Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'tsp-vicious'

Browse Source
This commit is contained in:
makefu 2015-08-07 15:50:26 +02:00
commit d38809879d
11 changed files with 274 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
makefu/1systems/pnp.nix
View File

@ -11,6 +11,8 @@
../2configs/base.nix ../2configs/base.nix
../2configs/cgit-retiolum.nix ../2configs/cgit-retiolum.nix
../2configs/graphite-standalone.nix ../2configs/graphite-standalone.nix
../2configs/vm-single-partition.nix
../2configs/tinc-basic-retiolum.nix
]; ];
krebs.build.host = config.krebs.hosts.pnp; krebs.build.host = config.krebs.hosts.pnp;
krebs.build.user = config.krebs.users.makefu; krebs.build.user = config.krebs.users.makefu;
@ -21,48 +23,19 @@
url = https://github.com/NixOS/nixpkgs; url = https://github.com/NixOS/nixpkgs;
rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
}; };
secrets = {
url = "/home/makefu/secrets/${config.krebs.build.host.name}";
}; };
stockholm = {
url = toString ../..;
};
};
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
# nginx runs on 80 # nginx runs on 80
80
# graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp
80
8080 2003 8080 2003
]; ];
networking.firewall.allowedUDPPorts = [ 2003 ]; networking.firewall.allowedUDPPorts = [ 2003 ];
networking.firewall.rejectPackets = true; networking.firewall.rejectPackets = true;
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
fileSystems."/" =
{ device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
krebs.retiolum = {
enable = true;
hosts = ../../Zhosts;
connectTo = [
"gum"
"pigstarter"
"fastpoke"
];
};
# $ nix-env -qaP | grep wget # $ nix-env -qaP | grep wget
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
jq jq

70
makefu/1systems/tsp.nix
View File

@ -9,80 +9,28 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
../2configs/base.nix ../2configs/base.nix
../2configs/base-gui.nix ../2configs/base-gui.nix
../2configs/tinc-basic-retiolum.nix
../2configs/sda-crypto-root.nix
# hardware specifics are in here
../2configs/tp-x200.nix
]; ];
services.xserver = { # not working in vm
videoDriver = "intel";
};
krebs.build.host = config.krebs.hosts.tsp; krebs.build.host = config.krebs.hosts.tsp;
krebs.build.user = config.krebs.users.makefu; krebs.build.user = config.krebs.users.makefu;
krebs.build.target = "root@tsp"; krebs.build.target = "root@tsp";
krebs.build.deps = { krebs.build.deps = {
nixpkgs = { nixpkgs = {
url = https://github.com/NixOS/nixpkgs; #url = https://github.com/NixOS/nixpkgs;
rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; # rev=$(curl https://nixos.org/channels/nixos-unstable/git-revision -L)
}; url = https://github.com/makefu/nixpkgs;
# TODO generalize in base.nix rev = "8b8b65da24f13f9317504e8bcba476f9161613fe";
secrets = {
url = "/home/makefu/secrets/${config.krebs.build.host.name}";
};
# TODO generalize in base.nix
stockholm = {
url = toString ../..;
}; };
}; };
krebs.retiolum = {
enable = true;
hosts = ../../Zhosts;
connectTo = [
"gum"
"pigstarter"
"fastpoke"
];
};
boot = {
#x200 specifics
kernelModules = [ "tp_smapi" "msr" ];
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
loader.grub.enable =true;
loader.grub.version =2;
loader.grub.device = "/dev/sda";
# crypto boot
# TODO: use UUID
initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}];
initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
};
fileSystems = {
"/" = {
device = "/dev/mapper/luksroot";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-label/nixboot";
fsType = "ext4";
};
};
# hardware specifics
networking.wireless.enable = true;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
# TODO: generalize to numCPU + 1
nix.maxJobs = 3;
networking.firewall.rejectPackets = true; networking.firewall.rejectPackets = true;
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
# $ nix-env -qaP | grep wget
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim vim
jq jq

39
makefu/2configs/base-gui.nix
View File

@ -1,20 +1,39 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
##
# of course this name is a lie - it prepares a GUI environment close to my
# current configuration.
#
# autologin with mainUser into awesome
##
#
with lib; with lib;
let
mainUser = config.krebs.build.user.name;
in
{ {
imports = [ ]; imports = [ ];
services.xserver.enable = true; services.xserver = {
services.xserver.layout = "us"; enable = true;
layout = "us";
xkbVariant = "altgr-intl";
xkbOptions = "ctrl:nocaps";
# use awesome, direct boot into windowManager = {
services.xserver.displayManager.auto.enable =true; awesome.enable = true;
services.xserver.displayManager.auto.user =config.krebs.users.makefu; awesome.luaModules = [ pkgs.luaPackages.vicious ];
services.xserver.windowManager.awesome.enable = true; default = "awesome";
};
security.setuidPrograms = [ "slock" ]; displayManager.auto.enable = true;
displayManager.auto.user = mainUser;
desktopManager.xterm.enable = false;
};
environment.systemPackages = [
pkgs.xlockmore
pkgs.rxvt_unicode-with-plugins
];
# use pulseaudio
environment.systemPackages = [ pkgs.slock ];
hardware.pulseaudio = { hardware.pulseaudio = {
enable = true; enable = true;
systemWide = true; systemWide = true;

26
makefu/2configs/base.nix
View File

@ -2,11 +2,18 @@
with lib; with lib;
{ {
imports = [ ]; imports = [
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
(import /root/src/secrets/hashedPasswords.nix);
}
./vim.nix
];
krebs.enable = true; krebs.enable = true;
krebs.search-domain = "retiolum"; krebs.search-domain = "retiolum";
networking.hostName = config.krebs.build.host.name;
users.extraUsers = { users.extraUsers = {
root = { root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
@ -24,10 +31,23 @@ with lib;
}; };
}; };
networking.hostName = config.krebs.build.host.name;
nix.maxJobs = config.krebs.build.host.cores + 1;
#nix.maxJobs = 1;
krebs.build.deps = {
secrets = {
url = "/home/makefu/secrets/${config.krebs.build.host.name}";
};
stockholm = {
url = toString ../..;
};
};
services.openssh.enable = true; services.openssh.enable = true;
nix.useChroot = true; nix.useChroot = true;
users.mutableUsers = true; users.mutableUsers = false;
boot.tmpOnTmpfs = true; boot.tmpOnTmpfs = true;
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

1
makefu/2configs/graphite-standalone.nix
View File

@ -5,6 +5,7 @@
with lib; with lib;
{ {
imports = [ ]; imports = [ ];
services.graphite = { services.graphite = {
web = { web = {
enable = true; enable = true;

24
makefu/2configs/graphite-web.nix
View File

@ -1,24 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
{
imports = [ ];
services.graphite = {
web = {
enable = true;
host = "0.0.0.0";
};
carbon = {
enableCache = true;
storageSchemas = ''
[carbon]
pattern = ^carbon\.
retentions = 60:90d
[default]
pattern = .*
retentions = 60s:30d,300s:1y
'';
};
};
}

27
makefu/2configs/sda-crypto-root.nix Normal file
View File

@ -0,0 +1,27 @@
{ config, lib, pkgs, ... }:
# sda: bootloader grub2
# sda1: boot ext4 (label nixboot)
# sda2: cryptoluks -> ext4
with lib;
{
boot = {
loader.grub.enable =true;
loader.grub.version =2;
loader.grub.device = "/dev/sda";
initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}];
initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
};
fileSystems = {
"/" = {
device = "/dev/mapper/luksroot";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-label/nixboot";
fsType = "ext4";
};
};
}

14
makefu/2configs/tinc-basic-retiolum.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, lib, pkgs, ... }:
with lib;
{
krebs.retiolum = {
enable = true;
hosts = ../../Zhosts;
connectTo = [
"gum"
"pigstarter"
"fastpoke"
];
};
}

23
makefu/2configs/tp-x200.nix Normal file
View File

@ -0,0 +1,23 @@
{ config, lib, pkgs, ... }:
with lib;
{
#services.xserver = {
# videoDriver = "intel";
#};
boot = {
kernelModules = [ "tp_smapi" "msr" ];
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
};
networking.wireless.enable = true;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
hardware.trackpoint.enable = true;
hardware.trackpoint.sensitivity = 255;
hardware.trackpoint.speed = 255;
}

119
makefu/2configs/vim.nix Normal file
View File

@ -0,0 +1,119 @@
{ config, pkgs, ... }:
let
customPlugins.vim-better-whitespace = pkgs.vimUtils.buildVimPlugin {
name = "vim-better-whitespace";
src = pkgs.fetchFromGitHub {
owner = "ntpeters";
repo = "vim-better-whitespace";
rev = "984c8da518799a6bfb8214e1acdcfd10f5f1eed7";
sha256 = "10l01a8xaivz6n01x6hzfx7gd0igd0wcf9ril0sllqzbq7yx2bbk";
};
};
in {
environment.systemPackages = [
pkgs.python27Full # required for youcompleteme
(pkgs.vim_configurable.customize {
name = "vim";
vimrcConfig.customRC = ''
set nocompatible
syntax on
filetype off
filetype plugin indent on
colorscheme darkblue
set background=dark
set number
set relativenumber
set mouse=a
set ignorecase
set incsearch
set wildignore=*.o,*.obj,*.bak,*.exe,*.os
set textwidth=79
set shiftwidth=2
set expandtab
set softtabstop=2
set shiftround
set smarttab
set tabstop=2
set et
set autoindent
set backspace=indent,eol,start
inoremap <F1> <ESC>
nnoremap <F1> <ESC>
vnoremap <F1> <ESC>
nnoremap <F5> :UndotreeToggle<CR>
set undodir =~/.vim/undo
set undofile
"maximum number of changes that can be undone
set undolevels=1000000
"maximum number lines to save for undo on a buffer reload
set undoreload=10000000
nnoremap <F2> :set invpaste paste?<CR>
set pastetoggle=<F2>
set showmode
set showmatch
set matchtime=3
set hlsearch
autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red
" save on focus lost
au FocusLost * :wa
autocmd BufRead *.json set filetype=json
au BufNewFile,BufRead *.mustache set syntax=mustache
cnoremap SudoWrite w !sudo tee > /dev/null %
" create Backup/tmp/undo dirs
set backupdir=~/.vim/backup
set directory=~/.vim/tmp
function! InitBackupDir()
let l:parent = $HOME . '/.vim/'
let l:backup = l:parent . 'backup/'
let l:tmpdir = l:parent . 'tmp/'
let l:undodir= l:parent . 'undo/'
if !isdirectory(l:parent)
call mkdir(l:parent)
endif
if !isdirectory(l:backup)
call mkdir(l:backup)
endif
if !isdirectory(l:tmpdir)
call mkdir(l:tmpdir)
endif
if !isdirectory(l:undodir)
call mkdir(l:undodir)
endif
endfunction
call InitBackupDir()
'';
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
vimrcConfig.vam.pluginDictionaries = [
{ names = [ "undotree"
"YouCompleteMe"
"vim-better-whitespace" ]; }
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
];
})
];
}

20
makefu/2configs/vm-single-partition.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }:
# vda1 ext4 (label nixos) -> only root partition
with lib;
{
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
hardware.cpu.amd.updateMicrocode = true;
}