From 9b16cacddc9646ccdc276e22e7df14f5ebb0e203 Mon Sep 17 00:00:00 2001 From: nin Date: Tue, 27 Jun 2017 17:38:23 +0200 Subject: [PATCH 01/21] nin nixpkgs: 0afb6d7 -> 6916f24 --- nin/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix index 14ddb7920..4c6f5189b 100644 --- a/nin/2configs/nixpkgs.nix +++ b/nin/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "0afb6d7"; + ref = "6916f24"; }; } From 060ae725c32e6490d47bc3153de076ace26b59fd Mon Sep 17 00:00:00 2001 From: nin Date: Tue, 4 Jul 2017 22:41:16 +0200 Subject: [PATCH 02/21] nin nixpkgs 6916f24 -> 01c3847 --- nin/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix index 4c6f5189b..c46331b0d 100644 --- a/nin/2configs/nixpkgs.nix +++ b/nin/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "6916f24"; + ref = "01c3847"; }; } From 07295990e9fb81be72427779494ae1598c5e8fdc Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 10 Jul 2017 10:25:35 +0200 Subject: [PATCH 03/21] l nixpkgs: 2e983f1 -> d72efac --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 151242e45..f5a3bbf88 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "2e983f1"; + ref = "d72efac"; }; } From 512a47f75720e5308ab24d0a29a8a9e9c1d84c22 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 10 Jul 2017 19:49:14 +0200 Subject: [PATCH 04/21] l wine: add user to video group --- lass/2configs/wine.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index ee688e18c..d4a91e645 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -13,7 +13,10 @@ in { description = "user for running wine"; home = "/home/wine"; useDefaultShell = true; - extraGroups = [ "audio" ]; + extraGroups = [ + "audio" + "video" + ]; createHome = true; }; }; From 63e6a24908fe2d3da3b91cd7e86961d91f376375 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Jul 2017 00:07:22 +0200 Subject: [PATCH 05/21] l mail: use reverse_names --- lass/2configs/mail.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index e39c09b84..9a3c4e829 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -43,10 +43,14 @@ let set nm_record = yes set nm_record_tags = "-inbox me archive" set virtual_spoolfile=yes # enable virtual folders - set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail + + + set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail set from="lassulus@lassul.us" + alternates ^.*@lassul\.us$ ^.*@.*\.r$ set use_from=yes set envelope_from=yes + set reverse_name set sort=threads From 7e7d9ad90634438bd66c88a4be3f0c4d57aeb04d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Jul 2017 00:08:05 +0200 Subject: [PATCH 06/21] l mail: show recipent in mutt index --- lass/2configs/mail.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 9a3c4e829..6555b1b45 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -54,7 +54,15 @@ let set sort=threads - set index_format="%4C %Z %?GI?%GI& ? %[%d/%b] %-16.15F %?M?(%3M)& ? %s %> %?g?%g?" + set index_format="${pkgs.writeDash "mutt-index" '' + # http://www.mutt.org/doc/manual/#formatstrings + recipent="$(echo $1 | sed 's/.*<\([^>]*\).*/\1/')" + # output to mutt + # V + echo "%4C %Z %?GI?%GI& ? %[%d/%b] %-20.20a %?M?(%3M)& ? %s %> $recipent %?g?%g?%" + # args to mutt-index dash script + # V + ''} %r |" virtual-mailboxes \ "INBOX" "notmuch://?query=tag:inbox and NOT tag:killed"\ From 5efedd139a20d71268af2afd069dbd595414650f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Jul 2017 17:34:36 +0200 Subject: [PATCH 07/21] l default: add mainUser to wheel --- lass/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 27b74a30b..161db9422 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -36,6 +36,7 @@ with import ; extraGroups = [ "audio" "fuse" + "wheel" ]; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey From eb4a9b17627b2eadb4cabc9758d1cd7815dc53ec Mon Sep 17 00:00:00 2001 From: nin Date: Tue, 27 Jun 2017 17:38:23 +0200 Subject: [PATCH 08/21] nin nixpkgs: 0afb6d7 -> 6916f24 --- nin/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix index 14ddb7920..4c6f5189b 100644 --- a/nin/2configs/nixpkgs.nix +++ b/nin/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "0afb6d7"; + ref = "6916f24"; }; } From 8cc4a36b42eeff734b58a91164f6cabc5c55db38 Mon Sep 17 00:00:00 2001 From: nin Date: Tue, 4 Jul 2017 22:41:16 +0200 Subject: [PATCH 09/21] nin nixpkgs 6916f24 -> 01c3847 --- nin/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix index 4c6f5189b..c46331b0d 100644 --- a/nin/2configs/nixpkgs.nix +++ b/nin/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "6916f24"; + ref = "01c3847"; }; } From 070d282df215eb891f298ef2e3c147a78e139119 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 10 Jul 2017 10:25:35 +0200 Subject: [PATCH 10/21] l nixpkgs: 2e983f1 -> d72efac --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 151242e45..f5a3bbf88 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "2e983f1"; + ref = "d72efac"; }; } From a543ef02ce6f2565823d56ae3bfed4794db15392 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 10 Jul 2017 19:49:14 +0200 Subject: [PATCH 11/21] l wine: add user to video group --- lass/2configs/wine.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index ee688e18c..d4a91e645 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -13,7 +13,10 @@ in { description = "user for running wine"; home = "/home/wine"; useDefaultShell = true; - extraGroups = [ "audio" ]; + extraGroups = [ + "audio" + "video" + ]; createHome = true; }; }; From 2ff81c4a0d81e8387925dfcc66685e7206c131cf Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Jul 2017 00:07:22 +0200 Subject: [PATCH 12/21] l mail: use reverse_names --- lass/2configs/mail.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index e39c09b84..9a3c4e829 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -43,10 +43,14 @@ let set nm_record = yes set nm_record_tags = "-inbox me archive" set virtual_spoolfile=yes # enable virtual folders - set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail + + + set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail set from="lassulus@lassul.us" + alternates ^.*@lassul\.us$ ^.*@.*\.r$ set use_from=yes set envelope_from=yes + set reverse_name set sort=threads From 9215b5b6880c833721caa7572b7480c7912d7fd6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Jul 2017 00:08:05 +0200 Subject: [PATCH 13/21] l mail: show recipent in mutt index --- lass/2configs/mail.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 9a3c4e829..6555b1b45 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -54,7 +54,15 @@ let set sort=threads - set index_format="%4C %Z %?GI?%GI& ? %[%d/%b] %-16.15F %?M?(%3M)& ? %s %> %?g?%g?" + set index_format="${pkgs.writeDash "mutt-index" '' + # http://www.mutt.org/doc/manual/#formatstrings + recipent="$(echo $1 | sed 's/.*<\([^>]*\).*/\1/')" + # output to mutt + # V + echo "%4C %Z %?GI?%GI& ? %[%d/%b] %-20.20a %?M?(%3M)& ? %s %> $recipent %?g?%g?%" + # args to mutt-index dash script + # V + ''} %r |" virtual-mailboxes \ "INBOX" "notmuch://?query=tag:inbox and NOT tag:killed"\ From 3363a8746c9152709abcd5adbbcdc00c2df0ff39 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Jul 2017 11:26:24 +0200 Subject: [PATCH 14/21] move source config from module system to 1systems/*/source.nix --- .../{cloudkrebs.nix => cloudkrebs/config.nix} | 17 +++--- lass/1systems/cloudkrebs/source.nix | 3 + .../{dishfire.nix => dishfire/config.nix} | 9 ++- lass/1systems/dishfire/source.nix | 3 + .../{echelon.nix => echelon/config.nix} | 27 ++++----- lass/1systems/echelon/source.nix | 3 + .../{icarus.nix => icarus/config.nix} | 23 ++++---- lass/1systems/icarus/source.nix | 4 ++ lass/1systems/iso.nix | 11 ++-- lass/1systems/{mors.nix => mors/config.nix} | 43 +++++++------- lass/1systems/mors/source.nix | 4 ++ lass/1systems/{prism.nix => prism/config.nix} | 56 +++++++++---------- lass/1systems/prism/source.nix | 3 + .../{shodan.nix => shodan/config.nix} | 22 ++++---- lass/1systems/shodan/source.nix | 3 + lass/1systems/{uriel.nix => uriel/config.nix} | 6 +- lass/1systems/uriel/source.nix | 3 + lass/2configs/default.nix | 12 +--- lass/2configs/nixpkgs.nix | 8 --- lass/source.nix | 24 ++++++++ .../config.nix} | 2 +- .../test-all-krebs-modules/source.nix | 3 + .../{test-arch.nix => test-arch/config.nix} | 2 +- shared/1systems/test-arch/source.nix | 3 + .../config.nix} | 4 +- shared/1systems/test-centos6/source.nix | 3 + shared/1systems/test-centos7.nix | 16 ------ shared/1systems/test-centos7/config.nix | 16 ++++++ shared/1systems/test-centos7/source.nix | 3 + .../config.nix} | 2 +- shared/1systems/test-failing/source.nix | 3 + .../config.nix} | 2 +- .../1systems/test-minimal-deploy/source.nix | 3 + shared/1systems/{wolf.nix => wolf/config.nix} | 31 +++++----- shared/1systems/wolf/source.nix | 3 + shared/2configs/default.nix | 12 ---- shared/source.nix | 19 +++++++ 37 files changed, 229 insertions(+), 182 deletions(-) rename lass/1systems/{cloudkrebs.nix => cloudkrebs/config.nix} (53%) create mode 100644 lass/1systems/cloudkrebs/source.nix rename lass/1systems/{dishfire.nix => dishfire/config.nix} (93%) create mode 100644 lass/1systems/dishfire/source.nix rename lass/1systems/{echelon.nix => echelon/config.nix} (74%) create mode 100644 lass/1systems/echelon/source.nix rename lass/1systems/{icarus.nix => icarus/config.nix} (73%) create mode 100644 lass/1systems/icarus/source.nix rename lass/1systems/{mors.nix => mors/config.nix} (83%) create mode 100644 lass/1systems/mors/source.nix rename lass/1systems/{prism.nix => prism/config.nix} (88%) create mode 100644 lass/1systems/prism/source.nix rename lass/1systems/{shodan.nix => shodan/config.nix} (84%) create mode 100644 lass/1systems/shodan/source.nix rename lass/1systems/{uriel.nix => uriel/config.nix} (95%) create mode 100644 lass/1systems/uriel/source.nix delete mode 100644 lass/2configs/nixpkgs.nix create mode 100644 lass/source.nix rename shared/1systems/{test-all-krebs-modules.nix => test-all-krebs-modules/config.nix} (98%) create mode 100644 shared/1systems/test-all-krebs-modules/source.nix rename shared/1systems/{test-arch.nix => test-arch/config.nix} (95%) create mode 100644 shared/1systems/test-arch/source.nix rename shared/1systems/{test-centos6.nix => test-centos6/config.nix} (83%) create mode 100644 shared/1systems/test-centos6/source.nix delete mode 100644 shared/1systems/test-centos7.nix create mode 100644 shared/1systems/test-centos7/config.nix create mode 100644 shared/1systems/test-centos7/source.nix rename shared/1systems/{test-failing.nix => test-failing/config.nix} (83%) create mode 100644 shared/1systems/test-failing/source.nix rename shared/1systems/{test-minimal-deploy.nix => test-minimal-deploy/config.nix} (93%) create mode 100644 shared/1systems/test-minimal-deploy/source.nix rename shared/1systems/{wolf.nix => wolf/config.nix} (74%) create mode 100644 shared/1systems/wolf/source.nix create mode 100644 shared/source.nix diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs/config.nix similarity index 53% rename from lass/1systems/cloudkrebs.nix rename to lass/1systems/cloudkrebs/config.nix index e65b13d00..aa9a1f1ab 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs/config.nix @@ -1,18 +1,17 @@ { config, lib, pkgs, ... }: let - inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; - + inherit (import { inherit pkgs lib; }) getDefaultGateway; ip = config.krebs.build.host.nets.internet.ip4.addr; in { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/os-templates/CAC-CentOS-7-64bit.nix - ../2configs/exim-retiolum.nix - ../2configs/git.nix - ../2configs/realwallpaper.nix - ../2configs/privoxy-retiolum.nix + + + + + + + { networking.interfaces.enp2s1.ip4 = [ { diff --git a/lass/1systems/cloudkrebs/source.nix b/lass/1systems/cloudkrebs/source.nix new file mode 100644 index 000000000..99e71e755 --- /dev/null +++ b/lass/1systems/cloudkrebs/source.nix @@ -0,0 +1,3 @@ +import { + name = "cloudkrebs"; +} diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire/config.nix similarity index 93% rename from lass/1systems/dishfire.nix rename to lass/1systems/dishfire/config.nix index e12367aca..416edeb82 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire/config.nix @@ -2,11 +2,10 @@ { imports = [ - ../. - ../2configs/retiolum.nix + + - #../2configs/exim-retiolum.nix - ../2configs/git.nix + { boot.loader.grub = { device = "/dev/vda"; @@ -56,7 +55,7 @@ } { imports = [ - ../2configs/websites/fritz.nix + ]; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport http"; target = "ACCEPT"; } diff --git a/lass/1systems/dishfire/source.nix b/lass/1systems/dishfire/source.nix new file mode 100644 index 000000000..2445af130 --- /dev/null +++ b/lass/1systems/dishfire/source.nix @@ -0,0 +1,3 @@ +import { + name = "dishfire"; +} diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon/config.nix similarity index 74% rename from lass/1systems/echelon.nix rename to lass/1systems/echelon/config.nix index da8864011..f064a4788 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon/config.nix @@ -1,22 +1,20 @@ { config, lib, pkgs, ... }: let - inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; - + inherit (import { inherit pkgs lib; }) getDefaultGateway; ip = config.krebs.build.host.nets.internet.ip4.addr; in { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/os-templates/CAC-CentOS-7-64bit.nix - ../2configs/exim-retiolum.nix - ../2configs/realwallpaper.nix - ../2configs/privoxy-retiolum.nix - ../2configs/git.nix - #../2configs/redis.nix - ../2configs/go.nix - ../2configs/ircd.nix - ../2configs/newsbot-js.nix + + + + + + + + + + { networking.interfaces.enp2s1.ip4 = [ { @@ -34,9 +32,6 @@ in { sound.enable = false; } { - imports = [ - ../3modules/dnsmasq.nix - ]; lass.dnsmasq = { enable = true; config = '' diff --git a/lass/1systems/echelon/source.nix b/lass/1systems/echelon/source.nix new file mode 100644 index 000000000..96888d5a8 --- /dev/null +++ b/lass/1systems/echelon/source.nix @@ -0,0 +1,3 @@ +import { + name = "echelon"; +} diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus/config.nix similarity index 73% rename from lass/1systems/icarus.nix rename to lass/1systems/icarus/config.nix index 13c517e3b..791ce0f46 100644 --- a/lass/1systems/icarus.nix +++ b/lass/1systems/icarus/config.nix @@ -1,19 +1,18 @@ { config, pkgs, ... }: -with import ; { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/hw/tp-x220.nix - ../2configs/git.nix - ../2configs/exim-retiolum.nix - ../2configs/baseX.nix - ../2configs/browsers.nix - ../2configs/programs.nix - ../2configs/fetchWallpaper.nix - ../2configs/backups.nix - ../2configs/games.nix + + + + + + + + + + + ]; krebs.build.host = config.krebs.hosts.icarus; diff --git a/lass/1systems/icarus/source.nix b/lass/1systems/icarus/source.nix new file mode 100644 index 000000000..5b46a44f3 --- /dev/null +++ b/lass/1systems/icarus/source.nix @@ -0,0 +1,4 @@ +import { + name = "icarus"; + secure = true; +} diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index b45d5b228..820ef74b8 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -4,12 +4,11 @@ with import ; { imports = [ - ../../krebs - ../3modules - ../5pkgs - ../2configs/mc.nix - ../2configs/nixpkgs.nix - ../2configs/vim.nix + + + + + { # /dev/stderr doesn't work. I don't know why # /proc/self doesn't seem to work correctly diff --git a/lass/1systems/mors.nix b/lass/1systems/mors/config.nix similarity index 83% rename from lass/1systems/mors.nix rename to lass/1systems/mors/config.nix index 0bfd54515..bb0a4e23e 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors/config.nix @@ -3,28 +3,27 @@ with import ; { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/hw/tp-x220.nix - ../2configs/baseX.nix - ../2configs/exim-retiolum.nix - ../2configs/programs.nix - ../2configs/bitcoin.nix - ../2configs/browsers.nix - ../2configs/games.nix - ../2configs/pass.nix - ../2configs/elster.nix - ../2configs/steam.nix - ../2configs/wine.nix - ../2configs/git.nix - ../2configs/virtualbox.nix - ../2configs/fetchWallpaper.nix - #../2configs/c-base.nix - ../2configs/mail.nix - ../2configs/repo-sync.nix - ../2configs/ircd.nix - ../2configs/logf.nix - ../2configs/syncthing.nix + + + + + + + + + + + + + + + + + + + + + { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix new file mode 100644 index 000000000..a9dfa2eb6 --- /dev/null +++ b/lass/1systems/mors/source.nix @@ -0,0 +1,4 @@ +import { + name = "mors"; + secure = true; +} diff --git a/lass/1systems/prism.nix b/lass/1systems/prism/config.nix similarity index 88% rename from lass/1systems/prism.nix rename to lass/1systems/prism/config.nix index 531dec9df..9faa4d473 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism/config.nix @@ -4,13 +4,9 @@ with import ; let ip = config.krebs.build.host.nets.internet.ip4.addr; - inherit (import {inherit lib pkgs;}) - manageCerts - ; - in { imports = [ - ../. + { networking.interfaces.et0.ip4 = [ { @@ -26,33 +22,33 @@ in { SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" ''; } - ../2configs/retiolum.nix - ../2configs/exim-smarthost.nix - ../2configs/downloading.nix - ../2configs/ts3.nix - ../2configs/bitlbee.nix - ../2configs/weechat.nix - ../2configs/privoxy-retiolum.nix - ../2configs/radio.nix - ../2configs/buildbot-standalone.nix - ../2configs/repo-sync.nix - ../2configs/binary-cache/server.nix - ../2configs/iodined.nix - ../2configs/libvirt.nix - ../2configs/hfos.nix - ../2configs/makefu-sip.nix - ../2configs/monitoring/server.nix - ../2configs/monitoring/monit-alarms.nix - ../2configs/paste.nix - ../2configs/syncthing.nix - ../2configs/coders-irc.nix - ../2configs/ciko.nix + + + + + + + + + + + + + + + + + + + + + { lass.pyload.enable = true; } { imports = [ - ../2configs/bepasty.nix + ]; krebs.bepasty.servers."paste.r".nginx.extraConfig = '' if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { @@ -170,8 +166,8 @@ in { } { imports = [ - ../2configs/websites/domsen.nix - ../2configs/websites/lassulus.nix + + ]; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport http"; target = "ACCEPT"; } @@ -195,7 +191,7 @@ in { } { imports = [ - ../2configs/realwallpaper.nix + ]; services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' alias /var/realwallpaper/realwallpaper.png; diff --git a/lass/1systems/prism/source.nix b/lass/1systems/prism/source.nix new file mode 100644 index 000000000..557fbf509 --- /dev/null +++ b/lass/1systems/prism/source.nix @@ -0,0 +1,3 @@ +import { + name = "prism"; +} diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan/config.nix similarity index 84% rename from lass/1systems/shodan.nix rename to lass/1systems/shodan/config.nix index 044e2ccf8..a68471aa0 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan/config.nix @@ -3,17 +3,17 @@ with import ; { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/hw/tp-x220.nix - ../2configs/baseX.nix - ../2configs/git.nix - ../2configs/exim-retiolum.nix - ../2configs/browsers.nix - ../2configs/programs.nix - ../2configs/fetchWallpaper.nix - ../2configs/backups.nix - ../2configs/wine.nix + + + + + + + + + + + #{ # users.extraUsers = { # root = { diff --git a/lass/1systems/shodan/source.nix b/lass/1systems/shodan/source.nix new file mode 100644 index 000000000..be24ae2d5 --- /dev/null +++ b/lass/1systems/shodan/source.nix @@ -0,0 +1,3 @@ +import { + name = "shodan"; +} diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel/config.nix similarity index 95% rename from lass/1systems/uriel.nix rename to lass/1systems/uriel/config.nix index b84fec317..70bef9883 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel/config.nix @@ -4,9 +4,9 @@ with builtins; with import ; { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/exim-retiolum.nix + + + { # locke config i18n.defaultLocale ="de_DE.UTF-8"; diff --git a/lass/1systems/uriel/source.nix b/lass/1systems/uriel/source.nix new file mode 100644 index 000000000..11d6e1c34 --- /dev/null +++ b/lass/1systems/uriel/source.nix @@ -0,0 +1,3 @@ +import { + name = "uriel"; +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 27b74a30b..c643fa130 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -6,7 +6,6 @@ with import ; ../2configs/binary-cache/client.nix ../2configs/gc.nix ../2configs/mc.nix - ../2configs/nixpkgs.nix ../2configs/vim.nix ../2configs/monitoring/client.nix ./htop.nix @@ -71,16 +70,7 @@ with import ; krebs = { enable = true; search-domain = "r"; - build = { - user = config.krebs.users.lass; - source = let inherit (config.krebs.build) host; in { - nixos-config.symlink = "stockholm/lass/1systems/${host.name}.nix"; - secrets.file = - if getEnv "dummy_secrets" == "true" - then toString - else "/home/lass/secrets/${host.name}"; - }; - }; + build.user = config.krebs.users.lass; }; nix.useSandbox = true; diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix deleted file mode 100644 index f5a3bbf88..000000000 --- a/lass/2configs/nixpkgs.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - krebs.build.source.nixpkgs.git = { - url = https://cgit.lassul.us/nixpkgs; - ref = "d72efac"; - }; -} diff --git a/lass/source.nix b/lass/source.nix new file mode 100644 index 000000000..a4e9d9d6a --- /dev/null +++ b/lass/source.nix @@ -0,0 +1,24 @@ +with import ; +host@{ name, secure ? false }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "lass"; + _file = + "/lass/1systems/${name}/source.nix"; +in + evalSource (toString _file) { + nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; + secrets.file = getAttr builder { + buildbot = toString ; + lass = "/home/lass/secrets/${name}"; + }; + stockholm.file = toString ; + nixpkgs.git = { + url = https://cgit.lassul.us/nixpkgs; + # nixos-17.03 + # + copytoram: + # 87a4615 & 334ac4f + # + acme permissions for groups + # fd7a8f1 + ref = "0aac3fc"; + }; + } diff --git a/shared/1systems/test-all-krebs-modules.nix b/shared/1systems/test-all-krebs-modules/config.nix similarity index 98% rename from shared/1systems/test-all-krebs-modules.nix rename to shared/1systems/test-all-krebs-modules/config.nix index 39d7c494b..7ebcf3b50 100644 --- a/shared/1systems/test-all-krebs-modules.nix +++ b/shared/1systems/test-all-krebs-modules/config.nix @@ -3,7 +3,7 @@ let en = { enable = true;}; in { imports = [ - ../. + ]; krebs = { enable = true; diff --git a/shared/1systems/test-all-krebs-modules/source.nix b/shared/1systems/test-all-krebs-modules/source.nix new file mode 100644 index 000000000..58d72365f --- /dev/null +++ b/shared/1systems/test-all-krebs-modules/source.nix @@ -0,0 +1,3 @@ +import { + name = "test-all-krebs-modules"; +} diff --git a/shared/1systems/test-arch.nix b/shared/1systems/test-arch/config.nix similarity index 95% rename from shared/1systems/test-arch.nix rename to shared/1systems/test-arch/config.nix index a13fea425..453483d48 100644 --- a/shared/1systems/test-arch.nix +++ b/shared/1systems/test-arch/config.nix @@ -2,7 +2,7 @@ { imports = [ - ../. + { boot.loader.grub = { device = "/dev/sda"; diff --git a/shared/1systems/test-arch/source.nix b/shared/1systems/test-arch/source.nix new file mode 100644 index 000000000..ca2305684 --- /dev/null +++ b/shared/1systems/test-arch/source.nix @@ -0,0 +1,3 @@ +import { + name = "test-arch"; +} diff --git a/shared/1systems/test-centos6.nix b/shared/1systems/test-centos6/config.nix similarity index 83% rename from shared/1systems/test-centos6.nix rename to shared/1systems/test-centos6/config.nix index ebcece383..a81ff7c51 100644 --- a/shared/1systems/test-centos6.nix +++ b/shared/1systems/test-centos6/config.nix @@ -7,8 +7,8 @@ let gw = "168.235.148.1"; in { imports = [ - ../. - ../2configs/os-templates/CAC-CentOS-6.5-64bit.nix + + { networking.interfaces.enp11s0.ip4 = [ { diff --git a/shared/1systems/test-centos6/source.nix b/shared/1systems/test-centos6/source.nix new file mode 100644 index 000000000..0c7c78ec0 --- /dev/null +++ b/shared/1systems/test-centos6/source.nix @@ -0,0 +1,3 @@ +import { + name = "test-centos6"; +} diff --git a/shared/1systems/test-centos7.nix b/shared/1systems/test-centos7.nix deleted file mode 100644 index 9ea063c9b..000000000 --- a/shared/1systems/test-centos7.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) head; - -in { - imports = [ - ../. - ../2configs/os-templates/CAC-CentOS-7-64bit.nix - ../2configs/temp/networking.nix - ../2configs/temp/dirs.nix - ]; - - sound.enable = false; - krebs.build.host = config.krebs.hosts.test-centos7; -} diff --git a/shared/1systems/test-centos7/config.nix b/shared/1systems/test-centos7/config.nix new file mode 100644 index 000000000..58f99e87c --- /dev/null +++ b/shared/1systems/test-centos7/config.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) head; + +in { + imports = [ + + + + + ]; + + sound.enable = false; + krebs.build.host = config.krebs.hosts.test-centos7; +} diff --git a/shared/1systems/test-centos7/source.nix b/shared/1systems/test-centos7/source.nix new file mode 100644 index 000000000..5144477fe --- /dev/null +++ b/shared/1systems/test-centos7/source.nix @@ -0,0 +1,3 @@ +import { + name = "test-centos7"; +} diff --git a/shared/1systems/test-failing.nix b/shared/1systems/test-failing/config.nix similarity index 83% rename from shared/1systems/test-failing.nix rename to shared/1systems/test-failing/config.nix index fe1c2cb65..fb6a58397 100644 --- a/shared/1systems/test-failing.nix +++ b/shared/1systems/test-failing/config.nix @@ -2,7 +2,7 @@ { imports = [ - ../. + ]; programs.ssh.startAgent = true; programs.ssh.startAgent = false; diff --git a/shared/1systems/test-failing/source.nix b/shared/1systems/test-failing/source.nix new file mode 100644 index 000000000..3e17d0b52 --- /dev/null +++ b/shared/1systems/test-failing/source.nix @@ -0,0 +1,3 @@ +import { + name = "test-failing"; +} diff --git a/shared/1systems/test-minimal-deploy.nix b/shared/1systems/test-minimal-deploy/config.nix similarity index 93% rename from shared/1systems/test-minimal-deploy.nix rename to shared/1systems/test-minimal-deploy/config.nix index bec2b38d5..eab703671 100644 --- a/shared/1systems/test-minimal-deploy.nix +++ b/shared/1systems/test-minimal-deploy/config.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: { imports = [ - ../. + ]; krebs = { enable = true; diff --git a/shared/1systems/test-minimal-deploy/source.nix b/shared/1systems/test-minimal-deploy/source.nix new file mode 100644 index 000000000..2368cdd49 --- /dev/null +++ b/shared/1systems/test-minimal-deploy/source.nix @@ -0,0 +1,3 @@ +import { + name = "test-minimal-deploy"; +} diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf/config.nix similarity index 74% rename from shared/1systems/wolf.nix rename to shared/1systems/wolf/config.nix index 584ee0373..636f8e822 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf/config.nix @@ -4,24 +4,24 @@ let in { imports = [ - ../. + - ../2configs/collectd-base.nix - ../2configs/central-stats-client.nix - ../2configs/save-diskspace.nix + + + - ../2configs/cgit-mirror.nix - ../2configs/graphite.nix - ../2configs/repo-sync.nix - ../2configs/shared-buildbot.nix + + + + - ../2configs/shack/worlddomination.nix - ../2configs/shack/drivedroid.nix - # ../2configs/shack/nix-cacher.nix - ../2configs/shack/mqtt_sub.nix - ../2configs/shack/muell_caller.nix - ../2configs/shack/radioactive.nix - ../2configs/shack/share.nix + + + # + + + + ]; # use your own binary cache, fallback use cache.nixos.org (which is used by @@ -43,6 +43,7 @@ in }; nix = { + # use the up to date prism cache binaryCaches = [ "http://cache.prism.r" "https://cache.nixos.org/" diff --git a/shared/1systems/wolf/source.nix b/shared/1systems/wolf/source.nix new file mode 100644 index 000000000..d2bc4952a --- /dev/null +++ b/shared/1systems/wolf/source.nix @@ -0,0 +1,3 @@ +import { + name = "wolf"; +} diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index 398f125e4..2146f42e8 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -7,18 +7,6 @@ with import ; # TODO rename shared user to "krebs" krebs.build.user = mkDefault config.krebs.users.shared; - krebs.build.source = let inherit (config.krebs.build) host user; in { - nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "72c9ed78d0b1d9d5f531805ddf5bf06bfd447614"; # nixos-17.03 @ 2017-06-17 - }; - secrets.file = - if getEnv "dummy_secrets" == "true" - then toString - else "${getEnv "HOME"}/secrets/krebs/${host.name}"; - stockholm.file = getEnv "PWD"; - }; networking.hostName = config.krebs.build.host.name; diff --git a/shared/source.nix b/shared/source.nix new file mode 100644 index 000000000..8ec9fbb6f --- /dev/null +++ b/shared/source.nix @@ -0,0 +1,19 @@ +with import ; +host@{ name, secure ? false }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "shared"; + _file = + "/shared/1systems/${name}/source.nix"; +in + evalSource (toString _file) { + nixos-config.symlink = "stockholm/shared/1systems/${name}/config.nix"; + secrets.file = getAttr builder { + buildbot = toString ; + lass = "${getEnv "HOME"}/secrets/krebs/${host.name}"; + }; + stockholm.file = toString ; + nixpkgs.git = { + url = https://github.com/NixOS/nixpkgs; + ref = "72c9ed78d0b1d9d5f531805ddf5bf06bfd447614"; # nixos-17.03 @ 2017-06-17 + }; + } From a03ded0b93077f5d028d6df47aceaee7f28f4847 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Jul 2017 17:55:58 +0200 Subject: [PATCH 15/21] lass: add dnsmasq to modules --- lass/3modules/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index fd353e008..e7744395d 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -1,6 +1,7 @@ _: { imports = [ + ./dnsmasq.nix ./ejabberd ./folderPerms.nix ./hosts.nix From be2a5a88c4914f27571e19ffd73389fc0cb6c3d9 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 12 Jul 2017 17:53:41 +0200 Subject: [PATCH 16/21] lib.eval-source: allow source to be a list --- lib/eval-source.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/eval-source.nix b/lib/eval-source.nix index de5f0b43c..468fc92d1 100644 --- a/lib/eval-source.nix +++ b/lib/eval-source.nix @@ -3,13 +3,11 @@ let eval = _file: source: evalModules { modules = singleton { inherit _file; + imports = map (source: { inherit source; }) (toList source); options.source = mkOption { type = types.attrsOf types.source; default = {}; }; - config = { - inherit source; - }; }; }; in From 007608f01290516f45eeb56874d507bca01fb57d Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 12 Jul 2017 18:00:23 +0200 Subject: [PATCH 17/21] tv source: make nixpkgs ref easily overridable --- tv/source.nix | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/tv/source.nix b/tv/source.nix index 7306cd954..4ede976d3 100644 --- a/tv/source.nix +++ b/tv/source.nix @@ -1,22 +1,27 @@ with import ; -host@{ name, secure ? false }: let +host@{ name, secure ? false, override ? {} }: let builder = if getEnv "dummy_secrets" == "true" then "buildbot" else "tv"; _file = + "/tv/1systems/${name}/source.nix"; in - evalSource (toString _file) { - nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix"; - secrets.file = getAttr builder { - buildbot = toString ; - tv = "/home/tv/secrets/${name}"; - }; - stockholm.file = toString ; - secrets-common.file = "/home/tv/secrets/common"; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "1b57bf274ae5c76e91b2b264d8aa8bfcecb72102"; # nixos-17.03 - }; - } // optionalAttrs secure { - secrets-master.file = "/home/tv/secrets/master"; - } + evalSource (toString _file) [ + { + nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix"; + nixpkgs.git = { + # nixos-17.03 + ref = mkDefault "1b57bf274ae5c76e91b2b264d8aa8bfcecb72102"; + url = https://github.com/NixOS/nixpkgs; + }; + secrets.file = getAttr builder { + buildbot = toString ; + tv = "/home/tv/secrets/${name}"; + }; + secrets-common.file = "/home/tv/secrets/common"; + stockholm.file = toString ; + } + (mkIf secure { + secrets-master.file = "/home/tv/secrets/master"; + }) + override + ] From cd47613a4d8daf185f4ac0f8ef43af11985a2f65 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 12 Jul 2017 18:01:18 +0200 Subject: [PATCH 18/21] tv alnus source: overrid nixpkgs ref --- tv/1systems/alnus/config.nix | 1 - tv/1systems/alnus/source.nix | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix index d08a2901b..dd9e594fc 100644 --- a/tv/1systems/alnus/config.nix +++ b/tv/1systems/alnus/config.nix @@ -58,7 +58,6 @@ with import ; krebs.build = { host = config.krebs.hosts.alnus; user = mkForce config.krebs.users.dv; - source.nixpkgs.git.ref = mkForce "9b948ea439ddbaa26740ce35543e7e35d2aa6d18"; }; networking.networkmanager.enable = true; diff --git a/tv/1systems/alnus/source.nix b/tv/1systems/alnus/source.nix index f9dcefee6..c3ed4dcfb 100644 --- a/tv/1systems/alnus/source.nix +++ b/tv/1systems/alnus/source.nix @@ -1,3 +1,4 @@ import { name = "alnus"; + override.nixpkgs.git.ref = "9b948ea439ddbaa26740ce35543e7e35d2aa6d18"; } From f214de2226c430ccfa8b5b50d2f52b57969c7264 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Jul 2017 20:09:09 +0200 Subject: [PATCH 19/21] lass mors&icarus: swap hardware --- lass/1systems/icarus/config.nix | 2 +- lass/1systems/mors/config.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 791ce0f46..1d20c081a 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -54,7 +54,7 @@ }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index bb0a4e23e..45b3f740f 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -47,7 +47,7 @@ with import ; { lass.umts = { enable = true; - modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09"; + modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_C12AD95CB7B78F90-if09"; initstrings = '' Init1 = AT+CFUN=1 Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 @@ -128,7 +128,7 @@ with import ; }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; From 957db9d3e81005135f439bddfaf7cdf333a59c9d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Jul 2017 20:10:17 +0200 Subject: [PATCH 20/21] l mail: show multiple recipents --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 6555b1b45..9f5e3d523 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -56,7 +56,7 @@ let set index_format="${pkgs.writeDash "mutt-index" '' # http://www.mutt.org/doc/manual/#formatstrings - recipent="$(echo $1 | sed 's/.*<\([^>]*\).*/\1/')" + recipent="$(echo $1 | sed 's/[^,]*<\([^>]*\)[^,]*/ \1/g')" # output to mutt # V echo "%4C %Z %?GI?%GI& ? %[%d/%b] %-20.20a %?M?(%3M)& ? %s %> $recipent %?g?%g?%" From 59bf838bf86021f7513e4b58e4f4df5814e29dba Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Jul 2017 20:10:42 +0200 Subject: [PATCH 21/21] l git: announce staging* branches --- lass/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 5f686e26e..4137c482e 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -65,7 +65,7 @@ let server = "ni.r"; verbose = config.krebs.build.host.name == "prism"; # TODO define branches in some kind of option per repo - branches = [ "master" ]; + branches = [ "master" "staging*" ]; }; }; };