Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
1f317b8a1a
|
@ -285,12 +285,9 @@ with import <stockholm/lib>;
|
||||||
cores = 1;
|
cores = 1;
|
||||||
extraZones = {
|
extraZones = {
|
||||||
"krebsco.de" = ''
|
"krebsco.de" = ''
|
||||||
euer IN A ${nets.internet.ip4.addr}
|
wry IN A ${nets.internet.ip4.addr}
|
||||||
wiki.euer IN A ${nets.internet.ip4.addr}
|
io IN NS wry.krebsco.de.
|
||||||
wry IN A ${nets.internet.ip4.addr}
|
tinc IN A ${nets.internet.ip4.addr}
|
||||||
io IN NS wry.krebsco.de.
|
|
||||||
graphs IN A ${nets.internet.ip4.addr}
|
|
||||||
tinc IN A ${nets.internet.ip4.addr}
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
nets = rec {
|
nets = rec {
|
||||||
|
@ -307,13 +304,8 @@ with import <stockholm/lib>;
|
||||||
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
|
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
|
||||||
aliases = [
|
aliases = [
|
||||||
"graphs.wry.retiolum"
|
"graphs.wry.retiolum"
|
||||||
"graphs.r" "graphs.retiolum"
|
|
||||||
"paste.wry.retiolum"
|
"paste.wry.retiolum"
|
||||||
"wry.r" "wry.retiolum"
|
"wry.r" "wry.retiolum"
|
||||||
"wiki.makefu.retiolum"
|
|
||||||
"wiki.wry.retiolum"
|
|
||||||
"blog.makefu.retiolum"
|
|
||||||
"blog.wry.retiolum"
|
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
@ -452,6 +444,9 @@ with import <stockholm/lib>;
|
||||||
cgit.euer IN A ${nets.internet.ip4.addr}
|
cgit.euer IN A ${nets.internet.ip4.addr}
|
||||||
o.euer IN A ${nets.internet.ip4.addr}
|
o.euer IN A ${nets.internet.ip4.addr}
|
||||||
dl.euer IN A ${nets.internet.ip4.addr}
|
dl.euer IN A ${nets.internet.ip4.addr}
|
||||||
|
euer IN A ${nets.internet.ip4.addr}
|
||||||
|
wiki.euer IN A ${nets.internet.ip4.addr}
|
||||||
|
graphs IN A ${nets.internet.ip4.addr}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
nets = rec {
|
nets = rec {
|
||||||
|
@ -473,6 +468,12 @@ with import <stockholm/lib>;
|
||||||
"o.gum.retiolum"
|
"o.gum.retiolum"
|
||||||
"tracker.makefu.r"
|
"tracker.makefu.r"
|
||||||
"tracker.makefu.retiolum"
|
"tracker.makefu.retiolum"
|
||||||
|
|
||||||
|
"graphs.r" "graphs.retiolum"
|
||||||
|
"wiki.makefu.retiolum"
|
||||||
|
"wiki.wry.retiolum"
|
||||||
|
"blog.makefu.retiolum"
|
||||||
|
"blog.wry.retiolum"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
|
|
@ -29,9 +29,12 @@ in {
|
||||||
../2configs/deployment/owncloud.nix
|
../2configs/deployment/owncloud.nix
|
||||||
../2configs/nginx/share-download.nix
|
../2configs/nginx/share-download.nix
|
||||||
../2configs/nginx/euer.test.nix
|
../2configs/nginx/euer.test.nix
|
||||||
|
../2configs/nginx/euer.wiki.nix
|
||||||
|
../2configs/nginx/euer.blog.nix
|
||||||
../2configs/nginx/public_html.nix
|
../2configs/nginx/public_html.nix
|
||||||
../2configs/nginx/update.connector.one.nix
|
../2configs/nginx/update.connector.one.nix
|
||||||
../2configs/deployment/mycube.connector.one.nix
|
../2configs/deployment/mycube.connector.one.nix
|
||||||
|
../2configs/deployment/graphs.nix
|
||||||
|
|
||||||
# ../2configs/opentracker.nix
|
# ../2configs/opentracker.nix
|
||||||
../2configs/logging/central-stats-client.nix
|
../2configs/logging/central-stats-client.nix
|
||||||
|
|
|
@ -19,8 +19,6 @@ in {
|
||||||
../2configs/backup.nix
|
../2configs/backup.nix
|
||||||
|
|
||||||
# other nginx
|
# other nginx
|
||||||
../2configs/nginx/euer.wiki.nix
|
|
||||||
../2configs/nginx/euer.blog.nix
|
|
||||||
# ../2configs/nginx/euer.test.nix
|
# ../2configs/nginx/euer.test.nix
|
||||||
|
|
||||||
# collectd
|
# collectd
|
||||||
|
@ -36,31 +34,6 @@ in {
|
||||||
# prepare graphs
|
# prepare graphs
|
||||||
services.nginx.enable = true;
|
services.nginx.enable = true;
|
||||||
krebs.retiolum-bootstrap.enable = true;
|
krebs.retiolum-bootstrap.enable = true;
|
||||||
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
|
|
||||||
if ( $server_addr = "${external-ip}" ) {
|
|
||||||
return 403;
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
krebs.tinc_graphs = {
|
|
||||||
enable = true;
|
|
||||||
nginx = {
|
|
||||||
enable = true;
|
|
||||||
# TODO: remove hard-coded hostname
|
|
||||||
complete = {
|
|
||||||
extraConfig = ''
|
|
||||||
if ( $server_addr = "${external-ip}" ) {
|
|
||||||
return 403;
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
serverAliases = [ "graphs.r" "graphs.retiolum" "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ];
|
|
||||||
};
|
|
||||||
anonymous = {
|
|
||||||
enableSSL = true;
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
firewall = {
|
firewall = {
|
||||||
|
|
|
@ -14,7 +14,7 @@ with import <stockholm/lib>;
|
||||||
let
|
let
|
||||||
sec = toString <secrets>;
|
sec = toString <secrets>;
|
||||||
# secKey is nothing worth protecting on a local machine
|
# secKey is nothing worth protecting on a local machine
|
||||||
secKey = import <secrets/bepasty-secret.nix>;
|
secKey = "${secrets}/bepasty-secret";
|
||||||
acmepath = "/var/lib/acme/";
|
acmepath = "/var/lib/acme/";
|
||||||
acmechall = acmepath + "/challenges/";
|
acmechall = acmepath + "/challenges/";
|
||||||
ext-dom = "paste.krebsco.de" ;
|
ext-dom = "paste.krebsco.de" ;
|
||||||
|
@ -31,7 +31,7 @@ in {
|
||||||
serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
|
serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
|
||||||
};
|
};
|
||||||
defaultPermissions = "admin,list,create,read,delete";
|
defaultPermissions = "admin,list,create,read,delete";
|
||||||
secretKey = secKey;
|
secretKeyFile = secKey;
|
||||||
};
|
};
|
||||||
|
|
||||||
"${ext-dom}" = {
|
"${ext-dom}" = {
|
||||||
|
@ -41,7 +41,7 @@ in {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
};
|
};
|
||||||
defaultPermissions = "read";
|
defaultPermissions = "read";
|
||||||
secretKey = secKey;
|
secretKeyFile = secKey;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -22,7 +22,7 @@ with import <stockholm/lib>;
|
||||||
user = config.krebs.users.makefu;
|
user = config.krebs.users.makefu;
|
||||||
source = let
|
source = let
|
||||||
inherit (config.krebs.build) host user;
|
inherit (config.krebs.build) host user;
|
||||||
ref = "3ff00fa"; # unstable @ 2017-03-31 + cups-dymo
|
ref = "2982661"; # unstable @ 2017-03-31 + cups-dymo + snapraid-11.1
|
||||||
in {
|
in {
|
||||||
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
|
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
|
||||||
{
|
{
|
||||||
|
|
37
makefu/2configs/deployment/graphs.nix
Normal file
37
makefu/2configs/deployment/graphs.nix
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
let
|
||||||
|
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||||
|
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||||
|
hn = config.krebs.build.host.name;
|
||||||
|
in {
|
||||||
|
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
|
||||||
|
if ( $server_addr = "${external-ip}" ) {
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
krebs.tinc_graphs = {
|
||||||
|
enable = true;
|
||||||
|
nginx = {
|
||||||
|
enable = true;
|
||||||
|
# TODO: remove hard-coded hostname
|
||||||
|
complete = {
|
||||||
|
extraConfig = ''
|
||||||
|
if ( $server_addr = "${external-ip}" ) {
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
serverAliases = [
|
||||||
|
"graphs.r" "graphs.retiolum"
|
||||||
|
"graphs.${hn}" "graphs.${hn}.retiolum"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
anonymous = {
|
||||||
|
enableSSL = true;
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -9,7 +9,6 @@
|
||||||
## nixpkgs maintenance
|
## nixpkgs maintenance
|
||||||
https://api.github.com/repos/ovh/python-ovh/tags
|
https://api.github.com/repos/ovh/python-ovh/tags
|
||||||
https://api.github.com/repos/embray/d2to1/tags
|
https://api.github.com/repos/embray/d2to1/tags
|
||||||
http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release
|
|
||||||
https://api.github.com/repos/Mic92/vicious/tags
|
https://api.github.com/repos/Mic92/vicious/tags
|
||||||
https://pypi.python.org/simple/bepasty/
|
https://pypi.python.org/simple/bepasty/
|
||||||
https://pypi.python.org/simple/xstatic/
|
https://pypi.python.org/simple/xstatic/
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
_:
|
_:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
# TODO: requires in path: amixer, xlock, xbacklight
|
||||||
full = ./full.cfg;
|
full = ./full.cfg;
|
||||||
kiosk = ./kiosk.lua;
|
kiosk = ./kiosk.lua;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user