From 2e7f0ada013810e577944434f42000313befe549 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Jun 2018 08:24:56 +0200 Subject: l: kops -> krops --- lass/1systems/blue/config.nix | 8 ++++++++ lass/1systems/mors/config.nix | 8 -------- lass/kops.nix | 35 ----------------------------------- lass/krops.nix | 42 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 50 insertions(+), 43 deletions(-) delete mode 100644 lass/kops.nix create mode 100644 lass/krops.nix (limited to 'lass') diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index aef055cf0..a84bb37f6 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -12,6 +12,14 @@ with import ; krebs.build.host = config.krebs.hosts.blue; + environment.shellAliases = { + deploy = pkgs.writeDash "deploy" '' + set -eu + export SYSTEM="$1" + $(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) + ''; + }; + networking.nameservers = [ "1.1.1.1" ]; lass.restic = genAttrs [ diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index de6963eb5..97e69146e 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -140,14 +140,6 @@ with import ; OnCalendar = "00:37"; }; - environment.shellAliases = { - deploy = pkgs.writeDash "deploy" '' - set -eu - export SYSTEM="$1" - $(nix-build $HOME/stockholm/lass/kops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) - ''; - }; - nix.package = pkgs.nixUnstable; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; diff --git a/lass/kops.nix b/lass/kops.nix deleted file mode 100644 index 2dda0e8fb..000000000 --- a/lass/kops.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ name }: let - inherit (import ../krebs/kops.nix { inherit name; }) - krebs-source - lib - pkgs - ; - - source = { test }: lib.evalSource [ - krebs-source - { - nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; - secrets = if test then { - file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets"; - } else { - pass = { - dir = "${lib.getEnv "HOME"}/.password-store"; - name = "hosts/${name}"; - }; - }; - } - ]; - -in { - # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = pkgs.kops.writeDeploy "${name}-deploy" { - source = source { test = false; }; - target = "root@${name}/var/src"; - }; - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) - test = pkgs.kops.writeTest "${name}-test" { - source = source { test = true; }; - target = "${lib.getEnv "HOME"}/tmp/${name}-kops-test-src"; - }; -} diff --git a/lass/krops.nix b/lass/krops.nix new file mode 100644 index 000000000..776a3a55d --- /dev/null +++ b/lass/krops.nix @@ -0,0 +1,42 @@ +{ config ? config, name }: let + inherit (import ../krebs/krops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; + secrets = if test then { + file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets"; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.krops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) + test = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src"; + }; + + ci = map (host: + pkgs.krops.writeTest "${host.name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "TMPDIR"}/lass/${host.name}"; + } + ) (lib.filter (host: lib.getAttr "ci" host && host.owner == "lass") (lib.attrValues config.krebs.hosts)); +} -- cgit v1.2.3 From bc0cd03da463c9cf67ba47b034bbbe32d9391beb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 04:57:52 +0200 Subject: move Reaktor|krebs from prism to hotdog --- lass/1systems/prism/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 7a9537b64..285dbfa9d 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -175,7 +175,6 @@ with import ; alias /var/realwallpaper/realwallpaper.png; ''; } - { users.users.jeschli = { -- cgit v1.2.3 From e34ca32676d1fe6a4aab3cca1518b111a36ef8cd Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 04:59:14 +0200 Subject: l prism.r: remove unnecessary iptables forward --- lass/1systems/prism/config.nix | 15 --------------- 1 file changed, 15 deletions(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 285dbfa9d..d6d1ce2e4 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -293,21 +293,6 @@ with import ; }; }; } - { #weechat port forwarding to blue - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 9998"; target = "ACCEPT";} - ]; - krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.prism.nets.internet.ip4.addr} -p tcp --dport 9998"; target = "DNAT --to-destination ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}:9999"; } - ]; - krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "ACCEPT"; } - { v6 = false; precedence = 1000; predicate = "-s ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.nat.POSTROUTING.rules = [ - { v6 = false; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "MASQUERADE"; } - ]; - } { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p udp --dport 51820"; target = "ACCEPT"; } -- cgit v1.2.3 From 7b51fac2c52f2d61e024f54be621b0e5b5066dfb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 04:59:55 +0200 Subject: l blue: add ag & nmap to pkgs --- lass/2configs/blue.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass') diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index c0417b865..363705edc 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -9,6 +9,11 @@ with (import ); ./pass.nix ]; + environment.systemPackages = with pkgs; [ + ag + nmap + ]; + services.tor.enable = true; krebs.iptables.tables.filter.INPUT.rules = [ -- cgit v1.2.3 From 263f150c1bde465a5bd66c40c1ff0fe02e47ed3d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 05:01:33 +0200 Subject: l git: fix typo --- lass/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index e41ff606f..72cfd5e75 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -54,7 +54,7 @@ let cgit.section = "art"; }; nix-user-chroot = { - cgit.desc = "Fork of nix-user-chroot my lethalman"; + cgit.desc = "Fork of nix-user-chroot by lethalman"; cgit.section = "software"; }; krops = { -- cgit v1.2.3 From d6e1ca7e2884787018dd19bec994d093ebc846ec Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 05:02:27 +0200 Subject: l websites domsen: serve www.freemonkey.art --- lass/2configs/websites/domsen.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 4e8361a17..e4f50e2d1 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -26,7 +26,10 @@ in { ./default.nix ./sqlBackup.nix (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (servePage [ "freemonkey.art" ]) + (servePage [ + "freemonkey.art" + "www.freemonkey.art" + ]) (serveOwncloud [ "o.ubikmedia.de" ]) (serveWordpress [ "ubikmedia.de" -- cgit v1.2.3 From d7d39081d0c3866696e38fb42ae7e2ae28f28c69 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 05:04:21 +0200 Subject: l prism.r: open ports for mosh --- lass/1systems/prism/config.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d6d1ce2e4..61d147c5f 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -321,6 +321,11 @@ with import ; ]; }; } + { + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 0a070688e839556039a634cd354235449e5f24d3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 05:04:53 +0200 Subject: l baseX: add ag to pkgs --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index a387f2c5d..afdefaa45 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -68,6 +68,7 @@ in { environment.systemPackages = with pkgs; [ acpi + ag bank cabal2nix dic -- cgit v1.2.3 From 5b2c6b9c29494b53ff80c61b7b4fff0ee5d040e6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 05:05:26 +0200 Subject: l: remove xerxes from authorizedKeys --- lass/2configs/default.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index ed97b4897..a43113177 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -23,7 +23,6 @@ with import ; config.krebs.users.lass-blue.pubkey config.krebs.users.lass-shodan.pubkey config.krebs.users.lass-icarus.pubkey - config.krebs.users.lass-xerxes.pubkey ]; }; mainUser = { -- cgit v1.2.3 From 9b389fd6644a71c0fb8fdc7764727d771d54e221 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 11 Jun 2018 15:45:12 +0200 Subject: Revert "l prism.r: remove unnecessary iptables forward" This reverts commit e34ca32676d1fe6a4aab3cca1518b111a36ef8cd. --- lass/1systems/prism/config.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 61d147c5f..9a0bb49e9 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -293,6 +293,21 @@ with import ; }; }; } + { #weechat port forwarding to blue + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 9998"; target = "ACCEPT";} + ]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.prism.nets.internet.ip4.addr} -p tcp --dport 9998"; target = "DNAT --to-destination ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}:9999"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-s ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.nat.POSTROUTING.rules = [ + { v6 = false; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "MASQUERADE"; } + ]; + } { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p udp --dport 51820"; target = "ACCEPT"; } -- cgit v1.2.3 From c01b6860809fb455c060e143c596590f61fc62c5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 12 Jun 2018 18:43:12 +0200 Subject: github krebscode -> krebs --- lass/2configs/repo-sync.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 1cf22552c..615f5a728 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -126,8 +126,8 @@ in { (sync-remote "xintmap" "https://github.com/4z3/xintmap") (sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper") (sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog") - (sync-remote "painload" "https://github.com/krebscode/painload") - (sync-remote "Reaktor" "https://github.com/krebscode/Reaktor") + (sync-remote "painload" "https://github.com/krebs/painload") + (sync-remote "Reaktor" "https://github.com/krebs/Reaktor") (sync-remote "nixos-wiki" "https://github.com/Mic92/nixos-wiki.wiki.git") (sync-retiolum "go") (sync-retiolum "much") -- cgit v1.2.3