Merge remote-tracking branch 'bobby/master'

This commit is contained in:
lassulus 2015-12-30 18:20:35 +01:00
commit 0ed16606b2
10 changed files with 329 additions and 0 deletions

View File

@ -84,6 +84,7 @@ let
imp = mkMerge [ imp = mkMerge [
{ krebs = import ./lass { inherit lib; }; } { krebs = import ./lass { inherit lib; }; }
{ krebs = import ./makefu { inherit lib; }; } { krebs = import ./makefu { inherit lib; }; }
{ krebs = import ./miefda { inherit lib; }; }
{ krebs = import ./mv { inherit lib; }; } { krebs = import ./mv { inherit lib; }; }
{ krebs = import ./shared { inherit lib; }; } { krebs = import ./shared { inherit lib; }; }
{ krebs = import ./tv { inherit lib; }; } { krebs = import ./tv { inherit lib; }; }

View File

@ -0,0 +1,40 @@
{ lib, ... }:
with lib;
{
hosts = addNames {
bobby = {
cores = 4;
dc = "miefda";
nets = {
retiolum = {
addrs4 = ["10.243.111.112"];
addrs6 = ["42:0:0:0:0:0:111:112"];
aliases = [
"bobby.retiolum"
"cgit.bobby.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s
uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y
Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny
0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+
jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu
cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
#ssh.privkey.path = <secrets/ssh.ed25519>;
#ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro";
};
};
users = addNames {
miefda = {
mail = "miefda@miefda.de";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVdNCks6mrItKHYIwgW3s+NINFhHqZtLPj3l6TJUWd93ZSuuI6P+Z/0m0G9Z4tWWaXWsOCnzMA2WOKcitBbLcaQxVypJfvmfoA5CVlh4/nf8NfvbMFkVIYPehxR7YoejfKOxPOCNC3248RiD8kqa4/5IF8qdqE+mRQUIZJXvN0jZZ+rGnYo5Z544O9JqsV+VjjOgK0Fchpxf/lC8dnBucIce7gUwi5npwsGQZgSDmRobBRFVDZag1abLFNZN2faI8uqzSlU6KRRapYV266Of7j3kmDokMan4szjP1EexmTWm+arwRiz9p0M5oKs6zofez0mOyF5ux02NB3XIhbJc8CfMjeA7PmSg4ZhghjlSjIOR+1mMIDiDVi6PNLw5atzvpyfYtpf5sWpdIpXCS0lyzIgasqW4gbAiWoFPv5A0mw0QI6UqlxQ8Pdm6R7P6yQxyknrxnvFGMQPiqgl21ssSNA9A+YRd4j0nATntzOeD1bxTZkyU4FtW++0hg3Ph6HiHLfPd9w70wPr7b0RITVnBcN2ZqIO+5NIqQYU801FCNXsTuBh0ueTsVTGJYySUGkmkHyH5spLYdr1Z5w+4W+HgbxPk40pyZJ18S0umL49igxR9NsniucFy1/jqqi0TiDIsHx6vsawFT1F2rq9ZtGaRcJL6Yfz0p+uZC5rc/nI+mMlQ== miefda@nixos";
};
};
}

102
miefda/1systems/bobby.nix Normal file
View File

@ -0,0 +1,102 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
../2configs/miefda.nix
../2configs/tlp.nix
../2configs/x220t.nix
../2configs/hardware-configuration.nix
../2configs/tinc-basic-retiolum.nix
../2configs/git.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda";
networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Select internationalisation properties.
i18n = {
# consoleFont = "Lat2-Terminus16";
consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
};
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.systemPackages = with pkgs; [
wget chromium
];
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable the KDE Desktop Environment.
#services.xserver.displayManager.kdm.enable = true;
services.xserver.desktopManager = {
xfce.enable = true;
xterm.enable= false;
};
# Define a user account. Don't forget to set a password with passwd.
users.extraUsers.miefda = {
isNormalUser = true;
initialPassword= "welcome";
uid = 1000;
extraGroups= [
"wheel"
];
};
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "15.09";
networking.hostName = config.krebs.build.host.name;
krebs = {
enable = true;
search-domain = "retiolum";
build = {
host = config.krebs.hosts.bobby;
user = config.krebs.users.miefda;
source = {
git.nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
rev = "363c8430f1efad8b03d5feae6b3a4f2fe7b29251";
target-path = "/var/src/nixpkgs";
};
dir.secrets = {
host = config.krebs.hosts.bobby;
path = "/home/miefda/secrets/${config.krebs.build.host.name}";
};
dir.stockholm = {
host = config.krebs.hosts.bobby;
path = "/home/miefda/gits/stockholm";
};
};
};
};
}

87
miefda/2configs/git.nix Normal file
View File

@ -0,0 +1,87 @@
{ config, lib, pkgs, ... }:
with lib;
let
out = {
krebs.git = {
enable = true;
root-title = "public repositories at ${config.krebs.build.host.name}";
root-desc = "keep calm and engage";
repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
rules = rules;
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
];
};
repos =
public-repos //
optionalAttrs config.krebs.build.host.secure restricted-repos;
rules = concatMap make-rules (attrValues repos);
public-repos = mapAttrs make-public-repo {
painload = {};
stockholm = {
desc = "take all the computers hostage, they'll love you!";
};
#wai-middleware-time = {};
#web-routes-wai-custom = {};
#go = {};
#newsbot-js = {};
#kimsufi-check = {};
#realwallpaper = {};
};
restricted-repos = mapAttrs make-restricted-repo (
{
brain = {
collaborators = with config.krebs.users; [ tv makefu ];
};
} //
import <secrets/repos.nix> { inherit config lib pkgs; }
);
make-public-repo = name: { desc ? null, ... }: {
inherit name desc;
public = true;
hooks = {
post-receive = pkgs.git-hooks.irc-announce {
# TODO make nick = config.krebs.build.host.name the default
nick = config.krebs.build.host.name;
channel = "#retiolum";
server = "cd.retiolum";
verbose = config.krebs.build.host.name == "bobby";
};
};
};
make-restricted-repo = name: { collaborators ? [], desc ? null, ... }: {
inherit name collaborators desc;
public = false;
};
make-rules =
with git // config.krebs.users;
repo:
singleton {
user = miefda;
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
optional repo.public {
user = [ lass tv makefu uriel ];
repo = [ repo ];
perm = fetch;
} ++
optional (length (repo.collaborators or []) > 0) {
user = repo.collaborators;
repo = [ repo ];
perm = fetch;
};
in out

View File

@ -0,0 +1,23 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "usb_storage" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/4db70ae3-1ff9-43d7-8fcc-83264761a0bb";
fsType = "ext4";
};
swapDevices = [ ];
nix.maxJobs = 4;
}

View File

@ -0,0 +1,8 @@
{ config, lib, pkgs, ... }:
with lib;
{
#networking.wicd.enable = true;
}

View File

@ -0,0 +1,15 @@
{ config, lib, pkgs, ... }:
with lib;
{
krebs.retiolum = {
enable = true;
hosts = ../../krebs/Zhosts;
connectTo = [
"gum"
"pigstarter"
"prism"
"ire"
];
};
}

25
miefda/2configs/tlp.nix Normal file
View File

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
with lib;
{
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
hardware.cpu.intel.updateMicrocode = true;
zramSwap.enable = true;
zramSwap.numDevices = 2;
hardware.trackpoint = {
enable = true;
sensitivity = 220;
speed = 220;
emulateWheel = true;
};
services.tlp.enable = true;
services.tlp.extraConfig = ''
START_CHARGE_THRESH_BAT0=80
'';
}

27
miefda/2configs/x220t.nix Normal file
View File

@ -0,0 +1,27 @@
{ config, lib, pkgs, ... }:
with lib;
{
services.xserver = {
xkbVariant = "altgr-intl";
videoDriver = "intel";
# vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
deviceSection = ''
Option "AccelMethod" "sna"
'';
};
services.xserver.displayManager.sessionCommands =''
xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1
xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2
xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5
# xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 8 200
'';
hardware.bluetooth.enable = true;
}

1
miefda/5pkgs/default.nix Normal file
View File

@ -0,0 +1 @@
_:{}