From a5c3570a941822a501873eda943c017580bb2a8d Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 15 Feb 2016 16:56:29 +0100 Subject: l 1 helios: add pass.nix config --- lass/1systems/helios.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 67e3738ea..68e688b5e 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -7,6 +7,7 @@ with builtins; ../2configs/browsers.nix ../2configs/programs.nix ../2configs/git.nix + ../2configs/pass.nix #{ # users.extraUsers = { # root = { -- cgit v1.2.3 From 869a68c7944d0c022b3785c22c0c7fd010dc4627 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 15 Feb 2016 16:56:45 +0100 Subject: l 1 helios: open up port 8000 for webtesting --- lass/1systems/helios.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 68e688b5e..bfabbe14d 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -17,6 +17,15 @@ with builtins; # }; # }; #} + { + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; } + ]; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.helios; -- cgit v1.2.3 From 1ab712900c5ebc9a53f9593c9e7d7424031b2073 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 15 Feb 2016 16:57:04 +0100 Subject: l 1 helios: disbale intel sna because of bugs --- lass/1systems/helios.nix | 9 --------- 1 file changed, 9 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index bfabbe14d..4b94e5fd5 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -62,15 +62,6 @@ with builtins; # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" #''; - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; - services.xserver.synaptics = { enable = true; twoFingerScroll = true; -- cgit v1.2.3 From cadb62a9f4eda028cf318164000223c2d566131a Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 15 Feb 2016 16:57:48 +0100 Subject: l 1 mors: add python test-env --- lass/1systems/mors.nix | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index ebce93957..26a820cf3 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -96,6 +96,39 @@ # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } # ]; #} + { + containers.pythonenv = { + config = { + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + + environment = { + systemPackages = with pkgs; [ + git + libxml2 + libxslt + libzip + python27Full + python27Packages.buildout + stdenv + zlib + ]; + + pathsToLink = [ "/include" ]; + + shellInit = '' + # help pip to find libz.so when building lxml + export LIBRARY_PATH=/var/run/current-system/sw/lib + # ditto for header files, e.g. sqlite + export C_INCLUDE_PATH=/var/run/current-system/sw/include + ''; + }; + + }; + }; + } ]; krebs.build.host = config.krebs.hosts.mors; -- cgit v1.2.3 From 3d638b66f0c4297db51a97ec398ba4e7393faf3d Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 15 Feb 2016 16:58:04 +0100 Subject: l 1 mors: activate postgresql --- lass/1systems/mors.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 26a820cf3..4083e0c2f 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -129,6 +129,12 @@ }; }; } + { + services.postgresql = { + enable = true; + authentication = "local all all ident"; + }; + } ]; krebs.build.host = config.krebs.hosts.mors; -- cgit v1.2.3 From 399c0c902cae6b0a2e64bf7259b3eef7ac2d341d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Feb 2016 14:58:59 +0100 Subject: l 1 mors: disbale broken configs --- lass/1systems/mors.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index e3bb4e487..7d4cd72d2 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -20,12 +20,12 @@ ../2configs/git.nix #../2configs/wordpress.nix ../2configs/bitlbee.nix - ../2configs/firefoxPatched.nix + #../2configs/firefoxPatched.nix ../2configs/skype.nix ../2configs/teamviewer.nix ../2configs/libvirt.nix ../2configs/fetchWallpaper.nix - ../2configs/buildbot-standalone.nix + #../2configs/buildbot-standalone.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ -- cgit v1.2.3 From a1615ca432011bed447fd52d49ac1731af0c2acc Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Feb 2016 14:59:21 +0100 Subject: l 1 mors: postgre -> mariadb --- lass/1systems/mors.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 7d4cd72d2..31663008d 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -131,9 +131,10 @@ }; } { - services.postgresql = { + services.mysql = { enable = true; - authentication = "local all all ident"; + package = pkgs.mariadb; + rootPassword = "/mysql_rootPassword"; }; } ]; -- cgit v1.2.3 From bc9a4d68b905e9737098c4cdd3d7089a7feadbc2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Feb 2016 14:59:36 +0100 Subject: add /mnt/conf to automounted disks --- lass/1systems/mors.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 31663008d..a7f4ee5f8 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -210,6 +210,11 @@ device = "/dev/big/public"; fsType = "ext4"; }; + + "/mnt/conf" = { + device = "/dev/big/conf"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' -- cgit v1.2.3 From e1a77d240eaedafbb58a387da94c863118533574 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 18 Feb 2016 17:05:01 +0100 Subject: l 1 mors: enable elasticsearch --- lass/1systems/mors.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index a7f4ee5f8..9f492e2c6 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -137,6 +137,14 @@ rootPassword = "/mysql_rootPassword"; }; } + { + services.elasticsearch = { + enable = true; + plugins = [ + pkgs.elasticsearchPlugins.elasticsearch_kopf + ]; + }; + } ]; krebs.build.host = config.krebs.hosts.mors; -- cgit v1.2.3 From 472daa6a41dce774b9975d17649f7b82222543f9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 21 Feb 2016 10:56:16 +0100 Subject: l 1 prism: remove kernel workaround --- lass/1systems/prism.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 05b3470e5..d9e54a927 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -83,10 +83,10 @@ in { { sound.enable = false; } - { - #workaround for server dying after 6-7h - boot.kernelPackages = pkgs.linuxPackages_4_2; - } + #{ + # #workaround for server dying after 6-7h + # boot.kernelPackages = pkgs.linuxPackages_4_2; + #} { nixpkgs.config.allowUnfree = true; } -- cgit v1.2.3 From c0fda459166100bc38e4dbe649203c027bb613a7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 21 Feb 2016 14:26:21 +0100 Subject: l 1 prism: add uriel to chat authorized_keys --- lass/1systems/prism.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index d9e54a927..32137a699 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -120,6 +120,7 @@ in { { users.users.chat.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJJKlOeAHyi7lToCqRF/hdA2TrtVbrTUd2ayuWsXe9JWiyeyKH/LNY3SrgxCWPZSItE9VK68ghMuVYK/A8IAcgzNhzFYLDxmtsidjiOJBj2ZGsjqevoQ5HuKB/pob8CLW3dr1Rx38Any/XXxpfeO6vemCJMGLTe5gSlrCI+Tk1qNt0Rz+rke73Hwt9wW39g8X3prF2q9ryL9OFCcsoYUE7PIOV9xM1GaDFfTR4bKux7HyFKmG+rBvmJHB5OPW8UAtVZGY/FIChwlmF6QNO5Zym497bG1RCOGplaLpRXVJrmoUkZUO7EazePPxIjz2duWYqFtwl5R9YGy1+a+F58G19DS7wJHM29td117/ZANjRTxE5q/aJm2okJYOVSqhYzdhji+BWVZ5ai7cktpAdtPo++yiZN90LvogXNB64kFxVGuX52xZcA3KLKmvrd47o9k0pzO+oCoArxPFIx0YkHfy/yw7OG8Z+KLK8l9WXWBZO5TpjcydnEcRZ8OEqVhtmDh+9h1zhPphuFBtT1JPbt8m132RUy23qsNRtZ/lnnfQbrxgHPRzVuvA8o4ahOEUdvV9SYnzKb6qMFXGp25EhlcWnR4/toyG6I3paBtByeHkaxjgCuvm9Hob6f/xFr3kEJ4WXTVguyrcFgNg2EcEfdkrTMhNn9OIHEFFQ8whIBv5jlw== JuiceSSH" + config.krebs.users.lass-uriel.pubkey ]; } { -- cgit v1.2.3 From 2d912a9d6dec8b58411436a6e2e82c9fa152e907 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 21 Feb 2016 14:28:50 +0100 Subject: l 1 uriel: remove redundant authorized_key entry --- lass/1systems/uriel.nix | 9 --------- 1 file changed, 9 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index 0758164f0..4e4eca21f 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -15,15 +15,6 @@ with builtins; ../2configs/bitlbee.nix ../2configs/weechat.nix ../2configs/skype.nix - { - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/uriel.ssh.pub - ]; - }; - }; - } ]; krebs.build.host = config.krebs.hosts.uriel; -- cgit v1.2.3 From 137306f990e866fff93e8d908641f65c421db184 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 22 Feb 2016 00:49:36 +0100 Subject: l 1 mors: deactive hangouts groups --- lass/1systems/mors.nix | 3 --- 1 file changed, 3 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 9f492e2c6..01d69c403 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -328,7 +328,4 @@ tapButtons = false; twoFingerScroll = true; }; - - #for google hangout - users.extraUsers.gm.extraGroups = [ "audio" "video" ]; } -- cgit v1.2.3 From 08627a2cd423e6853de324cfa2c1bba0c844af30 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Feb 2016 16:43:36 +0100 Subject: l 1 helios: remove open ports --- lass/1systems/helios.nix | 6 ------ 1 file changed, 6 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 0103b6ec0..beaf0f441 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -19,12 +19,6 @@ with builtins; # }; #} { - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; } - ]; - }; }; } ]; -- cgit v1.2.3 From 02c3fabe3ac38713fe71184c66ecf86dfa295a57 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Feb 2016 16:44:48 +0100 Subject: l 1 helios: enable elasticsearch --- lass/1systems/helios.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index beaf0f441..2784375c2 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -19,6 +19,11 @@ with builtins; # }; #} { + services.elasticsearch = { + enable = true; + plugins = [ + pkgs.elasticsearchPlugins.elasticsearch_kopf + ]; }; } ]; -- cgit v1.2.3 From 1ae75d5408d771fb880cb1b6d503dba82619fbc1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 26 Feb 2016 16:45:13 +0100 Subject: l 1 prism: update JuiceSSH key --- lass/1systems/prism.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 32137a699..864e59b21 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -119,7 +119,7 @@ in { } { users.users.chat.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJJKlOeAHyi7lToCqRF/hdA2TrtVbrTUd2ayuWsXe9JWiyeyKH/LNY3SrgxCWPZSItE9VK68ghMuVYK/A8IAcgzNhzFYLDxmtsidjiOJBj2ZGsjqevoQ5HuKB/pob8CLW3dr1Rx38Any/XXxpfeO6vemCJMGLTe5gSlrCI+Tk1qNt0Rz+rke73Hwt9wW39g8X3prF2q9ryL9OFCcsoYUE7PIOV9xM1GaDFfTR4bKux7HyFKmG+rBvmJHB5OPW8UAtVZGY/FIChwlmF6QNO5Zym497bG1RCOGplaLpRXVJrmoUkZUO7EazePPxIjz2duWYqFtwl5R9YGy1+a+F58G19DS7wJHM29td117/ZANjRTxE5q/aJm2okJYOVSqhYzdhji+BWVZ5ai7cktpAdtPo++yiZN90LvogXNB64kFxVGuX52xZcA3KLKmvrd47o9k0pzO+oCoArxPFIx0YkHfy/yw7OG8Z+KLK8l9WXWBZO5TpjcydnEcRZ8OEqVhtmDh+9h1zhPphuFBtT1JPbt8m132RUy23qsNRtZ/lnnfQbrxgHPRzVuvA8o4ahOEUdvV9SYnzKb6qMFXGp25EhlcWnR4/toyG6I3paBtByeHkaxjgCuvm9Hob6f/xFr3kEJ4WXTVguyrcFgNg2EcEfdkrTMhNn9OIHEFFQ8whIBv5jlw== JuiceSSH" + "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH" config.krebs.users.lass-uriel.pubkey ]; } -- cgit v1.2.3 From 00f61dc6b8f89f3b584669960f5211c50104d4da Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 27 Feb 2016 15:50:30 +0100 Subject: l 1 mors: disable sna acceleration --- lass/1systems/mors.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 01d69c403..dc09c9d30 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -270,14 +270,14 @@ emulateWheel = true; }; - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; + #services.xserver = { + # videoDriver = "intel"; + # vaapiDrivers = [ pkgs.vaapiIntel ]; + # deviceSection = '' + # Option "AccelMethod" "sna" + # BusID "PCI:0:2:0" + # ''; + #}; environment.systemPackages = with pkgs; [ cac-api -- cgit v1.2.3 From efa2eb3331652c93499774adaf5092439cce92bc Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 2 Mar 2016 21:39:36 +0100 Subject: l 1 mors: disable kopf in ES --- lass/1systems/mors.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index dc09c9d30..5c5c35307 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -141,7 +141,7 @@ services.elasticsearch = { enable = true; plugins = [ - pkgs.elasticsearchPlugins.elasticsearch_kopf + # pkgs.elasticsearchPlugins.elasticsearch_kopf ]; }; } -- cgit v1.2.3 From 6570fa8d8657c577e18225dfd860bce2e4c5e7df Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 2 Mar 2016 21:52:02 +0100 Subject: l 1 mors: import cbase.nix --- lass/1systems/mors.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 5c5c35307..b95e61a58 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -25,6 +25,7 @@ ../2configs/teamviewer.nix ../2configs/libvirt.nix ../2configs/fetchWallpaper.nix + ../2configs/cbase.nix #../2configs/buildbot-standalone.nix { #risk of rain port -- cgit v1.2.3 From 20025f7b1241aa236cbad847264b77436812104e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 6 Mar 2016 01:45:57 +0100 Subject: l 1 prism: enable tor client --- lass/1systems/prism.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 864e59b21..4d40c8d59 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -135,6 +135,12 @@ in { { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } ]; } + { + services.tor = { + enable = true; + client.enable = true; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 81c047edfd3491b5404bc0ed1f6a4385851e4443 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 Mar 2016 13:16:30 +0100 Subject: l 1 helios: disable kopf plugin for ES --- lass/1systems/helios.nix | 3 --- 1 file changed, 3 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 2784375c2..cc98c2c5b 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -21,9 +21,6 @@ with builtins; { services.elasticsearch = { enable = true; - plugins = [ - pkgs.elasticsearchPlugins.elasticsearch_kopf - ]; }; } ]; -- cgit v1.2.3 From bf8a0c66f9db05693b0bce439ef628f9b9a4c832 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 15 Mar 2016 14:05:09 +0100 Subject: l 1 mors: activate postgresql --- lass/1systems/mors.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index b95e61a58..20b885b5f 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -146,6 +146,12 @@ ]; }; } + { + services.postgresql = { + enable = true; + package = pkgs.postgresql; + }; + } ]; krebs.build.host = config.krebs.hosts.mors; -- cgit v1.2.3 From 00eed553e55bd07400f7fd880b6f5c25cd6a7df6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 15 Mar 2016 14:12:13 +0100 Subject: l 1 mors: add acronym to pkgs --- lass/1systems/mors.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 20b885b5f..1f7a13c56 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -287,6 +287,7 @@ #}; environment.systemPackages = with pkgs; [ + acronym cac-api sshpass get -- cgit v1.2.3