diff options
33 files changed, 612 insertions, 562 deletions
diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index 677b6f7b8..669483f3c 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -8,7 +8,7 @@ let out = { options.krebs.Reaktor = api; - config = imp; + config = mkIf (cfg != {}) imp; }; api = mkOption { diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index dd29a4e17..e12367b7c 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -143,12 +143,12 @@ let ) cfg.servers; users.extraUsers.bepasty = { - uid = genid "bepasty"; + uid = genid_uint31 "bepasty"; group = "bepasty"; home = "/var/lib/bepasty-server"; }; users.extraGroups.bepasty = { - gid = genid "bepasty"; + gid = genid_uint31 "bepasty"; }; }; diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 5a5065565..e89b86e32 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -53,7 +53,7 @@ let imp = { users.users.fetchWallpaper = { name = "fetchWallpaper"; - uid = genid "fetchWallpaper"; + uid = genid_uint31 "fetchWallpaper"; description = "fetchWallpaper user"; home = cfg.stateDir; createHome = true; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 836ecb3f6..44417f006 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -409,6 +409,66 @@ with import <stockholm/lib>; }; }; }; + scardanelli = { + monitoring = false; + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.2.2"; + ip6.addr = "42:2:5ca:da:3111::1"; + aliases = [ + "scardanelli.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/ + MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge + UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi + kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0 + gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx + we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY + QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm + SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL + 2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f + m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q + FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5 + lM61fOMcVW1KREdWypiDtu8CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + homeros = { + monitoring = false; + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.2.1"; + ip6.addr = "42:2::0:3:05::1"; + aliases = [ + "homeros.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd + ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc + 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v + RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd + vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3 + +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc + QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm + fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh + VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7 + k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX + gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N + mJ/hywVtvLxNkNimyztoKKMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; turingmachine = { monitoring = false; ci = false; @@ -644,47 +704,6 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; }; - cabal = { - cores = 2; - nets = rec { - retiolum = { - ip4.addr = "10.243.1.4"; - ip6.addr = "42::1:4"; - aliases = [ - "cabal.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A - SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj - rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK - qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e - LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq - rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3 - 6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE - fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v - yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A - kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR - KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi - TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U - oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs - TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw - 3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD - rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ - 4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf - luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py - w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG - 09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1 - K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g - ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - secure = true; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym"; - }; red = { monitoring = false; cores = 1; @@ -716,6 +735,36 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp"; }; + yellow = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.14"; + ip6.addr = "42:0:0:0:0:0:0:14"; + aliases = [ + "yellow.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP + MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY + b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU + Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd + OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP + vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6 + C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp + Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU + 52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg + zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p + DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ + Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje "; + }; blue = { cores = 1; nets = { @@ -789,9 +838,6 @@ with import <stockholm/lib>; mail = "lass@daedalus.r"; pubkey = builtins.readFile ./ssh/daedalus.rsa; }; - fritz = { - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; - }; prism-repo-sync = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe"; mail = "lass@prism.r"; diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 044811c7d..cb940efef 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -77,7 +77,190 @@ let serviceConfig = { Type = "simple"; - ExecStart = "${pkgs.realwallpaper}/realwallpaper.sh"; + ExecStart = pkgs.writeDash "generate-wallpaper" '' + set -xeuf + + # usage: getimg FILENAME URL + fetch() { + echo "fetch $1" + curl -LsS -z "$1" -o "$1" "$2" + } + + # usage: check_type FILENAME TYPE + check_type() { + if ! file -ib "$1" | grep -q "^$2/"; then + echo "$1 is not of type $2" >&2 + rm "$1" + return 1 + fi + } + + # usage: image_size FILENAME + image_size() { + identify "$1" | awk '{print$3}' + } + + # usage: make_mask DST SRC MASK + make_layer() { + if needs_rebuild "$@"; then + echo "make $1 (apply mask)" >&2 + convert "$2" "$3" -alpha off -compose copy_opacity -composite "$1" + fi + } + + # usage: flatten DST HILAYER LOLAYER + flatten() { + if needs_rebuild "$@"; then + echo "make $1 (flatten)" >&2 + composite "$2" "$3" "$1" + fi + } + + # usage: needs_rebuild DST SRC... + needs_rebuild() { + a="$1" + shift + if ! test -e "$a"; then + #echo " $a does not exist" >&2 + result=0 + else + result=1 + for b; do + if test "$b" -nt "$a"; then + #echo " $b is newer than $a" >&2 + result=0 + fi + done + fi + #case $result in + # 0) echo "$a needs rebuild" >&2;; + #esac + return $result + } + + main() { + cd ${cfg.workingDir} + + # fetch source images in parallel + fetch nightmap-raw.jpg \ + ${cfg.nightmap} & + fetch daymap-raw.png \ + ${cfg.daymap} & + fetch clouds-raw.jpg \ + ${cfg.cloudmap} & + fetch marker.json \ + ${cfg.marker} & + wait + + check_type nightmap-raw.jpg image + check_type daymap-raw.png image + check_type clouds-raw.jpg image + + in_size=2048x1024 + xplanet_out_size=1466x1200 + out_geometry=1366x768+100+160 + + nightsnow_color='#0c1a49' # nightmap + + for raw in \ + nightmap-raw.jpg \ + daymap-raw.png \ + clouds-raw.jpg \ + ; + do + normal=''${raw%-raw.*}.png + if needs_rebuild $normal $raw; then + echo "make $normal; normalize $raw" >&2 + convert $raw -scale $in_size $normal + fi + done + + # create nightmap-fullsnow + if needs_rebuild nightmap-fullsnow.png; then + convert -size $in_size xc:$nightsnow_color nightmap-fullsnow.png + fi + + # extract daymap-snowmask from daymap-final + if needs_rebuild daymap-snowmask.png daymap.png; then + convert daymap.png -threshold 95% daymap-snowmask.png + fi + + # extract nightmap-lightmask from nightmap + if needs_rebuild nightmap-lightmask.png nightmap.png; then + convert nightmap.png -threshold 25% nightmap-lightmask.png + fi + + # create layers + make_layer nightmap-snowlayer.png nightmap-fullsnow.png daymap-snowmask.png + make_layer nightmap-lightlayer.png nightmap.png nightmap-lightmask.png + + # apply layers + flatten nightmap-lightsnowlayer.png \ + nightmap-lightlayer.png \ + nightmap-snowlayer.png + + flatten nightmap-final.png \ + nightmap-lightsnowlayer.png \ + nightmap.png + + # create marker file from json + if [ -s marker.json ]; then + jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude)"' marker.json > marker_file + fi + + # make all unmodified files as final + for normal in \ + daymap.png \ + clouds.png \ + ; + do + final=''${normal%.png}-final.png + needs_rebuild $final && + ln $normal $final + done + + # rebuild every time to update shadow + xplanet --num_times 1 --geometry $xplanet_out_size \ + --output xplanet-output.png --projection merc \ + -config ${pkgs.writeText "xplanet.config" '' + [earth] + "Earth" + map=daymap-final.png + night_map=nightmap-final.png + cloud_map=clouds-final.png + cloud_threshold=10 + shade=15 + ''} + + xplanet --num_times 1 --geometry $xplanet_out_size \ + --output xplanet-krebs-output.png --projection merc \ + -config ${pkgs.writeText "xplanet-krebs.config" '' + [earth] + "Earth" + map=daymap-final.png + night_map=nightmap-final.png + cloud_map=clouds-final.png + cloud_threshold=10 + marker_file=marker_file + shade=15 + ''} + + # trim xplanet output + if needs_rebuild realwallpaper.png xplanet-output.png; then + convert xplanet-output.png -crop $out_geometry \ + realwallpaper-tmp.png + mv realwallpaper-tmp.png realwallpaper.png + fi + + if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then + convert xplanet-krebs-output.png -crop $out_geometry \ + realwallpaper-krebs-tmp.png + mv realwallpaper-krebs-tmp.png realwallpaper-krebs.png + fi + } + + main "$@" + ''; User = "realwallpaper"; }; }; diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 8390eccbb..486a0c9cc 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -124,7 +124,7 @@ let }; users.extraUsers.tinc_graphs = { - uid = genid "tinc_graphs"; + uid = genid_uint31 "tinc_graphs"; home = "/var/spool/tinc_graphs"; }; services.nginx = mkIf cfg.nginx.enable { diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix deleted file mode 100644 index 7c9812117..000000000 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ stdenv, fetchgit, xplanet, imagemagick, curl, file }: - -stdenv.mkDerivation { - name = "realwallpaper"; - - src = fetchgit { - url = https://github.com/Lassulus/realwallpaper; - rev = "847faebc9b7e87e4bea078e3a2304ec00b4cdfc0"; - sha256 = "10zihkwj9vpshlxw2jk67zbsy8g4i8b1y4jzna9fdcsgn7s12jrr"; - }; - - phases = [ - "unpackPhase" - "installPhase" - ]; - - buildInputs = [ - ]; - - installPhase = '' - mkdir -p $out - cp realwallpaper.sh $out/realwallpaper.sh - ''; -} diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix index bed8961b8..0a2ab1611 100644 --- a/lass/1systems/archprism/config.nix +++ b/lass/1systems/archprism/config.nix @@ -6,26 +6,10 @@ with import <stockholm/lib>; <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/libvirt.nix> - { - services.nginx.enable = true; - imports = [ - <stockholm/lass/2configs/websites/domsen.nix> - <stockholm/lass/2configs/websites/lassulus.nix> - ]; - # needed by domsen.nix ^^ - lass.usershadow = { - enable = true; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - { predicate = "-p tcp --dport https"; target = "ACCEPT"; } - ]; - } { # TODO make new hfos.nix out of this vv boot.kernel.sysctl."net.ipv4.ip_forward" = 1; users.users.riot = { - uid = genid "riot"; + uid = genid_uint31 "riot"; isNormalUser = true; extraGroups = [ "libvirtd" ]; openssh.authorizedKeys.keys = [ @@ -42,153 +26,7 @@ with import <stockholm/lib>; { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; } ]; } - { - users.users.tv = { - uid = genid "tv"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.tv.pubkey - ]; - }; - users.users.makefu = { - uid = genid "makefu"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.makefu.pubkey - ]; - }; - users.extraUsers.dritter = { - uid = genid "dritter"; - isNormalUser = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway" - ]; - }; - users.extraUsers.juhulian = { - uid = 1339; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" - ]; - }; - users.users.hellrazor = { - uid = genid "hellrazor"; - isNormalUser = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ]; - }; - } - { - #hotdog - systemd.services."container@hotdog".reloadIfChanged = mkForce false; - containers.hotdog = { - config = { ... }: { - imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ]; - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - autoStart = true; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.1"; - localAddress = "10.233.2.2"; - }; - } - <stockholm/lass/2configs/exim-smarthost.nix> - <stockholm/lass/2configs/ts3.nix> - <stockholm/lass/2configs/privoxy-retiolum.nix> - <stockholm/lass/2configs/radio.nix> - <stockholm/lass/2configs/binary-cache/server.nix> - <stockholm/lass/2configs/iodined.nix> - <stockholm/lass/2configs/paste.nix> - <stockholm/lass/2configs/syncthing.nix> - <stockholm/lass/2configs/ciko.nix> <stockholm/lass/2configs/container-networking.nix> - <stockholm/lass/2configs/monitoring/prometheus-server.nix> - { # quasi bepasty.nix - imports = [ - <stockholm/lass/2configs/bepasty.nix> - ]; - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { - return 403; - } - ''; - } - { - services.tor = { - enable = true; - }; - } - { - lass.ejabberd = { - enable = true; - hosts = [ "lassul.us" ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } - { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } - ]; - } - { - imports = [ - <stockholm/lass/2configs/realwallpaper.nix> - ]; - services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' - alias /var/realwallpaper/realwallpaper.png; - ''; - } - { - users.users.jeschli = { - uid = genid "jeschli"; - isNormalUser = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - jeschli.pubkey - jeschli-bln.pubkey - jeschli-bolide.pubkey - jeschli-brauerei.pubkey - ]; - }; - krebs.git.rules = [ - { - user = with config.krebs.users; [ - jeschli - jeschli-bln - jeschli-bolide - jeschli-brauerei - ]; - repo = [ config.krebs.git.repos.xmonad-stockholm ]; - perm = with git; push "refs/heads/jeschli*" [ fast-forward non-fast-forward create delete merge ]; - } - { - user = with config.krebs.users; [ - jeschli - jeschli-bln - jeschli-bolide - jeschli-brauerei - ]; - repo = [ config.krebs.git.repos.stockholm ]; - perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ]; - } - ]; - } - { - krebs.repo-sync.repos.stockholm.timerConfig = { - OnBootSec = "5min"; - OnUnitInactiveSec = "2min"; - RandomizedDelaySec = "2min"; - }; - } - <stockholm/lass/2configs/downloading.nix> - <stockholm/lass/2configs/minecraft.nix> { services.taskserver = { enable = true; @@ -201,123 +39,11 @@ with import <stockholm/lib>; { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; } ]; } - #<stockholm/lass/2configs/go.nix> - { - environment.systemPackages = [ pkgs.cryptsetup ]; - systemd.services."container@red".reloadIfChanged = mkForce false; - containers.red = { - config = { ... }: { - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - autoStart = false; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.3"; - localAddress = "10.233.2.4"; - }; - services.nginx.virtualHosts."rote-allez-fraktion.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - extraConfig = '' - proxy_set_header Host rote-allez-fraktion.de; - proxy_pass http://10.233.2.4; - ''; - }; - }; - } - #{ - # imports = [ <stockholm/lass/2configs/backup.nix> ]; - # lass.restic = genAttrs [ - # "daedalus" - # "icarus" - # "littleT" - # "mors" - # "shodan" - # "skynet" - # ] (dest: { - # dirs = [ - # "/home/chat/.weechat" - # "/bku/sql_dumps" - # ]; - # passwordFile = (toString <secrets>) + "/restic/${dest}"; - # repo = "sftp:backup@${dest}.r:/backups/prism"; - # extraArguments = [ - # "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - # ]; - # timerConfig = { - # OnCalendar = "00: |