From 2f058109469764e73c8a84e67a166bc32d4bb9db Mon Sep 17 00:00:00 2001
From: nostoromo root <root@nostromo.fudo.org>
Date: Thu, 14 Jan 2021 14:22:09 -0800
Subject: [PATCH 1/4] Add IPFS...and switch back from fish, because it can't
handle bash's env
---
config/fudo/ipfs.nix | 71 +++++++++++++++++++++++++++++++++++++++++
config/local.nix | 4 +--
defaults.nix | 76 ++++++++++++++++++++++++++------------------
hosts/nostromo.nix | 42 ++++++++----------------
users/niten.nix | 29 +++++++++--------
5 files changed, 148 insertions(+), 74 deletions(-)
create mode 100644 config/fudo/ipfs.nix
diff --git a/config/fudo/ipfs.nix b/config/fudo/ipfs.nix
new file mode 100644
index 0000000..23497dc
--- /dev/null
+++ b/config/fudo/ipfs.nix
@@ -0,0 +1,71 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.fudo.ipfs;
+
+ user-group-entry = group: user:
+ nameValuePair user { extraGroups = [ group ]; };
+
+ user-home-entry = ipfs-path: user:
+ nameValuePair user { home.sessionVariables = { IPFS_PATH = ipfs-path; }; };
+
+in {
+ options.fudo.ipfs = with types; {
+ enable = mkEnableOption "Fudo IPFS";
+
+ users = mkOption {
+ type = listOf str;
+ description = "List of users with IPFS access.";
+ default = [ ];
+ };
+
+ user = mkOption {
+ type = str;
+ description = "User as which to run IPFS user.";
+ default = "ipfs";
+ };
+
+ group = mkOption {
+ type = str;
+ description = "Group as which to run IPFS user.";
+ default = "ipfs";
+ };
+
+ api-address = mkOption {
+ type = str;
+ description = "Address on which to listen for requests.";
+ default = "/ip4/127.0.0.1/tcp/5001";
+ };
+
+ automount = mkOption {
+ type = bool;
+ description = "Whether to automount /ipfs and /ipns on boot.";
+ default = true;
+ };
+
+ data-dir = mkOption {
+ type = str;
+ description = "Path to store data for IPFS.";
+ default = "/var/lib/ipfs";
+ };
+ };
+
+ config = mkIf cfg.enable {
+
+ users.users = listToAttrs (map (user-group-entry cfg.group) cfg.users);
+
+ services.ipfs = {
+ enable = true;
+ apiAddress = cfg.api-address;
+ autoMount = cfg.automount;
+ enableGC = true;
+ user = cfg.user;
+ group = cfg.group;
+ dataDir = cfg.data-dir;
+ };
+
+ home-manager.users =
+ listToAttrs (map (user-home-entry cfg.data-dir) cfg.users);
+ };
+}
diff --git a/config/local.nix b/config/local.nix
index 7c2b692..cd6fee6 100644
--- a/config/local.nix
+++ b/config/local.nix
@@ -1,7 +1,6 @@
{ lib, config, pkgs, ... }:
-with lib;
-{
+with lib; {
imports = [
./fudo/acme-for-hostname.nix
./fudo/authentication.nix
@@ -13,6 +12,7 @@ with lib;
./fudo/garbage-collector.nix
./fudo/git.nix
./fudo/grafana.nix
+ ./fudo/ipfs.nix
./fudo/kdc.nix
./fudo/ldap.nix
./fudo/local-network.nix
diff --git a/defaults.nix b/defaults.nix
index c2e1d9c..548b676 100644
--- a/defaults.nix
+++ b/defaults.nix
@@ -2,8 +2,7 @@
{ config, pkgs, lib, ... }:
-let
- state-version = "20.03";
+let state-version = "20.03";
in {
imports = [
@@ -109,13 +108,9 @@ in {
xkbOptions = "ctrl:nocaps";
};
- console = {
- useXkbConfig = true;
- };
+ console = { useXkbConfig = true; };
- i18n = {
- defaultLocale = "en_US.UTF-8";
- };
+ i18n = { defaultLocale = "en_US.UTF-8"; };
programs = {
mosh.enable = true;
@@ -137,9 +132,7 @@ in {
enableSSHSupport = true;
};
- fish = {
- enable = true;
- };
+ fish = { enable = true; };
};
services = {
@@ -148,9 +141,7 @@ in {
enable = true;
};
- cron = {
- enable = true;
- };
+ cron = { enable = true; };
openssh = {
enable = true;
startWhenNeeded = true;
@@ -158,16 +149,12 @@ in {
extraConfig = ''
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
- '';
+ '';
};
- pcscd = {
- enable = true;
- };
+ pcscd = { enable = true; };
- udev.packages = with pkgs; [
- yubikey-personalization
- ];
+ udev.packages = with pkgs; [ yubikey-personalization ];
};
environment.shellInit = ''
@@ -194,11 +181,7 @@ in {
};
};
- users.groups = {
- fudosys = {
- gid = 888;
- };
- };
+ users.groups = { fudosys = { gid = 888; }; };
users.extraUsers = {
niten = {
@@ -206,11 +189,26 @@ in {
uid = 10000;
createHome = true;
description = "Niten";
- shell = pkgs.fish;
- extraGroups = ["wheel" "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "dialout" "adm" "input" "systemd-journal" "fudosys" "libvirtd"];
+ extraGroups = [
+ "wheel"
+ "audio"
+ "video"
+ "disk"
+ "floppy"
+ "lp"
+ "cdrom"
+ "tape"
+ "dialout"
+ "adm"
+ "input"
+ "systemd-journal"
+ "fudosys"
+ "libvirtd"
+ ];
group = "users";
home = "/home/niten";
- hashedPassword = "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
+ hashedPassword =
+ "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDoWkjyeIfgwm0b78weToVYOQSD0RQ0qbNzpsN5NokbIFv2/980kLtnYrQEgIJ/JwMLlT3uJYacbCT5/a6Fb8oLxNpj0AF1EKaWZ3Rrlg72Sq+9SEwJwWWmZizX83sovMwUBMaUp6jWLhAhPpzBW5pfc5YWoc89wxGbELSwzgt5EgHbSJgvDnaHSp3fVaY01wfDXbL/oO160iNe7wv2HLMZu/FkWBkIjz6HmoGJJzYM89bUpHbyYG28lmCHB/8UPog5/BsjOn3/qupgf4zh6mMdMsXLvbR2jVwVjxcEMj9N5nCvc+Y3oi7Mij6VNrWbhkaAJMEzeMhWYrF3/pFQxUqG37aK3d0gw9kp5tMDLIlAPX4y1lfA87pIzoa0+Alql0CJQA1IJvp9SFG7lBmSthWQLmZvwwfoGg/ZjF6rOgsVoZ8TizpQnydWJDr6NboU9LL9Oa64OM5Rs0AU3cR2UbOF4QIcWFJ/7oDe3dOnfZ8QYqx9eXJyxoAUpDanaaTHYBiAKkeOBwQU+MVLKCcONKw9FZclf/1TpDB5b3/JeUFANjHQTv0UXA4YYU7iCx6H7XB4qwwtU9O19CGQYYfCfULX12/fRpYJw6VJaQWyyU4Bn5dk/dcB2nGI36jwbLMfhbUTIApujioAnd/GQIMakHEZ1+syPhMx9BxMkZb99B0A1Q== openpgp:0x4EC95B64"
];
@@ -220,10 +218,26 @@ in {
uid = 10049;
createHome = true;
description = "Reaper";
- extraGroups = ["wheel" "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "dialout" "adm" "input" "systemd-journal" "fudosys" "libvirtd"];
+ extraGroups = [
+ "wheel"
+ "audio"
+ "video"
+ "disk"
+ "floppy"
+ "lp"
+ "cdrom"
+ "tape"
+ "dialout"
+ "adm"
+ "input"
+ "systemd-journal"
+ "fudosys"
+ "libvirtd"
+ ];
group = "users";
home = "/home/reaper";
- hashedPassword = "$6$YVCI6kiGcG5EVMT$t9lYEXjAhbnh7YkvJJPAbrzL8XE/AASsKFlWWeS.fDjBi/8S7zwXTHF0j41nDUfC//3viysn0tIOQKyZTHhzG.";
+ hashedPassword =
+ "$6$YVCI6kiGcG5EVMT$t9lYEXjAhbnh7YkvJJPAbrzL8XE/AASsKFlWWeS.fDjBi/8S7zwXTHF0j41nDUfC//3viysn0tIOQKyZTHhzG.";
};
fudo = {
isSystemUser = true;
diff --git a/hosts/nostromo.nix b/hosts/nostromo.nix
index 657730f..2ed9609 100644
--- a/hosts/nostromo.nix
+++ b/hosts/nostromo.nix
@@ -24,10 +24,7 @@ in {
hardware.bluetooth.enable = false;
- imports = [
- ../defaults.nix
- ../hardware-configuration.nix
- ];
+ imports = [ ../defaults.nix ../hardware-configuration.nix ];
fudo.common = {
profile = "server";
@@ -74,7 +71,7 @@ in {
interface eno2
ia_na 1
ia_pd 2 eno2/0
- '';
+ '';
# Create a bridge for VMs to use
macvlans = {
@@ -93,9 +90,7 @@ in {
enp9s0f0.useDHCP = false;
enp9s0f1.useDHCP = false;
- eno2 = {
- useDHCP = true;
- };
+ eno2 = { useDHCP = true; };
intif0 = {
useDHCP = false;
@@ -121,19 +116,11 @@ in {
};
users = {
- users = {
- fudo-client = {
- isSystemUser = true;
- };
- };
+ users = { fudo-client = { isSystemUser = true; }; };
groups = {
- backplane-powerdns = {
- members = [ "backplane-powerdns" ];
- };
- backplane-dns = {
- members = [ "backplane-dns" ];
- };
+ backplane-powerdns = { members = [ "backplane-powerdns" ]; };
+ backplane-dns = { members = [ "backplane-dns" ]; };
};
};
@@ -180,11 +167,7 @@ in {
docker-containers = {
pihole = {
image = "pihole/pihole:4.3.2-1";
- ports = [
- "5353:53/tcp"
- "5353:53/udp"
- "3080:80/tcp"
- ];
+ ports = [ "5353:53/tcp" "5353:53/udp" "3080:80/tcp" ];
environment = {
ServerIP = host-internal-ip;
VIRTUAL_HOST = "dns-hole.sea.fudo.org";
@@ -202,16 +185,19 @@ in {
};
};
+ fudo.ipfs = {
+ enable = true;
+ users = [ "niten" ];
+ api-address = "/ip4/${host-internal-ip}/tcp/5001";
+ };
+
services = {
nginx = {
enable = true;
virtualHosts = {
"pihole.sea.fudo.org" = {
- serverAliases = [
- "dns-hole.sea.fudo.org"
- "hole.sea.fudo.org"
- ];
+ serverAliases = [ "dns-hole.sea.fudo.org" "hole.sea.fudo.org" ];
locations."/" = {
proxyPass = "http://127.0.0.1:3080";
diff --git a/users/niten.nix b/users/niten.nix
index 4c37375..aa9a955 100644
--- a/users/niten.nix
+++ b/users/niten.nix
@@ -11,6 +11,7 @@ in {
userName = name;
userEmail = email;
};
+
};
xresources.properties = {
@@ -33,20 +34,22 @@ in {
# tray = true;
# };
- home.file = {
- ".doom.d" = {
- source = pkgs.doom-emacs-config;
- recursive = true;
- onChange = "${pkgs.doomEmacsInit}/bin/doom-emacs-init.sh";
- };
+ home = {
+ file = {
+ ".doom.d" = {
+ source = pkgs.doom-emacs-config;
+ recursive = true;
+ onChange = "${pkgs.doomEmacsInit}/bin/doom-emacs-init.sh";
+ };
- ".k5login" = {
- source = pkgs.writeText "niten-k5login" ''
- niten@FUDO.ORG
- niten/root@FUDO.ORG
- niten@INFORMIS.LAND
- niten/root@INFORMIS.LAND
- '';
+ ".k5login" = {
+ source = pkgs.writeText "niten-k5login" ''
+ niten@FUDO.ORG
+ niten/root@FUDO.ORG
+ niten@INFORMIS.LAND
+ niten/root@INFORMIS.LAND
+ '';
+ };
};
};
}
From 5d7eefbbd3bf040efa8e03c8e5c1bfdc121fcf12 Mon Sep 17 00:00:00 2001
From: Root <root@fudo.org>
Date: Thu, 14 Jan 2021 14:35:52 -0800
Subject: [PATCH 2/4] Added lambda config
---
hosts/lambda.nix | 92 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 92 insertions(+)
create mode 100644 hosts/lambda.nix
diff --git a/hosts/lambda.nix b/hosts/lambda.nix
new file mode 100644
index 0000000..24e720f
--- /dev/null
+++ b/hosts/lambda.nix
@@ -0,0 +1,92 @@
+{ lib, config, pkgs, ... }:
+
+let
+ hostname = "lambda";
+ host-internal-ip = "10.0.0.3";
+ host-storage-ip = "10.0.10.1";
+ inherit (lib.strings) concatStringsSep;
+
+in {
+
+ boot.kernelModules = [ "kvm-amd" ];
+
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.device = "/dev/disk/by-label/nixos-root";
+
+ hardware.bluetooth.enable = false;
+
+ imports = [
+ ../defaults.nix
+ ../hardware-configuration.nix
+ ];
+
+ fudo.common = {
+ profile = "server";
+ site = "seattle";
+ };
+
+ fudo.slynk = {
+ enable = true;
+ };
+
+ networking = {
+ hostName = hostname;
+
+ nameservers = [ host-internal-ip ];
+
+ # Create a bridge for VMs to use
+ macvlans = {
+ extif0 = {
+ interface = "enp3s0f1";
+ mode = "bridge";
+ };
+ storageif0 = {
+ interface = "enp4s0f1";
+ mode = "bridge";
+ };
+ };
+
+ interfaces = {
+ enp3s0f0.useDHCP = false;
+ enp3s0f1.useDHCP = false;
+ enp4s0f0.useDHCP = false;
+ enp4s0f1.useDHCP = false;
+
+ extif0 = {
+ useDHCP = false;
+ macAddress = "02:50:f6:52:9f:9d";
+ ipv4.addresses = [
+ {
+ address = host-internal-ip;
+ prefixLength = 22;
+ }
+ # {
+ # address = "10.0.10.2";
+ # prefixLength = 24;
+ # }
+ ];
+ };
+
+ storageif0 = {
+ useDHCP = false;
+ macAddress = "02:65:d7:00:7d:1b";
+ ipv4.addresses = [
+ {
+ address = host-storage-ip;
+ prefixLength = 24;
+ }
+ ];
+ };
+ };
+ };
+
+ services = {
+ ipfs = {
+ enable = true;
+ apiAddress = "/ip4/${host-internal-ip}/tcp/5001";
+ autoMount = true;
+ enableGC = true;
+ };
+ };
+}
From 7486922c1d57c777553838296e9233e4dbea144d Mon Sep 17 00:00:00 2001
From: Root <root@fudo.org>
Date: Thu, 14 Jan 2021 14:43:52 -0800
Subject: [PATCH 3/4] Add fudo ssh key script
---
static/add-fudo-ssh-key.rb | 48 ++++++++++++++++++++++++++++++++++++++
1 file changed, 48 insertions(+)
create mode 100755 static/add-fudo-ssh-key.rb
diff --git a/static/add-fudo-ssh-key.rb b/static/add-fudo-ssh-key.rb
new file mode 100755
index 0000000..f48d9b9
--- /dev/null
+++ b/static/add-fudo-ssh-key.rb
@@ -0,0 +1,48 @@
+#!/usr/bin/env ruby
+
+require 'uri'
+require 'net/http'
+require 'net/https'
+require 'json'
+require 'socket'
+
+if ! ENV['FUDO_GIT_TOKEN']
+ puts "FUDO_GIT_TOKEN must be set first"
+ exit 1
+end
+
+token = ENV['FUDO_GIT_TOKEN']
+
+if ARGV.length != 1
+ puts "usage: #{$0} <filename>"
+ exit 1
+end
+
+filename = ARGV[0]
+
+if not File::exist?(filename)
+ puts "file does not exist: #{filename}"
+ exit 2
+end
+
+target_uri = URI.parse("https://git.fudo.org/api/v1/admin/users/fudo/keys")
+
+key = File::open(filename).read.strip
+
+hostname = Socket::gethostname
+
+@payload = {
+ key: key,
+ read_only: true,
+ title: "#{hostname} fudo key"
+}
+
+https = Net::HTTP.new(target_uri.host, target_uri.port)
+https.use_ssl = true
+req = Net::HTTP::Post.new(target_uri.path, initheader = {
+ 'Content-Type' => 'application/json',
+ 'Authorization' => "token #{token}"
+ })
+req.body = @payload.to_json
+res = https.request(req)
+puts "response #{res.code} #{res.message}: #{res.body}"
From d0973c944827fe96cfc7511ec00715850b2f71b3 Mon Sep 17 00:00:00 2001
From: Root <root@fudo.org>
Date: Thu, 14 Jan 2021 15:43:22 -0800
Subject: [PATCH 4/4] Improve bash handling
---
hosts/lambda.nix | 49 +++++++++++++++++++-----------------------------
users/niten.nix | 32 ++++++++++++++++++++++++++++++-
2 files changed, 50 insertions(+), 31 deletions(-)
diff --git a/hosts/lambda.nix b/hosts/lambda.nix
index 24e720f..7bf9b47 100644
--- a/hosts/lambda.nix
+++ b/hosts/lambda.nix
@@ -16,19 +16,14 @@ in {
hardware.bluetooth.enable = false;
- imports = [
- ../defaults.nix
- ../hardware-configuration.nix
- ];
+ imports = [ ../defaults.nix ../hardware-configuration.nix ];
fudo.common = {
profile = "server";
site = "seattle";
};
- fudo.slynk = {
- enable = true;
- };
+ fudo.slynk = { enable = true; };
networking = {
hostName = hostname;
@@ -56,37 +51,31 @@ in {
extif0 = {
useDHCP = false;
macAddress = "02:50:f6:52:9f:9d";
- ipv4.addresses = [
- {
- address = host-internal-ip;
- prefixLength = 22;
- }
- # {
- # address = "10.0.10.2";
- # prefixLength = 24;
- # }
- ];
+ ipv4.addresses = [{
+ address = host-internal-ip;
+ prefixLength = 22;
+ }
+ # {
+ # address = "10.0.10.2";
+ # prefixLength = 24;
+ # }
+ ];
};
storageif0 = {
useDHCP = false;
macAddress = "02:65:d7:00:7d:1b";
- ipv4.addresses = [
- {
- address = host-storage-ip;
- prefixLength = 24;
- }
- ];
+ ipv4.addresses = [{
+ address = host-storage-ip;
+ prefixLength = 24;
+ }];
};
};
};
- services = {
- ipfs = {
- enable = true;
- apiAddress = "/ip4/${host-internal-ip}/tcp/5001";
- autoMount = true;
- enableGC = true;
- };
+ fudo.ipfs = {
+ enable = true;
+ users = [ "niten" ];
+ api-address = "/ip4/${host-internal-ip}/tcp/5001";
};
}
diff --git a/users/niten.nix b/users/niten.nix
index aa9a955..707d88e 100644
--- a/users/niten.nix
+++ b/users/niten.nix
@@ -6,12 +6,34 @@ let
in {
programs = {
+ bash = {
+ enable = true;
+ shellAliases = {
+ ".." = "cd ..";
+ "..." = "cd ../..";
+ la = "ls -a";
+ ll = "ls -l";
+ lla = "ls -la";
+ rm = "rm --one-file-system --preserve-root";
+ };
+
+ extraInit = ''
+ case $TERM in
+ screen|xterm*|rxvt*)
+ shopt -s checkwinsize
+ ;;
+ *)
+ export LS_OPTIONS=""
+ ;;
+ esac
+ '';
+ };
+
git = {
enable = true;
userName = name;
userEmail = email;
};
-
};
xresources.properties = {
@@ -51,5 +73,13 @@ in {
'';
};
};
+
+ sessionVariables = {
+ EDITOR = "emacsclient -t";
+ ALTERNATE_EDITOR = "";
+
+ # Don't put duplicates or whitespace in bash history
+ HISTCONTROL = "ignoredups:ignorespace";
+ };
};
}