From 6b08d5aa46adc80d8a1ab4ed1d3e320c61a19f01 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Oct 2018 20:57:53 +0200 Subject: remove nin --- lass/1systems/prism/config.nix | 8 -------- 1 file changed, 8 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index bf7de6fc5..808f35b24 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -57,13 +57,6 @@ with import ; config.krebs.users.makefu.pubkey ]; }; - users.users.nin = { - uid = genid "nin"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - }; users.extraUsers.dritter = { uid = genid "dritter"; isNormalUser = true; @@ -119,7 +112,6 @@ with import ; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey - config.krebs.users.nin.pubkey ]; }; autoStart = true; -- cgit v1.2.3 From df660ff2fa05a624903b0b8c93b84c2fef3eb4e8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 18:49:05 +0100 Subject: l archprism.r: new hfos ip --- lass/1systems/archprism/config.nix | 4 ++-- lass/1systems/archprism/physical.nix | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix index 0a286c6f0..e6eddf8b2 100644 --- a/lass/1systems/archprism/config.nix +++ b/lass/1systems/archprism/config.nix @@ -36,10 +36,10 @@ with import ; # TODO write function for proxy_pass (ssl/nonssl) krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.179"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; } + { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; } ]; } { diff --git a/lass/1systems/archprism/physical.nix b/lass/1systems/archprism/physical.nix index 56348d0ab..36de7dc17 100644 --- a/lass/1systems/archprism/physical.nix +++ b/lass/1systems/archprism/physical.nix @@ -14,16 +14,16 @@ }; }; # TODO use this network config - #networking.interfaces.et0.ipv4.addresses = [ - # { - # address = config.krebs.build.host.nets.internet.ip4.addr; - # prefixLength = 27; - # } - # { - # address = "46.4.114.243"; - # prefixLength = 27; - # } - #]; + networking.interfaces.eth0.ipv4.addresses = [ + { + address = config.krebs.build.host.nets.internet.ip4.addr; + prefixLength = 27; + } + { + address = "46.4.114.243"; + prefixLength = 27; + } + ]; #networking.defaultGateway = "46.4.114.225"; #networking.nameservers = [ # "8.8.8.8" -- cgit v1.2.3 From 3902f97c56cd374c67374b57357811621d8cec29 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 18:53:16 +0100 Subject: l prism.r: remove deprecated grub workaround --- lass/1systems/prism/config.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index bf7de6fc5..01479b69c 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -349,8 +349,6 @@ with import ; ]; krebs.build.host = config.krebs.hosts.prism; - # workaround because grub store paths are broken - boot.copyKernels = true; services.earlyoom = { enable = true; freeMemThreshold = 5; -- cgit v1.2.3 From cf22b956cd0f11a25c09c6e04b440dd456a23e03 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 18:56:25 +0100 Subject: l prism.r: new physical host --- lass/1systems/prism/physical.nix | 119 ++++++++++++++++----------------------- 1 file changed, 49 insertions(+), 70 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 56348d0ab..4388c13fa 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -1,77 +1,56 @@ { config, lib, pkgs, ... }: + { + imports = [ ./config.nix - { - boot.kernelParams = [ "net.ifnames=0" ]; - networking = { - defaultGateway = "46.4.114.225"; - # Use google's public DNS server - nameservers = [ "8.8.8.8" ]; - interfaces.eth0 = { - ipAddress = "46.4.114.247"; - prefixLength = 27; - }; - }; - # TODO use this network config - #networking.interfaces.et0.ipv4.addresses = [ - # { - # address = config.krebs.build.host.nets.internet.ip4.addr; - # prefixLength = 27; - # } - # { - # address = "46.4.114.243"; - # prefixLength = 27; - # } - #]; - #networking.defaultGateway = "46.4.114.225"; - #networking.nameservers = [ - # "8.8.8.8" - #]; - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0" - #''; - } - { - imports = [ ]; - - networking.hostId = "fb4173ea"; - boot.loader.grub = { - devices = [ - "/dev/sda" - "/dev/sdb" - ]; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - "ahci" "sd_mod" - ]; - - boot.kernelModules = [ "kvm-intel" ]; - - sound.enable = false; - nixpkgs.config.allowUnfree = true; - time.timeZone = "Europe/Berlin"; - - fileSystems."/" = { - device = "rpool/root/nixos"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "rpool/home"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d"; - fsType = "ext4"; - }; - - } + ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; + + fileSystems."/" = { + device = "rpool/root/nixos"; + fsType = "zfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/d155d6ff-8e89-4876-a9e7-d1b7ba6a4804"; + fsType = "ext4"; + }; + + fileSystems."/srv/http" = { + device = "tank/srv-http"; + fsType = "zfs"; + }; + + fileSystems."/var/lib/containers" = { + device = "tank/containers"; + fsType = "zfs"; + }; + + fileSystems."/home" = { + device = "tank/home"; + fsType = "zfs"; + }; + + nix.maxJobs = lib.mkDefault 8; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ]; + + boot.kernelParams = [ "net.ifnames=0" ]; + networking = { + hostId = "2283aaae"; + defaultGateway = "95.216.1.129"; + # Use google's public DNS server + nameservers = [ "8.8.8.8" ]; + interfaces.eth0 = { + ipAddress = "95.216.1.150"; + prefixLength = 26; + }; + }; } -- cgit v1.2.3 From 9536a502706ab73f475ef338675a35d87eadb168 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 10 Nov 2018 23:00:54 +0100 Subject: l prism.r: RIP nin --- lass/1systems/archprism/config.nix | 7 ------- 1 file changed, 7 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix index e6eddf8b2..f21e76d37 100644 --- a/lass/1systems/archprism/config.nix +++ b/lass/1systems/archprism/config.nix @@ -57,13 +57,6 @@ with import ; config.krebs.users.makefu.pubkey ]; }; - users.users.nin = { - uid = genid "nin"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - }; users.extraUsers.dritter = { uid = genid "dritter"; isNormalUser = true; -- cgit v1.2.3 From 1626bf9e96950f9228c391a1f7f58fb878e1692a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 11 Nov 2018 17:25:36 +0100 Subject: remove remaining nin stuff --- lass/1systems/archprism/config.nix | 20 -------------------- 1 file changed, 20 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix index f21e76d37..6706914b5 100644 --- a/lass/1systems/archprism/config.nix +++ b/lass/1systems/archprism/config.nix @@ -102,26 +102,6 @@ with import ; localAddress = "10.233.2.2"; }; } - { - #onondaga - systemd.services."container@onondaga".reloadIfChanged = mkForce false; - containers.onondaga = { - config = { ... }: { - imports = [ ]; - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - config.krebs.users.nin.pubkey - ]; - }; - autoStart = true; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.5"; - localAddress = "10.233.2.6"; - }; - } -- cgit v1.2.3 From 88b043fc68c0d03acce738d2ff0f34a6bdab3abd Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:12:09 +0100 Subject: l archprism.r: disable reaktor --- lass/1systems/archprism/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix index 6706914b5..bed8961b8 100644 --- a/lass/1systems/archprism/config.nix +++ b/lass/1systems/archprism/config.nix @@ -110,7 +110,6 @@ with import ; - -- cgit v1.2.3 From ebc9dd353a0b69c1958a8fa2c3ad6df7b242e354 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:12:28 +0100 Subject: l mors.r: also blue-host --- lass/1systems/mors/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 6d65b58c2..cac13be2b 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -33,6 +33,7 @@ with import ; + { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain -- cgit v1.2.3 From 0328c75a12bd29c93f1a9e1c62c51e1be39701ba Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:13:05 +0100 Subject: l skynet.r: revive --- lass/1systems/skynet/config.nix | 28 ++++++++++------------------ lass/1systems/skynet/physical.nix | 21 +++++++++++++++++++-- 2 files changed, 29 insertions(+), 20 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index b6c08f797..08aa18b76 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -5,42 +5,34 @@ with import ; - # { - # discordius config services.xserver.enable = true; + services.xserver.desktopManager.xfce.enable = true; + users.users.discordius = { - uid = genid "discordius"; - home = "/home/discordius"; - group = "users"; - createHome = true; + uid = genid "diskordius"; + isNormalUser = true; extraGroups = [ "audio" "networkmanager" ]; - useDefaultShell = true; - }; - networking.networkmanager.enable = true; - networking.wireless.enable = mkForce false; - hardware.pulseaudio = { - enable = true; - systemWide = true; }; environment.systemPackages = with pkgs; [ - pavucontrol - firefox - hexchat - networkmanagerapplet + google-chrome ]; - services.xserver.desktopManager.gnome3 = { + hardware.pulseaudio = { enable = true; + systemWide = true; }; } ]; krebs.build.host = config.krebs.hosts.skynet; + networking.wireless.enable = false; + networking.networkmanager.enable = true; + services.logind.extraConfig = '' HandleLidSwitch=ignore ''; diff --git a/lass/1systems/skynet/physical.nix b/lass/1systems/skynet/physical.nix index 358e1f511..e3451293f 100644 --- a/lass/1systems/skynet/physical.nix +++ b/lass/1systems/skynet/physical.nix @@ -1,10 +1,27 @@ { imports = [ ./config.nix - - + ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.device = "nodev"; + + networking.hostId = "06442b9a"; + + fileSystems."/" = + { device = "rpool/root"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/0876-B308"; + fsType = "vfat"; + }; + services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0" -- cgit v1.2.3 From 79eaf3f97852765ce17283c50bddd8ec752cff87 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 23:02:33 +0100 Subject: l skynet.r: add blue-host --- lass/1systems/skynet/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 08aa18b76..14aca598e 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -6,6 +6,7 @@ with import ; + { services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; -- cgit v1.2.3 From 72467a2e5904f3e66efc65cb92f05dd0bf34c0e2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 21 Nov 2018 04:59:45 +0100 Subject: l blue: add source.nix (to fetch tarball) --- lass/1systems/blue/source.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 lass/1systems/blue/source.nix (limited to 'lass/1systems') diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix new file mode 100644 index 000000000..8f748ab8f --- /dev/null +++ b/lass/1systems/blue/source.nix @@ -0,0 +1,11 @@ +{ lib, pkgs, ... }: +{ + nixpkgs = lib.mkForce { + file = toString (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; + sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; + }); + }; +} -- cgit v1.2.3 From 740f8c8ccfca38d7fc164a8c99bb6df6249c0d22 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:35:00 +0100 Subject: l: move download stuff to yellow.r --- lass/1systems/prism/config.nix | 58 ++++++++++++++++- lass/1systems/yellow/config.nix | 132 ++++++++++++++++++++++++++++++++++++++ lass/1systems/yellow/physical.nix | 8 +++ 3 files changed, 197 insertions(+), 1 deletion(-) create mode 100644 lass/1systems/yellow/config.nix create mode 100644 lass/1systems/yellow/physical.nix (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index a9fbae695..57298b1bd 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -207,7 +207,6 @@ with import ; RandomizedDelaySec = "2min"; }; } - { services.taskserver = { @@ -338,6 +337,63 @@ with import ; ]; } + { + systemd.services."container@yellow".reloadIfChanged = mkForce false; + containers.yellow = { + config = { ... }: { + environment.systemPackages = [ pkgs.git ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.13"; + localAddress = "10.233.2.14"; + }; + + services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = '' + if ($scheme != "https") { + rewrite ^ https://$host$uri permanent; + } + auth_basic "Restricted Content"; + auth_basic_user_file ${pkgs.writeText "transmission-user-pass" '' + krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0 + ''}; + proxy_pass http://10.233.2.14:9091; + ''; + + users.groups.download = {}; + users.users = { + download = { + createHome = true; + group = "download"; + name = "download"; + home = "/var/download"; + useDefaultShell = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + lass-shodan.pubkey + lass-icarus.pubkey + lass-daedalus.pubkey + lass-helios.pubkey + makefu.pubkey + wine-mors.pubkey + ]; + }; + }; + + system.activationScripts.downloadFolder = '' + mkdir -p /var/download + chmod 775 /var/download + ln -fs /var/download/finished /var/lib/containers/yellow/var/download/finished || : + chown download: /var/download/finished + ln -fs /var/download/incoming /var/lib/containers/yellow/var/download/incoming || : + chown download: /var/download/incoming + ''; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix new file mode 100644 index 000000000..ee14986ac --- /dev/null +++ b/lass/1systems/yellow/config.nix @@ -0,0 +1,132 @@ +with import ; +{ config, lib, pkgs, ... }: +{ + imports = [ + + + + ]; + + krebs.build.host = config.krebs.hosts.yellow; + + system.activationScripts.downloadFolder = '' + mkdir -p /var/download + chown download:download /var/download + chmod 775 /var/download + ''; + + users.users.download = { uid = genid "download"; }; + users.groups.download.members = [ "transmission" ]; + users.users.transmission.group = mkForce "download"; + + systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ]; + services.transmission = { + enable = true; + settings = { + download-dir = "/var/download/finished"; + incomplete-dir = "/var/download/incoming"; + incomplete-dir-enable = true; + umask = "002"; + rpc-whitelist-enabled = false; + rpc-host-whitelist-enabled = false; + }; + }; + + krebs.iptables = { + enable = true; + tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } + { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } + ]; + }; + + services.nginx.enable = true; + services.openvpn.servers.nordvpn.config = '' + client + dev tun + proto udp + remote 82.102.16.229 1194 + resolv-retry infinite + remote-random + nobind + tun-mtu 1500 + tun-mtu-extra 32 + mssfix 1450 + persist-key + persist-tun + ping 15 + ping-restart 0 + ping-timer-rem + reneg-sec 0 + comp-lzo no + + explicit-exit-notify 3 + + remote-cert-tls server + + #mute 10000 + auth-user-pass ${toString } + + verb 3 + pull + fast-io + cipher AES-256-CBC + auth SHA512 + + + -----BEGIN CERTIFICATE----- + MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD + VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH + Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw + bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y + ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG + A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT + B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2 + cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v + cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG + UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny + mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X + +D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT + ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI + 583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA + VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT + Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh + MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ + MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy + Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW + EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG + SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ + e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW + //DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB + wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB + KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p + lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9 + -----END CERTIFICATE----- + + key-direction 1 + + # + # 2048 bit OpenVPN static key + # + -----BEGIN OpenVPN Static key V1----- + 49b2f54c6ee58d2d97331681bb577d55 + 054f56d92b743c31e80b684de0388702 + ad3bf51088cd88f3fac7eb0729f2263c + 51d82a6eb7e2ed4ae6dfa65b1ac764d0 + b9dedf1379c1b29b36396d64cb6fd6b2 + e61f869f9a13001dadc02db171f04c4d + c46d1132c1f31709e7b54a6eabae3ea8 + fbd2681363c185f4cb1be5aa42a27c31 + 21db7b2187fd11c1acf224a0d5a44466 + b4b5a3cc34ec0227fe40007e8b379654 + f1e8e2b63c6b46ee7ab6f1bd82f57837 + 92c209e8f25bc9ed493cb5c1d891ae72 + 7f54f4693c5b20f136ca23e639fd8ea0 + 865b4e22dd2af43e13e6b075f12427b2 + 08af9ffd09c56baa694165f57fe2697a + 3377fa34aebcba587c79941d83deaf45 + -----END OpenVPN Static key V1----- + + ''; +} diff --git a/lass/1systems/yellow/physical.nix b/lass/1systems/yellow/physical.nix new file mode 100644 index 000000000..7499ff723 --- /dev/null +++ b/lass/1systems/yellow/physical.nix @@ -0,0 +1,8 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = false; + environment.variables.NIX_REMOTE = "daemon"; +} -- cgit v1.2.3 From 02350fd5ece71ea018583feadba51f5936803d80 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:35:39 +0100 Subject: l prism.r: add /var/download mount --- lass/1systems/prism/physical.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 4388c13fa..116bdb92f 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -25,6 +25,11 @@ fsType = "zfs"; }; + fileSystems."/var/download" = { + device = "tank/download"; + fsType = "zfs"; + }; + fileSystems."/var/lib/containers" = { device = "tank/containers"; fsType = "zfs"; -- cgit v1.2.3 From 55efde5159ddb4c44fbac06fabd9138b197ed4c4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:37:22 +0100 Subject: l skynet: import power-action.nix --- lass/1systems/skynet/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 14aca598e..13a8b3e41 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -7,6 +7,7 @@ with import ; + { services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; -- cgit v1.2.3 From cd3b73955ef8a792ece37d33ad7de7efbac0625f Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 04:40:59 +0100 Subject: l: RIP cabal.r --- lass/1systems/cabal/config.nix | 16 ---------------- lass/1systems/cabal/physical.nix | 12 ------------ 2 files changed, 28 deletions(-) delete mode 100644 lass/1systems/cabal/config.nix delete mode 100644 lass/1systems/cabal/physical.nix (limited to 'lass/1systems') diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix deleted file mode 100644 index 6a8040c9d..000000000 --- a/lass/1systems/cabal/config.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - - - - - - - - - ]; - - krebs.build.host = config.krebs.hosts.cabal; -} diff --git a/lass/1systems/cabal/physical.nix b/lass/1systems/cabal/physical.nix deleted file mode 100644 index 3cc4af03b..000000000 --- a/lass/1systems/cabal/physical.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - imports = [ - ./config.nix - - - ]; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0" - ''; -} -- cgit v1.2.3 From 7f5431a4999fea9626df300f707aa8c62de894e3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 30 Nov 2018 08:30:08 +0100 Subject: l prism.r: use symlinks correctly, remove incoming link --- lass/1systems/prism/config.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 57298b1bd..24fa3fd7a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -388,10 +388,8 @@ with import ; system.activationScripts.downloadFolder = '' mkdir -p /var/download chmod 775 /var/download - ln -fs /var/download/finished /var/lib/containers/yellow/var/download/finished || : + ln -fs /var/lib/containers/yellow/var/download/finished /var/download/finished || : chown download: /var/download/finished - ln -fs /var/download/incoming /var/lib/containers/yellow/var/download/incoming || : - chown download: /var/download/incoming ''; } ]; -- cgit v1.2.3 From ee1080cb6e0161bfd9d3264cb100282f47e1dfa6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:44:17 +0100 Subject: l: disable redshift (now managed by xmonad) --- lass/1systems/icarus/config.nix | 4 ---- lass/1systems/mors/config.nix | 4 ---- 2 files changed, 8 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 1957c8ba4..d2d4bd3eb 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -25,9 +25,5 @@ macchanger dpass ]; - services.redshift = { - enable = true; - provider = "geoclue2"; - }; programs.adb.enable = true; } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index cac13be2b..b9aaaab24 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -148,10 +148,6 @@ with import ; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; - services.redshift = { - enable = true; - provider = "geoclue2"; - }; lass.restic = genAttrs [ "daedalus" -- cgit v1.2.3 From 745906c5b3a2d9f63eb56e77eac73849479116bd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:44:37 +0100 Subject: l mors.r: install transmission-remote --- lass/1systems/mors/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index b9aaaab24..207c7c640 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -102,6 +102,7 @@ with import ; urban mk_sql_pair remmina + transmission iodine -- cgit v1.2.3 From 7a0756c78a0d568001fa74e47c0f00aad94bd5fd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:44:57 +0100 Subject: l prism: fix download links (again) --- lass/1systems/prism/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 24fa3fd7a..0ca39447d 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -388,7 +388,7 @@ with import ; system.activationScripts.downloadFolder = '' mkdir -p /var/download chmod 775 /var/download - ln -fs /var/lib/containers/yellow/var/download/finished /var/download/finished || : + ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || : chown download: /var/download/finished ''; } -- cgit v1.2.3 From 1ac25c33a90e9029953f234644da4ebd31b45353 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Dec 2018 05:45:33 +0100 Subject: l yellow.r: add retiolum html listing --- lass/1systems/yellow/config.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index ee14986ac..48d405111 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -32,16 +32,24 @@ with import ; }; }; + services.nginx = { + enable = true; + virtualHosts."yellow.r".locations."/dl".extraConfig = '' + autoindex on; + alias /var/download/finished; + ''; + }; + krebs.iptables = { enable = true; tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } ]; }; - services.nginx.enable = true; services.openvpn.servers.nordvpn.config = '' client dev tun -- cgit v1.2.3 From e99f63f99801dcc1f44fff02e9c327fcd8486778 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 05:01:40 +0100 Subject: l shodan.r: also blue host --- lass/1systems/shodan/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 8405b0f1f..87a733d62 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -16,6 +16,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; -- cgit v1.2.3