Merge remote-tracking branch 'gum/master'

This commit is contained in:
tv 2016-03-16 00:13:58 +01:00
commit 2452d21173
17 changed files with 351 additions and 102 deletions

View File

@ -23,7 +23,30 @@ with config.krebs.lib;
TG12MT+XQr6JUu4jPpzdhb6H/36V6ADCIkBjzWh0iSfWGiFDQFinD+YSWbA1NOTr TG12MT+XQr6JUu4jPpzdhb6H/36V6ADCIkBjzWh0iSfWGiFDQFinD+YSWbA1NOTr
Qtd1I3Ov+He7uc2Z719mb0Og2kCGnCnPIwIDAQAB Qtd1I3Ov+He7uc2Z719mb0Og2kCGnCnPIwIDAQAB
-----END RSA PUBLIC KEY----- -----END RSA PUBLIC KEY-----
''; '';
};
};
};
darth = {
cores = 4;
nets = {
retiolum = {
addrs4 = ["10.243.0.84"];
addrs6 = ["42:ff6b:5f0b:460d:2cee:4d05:73f7:5566/128"];
aliases = [
"darth.retiolum"
"darth.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA1pWNU+FY9XpQxw6srUb5mvGFgqSyJQAelFoufZng6EFeTnAzQOdq
qT7IWN+o3kSbQQsC2tQUnRYFoPagsgFP610D+LGwmeJlNgAf23gBI9ar1agUAvYX
yzYBj7R9OgGXHm6ECKwsxUJoGxM4L0l6mk/rTMVFnzgYPbpVJk1o6NPmiZhW8xIi
3BfxJUSt8rEQ1OudCirvdSr9uYv/WMR5B538wg4JeQK715yKEYbYi8bqOPnTvGD8
q5HRwXszWzCYYnqrdlmXzoCA1fT4vQdtov+63CvHT2RV7o42ruGZbHy7JIX9X3IE
u0nA8nZhZ5byhWGCpDyr6bTkvwJpltJypQIDAQAB
-----END RSA PUBLIC KEY-----
'';
}; };
}; };
}; };
@ -62,6 +85,7 @@ with config.krebs.lib;
addrs6 = ["42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"]; addrs6 = ["42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"];
aliases = [ aliases = [
"pornocauster.retiolum" "pornocauster.retiolum"
"pornocauster.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
@ -110,41 +134,6 @@ with config.krebs.lib;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPLTMl+thSq77cjYa2XF7lz5fA7JMftrLo8Dy/OBXSg root@nixos"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPLTMl+thSq77cjYa2XF7lz5fA7JMftrLo8Dy/OBXSg root@nixos";
}; };
flap = rec {
cores = 1;
extraZones = {
"krebsco.de" = ''
mediengewitter IN A ${head nets.internet.addrs4}
flap IN A ${head nets.internet.addrs4}
'';
};
nets = {
internet = {
addrs4 = ["162.248.11.162"];
aliases = [
"flap.internet"
];
};
retiolum = {
addrs4 = ["10.243.211.172"];
addrs6 = ["42:472a:3d01:bbe4:4425:567e:592b:065d"];
aliases = [
"flap.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy
2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM
8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn
3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL
hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr
Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
pigstarter = rec { pigstarter = rec {
cores = 1; cores = 1;
@ -336,6 +325,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
addrs4 = ["10.243.0.211"]; addrs4 = ["10.243.0.211"];
addrs6 = ["42:f9f0:0000:0000:0000:0000:0000:70d2"]; addrs6 = ["42:f9f0:0000:0000:0000:0000:0000:70d2"];
aliases = [ aliases = [
"gum.r"
"gum.retiolum" "gum.retiolum"
"cgit.gum.retiolum" "cgit.gum.retiolum"
]; ];
@ -354,6 +344,239 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
}; };
# non-stockholm
flap = rec {
cores = 1;
extraZones = {
"krebsco.de" = ''
mediengewitter IN A ${head nets.internet.addrs4}
flap IN A ${head nets.internet.addrs4}
'';
};
nets = {
internet = {
addrs4 = ["162.248.11.162"];
aliases = [
"flap.internet"
];
};
retiolum = {
addrs4 = ["10.243.211.172"];
addrs6 = ["42:472a:3d01:bbe4:4425:567e:592b:065d"];
aliases = [
"flap.retiolum"
"flap.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy
2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM
8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn
3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL
hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr
Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
nukular = rec {
cores = 1;
nets = {
retiolum = {
addrs4 = ["10.243.231.219"];
addrs6 = ["42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72/128"];
aliases = [
"nukular.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAnt/d9Ys9gmQMGEPzPydAs0Etp9aPb5PreogzVilvazFCZ8HiQHl/
gRGlNBImcPPAPGgLjQ49TZ6V1s0bX0GMlu9gJxqU7Nz/TPbAaDJSmEDPkXnaMC97
gLoluwJHURKPP6+0VNQuK/IOjjDLzLjRDiVeIg6NR0nFAQPlxUhrCN/PhxqNV5WP
H1nR+a4UDoLcKbtgQP+4Eu09iEm+H6o5eCFTX2Ov9Ok2m948Jm0rAqUbPAISf9m4
tOOhhUhn0xvQy5iNHI72ndLvogQ968rnFwBpZM7HF1FsiaQfOF9Nhf11rHCJod3P
meq9GsIUyppZmEKecnTtVfG1oUHMbt1GxQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
heidi = rec {
cores = 1;
nets = {
retiolum = {
addrs4 = ["10.243.124.21"];
addrs6 = ["42:9898:a8be:ce56:0ee3:b99c:42c5:109e"];
aliases = [
"heidi.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAqRLnAJNZ1OoO1bTS58DQgxi1VKgITHIuTW0fVGDvbXnsjPUB3cgx
1GEVtLc0LN6R9wrPKDaqHS6mkiRSDVScaW/FqkdFhTDaBJy8LfomL9ZmkU9DzkvQ
jncDjr0WoR+49rJHYsUULp1fe98Ev+y3VwVdJOOH92pAj1CAAUdtfG7XcGyHznYY
ZNLriGZe3l1AwsWMEflzHLeXcKQ/ZPOrjZ4EFVvfGfdQdJ24UUF3r4sBypYnasmA
q8lCw9rCrFh1OS6mHLC9qsvGfal6X4x2/xKc5VxZD4MQ/Bp7pBi1kwfHpKoREFKo
w/Jr3oG/uDxMGIzphGX185ObIkZ1wl/9DwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
soundflower = rec {
cores = 1;
nets = {
retiolum = {
addrs4 = ["10.243.69.184"];
aliases = [
"soundflower.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0a0oenAy9MDa2M6NoLtB8elduGgc3oLtUwsm3iUu6w8L+Je5TndN
H8dPn3sByUk1Jkd8tGGRk/vSFj/mtUn7xXKCnFXfKDqVowu/0KS3Q+6o4mcoATeb
Ax7e6Cz1YH5+qhQjR7apuase9X9Dzp56//5VW2gaScvWevvzrij2x7eNvJRF+W/l
FDXc8zBPkFW5TLFHOizRoLl4mK1hz2NrUiqcq5Ghs2yPsFxl/o5+e2MOwtdI49T6
lMkeshAeNOSMKYfP9nmHZoKI/MIpGak0EF3ZQtLvyv+tM2Q0nuwH3RvxlK/Xf6U+
8SoQu4yRIeK+pMiLEHhFPzBpk+sblUlG7QIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
falk = rec {
cores = 1;
nets = {
retiolum = {
addrs4 = ["10.243.120.19"];
aliases = [
"falk.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA961eCQE562VPYjuZtd0+FNRfUghvD2ccjUlihMjzg46GAK+duqK+
4peWklGOL4eRYQBg6G2VDzWiU2MxXVbXUZaMrxh7fTc3G3LdbqTxzAv3GQKR/6iA
9bGUf6u4ztVNAcj2mrY3mfs4gMlBQyQ2wcM0ZUpiAMaRB4cdq7I4GVHbYTFYfQuI
2zdnr0w8AjlMpFFcD0ExsWeppiJsE7iiME/S2VVfh2NrEpAKQbLH9fKrfkiJA/+9
0VIH9wLLIYngUtQKbvEQ5xgx6ybrg0vO8ZqZ1ZGXYxOQZzWzPP0tvDU0QHSKYSWb
FjcOf1lWSWjsjHxMl/Gh57hjNJFCbs8yjQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
filebitch = rec {
cores = 4;
nets = {
retiolum = {
addrs4 = ["10.243.189.130"];
addrs6 = ["42:c64e:011f:9755:31e1:c3e6:73c0:af2d"];
aliases = [
"filebitch.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA961eCQE562VPYjuZtd0+FNRfUghvD2ccjUlihMjzg46GAK+duqK+
4peWklGOL4eRYQBg6G2VDzWiU2MxXVbXUZaMrxh7fTc3G3LdbqTxzAv3GQKR/6iA
9bGUf6u4ztVNAcj2mrY3mfs4gMlBQyQ2wcM0ZUpiAMaRB4cdq7I4GVHbYTFYfQuI
2zdnr0w8AjlMpFFcD0ExsWeppiJsE7iiME/S2VVfh2NrEpAKQbLH9fKrfkiJA/+9
0VIH9wLLIYngUtQKbvEQ5xgx6ybrg0vO8ZqZ1ZGXYxOQZzWzPP0tvDU0QHSKYSWb
FjcOf1lWSWjsjHxMl/Gh57hjNJFCbs8yjQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
bridge = rec {
cores = 1;
nets = {
retiolum = {
addrs4 = ["10.243.26.29"];
addrs6 = ["42:927a:3d59:1cb3:29d6:1a08:78d3:812e"];
aliases = [
"excobridge.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEApeeMSYMuXg4o/fNHnG2ftp2WskZLrt63zhRag7U1HqYUnuPqY60d
VVy9MBTawm6N02nC2Svm3V07ZXaRp/XsXQLx+evZcDjPjnDYgl2ZGX0ir5Cn50bm
UzhJiMW6/J7AYvucgeAaVJ0YmIwRw6ndYGcxmXWi4TK0jSzhuSLgookWM6iJfbdB
oaYsjiXisEvNxt7rBlCfacaHMlPhz3gr1gc4IDCwF+RAMM29NUN3OinI+/f56d7b
/hLZWbimiwtvGVsGLiA2EIcfxQ7aD/LINu+XXMaq7f8QByXj/Lzi7456tDi3pdJg
lyg9yqRJYt4Zle5PVejn08qiofTUmlEhnwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
tahoe = rec {
cores = 1;
nets = {
internet = {
addrs4 = ["148.251.47.69"];
aliases = [
"wooki.internet"
];
};
retiolum = {
addrs4 = ["10.243.57.85"];
addrs6 = ["42:2f06:b899:a3b5:1dcf:51a4:a02b:8731"];
aliases = [
"wooki.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAx6R+CuJu4Bql+DgGPpE7wI+iasRY6ltxW0/L04uW9XiOKiEjx66y
QMMaW18bcb0SOfTE8qYo8pOsZ5E9FFPY6cKH4DGi8g1FpaODle9V8RrVg3F7RuZ8
dXDXeZxvYvJ2LwPBvlr1aisqJqgxAwF2ipPPX97rAYbp46a/vkgU5bPF1OFlTDaH
9jjThuidiEwY4EMtJGKisnTGx8yS5iQibDMqzrcRpCxCLcl68FgFNKCTtSIj1mo6
hgO1ZKmHw73ysmrL2tImmalHYcqDJnq/KInG2ZkCZI/2ZqfJyrRSTk86t5ubfD6p
egC5N0Y5dQHJd66AytNwXxymiAcWuYth9QIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
muhbaasu = rec {
cores = 1;
nets = {
internet = {
addrs4 = ["217.160.206.154"];
aliases = [
"muhbaasu.internet"
];
};
retiolum = {
addrs4 = ["10.243.139.184"];
addrs6 = ["42:d568:6106:ba30:753b:0f2a:8225:b1fb"];
aliases = [
"muhbaasu.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0f4C4xKXpnyV1ig03O2Kef8ag+/5WGkW90uxEBb/h5NY9barex+Z
KqVbkPdHhwoCIINuCVcOnJXzeo0FZtSEq3zVhscVm0PVdNfjct8a9KMsK0iUmuul
5WD9Glh5/1wkEmbRfVxDErhssz1b8YmFOAGQn+ujO/Znn3BLv36uKQvpqU2y5bzb
+rVnq3eE1bCSeuj41bgEve8+vxpforjLO6gbE91mwp3Ol6nkkp6CjpG+aFTuLCAj
YR0MIl2gGwskOGSI38QxlLouOlIGwus5f+KfC94ZP0pMwu5pT45UOUkVnlBXuZ9E
igNHG2Vtm76nB3yYHndOvuDTOufatX61dQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
}; };
users = rec { users = rec {
makefu = { makefu = {

View File

@ -12,6 +12,20 @@ let
api = { api = {
enable = mkEnableOption "krebs.nginx"; enable = mkEnableOption "krebs.nginx";
default404 = mkOption {
type = types.bool;
default = true;
description = ''
By default all requests not directed to an explicit hostname are
replied with a 404 error to avoid accidental exposition of nginx
services.
Set this value to `false` to disable this behavior - you will then be
able to configure a new `default_server` in the listen address entries
again.
'';
};
servers = mkOption { servers = mkOption {
type = types.attrsOf (types.submodule { type = types.attrsOf (types.submodule {
options = { options = {
@ -20,6 +34,7 @@ let
# TODO use identity # TODO use identity
default = [ default = [
"${config.networking.hostName}" "${config.networking.hostName}"
"${config.networking.hostName}.r"
"${config.networking.hostName}.retiolum" "${config.networking.hostName}.retiolum"
]; ];
}; };
@ -53,17 +68,19 @@ let
sendfile on; sendfile on;
keepalive_timeout 65; keepalive_timeout 65;
gzip on; gzip on;
server {
listen 80 default_server; ${optionalString cfg.default404 ''
server_name _; server {
return 404; listen 80 default_server;
} server_name _;
return 404;
}''}
${concatStrings (mapAttrsToList (_: to-server) cfg.servers)} ${concatStrings (mapAttrsToList (_: to-server) cfg.servers)}
''; '';
}; };
}; };
indent = replaceChars ["\n"] ["\n "]; indent = replaceChars ["\n"] ["\n "];
to-location = { name, value }: '' to-location = { name, value }: ''

View File

@ -114,7 +114,7 @@ let
connectTo = mkOption { connectTo = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ "fastpoke" "pigstarter" "gum" ]; default = [ "fastpoke" "cd" "prism" "gum" ];
description = '' description = ''
The list of hosts in the network which the client will try to connect The list of hosts in the network which the client will try to connect
to. These hosts should have an 'Address' configured which points to a to. These hosts should have an 'Address' configured which points to a

17
makefu/1systems/darth.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, pkgs, lib, ... }:
with config.krebs.lib;
{
imports = [
../2configs/fs/single-partition-ext4.nix
../2configs/zsh-user.nix
../.
];
krebs.retiolum.enable = true;
boot.loader.grub.device = "/dev/disk/by-id/ata-ADATA_SSD_S599_64GB_10460000000000000039";
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.makefu-omo.pubkey
];
}

View File

@ -3,19 +3,27 @@ let
byid = dev: "/dev/disk/by-id/" + dev; byid = dev: "/dev/disk/by-id/" + dev;
part1 = disk: disk + "-part1"; part1 = disk: disk + "-part1";
rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890"; rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890";
jDisk0 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; # N54L Chassis:
# ____________________
# |______FRONT_______|
# | [ ]|
# | [ d1 ** d3 d4 ]|
# |___[_____________]|
jDisk1 = byid "ata-ST4000DM000-1F2168_Z3040NEA"; jDisk1 = byid "ata-ST4000DM000-1F2168_Z3040NEA";
# transfer to omo
# jDisk0 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
jDisk2 = byid "ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E0621363"; jDisk2 = byid "ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E0621363";
jDisk3 = byid "ata-TOSHIBA_MD04ACA400_156GK89OFSBA"; jDisk3 = byid "ata-TOSHIBA_MD04ACA400_156GK89OFSBA";
allDisks = [ rootDisk jDisk0 jDisk1 jDisk2 jDisk3 ]; allDisks = [ rootDisk jDisk1 jDisk2 jDisk3 ];
in { in {
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
../. ../.
../2configs/fs/single-partition-ext4.nix ../2configs/fs/single-partition-ext4.nix
../2configs/tinc-basic-retiolum.nix
../2configs/smart-monitor.nix ../2configs/smart-monitor.nix
]; ];
krebs.retiolum.enable = true;
krebs.build.host = config.krebs.hosts.filepimp; krebs.build.host = config.krebs.hosts.filepimp;
# AMD N54L # AMD N54L
boot = { boot = {
@ -44,7 +52,11 @@ in {
in { in {
enable = true; enable = true;
# todo combine creation when enabling the mount point # todo combine creation when enabling the mount point
disks = map toMedia [ "j0" "j1" "j2" ]; disks = map toMedia [
# "j0"
"j1"
"j2"
];
parity = toMedia "par0"; parity = toMedia "par0";
}; };
# TODO: refactor, copy-paste from omo # TODO: refactor, copy-paste from omo
@ -58,8 +70,9 @@ in {
xfsmount = name: dev: xfsmount = name: dev:
{ "/media/${name}" = { device = dev; fsType = "xfs"; }; }; { "/media/${name}" = { device = dev; fsType = "xfs"; }; };
in in
(xfsmount "j0" (part1 jDisk0)) # (xfsmount "j0" (part1 jDisk0)) //
// (xfsmount "j1" (part1 jDisk1)) (xfsmount "j1" (part1 jDisk1)) //
// (xfsmount "j2" (part1 jDisk2)) (xfsmount "j2" (part1 jDisk2)) //
// (xfsmount "par0" (part1 jDisk3)); (xfsmount "par0" (part1 jDisk3))
;
} }

View File

@ -7,7 +7,6 @@ let
in { in {
imports = [ imports = [
../. ../.
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix ../2configs/headless.nix
../2configs/fs/simple-swap.nix ../2configs/fs/simple-swap.nix
../2configs/fs/single-partition-ext4.nix ../2configs/fs/single-partition-ext4.nix
@ -25,15 +24,23 @@ in {
]; ];
services.smartd.devices = [ { device = "/dev/sda";} ]; services.smartd.devices = [ { device = "/dev/sda";} ];
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
###### stable ###### stable
krebs.build.host = config.krebs.hosts.gum; krebs.build.host = config.krebs.hosts.gum;
krebs.retiolum.extraConfig = '' krebs.retiolum = {
ListenAddress = ${external-ip} 53 enable = true;
ListenAddress = ${external-ip} 655 extraConfig = ''
ListenAddress = ${external-ip} 21031 ListenAddress = ${external-ip} 53
''; ListenAddress = ${external-ip} 655
ListenAddress = ${external-ip} 21031
'';
connectTo = [
"muhbaasu" "tahoe" "flap" "wry"
"ire" "cd" "mkdir" "rmdir"
"fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
];
};
krebs.nginx.servers.cgit.server-names = [ krebs.nginx.servers.cgit.server-names = [
"cgit.euer.krebsco.de" "cgit.euer.krebsco.de"
]; ];

View File

@ -37,7 +37,6 @@ in {
../. ../.
# TODO: unlock home partition via ssh # TODO: unlock home partition via ssh
../2configs/fs/single-partition-ext4.nix ../2configs/fs/single-partition-ext4.nix
../2configs/tinc-basic-retiolum.nix
../2configs/zsh-user.nix ../2configs/zsh-user.nix
../2configs/exim-retiolum.nix ../2configs/exim-retiolum.nix
../2configs/smart-monitor.nix ../2configs/smart-monitor.nix
@ -45,6 +44,7 @@ in {
../2configs/share-user-sftp.nix ../2configs/share-user-sftp.nix
../2configs/omo-share.nix ../2configs/omo-share.nix
]; ];
krebs.retiolum.enable = true;
networking.firewall.trustedInterfaces = [ "enp3s0" ]; networking.firewall.trustedInterfaces = [ "enp3s0" ];
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
# tcp:80 - nginx for sharing files # tcp:80 - nginx for sharing files
@ -122,7 +122,6 @@ in {
hardware.cpu.amd.updateMicrocode = true; hardware.cpu.amd.updateMicrocode = true;
zramSwap.enable = true; zramSwap.enable = true;
zramSwap.numDevices = 2;
krebs.build.host = config.krebs.hosts.omo; krebs.build.host = config.krebs.hosts.omo;
} }

View File

@ -7,7 +7,6 @@
imports = imports =
[ [
../. ../.
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix ../2configs/headless.nix
../../krebs/3modules/Reaktor.nix ../../krebs/3modules/Reaktor.nix
@ -20,6 +19,7 @@
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
]; ];
krebs.retiolum.enable = true;
virtualisation.graphics = false; virtualisation.graphics = false;
# also export secrets, see Usage above # also export secrets, see Usage above
fileSystems = pkgs.lib.mkVMOverride { fileSystems = pkgs.lib.mkVMOverride {
@ -43,10 +43,8 @@
krebs.build.host = config.krebs.hosts.pnp; krebs.build.host = config.krebs.hosts.pnp;
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
25 25
]; ];
} }

View File

@ -11,7 +11,6 @@
../2configs/laptop-utils.nix ../2configs/laptop-utils.nix
# Krebs # Krebs
../2configs/tinc-basic-retiolum.nix
#../2configs/disable_v6.nix #../2configs/disable_v6.nix
@ -35,11 +34,10 @@
../2configs/fs/sda-crypto-root-home.nix ../2configs/fs/sda-crypto-root-home.nix
# ../2configs/mediawiki.nix # ../2configs/mediawiki.nix
#../2configs/wordpress.nix #../2configs/wordpress.nix
../2configs/nginx/public_html.nix
]; ];
nixpkgs.config.packageOverrides = pkgs: { krebs.retiolum.enable = true;
tinc = pkgs.tinc_pre;
};
# steam # steam
hardware.opengl.driSupport32Bit = true; hardware.opengl.driSupport32Bit = true;
hardware.pulseaudio.support32Bit = true; hardware.pulseaudio.support32Bit = true;
@ -48,6 +46,7 @@
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
25 25
80
]; ];
krebs.build.host = config.krebs.hosts.pornocauster; krebs.build.host = config.krebs.hosts.pornocauster;

View File

@ -41,7 +41,7 @@
}; };
# $ nix-env -qaP | grep wget # $ nix-env -qaP | grep wget
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
jq jq
]; ];
} }

View File

@ -8,7 +8,6 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
../. ../.
../2configs/base-gui.nix ../2configs/base-gui.nix
../2configs/tinc-basic-retiolum.nix
../2configs/fs/sda-crypto-root.nix ../2configs/fs/sda-crypto-root.nix
# hardware specifics are in here # hardware specifics are in here
../2configs/hw/tp-x200.nix #< imports tp-x2x0.nix ../2configs/hw/tp-x200.nix #< imports tp-x2x0.nix
@ -20,6 +19,7 @@
../2configs/exim-retiolum.nix ../2configs/exim-retiolum.nix
]; ];
# not working in vm # not working in vm
krebs.retiolum.enable = true;
krebs.build.host = config.krebs.hosts.tsp; krebs.build.host = config.krebs.hosts.tsp;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [

View File

@ -14,9 +14,6 @@
]; ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
};
krebs.build.source.upstream-nixpkgs = { krebs.build.source.upstream-nixpkgs = {
url = https://github.com/makefu/nixpkgs; url = https://github.com/makefu/nixpkgs;

View File

@ -12,7 +12,6 @@ in {
../../tv/2configs/hw/CAC.nix ../../tv/2configs/hw/CAC.nix
../../tv/2configs/fs/CAC-CentOS-7-64bit.nix ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/headless.nix ../2configs/headless.nix
../2configs/tinc-basic-retiolum.nix
../2configs/bepasty-dual.nix ../2configs/bepasty-dual.nix
@ -27,6 +26,7 @@ in {
# collectd # collectd
../2configs/collectd/collectd-base.nix ../2configs/collectd/collectd-base.nix
]; ];
krebs.retiolum.enable = true;
services.nixosManual.enable = false; services.nixosManual.enable = false;
programs.man.enable = false; programs.man.enable = false;
krebs.build.host = config.krebs.hosts.wry; krebs.build.host = config.krebs.hosts.wry;
@ -52,7 +52,6 @@ in {
krebs.nginx.enable = true; krebs.nginx.enable = true;
krebs.retiolum-bootstrap.enable = true; krebs.retiolum-bootstrap.enable = true;
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
krebs.tinc_graphs = { krebs.tinc_graphs = {
enable = true; enable = true;
nginx = { nginx = {

View File

@ -1,14 +0,0 @@
{ config, lib, pkgs, ... }:
with config.krebs.lib;
{
krebs.retiolum = {
enable = true;
connectTo = [
"gum"
"pigstarter"
"fastpoke"
"ire"
];
};
}

View File

@ -20,6 +20,9 @@ in
# use your own binary cache, fallback use cache.nixos.org (which is used by # use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place) # apt-cacher-ng in first place)
# local discovery in shackspace
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
services.grafana = { services.grafana = {
enable = true; enable = true;
addr = "0.0.0.0"; addr = "0.0.0.0";

View File

@ -3,15 +3,7 @@
with config.krebs.lib; with config.krebs.lib;
{ {
krebs.enable = true; krebs.enable = true;
krebs.retiolum = { krebs.retiolum.enable = true;
enable = true;
connectTo = [
# TODO remove connectTo cd, this was only used for bootstrapping
"cd"
"gum"
"pigstarter"
];
};
# TODO rename shared user to "krebs" # TODO rename shared user to "krebs"
krebs.build.user = mkDefault config.krebs.users.shared; krebs.build.user = mkDefault config.krebs.users.shared;

View File

@ -144,7 +144,6 @@
# * retiolum # * retiolum
s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/cac.json", slavedest="cac.json")) s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/cac.json", slavedest="cac.json"))
s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/retiolum-ci.rsa_key.priv", slavedest="retiolum.rsa_key.priv")) s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/retiolum-ci.rsa_key.priv", slavedest="retiolum.rsa_key.priv"))
addShell(s, name="infest-cac-centos7",env=env, addShell(s, name="infest-cac-centos7",env=env,
sigtermTime=60, # SIGTERM 1 minute before SIGKILL sigtermTime=60, # SIGTERM 1 minute before SIGKILL
timeout=10800, # 3h timeout=10800, # 3h
@ -173,7 +172,7 @@
masterhost = "localhost"; masterhost = "localhost";
username = "testslave"; username = "testslave";
password = "krebspass"; password = "krebspass";
packages = with pkgs;[ git nix ]; packages = with pkgs;[ git nix gnumake jq rsync ];
# all nix commands will need a working nixpkgs installation # all nix commands will need a working nixpkgs installation
extraEnviron = { extraEnviron = {
NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; }; NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; };