stockholm/krebs/1systems/wolf/config.nix

147 lines
6.1 KiB
Nix
Raw Normal View History

2017-04-17 13:45:32 +00:00
{ config, pkgs, ... }:
2015-11-17 21:15:07 +00:00
let
shack-ip = config.krebs.build.host.nets.shack.ip4.addr;
2018-01-28 14:09:18 +00:00
ext-if = "et0";
external-mac = "52:54:b0:0b:af:fe";
2015-11-17 21:15:07 +00:00
in
2015-10-25 13:07:51 +00:00
{
imports = [
2017-07-13 22:17:58 +00:00
<stockholm/krebs>
<stockholm/krebs/2configs>
2015-10-25 13:07:51 +00:00
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
2017-06-01 07:21:20 +00:00
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
2017-06-01 07:21:20 +00:00
2019-06-12 18:53:02 +00:00
# handle the worlddomination map via coap
2017-07-13 22:17:58 +00:00
<stockholm/krebs/2configs/shack/worlddomination.nix>
2019-06-12 18:53:02 +00:00
# drivedroid.shack for shackphone
2017-07-13 22:17:58 +00:00
<stockholm/krebs/2configs/shack/drivedroid.nix>
# <stockholm/krebs/2configs/shack/nix-cacher.nix>
2019-06-12 18:53:02 +00:00
# Say if muell will be collected
2017-07-13 22:17:58 +00:00
<stockholm/krebs/2configs/shack/muell_caller.nix>
2019-07-11 07:37:46 +00:00
# provide muellshack api
<stockholm/krebs/2configs/shack/muellshack.nix>
2019-07-11 16:12:09 +00:00
# provide light control api
<stockholm/krebs/2configs/shack/node-light.nix>
2019-07-12 15:22:03 +00:00
# send mail if muell was not handled
<stockholm/krebs/2configs/shack/muell_mail.nix>
2019-07-16 07:04:18 +00:00
# send mail if muell was not handled
<stockholm/krebs/2configs/shack/s3-power.nix>
2019-07-17 08:43:27 +00:00
# powerraw usb serial to mqtt and raw socket
<stockholm/krebs/2configs/shack/powerraw.nix>
2019-06-12 18:53:02 +00:00
# create samba share for anonymous usage with the laser and 3d printer pc
2017-07-13 22:17:58 +00:00
<stockholm/krebs/2configs/shack/share.nix>
2019-06-12 18:53:02 +00:00
# mobile.lounge.mpd.shack
2018-09-02 22:37:13 +00:00
<stockholm/krebs/2configs/shack/mobile.mpd.nix>
# hass.shack
<stockholm/krebs/2configs/shack/glados>
2019-06-12 18:53:02 +00:00
# connect to git.shackspace.de as group runner for rz
2019-06-12 07:56:07 +00:00
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
2017-06-01 07:21:20 +00:00
# Statistics collection and visualization
<stockholm/krebs/2configs/shack/graphite.nix>
2019-06-12 18:53:02 +00:00
## Collect data from mqtt.shack and store in graphite database
<stockholm/krebs/2configs/shack/mqtt_sub.nix>
## Collect radioactive data and put into graphite
<stockholm/krebs/2configs/shack/radioactive.nix>
2019-07-16 22:53:56 +00:00
## mqtt.shack
<stockholm/krebs/2configs/shack/mqtt.nix>
## influx.shack
<stockholm/krebs/2configs/shack/influx.nix>
2019-06-20 20:21:56 +00:00
2019-06-12 18:53:02 +00:00
## Collect local statistics via collectd and send to collectd
<stockholm/krebs/2configs/stats/shack-client.nix>
<stockholm/krebs/2configs/stats/shack-debugging.nix>
2019-06-13 18:17:45 +00:00
<stockholm/krebs/2configs/shack/netbox.nix>
2019-07-19 22:09:47 +00:00
# prometheus.shack
#<stockholm/krebs/2configs/shack/prometheus/server.nix>
2019-06-20 20:21:56 +00:00
<stockholm/krebs/2configs/shack/prometheus/node.nix>
#<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
2019-07-19 22:09:47 +00:00
# grafana.shack
<stockholm/krebs/2configs/shack/grafana.nix>
2019-06-20 20:21:56 +00:00
2015-10-25 13:07:51 +00:00
];
2015-11-17 22:13:09 +00:00
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)
2016-01-22 23:27:33 +00:00
# local discovery in shackspace
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
krebs.tinc.retiolum.extraConfig = "TCPOnly = yes";
2016-01-22 23:27:33 +00:00
2015-10-25 13:07:51 +00:00
2015-11-17 21:15:07 +00:00
networking = {
2015-11-17 22:13:09 +00:00
firewall.enable = false;
2017-05-24 08:51:58 +00:00
firewall.allowedTCPPorts = [ 8088 8086 8083 ];
2019-07-16 17:48:47 +00:00
interfaces."${ext-if}".ipv4.addresses = [
{
address = shack-ip;
prefixLength = 20;
}
];
2015-11-17 21:15:07 +00:00
defaultGateway = "10.42.0.1";
nameservers = [ "10.42.0.100" "10.42.0.200" ];
2015-11-17 21:15:07 +00:00
};
#####################
# uninteresting stuff
#####################
2015-10-25 13:07:51 +00:00
krebs.build.host = config.krebs.hosts.wolf;
boot.kernel.sysctl = {
# Enable IPv6 Privacy Extensions
"net.ipv6.conf.all.use_tempaddr" = 2;
"net.ipv6.conf.default.use_tempaddr" = 2;
};
boot.initrd.availableKernelModules = [
"ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk"
];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
2017-09-11 21:01:24 +00:00
# without it `/nix/store` is not added grub paths
boot.loader.grub.copyKernels = true;
2015-10-25 13:07:51 +00:00
fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; };
swapDevices = [
2015-11-17 21:15:07 +00:00
{ device = "/dev/disk/by-label/swap"; }
2015-10-25 13:07:51 +00:00
];
2017-06-18 12:09:02 +00:00
users.extraUsers.root.openssh.authorizedKeys.keys = [
2019-09-03 22:13:26 +00:00
config.krebs.users."0x4A6F".pubkey
2017-06-18 12:09:02 +00:00
config.krebs.users.ulrich.pubkey
config.krebs.users.raute.pubkey
2017-09-09 14:27:30 +00:00
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
2019-07-08 06:04:50 +00:00
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci
2017-06-18 12:09:02 +00:00
];
2018-01-28 14:09:18 +00:00
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
'';
2015-10-25 13:07:51 +00:00
time.timeZone = "Europe/Berlin";
2017-05-25 21:21:20 +00:00
sound.enable = false;
# avahi
services.avahi = {
enable = true;
wideArea = false;
};
environment.systemPackages = [ pkgs.avahi ];
2015-10-25 13:07:51 +00:00
}