diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 7f5d2c7bd..bf09b7424 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -155,14 +155,13 @@ let to = concatMapStringsSep "," (getAttr "mail") (toList to); }; in mapAttrsToList format (with config.krebs.users; let - eloop-ml = spam-ml ++ [ ciko Mic92 ]; + eloop-ml = spam-ml ++ [ ciko ]; spam-ml = [ lass makefu tv ]; ciko.mail = "wieczorek.stefan@gmail.com"; - Mic92.mail = "joerg@higgsboson.tk"; in { "anmeldung@eloop.org" = eloop-ml; "cfp@eloop.org" = eloop-ml; diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index a4a4de6f9..09b493c20 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -29,9 +29,10 @@ let tables = mkOption { type = with types; attrsOf (attrsOf (submodule ({ options = { + #TODO: find out good defaults. policy = mkOption { type = str; - default = "-"; + default = "ACCEPT"; }; rules = mkOption { type = nullOr (listOf (submodule ({ @@ -133,30 +134,9 @@ let #===== rules = iptables-version: - let - #TODO: find out good defaults. - tables-defaults = { - nat.PREROUTING.policy = "ACCEPT"; - nat.INPUT.policy = "ACCEPT"; - nat.OUTPUT.policy = "ACCEPT"; - nat.POSTROUTING.policy = "ACCEPT"; - filter.INPUT.policy = "ACCEPT"; - filter.FORWARD.policy = "ACCEPT"; - filter.OUTPUT.policy = "ACCEPT"; - - #if someone specifies any other rules on this chain, the default rules get lost. - #is this wanted beahiviour or a bug? - #TODO: implement abstraction of rules - filter.INPUT.rules = [ - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; } - ]; - }; - tables = tables-defaults // cfg.tables; - - in - pkgs.writeText "krebs-iptables-rules${iptables-version}" '' - ${buildTables iptables-version tables} - ''; + pkgs.writeText "krebs-iptables-rules${iptables-version}" '' + ${buildTables iptables-version cfg.tables} + ''; startScript = pkgs.writeDash "krebs-iptables_start" '' set -euf diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index fbab23500..cdb6d34ab 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -36,6 +36,7 @@ in { gitAndTools.qgit lm_sensors much + ncdu nmap pavucontrol powertop diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index e7fbccb77..72cd66420 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -18,25 +18,34 @@ in { }; change_source.stockholm = '' stockholm_repo = '${stockholm-mirror-url}' - cs.append(changes.GitPoller( + cs.append( + changes.GitPoller( stockholm_repo, workdir='stockholm-poller', branches=True, project='stockholm', - pollinterval=120)) + pollinterval=120 + ) + ) ''; scheduler = { build-scheduler = '' # build all hosts - sched.append(schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter(branch_re=".*"), - treeStableTimer=10, - name="build-all-branches", - builderNames=["build-all", "build-pkgs"])) + sched.append( + schedulers.SingleBranchScheduler( + change_filter=util.ChangeFilter(branch_re=".*"), + treeStableTimer=10, + name="build-all-branches", + builderNames=["build-hosts", "build-pkgs"] + ) + ) ''; }; builder_pre = '' # prepare grab_repo step for stockholm - grab_repo = steps.Git(repourl=stockholm_repo, mode='full') + grab_repo = steps.Git( + repourl=stockholm_repo, + mode='full' + ) # TODO: get nixpkgs/stockholm paths from krebs env_lass = { @@ -57,45 +66,73 @@ in { # prepare nix-shell # the dependencies which are used by the test script - deps = [ "gnumake", "jq", "nix", "(import ).pkgs.populate", "openssh" ] + deps = [ + "gnumake", + "jq", + "nix", + "(import ).pkgs.populate", + "openssh" + ] # TODO: --pure , prepare ENV in nix-shell command: # SSL_CERT_FILE,LOGNAME,NIX_REMOTE - nixshell = ["nix-shell", - "-I", "stockholm=.", - "-I", "nixpkgs=/var/src/nixpkgs", - "-p" ] + deps + [ "--run" ] + nixshell = [ + "nix-shell", + "-I", "stockholm=.", + "-I", "nixpkgs=/var/src/nixpkgs", + "-p" + ] + deps + [ "--run" ] # prepare addShell function def addShell(factory,**kwargs): factory.addStep(steps.ShellCommand(**kwargs)) ''; builder = { - build-all = '' + build-hosts = '' f = util.BuildFactory() f.addStep(grab_repo) - for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: - addShell(f,name="build-{}".format(i),env=env_lass, - command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ + for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]: + addShell(f,name="build-{}".format(i),env=env_shared, + command=nixshell + \ + ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ make \ test \ target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ method=build \ - system={}".format(i)]) + system={}".format(i) + ] + ) + + for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: + addShell(f,name="build-{}".format(i),env=env_lass, + command=nixshell + \ + ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ + make \ + test \ + target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ + method=build \ + system={}".format(i) + ] + ) for i in [ "x", "wry", "vbob", "wbob", "shoney" ]: - addShell(f,name="build-{}".format(i),env=env_makefu, - command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ + addShell(f,name="build-{}".format(i),env=env_makefu, + command=nixshell + \ + ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ make \ test \ target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ method=build \ - system={}".format(i)]) + system={}".format(i) + ] + ) - bu.append(util.BuilderConfig(name="build-all", - workernames=workernames, - factory=f)) + bu.append( + util.BuilderConfig( + name="build-hosts", + workernames=workernames, + factory=f + ) + ) ''; diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 0eec97922..82b7eb2c9 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -2,10 +2,28 @@ let mainUser = config.users.extraUsers.mainUser; + doom = pkgs.writeDash "doom" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${pkgs.zandronum}/bin/zandronum \ + -file $DOOM_DIR/lib/brutalv20.pk3 \ + -file $DOOM_DIR/lib/RebotStarcraftMarines.pk3 \ + -fov 120 \ + "$@" + ''; + doom1 = pkgs.writeDashBin "doom1" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@" + ''; + doom2 = pkgs.writeDashBin "doom2" '' + DOOM_DIR=''${DOOM_DIR:-~/doom/} + ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@" + ''; in { environment.systemPackages = with pkgs; [ dwarf_fortress + doom1 + doom2 ]; users.extraUsers = { diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index caca98746..48472f7a1 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "ee52e9809185bdf44452f2913e3f6ef839c15c4e"; + ref = "e360c7205f84be180d80b97f3980fb809a951486"; }; } diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index aac2b96d4..bfaae24c8 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -175,8 +175,8 @@ let "Syntastic config let g:syntastic_python_checkers=['flake8'] - nmap q :buffer - nmap :buffer + nmap q :buffer + nmap :buffer cnoremap diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index e1aec360d..6fe3883a1 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -5,25 +5,39 @@ { imports = - [ # Include the results of the hardware scan. + [ # base ../. - ../2configs/main-laptop.nix #< base-gui + zsh + ../2configs/main-laptop.nix ../2configs/laptop-utils.nix ../2configs/laptop-backup.nix - # Krebs - #../2configs/disable_v6.nix - ../2configs/rad1o.nix + # testing + #../2configs/elchos/search.nix + #../2configs/temp/share-samba.nix + # ../2configs/mediawiki.nix + # ../2configs/wordpress.nix + # ../2configs/nginx/public_html.nix + # ../2configs/nginx/icecult.nix + ../2configs/laptop-backup.nix + #../2configs/temp/elkstack.nix + # ../2configs/temp/sabnzbd.nix + ../2configs/tinc/siem.nix + #../2configs/torrent.nix + + # Krebs + ../2configs/disable_v6.nix + ../2configs/tinc/retiolum.nix + # applications - ../2configs/exim-retiolum.nix ../2configs/mail-client.nix ../2configs/printer.nix ../2configs/virtualization.nix ../2configs/virtualization-virtualbox.nix ../2configs/wwan.nix + ../2configs/rad1o.nix # services ../2configs/git/brain-retiolum.nix @@ -37,19 +51,8 @@ ../2configs/hw/bcm4352.nix # mount points ../2configs/fs/sda-crypto-root-home.nix - # ../2configs/mediawiki.nix - #../2configs/wordpress.nix - #../2configs/nginx/public_html.nix - ../2configs/nginx/icecult.nix - ../2configs/tinc/retiolum.nix # temporary modules - ../2configs/temp/share-samba.nix - ../2configs/laptop-backup.nix - #../2configs/temp/elkstack.nix - # ../2configs/temp/sabnzbd.nix - ../2configs/tinc/siem.nix - #../2configs/torrent.nix ]; makefu.full-populate = true;