Merge remote-tracking branch 'prism/master'
This commit is contained in:
commit
1e59996952
@ -155,14 +155,13 @@ let
|
||||
to = concatMapStringsSep "," (getAttr "mail") (toList to);
|
||||
};
|
||||
in mapAttrsToList format (with config.krebs.users; let
|
||||
eloop-ml = spam-ml ++ [ ciko Mic92 ];
|
||||
eloop-ml = spam-ml ++ [ ciko ];
|
||||
spam-ml = [
|
||||
lass
|
||||
makefu
|
||||
tv
|
||||
];
|
||||
ciko.mail = "wieczorek.stefan@gmail.com";
|
||||
Mic92.mail = "joerg@higgsboson.tk";
|
||||
in {
|
||||
"anmeldung@eloop.org" = eloop-ml;
|
||||
"cfp@eloop.org" = eloop-ml;
|
||||
|
@ -29,9 +29,10 @@ let
|
||||
tables = mkOption {
|
||||
type = with types; attrsOf (attrsOf (submodule ({
|
||||
options = {
|
||||
#TODO: find out good defaults.
|
||||
policy = mkOption {
|
||||
type = str;
|
||||
default = "-";
|
||||
default = "ACCEPT";
|
||||
};
|
||||
rules = mkOption {
|
||||
type = nullOr (listOf (submodule ({
|
||||
@ -133,30 +134,9 @@ let
|
||||
#=====
|
||||
|
||||
rules = iptables-version:
|
||||
let
|
||||
#TODO: find out good defaults.
|
||||
tables-defaults = {
|
||||
nat.PREROUTING.policy = "ACCEPT";
|
||||
nat.INPUT.policy = "ACCEPT";
|
||||
nat.OUTPUT.policy = "ACCEPT";
|
||||
nat.POSTROUTING.policy = "ACCEPT";
|
||||
filter.INPUT.policy = "ACCEPT";
|
||||
filter.FORWARD.policy = "ACCEPT";
|
||||
filter.OUTPUT.policy = "ACCEPT";
|
||||
|
||||
#if someone specifies any other rules on this chain, the default rules get lost.
|
||||
#is this wanted beahiviour or a bug?
|
||||
#TODO: implement abstraction of rules
|
||||
filter.INPUT.rules = [
|
||||
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
|
||||
];
|
||||
};
|
||||
tables = tables-defaults // cfg.tables;
|
||||
|
||||
in
|
||||
pkgs.writeText "krebs-iptables-rules${iptables-version}" ''
|
||||
${buildTables iptables-version tables}
|
||||
'';
|
||||
pkgs.writeText "krebs-iptables-rules${iptables-version}" ''
|
||||
${buildTables iptables-version cfg.tables}
|
||||
'';
|
||||
|
||||
startScript = pkgs.writeDash "krebs-iptables_start" ''
|
||||
set -euf
|
||||
|
@ -36,6 +36,7 @@ in {
|
||||
gitAndTools.qgit
|
||||
lm_sensors
|
||||
much
|
||||
ncdu
|
||||
nmap
|
||||
pavucontrol
|
||||
powertop
|
||||
|
@ -18,25 +18,34 @@ in {
|
||||
};
|
||||
change_source.stockholm = ''
|
||||
stockholm_repo = '${stockholm-mirror-url}'
|
||||
cs.append(changes.GitPoller(
|
||||
cs.append(
|
||||
changes.GitPoller(
|
||||
stockholm_repo,
|
||||
workdir='stockholm-poller', branches=True,
|
||||
project='stockholm',
|
||||
pollinterval=120))
|
||||
pollinterval=120
|
||||
)
|
||||
)
|
||||
'';
|
||||
scheduler = {
|
||||
build-scheduler = ''
|
||||
# build all hosts
|
||||
sched.append(schedulers.SingleBranchScheduler(
|
||||
change_filter=util.ChangeFilter(branch_re=".*"),
|
||||
treeStableTimer=10,
|
||||
name="build-all-branches",
|
||||
builderNames=["build-all", "build-pkgs"]))
|
||||
sched.append(
|
||||
schedulers.SingleBranchScheduler(
|
||||
change_filter=util.ChangeFilter(branch_re=".*"),
|
||||
treeStableTimer=10,
|
||||
name="build-all-branches",
|
||||
builderNames=["build-hosts", "build-pkgs"]
|
||||
)
|
||||
)
|
||||
'';
|
||||
};
|
||||
builder_pre = ''
|
||||
# prepare grab_repo step for stockholm
|
||||
grab_repo = steps.Git(repourl=stockholm_repo, mode='full')
|
||||
grab_repo = steps.Git(
|
||||
repourl=stockholm_repo,
|
||||
mode='full'
|
||||
)
|
||||
|
||||
# TODO: get nixpkgs/stockholm paths from krebs
|
||||
env_lass = {
|
||||
@ -57,45 +66,73 @@ in {
|
||||
|
||||
# prepare nix-shell
|
||||
# the dependencies which are used by the test script
|
||||
deps = [ "gnumake", "jq", "nix", "(import <stockholm>).pkgs.populate", "openssh" ]
|
||||
deps = [
|
||||
"gnumake",
|
||||
"jq",
|
||||
"nix",
|
||||
"(import <stockholm>).pkgs.populate",
|
||||
"openssh"
|
||||
]
|
||||
# TODO: --pure , prepare ENV in nix-shell command:
|
||||
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
|
||||
nixshell = ["nix-shell",
|
||||
"-I", "stockholm=.",
|
||||
"-I", "nixpkgs=/var/src/nixpkgs",
|
||||
"-p" ] + deps + [ "--run" ]
|
||||
nixshell = [
|
||||
"nix-shell",
|
||||
"-I", "stockholm=.",
|
||||
"-I", "nixpkgs=/var/src/nixpkgs",
|
||||
"-p"
|
||||
] + deps + [ "--run" ]
|
||||
|
||||
# prepare addShell function
|
||||
def addShell(factory,**kwargs):
|
||||
factory.addStep(steps.ShellCommand(**kwargs))
|
||||
'';
|
||||
builder = {
|
||||
build-all = ''
|
||||
build-hosts = ''
|
||||
f = util.BuildFactory()
|
||||
f.addStep(grab_repo)
|
||||
for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
|
||||
addShell(f,name="build-{}".format(i),env=env_lass,
|
||||
command=nixshell + \
|
||||
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
|
||||
for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]:
|
||||
addShell(f,name="build-{}".format(i),env=env_shared,
|
||||
command=nixshell + \
|
||||
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
|
||||
make \
|
||||
test \
|
||||
target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
|
||||
method=build \
|
||||
system={}".format(i)])
|
||||
system={}".format(i)
|
||||
]
|
||||
)
|
||||
|
||||
for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
|
||||
addShell(f,name="build-{}".format(i),env=env_lass,
|
||||
command=nixshell + \
|
||||
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
|
||||
make \
|
||||
test \
|
||||
target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
|
||||
method=build \
|
||||
system={}".format(i)
|
||||
]
|
||||
)
|
||||
|
||||
for i in [ "x", "wry", "vbob", "wbob", "shoney" ]:
|
||||
addShell(f,name="build-{}".format(i),env=env_makefu,
|
||||
command=nixshell + \
|
||||
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
|
||||
addShell(f,name="build-{}".format(i),env=env_makefu,
|
||||
command=nixshell + \
|
||||
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
|
||||
make \
|
||||
test \
|
||||
target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
|
||||
method=build \
|
||||
system={}".format(i)])
|
||||
system={}".format(i)
|
||||
]
|
||||
)
|
||||
|
||||
bu.append(util.BuilderConfig(name="build-all",
|
||||
workernames=workernames,
|
||||
factory=f))
|
||||
bu.append(
|
||||
util.BuilderConfig(
|
||||
name="build-hosts",
|
||||
workernames=workernames,
|
||||
factory=f
|
||||
)
|
||||
)
|
||||
|
||||
'';
|
||||
|
||||
|
@ -2,10 +2,28 @@
|
||||
|
||||
let
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
doom = pkgs.writeDash "doom" ''
|
||||
DOOM_DIR=''${DOOM_DIR:-~/doom/}
|
||||
${pkgs.zandronum}/bin/zandronum \
|
||||
-file $DOOM_DIR/lib/brutalv20.pk3 \
|
||||
-file $DOOM_DIR/lib/RebotStarcraftMarines.pk3 \
|
||||
-fov 120 \
|
||||
"$@"
|
||||
'';
|
||||
doom1 = pkgs.writeDashBin "doom1" ''
|
||||
DOOM_DIR=''${DOOM_DIR:-~/doom/}
|
||||
${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
|
||||
'';
|
||||
doom2 = pkgs.writeDashBin "doom2" ''
|
||||
DOOM_DIR=''${DOOM_DIR:-~/doom/}
|
||||
${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
|
||||
'';
|
||||
|
||||
in {
|
||||
environment.systemPackages = with pkgs; [
|
||||
dwarf_fortress
|
||||
doom1
|
||||
doom2
|
||||
];
|
||||
|
||||
users.extraUsers = {
|
||||
|
@ -3,6 +3,6 @@
|
||||
{
|
||||
krebs.build.source.nixpkgs.git = {
|
||||
url = https://github.com/nixos/nixpkgs;
|
||||
ref = "ee52e9809185bdf44452f2913e3f6ef839c15c4e";
|
||||
ref = "e360c7205f84be180d80b97f3980fb809a951486";
|
||||
};
|
||||
}
|
||||
|
@ -5,25 +5,39 @@
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
[ # base
|
||||
../.
|
||||
../2configs/main-laptop.nix #< base-gui + zsh
|
||||
../2configs/main-laptop.nix
|
||||
../2configs/laptop-utils.nix
|
||||
../2configs/laptop-backup.nix
|
||||
|
||||
# Krebs
|
||||
#../2configs/disable_v6.nix
|
||||
../2configs/rad1o.nix
|
||||
# testing
|
||||
#../2configs/elchos/search.nix
|
||||
#../2configs/temp/share-samba.nix
|
||||
# ../2configs/mediawiki.nix
|
||||
# ../2configs/wordpress.nix
|
||||
# ../2configs/nginx/public_html.nix
|
||||
# ../2configs/nginx/icecult.nix
|
||||
../2configs/laptop-backup.nix
|
||||
#../2configs/temp/elkstack.nix
|
||||
# ../2configs/temp/sabnzbd.nix
|
||||
../2configs/tinc/siem.nix
|
||||
#../2configs/torrent.nix
|
||||
|
||||
|
||||
|
||||
# Krebs
|
||||
../2configs/disable_v6.nix
|
||||
../2configs/tinc/retiolum.nix
|
||||
|
||||
# applications
|
||||
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/mail-client.nix
|
||||
../2configs/printer.nix
|
||||
../2configs/virtualization.nix
|
||||
../2configs/virtualization-virtualbox.nix
|
||||
../2configs/wwan.nix
|
||||
../2configs/rad1o.nix
|
||||
|
||||
# services
|
||||
../2configs/git/brain-retiolum.nix
|
||||
@ -37,19 +51,8 @@
|
||||
../2configs/hw/bcm4352.nix
|
||||
# mount points
|
||||
../2configs/fs/sda-crypto-root-home.nix
|
||||
# ../2configs/mediawiki.nix
|
||||
#../2configs/wordpress.nix
|
||||
#../2configs/nginx/public_html.nix
|
||||
../2configs/nginx/icecult.nix
|
||||
|
||||
../2configs/tinc/retiolum.nix
|
||||
# temporary modules
|
||||
../2configs/temp/share-samba.nix
|
||||
../2configs/laptop-backup.nix
|
||||
#../2configs/temp/elkstack.nix
|
||||
# ../2configs/temp/sabnzbd.nix
|
||||
../2configs/tinc/siem.nix
|
||||
#../2configs/torrent.nix
|
||||
];
|
||||
makefu.full-populate = true;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user