Merge remote-tracking branch 'prism/master'
This commit is contained in:
commit
cc4e5322ae
@ -36,7 +36,7 @@
|
|||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = "BLN02NB0154"; # Define your hostname.
|
networking.hostName = lib.mkForce "BLN02NB0154"; # Define your hostname.
|
||||||
networking.networkmanager.enable = true;
|
networking.networkmanager.enable = true;
|
||||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||||
|
|
||||||
|
45
jeschli/1systems/enklave/config.nix
Normal file
45
jeschli/1systems/enklave/config.nix
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
<stockholm/jeschli>
|
||||||
|
<stockholm/jeschli/2configs/retiolum.nix>
|
||||||
|
<stockholm/jeschli/2configs/os-templates/CentOS-7-64bit.nix>
|
||||||
|
{
|
||||||
|
networking.dhcpcd.allowInterfaces = [
|
||||||
|
"enp*"
|
||||||
|
"eth*"
|
||||||
|
"ens*"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
services.openssh.enable = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
sound.enable = false;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
users.extraUsers = {
|
||||||
|
root.initialPassword = "pfeife123";
|
||||||
|
root.openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
|
||||||
|
];
|
||||||
|
jeschli = {
|
||||||
|
name = "jeschli";
|
||||||
|
uid = 1000;
|
||||||
|
home = "/home/jeschli";
|
||||||
|
group = "users";
|
||||||
|
createHome = true;
|
||||||
|
useDefaultShell = true;
|
||||||
|
extraGroups = [
|
||||||
|
];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
krebs.build.host = config.krebs.hosts.enklave;
|
||||||
|
}
|
3
jeschli/1systems/enklave/source.nix
Normal file
3
jeschli/1systems/enklave/source.nix
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
import <stockholm/jeschli/source.nix> {
|
||||||
|
name = "enklave";
|
||||||
|
}
|
@ -29,7 +29,6 @@
|
|||||||
allowDiscards = true;
|
allowDiscards = true;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
networking.hostName = "reaganzglas"; # Define your hostname.
|
|
||||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||||
networking.networkmanager.enable = true;
|
networking.networkmanager.enable = true;
|
||||||
# Select internationalisation properties.
|
# Select internationalisation properties.
|
||||||
|
@ -4,6 +4,7 @@ with import <stockholm/lib>;
|
|||||||
imports = [
|
imports = [
|
||||||
./vim.nix
|
./vim.nix
|
||||||
./retiolum.nix
|
./retiolum.nix
|
||||||
|
<stockholm/lass/2configs/security-workarounds.nix>
|
||||||
{
|
{
|
||||||
environment.variables = {
|
environment.variables = {
|
||||||
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
|
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
|
||||||
@ -63,4 +64,5 @@ with import <stockholm/lib>;
|
|||||||
];
|
];
|
||||||
|
|
||||||
krebs.enable = true;
|
krebs.enable = true;
|
||||||
|
networking.hostName = config.krebs.build.host.name;
|
||||||
}
|
}
|
||||||
|
16
jeschli/2configs/os-templates/CentOS-7-64bit.nix
Normal file
16
jeschli/2configs/os-templates/CentOS-7-64bit.nix
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
_:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
|
||||||
|
|
||||||
|
boot.loader.grub = {
|
||||||
|
device = "/dev/sda";
|
||||||
|
splashImage = null;
|
||||||
|
};
|
||||||
|
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/sda1";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
}
|
@ -9,6 +9,7 @@
|
|||||||
"gum"
|
"gum"
|
||||||
"ni"
|
"ni"
|
||||||
"dishfire"
|
"dishfire"
|
||||||
|
"enklave"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -16,6 +17,9 @@
|
|||||||
tinc = pkgs.tinc_pre;
|
tinc = pkgs.tinc_pre;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 655 ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ 655 ];
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
pkgs.tinc
|
pkgs.tinc
|
||||||
];
|
];
|
||||||
|
@ -10,7 +10,7 @@ in
|
|||||||
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
|
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
|
||||||
nixpkgs.git = {
|
nixpkgs.git = {
|
||||||
url = https://github.com/nixos/nixpkgs;
|
url = https://github.com/nixos/nixpkgs;
|
||||||
ref = "d83c808";
|
ref = "0653b73";
|
||||||
};
|
};
|
||||||
secrets.file = getAttr builder {
|
secrets.file = getAttr builder {
|
||||||
buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>;
|
buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>;
|
||||||
|
@ -58,7 +58,7 @@ let
|
|||||||
ref = "heads/master";
|
ref = "heads/master";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
krebs.git = defineRepo name true;
|
krebs.git = defineRepo name false;
|
||||||
};
|
};
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
@ -118,6 +118,52 @@ with import <stockholm/lib>;
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
enklave = {
|
||||||
|
nets = rec {
|
||||||
|
internet = {
|
||||||
|
ip4.addr = "88.198.164.182";
|
||||||
|
aliases = [
|
||||||
|
"enklave.i"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
retiolum = {
|
||||||
|
via = internet;
|
||||||
|
ip4.addr = "10.243.27.30";
|
||||||
|
ip6.addr = "42::30";
|
||||||
|
aliases = [
|
||||||
|
"enklave.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIID8gKCA+kAt8zRg/g0jRmqXn6rVul/tdjWtLPcu0aTjNJ5OYZh50i7WqWllGVz
|
||||||
|
+FfJicuq/Xd1l5qrgUN7MD+Wrfeov+G9lzSgacfPhXMujutXxX3JwW/9f7UN+yoN
|
||||||
|
Sw29Zj+NWb45HyI5WVwMQ332KbKjNcWdTRe+O39oE6bZWg54oEeZOad2UJ7/83sB
|
||||||
|
yNEV/B7bJ0+X9HR8XCKrHI/RkjixNauMDlquGzoVyqLKIWwUnBl9CwtNBCYHbvYD
|
||||||
|
G1rWeCewd9Z6KsqcKSePfa4mn5eOluWcXmbrD/sx8oII40oNUs3kI7a2HExB2Yle
|
||||||
|
P9Q5MQrXRZfI3bdrh1aHieBodZLtosHPNuJIpo8ZaCX88WLhGR3nhJa1vvM1vNwd
|
||||||
|
TSSAdobdZUcuIQJKnVxwP4rXQAKPkN2+ddy+tXCGvfFAsdGKDbgPy4FgT+Ed28vg
|
||||||
|
3W0fef/3sDNGPY1VAa58/pLz9Un3kNJKUjt00tWamo8daU/3mxZs83nIqDHLq86l
|
||||||
|
1+wCl37l+KHe7pUVZ3smoezPRCMoUThmc7VzupbQG+piiSSyiYQi0CuBusa44t76
|
||||||
|
1lMr3pOdRBBAoetZ745ZZVx8s+eYk+C1BmQbLJAfzQ9sbH3LAwXpuAH70mtrFqWl
|
||||||
|
C3LF89/5mZRbFxALZv9cVx3LqIZDjwpKlwPWorZwo14L+eAagdPCcnVNo6ZcVow2
|
||||||
|
mAdNnf7C33fvRsU+rUEIZVPsBHZfAv+f0jqQ65TMvl32VZ0FlxxahSZSj64n8iwr
|
||||||
|
Z+DOxKA9OcAaTrHQReYLpWUfNceVDLfOmQLeih8hNgClgqPgYJP/OtN+ox3NP6ZX
|
||||||
|
+Gkx9HO7a+agtyJxjh3NYbT/NkRW8HcjW8KgRN7jlE9sQi5/FoxKQOUdHmLTvjdk
|
||||||
|
YJXqdPWMYHj2xt4A8x2nzl/si6lwDsod+zdY5RGSdYhoybEOs4wZZIuArmm8GP+C
|
||||||
|
IbtgutknAuqvm2FOxyWCbLFTimgqC5BgrNUsXFJJLsHQ3bWFJtVpJlSa5Y0iypCP
|
||||||
|
Yr/cefbDrGfs3eCy7FlYDIkCcH06FPm1LTs6USisrtKFObRQN+zPSPln9FysNmpH
|
||||||
|
h0YUhrWdTO+wN78K5gc4ALPNUlyqmH61h8jS2qSdrRZLcZWIi4K4banG6EJcWRvV
|
||||||
|
kaVxghY1i/Z9x43bZRpBPvpM462IDx08vYX9AcFmF7JfjAXPwJO/EqZVsY1YPDzO
|
||||||
|
vdXWrtTORO8R8Pjq3X952yNqgHBcJQh7Q9TBcj+XBtkidOSnTt3Sp/RumsucUW19
|
||||||
|
0wMempDPiCOAadLmR4cW5XL1ednXurkd+5gHCmB1Sl7FueP5dgLB/mhXjmITE3zH
|
||||||
|
aQIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
};
|
};
|
||||||
users = {
|
users = {
|
||||||
jeschli = {
|
jeschli = {
|
||||||
|
@ -3,6 +3,9 @@
|
|||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
|
|
||||||
{
|
{
|
||||||
|
dns.providers = {
|
||||||
|
"lassul.us" = "zones";
|
||||||
|
};
|
||||||
hosts = mapAttrs (_: recursiveUpdate {
|
hosts = mapAttrs (_: recursiveUpdate {
|
||||||
owner = config.krebs.users.lass;
|
owner = config.krebs.users.lass;
|
||||||
ci = true;
|
ci = true;
|
||||||
@ -80,6 +83,18 @@ with import <stockholm/lib>;
|
|||||||
prism IN A ${nets.internet.ip4.addr}
|
prism IN A ${nets.internet.ip4.addr}
|
||||||
paste IN A ${nets.internet.ip4.addr}
|
paste IN A ${nets.internet.ip4.addr}
|
||||||
'';
|
'';
|
||||||
|
"lassul.us" = ''
|
||||||
|
$TTL 3600
|
||||||
|
@ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300)
|
||||||
|
60 IN NS ns16.ovh.net.
|
||||||
|
60 IN NS dns16.ovh.net.
|
||||||
|
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
60 IN TXT v=spf1 mx -all
|
||||||
|
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
io 60 IN NS ions.lassul.us.
|
||||||
|
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
nets = rec {
|
nets = rec {
|
||||||
internet = {
|
internet = {
|
||||||
|
@ -541,6 +541,7 @@ with import <stockholm/lib>;
|
|||||||
graph IN A ${nets.internet.ip4.addr}
|
graph IN A ${nets.internet.ip4.addr}
|
||||||
ghook IN A ${nets.internet.ip4.addr}
|
ghook IN A ${nets.internet.ip4.addr}
|
||||||
dockerhub IN A ${nets.internet.ip4.addr}
|
dockerhub IN A ${nets.internet.ip4.addr}
|
||||||
|
photostore IN A ${nets.internet.ip4.addr}
|
||||||
io IN NS gum.krebsco.de.
|
io IN NS gum.krebsco.de.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -21,6 +21,10 @@ prepare() {(
|
|||||||
esac
|
esac
|
||||||
;;
|
;;
|
||||||
debian)
|
debian)
|
||||||
|
if grep -Fq Hetzner /etc/motd; then
|
||||||
|
prepare_hetzner_rescue "$@"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
case $VERSION_ID in
|
case $VERSION_ID in
|
||||||
7)
|
7)
|
||||||
prepare_debian "$@"
|
prepare_debian "$@"
|
||||||
@ -90,10 +94,33 @@ prepare_nixos_iso() {
|
|||||||
|
|
||||||
mkdir -p bin
|
mkdir -p bin
|
||||||
rm -f bin/nixos-install
|
rm -f bin/nixos-install
|
||||||
cp "$(type -p nixos-install)" bin/nixos-install
|
cp "$(_which nixos-install)" bin/nixos-install
|
||||||
sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install
|
sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install
|
||||||
}
|
}
|
||||||
|
|
||||||
|
prepare_hetzner_rescue() {
|
||||||
|
_which() (
|
||||||
|
which "$1"
|
||||||
|
)
|
||||||
|
mountpoint /mnt
|
||||||
|
|
||||||
|
type bzip2 2>/dev/null || apt-get install bzip2
|
||||||
|
type git 2>/dev/null || apt-get install git
|
||||||
|
type rsync 2>/dev/null || apt-get install rsync
|
||||||
|
type curl 2>/dev/null || apt-get install curl
|
||||||
|
|
||||||
|
mkdir -p /mnt/"$target_path"
|
||||||
|
mkdir -p "$target_path"
|
||||||
|
|
||||||
|
if ! mountpoint "$target_path"; then
|
||||||
|
mount --rbind /mnt/"$target_path" "$target_path"
|
||||||
|
fi
|
||||||
|
|
||||||
|
_prepare_nix_users
|
||||||
|
_prepare_nix
|
||||||
|
_prepare_nixos_install
|
||||||
|
}
|
||||||
|
|
||||||
get_nixos_install() {
|
get_nixos_install() {
|
||||||
echo "installing nixos-install" 2>&1
|
echo "installing nixos-install" 2>&1
|
||||||
c=$(mktemp)
|
c=$(mktemp)
|
||||||
@ -107,24 +134,13 @@ EOF
|
|||||||
nix-env -i -A config.system.build.nixos-install -f "<nixpkgs/nixos>"
|
nix-env -i -A config.system.build.nixos-install -f "<nixpkgs/nixos>"
|
||||||
rm -v $c
|
rm -v $c
|
||||||
}
|
}
|
||||||
prepare_common() {(
|
|
||||||
|
|
||||||
if ! getent group nixbld >/dev/null; then
|
prepare_common() {(
|
||||||
groupadd -g 30000 -r nixbld
|
_which() (
|
||||||
fi
|
type -p "$1"
|
||||||
for i in `seq 1 10`; do
|
)
|
||||||
if ! getent passwd nixbld$i 2>/dev/null; then
|
|
||||||
useradd \
|
_prepare_nix_users
|
||||||
-d /var/empty \
|
|
||||||
-g 30000 \
|
|
||||||
-G 30000 \
|
|
||||||
-l \
|
|
||||||
-M \
|
|
||||||
-s /sbin/nologin \
|
|
||||||
-u $(expr 30000 + $i) \
|
|
||||||
nixbld$i
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# mount install directory
|
# mount install directory
|
||||||
@ -173,10 +189,12 @@ prepare_common() {(
|
|||||||
mount --bind /nix /mnt/nix
|
mount --bind /nix /mnt/nix
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#
|
_prepare_nix
|
||||||
# install nix
|
|
||||||
#
|
|
||||||
|
|
||||||
|
_prepare_nixos_install
|
||||||
|
)}
|
||||||
|
|
||||||
|
_prepare_nix() {
|
||||||
# install nix on host (cf. https://nixos.org/nix/install)
|
# install nix on host (cf. https://nixos.org/nix/install)
|
||||||
if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then
|
if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then
|
||||||
(
|
(
|
||||||
@ -201,17 +219,40 @@ prepare_common() {(
|
|||||||
if ! mountpoint "$target_path"; then
|
if ! mountpoint "$target_path"; then
|
||||||
mount --rbind /mnt/"$target_path" "$target_path"
|
mount --rbind /mnt/"$target_path" "$target_path"
|
||||||
fi
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
_prepare_nix_users() {
|
||||||
|
if ! getent group nixbld >/dev/null; then
|
||||||
|
groupadd -g 30000 -r nixbld
|
||||||
|
fi
|
||||||
|
for i in `seq 1 10`; do
|
||||||
|
if ! getent passwd nixbld$i 2>/dev/null; then
|
||||||
|
useradd \
|
||||||
|
-d /var/empty \
|
||||||
|
-g 30000 \
|
||||||
|
-G 30000 \
|
||||||
|
-l \
|
||||||
|
-M \
|
||||||
|
-s /sbin/nologin \
|
||||||
|
-u $(expr 30000 + $i) \
|
||||||
|
nixbld$i
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
_prepare_nixos_install() {
|
||||||
get_nixos_install
|
get_nixos_install
|
||||||
|
|
||||||
mkdir -p bin
|
mkdir -p bin
|
||||||
rm -f bin/nixos-install
|
rm -f bin/nixos-install
|
||||||
cp "$(type -p nixos-install)" bin/nixos-install
|
cp "$(_which nixos-install)" bin/nixos-install
|
||||||
sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install
|
sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install
|
||||||
|
|
||||||
if ! grep -q '^PATH.*#krebs' .bashrc; then
|
if ! grep -q '^PATH.*#krebs' .bashrc; then
|
||||||
echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc
|
echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc
|
||||||
echo 'PATH=$HOME/bin:$PATH #krebs' >> .bashrc
|
echo 'PATH=$HOME/bin:$PATH #krebs' >> .bashrc
|
||||||
fi
|
fi
|
||||||
)}
|
}
|
||||||
|
|
||||||
prepare "$@"
|
prepare "$@"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ stdenv, pkgs, fetchPypi, ... }:
|
{ stdenv, pkgs, ... }:
|
||||||
with pkgs.python3Packages;
|
with pkgs.python3Packages;
|
||||||
buildPythonPackage rec {
|
buildPythonPackage rec {
|
||||||
pname = "internetarchive";
|
pname = "internetarchive";
|
||||||
|
@ -40,6 +40,9 @@ with import <stockholm/lib>;
|
|||||||
zathura
|
zathura
|
||||||
skype
|
skype
|
||||||
wine
|
wine
|
||||||
|
geeqie
|
||||||
|
vlc
|
||||||
|
minecraft
|
||||||
];
|
];
|
||||||
nixpkgs.config.firefox.enableAdobeFlash = true;
|
nixpkgs.config.firefox.enableAdobeFlash = true;
|
||||||
services.xserver.enable = true;
|
services.xserver.enable = true;
|
||||||
|
@ -289,13 +289,6 @@ in {
|
|||||||
alias /var/realwallpaper/realwallpaper.png;
|
alias /var/realwallpaper/realwallpaper.png;
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
{
|
|
||||||
services.minecraft-server.enable = true;
|
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
|
||||||
{ predicate = "-p tcp --dport 25565"; target = "ACCEPT"; }
|
|
||||||
{ predicate = "-p udp --dport 25565"; target = "ACCEPT"; }
|
|
||||||
];
|
|
||||||
}
|
|
||||||
<stockholm/krebs/2configs/reaktor-krebs.nix>
|
<stockholm/krebs/2configs/reaktor-krebs.nix>
|
||||||
<stockholm/lass/2configs/dcso-dev.nix>
|
<stockholm/lass/2configs/dcso-dev.nix>
|
||||||
{
|
{
|
||||||
@ -307,7 +300,7 @@ in {
|
|||||||
jeschli-brauerei
|
jeschli-brauerei
|
||||||
];
|
];
|
||||||
repo = [ config.krebs.git.repos.stockholm ];
|
repo = [ config.krebs.git.repos.stockholm ];
|
||||||
perm = with git; push "refs/heads/staging/jeschli" [ fast-forward non-fast-forward create delete merge ];
|
perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
@ -318,6 +311,8 @@ in {
|
|||||||
RandomizedDelaySec = "2min";
|
RandomizedDelaySec = "2min";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
<stockholm/lass/2configs/downloading.nix>
|
||||||
|
<stockholm/lass/2configs/minecraft.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.prism;
|
krebs.build.host = config.krebs.hosts.prism;
|
||||||
|
@ -85,6 +85,8 @@ in {
|
|||||||
screengrab
|
screengrab
|
||||||
slock
|
slock
|
||||||
sxiv
|
sxiv
|
||||||
|
timewarrior
|
||||||
|
taskwarrior
|
||||||
termite
|
termite
|
||||||
xclip
|
xclip
|
||||||
xorg.xbacklight
|
xorg.xbacklight
|
||||||
|
@ -35,7 +35,10 @@ let
|
|||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
lass.browser.paths.${name}.path = bin;
|
lass.browser.paths.${name} = {
|
||||||
|
path = bin;
|
||||||
|
inherit precedence;
|
||||||
|
};
|
||||||
security.sudo.extraConfig = ''
|
security.sudo.extraConfig = ''
|
||||||
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
|
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
|
||||||
'';
|
'';
|
||||||
@ -80,6 +83,14 @@ in {
|
|||||||
browser-select
|
browser-select
|
||||||
];
|
];
|
||||||
|
|
||||||
|
programs.chromium = {
|
||||||
|
enable = true;
|
||||||
|
extensions = [
|
||||||
|
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
|
||||||
|
"dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
{
|
{
|
||||||
options.lass.browser.select = mkOption {
|
options.lass.browser.select = mkOption {
|
||||||
@ -102,8 +113,9 @@ in {
|
|||||||
( createFirefoxUser "ff" [ "audio" ] 10 )
|
( createFirefoxUser "ff" [ "audio" ] 10 )
|
||||||
( createChromiumUser "cr" [ "video" "audio" ] 9 )
|
( createChromiumUser "cr" [ "video" "audio" ] 9 )
|
||||||
( createChromiumUser "gm" [ "video" "audio" ] 8 )
|
( createChromiumUser "gm" [ "video" "audio" ] 8 )
|
||||||
( createChromiumUser "wk" [ "video" "audio" ] )
|
( createChromiumUser "wk" [ "video" "audio" ] 0 )
|
||||||
( createChromiumUser "fb" [ "video" "audio" ] )
|
( createChromiumUser "fb" [ "video" "audio" ] 0 )
|
||||||
( createChromiumUser "com" [ "video" "audio" ] )
|
( createChromiumUser "com" [ "video" "audio" ] 0 )
|
||||||
|
( createChromiumUser "fin" [] (-1) )
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
@ -2,11 +2,12 @@ with import <stockholm/lib>;
|
|||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../2configs/binary-cache/client.nix
|
./binary-cache/client.nix
|
||||||
../2configs/gc.nix
|
./gc.nix
|
||||||
../2configs/mc.nix
|
./mc.nix
|
||||||
../2configs/vim.nix
|
./vim.nix
|
||||||
../2configs/monitoring/client.nix
|
./monitoring/client.nix
|
||||||
|
./zsh.nix
|
||||||
./htop.nix
|
./htop.nix
|
||||||
./backups.nix
|
./backups.nix
|
||||||
./security-workarounds.nix
|
./security-workarounds.nix
|
||||||
|
@ -54,6 +54,11 @@ with import <stockholm/lib>;
|
|||||||
{ from = "bitstamp@lassul.us"; to = lass.mail; }
|
{ from = "bitstamp@lassul.us"; to = lass.mail; }
|
||||||
{ from = "bitcoin.de@lassul.us"; to = lass.mail; }
|
{ from = "bitcoin.de@lassul.us"; to = lass.mail; }
|
||||||
{ from = "ableton@lassul.us"; to = lass.mail; }
|
{ from = "ableton@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "dhl@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "sipgate@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "coinexchange@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "verwaltung@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "gearbest@lassul.us"; to = lass.mail; }
|
||||||
];
|
];
|
||||||
system-aliases = [
|
system-aliases = [
|
||||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||||
|
21
lass/2configs/minecraft.nix
Normal file
21
lass/2configs/minecraft.nix
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
users.users = {
|
||||||
|
mc = {
|
||||||
|
name = "mc";
|
||||||
|
description = "user playing mc";
|
||||||
|
home = "/home/mc";
|
||||||
|
createHome = true;
|
||||||
|
useDefaultShell = true;
|
||||||
|
packages = with pkgs; [
|
||||||
|
tmux
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
krebs.per-user.mc.packages = [ pkgs.jdk ];
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport 25565"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p udp --dport 25565"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
}
|
@ -7,10 +7,8 @@
|
|||||||
zsh-newuser-install() { :; }
|
zsh-newuser-install() { :; }
|
||||||
'';
|
'';
|
||||||
interactiveShellInit = ''
|
interactiveShellInit = ''
|
||||||
#unsetopt nomatch
|
|
||||||
setopt autocd extendedglob
|
setopt autocd extendedglob
|
||||||
bindkey -e
|
bindkey -e
|
||||||
zstyle :compinstall filename '/home/lass/.zshrc'
|
|
||||||
|
|
||||||
#history magic
|
#history magic
|
||||||
bindkey "[A" up-line-or-local-history
|
bindkey "[A" up-line-or-local-history
|
||||||
@ -40,7 +38,6 @@
|
|||||||
bindkey "^X^E" edit-command-line
|
bindkey "^X^E" edit-command-line
|
||||||
|
|
||||||
#completion magic
|
#completion magic
|
||||||
fpath=(~/.zsh/completions $fpath)
|
|
||||||
autoload -Uz compinit
|
autoload -Uz compinit
|
||||||
compinit
|
compinit
|
||||||
zstyle ':completion:*' menu select
|
zstyle ':completion:*' menu select
|
||||||
@ -48,14 +45,18 @@
|
|||||||
#enable automatic rehashing of $PATH
|
#enable automatic rehashing of $PATH
|
||||||
zstyle ':completion:*' rehash true
|
zstyle ':completion:*' rehash true
|
||||||
|
|
||||||
|
eval $(dircolors -b ${pkgs.fetchFromGitHub {
|
||||||
#eval $( dircolors -b ~/.LS_COLORS )
|
owner = "trapd00r";
|
||||||
|
repo = "LS_COLORS";
|
||||||
|
rev = "master";
|
||||||
|
sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp";
|
||||||
|
}}/LS_COLORS)
|
||||||
|
|
||||||
# export MANPAGER='sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | vim -R -c "set ft=man nonu nomod nolist" -'
|
# export MANPAGER='sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | vim -R -c "set ft=man nonu nomod nolist" -'
|
||||||
|
|
||||||
#beautiful colors
|
#beautiful colors
|
||||||
alias ls='ls --color'
|
alias ls='ls --color'
|
||||||
zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
|
# zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS}
|
||||||
|
|
||||||
#emacs bindings
|
#emacs bindings
|
||||||
bindkey "[7~" beginning-of-line
|
bindkey "[7~" beginning-of-line
|
||||||
@ -66,24 +67,24 @@
|
|||||||
#aliases
|
#aliases
|
||||||
alias ll='ls -l'
|
alias ll='ls -l'
|
||||||
alias la='ls -la'
|
alias la='ls -la'
|
||||||
alias pinginet='ping 8.8.8.8'
|
|
||||||
alias du='du -hd1'
|
|
||||||
alias qiv="qiv -f -m"
|
|
||||||
alias zshres="source ~/.zshrc"
|
|
||||||
|
|
||||||
#fancy window title magic
|
#fancy window title magic
|
||||||
case $TERM in
|
case $TERM in
|
||||||
(*xterm* | *rxvt*)
|
(*xterm* | *rxvt*)
|
||||||
|
|
||||||
# Write some info to terminal title.
|
|
||||||
# This is seen when the shell prompts for input.
|
|
||||||
function precmd {
|
function precmd {
|
||||||
print -Pn "\e]0;%(1j,%j job%(2j|s|); ,)%~\a"
|
if test -n "$SSH_CLIENT"; then
|
||||||
|
echo -ne "\033]0;$$ $USER@$HOST $PWD\007"
|
||||||
|
else
|
||||||
|
echo -ne "\033]0;$$ $USER@$PWD\007"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
# Write command and args to terminal title.
|
|
||||||
# This is seen while the shell waits for a command to complete.
|
# This is seen while the shell waits for a command to complete.
|
||||||
function preexec {
|
function preexec {
|
||||||
printf "\033]0;%s\a" "$1"
|
if test -n "$SSH_CLIENT"; then
|
||||||
|
echo -ne "\033]0;$$ $USER@$HOST $PWD $1\007"
|
||||||
|
else
|
||||||
|
echo -ne "\033]0;$$ $USER@$PWD $1\007"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
@ -119,4 +120,5 @@
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
users.users.mainUser.shell = "/run/current-system/sw/bin/zsh";
|
users.users.mainUser.shell = "/run/current-system/sw/bin/zsh";
|
||||||
|
users.users.root.shell = "/run/current-system/sw/bin/zsh";
|
||||||
}
|
}
|
||||||
|
@ -10,7 +10,7 @@ in
|
|||||||
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
|
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
|
||||||
nixpkgs.git = {
|
nixpkgs.git = {
|
||||||
url = https://github.com/nixos/nixpkgs;
|
url = https://github.com/nixos/nixpkgs;
|
||||||
ref = "d202e30";
|
ref = "92d088e";
|
||||||
};
|
};
|
||||||
secrets = getAttr builder {
|
secrets = getAttr builder {
|
||||||
buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;
|
buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;
|
||||||
|
@ -67,7 +67,7 @@ in {
|
|||||||
<stockholm/makefu/2configs/nginx/public_html.nix>
|
<stockholm/makefu/2configs/nginx/public_html.nix>
|
||||||
<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
||||||
|
|
||||||
<stockholm/makefu/2configs/deployment/mycube.connector.one.nix>
|
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
|
||||||
<stockholm/makefu/2configs/deployment/graphs.nix>
|
<stockholm/makefu/2configs/deployment/graphs.nix>
|
||||||
<stockholm/makefu/2configs/deployment/owncloud.nix>
|
<stockholm/makefu/2configs/deployment/owncloud.nix>
|
||||||
<stockholm/makefu/2configs/deployment/boot-euer.nix>
|
<stockholm/makefu/2configs/deployment/boot-euer.nix>
|
||||||
|
40
makefu/2configs/deployment/photostore.krebsco.de.nix
Normal file
40
makefu/2configs/deployment/photostore.krebsco.de.nix
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
# more than just nginx config but not enough to become a module
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
let
|
||||||
|
wsgi-sock = "${workdir}/uwsgi-photostore.sock";
|
||||||
|
workdir = config.services.uwsgi.runDir;
|
||||||
|
in {
|
||||||
|
|
||||||
|
services.uwsgi = {
|
||||||
|
enable = true;
|
||||||
|
user = "nginx";
|
||||||
|
runDir = "/var/lib/photostore";
|
||||||
|
plugins = [ "python3" ];
|
||||||
|
instance = {
|
||||||
|
type = "emperor";
|
||||||
|
vassals = {
|
||||||
|
cameraupload-server = {
|
||||||
|
type = "normal";
|
||||||
|
pythonPackages = self: with self; [ pkgs.cameraupload-server ];
|
||||||
|
socket = wsgi-sock;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = mkDefault true;
|
||||||
|
virtualHosts."photostore.krebsco.de" = {
|
||||||
|
locations = {
|
||||||
|
"/".extraConfig = ''
|
||||||
|
uwsgi_pass unix://${wsgi-sock};
|
||||||
|
uwsgi_param UWSGI_CHDIR ${workdir};
|
||||||
|
uwsgi_param UWSGI_MODULE cuserver.main;
|
||||||
|
uwsgi_param UWSGI_CALLABLE app;
|
||||||
|
include ${pkgs.nginx}/conf/uwsgi_params;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
23
makefu/5pkgs/cameraupload-server/default.nix
Normal file
23
makefu/5pkgs/cameraupload-server/default.nix
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
{ lib, pkgs, fetchFromGitHub, ... }:
|
||||||
|
|
||||||
|
with pkgs.python3Packages;buildPythonPackage rec {
|
||||||
|
name = "cameraupload-server-${version}";
|
||||||
|
version = "0.2.4";
|
||||||
|
|
||||||
|
propagatedBuildInputs = [
|
||||||
|
flask
|
||||||
|
];
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "makefu";
|
||||||
|
repo = "cameraupload-server";
|
||||||
|
rev = "c98c8ec";
|
||||||
|
sha256 = "0ssgvjm0z399l62wkgjk8c75mvhgn5z7g1dkb78r8vrih9428bb8";
|
||||||
|
};
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
homepage = https://github.com/makefu/cameraupload-server;
|
||||||
|
description = "server side for cameraupload_full";
|
||||||
|
license = lib.licenses.asl20;
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user