From f256bbcb11565138e92266e97856438061b623a0 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 13 Jun 2016 16:22:51 +0200 Subject: [PATCH 1/7] cp tv/2/*CAC -> makefu/2/ --- makefu/1systems/shoney.nix | 22 ++++++++++++++-------- makefu/1systems/wry.nix | 4 ++-- makefu/2configs/fs/CAC-CentOS-7-64bit.nix | 20 ++++++++++++++++++++ makefu/2configs/hw/CAC.nix | 13 +++++++++++++ 4 files changed, 49 insertions(+), 10 deletions(-) create mode 100644 makefu/2configs/fs/CAC-CentOS-7-64bit.nix create mode 100644 makefu/2configs/hw/CAC.nix diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index ebe5222c3..16e891995 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -1,15 +1,19 @@ { config, pkgs, ... }: let - ip = "64.137.235.70"; - gw = "64.137.235.1"; + ip = "64.137.234.215"; + alt-ip = "64.137.234.210"; + extra-ip = "64.137.234.114"; #currently unused + gw = "64.137.234.1"; in { imports = [ ../. - ../../tv/2configs/hw/CAC.nix - ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix + ../2configs/hw/CAC.nix + ../2configs/fs/CAC-CentOS-7-64bit.nix ]; + + # minimal resources services.nixosManual.enable = false; programs.man.enable = false; @@ -21,10 +25,12 @@ in { retiolum.enable = true; build.host = config.krebs.hosts.shoney; }; - networking.interfaces.enp2s1.ip4 = [ { - address = ip; - prefixLength = 24; - } ]; + networking.interfaces.enp2s1.ip4 = [ + { address = ip; prefixLength = 24; } + { address = alt-ip; prefixLength = 24; } + ]; networking.defaultGateway = gw; networking.nameservers = [ "8.8.8.8" ]; + networking.firewall.allowedUDPPorts = [ 655 1655 ]; + networking.firewall.allowedTCPPorts = [ 655 1655 ]; } diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index d9f8ded83..ed48c6abe 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -9,8 +9,8 @@ in { imports = [ ../. # TODO: copy this config or move to krebs - ../../tv/2configs/hw/CAC.nix - ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix + ../2configs/hw/CAC.nix + ../2configs/fs/CAC-CentOS-7-64bit.nix ../2configs/headless.nix ../2configs/bepasty-dual.nix diff --git a/makefu/2configs/fs/CAC-CentOS-7-64bit.nix b/makefu/2configs/fs/CAC-CentOS-7-64bit.nix new file mode 100644 index 000000000..c9eb97f44 --- /dev/null +++ b/makefu/2configs/fs/CAC-CentOS-7-64bit.nix @@ -0,0 +1,20 @@ +_: + +{ + boot.loader.grub = { + device = "/dev/sda"; + }; + fileSystems = { + "/" = { + device = "/dev/centos/root"; + fsType = "xfs"; + }; + "/boot" = { + device = "/dev/sda1"; + fsType = "xfs"; + }; + }; + swapDevices = [ + { device = "/dev/centos/swap"; } + ]; +} diff --git a/makefu/2configs/hw/CAC.nix b/makefu/2configs/hw/CAC.nix new file mode 100644 index 000000000..9ed18344a --- /dev/null +++ b/makefu/2configs/hw/CAC.nix @@ -0,0 +1,13 @@ +_: +{ + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + boot.loader.grub.splashImage = null; + nix = { + daemonIONiceLevel = 1; + daemonNiceLevel = 1; + }; + sound.enable = false; +} From d7e928e4b8470d991d6083c87b49d7290c9a0a96 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 13 Jun 2016 21:00:15 +0200 Subject: [PATCH 2/7] s 1 wolf: fix interface name --- shared/1systems/wolf.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 53334d6f1..dc61414fe 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -37,7 +37,7 @@ in networking = { firewall.enable = false; - interfaces.eth0.ip4 = [{ + interfaces.enp0s3.ip4 = [{ address = shack-ip; prefixLength = 20; }]; From 204c89131c06cfe4d0d9a7f95a3946ec5845818f Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 13 Jun 2016 21:00:38 +0200 Subject: [PATCH 3/7] s 1 buildbot: re-add treeStableTimer --- shared/2configs/shared-buildbot.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix index 5f3b35304..6c40d9966 100644 --- a/shared/2configs/shared-buildbot.nix +++ b/shared/2configs/shared-buildbot.nix @@ -26,7 +26,7 @@ stockholm_repo, workdir='stockholm-poller', branches=True, project='stockholm', - pollinterval=120)) + pollinterval=60)) ''; scheduler = { force-scheduler = '' @@ -43,7 +43,7 @@ sched.append(schedulers.SingleBranchScheduler( ## all branches change_filter=util.ChangeFilter(branch_re=".*"), - # treeStableTimer=10, + treeStableTimer=10, name="fast-all-branches", builderNames=["fast-tests"])) ''; From c9a8bdf50f3cb2cd3b70b4669d454910bcd69654 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 Jun 2016 01:33:20 +0200 Subject: [PATCH 4/7] ma 1 dartH: fix nat from tinc --- makefu/1systems/darth.nix | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index 2f2358ddc..08ac7e66e 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -17,19 +17,37 @@ in { ../2configs/exim-retiolum.nix ../2configs/virtualization.nix ]; - - networking.firewall.allowedUDPPorts = [ 80 655 67 ]; - networking.firewall.allowedTCPPorts = [ 80 655 ]; - networking.firewall.checkReversePath = false; + services.tinc.networks.siem = { + name = "sdarth"; + extraConfig = "ConnectTo = sjump"; + }; #networking.firewall.enable = false; - # virtualisation.nova.enableSingleNode = true; krebs.retiolum.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; - networking.wireless.enable = true; + networking = { + wireless.enable = true; + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedUDPPorts = [ 80 655 67 ]; + allowedTCPPorts = [ 80 655 ]; + }; + nat = { + enable = true; + internalIPs = [ "10.8.10.0/24" ]; + #internalInterfaces = [ "tinc.siem" ]; + externalIP = "10.8.8.2"; + externalInterface = "virbr3"; + }; + interfaces.virbr3.ip4 = [{ + address = "10.8.8.2"; + prefixLength = 24; + }]; + }; # TODO smartd omo darth gum all-in-one services.smartd.devices = builtins.map (x: { device = x; }) allDisks; From 6ac8034a47f840206d999be8ec39fedbc6b7b350 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 Jun 2016 01:33:41 +0200 Subject: [PATCH 5/7] ma 1 shoney: init siem tinc --- makefu/1systems/shoney.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index 16e891995..48679fe58 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -13,6 +13,7 @@ in { ]; + services.tinc.networks.siem.name = "sjump"; # minimal resources services.nixosManual.enable = false; @@ -29,6 +30,7 @@ in { { address = ip; prefixLength = 24; } { address = alt-ip; prefixLength = 24; } ]; + networking.defaultGateway = gw; networking.nameservers = [ "8.8.8.8" ]; networking.firewall.allowedUDPPorts = [ 655 1655 ]; From 8656e83d4c5c736541b3f29470f591aa8e84d1e7 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 Jun 2016 01:34:08 +0200 Subject: [PATCH 6/7] k 3 ma: update shoney ip after failed deploy :3 --- krebs/3modules/makefu/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 1b4096d09..14cee8e12 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -344,7 +344,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { internet = { - ip4.addr = "64.137.235.70"; + ip4.addr = "64.137.234.215"; aliases = [ "shoney.i" ]; From 618684954207feed26b1b85f0721d41d5ca4c5c3 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 14 Jun 2016 01:35:49 +0200 Subject: [PATCH 7/7] s 1 wolf: use tcponly in shack network because udp suffers from 20 percnet packet loss --- shared/1systems/wolf.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index dc61414fe..180510066 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -22,7 +22,7 @@ in # local discovery in shackspace nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; - + krebs.retiolum.extraConfig = "TCPOnly = yes"; services.grafana = { enable = true; addr = "0.0.0.0";