diff options
Diffstat (limited to 'lass/1systems')
| -rw-r--r-- | lass/1systems/cloudkrebs.nix | 6 | ||||
| -rw-r--r-- | lass/1systems/dishfire.nix | 27 | ||||
| -rw-r--r-- | lass/1systems/echelon.nix | 3 | ||||
| -rw-r--r-- | lass/1systems/helios.nix | 13 | ||||
| -rw-r--r-- | lass/1systems/mors.nix | 146 | ||||
| -rw-r--r-- | lass/1systems/prism.nix | 65 | ||||
| -rw-r--r-- | lass/1systems/shodan.nix | 76 | ||||
| -rw-r--r-- | lass/1systems/uriel.nix | 6 |
8 files changed, 204 insertions, 138 deletions
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index 6cfba567a..a3cc9d7b3 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -8,11 +8,13 @@ in { imports = [ ../. ../2configs/os-templates/CAC-CentOS-7-64bit.nix - ../2configs/base.nix + ../2configs/default.nix + ../2configs/exim-retiolum.nix ../2configs/retiolum.nix - ../2configs/fastpoke-pages.nix ../2configs/git.nix ../2configs/realwallpaper.nix + ../2configs/realwallpaper-server.nix + ../2configs/privoxy-retiolum.nix { networking.interfaces.enp2s1.ip4 = [ { diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index c7d016cd3..b5e551952 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -4,9 +4,9 @@ imports = [ ../. <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - ../2configs/base.nix + ../2configs/default.nix + ../2configs/exim-retiolum.nix ../2configs/git.nix - ../2configs/websites/fritz.nix { boot.loader.grub = { device = "/dev/vda"; @@ -26,10 +26,19 @@ fsType = "ext4"; }; + fileSystems."/srv/http" = { + device = "/dev/pool/srv_http"; + fsType = "ext4"; + }; + fileSystems."/boot" = { device = "/dev/vda1"; fsType = "ext4"; }; + fileSystems."/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; } { networking.dhcpcd.allowInterfaces = [ @@ -40,6 +49,20 @@ { sound.enable = false; } + { + environment.systemPackages = with pkgs; [ + mk_sql_pair + ]; + } + { + imports = [ + ../2configs/websites/fritz.nix + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport http"; target = "ACCEPT"; } + { predicate = "-p tcp --dport https"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.dishfire; diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index 80611ee80..97734a7bd 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -8,7 +8,8 @@ in { imports = [ ../. ../2configs/os-templates/CAC-CentOS-7-64bit.nix - ../2configs/base.nix + ../2configs/default.nix + ../2configs/exim-retiolum.nix ../2configs/retiolum.nix ../2configs/realwallpaper-server.nix ../2configs/privoxy-retiolum.nix diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index cc98c2c5b..10b00de47 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -5,10 +5,13 @@ with builtins; imports = [ ../. ../2configs/baseX.nix + ../2configs/exim-retiolum.nix ../2configs/browsers.nix ../2configs/programs.nix ../2configs/git.nix ../2configs/pass.nix + ../2configs/fetchWallpaper.nix + ../2configs/backups.nix #{ # users.extraUsers = { # root = { @@ -52,6 +55,16 @@ with builtins; "/boot" = { device = "/dev/sda1"; }; + + "/home" = { + device = "/dev/pool/home"; + fsType = "ext4"; + }; + + "/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; }; #services.udev.extraRules = '' diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 1f7a13c56..e2ab562fa 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -4,6 +4,7 @@ imports = [ ../. ../2configs/baseX.nix + ../2configs/exim-retiolum.nix ../2configs/programs.nix ../2configs/bitcoin.nix ../2configs/browsers.nix @@ -26,6 +27,8 @@ ../2configs/libvirt.nix ../2configs/fetchWallpaper.nix ../2configs/cbase.nix + ../2configs/mail.nix + ../2configs/krebs-pass.nix #../2configs/buildbot-standalone.nix { #risk of rain port @@ -33,124 +36,28 @@ { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } ]; } - { - #static-nginx-test - imports = [ - ../3modules/static_nginx.nix - ]; - lass.staticPage."testserver.de" = { - #sslEnable = true; - #certificate = "${toString <secrets>}/testserver.de/server.cert"; - #certificate_key = "${toString <secrets>}/testserver.de/server.pem"; - ssl = { - enable = true; - certificate = "${toString <secrets>}/testserver.de/server.cert"; - certificate_key = "${toString <secrets>}/testserver.de/server.pem"; - }; - }; - networking.extraHosts = '' - 10.243.0.2 testserver.de - ''; - } #{ - # #wordpress-test - # #imports = singleton (sitesGenerators.createWordpress "testserver.de"); - # imports = [ - # ../3modules/wordpress_nginx.nix - # ]; - # lass.wordpress."testserver.de" = { - # multiSite = { - # "1" = "testserver.de"; - # "2" = "bla.testserver.de"; - # }; - # }; - # services.mysql = { # enable = true; # package = pkgs.mariadb; # rootPassword = "<secrets>/mysql_rootPassword"; # }; - # networking.extraHosts = '' - # 10.243.0.2 testserver.de - # ''; - # krebs.iptables.tables.filter.INPUT.rules = [ - # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } - # ]; #} #{ - # #owncloud-test - # #imports = singleton (sitesGenerators.createWordpress "testserver.de"); - # imports = [ - # ../3modules/owncloud_nginx.nix - # ]; - # lass.owncloud."owncloud-test.de" = { + # services.elasticsearch = { + # enable = true; + # plugins = [ + # # pkgs.elasticsearchPlugins.elasticsearch_kopf + # ]; + # }; + #} + #{ + # services.postgresql = { + # enable = true; + # package = pkgs.postgresql; # }; - - # #services.mysql = { - # # enable = true; - # # package = pkgs.mariadb; - # # rootPassword = "<secrets>/mysql_rootPassword"; - # #}; - # networking.extraHosts = '' - # 10.243.0.2 owncloud-test.de - # ''; - # krebs.iptables.tables.filter.INPUT.rules = [ - # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } - # ]; #} { - containers.pythonenv = { - config = { - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - - environment = { - systemPackages = with pkgs; [ - git - libxml2 - libxslt - libzip - python27Full - python27Packages.buildout - stdenv - zlib - ]; - - pathsToLink = [ "/include" ]; - - shellInit = '' - # help pip to find libz.so when building lxml - export LIBRARY_PATH=/var/run/current-system/sw/lib - # ditto for header files, e.g. sqlite - export C_INCLUDE_PATH=/var/run/current-system/sw/include - ''; - }; - - }; - }; - } - { - services.mysql = { - enable = true; - package = pkgs.mariadb; - rootPassword = "<secrets>/mysql_rootPassword"; - }; - } - { - services.elasticsearch = { - enable = true; - plugins = [ - # pkgs.elasticsearchPlugins.elasticsearch_kopf - ]; - }; - } - { - services.postgresql = { - enable = true; - package = pkgs.postgresql; - }; } ]; @@ -158,15 +65,6 @@ networking.wireless.enable = true; - networking.extraHosts = '' - 213.239.205.240 wohnprojekt-rhh.de - 213.239.205.240 karlaskop.de - 213.239.205.240 makeup.apanowicz.de - 213.239.205.240 pixelpocket.de - 213.239.205.240 reich-gebaeudereinigung.de - 213.239.205.240 o.ubikmedia.de - ''; - hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; @@ -206,7 +104,7 @@ fsType = "ext4"; }; - "/mnt/backups" = { + "/bku" = { device = "/dev/big/backups"; fsType = "ext4"; }; @@ -293,6 +191,8 @@ get teamspeak_client hashPassword + urban + mk_sql_pair ]; #TODO: fix this shit @@ -324,16 +224,4 @@ ]; }; }; - - #touchpad config - services.xserver.synaptics = { - enable = true; - accelFactor = "0.035"; - additionalOptions = '' - Option "FingerHigh" "60" - Option "FingerLow" "60" - ''; - tapButtons = false; - twoFingerScroll = true; - }; } diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 20c919b9b..aa524720d 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -2,15 +2,28 @@ let ip = config.krebs.build.host.nets.internet.ip4.addr; + + inherit (import ../../4lib { inherit lib pkgs; }) + manageCerts; + in { imports = [ ../. - ../2configs/base.nix + ../2configs/default.nix + ../2configs/exim-smarthost.nix ../2configs/downloading.nix ../2configs/git.nix ../2configs/ts3.nix ../2configs/bitlbee.nix ../2configs/weechat.nix + ../2configs/privoxy-retiolum.nix + ../2configs/radio.nix + { + #we need to use old sqlite for buildbot + imports = [ + ../2configs/buildbot-standalone.nix + ]; + } { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories @@ -77,6 +90,18 @@ in { device = "/dev/pool/download"; }; + fileSystems."/srv/http" = { + device = "/dev/pool/http"; + }; + + fileSystems."/srv/o.ubikmedia.de-data" = { + device = "/dev/pool/owncloud-ubik-data"; + }; + + fileSystems."/bku" = { + device = "/dev/pool/bku"; + }; + } { sound.enable = false; @@ -117,7 +142,7 @@ in { } { users.users.chat.openssh.authorizedKeys.keys = [ - "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH" + "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBQjn/3n283RZkBs2CFqbpukyQ3zkLIjewRpKttPa5d4PUiT7/vOlutWH5EP4BxXQSoeZStx8D2alGjxfK+nfDvRJGGofpm23cN4j4i24Fcam1y1H7wqRXO1qbz5AB3qPg== JuiceSSH" config.krebs.users.lass-uriel.pubkey ]; } @@ -130,15 +155,47 @@ in { ../2configs/websites/domsen.nix ]; krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } + { predicate = "-p tcp --dport http"; target = "ACCEPT"; } + { predicate = "-p tcp --dport https"; target = "ACCEPT"; } ]; } { services.tor = { enable = true; - client.enable = true; }; } + { + security.acme = { + certs."lassul.us" = { + email = "lass@lassul.us"; + webroot = "/var/lib/acme/challenges/lassul.us"; + plugins = [ + "account_key.json" + "key.pem" + "fullchain.pem" + "full.pem" + ]; + user = "ejabberd"; + }; + }; + krebs.nginx.servers."lassul.us" = { + server-names = [ "lassul.us" ]; + locations = [ + (lib.nameValuePair "/.well-known/acme-challenge" '' + root /var/lib/acme/challenges/lassul.us/; + '') + ]; + }; + lass.ejabberd = { + enable = true; + hosts = [ "lassul.us" ]; + certfile = "/var/lib/acme/lassul.us/full.pem"; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } + { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix new file mode 100644 index 000000000..6829428ff --- /dev/null +++ b/lass/1systems/shodan.nix @@ -0,0 +1,76 @@ +{ config, pkgs, ... }: + +with builtins; +{ + imports = [ + ../. + ../2configs/baseX.nix + ../2configs/exim-retiolum.nix + ../2configs/browsers.nix + ../2configs/programs.nix + ../2configs/fetchWallpaper.nix + ../2configs/backups.nix + #{ + # users.extraUsers = { + # root = { + # openssh.authorizedKeys.keys = map readFile [ + # ../../krebs/Zpubkeys/uriel.ssh.pub + # ]; + # }; + # }; + #} + { + #x220 config from mors + #TODO: make x220 config file (or look in other user dir) + hardware.trackpoint = { + enable = true; + sensitivity = 220; + speed = 0; + emulateWheel = true; + }; + + services.xserver = { + videoDriver = "intel"; + vaapiDrivers = [ pkgs.vaapiIntel ]; + deviceSection = '' + Option "AccelMethod" "sna" + BusID "PCI:0:2:0" + ''; + }; + } + ]; + + krebs.build.host = config.krebs.hosts.shodan; + + networking.wireless.enable = true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + #kernelModules = [ "kvm-intel" "msr" ]; + kernelModules = [ "msr" ]; + }; + fileSystems = { + "/" = { + device = "/dev/pool/nix"; + fsType = "ext4"; + }; + + "/boot" = { + device = "/dev/sda1"; + }; + }; + + #services.udev.extraRules = '' + # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" + # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" + #''; +} diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index 4e4eca21f..92996c181 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -5,6 +5,7 @@ with builtins; imports = [ ../. ../2configs/baseX.nix + ../2configs/exim-retiolum.nix ../2configs/browsers.nix ../2configs/games.nix ../2configs/pass.nix @@ -47,6 +48,11 @@ with builtins; fsType = "ext4"; }; + "/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; + "/boot" = { device = "/dev/sda1"; }; |