diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 1fcf07b1e..d6ae9f12f 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -23,7 +23,30 @@ with config.krebs.lib; TG12MT+XQr6JUu4jPpzdhb6H/36V6ADCIkBjzWh0iSfWGiFDQFinD+YSWbA1NOTr Qtd1I3Ov+He7uc2Z719mb0Og2kCGnCnPIwIDAQAB -----END RSA PUBLIC KEY----- - ''; + ''; + }; + }; + }; + darth = { + cores = 4; + nets = { + retiolum = { + addrs4 = ["10.243.0.84"]; + addrs6 = ["42:ff6b:5f0b:460d:2cee:4d05:73f7:5566/128"]; + aliases = [ + "darth.retiolum" + "darth.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA1pWNU+FY9XpQxw6srUb5mvGFgqSyJQAelFoufZng6EFeTnAzQOdq + qT7IWN+o3kSbQQsC2tQUnRYFoPagsgFP610D+LGwmeJlNgAf23gBI9ar1agUAvYX + yzYBj7R9OgGXHm6ECKwsxUJoGxM4L0l6mk/rTMVFnzgYPbpVJk1o6NPmiZhW8xIi + 3BfxJUSt8rEQ1OudCirvdSr9uYv/WMR5B538wg4JeQK715yKEYbYi8bqOPnTvGD8 + q5HRwXszWzCYYnqrdlmXzoCA1fT4vQdtov+63CvHT2RV7o42ruGZbHy7JIX9X3IE + u0nA8nZhZ5byhWGCpDyr6bTkvwJpltJypQIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; }; }; @@ -62,6 +85,7 @@ with config.krebs.lib; addrs6 = ["42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"]; aliases = [ "pornocauster.retiolum" + "pornocauster.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -110,41 +134,6 @@ with config.krebs.lib; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPLTMl+thSq77cjYa2XF7lz5fA7JMftrLo8Dy/OBXSg root@nixos"; }; - flap = rec { - cores = 1; - - extraZones = { - "krebsco.de" = '' - mediengewitter IN A ${head nets.internet.addrs4} - flap IN A ${head nets.internet.addrs4} - ''; - }; - nets = { - internet = { - addrs4 = ["162.248.11.162"]; - aliases = [ - "flap.internet" - ]; - }; - retiolum = { - addrs4 = ["10.243.211.172"]; - addrs6 = ["42:472a:3d01:bbe4:4425:567e:592b:065d"]; - aliases = [ - "flap.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy - 2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM - 8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn - 3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL - hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr - Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; pigstarter = rec { cores = 1; @@ -336,6 +325,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB addrs4 = ["10.243.0.211"]; addrs6 = ["42:f9f0:0000:0000:0000:0000:0000:70d2"]; aliases = [ + "gum.r" "gum.retiolum" "cgit.gum.retiolum" ]; @@ -354,6 +344,239 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; + + # non-stockholm + + flap = rec { + cores = 1; + extraZones = { + "krebsco.de" = '' + mediengewitter IN A ${head nets.internet.addrs4} + flap IN A ${head nets.internet.addrs4} + ''; + }; + nets = { + internet = { + addrs4 = ["162.248.11.162"]; + aliases = [ + "flap.internet" + ]; + }; + retiolum = { + addrs4 = ["10.243.211.172"]; + addrs6 = ["42:472a:3d01:bbe4:4425:567e:592b:065d"]; + aliases = [ + "flap.retiolum" + "flap.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy + 2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM + 8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn + 3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL + hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr + Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + + nukular = rec { + cores = 1; + nets = { + retiolum = { + addrs4 = ["10.243.231.219"]; + addrs6 = ["42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72/128"]; + aliases = [ + "nukular.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAnt/d9Ys9gmQMGEPzPydAs0Etp9aPb5PreogzVilvazFCZ8HiQHl/ + gRGlNBImcPPAPGgLjQ49TZ6V1s0bX0GMlu9gJxqU7Nz/TPbAaDJSmEDPkXnaMC97 + gLoluwJHURKPP6+0VNQuK/IOjjDLzLjRDiVeIg6NR0nFAQPlxUhrCN/PhxqNV5WP + H1nR+a4UDoLcKbtgQP+4Eu09iEm+H6o5eCFTX2Ov9Ok2m948Jm0rAqUbPAISf9m4 + tOOhhUhn0xvQy5iNHI72ndLvogQ968rnFwBpZM7HF1FsiaQfOF9Nhf11rHCJod3P + meq9GsIUyppZmEKecnTtVfG1oUHMbt1GxQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + + heidi = rec { + cores = 1; + nets = { + retiolum = { + addrs4 = ["10.243.124.21"]; + addrs6 = ["42:9898:a8be:ce56:0ee3:b99c:42c5:109e"]; + aliases = [ + "heidi.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAqRLnAJNZ1OoO1bTS58DQgxi1VKgITHIuTW0fVGDvbXnsjPUB3cgx + 1GEVtLc0LN6R9wrPKDaqHS6mkiRSDVScaW/FqkdFhTDaBJy8LfomL9ZmkU9DzkvQ + jncDjr0WoR+49rJHYsUULp1fe98Ev+y3VwVdJOOH92pAj1CAAUdtfG7XcGyHznYY + ZNLriGZe3l1AwsWMEflzHLeXcKQ/ZPOrjZ4EFVvfGfdQdJ24UUF3r4sBypYnasmA + q8lCw9rCrFh1OS6mHLC9qsvGfal6X4x2/xKc5VxZD4MQ/Bp7pBi1kwfHpKoREFKo + w/Jr3oG/uDxMGIzphGX185ObIkZ1wl/9DwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + + soundflower = rec { + cores = 1; + nets = { + retiolum = { + addrs4 = ["10.243.69.184"]; + aliases = [ + "soundflower.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0a0oenAy9MDa2M6NoLtB8elduGgc3oLtUwsm3iUu6w8L+Je5TndN + H8dPn3sByUk1Jkd8tGGRk/vSFj/mtUn7xXKCnFXfKDqVowu/0KS3Q+6o4mcoATeb + Ax7e6Cz1YH5+qhQjR7apuase9X9Dzp56//5VW2gaScvWevvzrij2x7eNvJRF+W/l + FDXc8zBPkFW5TLFHOizRoLl4mK1hz2NrUiqcq5Ghs2yPsFxl/o5+e2MOwtdI49T6 + lMkeshAeNOSMKYfP9nmHZoKI/MIpGak0EF3ZQtLvyv+tM2Q0nuwH3RvxlK/Xf6U+ + 8SoQu4yRIeK+pMiLEHhFPzBpk+sblUlG7QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + + falk = rec { + cores = 1; + nets = { + retiolum = { + addrs4 = ["10.243.120.19"]; + aliases = [ + "falk.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA961eCQE562VPYjuZtd0+FNRfUghvD2ccjUlihMjzg46GAK+duqK+ + 4peWklGOL4eRYQBg6G2VDzWiU2MxXVbXUZaMrxh7fTc3G3LdbqTxzAv3GQKR/6iA + 9bGUf6u4ztVNAcj2mrY3mfs4gMlBQyQ2wcM0ZUpiAMaRB4cdq7I4GVHbYTFYfQuI + 2zdnr0w8AjlMpFFcD0ExsWeppiJsE7iiME/S2VVfh2NrEpAKQbLH9fKrfkiJA/+9 + 0VIH9wLLIYngUtQKbvEQ5xgx6ybrg0vO8ZqZ1ZGXYxOQZzWzPP0tvDU0QHSKYSWb + FjcOf1lWSWjsjHxMl/Gh57hjNJFCbs8yjQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + + filebitch = rec { + cores = 4; + nets = { + retiolum = { + addrs4 = ["10.243.189.130"]; + addrs6 = ["42:c64e:011f:9755:31e1:c3e6:73c0:af2d"]; + aliases = [ + "filebitch.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA961eCQE562VPYjuZtd0+FNRfUghvD2ccjUlihMjzg46GAK+duqK+ + 4peWklGOL4eRYQBg6G2VDzWiU2MxXVbXUZaMrxh7fTc3G3LdbqTxzAv3GQKR/6iA + 9bGUf6u4ztVNAcj2mrY3mfs4gMlBQyQ2wcM0ZUpiAMaRB4cdq7I4GVHbYTFYfQuI + 2zdnr0w8AjlMpFFcD0ExsWeppiJsE7iiME/S2VVfh2NrEpAKQbLH9fKrfkiJA/+9 + 0VIH9wLLIYngUtQKbvEQ5xgx6ybrg0vO8ZqZ1ZGXYxOQZzWzPP0tvDU0QHSKYSWb + FjcOf1lWSWjsjHxMl/Gh57hjNJFCbs8yjQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + + bridge = rec { + cores = 1; + nets = { + retiolum = { + addrs4 = ["10.243.26.29"]; + addrs6 = ["42:927a:3d59:1cb3:29d6:1a08:78d3:812e"]; + aliases = [ + "excobridge.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEApeeMSYMuXg4o/fNHnG2ftp2WskZLrt63zhRag7U1HqYUnuPqY60d + VVy9MBTawm6N02nC2Svm3V07ZXaRp/XsXQLx+evZcDjPjnDYgl2ZGX0ir5Cn50bm + UzhJiMW6/J7AYvucgeAaVJ0YmIwRw6ndYGcxmXWi4TK0jSzhuSLgookWM6iJfbdB + oaYsjiXisEvNxt7rBlCfacaHMlPhz3gr1gc4IDCwF+RAMM29NUN3OinI+/f56d7b + /hLZWbimiwtvGVsGLiA2EIcfxQ7aD/LINu+XXMaq7f8QByXj/Lzi7456tDi3pdJg + lyg9yqRJYt4Zle5PVejn08qiofTUmlEhnwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + + tahoe = rec { + cores = 1; + nets = { + internet = { + addrs4 = ["148.251.47.69"]; + aliases = [ + "wooki.internet" + ]; + }; + retiolum = { + addrs4 = ["10.243.57.85"]; + addrs6 = ["42:2f06:b899:a3b5:1dcf:51a4:a02b:8731"]; + aliases = [ + "wooki.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAx6R+CuJu4Bql+DgGPpE7wI+iasRY6ltxW0/L04uW9XiOKiEjx66y + QMMaW18bcb0SOfTE8qYo8pOsZ5E9FFPY6cKH4DGi8g1FpaODle9V8RrVg3F7RuZ8 + dXDXeZxvYvJ2LwPBvlr1aisqJqgxAwF2ipPPX97rAYbp46a/vkgU5bPF1OFlTDaH + 9jjThuidiEwY4EMtJGKisnTGx8yS5iQibDMqzrcRpCxCLcl68FgFNKCTtSIj1mo6 + hgO1ZKmHw73ysmrL2tImmalHYcqDJnq/KInG2ZkCZI/2ZqfJyrRSTk86t5ubfD6p + egC5N0Y5dQHJd66AytNwXxymiAcWuYth9QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + + muhbaasu = rec { + cores = 1; + nets = { + internet = { + addrs4 = ["217.160.206.154"]; + aliases = [ + "muhbaasu.internet" + ]; + }; + retiolum = { + addrs4 = ["10.243.139.184"]; + addrs6 = ["42:d568:6106:ba30:753b:0f2a:8225:b1fb"]; + aliases = [ + "muhbaasu.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0f4C4xKXpnyV1ig03O2Kef8ag+/5WGkW90uxEBb/h5NY9barex+Z + KqVbkPdHhwoCIINuCVcOnJXzeo0FZtSEq3zVhscVm0PVdNfjct8a9KMsK0iUmuul + 5WD9Glh5/1wkEmbRfVxDErhssz1b8YmFOAGQn+ujO/Znn3BLv36uKQvpqU2y5bzb + +rVnq3eE1bCSeuj41bgEve8+vxpforjLO6gbE91mwp3Ol6nkkp6CjpG+aFTuLCAj + YR0MIl2gGwskOGSI38QxlLouOlIGwus5f+KfC94ZP0pMwu5pT45UOUkVnlBXuZ9E + igNHG2Vtm76nB3yYHndOvuDTOufatX61dQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + }; users = rec { makefu = { diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index 2aa023443..8d0704e8c 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -12,6 +12,20 @@ let api = { enable = mkEnableOption "krebs.nginx"; + default404 = mkOption { + type = types.bool; + default = true; + description = '' + By default all requests not directed to an explicit hostname are + replied with a 404 error to avoid accidental exposition of nginx + services. + + Set this value to `false` to disable this behavior - you will then be + able to configure a new `default_server` in the listen address entries + again. + ''; + }; + servers = mkOption { type = types.attrsOf (types.submodule { options = { @@ -20,6 +34,7 @@ let # TODO use identity default = [ "${config.networking.hostName}" + "${config.networking.hostName}.r" "${config.networking.hostName}.retiolum" ]; }; @@ -53,17 +68,19 @@ let sendfile on; keepalive_timeout 65; gzip on; - server { - listen 80 default_server; - server_name _; - return 404; - } + + ${optionalString cfg.default404 '' + server { + listen 80 default_server; + server_name _; + return 404; + }''} + ${concatStrings (mapAttrsToList (_: to-server) cfg.servers)} ''; }; }; - indent = replaceChars ["\n"] ["\n "]; to-location = { name, value }: '' diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index d0162eae9..61b4473e1 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -114,7 +114,7 @@ let connectTo = mkOption { type = types.listOf types.str; - default = [ "fastpoke" "pigstarter" "gum" ]; + default = [ "fastpoke" "cd" "prism" "gum" ]; description = '' The list of hosts in the network which the client will try to connect to. These hosts should have an 'Address' configured which points to a diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix new file mode 100644 index 000000000..a33744f0b --- /dev/null +++ b/makefu/1systems/darth.nix @@ -0,0 +1,17 @@ +{ config, pkgs, lib, ... }: + +with config.krebs.lib; +{ + imports = [ + ../2configs/fs/single-partition-ext4.nix + ../2configs/zsh-user.nix + ../. + ]; + + krebs.retiolum.enable = true; + + boot.loader.grub.device = "/dev/disk/by-id/ata-ADATA_SSD_S599_64GB_10460000000000000039"; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.makefu-omo.pubkey + ]; +} diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix index f2c592ea9..593f77378 100644 --- a/makefu/1systems/filepimp.nix +++ b/makefu/1systems/filepimp.nix @@ -3,19 +3,27 @@ let byid = dev: "/dev/disk/by-id/" + dev; part1 = disk: disk + "-part1"; rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890"; - jDisk0 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; + # N54L Chassis: + # ____________________ + # |______FRONT_______| + # | [ ]| + # | [ d1 ** d3 d4 ]| + # |___[_____________]| jDisk1 = byid "ata-ST4000DM000-1F2168_Z3040NEA"; + + # transfer to omo + # jDisk0 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; jDisk2 = byid "ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E0621363"; jDisk3 = byid "ata-TOSHIBA_MD04ACA400_156GK89OFSBA"; - allDisks = [ rootDisk jDisk0 jDisk1 jDisk2 jDisk3 ]; + allDisks = [ rootDisk jDisk1 jDisk2 jDisk3 ]; in { imports = [ # Include the results of the hardware scan. ../. ../2configs/fs/single-partition-ext4.nix - ../2configs/tinc-basic-retiolum.nix ../2configs/smart-monitor.nix ]; + krebs.retiolum.enable = true; krebs.build.host = config.krebs.hosts.filepimp; # AMD N54L boot = { @@ -44,7 +52,11 @@ in { in { enable = true; # todo combine creation when enabling the mount point - disks = map toMedia [ "j0" "j1" "j2" ]; + disks = map toMedia [ + # "j0" + "j1" + "j2" + ]; parity = toMedia "par0"; }; # TODO: refactor, copy-paste from omo @@ -58,8 +70,9 @@ in { xfsmount = name: dev: { "/media/${name}" = { device = dev; fsType = "xfs"; }; }; in - (xfsmount "j0" (part1 jDisk0)) - // (xfsmount "j1" (part1 jDisk1)) - // (xfsmount "j2" (part1 jDisk2)) - // (xfsmount "par0" (part1 jDisk3)); + # (xfsmount "j0" (part1 jDisk0)) // + (xfsmount "j1" (part1 jDisk1)) // + (xfsmount "j2" (part1 jDisk2)) // + (xfsmount "par0" (part1 jDisk3)) + ; } diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 906c72de4..e784fdc12 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -7,7 +7,6 @@ let in { imports = [ ../. - ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix ../2configs/fs/simple-swap.nix ../2configs/fs/single-partition-ext4.nix @@ -25,15 +24,23 @@ in { ]; services.smartd.devices = [ { device = "/dev/sda";} ]; - nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; ###### stable krebs.build.host = config.krebs.hosts.gum; - krebs.retiolum.extraConfig = '' - ListenAddress = ${external-ip} 53 - ListenAddress = ${external-ip} 655 - ListenAddress = ${external-ip} 21031 - ''; + krebs.retiolum = { + enable = true; + extraConfig = '' + ListenAddress = ${external-ip} 53 + ListenAddress = ${external-ip} 655 + ListenAddress = ${external-ip} 21031 + ''; + connectTo = [ + "muhbaasu" "tahoe" "flap" "wry" + "ire" "cd" "mkdir" "rmdir" + "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs" + ]; + }; + krebs.nginx.servers.cgit.server-names = [ "cgit.euer.krebsco.de" ]; diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index aa4a8a5c9..bfcd2298a 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -37,7 +37,6 @@ in { ../. # TODO: unlock home partition via ssh ../2configs/fs/single-partition-ext4.nix - ../2configs/tinc-basic-retiolum.nix ../2configs/zsh-user.nix ../2configs/exim-retiolum.nix ../2configs/smart-monitor.nix @@ -45,6 +44,7 @@ in { ../2configs/share-user-sftp.nix ../2configs/omo-share.nix ]; + krebs.retiolum.enable = true; networking.firewall.trustedInterfaces = [ "enp3s0" ]; # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net # tcp:80 - nginx for sharing files @@ -122,7 +122,6 @@ in { hardware.cpu.amd.updateMicrocode = true; zramSwap.enable = true; - zramSwap.numDevices = 2; krebs.build.host = config.krebs.hosts.omo; } diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index 8791ad1d7..4b8d39c89 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -7,7 +7,6 @@ imports = [ ../. - ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix ../../krebs/3modules/Reaktor.nix @@ -20,6 +19,7 @@ ]; + krebs.retiolum.enable = true; virtualisation.graphics = false; # also export secrets, see Usage above fileSystems = pkgs.lib.mkVMOverride { @@ -43,10 +43,8 @@ krebs.build.host = config.krebs.hosts.pnp; - nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; - networking.firewall.allowedTCPPorts = [ - 25 + 25 ]; } diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 9415f2345..119f0e5e4 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -11,7 +11,6 @@ ../2configs/laptop-utils.nix # Krebs - ../2configs/tinc-basic-retiolum.nix #../2configs/disable_v6.nix @@ -35,11 +34,10 @@ ../2configs/fs/sda-crypto-root-home.nix # ../2configs/mediawiki.nix #../2configs/wordpress.nix + ../2configs/nginx/public_html.nix ]; - nixpkgs.config.packageOverrides = pkgs: { - tinc = pkgs.tinc_pre; - }; + krebs.retiolum.enable = true; # steam hardware.opengl.driSupport32Bit = true; hardware.pulseaudio.support32Bit = true; @@ -48,6 +46,7 @@ networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 25 + 80 ]; krebs.build.host = config.krebs.hosts.pornocauster; diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix index f9421cfa2..bf6ff9fb6 100644 --- a/makefu/1systems/repunit.nix +++ b/makefu/1systems/repunit.nix @@ -41,7 +41,7 @@ }; # $ nix-env -qaP | grep wget - environment.systemPackages = with pkgs; [ - jq - ]; + environment.systemPackages = with pkgs; [ + jq + ]; } diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index d5d44cce0..302ba6f99 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -8,7 +8,6 @@ [ # Include the results of the hardware scan. ../. ../2configs/base-gui.nix - ../2configs/tinc-basic-retiolum.nix ../2configs/fs/sda-crypto-root.nix # hardware specifics are in here ../2configs/hw/tp-x200.nix #< imports tp-x2x0.nix @@ -20,6 +19,7 @@ ../2configs/exim-retiolum.nix ]; # not working in vm + krebs.retiolum.enable = true; krebs.build.host = config.krebs.hosts.tsp; networking.firewall.allowedTCPPorts = [ diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index e07525d0d..748b08ef1 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -14,9 +14,6 @@ ]; nixpkgs.config.allowUnfree = true; - nixpkgs.config.packageOverrides = pkgs: { - tinc = pkgs.tinc_pre; - }; krebs.build.source.upstream-nixpkgs = { url = https://github.com/makefu/nixpkgs; diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 462ec4faf..edaf1b803 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -12,7 +12,6 @@ in { ../../tv/2configs/hw/CAC.nix ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix ../2configs/headless.nix - ../2configs/tinc-basic-retiolum.nix ../2configs/bepasty-dual.nix @@ -27,6 +26,7 @@ in { # collectd ../2configs/collectd/collectd-base.nix ]; + krebs.retiolum.enable = true; services.nixosManual.enable = false; programs.man.enable = false; krebs.build.host = config.krebs.hosts.wry; @@ -52,7 +52,6 @@ in { krebs.nginx.enable = true; krebs.retiolum-bootstrap.enable = true; - nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; krebs.tinc_graphs = { enable = true; nginx = { diff --git a/makefu/2configs/tinc-basic-retiolum.nix b/makefu/2configs/tinc-basic-retiolum.nix deleted file mode 100644 index 12d3b8b7c..000000000 --- a/makefu/2configs/tinc-basic-retiolum.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, ... }: - -with config.krebs.lib; -{ - krebs.retiolum = { - enable = true; - connectTo = [ - "gum" - "pigstarter" - "fastpoke" - "ire" - ]; - }; -} diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 96691aed8..f0323dc2f 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -20,6 +20,9 @@ in # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) + # local discovery in shackspace + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + services.grafana = { enable = true; addr = "0.0.0.0"; diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix index f6ec93a97..7cabbd347 100644 --- a/shared/2configs/base.nix +++ b/shared/2configs/base.nix @@ -3,15 +3,7 @@ with config.krebs.lib; { krebs.enable = true; - krebs.retiolum = { - enable = true; - connectTo = [ - # TODO remove connectTo cd, this was only used for bootstrapping - "cd" - "gum" - "pigstarter" - ]; - }; + krebs.retiolum.enable = true; # TODO rename shared user to "krebs" krebs.build.user = mkDefault config.krebs.users.shared; diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix index b474af7b3..9804580db 100644 --- a/shared/2configs/shared-buildbot.nix +++ b/shared/2configs/shared-buildbot.nix @@ -144,7 +144,6 @@ # * retiolum s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/cac.json", slavedest="cac.json")) s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/retiolum-ci.rsa_key.priv", slavedest="retiolum.rsa_key.priv")) - addShell(s, name="infest-cac-centos7",env=env, sigtermTime=60, # SIGTERM 1 minute before SIGKILL timeout=10800, # 3h @@ -173,7 +172,7 @@ masterhost = "localhost"; username = "testslave"; password = "krebspass"; - packages = with pkgs;[ git nix ]; + packages = with pkgs;[ git nix gnumake jq rsync ]; # all nix commands will need a working nixpkgs installation extraEnviron = { NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; };