Merge remote-tracking branch 'stro/master'
This commit is contained in:
commit
2474778636
41
krebs/1systems/hope/config.nix
Normal file
41
krebs/1systems/hope/config.nix
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
with import <stockholm/lib>;
|
||||||
|
{ config, pkgs, ... }: let
|
||||||
|
|
||||||
|
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||||
|
bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1";
|
||||||
|
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
<stockholm/krebs>
|
||||||
|
<stockholm/krebs/2configs>
|
||||||
|
<stockholm/krebs/2configs/os-templates/CAC-CentOS-7-64bit.nix>
|
||||||
|
|
||||||
|
<stockholm/krebs/2configs/secret-passwords.nix>
|
||||||
|
{
|
||||||
|
users.extraUsers = {
|
||||||
|
satan = {
|
||||||
|
name = "satan";
|
||||||
|
uid = 1338;
|
||||||
|
home = "/home/satan";
|
||||||
|
group = "users";
|
||||||
|
createHome = true;
|
||||||
|
useDefaultShell = true;
|
||||||
|
initialPassword = "test";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
krebs.build.host = config.krebs.hosts.hope;
|
||||||
|
|
||||||
|
networking = let
|
||||||
|
address = config.krebs.build.host.nets.internet.ip4.addr;
|
||||||
|
in {
|
||||||
|
defaultGateway = bestGuessGateway address;
|
||||||
|
interfaces.enp2s1.ip4 = singleton {
|
||||||
|
inherit address;
|
||||||
|
prefixLength = 24;
|
||||||
|
};
|
||||||
|
nameservers = ["8.8.8.8"];
|
||||||
|
};
|
||||||
|
}
|
3
krebs/1systems/hope/source.nix
Normal file
3
krebs/1systems/hope/source.nix
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
import <stockholm/krebs/source.nix> {
|
||||||
|
name = "hope";
|
||||||
|
}
|
@ -30,6 +30,38 @@ let
|
|||||||
});
|
});
|
||||||
in {
|
in {
|
||||||
hosts = {
|
hosts = {
|
||||||
|
hope = {
|
||||||
|
owner = config.krebs.users.krebs;
|
||||||
|
managed = true;
|
||||||
|
nets = {
|
||||||
|
internet = {
|
||||||
|
ip4.addr = "45.62.225.18";
|
||||||
|
aliases = [
|
||||||
|
"hope.i"
|
||||||
|
];
|
||||||
|
ssh.port = 45621;
|
||||||
|
};
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.77.4";
|
||||||
|
ip6.addr = "42:0:0:0:0:0:77:4";
|
||||||
|
aliases = [
|
||||||
|
"hope.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAsQVWCoNZZd77tYw1qEDlUsfcF0ld+jVorq2uR5il1D8sqER644l5
|
||||||
|
uaWxPQjSl27xdq5kvzIH24Ab6/xF2EDgE2fUTwpO5coBYafeiGyi5AwURQmYMp2a
|
||||||
|
2CV7uUAagFQaSzD0Aj796r1BXPn1IeE+uRSBmmc/+/7L0hweRGLiha34NOMZkq+4
|
||||||
|
A0pwI/CjnyRXdV4AqfORHXkelykJPATm+m3bC+KYogPBeNMP2AV2aYgY8a0UJPMK
|
||||||
|
fjAJCzxYJjiYxm8faJlm2U1bWytZODQa8pRZOrYQa4he2UoU6x78CNcrQkYLPOFC
|
||||||
|
K2Q7+B5WJNKV6CqYztXuU/6LTHJRmV0FiwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdLHRI29xJj1jmfSidE2Dh7EsDNszm+WH3Kj4zYBkP/";
|
||||||
|
};
|
||||||
hotdog = {
|
hotdog = {
|
||||||
owner = config.krebs.users.krebs;
|
owner = config.krebs.users.krebs;
|
||||||
managed = true;
|
managed = true;
|
||||||
|
@ -39,15 +39,6 @@ with import <stockholm/lib>;
|
|||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
|
||||||
#zalando project
|
|
||||||
services.postgresql = {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.postgresql;
|
|
||||||
};
|
|
||||||
virtualisation.docker.enable = true;
|
|
||||||
#users.users.mainUser.extraGroups = [ "docker" ];
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
lass.umts = {
|
lass.umts = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -91,6 +82,9 @@ with import <stockholm/lib>;
|
|||||||
client.enable = true;
|
client.enable = true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
services.mongodb.enable = true;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.mors;
|
krebs.build.host = config.krebs.hosts.mors;
|
||||||
|
@ -41,7 +41,11 @@ with import <stockholm/lib>;
|
|||||||
"/boot" = {
|
"/boot" = {
|
||||||
device = "/dev/sda1";
|
device = "/dev/sda1";
|
||||||
};
|
};
|
||||||
|
"/home" = {
|
||||||
|
device = "/dev/mapper/pool-home";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||||
|
};
|
||||||
"/tmp" = {
|
"/tmp" = {
|
||||||
device = "tmpfs";
|
device = "tmpfs";
|
||||||
fsType = "tmpfs";
|
fsType = "tmpfs";
|
||||||
|
@ -200,6 +200,7 @@ with import <stockholm/lib>;
|
|||||||
filter.INPUT.policy = "DROP";
|
filter.INPUT.policy = "DROP";
|
||||||
filter.FORWARD.policy = "DROP";
|
filter.FORWARD.policy = "DROP";
|
||||||
filter.INPUT.rules = [
|
filter.INPUT.rules = [
|
||||||
|
{ predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
|
||||||
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
|
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
|
||||||
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
|
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
|
||||||
{ predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
|
{ predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
|
||||||
|
@ -78,11 +78,13 @@ let
|
|||||||
and NOT to:shackspace \
|
and NOT to:shackspace \
|
||||||
and NOT to:c-base \
|
and NOT to:c-base \
|
||||||
and NOT from:security-alert@hpe.com \
|
and NOT from:security-alert@hpe.com \
|
||||||
and NOT to:nix-devel"\
|
and NOT to:nix-devel\
|
||||||
|
and NOT to:radio"\
|
||||||
"shack" "notmuch://?query=to:shackspace"\
|
"shack" "notmuch://?query=to:shackspace"\
|
||||||
"c-base" "notmuch://?query=to:c-base"\
|
"c-base" "notmuch://?query=to:c-base"\
|
||||||
"security" "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\
|
"security" "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\
|
||||||
"nix" "notmuch://?query=to:nix-devel"\
|
"nix" "notmuch://?query=to:nix-devel"\
|
||||||
|
"radio" "notmuch://?query=to:radio or tag:radio"\
|
||||||
"TODO" "notmuch://?query=tag:TODO"\
|
"TODO" "notmuch://?query=tag:TODO"\
|
||||||
"Starred" "notmuch://?query=tag:*"\
|
"Starred" "notmuch://?query=tag:*"\
|
||||||
"Archive" "notmuch://?query=tag:archive"\
|
"Archive" "notmuch://?query=tag:archive"\
|
||||||
@ -126,7 +128,7 @@ let
|
|||||||
|
|
||||||
bind index t noop
|
bind index t noop
|
||||||
bind pager t noop
|
bind pager t noop
|
||||||
macro index t "<modify-labels>+TODO\n" # tag as Archived
|
macro index t "<modify-labels>" # tag as Archived
|
||||||
|
|
||||||
# top index bar in email view
|
# top index bar in email view
|
||||||
set pager_index_lines=7
|
set pager_index_lines=7
|
||||||
|
@ -2,40 +2,16 @@
|
|||||||
|
|
||||||
let
|
let
|
||||||
|
|
||||||
scripts = lib.concatStringsSep "," [
|
|
||||||
good
|
|
||||||
delete
|
|
||||||
];
|
|
||||||
|
|
||||||
mpv = pkgs.symlinkJoin {
|
mpv = pkgs.symlinkJoin {
|
||||||
name = "mpv";
|
name = "mpv";
|
||||||
paths = [
|
paths = [
|
||||||
(pkgs.writeDashBin "mpv" ''
|
(pkgs.writeDashBin "mpv" ''
|
||||||
exec ${pkgs.mpv}/bin/mpv --no-config --script=${scripts} "$@"
|
exec ${pkgs.mpv}/bin/mpv --no-config "$@"
|
||||||
'')
|
'')
|
||||||
pkgs.mpv
|
pkgs.mpv
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
|
|
||||||
tmp_dir = "${dir}"
|
|
||||||
|
|
||||||
function move_current_track_${key}()
|
|
||||||
track = mp.get_property("path")
|
|
||||||
os.execute("mkdir -p '" .. tmp_dir .. "'")
|
|
||||||
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
|
|
||||||
print("moved '" .. track .. "' to " .. tmp_dir)
|
|
||||||
end
|
|
||||||
|
|
||||||
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
|
|
||||||
'';
|
|
||||||
|
|
||||||
good = moveToDir "G" "./.good";
|
|
||||||
delete = moveToDir "D" "./.graveyard";
|
|
||||||
|
|
||||||
up = moveToDir "U" "./up";
|
|
||||||
down = moveToDir "Y" "./down";
|
|
||||||
|
|
||||||
in {
|
in {
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
mpv
|
mpv
|
||||||
|
@ -31,6 +31,16 @@ let
|
|||||||
type = types.str;
|
type = types.str;
|
||||||
default = "default";
|
default = "default";
|
||||||
};
|
};
|
||||||
|
pppDefaults = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = ''
|
||||||
|
noipdefault
|
||||||
|
usepeerdns
|
||||||
|
defaultroute
|
||||||
|
persist
|
||||||
|
noauth
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs-1509 = import (pkgs.fetchFromGitHub {
|
nixpkgs-1509 = import (pkgs.fetchFromGitHub {
|
||||||
@ -71,7 +81,16 @@ let
|
|||||||
lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts
|
lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts
|
||||||
'';
|
'';
|
||||||
|
|
||||||
environment.wvdial.dialerDefaults = wvdial-defaults;
|
environment.etc = [
|
||||||
|
{
|
||||||
|
source = pkgs.writeText "wvdial.conf" wvdial-defaults;
|
||||||
|
target = "wvdial.conf";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
source = pkgs.writeText "wvdial" cfg.pppDefaults;
|
||||||
|
target = "ppp/peers/wvdial";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.umts = {
|
systemd.services.umts = {
|
||||||
description = "UMTS wvdial Service";
|
description = "UMTS wvdial Service";
|
||||||
|
@ -8,18 +8,6 @@ with import <stockholm/lib>;
|
|||||||
build = {
|
build = {
|
||||||
user = config.krebs.users.mv;
|
user = config.krebs.users.mv;
|
||||||
host = config.krebs.hosts.stro;
|
host = config.krebs.hosts.stro;
|
||||||
source = let
|
|
||||||
HOME = getEnv "HOME";
|
|
||||||
host = config.krebs.build.host;
|
|
||||||
in {
|
|
||||||
nixos-config.symlink = "stockholm/mv/1systems/${host.name}.nix";
|
|
||||||
secrets.file = "${HOME}/secrets/${host.name}";
|
|
||||||
stockholm.file = "${HOME}/stockholm";
|
|
||||||
nixpkgs.git = {
|
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
|
||||||
ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -27,7 +15,7 @@ with import <stockholm/lib>;
|
|||||||
<secrets>
|
<secrets>
|
||||||
<stockholm/krebs>
|
<stockholm/krebs>
|
||||||
<stockholm/tv/2configs/audit.nix>
|
<stockholm/tv/2configs/audit.nix>
|
||||||
<stockholm/tv/2configs/bash.nix>
|
<stockholm/tv/2configs/bash>
|
||||||
<stockholm/tv/2configs/exim-retiolum.nix>
|
<stockholm/tv/2configs/exim-retiolum.nix>
|
||||||
<stockholm/tv/2configs/hw/x220.nix>
|
<stockholm/tv/2configs/hw/x220.nix>
|
||||||
<stockholm/tv/2configs/im.nix>
|
<stockholm/tv/2configs/im.nix>
|
||||||
@ -40,7 +28,6 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/tv/2configs/xdg.nix>
|
<stockholm/tv/2configs/xdg.nix>
|
||||||
<stockholm/tv/2configs/xserver>
|
<stockholm/tv/2configs/xserver>
|
||||||
<stockholm/tv/3modules>
|
<stockholm/tv/3modules>
|
||||||
<stockholm/tv/5pkgs>
|
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.kernel.sysctl = {
|
boot.kernel.sysctl = {
|
||||||
@ -124,13 +111,13 @@ with import <stockholm/lib>;
|
|||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
binaryCaches = ["https://cache.nixos.org"];
|
binaryCaches = ["https://cache.nixos.org"];
|
||||||
# TODO check if both are required:
|
|
||||||
chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
|
|
||||||
requireSignedBinaryCaches = true;
|
requireSignedBinaryCaches = true;
|
||||||
useChroot = true;
|
# TODO check if both are required:
|
||||||
|
sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ];
|
||||||
|
useSandbox = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = false;
|
nixpkgs.config.packageOverrides = import <stockholm/tv/5pkgs> pkgs;
|
||||||
|
|
||||||
users = {
|
users = {
|
||||||
defaultUserShell = "/run/current-system/sw/bin/bash";
|
defaultUserShell = "/run/current-system/sw/bin/bash";
|
3
mv/1systems/stro/source.nix
Normal file
3
mv/1systems/stro/source.nix
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
import <stockholm/mv/source.nix> {
|
||||||
|
name = "stro";
|
||||||
|
}
|
23
mv/source.nix
Normal file
23
mv/source.nix
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
with import <stockholm/lib>;
|
||||||
|
host@{ name, override ? {} }: let
|
||||||
|
builder = if getEnv "dummy_secrets" == "true"
|
||||||
|
then "buildbot"
|
||||||
|
else "mv";
|
||||||
|
_file = <stockholm> + "/mv/1systems/${name}/source.nix";
|
||||||
|
in
|
||||||
|
evalSource (toString _file) [
|
||||||
|
{
|
||||||
|
nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix";
|
||||||
|
nixpkgs.git = {
|
||||||
|
# nixos-17.03
|
||||||
|
ref = mkDefault "94941cb0455bfc50b1bf63186cfad7136d629f78";
|
||||||
|
url = https://github.com/NixOS/nixpkgs;
|
||||||
|
};
|
||||||
|
secrets.file = getAttr builder {
|
||||||
|
buildbot = toString <stockholm/mv/dummy_secrets>;
|
||||||
|
mv = "/home/mv/secrets/${name}";
|
||||||
|
};
|
||||||
|
stockholm.file = toString <stockholm>;
|
||||||
|
}
|
||||||
|
override
|
||||||
|
]
|
Loading…
Reference in New Issue
Block a user