Merge remote-tracking branch 'stro/master'
This commit is contained in:
commit
2474778636
41
krebs/1systems/hope/config.nix
Normal file
41
krebs/1systems/hope/config.nix
Normal file
@ -0,0 +1,41 @@
|
||||
with import <stockholm/lib>;
|
||||
{ config, pkgs, ... }: let
|
||||
|
||||
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1";
|
||||
|
||||
in {
|
||||
imports = [
|
||||
<stockholm/krebs>
|
||||
<stockholm/krebs/2configs>
|
||||
<stockholm/krebs/2configs/os-templates/CAC-CentOS-7-64bit.nix>
|
||||
|
||||
<stockholm/krebs/2configs/secret-passwords.nix>
|
||||
{
|
||||
users.extraUsers = {
|
||||
satan = {
|
||||
name = "satan";
|
||||
uid = 1338;
|
||||
home = "/home/satan";
|
||||
group = "users";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
initialPassword = "test";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.hope;
|
||||
|
||||
networking = let
|
||||
address = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
in {
|
||||
defaultGateway = bestGuessGateway address;
|
||||
interfaces.enp2s1.ip4 = singleton {
|
||||
inherit address;
|
||||
prefixLength = 24;
|
||||
};
|
||||
nameservers = ["8.8.8.8"];
|
||||
};
|
||||
}
|
3
krebs/1systems/hope/source.nix
Normal file
3
krebs/1systems/hope/source.nix
Normal file
@ -0,0 +1,3 @@
|
||||
import <stockholm/krebs/source.nix> {
|
||||
name = "hope";
|
||||
}
|
@ -30,6 +30,38 @@ let
|
||||
});
|
||||
in {
|
||||
hosts = {
|
||||
hope = {
|
||||
owner = config.krebs.users.krebs;
|
||||
managed = true;
|
||||
nets = {
|
||||
internet = {
|
||||
ip4.addr = "45.62.225.18";
|
||||
aliases = [
|
||||
"hope.i"
|
||||
];
|
||||
ssh.port = 45621;
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.77.4";
|
||||
ip6.addr = "42:0:0:0:0:0:77:4";
|
||||
aliases = [
|
||||
"hope.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAsQVWCoNZZd77tYw1qEDlUsfcF0ld+jVorq2uR5il1D8sqER644l5
|
||||
uaWxPQjSl27xdq5kvzIH24Ab6/xF2EDgE2fUTwpO5coBYafeiGyi5AwURQmYMp2a
|
||||
2CV7uUAagFQaSzD0Aj796r1BXPn1IeE+uRSBmmc/+/7L0hweRGLiha34NOMZkq+4
|
||||
A0pwI/CjnyRXdV4AqfORHXkelykJPATm+m3bC+KYogPBeNMP2AV2aYgY8a0UJPMK
|
||||
fjAJCzxYJjiYxm8faJlm2U1bWytZODQa8pRZOrYQa4he2UoU6x78CNcrQkYLPOFC
|
||||
K2Q7+B5WJNKV6CqYztXuU/6LTHJRmV0FiwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdLHRI29xJj1jmfSidE2Dh7EsDNszm+WH3Kj4zYBkP/";
|
||||
};
|
||||
hotdog = {
|
||||
owner = config.krebs.users.krebs;
|
||||
managed = true;
|
||||
|
@ -39,15 +39,6 @@ with import <stockholm/lib>;
|
||||
enable = true;
|
||||
};
|
||||
}
|
||||
{
|
||||
#zalando project
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql;
|
||||
};
|
||||
virtualisation.docker.enable = true;
|
||||
#users.users.mainUser.extraGroups = [ "docker" ];
|
||||
}
|
||||
{
|
||||
lass.umts = {
|
||||
enable = true;
|
||||
@ -91,6 +82,9 @@ with import <stockholm/lib>;
|
||||
client.enable = true;
|
||||
};
|
||||
}
|
||||
{
|
||||
services.mongodb.enable = true;
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.mors;
|
||||
|
@ -41,7 +41,11 @@ with import <stockholm/lib>;
|
||||
"/boot" = {
|
||||
device = "/dev/sda1";
|
||||
};
|
||||
|
||||
"/home" = {
|
||||
device = "/dev/mapper/pool-home";
|
||||
fsType = "btrfs";
|
||||
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||
};
|
||||
"/tmp" = {
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
|
@ -200,6 +200,7 @@ with import <stockholm/lib>;
|
||||
filter.INPUT.policy = "DROP";
|
||||
filter.FORWARD.policy = "DROP";
|
||||
filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
|
||||
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
|
||||
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
|
||||
{ predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
|
||||
|
@ -78,11 +78,13 @@ let
|
||||
and NOT to:shackspace \
|
||||
and NOT to:c-base \
|
||||
and NOT from:security-alert@hpe.com \
|
||||
and NOT to:nix-devel"\
|
||||
and NOT to:nix-devel\
|
||||
and NOT to:radio"\
|
||||
"shack" "notmuch://?query=to:shackspace"\
|
||||
"c-base" "notmuch://?query=to:c-base"\
|
||||
"security" "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\
|
||||
"nix" "notmuch://?query=to:nix-devel"\
|
||||
"radio" "notmuch://?query=to:radio or tag:radio"\
|
||||
"TODO" "notmuch://?query=tag:TODO"\
|
||||
"Starred" "notmuch://?query=tag:*"\
|
||||
"Archive" "notmuch://?query=tag:archive"\
|
||||
@ -126,7 +128,7 @@ let
|
||||
|
||||
bind index t noop
|
||||
bind pager t noop
|
||||
macro index t "<modify-labels>+TODO\n" # tag as Archived
|
||||
macro index t "<modify-labels>" # tag as Archived
|
||||
|
||||
# top index bar in email view
|
||||
set pager_index_lines=7
|
||||
|
@ -2,40 +2,16 @@
|
||||
|
||||
let
|
||||
|
||||
scripts = lib.concatStringsSep "," [
|
||||
good
|
||||
delete
|
||||
];
|
||||
|
||||
mpv = pkgs.symlinkJoin {
|
||||
name = "mpv";
|
||||
paths = [
|
||||
(pkgs.writeDashBin "mpv" ''
|
||||
exec ${pkgs.mpv}/bin/mpv --no-config --script=${scripts} "$@"
|
||||
exec ${pkgs.mpv}/bin/mpv --no-config "$@"
|
||||
'')
|
||||
pkgs.mpv
|
||||
];
|
||||
};
|
||||
|
||||
moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
|
||||
tmp_dir = "${dir}"
|
||||
|
||||
function move_current_track_${key}()
|
||||
track = mp.get_property("path")
|
||||
os.execute("mkdir -p '" .. tmp_dir .. "'")
|
||||
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
|
||||
print("moved '" .. track .. "' to " .. tmp_dir)
|
||||
end
|
||||
|
||||
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
|
||||
'';
|
||||
|
||||
good = moveToDir "G" "./.good";
|
||||
delete = moveToDir "D" "./.graveyard";
|
||||
|
||||
up = moveToDir "U" "./up";
|
||||
down = moveToDir "Y" "./down";
|
||||
|
||||
in {
|
||||
environment.systemPackages = [
|
||||
mpv
|
||||
|
@ -31,6 +31,16 @@ let
|
||||
type = types.str;
|
||||
default = "default";
|
||||
};
|
||||
pppDefaults = mkOption {
|
||||
type = types.str;
|
||||
default = ''
|
||||
noipdefault
|
||||
usepeerdns
|
||||
defaultroute
|
||||
persist
|
||||
noauth
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
nixpkgs-1509 = import (pkgs.fetchFromGitHub {
|
||||
@ -71,7 +81,16 @@ let
|
||||
lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts
|
||||
'';
|
||||
|
||||
environment.wvdial.dialerDefaults = wvdial-defaults;
|
||||
environment.etc = [
|
||||
{
|
||||
source = pkgs.writeText "wvdial.conf" wvdial-defaults;
|
||||
target = "wvdial.conf";
|
||||
}
|
||||
{
|
||||
source = pkgs.writeText "wvdial" cfg.pppDefaults;
|
||||
target = "ppp/peers/wvdial";
|
||||
}
|
||||
];
|
||||
|
||||
systemd.services.umts = {
|
||||
description = "UMTS wvdial Service";
|
||||
|
@ -8,18 +8,6 @@ with import <stockholm/lib>;
|
||||
build = {
|
||||
user = config.krebs.users.mv;
|
||||
host = config.krebs.hosts.stro;
|
||||
source = let
|
||||
HOME = getEnv "HOME";
|
||||
host = config.krebs.build.host;
|
||||
in {
|
||||
nixos-config.symlink = "stockholm/mv/1systems/${host.name}.nix";
|
||||
secrets.file = "${HOME}/secrets/${host.name}";
|
||||
stockholm.file = "${HOME}/stockholm";
|
||||
nixpkgs.git = {
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@ -27,7 +15,7 @@ with import <stockholm/lib>;
|
||||
<secrets>
|
||||
<stockholm/krebs>
|
||||
<stockholm/tv/2configs/audit.nix>
|
||||
<stockholm/tv/2configs/bash.nix>
|
||||
<stockholm/tv/2configs/bash>
|
||||
<stockholm/tv/2configs/exim-retiolum.nix>
|
||||
<stockholm/tv/2configs/hw/x220.nix>
|
||||
<stockholm/tv/2configs/im.nix>
|
||||
@ -40,7 +28,6 @@ with import <stockholm/lib>;
|
||||
<stockholm/tv/2configs/xdg.nix>
|
||||
<stockholm/tv/2configs/xserver>
|
||||
<stockholm/tv/3modules>
|
||||
<stockholm/tv/5pkgs>
|
||||
];
|
||||
|
||||
boot.kernel.sysctl = {
|
||||
@ -124,13 +111,13 @@ with import <stockholm/lib>;
|
||||
|
||||
nix = {
|
||||
binaryCaches = ["https://cache.nixos.org"];
|
||||
# TODO check if both are required:
|
||||
chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
|
||||
requireSignedBinaryCaches = true;
|
||||
useChroot = true;
|
||||
# TODO check if both are required:
|
||||
sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ];
|
||||
useSandbox = true;
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = false;
|
||||
nixpkgs.config.packageOverrides = import <stockholm/tv/5pkgs> pkgs;
|
||||
|
||||
users = {
|
||||
defaultUserShell = "/run/current-system/sw/bin/bash";
|
3
mv/1systems/stro/source.nix
Normal file
3
mv/1systems/stro/source.nix
Normal file
@ -0,0 +1,3 @@
|
||||
import <stockholm/mv/source.nix> {
|
||||
name = "stro";
|
||||
}
|
23
mv/source.nix
Normal file
23
mv/source.nix
Normal file
@ -0,0 +1,23 @@
|
||||
with import <stockholm/lib>;
|
||||
host@{ name, override ? {} }: let
|
||||
builder = if getEnv "dummy_secrets" == "true"
|
||||
then "buildbot"
|
||||
else "mv";
|
||||
_file = <stockholm> + "/mv/1systems/${name}/source.nix";
|
||||
in
|
||||
evalSource (toString _file) [
|
||||
{
|
||||
nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix";
|
||||
nixpkgs.git = {
|
||||
# nixos-17.03
|
||||
ref = mkDefault "94941cb0455bfc50b1bf63186cfad7136d629f78";
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
};
|
||||
secrets.file = getAttr builder {
|
||||
buildbot = toString <stockholm/mv/dummy_secrets>;
|
||||
mv = "/home/mv/secrets/${name}";
|
||||
};
|
||||
stockholm.file = toString <stockholm>;
|
||||
}
|
||||
override
|
||||
]
|
Loading…
Reference in New Issue
Block a user