bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Reformat + swap odin SSD

Browse source
This commit is contained in:
Filippo Berto 2022-09-01 15:11:16 +02:00
parent 1bc27dde82
commit 2f3d05a802
No known key found for this signature in database
GPG key ID: FE98AE5EC52B1056
83 changed files with 1448 additions and 931 deletions
Download patch file Download diff file Expand all files Collapse all files

5
nixos_modules/automatic-garbage-collection.nix
View file

@ -1,3 +1,6 @@
{
nix.gc = { automatic = true; options = "--delete-older-than 7d"; };
nix.gc = {
automatic = true;
options = "--delete-older-than 7d";
};
}

4
nixos_modules/bertof_user.nix
View file

@ -2,6 +2,8 @@
users.users.bertof = {
isNormalUser = true;
extraGroups = [ "network" "networkmanager" "wheel" ];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W"
];
};
}

102
nixos_modules/big_data.nix
View file

@ -11,7 +11,6 @@ let
# done
# sudo chown hdfs:hadoop /etc/hadoop.keytab
# sudo kadmin.local -q "ank -randkey spark/my.engine";
# sudo kadmin.local -q "xst -k /etc/spark.keytab spark/my.engine";
# sudo kadmin.local -q "ktrem -k /etc/spark.keytab spark/my.engine old"
@ -82,21 +81,21 @@ in
{
networking = {
hosts = {
"127.0.0.1" = [
"ds.my.engine"
"kdc.my.engine"
"my.engine"
];
};
hosts = { "127.0.0.1" = [ "ds.my.engine" "kdc.my.engine" "my.engine" ]; };
};
services = {
spark = {
package = spark;
master = { enable = true; restartIfChanged = true; };
worker = { enable = true; restartIfChanged = true; };
master = {
enable = true;
restartIfChanged = true;
};
worker = {
enable = true;
restartIfChanged = true;
};
confDir = sparkConfDir;
};
@ -137,12 +136,14 @@ in
# NAME NODE SECURITY
"dfs.namenode.keytab.file" = hadoop_keytab_path;
"dfs.namenode.kerberos.principal" = "nn/my.engine@MY.ENGINE";
"dfs.namenode.kerberos.internal.spnego.principal" = "HTTP/my.engine@MY.ENGINE";
"dfs.namenode.kerberos.internal.spnego.principal" =
"HTTP/my.engine@MY.ENGINE";
# SECONDARY NAME NODE SECURITY
"dfs.secondary.namenode.keytab.file" = hadoop_keytab_path;
"dfs.secondary.namenode.kerberos.principal" = "nn/my.engine@MY.ENGINE";
"dfs.secondary.namenode.kerberos.internal.spnego.principal" = "HTTP/my.engine@MY.ENGINE";
"dfs.secondary.namenode.kerberos.internal.spnego.principal" =
"HTTP/my.engine@MY.ENGINE";
# DATA NODE SECURITY
"dfs.datanode.keytab.file" = hadoop_keytab_path;
@ -156,7 +157,8 @@ in
"dfs.webhdfs.enabled" = "true";
# WEB AUTHENTICATION CONFIG
"dfs.web.authentication.kerberos.principal" = "HTTP/my.engine@MY.ENGINE";
"dfs.web.authentication.kerberos.principal" =
"HTTP/my.engine@MY.ENGINE";
"dfs.web.authentication.kerberos.keytab" = hadoop_keytab_path;
"ignore.secure.ports.for.testing" = "true";
"dfs.http.policy" = "HTTP_ONLY";
@ -173,15 +175,20 @@ in
yarnSite = {
"yarn.nodemanager.admin-env" = "PATH=$PATH";
"yarn.nodemanager.aux-services" = "mapreduce_shuffle";
"yarn.nodemanager.aux-services.mapreduce_shuffle.class" = "org.apache.hadoop.mapred.ShuffleHandler";
"yarn.nodemanager.aux-services.mapreduce_shuffle.class" =
"org.apache.hadoop.mapred.ShuffleHandler";
"yarn.nodemanager.bind-host" = "0.0.0.0";
"yarn.nodemanager.container-executor.class" = "org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor";
"yarn.nodemanager.env-whitelist" = "JAVA_HOME,HADOOP_COMMON_HOME,HADOOP_HDFS_HOME,HADOOP_CONF_DIR,CLASSPATH_PREPEND_DISTCACHE,HADOOP_YARN_HOME,HADOOP_HOME,LANG,TZ";
"yarn.nodemanager.container-executor.class" =
"org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor";
"yarn.nodemanager.env-whitelist" =
"JAVA_HOME,HADOOP_COMMON_HOME,HADOOP_HDFS_HOME,HADOOP_CONF_DIR,CLASSPATH_PREPEND_DISTCACHE,HADOOP_YARN_HOME,HADOOP_HOME,LANG,TZ";
"yarn.nodemanager.linux-container-executor.group" = "hadoop";
"yarn.nodemanager.linux-container-executor.path" = "/run/wrappers/yarn-nodemanager/bin/container-executor";
"yarn.nodemanager.linux-container-executor.path" =
"/run/wrappers/yarn-nodemanager/bin/container-executor";
"yarn.nodemanager.log-dirs" = "/var/log/hadoop/yarn/nodemanager";
"yarn.resourcemanager.bind-host" = "0.0.0.0";
"yarn.resourcemanager.scheduler.class" = "org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler";
"yarn.resourcemanager.scheduler.class" =
"org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler";
"yarn.resourcemanager.keytab" = hadoop_keytab_path;
"yarn.resourcemanager.principal" = "rm/my.engine@MY.ENGINE";
@ -193,12 +200,14 @@ in
"yarn.scheduler.capacity.root.queues" = "default";
"yarn.scheduler.capacity.root.default.capacity" = 100;
# "yarn.scheduler.capacity.root.default.state" = "RUNNING";
"yarn.scheduler.capacity.root.acl_submit_applications" = "hadoop,yarn,mapred,hdfs";
"yarn.scheduler.capacity.root.acl_submit_applications" =
"hadoop,yarn,mapred,hdfs";
};
httpfsSite = {
"kerberos.realm" = "MY.ENGINE";
"httpfs.authentication.type" = "kerberos";
"httpfs.authentication.kerberos.principal " = "HTTP/my.engine@MY.ENGINE";
"httpfs.authentication.kerberos.principal " =
"HTTP/my.engine@MY.ENGINE";
"httpfs.authentication.kerberos.keytab" = hadoop_keytab_path;
"httpfs.hadoop.kerberos.principal " = "HTTP/my.engine@MY.ENGINE";
"httpfs.hadoop.kerberos.keytab" = hadoop_keytab_path;
@ -206,23 +215,52 @@ in
extraConfDirs = [ ];
hdfs = {
namenode = { enable = true; formatOnInit = true; restartIfChanged = true; };
datanode = { enable = true; restartIfChanged = true; };
journalnode = { enable = true; restartIfChanged = true; };
zkfc = { enable = false; restartIfChanged = true; }; # ZOOKEEPER DISABLED, not using High Availability setup
httpfs = { enable = true; restartIfChanged = true; };
namenode = {
enable = true;
formatOnInit = true;
restartIfChanged = true;
};
datanode = {
enable = true;
restartIfChanged = true;
};
journalnode = {
enable = true;
restartIfChanged = true;
};
zkfc = {
enable = false;
restartIfChanged = true;
}; # ZOOKEEPER DISABLED, not using High Availability setup
httpfs = {
enable = true;
restartIfChanged = true;
};
};
yarn = {
resourcemanager = { enable = true; restartIfChanged = true; };
nodemanager = { enable = true; restartIfChanged = true; useCGroups = false; };
resourcemanager = {
enable = true;
restartIfChanged = true;
};
nodemanager = {
enable = true;
restartIfChanged = true;
useCGroups = false;
};
};
};
kerberos_server = {
enable = true;
realms."MY.ENGINE".acl = [
{ principal = "*/admin"; access = "all"; }
{ principal = "*/my.engine"; access = "all"; }
{
principal = "*/admin";
access = "all";
}
{
principal = "*/my.engine";
access = "all";
}
];
};
};
@ -274,8 +312,10 @@ in
User = "spark";
Group = "spark";
WorkingDirectory = "${pkgs.spark}/lib/${pkgs.spark.untarDir}";
ExecStart = "${pkgs.spark}/lib/${pkgs.spark.untarDir}/sbin/start-history-server.sh";
ExecStop = "${pkgs.spark}/lib/${pkgs.spark.untarDir}/sbin/stop-history-server.sh";
ExecStart =
"${pkgs.spark}/lib/${pkgs.spark.untarDir}/sbin/start-history-server.sh";
ExecStop =
"${pkgs.spark}/lib/${pkgs.spark.untarDir}/sbin/stop-history-server.sh";
TimeoutSec = 300;
StartLimitBurst = 10;
Restart = "always";

15
nixos_modules/defcon.nix
View file

@ -1,10 +1,17 @@
{ ... }:
{
{ ... }: {
networking.hosts = {
"54.176.11.243" = [ "vpn.mhackeroni.it" ];
"10.100.0.50" = [ "master.cb.cloud.mhackeroni.it" "bartender.cb.cloud.mhackeroni.it" "grafana.cb.cloud.mhackeroni.it" "menu.cb.cloud.mhackeroni.it" "maitre.cb.cloud.mhackeroni.it" "accountant.cb.cloud.mhackeroni.it" ];
"10.100.0.150" = [ "flowgui.cloud.mhackeroni.it" "smb.cloud.mhackeroni.it" ];
"10.100.0.50" = [
"master.cb.cloud.mhackeroni.it"
"bartender.cb.cloud.mhackeroni.it"
"grafana.cb.cloud.mhackeroni.it"
"menu.cb.cloud.mhackeroni.it"
"maitre.cb.cloud.mhackeroni.it"
"accountant.cb.cloud.mhackeroni.it"
];
"10.100.0.150" =
[ "flowgui.cloud.mhackeroni.it" "smb.cloud.mhackeroni.it" ];
"10.100.0.200" = [ "tunniceddu.cloud.mhackeroni.it" ];
"10.100.0.250" = [ "rev.cloud.mhackeroni.it" ];
"10.100.0.66" = [ "attackerbackup.cloud.mhackeroni.it" ];

13
nixos_modules/dnsmasq.nix
View file

@ -1,8 +1,9 @@
{ lib, ... }:
{ ... }:
let
blocklist = builtins.fetchurl {
sha256 = "sha256:16xcx2z8ziv2fbqhr4ajayxblcs4i1ckrwnf50iina9asgia18za";
url = "https://github.com/notracking/hosts-blocklists/raw/master/dnsmasq/dnsmasq.blacklist.txt";
url =
"https://github.com/notracking/hosts-blocklists/raw/master/dnsmasq/dnsmasq.blacklist.txt";
};
in
{
@ -11,16 +12,12 @@ in
services.dnsmasq = {
enable = true;
servers = [
"1.1.1.1"
"8.8.8.8"
"8.8.4.4"
];
servers = [ "1.1.1.1" "8.8.8.8" "8.8.4.4" ];
extraConfig = ''
cache-size=10000
log-queries
local-ttl=300
conf-file=${blocklist}
'';
};

14
nixos_modules/k3s.nix
View file

@ -1,17 +1,13 @@
{
services.k3s = {
enable = true;
};
services.k3s = { enable = true; };
networking.firewall = {
allowedTCPPorts = [
6443 # Kubernetes API
];
allowedTCPPortRanges = [
{
from = 9000;
to = 15000;
}
];
allowedTCPPortRanges = [{
from = 9000;
to = 15000;
}];
};
}

20
nixos_modules/mind.nix
View file

@ -1,20 +1,12 @@
{
services.postgresql = {
enable = true;
ensureDatabases = [
"mfh"
];
ensureUsers = [
{
name = "bertof";
ensurePermissions = {
"DATABASE \"mfh\"" = "ALL PRIVILEGES";
};
}
];
ensureDatabases = [ "mfh" ];
ensureUsers = [{
name = "bertof";
ensurePermissions = { "DATABASE \"mfh\"" = "ALL PRIVILEGES"; };
}];
};
services.apache-kafka = {
enable = true;
};
services.apache-kafka = { enable = true; };
}

3
nixos_modules/pentablet.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
# udev rules
services.udev.extraRules = ''
KERNEL=="uinput",MODE:="0666",OPTIONS+="static_node=uinput"

28
nixos_modules/pro_audio.nix
View file

@ -34,10 +34,30 @@
# fileSystems."/" = { options = "noatime errors=remount-ro"; };
security.pam.loginLimits = [
{ domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; }
{ domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; }
{ domain = "@audio"; item = "nofile"; type = "soft"; value = "99999"; }
{ domain = "@audio"; item = "nofile"; type = "hard"; value = "99999"; }
{
domain = "@audio";
item = "memlock";
type = "-";
value = "unlimited";
}
{
domain = "@audio";
item = "rtprio";
type = "-";
value = "99";
}
{
domain = "@audio";
item = "nofile";
type = "soft";
value = "99999";
}
{
domain = "@audio";
item = "nofile";
type = "hard";
value = "99999";
}
];
# services = {

6
nixos_modules/sesar.nix
View file

@ -1,11 +1,7 @@
{
networking = {
hosts = {
"172.20.28.210" = [
"datanode1"
"datanode2"
"datanode3"
];
"172.20.28.210" = [ "datanode1" "datanode2" "datanode3" ];
# "172.20.28.210" = [ "*.engine.sesar.int" ];
"159.149.147.137" = [ "vcenter.sesar.int" ];
};