diff options
Diffstat (limited to 'lass')
| -rw-r--r-- | lass/1systems/echelon.nix | 17 | ||||
| -rw-r--r-- | lass/1systems/mors.nix | 1 | ||||
| -rw-r--r-- | lass/1systems/prism.nix | 93 | ||||
| -rw-r--r-- | lass/2configs/base.nix | 12 | ||||
| -rw-r--r-- | lass/2configs/baseX.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/downloading.nix | 18 | ||||
| -rw-r--r-- | lass/2configs/git.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/retiolum.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/ts3.nix | 19 |
9 files changed, 154 insertions, 12 deletions
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index 94c793b08..dc0ca0274 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -47,6 +47,23 @@ in { { predicate = "-i retiolum -p udp --dport 53"; target = "ACCEPT"; } ]; } + { + users.extraUsers = { + satan = { + name = "satan"; + uid = 1338; + home = "/home/satan"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com" + ]; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.echelon; diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index b0b8ff573..7db3f8333 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -156,6 +156,7 @@ get genid teamspeak_client + hashPassword ]; #TODO: fix this shit diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix new file mode 100644 index 000000000..87334c3c2 --- /dev/null +++ b/lass/1systems/prism.nix @@ -0,0 +1,93 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) head; + + ip = (head config.krebs.build.host.nets.internet.addrs4); +in { + imports = [ + ../2configs/base.nix + ../2configs/downloading.nix + ../2configs/git.nix + ../2configs/ts3.nix + { + users.extraGroups = { + # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories + # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) + # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago + # Docs: man:tmpfiles.d(5) + # man:systemd-tmpfiles(8) + # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) + # Main PID: 19272 (code=exited, status=1/FAILURE) + # + # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE + # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. + # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. + # warning: error(s) occured while switching to the new configuration + lock.gid = 10001; + }; + } + { + networking.interfaces.et0.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = "213.239.205.225"; + networking.nameservers = [ + "8.8.8.8" + ]; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" + ''; + + } + { + #boot.loader.gummiboot.enable = true; + #boot.loader.efi.canTouchEfiVariables = true; + boot.loader.grub = { + devices = [ + "/dev/sda" + "/dev/sdb" + ]; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + + fileSystems."/" = { + device = "/dev/pool/nix"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36"; + }; + + fileSystems."/var/download" = { + device = "/dev/pool/download"; + }; + + } + { + sound.enable = false; + } + { + #workaround for server dying after 6-7h + boot.kernelPackages = pkgs.linuxPackages_4_2; + } + { + nixpkgs.config.allowUnfree = true; + } + ]; + + krebs.build.host = config.krebs.hosts.prism; +} diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 6fa9c5b2d..11bc4f089 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -15,8 +15,8 @@ with lib; { users.extraUsers = { root = { - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/lass.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey ]; }; mainUser = { @@ -27,11 +27,9 @@ with lib; createHome = true; useDefaultShell = true; extraGroups = [ - "audio" - "wheel" ]; - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/lass.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey ]; }; }; @@ -50,7 +48,7 @@ with lib; source = { git.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "33bdc011f5360288cd10b9fda90da2950442b2ab"; + rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80"; }; dir.secrets = { host = config.krebs.hosts.mors; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1f5c3de55..3be3676aa 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -8,6 +8,8 @@ in { ./urxvt.nix ]; + users.extraUsers.mainUser.extraGroups = [ "audio" ]; + time.timeZone = "Europe/Berlin"; virtualisation.libvirtd.enable = true; diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 5052da5c8..e80b74007 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -1,6 +1,10 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: -{ +with lib; + +let + rpc-password = import <secrets/transmission-pw.nix>; +in { imports = [ ../3modules/folderPerms.nix ]; @@ -10,9 +14,13 @@ name = "download"; home = "/var/download"; createHome = true; + useDefaultShell = true; extraGroups = [ "download" ]; + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; }; transmission = { @@ -41,8 +49,8 @@ rpc-authentication-required = true; rpc-whitelist-enabled = false; rpc-username = "download"; - #add rpc-password in secrets - rpc-password = "test123"; + inherit rpc-password; + peer-port = 51413; }; }; @@ -50,6 +58,8 @@ enable = true; tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } + { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } ]; }; diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 2164b2e33..7e8fc03c7 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -33,6 +33,8 @@ let web-routes-wai-custom = {}; go = {}; newsbot-js = {}; + kimsufi-check = {}; + realwallpaper = {}; }; restricted-repos = mapAttrs make-restricted-repo ( diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 7f0bcc5e8..d26a2f4c4 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -16,7 +16,7 @@ enable = true; hosts = ../../krebs/Zhosts; connectTo = [ - "fastpoke" + "prism" "cloudkrebs" "echelon" "pigstarter" diff --git a/lass/2configs/ts3.nix b/lass/2configs/ts3.nix new file mode 100644 index 000000000..5b92d0919 --- /dev/null +++ b/lass/2configs/ts3.nix @@ -0,0 +1,19 @@ +{ config, ... }: + +{ + services.teamspeak3 = { + enable = true; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + #voice port + { predicate = "-p tcp --dport 9987"; target = "ACCEPT"; } + { predicate = "-p udp --dport 9987"; target = "ACCEPT"; } + ##file transfer port + #{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; } + #{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; } + ##query port + #{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; } + #{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; } + ]; +} |