From e205e09a20c0ad310e7397d8e4fd69f13259050c Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Wed, 28 Dec 2016 12:41:54 +0100
Subject: l 2 tests dummy-secrets: add grafana security
---
lass/2configs/tests/dummy-secrets/grafana_security.nix | 4 ++++
1 file changed, 4 insertions(+)
create mode 100644 lass/2configs/tests/dummy-secrets/grafana_security.nix
(limited to 'lass')
diff --git a/lass/2configs/tests/dummy-secrets/grafana_security.nix b/lass/2configs/tests/dummy-secrets/grafana_security.nix
new file mode 100644
index 000000000..ef75d4e0f
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/grafana_security.nix
@@ -0,0 +1,4 @@
+{
+ adminUser = "bla";
+ adminPassword = "blub";
+}
--
cgit v1.2.3
From 9edef0af0fe067cf31f26181b2745076c9767901 Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Thu, 29 Dec 2016 18:13:01 +0100
Subject: l 1 icarus: import games
---
lass/1systems/icarus.nix | 1 +
1 file changed, 1 insertion(+)
(limited to 'lass')
diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus.nix
index 9a6654648..3998fc177 100644
--- a/lass/1systems/icarus.nix
+++ b/lass/1systems/icarus.nix
@@ -13,6 +13,7 @@ with import <stockholm/lib>;
../2configs/programs.nix
../2configs/fetchWallpaper.nix
../2configs/backups.nix
+ ../2configs/games.nix
#{
# users.extraUsers = {
# root = {
--
cgit v1.2.3
From 543365d2d727b0175f87008bdefbdd35c418255a Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Thu, 29 Dec 2016 18:13:21 +0100
Subject: l 1 mors: remove obsolete powertop activations
---
lass/1systems/mors.nix | 4 ----
1 file changed, 4 deletions(-)
(limited to 'lass')
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 3498f662b..012bd359f 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -307,20 +307,16 @@ with import <stockholm/lib>;
#Runtime PMs
echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:16.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:03:00.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:0d:00.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control'
- echo 'auto' > '/sys/bus/pci/devices/0000:00:16.3/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control'
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
'';
--
cgit v1.2.3
From d5e88676b24f7d14420ba836741b00972049e614 Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Thu, 29 Dec 2016 18:13:46 +0100
Subject: l 2: add icarus to authorizedKeys
---
lass/2configs/default.nix | 2 ++
1 file changed, 2 insertions(+)
(limited to 'lass')
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 900dd36b3..6fea97728 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -22,6 +22,7 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-shodan.pubkey
+ config.krebs.users.lass-icarus.pubkey
];
};
mainUser = {
@@ -38,6 +39,7 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-shodan.pubkey
+ config.krebs.users.lass-icarus.pubkey
];
};
};
--
cgit v1.2.3
From ecc89618f8fc127ea4e51cfd56858d30c381eabb Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Thu, 29 Dec 2016 18:14:02 +0100
Subject: l 2 websites fritz: also enable nginx
---
lass/2configs/websites/fritz.nix | 3 +++
1 file changed, 3 insertions(+)
(limited to 'lass')
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index f9035dd13..00e987116 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -23,6 +23,9 @@ let
'';
in {
+
+ services.nginx.enable = true;
+
imports = [
./sqlBackup.nix
--
cgit v1.2.3
From 88c6a1ddc699e92142d32051381ca843d037a60c Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Thu, 29 Dec 2016 18:15:41 +0100
Subject: l: add & import makefu-sip config
---
lass/1systems/prism.nix | 1 +
lass/2configs/makefu-sip.nix | 21 +++++++++++++++++++++
2 files changed, 22 insertions(+)
create mode 100644 lass/2configs/makefu-sip.nix
(limited to 'lass')
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 39026d102..854c98f46 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -26,6 +26,7 @@ in {
../2configs/iodined.nix
../2configs/libvirt.nix
../2configs/hfos.nix
+ ../2configs/makefu-sip.nix
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
diff --git a/lass/2configs/makefu-sip.nix b/lass/2configs/makefu-sip.nix
new file mode 100644
index 000000000..9d2e9b696
--- /dev/null
+++ b/lass/2configs/makefu-sip.nix
@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+ users.users.makefu = {
+ uid = genid "makefu";
+ isNormalUser = true;
+ extraGroups = [ "libvirtd" ];
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.makefu.pubkey
+ ];
+ };
+
+ krebs.iptables.tables.nat.PREROUTING.rules = [
+ { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 10022"; target = "DNAT --to-destination 192.168.122.136:22"; }
+ ];
+
+ krebs.iptables.tables.filter.FORWARD.rules = [
+ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.136 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
+ ];
+}
--
cgit v1.2.3
From e541818517e6f9e3932108ce1bcf21995bf3b7c3 Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Mon, 2 Jan 2017 20:08:18 +0100
Subject: l 2 baseX: remove pulse.nix and use pulseaudio
---
lass/2configs/baseX.nix | 7 +++-
lass/2configs/pulse.nix | 96 -------------------------------------------------
2 files changed, 6 insertions(+), 97 deletions(-)
delete mode 100644 lass/2configs/pulse.nix
(limited to 'lass')
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index e98f382e3..1e796015a 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -7,7 +7,12 @@ in {
./xserver
./mpv.nix
./power-action.nix
- ./pulse.nix
+ {
+ hardware.pulseaudio = {
+ enable = true;
+ systemWide = true;
+ };
+ }
];
users.extraUsers.mainUser.extraGroups = [ "audio" "video" ];
diff --git a/lass/2configs/pulse.nix b/lass/2configs/pulse.nix
deleted file mode 100644
index 55efaea13..000000000
--- a/lass/2configs/pulse.nix
+++ /dev/null
@@ -1,96 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- pkg = pkgs.pulseaudioLight;
- runDir = "/run/pulse";
-
- alsaConf = pkgs.writeText "asound.conf" ''
- ctl_type.pulse {
- libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_ctl_pulse.so;
- }
- pcm_type.pulse {
- libs.native = ${pkgs.alsaPlugins}/lib/alsa-lib/libasound_module_pcm_pulse.so;
- }
- ctl.!default {
- type pulse
- }
- pcm.!default {
- type pulse
- }
- '';
-
- clientConf = pkgs.writeText "client.conf" ''
- autospawn=no
- default-server = unix:${runDir}/socket
- '';
-
- daemonConf = pkgs.writeText "daemon.conf" ''
- exit-idle-time=-1
- flat-volumes = no
- default-fragments = 4
- default-fragment-size-msec = 25
- '';
-
- configFile = pkgs.writeText "default.pa" ''
- .include ${pkg}/etc/pulse/default.pa
- load-module ${toString [
- "module-native-protocol-unix"
- "auth-anonymous=1"
- "socket=${runDir}/socket"
- ]}
- '';
-in
-
-{
- environment = {
- etc = {
- "asound.conf".source = alsaConf;
- # XXX mkForce is not strong enough (and neither is mkOverride) to create
- # /etc/pulse/client.conf, see pulseaudio-hack below for a solution.
- #"pulse/client.conf" = mkForce { source = clientConf; };
- #"pulse/client.conf".source = mkForce clientConf;
- "pulse/default.pa".source = configFile;
- "pulse/daemon.pa".source = daemonConf;
- };
- systemPackages = [
- pkg
- ] ++ optionals config.services.xserver.enable [
- pkgs.pavucontrol
- ];
- };
-
- # Allow PulseAudio to get realtime priority using rtkit.
- security.rtkit.enable = true;
-
- system.activationScripts.pulseaudio-hack = ''
- ln -fns ${clientConf} /etc/pulse/client.conf
- '';
-
- systemd.services.pulse = {
- wantedBy = [ "sound.target" ];
- before = [ "sound.target" ];
- environment = {
- PULSE_RUNTIME_PATH = "${runDir}/home";
- };
- serviceConfig = {
- ExecStart = "${pkg}/bin/pulseaudio";
- ExecStartPre = pkgs.writeDash "pulse-start" ''
- install -o pulse -g audio -m 0750 -d ${runDir}
- install -o pulse -g audio -m 0700 -d ${runDir}/home
- '';
- PermissionsStartOnly = "true";
- User = "pulse";
- };
- };
-
- users = {
- groups.pulse.gid = config.users.users.pulse.uid;
- users.pulse = {
- uid = genid "pulse";
- group = "pulse";
- extraGroups = [ "audio" ];
- home = "${runDir}/home";
- };
- };
-}
--
cgit v1.2.3
From 2e9d5f604c32c9c938a90c3211d5b7726d17f9ee Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Mon, 2 Jan 2017 20:10:05 +0100
Subject: l 2 games: add 32bit support for pulseaudio
---
lass/2configs/games.nix | 2 ++
1 file changed, 2 insertions(+)
(limited to 'lass')
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index e7c7de938..1bcb8c676 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -51,6 +51,8 @@ in {
};
};
+ hardware.pulseaudio.support32Bit = true;
+
security.sudo.extraConfig = ''
${mainUser.name} ALL=(games) NOPASSWD: ALL
'';
--
cgit v1.2.3