From 394408c9b715a2dfb6aba560c4db71b78cf46f8d Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 27 Sep 2015 15:23:54 +0200 Subject: [PATCH 1/7] 3modules: add wry --- krebs/3modules/default.nix | 43 +++++++++++++++++++++++++++++++++++++- makefu/1systems/wry.nix | 34 ++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+), 1 deletion(-) create mode 100644 makefu/1systems/wry.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 0ffdec5f8..f88ef2194 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -575,7 +575,6 @@ let IN MX 10 mx42 euer IN MX 1 aspmx.l.google.com. io IN NS pigstarter.krebsco.de. - euer IN A ${elemAt nets.internet.addrs4 0} pigstarter IN A ${elemAt nets.internet.addrs4 0} conf IN A ${elemAt nets.internet.addrs4 0} gold IN A ${elemAt nets.internet.addrs4 0} @@ -611,6 +610,47 @@ let }; }; }; + wry = rec { + cores = 1; + dc = "makefu"; #dc = "cac"; + extraZones = { + "krebsco.de" = '' + wry IN A ${elemAt nets.internet.addrs4 0} + ''; + }; + nets = rec { + internet = { + addrs4 = ["162.219.7.216"]; + aliases = [ + "wry.internet" + ]; + }; + retiolum = { + via = internet; + addrs4 = [""]; + addrs6 = [""]; + aliases = [ + "wry.retiolum" + "cgit.cd.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ + rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4 + e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN + sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v + CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0 + PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V + LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk + DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW + ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK + jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5 + Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; gum = rec { cores = 1; dc = "online.net"; #root-server @@ -618,6 +658,7 @@ let extraZones = { "krebsco.de" = '' omo IN A ${elemAt nets.internet.addrs4 0} + euer IN A ${elemAt nets.internet.addrs4 0} gum IN A ${elemAt nets.internet.addrs4 0} paste IN A ${elemAt nets.internet.addrs4 0}''; }; diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix new file mode 100644 index 000000000..29ad82d4c --- /dev/null +++ b/makefu/1systems/wry.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +let + + ip = (lib.elemAt config.krebs.build.host.nets.internet.addrs4 0); +in { + imports = [ + ../../tv/2configs/CAC-CentOS-7-64bit.nix + ../2configs/base.nix + ../2configs/tinc-basic-retiolum.nix + { + } + ]; + networking.firewall.allowPing = true; + networking.interfaces.enp2s1.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = "104.233.80.1"; + networking.nameservers = [ + "8.8.8.8" + ]; + + # based on ../../tv/2configs/CAC-Developer-2.nix + sound.enable = false; + krebs.build = { + user = config.krebs.users.makefu; + target = "root@${ip}"; + host = config.krebs.hosts.wry; + }; + +} From dec3f4a2114309be67413e2fd32a4888a74da2e3 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 27 Sep 2015 17:27:11 +0200 Subject: [PATCH 2/7] fix wry --- krebs/3modules/default.nix | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 9f63a7e7c..dc30b9c50 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -319,8 +319,8 @@ let extraZones = { "krebsco.de" = '' - mediengewitter IN A ${elemAt nets.internet.addrs4 0} - flap IN A ${elemAt nets.internet.addrs4 0}''; + mediengewitter IN A ${head nets.internet.addrs4} + flap IN A ${head nets.internet.addrs4}''; }; nets = { internet = { @@ -357,13 +357,13 @@ let IN MX 10 mx42 euer IN MX 1 aspmx.l.google.com. io IN NS pigstarter.krebsco.de. - pigstarter IN A ${elemAt nets.internet.addrs4 0} - conf IN A ${elemAt nets.internet.addrs4 0} - gold IN A ${elemAt nets.internet.addrs4 0} - graph IN A ${elemAt nets.internet.addrs4 0} - tinc IN A ${elemAt nets.internet.addrs4 0} - boot IN A ${elemAt nets.internet.addrs4 0} - mx42 IN A ${elemAt nets.internet.addrs4 0}''; + pigstarter IN A ${head nets.internet.addrs4} + conf IN A ${head nets.internet.addrs4} + gold IN A ${head nets.internet.addrs4} + graph IN A ${head nets.internet.addrs4} + tinc IN A ${head nets.internet.addrs4} + boot IN A ${head nets.internet.addrs4} + mx42 IN A ${head nets.internet.addrs4}''; }; nets = { internet = { @@ -397,7 +397,7 @@ let dc = "makefu"; #dc = "cac"; extraZones = { "krebsco.de" = '' - wry IN A ${elemAt nets.internet.addrs4 0} + wry IN A ${head nets.internet.addrs4} ''; }; nets = rec { @@ -409,11 +409,10 @@ let }; retiolum = { via = internet; - addrs4 = [""]; - addrs6 = [""]; + addrs4 = ["10.243.29.169"]; + addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"]; aliases = [ "wry.retiolum" - "cgit.cd.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -439,10 +438,10 @@ let extraZones = { "krebsco.de" = '' - omo IN A ${elemAt nets.internet.addrs4 0} - euer IN A ${elemAt nets.internet.addrs4 0} - gum IN A ${elemAt nets.internet.addrs4 0} - paste IN A ${elemAt nets.internet.addrs4 0}''; + omo IN A ${head nets.internet.addrs4} + euer IN A ${head nets.internet.addrs4} + gum IN A ${head nets.internet.addrs4} + paste IN A ${head nets.internet.addrs4}''; }; nets = { internet = { From 5038c65ab0e097af4d7c8b047b1f64eb5f7fabea Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 27 Sep 2015 19:30:37 +0200 Subject: [PATCH 3/7] merge in new sources definition --- makefu/1systems/pornocauster.nix | 19 +++++++++---------- makefu/2configs/base-sources.nix | 19 +++++++++++++++++++ makefu/2configs/base.nix | 9 --------- 3 files changed, 28 insertions(+), 19 deletions(-) create mode 100644 makefu/2configs/base-sources.nix diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 4dcfe4eca..d43f89a03 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -9,6 +9,9 @@ ../2configs/base.nix ../2configs/main-laptop.nix #< base-gui + # configures sources + ../2configs/base-sources.nix + # Krebs ../2configs/tinc-basic-retiolum.nix #../2configs/disable_v6.nix @@ -18,34 +21,30 @@ # applications ../2configs/exim-retiolum.nix - ../2configs/virtualization.nix + #../2configs/virtualization.nix + ../2configs/virtualization-virtualbox.nix ../2configs/wwan.nix # services ../2configs/git/brain-retiolum.nix - # ../2configs/Reaktor/simpleExtend.nix + ../2configs/tor.nix # hardware specifics are in here ../2configs/hw/tp-x220.nix # mount points ../2configs/fs/sda-crypto-root-home.nix ]; + krebs.Reaktor.enable = true; + krebs.Reaktor.debug = true; + krebs.Reaktor.nickname = "makefu|r"; krebs.build.host = config.krebs.hosts.pornocauster; krebs.build.user = config.krebs.users.makefu; krebs.build.target = "root@pornocauster"; - #krebs.Reaktor.nickname = "makefu|r"; networking.firewall.allowedTCPPorts = [ 25 ]; - krebs.build.deps = { - nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - #url = https://github.com/makefu/nixpkgs; - rev = "03921972268934d900cc32dad253ff383926771c"; - }; - }; } diff --git a/makefu/2configs/base-sources.nix b/makefu/2configs/base-sources.nix new file mode 100644 index 000000000..a2715ba4c --- /dev/null +++ b/makefu/2configs/base-sources.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: + +{ + krebs.build.source = { + git.nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + #url = https://github.com/makefu/nixpkgs; + rev = "68bd8e4a9dc247726ae89cc8739574261718e328"; + }; + dir.secrets = { + host = config.krebs.hosts.pornocauster; + path = "/home/makefu/secrets/${config.krebs.build.host.name}/"; + }; + dir.stockholm = { + host = config.krebs.hosts.pornocauster; + path = toString ../.. ; + }; + }; +} diff --git a/makefu/2configs/base.nix b/makefu/2configs/base.nix index a5c64f4f3..34b413024 100644 --- a/makefu/2configs/base.nix +++ b/makefu/2configs/base.nix @@ -37,15 +37,6 @@ with lib; time.timeZone = "Europe/Berlin"; #nix.maxJobs = 1; - krebs.build.deps = { - secrets = { - url = "/home/makefu/secrets/${config.krebs.build.host.name}"; - }; - stockholm = { - url = toString ../..; - }; - }; - services.openssh.enable = true; nix.useChroot = true; From 170191034e51fb7e80ff6e6ddcac103ec7527afd Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 27 Sep 2015 19:32:27 +0200 Subject: [PATCH 4/7] add description for sources.dir.*.host --- krebs/3modules/build/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/krebs/3modules/build/default.nix b/krebs/3modules/build/default.nix index d6ee5c917..4d2f36a02 100644 --- a/krebs/3modules/build/default.nix +++ b/krebs/3modules/build/default.nix @@ -174,6 +174,11 @@ let options = { host = mkOption { type = types.host; + description = '' + define the host where the directory is stored on. + XXX: currently it is just used to check if rsync is working, + becomes part of url + ''; }; path = mkOption { type = types.str; From e2b141e6ad6aac4028c852d58cdae73884ddec0a Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 27 Sep 2015 19:33:09 +0200 Subject: [PATCH 5/7] pnp: use new sources --- makefu/1systems/pnp.nix | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index 2dce87d5d..497c03e11 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -9,6 +9,7 @@ [ # Include the results of the hardware scan. # Base ../2configs/base.nix + ../2configs/base-sources.nix ../2configs/tinc-basic-retiolum.nix # HW/FS @@ -38,12 +39,6 @@ nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; - krebs.build.deps = { - nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "03921972268934d900cc32dad253ff383926771c"; - }; - }; networking.firewall.allowedTCPPorts = [ # nginx runs on 80 From c65614cdef66c38ff2939928e9072873e19e1c37 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 27 Sep 2015 19:34:13 +0200 Subject: [PATCH 6/7] add tor,virtualbox --- makefu/2configs/tor.nix | 7 +++++++ makefu/2configs/virtualization-virtualbox.nix | 18 ++++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 makefu/2configs/tor.nix create mode 100644 makefu/2configs/virtualization-virtualbox.nix diff --git a/makefu/2configs/tor.nix b/makefu/2configs/tor.nix new file mode 100644 index 000000000..e466a1839 --- /dev/null +++ b/makefu/2configs/tor.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: + +{ + services.tor.enable = true; + services.tor.client.enable = true; + # also enables services.tor.client.privoxy +} diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix new file mode 100644 index 000000000..164401f77 --- /dev/null +++ b/makefu/2configs/virtualization-virtualbox.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: + +let + mainUser = config.krebs.build.user; + version = "5.0.4"; + rev = "102546"; + vboxguestpkg = pkgs.fetchurl { + url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack"; + sha256 = "1ykwpjvfgj11iwhx70bh2hbxhyy3hg6rnqzl4qac7xzg8xw8wqg4"; + }; +in { + inherit vboxguestpkg; + virtualisation.virtualbox.host.enable = true; + nixpkgs.config.virtualbox.enableExtensionPack = true; + + users.extraGroups.vboxusers.members = [ "${mainUser.name}" ]; + environment.systemPackages = [ vboxguestpkg ]; +} From d9f4d621bcde5ddc983a922e378657dba1f6e141 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 27 Sep 2015 21:50:40 +0200 Subject: [PATCH 7/7] Reaktor: add extraEnviron for setting Channel --- krebs/3modules/Reaktor.nix | 25 +++++++++++-------- makefu/1systems/pnp.nix | 4 +++ makefu/2configs/virtualization-virtualbox.nix | 2 +- 3 files changed, 20 insertions(+), 11 deletions(-) diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index fce24fa63..82089a660 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -2,7 +2,6 @@ let - kpkgs = import ../5pkgs { inherit pkgs; inherit lib; }; inherit (lib) mkIf @@ -63,13 +62,20 @@ let configuration appended to the default or overridden configuration ''; }; - - ReaktorPkg = mkOption { - default = kpkgs.Reaktor; + extraEnviron = mkOption { + default = {}; + type = types.attrsOf types.str; description = '' - the Reaktor pkg to use. + Environment to be provided to the service, can be: + REAKTOR_HOST + REAKTOR_PORT + REAKTOR_STATEDIR + REAKTOR_CHANNELS + + debug and nickname can be set separately via the Reaktor api ''; }; + debug = mkOption { default = false; description = '' @@ -80,7 +86,6 @@ let imp = { # for reaktor get-config - environment.systemPackages = [ cfg.ReaktorPkg ]; users.extraUsers = singleton { name = "Reaktor"; # uid = config.ids.uids.Reaktor; @@ -98,7 +103,7 @@ let systemd.services.Reaktor = { path = with pkgs; [ utillinux #flock for tell_on-join - # git # for nag + git # for nag python # for caps ]; description = "Reaktor IRC Bot"; @@ -108,17 +113,17 @@ let GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; REAKTOR_NICKNAME = cfg.nickname; REAKTOR_DEBUG = (if cfg.debug then "True" else "False"); - }; + } // cfg.extraEnviron; serviceConfig= { ExecStartPre = pkgs.writeScript "Reaktor-init" '' #! /bin/sh ${if (isString cfg.overrideConfig) then ''cp ${ReaktorConfig} /tmp/config.py'' else - ''(${cfg.ReaktorPkg}/bin/reaktor get-config;cat "${ReaktorConfig}" ) > /tmp/config.py'' + ''(${pkgs.Reaktor}/bin/reaktor get-config;cat "${ReaktorConfig}" ) > /tmp/config.py'' } ''; - ExecStart = "${cfg.ReaktorPkg}/bin/reaktor run /tmp/config.py"; + ExecStart = "${pkgs.Reaktor}/bin/reaktor run /tmp/config.py"; PrivateTmp = "true"; User = "Reaktor"; Restart = "on-abort"; diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index 497c03e11..7698ea14d 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -32,6 +32,10 @@ ]; krebs.Reaktor.enable = true; krebs.Reaktor.debug = true; + krebs.Reaktor.nickname = "Reaktor|bot"; + krebs.Reaktor.extraEnviron = { + REAKTOR_CHANNELS = "#krebs,#binaergewitter"; + }; krebs.build.host = config.krebs.hosts.pnp; krebs.build.user = config.krebs.users.makefu; diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix index 164401f77..610b63732 100644 --- a/makefu/2configs/virtualization-virtualbox.nix +++ b/makefu/2configs/virtualization-virtualbox.nix @@ -9,7 +9,7 @@ let sha256 = "1ykwpjvfgj11iwhx70bh2hbxhyy3hg6rnqzl4qac7xzg8xw8wqg4"; }; in { - inherit vboxguestpkg; + #inherit vboxguestpkg; virtualisation.virtualbox.host.enable = true; nixpkgs.config.virtualbox.enableExtensionPack = true;