From 198cadf3968b116a2f3d74f83f4f636cde925203 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Jul 2016 20:43:56 +0200 Subject: ma: nixpkgs@0546a4a --- makefu/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 422927b28..4e6cc0b44 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -24,7 +24,7 @@ with config.krebs.lib; source = mapAttrs (_: mkDefault) { nixpkgs = { url = https://github.com/nixos/nixpkgs; - rev = "63b9785"; # stable @ 2016-06-01 + rev = "8bf31d7"; # stable @ 2016-06-11 }; secrets = if getEnv "dummy_secrets" == "true" then toString -- cgit v1.3.1 From b9c2dc13d376a79bceef0829e3990544f950215d Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Jul 2016 20:45:16 +0200 Subject: m 1 darth: configure with forward-journal, share --- makefu/1systems/darth.nix | 19 +++++++++++++- makefu/2configs/temp-share-samba.nix | 5 +++- makefu/3modules/forward-journal.nix | 50 ++++++++++++++++++++++++++++++++++++ 3 files changed, 72 insertions(+), 2 deletions(-) create mode 100644 makefu/3modules/forward-journal.nix (limited to 'makefu/2configs') diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index 5f1d6e121..87029a693 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -16,16 +16,32 @@ in { ../2configs/smart-monitor.nix ../2configs/exim-retiolum.nix ../2configs/virtualization.nix + + ../2configs/temp-share-samba.nix ]; + services.samba.shares = { + isos = { + path = "/data/isos/"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; services.tinc.networks.siem = { name = "sdarth"; extraConfig = "ConnectTo = sjump"; }; + + makefu.forward-journal = { + enable = true; + src = "10.8.10.2"; + dst = "10.8.10.6"; + }; + #networking.firewall.enable = false; krebs.retiolum.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; - hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; networking = { @@ -33,6 +49,7 @@ in { firewall = { allowPing = true; logRefusedConnections = false; + trustedInterfaces = [ "eno1" ]; allowedUDPPorts = [ 80 655 1655 67 ]; allowedTCPPorts = [ 80 655 1655 ]; }; diff --git a/makefu/2configs/temp-share-samba.nix b/makefu/2configs/temp-share-samba.nix index 5f21e3bf7..0907c2dbf 100644 --- a/makefu/2configs/temp-share-samba.nix +++ b/makefu/2configs/temp-share-samba.nix @@ -1,9 +1,12 @@ {config, ... }:{ + networking.firewall.allowedUDPPorts = [ 137 138 ]; + networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; uid = config.ids.uids.smbguest; description = "smb guest user"; - home = "/var/empty"; + home = "/home/share"; + createHome = true; }; services.samba = { enable = true; diff --git a/makefu/3modules/forward-journal.nix b/makefu/3modules/forward-journal.nix new file mode 100644 index 000000000..26de3ffdd --- /dev/null +++ b/makefu/3modules/forward-journal.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +let + cfg = config.makefu.forward-journal; + + out = { + options.makefu.forward-journal = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "forward journal via syslog"; + src = mkOption { + type = types.str; + description = "syslog host identifier"; + default = config.networking.hostName; + }; + dst = mkOption { + type = types.str; + description = "syslog host identifier"; + default = ""; + }; + proto = mkOption { + type = types.str; + default = "udp"; + }; + port = mkOption { + type = types.int; + description = "destination port"; + default = 514; + }; + + }; + + imp = { + services.syslog-ng = { + enable = true; + extraConfig = '' + template t_remote { template("<$PRI>$DATE ${cfg.src} $PROGRAM[$PID]: $MSG\n"); }; + source s_all { system(); internal(); }; + destination d_loghost { udp("${cfg.dst}" port(${toString cfg.port}) template(t_remote)); }; + log { source(s_all); destination(d_loghost); }; + ''; + }; + }; + +in +out + -- cgit v1.3.1 From 1c8ee1239fe57aabd55b686aca49960a9521ed8c Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Jul 2016 20:47:22 +0200 Subject: m: nixpkgs@0546a4a --- makefu/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 4e6cc0b44..48cfcb7cb 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -24,7 +24,7 @@ with config.krebs.lib; source = mapAttrs (_: mkDefault) { nixpkgs = { url = https://github.com/nixos/nixpkgs; - rev = "8bf31d7"; # stable @ 2016-06-11 + rev = "0546a4a"; # stable @ 2016-06-11 }; secrets = if getEnv "dummy_secrets" == "true" then toString -- cgit v1.3.1 From 941b137408982dfe4e918d4de54fbcfd88fef394 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Jul 2016 21:20:02 +0200 Subject: m 2 virtualbox: bump version --- makefu/2configs/virtualization-virtualbox.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix index aaabcd50e..5d84b0284 100644 --- a/makefu/2configs/virtualization-virtualbox.nix +++ b/makefu/2configs/virtualization-virtualbox.nix @@ -2,8 +2,8 @@ let mainUser = config.krebs.build.user; - version = "5.0.6"; - rev = "103037"; + version = "5.0.20"; + rev = "106931"; vboxguestpkg = pkgs.fetchurl { url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack"; sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf"; -- cgit v1.3.1 From c6c40da83712ca91ede062d84e31b57448db140f Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 12 Jul 2016 09:43:23 +0200 Subject: m 2 virtualbox: directly retrieve vboxguestextensions --- makefu/2configs/virtualization-virtualbox.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix index 5d84b0284..2b4e24774 100644 --- a/makefu/2configs/virtualization-virtualbox.nix +++ b/makefu/2configs/virtualization-virtualbox.nix @@ -14,5 +14,10 @@ in { nixpkgs.config.virtualbox.enableExtensionPack = true; users.extraGroups.vboxusers.members = [ "${mainUser.name}" ]; - environment.systemPackages = [ vboxguestpkg ]; + nixpkgs.config.packageOverrides = super: { + boot.kernelPackages = super.boot.kernelPackages.virtualbox.override { + buildInputs = super.boot.kernelPackages.virtualBox.buildInputs + ++ [ vboxguestpkg ]; + }; + }; } -- cgit v1.3.1 From 0691d1ba14a3c9c69ba6b6f50246b6402b29b3ad Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 14 Jul 2016 17:55:41 +0200 Subject: m 2 default:remove useroaming no as it is disabled by default --- makefu/2configs/default.nix | 3 --- 1 file changed, 3 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 48cfcb7cb..c40256db3 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -62,9 +62,6 @@ with config.krebs.lib; programs.ssh = { startAgent = false; - extraConfig = '' - UseRoaming no - ''; }; services.openssh.enable = true; nix.useChroot = true; -- cgit v1.3.1 From 14242c68f234f6de0bed015817ac206f99dc4f20 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 14 Jul 2016 22:31:27 +0200 Subject: m binary-cache: split lass and nixos --- makefu/2configs/binary-cache/lass.nix | 12 ++++++++++++ makefu/2configs/binary-cache/nixos.nix | 12 ++++++++++++ makefu/2configs/default.nix | 4 ++-- 3 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 makefu/2configs/binary-cache/lass.nix create mode 100644 makefu/2configs/binary-cache/nixos.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/binary-cache/lass.nix b/makefu/2configs/binary-cache/lass.nix new file mode 100644 index 000000000..4813eeb0f --- /dev/null +++ b/makefu/2configs/binary-cache/lass.nix @@ -0,0 +1,12 @@ +{ config, ... }: + +{ + nix = { + binaryCaches = [ + "http://cache.prism.r" + ]; + binaryCachePublicKeys = [ + "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + ]; + }; +} diff --git a/makefu/2configs/binary-cache/nixos.nix b/makefu/2configs/binary-cache/nixos.nix new file mode 100644 index 000000000..2ff5e1307 --- /dev/null +++ b/makefu/2configs/binary-cache/nixos.nix @@ -0,0 +1,12 @@ +{ config, ... }: + +{ + nix = { + binaryCaches = [ + "https://cache.nixos.org/" + ]; + binaryCachePublicKeys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + ]; + }; +} diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index c40256db3..acd34b0d3 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -2,8 +2,6 @@ with config.krebs.lib; { - system.stateVersion = "15.09"; - imports = [ { users.extraUsers = @@ -11,6 +9,8 @@ with config.krebs.lib; (import ); } ./vim.nix + ./binary-cache/nixos.nix + ./binary-cache/lass.nix ]; nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); -- cgit v1.3.1