- mkdir -p $out/bin $out/share/man/man8
- cp doc/exim.8 $out/share/man/man8
-
- ( cd build-Linux-*
- cp exicyclog exim_checkaccess exim_dumpdb exim_lock exim_tidydb \
- exipick exiqsumm exigrep exim_dbmbuild exim exim_fixdb eximstats \
- exinext exiqgrep exiwhat \
- $out/bin )
-
- ( cd $out/bin
- for i in mailq newaliases rmail rsmtp runq sendmail; do
- ln -s exim $i
- done )
- '';
-
- meta = {
- homepage = http://exim.org/;
- description = "A mail transfer agent (MTA)";
- license = stdenv.lib.licenses.gpl3;
- platforms = stdenv.lib.platforms.linux;
- maintainers = [ stdenv.lib.maintainers.tv ];
- };
-}
diff --git a/krebs/source.nix b/krebs/source.nix
index 27450c2a3..c2fbbc5f8 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -18,7 +18,7 @@ in
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "2062ac5aa2dc0770322272e3d2b647cf431dd893"; # nixos-17.09 @ 2018-02-09
+ ref = "d09e425aea3e09b6cec5c7b05cc0603f6853748b"; # nixos-17.09 @ 2018-02-22
};
}
override
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index f53e93f26..c4d99cb2c 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -16,6 +16,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/virtualbox.nix>
<stockholm/lass/2configs/dcso-dev.nix>
<stockholm/lass/2configs/steam.nix>
+ <stockholm/lass/2configs/rtl-sdr.nix>
{ # automatic hardware detection
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-intel" ];
@@ -136,24 +137,47 @@ with import <stockholm/lib>;
networking.hostName = lib.mkForce "BLN02NB0162";
security.pki.certificateFiles = [
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
-
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
+
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
+ (pkgs.writeText "minio.cert" ''
+ -----BEGIN CERTIFICATE-----
+ MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS
+ MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1
+ OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+ AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL
+ 8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV
+ YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C
+ ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM
+ CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw
+ hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk
+ MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw
+ I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB
+ CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30
+ hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox
+ jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY
+ EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM
+ zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a
+ qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa
+ -----END CERTIFICATE-----
+ '')
];
lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f";
programs.adb.enable = true;
- users.users.mainUser.extraGroups = [ "adbusers" ];
+ users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
services.printing.drivers = [ pkgs.postscript-lexmark ];
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
+
+ virtualisation.docker.enable = true;
}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 936666a73..6ca980155 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -31,6 +31,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/c-base.nix>
<stockholm/lass/2configs/br.nix>
<stockholm/lass/2configs/ableton.nix>
+ <stockholm/lass/2configs/dunst.nix>
+ <stockholm/lass/2configs/rtl-sdr.nix>
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
@@ -89,6 +91,10 @@ with import <stockholm/lib>;
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
+ "/home/virtual" = {
+ device = "/dev/mapper/pool-virtual";
+ fsType = "ext4";
+ };
};
services.udev.extraRules = ''
@@ -194,5 +200,6 @@ with import <stockholm/lib>;
nix.package = pkgs.nixUnstable;
programs.adb.enable = true;
- users.users.mainUser.extraGroups = [ "adbusers" ];
+ users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
+ virtualisation.docker.enable = true;
}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 087aaab06..c0e4620cc 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -292,11 +292,22 @@ in {
<stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/lass/2configs/dcso-dev.nix>
{
+ users.users.jeschli = {
+ uid = genid "jeschli";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = with config.krebs.users; [
+ jeschli.pubkey
+ jeschli-bln.pubkey
+ jeschli-bolide.pubkey
+ jeschli-brauerei.pubkey
+ ];
+ };
krebs.git.rules = [
{
user = with config.krebs.users; [
jeschli
jeschli-bln
+ jeschli-bolide
jeschli-brauerei
];
repo = [ config.krebs.git.repos.stockholm ];
@@ -313,6 +324,18 @@ in {
}
<stockholm/lass/2configs/downloading.nix>
<stockholm/lass/2configs/minecraft.nix>
+ {
+ services.taskserver = {
+ enable = true;
+ fqdn = "lassul.us";
+ listenHost = "::";
+ listenPort = 53589;
+ organisations.lass.users = [ "lass" "android" ];
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; }
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index ef015aebc..7fb57544f 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -61,4 +61,8 @@ with import <stockholm/lib>;
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
'';
+
+ services.logind.extraConfig = ''
+ HandleLidSwitch=ignore
+ '';
}
diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix
index 51512955e..7d3dfd428 100644
--- a/lass/2configs/IM.nix
+++ b/lass/2configs/IM.nix
@@ -41,6 +41,7 @@ in {
lass-shodan.pubkey
lass-icarus.pubkey
lass-android.pubkey
+ lass-helios.pubkey
];
};
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 5ca024574..2b7a5c924 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -10,6 +10,7 @@ in {
./livestream.nix
./dns-stuff.nix
./urxvt.nix
+ ./network-manager.nix
{
hardware.pulseaudio = {
enable = true;
@@ -121,13 +122,14 @@ in {
name = "xmonad";
start = ''
${pkgs.xorg.xhost}/bin/xhost +LOCAL:
- ${pkgs.coreutils}/bin/sleep infinity
+ ${pkgs.systemd}/bin/systemctl --user start xmonad
+ exec ${pkgs.coreutils}/bin/sleep infinity
'';
}];
};
systemd.user.services.xmonad = {
- wantedBy = [ "graphical-session.target" ];
+ #wantedBy = [ "graphical-session.target" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
RXVT_SOCKET = "%t/urxvtd-socket";
diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix
index cbf853d64..ae1c7bc8d 100644
--- a/lass/2configs/dcso-dev.nix
+++ b/lass/2configs/dcso-dev.nix
@@ -17,6 +17,7 @@ in {
config.krebs.users.lass.pubkey
config.krebs.users.lass-android.pubkey
config.krebs.users.jeschli-bln.pubkey
+ config.krebs.users.jeschli-brauerei.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjtdqRxD0+UU7O8xogSqAQYd/Hrc79CTTKnvbhKy7jp2TVfxQpl81ndSH6DN6Cz90mu65C+DFGq43YtKTPqXmTn1+2wru71C2UOl6ZR0tmU7UELkRt4SJuFQLEgQCt3BWvXJPye6cKRRIlb+XZHWyVyCDxHo9EYO2GWI1wIP8mHMltKj65mobHY+R0CJNhhwlFURzTto8C30ejfVg2OW81qkNWqYtpdC9txLUlQ9/LBVKrafHGprmcBEp9qtecVgx8kxHpS7cuQNYoFcfljug4IyFO+uBfdbKqnGM5mra3huNhX3+AcQxKbLMlRgZD+jc47Xs+s5qSvWBou2ygd5T413k/SDOTCxDjidA+dcwzRo0qUWcGL201a5g+F0EvWv8rjre9m0lii6QKEoPyj60y3yfaIHeafels1Ia1FItjkBe8XydiXf7rKq8nmVRlpo8vl+vKwVuJY783tObHjUgBtXJdmnyYGiXxkxSrXa2mQhPz3KodK/QrnqCP27dURcMlp1hFF3LxFz7WtMCLW0yvDuUsuI2pdq0+zdt702wuwXVNIvbq/ssvX/CL8ryBLAogaxN9DN0vpjk+aXQLn11Zt99MgmnnqUgvOKQi1Quog/SxnSBiloKqB6aA10a28Uxoxkr0KAfhWhX3XPpfGMlbVj4GJuevLp0sGDVQT2biUQ== rhaist@RH-NB"
];
@@ -44,6 +45,11 @@ in {
};
};
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 8000"; target = "ACCEPT";}
+ { predicate = "-p tcp --dport 9000"; target = "ACCEPT";}
+ ];
+
krebs.per-user.dev.packages = [
pkgs.go
];
@@ -51,4 +57,6 @@ in {
security.sudo.extraConfig = ''
${mainUser.name} ALL=(dev) NOPASSWD: ALL
'';
+
+ services.minio.enable = true;
}
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 9582413ed..8d0fb0d02 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -16,6 +16,8 @@ with import <stockholm/lib>;
lass.pubkey
lass-shodan.pubkey
lass-icarus.pubkey
+ lass-daedalus.pubkey
+ lass-helios.pubkey
makefu.pubkey
wine-mors.pubkey
];
diff --git a/lass/2configs/dunst.nix b/lass/2configs/dunst.nix
new file mode 100644
index 000000000..6d3d839bc
--- /dev/null
+++ b/lass/2configs/dunst.nix
@@ -0,0 +1,277 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+let
+ dunstConfig = pkgs.writeText "dunst-config" ''
+ [global]
+ font = Iosevka Term 11
+
+ # Allow a small subset of html markup:
+ # <b>bold</b>
+ # <i>italic</i>
+ # <s>strikethrough</s>
+ # <u>underline</u>
+ #
+ # For a complete reference see
+ # <http://developer.gnome.org/pango/stable/PangoMarkupFormat.html>.
+ # If markup is not allowed, those tags will be stripped out of the
+ # message.
+ markup = yes
+ plain_text = no
+
+ # The format of the message. Possible variables are:
+ # %a appname
+ # %s summary
+ # %b body
+ # %i iconname (including its path)
+ # %I iconname (without its path)
+ # %p progress value if set ([ 0%] to [100%]) or nothing