Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'gum/master'

Browse Source
This commit is contained in:
lassulus 2015-12-16 15:46:23 +01:00
commit 07f4510ad0
26 changed files with 823 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
krebs/3modules/makefu/default.nix
View File

@ -263,6 +263,31 @@ with lib;
};
};
};
omo = rec {
cores = 2;
dc = "makefu"; #AMD E350
nets = {
retiolum = {
addrs4 = ["10.243.0.89"];
addrs6 = ["42:f9f0::10"];
aliases = [
"omo.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
gum = rec {
cores = 1;
dc = "online.net"; #root-server
@ -273,6 +298,7 @@ with lib;
mattermost.euer IN A ${head nets.internet.addrs4}
git.euer IN A ${head nets.internet.addrs4}
gum IN A ${head nets.internet.addrs4}
cgit.euer IN A ${head nets.internet.addrs4}
'';
};
nets = {
@ -287,6 +313,7 @@ with lib;
addrs6 = ["42:f9f0:0000:0000:0000:0000:0000:70d2"];
aliases = [
"gum.retiolum"
"cgit.gum.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@ -302,10 +329,26 @@ with lib;
};
};
};
users = addNames {
users = addNames rec {
makefu = {
mail = "makefu@pornocauster.retiolum";
pubkey = readFile ../../Zpubkeys/makefu_arch.ssh.pub;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster";
};
makefu-omo = {
inherit (makefu) mail;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch";
};
makefu-tsp = {
inherit (makefu) mail;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp";
};
makefu-vbob = {
inherit (makefu) mail;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob";
};
exco = {
mail = "dickbutt@excogitation.de";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de";
};
};
}

87
krebs/5pkgs/fortclientsslvpn/default.nix Normal file
View File

@ -0,0 +1,87 @@
{ stdenv, lib, fetchurl, gtk, glib, libSM, gdk_pixbuf, libX11, libXinerama, iproute,
makeWrapper, libredirect, ppp, coreutils, gawk, pango }:
stdenv.mkDerivation rec {
name = "forticlientsslvpn";
# forticlient will be copied into /tmp before execution. this is necessary as
# the software demands $base to be writeable
src = fetchurl {
# archive.org mirror:
# https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz
url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz;
sha256 = "19clnf9rgrnwazlpah8zz5kvz6kc8lxawrgmksx25k5ywflmbcrr";
};
phases = [ "unpackPhase" "buildPhase" "installPhase" "fixupPhase" ];
buildInputs = [ makeWrapper ];
binPath = lib.makeSearchPath "bin" [
coreutils
gawk
];
libPath = lib.makeLibraryPath [
stdenv.cc.cc
];
guiLibPath = lib.makeLibraryPath [
gtk
glib
libSM
gdk_pixbuf
libX11
libXinerama
pango
];
buildPhase = ''
# TODO: 32bit, use the 32bit folder
patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
--set-rpath "$libPath" \
64bit/forticlientsslvpn_cli
patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
--set-rpath "$libPath:$guiLibPath" \
64bit/forticlientsslvpn
patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
--set-rpath "$libPath" \
64bit/helper/subproc
sed -i 's#\(export PATH=\).*#\1"${binPath}"#' 64bit/helper/waitppp.sh
'';
installPhase = ''
mkdir -p "$out/opt/fortinet"
cp -r 64bit/. "$out/opt/fortinet"
wrapProgram $out/opt/fortinet/forticlientsslvpn \
--set LD_PRELOAD "${libredirect}/lib/libredirect.so" \
--set NIX_REDIRECTS /usr/sbin/ip=${iproute}/bin/ip:/usr/sbin/ppp=${ppp}/bin/ppp
mkdir -p "$out/bin/"
cat > $out/bin/forticlientsslvpn <<EOF
#!/bin/sh
# prepare suid bit in tmp
# TODO maybe tmp does not support suid
set -euf
tmpforti=\$(${coreutils}/bin/mktemp -d)
trap "rm -rf \$tmpforti;" INT TERM EXIT
cp -r $out/opt/fortinet/. \$tmpforti
chmod +s \$tmpforti/helper/subproc
cd \$tmpforti
"./forticlientsslvpn" "\$@"
EOF
chmod +x $out/bin/forticlientsslvpn
chmod -x $out/opt/fortinet/helper/showlicense
'';
meta = {
homepage = http://www.fortinet.com;
description = "Forticlient SSL-VPN client";
license = lib.licenses.nonfree;
maintainers = [ lib.maintainers.makefu ];
};
}

33
krebs/5pkgs/snapraid/default.nix Normal file
View File

@ -0,0 +1,33 @@
{stdenv, fetchurl}:
let
s = # Generated upstream information
rec {
baseName="jq";
version="1.5";
name="${baseName}-${version}";
url=https://github.com/stedolan/jq/releases/download/jq-1.5/jq-1.5.tar.gz;
sha256="0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4";
};
buildInputs = [
];
in
stdenv.mkDerivation {
inherit (s) name version;
inherit buildInputs;
src = fetchurl {
inherit (s) url sha256;
};
# jq is linked to libjq:
configureFlags = [
"LDFLAGS=-Wl,-rpath,\\\${libdir}"
];
meta = {
inherit (s) version;
description = ''A lightweight and flexible command-line JSON processor'';
license = stdenv.lib.licenses.mit ;
maintainers = [stdenv.lib.maintainers.raskin];
platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
};
}

1
krebs/Zpubkeys/exco.ssh.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== christian.stoeveken@gmail.com

1
krebs/Zpubkeys/makefu_arch.ssh.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster

1
krebs/Zpubkeys/makefu_omo.ssh.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch

1
krebs/Zpubkeys/makefu_tsp.ssh.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp

1
krebs/Zpubkeys/makefu_vbob.ssh.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@nixos

37
makefu/1systems/omo.nix Normal file
View File

@ -0,0 +1,37 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
../2configs/fs/single-partition-ext4.nix
../2configs/tinc-basic-retiolum.nix
../2configs/exim-retiolum.nix
];
krebs.build.host = config.krebs.hosts.omo;
# AMD E350
boot = {
loader.grub.device = "/dev/sda";
initrd.availableKernelModules = [
"usb_storage"
"ahci"
"xhci_hcd"
"ata_piix"
"uhci_hcd"
"ehci_pci"
];
kernelModules = [ ];
extraModulePackages = [ ];
};
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
networking.firewall.allowPing = true;
}

17
makefu/1systems/pornocauster.nix
View File

@ -6,14 +6,12 @@
{
imports =
[ # Include the results of the hardware scan.
../2configs/main-laptop.nix #< base-gui
../2configs/main-laptop.nix #< base-gui + zsh
# Krebs
../2configs/tinc-basic-retiolum.nix
#../2configs/disable_v6.nix
# environment
../2configs/zsh-user.nix
# applications
@ -36,11 +34,17 @@
# ../2configs/mediawiki.nix
#../2configs/wordpress.nix
];
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
buildbot = let
pkgs1509 = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
in pkgs1509.buildbot;
};
makefu.buildbot.master.enable = true;
#krebs.Reaktor.enable = true;
#krebs.Reaktor.nickname = "makefu|r";
krebs.build.host = config.krebs.hosts.pornocauster;
# nix.binaryCaches = [ "http://acng.shack/nixos" "https://cache.nixos.org" ];
environment.systemPackages = with pkgs;[
get
@ -58,4 +62,5 @@
25
];
krebs.build.host = config.krebs.hosts.pornocauster;
}

57
makefu/1systems/vbob.nix
View File

@ -1,9 +1,10 @@
#
#
#
{ config, pkgs, ... }:
{
{ lib, config, pkgs, ... }:
let
pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
in {
krebs.build.host = config.krebs.hosts.vbob;
krebs.build.target = "root@10.10.10.220";
imports =
@ -12,13 +13,52 @@
../2configs/main-laptop.nix #< base-gui
# environment
../2configs/zsh-user.nix
../2configs/virtualization.nix
];
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
buildbot = pkgs-unst.buildbot;
buildbot-slave = pkgs-unst.buildbot-slave;
};
makefu.buildbot.master = {
enable = true;
irc = {
enable = true;
server = "cd.retiolum";
channel = "retiolum";
allowForce = true;
};
};
makefu.buildbot.slave = {
enable = true;
masterhost = "localhost";
username = "testslave";
password = "krebspass";
};
krebs.build.source.git.nixpkgs = {
#url = https://github.com/nixos/nixpkgs;
# HTTP Everywhere
rev = "a3974e";
};
fileSystems."/nix" = {
device ="/dev/disk/by-label/nixstore";
fsType = "ext4";
};
#makefu.buildbot.master.enable = true;
# allow vbob to deploy self
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
};
};
environment.systemPackages = with pkgs;[
buildbot
buildbot-slave
get
];
genid
];
networking.firewall.allowedTCPPorts = [
25
@ -32,8 +72,8 @@
connectTo = [
"gum"
];
};
networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000";
fileSystems."/media/share" = {
fsType = "vboxsf";
@ -42,3 +82,4 @@
};
}

18
makefu/2configs/Reaktor/full.nix Normal file
View File

@ -0,0 +1,18 @@
_:
{
# implementation of the complete Reaktor bot
imports = [
#./stockholmLentil.nix
./simpleExtend.nix
./random-emoji.nix
./titlebot.nix
./shack-correct.nix
./sed-plugin.nix
];
krebs.Reaktor.nickname = "Reaktor|bot";
krebs.Reaktor.enable = true;
krebs.Reaktor.extraEnviron = {
REAKTOR_CHANNELS = "#krebs,#binaergewitter,#shackspace";
};
}

2
makefu/2configs/Reaktor/sed-plugin.nix
View File

@ -7,7 +7,7 @@ in {
#TODO: this will eat up the last regex, fix Reaktor
krebs.Reaktor.extraConfig = ''
public_commands.append({
'capname' : "shack-correct",
'capname' : "sed-plugin",
# only support s///gi
'pattern' : '^(?P<args>.*)$$',
'argv' : ["${pkgs.python3}/bin/python3","${script}"],

29
makefu/2configs/base-gui.nix
View File

@ -73,4 +73,33 @@ in
enable = true;
# systemWide = true;
};
services.xserver.displayManager.sessionCommands = let
xdefaultsfile = pkgs.writeText "Xdefaults" ''
cat |derp <<EOF
XTerm*background: black
XTerm*foreground: white
XTerm*FaceName : Terminus:pixelsize=14
URxvt*termName: rxvt
URxvt.scrollBar : False
URxvt*scrollBar_right: false
URxvt*borderLess: false
URxvt.foreground: white
URxvt.background: black
URxvt.urgentOnBell: true
URxvt.visualBell: false
URxvt.font : xft:Terminus
! blue
URxvt*color4: #268bd2
URxvt.perl-ext: default,url-select
URxvt.keysym.M-u: perl:url-select:select_next
#URxvt.url-select.launcher: firefox -new-tab
URxvt.url-select.launcher: chromium
URxvt.url-select.underline: true
URxvt.searchable-scrollback: CM-s
'';
in "cat ${xdefaultsfile} | xrdb -merge";
}

5
makefu/2configs/default.nix
View File

@ -104,6 +104,8 @@ with lib;
HISTSIZE=900001
HISTFILESIZE=$HISTSIZE
PYTHONSTARTUP="~/.pythonrc";
shopt -s checkhash
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
@ -123,6 +125,9 @@ with lib;
environment.shellAliases = {
lsl = "ls -lAtr";
psg = "ps -ef | grep";
nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
grep = "grep --color=auto";
};
nixpkgs.config.packageOverrides = pkgs: {

20
makefu/2configs/git/cgit-retiolum.nix
View File

@ -80,26 +80,6 @@ let
};
in {
imports = [{
krebs.users = {
makefu-omo = {
name = "makefu-omo" ;
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub;
};
makefu-vbob = {
name = "makefu-vbob" ;
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_vbob.ssh.pub;
};
makefu-tsp = {
name = "makefu-tsp" ;
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;
};
exco = {
name = "exco";
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/exco.ssh.pub;
};
};
}];
krebs.git = {
enable = true;
root-title = "public repositories";

1
makefu/2configs/main-laptop.nix
View File

@ -9,6 +9,7 @@ with lib;
imports = [
./base-gui.nix
./fetchWallpaper.nix
./zsh-user.nix
];
environment.systemPackages = with pkgs;[
vlc

26
makefu/2configs/nginx/euer.test.nix Normal file
View File

@ -0,0 +1,26 @@
{ config, lib, pkgs, ... }:
with lib;
let
hostname = config.krebs.build.host.name;
user = config.services.nginx.user;
group = config.services.nginx.group;
external-ip = head config.krebs.build.host.nets.internet.addrs4;
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
in {
krebs.nginx = {
enable = mkDefault true;
servers = {
euer-share = {
listen = [ ];
server-names = [ "share.euer.krebsco.de" ];
locations = singleton (nameValuePair "/" ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8000/;
'');
};
};
};
}

4
makefu/2configs/wwan.nix
View File

@ -9,6 +9,10 @@ in {
wvdial
];
environment.shellAliases = {
umts = "sudo wvdial netzclub";
};
# configure for NETZCLUB
environment.wvdial.dialerDefaults = ''
Phone = *99***1#

42
makefu/2configs/zsh-user.nix
View File

@ -5,6 +5,46 @@ let
mainUser = config.krebs.build.user.name;
in
{
programs.zsh.enable = true;
users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh";
programs.zsh= {
enable = true;
interactiveShellInit = ''
HISTSIZE=900001
HISTFILESIZE=$HISTSIZE
SAVEHIST=$HISTSIZE
setopt HIST_IGNORE_ALL_DUPS
setopt HIST_IGNORE_SPACE
setopt HIST_FIND_NO_DUPS
bindkey -e
# shift-tab
bindkey '^[[Z' reverse-menu-complete
autoload -U compinit && compinit
zstyle ':completion:*' menu select
# load gpg-agent
envfile="$HOME/.gnupg/gpg-agent.env"
if [ -e "$envfile" ] && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then
eval "$(cat "$envfile")"
else
eval "$(${pkgs.gnupg}/bin/gpg-agent --daemon --enable-ssh-support --write-env-file "$envfile")"
fi
export GPG_AGENT_INFO
export SSH_AUTH_SOCK
'';
promptInit = ''
RPROMPT=""
autoload colors && colors
case $UID in
0) PROMPT="%{$fg[red]%}%~%{$reset_color%} " ;;
9001) PROMPT="%{$fg[green]%}%~%{$reset_color%} " ;;
*) PROMPT="%{$fg[yellow]%}%n %{$fg[green]%}%~%{$reset_color%} " ;;
esac
if test -n "$SSH_CLIENT"; then
PROMPT="%{$fg[magenta]%}%m $PROMPT"
fi
'';
};
}

226
makefu/3modules/buildbot/master.nix Normal file
View File

@ -0,0 +1,226 @@
{ config, pkgs, lib, ... }:
with lib;
let
buildbot = pkgs.buildbot;
buildbot-master-config = pkgs.writeText "buildbot-master.cfg" ''
# -*- python -*-
from buildbot.plugins import *
c = BuildmasterConfig = {}
c['slaves'] = []
# TODO: template potential buildslaves
# TODO: set password?
slavenames= [ 'testslave' ]
for i in slavenames:
c['slaves'].append(buildslave.BuildSlave(i, "krebspass"))
c['protocols'] = {'pb': {'port': 9989}}
####### Build Inputs
stockholm_repo = 'http://cgit.gum/stockholm'
c['change_source'] = []
c['change_source'].append(changes.GitPoller(
stockholm_repo,
workdir='stockholm-poller', branch='master',
project='stockholm',
pollinterval=300))
####### Build Scheduler
# TODO: configure scheduler
important_files = util.ChangeFilter(
project_re="^((krebs|share)/.*|Makefile|default.nix)",
branch='master')
c['schedulers'] = []
c['schedulers'].append(schedulers.SingleBranchScheduler(
name="all-important-files",
change_filter=important_files,
# 3 minutes stable tree
treeStableTimer=3*60,
builderNames=["runtests"]))
c['schedulers'].append(schedulers.ForceScheduler(
name="force",
builderNames=["runtests"]))
###### The actual build
factory = util.BuildFactory()
factory.addStep(steps.Git(repourl=stockholm_repo, mode='incremental'))
deps = [ "gnumake", "jq" ]
factory.addStep(steps.ShellCommand(command=["nix-shell", "-p" ] + deps ))
factory.addStep(steps.ShellCommand(env={"LOGNAME": "shared"},
command=["make", "get=krebs.deploy",
"system=test-centos7"]))
# TODO: different Builders?
c['builders'] = []
c['builders'].append(
util.BuilderConfig(name="runtests",
# TODO: only some slaves being used in builder?
slavenames=slavenames,
factory=factory))
####### Status of Builds
c['status'] = []
from buildbot.status import html
from buildbot.status.web import authz, auth
# TODO: configure if http is wanted
authz_cfg=authz.Authz(
# TODO: configure user/pw
auth=auth.BasicAuth([("krebs","bob")]),
gracefulShutdown = False,
forceBuild = 'auth',
forceAllBuilds = 'auth',
pingBuilder = False,
stopBuild = False,
stopAllBuilds = False,
cancelPendingBuild = False,
)
# TODO: configure nginx
c['status'].append(html.WebStatus(http_port=8010, authz=authz_cfg))
from buildbot.status import words
${optionalString (cfg.irc.enable) ''
irc = words.IRC("${cfg.irc.server}", "krebsbuild",
# TODO: multiple channels
channels=["${cfg.irc.channel}"],
notify_events={
'success': 1,
'failure': 1,
'exception': 1,
'successToFailure': 1,
'failureToSuccess': 1,
}${optionalString cfg.irc.allowForce ",allowForce=True"})
c['status'].append(irc)
''}
####### PROJECT IDENTITY
c['title'] = "Stockholm"
c['titleURL'] = "http://krebsco.de"
c['buildbotURL'] = "http://buildbot.krebsco.de/"
####### DB URL
c['db'] = {
'db_url' : "sqlite:///state.sqlite",
}
${cfg.extraConfig}
'';
cfg = config.makefu.buildbot.master;
api = {
enable = mkEnableOption "Buildbot Master";
workDir = mkOption {
default = "/var/lib/buildbot/master";
type = types.str;
description = ''
Path to build bot master directory.
Will be created on startup.
'';
};
irc = mkOption {
default = {};
type = types.submodule ({ config, ... }: {
options = {
enable = mkEnableOption "Buildbot Master IRC Status";
channel = mkOption {
default = "nix-buildbot-meetup";
type = types.str;
description = ''
irc channel the bot should connect to
'';
};
allowForce = mkOption {
default = false;
type = types.bool;
description = ''
Determines if builds can be forced via IRC
'';
};
nick = mkOption {
default = "nix-buildbot";
type = types.str;
description = ''
nickname for IRC
'';
};
server = mkOption {
default = "irc.freenode.net";
type = types.str;
description = ''
Buildbot Status IRC Server to connect to
'';
};
};
});
};
extraConfig = mkOption {
default = "";
type = types.lines;
description = ''
extra config appended to the generated master.cfg
'';
};
};
imp = {
users.extraUsers.buildbotMaster = {
uid = 672626386; #genid buildbotMaster
description = "Buildbot Master";
home = cfg.workDir;
createHome = false;
};
users.extraGroups.buildbotMaster = {
gid = 672626386;
};
systemd.services.buildbotMaster = {
description = "Buildbot Master";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = let
workdir="${lib.shell.escape cfg.workDir}";
in {
PermissionsStartOnly = true;
Type = "forking";
PIDFile = "${workdir}/twistd.pid";
# TODO: maybe also prepare buildbot.tac?
ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
#!/bin/sh
set -efux
if [ ! -e ${workdir} ];then
mkdir -p ${workdir}
${buildbot}/bin/buildbot create-master -r -l 10 -f ${workdir}
fi
# always override the master.cfg
cp ${buildbot-master-config} ${workdir}/master.cfg
# sanity
${buildbot}/bin/buildbot checkconfig ${workdir}
# TODO: maybe upgrade? not sure about this
# normally we should write buildbot.tac by our own
# ${buildbot}/bin/buildbot upgrade-master ${workdir}
chmod 700 -R ${workdir}
chown buildbotMaster:buildbotMaster -R ${workdir}
'';
ExecStart = "${buildbot}/bin/buildbot start ${workdir}";
ExecStop = "${buildbot}/bin/buildbot stop ${workdir}";
ExecReload = "${buildbot}/bin/buildbot reconfig ${workdir}";
PrivateTmp = "true";
User = "buildbotMaster";
Restart = "always";
RestartSec = "10";
};
};
};
in
{
options.makefu.buildbot.master = api;
config = mkIf cfg.enable imp;
}

159
makefu/3modules/buildbot/slave.nix Normal file
View File

@ -0,0 +1,159 @@
{ config, pkgs, lib, ... }:
with lib;
let
buildbot-slave-init = pkgs.writeText "buildbot-slave.tac" ''
import os
from buildslave.bot import BuildSlave
from twisted.application import service
basedir = '${cfg.workDir}'
rotateLength = 10000000
maxRotatedFiles = 10
application = service.Application('buildslave')
from twisted.python.logfile import LogFile
from twisted.python.log import ILogObserver, FileLogObserver
logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength,
maxRotatedFiles=maxRotatedFiles)
application.setComponent(ILogObserver, FileLogObserver(logfile).emit)
buildmaster_host = '${cfg.masterhost}'
# TODO: masterport?
port = 9989
slavename = '${cfg.username}'
passwd = '${cfg.password}'
keepalive = 600
usepty = 0
umask = None
maxdelay = 300
allow_shutdown = None
${cfg.extraConfig}
s = BuildSlave(buildmaster_host, port, slavename, passwd, basedir,
keepalive, usepty, umask=umask, maxdelay=maxdelay,
allow_shutdown=allow_shutdown)
s.setServiceParent(application)
'';
cfg = config.makefu.buildbot.slave;
api = {
enable = mkEnableOption "Buildbot Slave";
workDir = mkOption {
default = "/var/lib/buildbot/slave";
type = types.str;
description = ''
Path to build bot slave directory.
Will be created on startup.
'';
};
masterhost = mkOption {
default = "localhost";
type = types.str;
description = ''
Hostname/IP of the buildbot master
'';
};
username = mkOption {
type = types.str;
description = ''
slavename used to authenticate with master
'';
};
password = mkOption {
type = types.str;
description = ''
slave password used to authenticate with master
'';
};
contact = mkOption {
default = "nix slave <buildslave@${config.networking.hostName}>";
type = types.str;
description = ''
contact to be announced by buildslave
'';
};
description = mkOption {
default = "Nix Generated BuildSlave";
type = types.str;
description = ''
description for hostto be announced by buildslave
'';
};
extraConfig = mkOption {
default = "";
type = types.lines;
example = ''
port = 443
keepalive = 600
'';
description = ''
extra config evaluated before calling BuildSlave init in .tac file
'';
};
};
imp = {
users.extraUsers.buildbotSlave = {
uid = 1408105834; #genid buildbotMaster
description = "Buildbot Slave";
home = cfg.workDir;
createHome = false;
};
users.extraGroups.buildbotSlave = {
gid = 1408105834;
};
systemd.services."buildbotSlave-${cfg.username}-${cfg.masterhost}" = {
description = "Buildbot Slave for ${cfg.username}@${cfg.masterhost}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = let
workdir = "${lib.shell.escape cfg.workDir}";
contact = "${lib.shell.escape cfg.contact}";
description = "${lib.shell.escape cfg.description}";
buildbot = pkgs.buildbot-slave;
# TODO:make this
in {
PermissionsStartOnly = true;
Type = "forking";
PIDFile = "${workdir}/twistd.pid";
# TODO: maybe also prepare buildbot.tac?
ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
#!/bin/sh
set -efux
mkdir -p ${workdir}/info
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
echo ${contact} > ${workdir}/info/admin
echo ${description} > ${workdir}/info/host
chown buildbotSlave:buildbotSlave -R ${workdir}
chmod 700 -R ${workdir}
'';
ExecStart = "${buildbot}/bin/buildslave start ${workdir}";
ExecStop = "${buildbot}/bin/buildslave stop ${workdir}";
PrivateTmp = "true";
User = "buildbotSlave";
Restart = "always";
RestartSec = "10";
};
};
};
in
{
options.makefu.buildbot.slave = api;
config = mkIf cfg.enable imp;
}

1
makefu/3modules/default.nix
View File

@ -2,6 +2,7 @@ _:
{
imports = [
./buildbot/master.nix
];
}

3
shared/1systems/wolf.nix
View File

@ -11,6 +11,7 @@ in
../2configs/collectd-base.nix
../2configs/shack-nix-cacher.nix
../2configs/shack-drivedroid.nix
../2configs/cac-ci.nix
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)
@ -24,7 +25,7 @@ in
}];
defaultGateway = "10.42.0.1";
nameservers = [ "8.8.8.8" ];
nameservers = [ "10.42.0.100" "10.42.0.200" ];
};
#####################

11
shared/2configs/cac-ci.nix Normal file
View File

@ -0,0 +1,11 @@
{ config, lib, pkgs, ... }:
with lib;
{
environment.systemPackages = with pkgs;[
get
cac
cacpanel
jq
];
}

37
shared/2configs/graphite.nix Normal file
View File

@ -0,0 +1,37 @@
{ config, lib, pkgs, ... }:
# graphite-web on port 8080
# carbon cache on port 2003 (tcp/udp)
# TODO: krebs.graphite.minimal.enable
# TODO: configure firewall
with lib;
{
imports = [ ];
services.graphite = {
web = {
enable = true;
host = "0.0.0.0";
};
carbon = {
enableCache = true;
# save disk usage by restricting to 1 bulk update per second
config = ''
[cache]
MAX_CACHE_SIZE = inf
MAX_UPDATES_PER_SECOND = 1
MAX_CREATES_PER_MINUTE = 50
'';
storageSchemas = ''
[carbon]
pattern = ^carbon\.
retentions = 60:90d
[default]
pattern = .*
retentions = 60s:30d,300s:1y
'';
};
};
}