Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'wolf/master'

Browse Source
This commit is contained in:
lassulus 2016-06-14 09:54:02 +02:00
commit d5cfc4bf19
8 changed files with 80 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
krebs/3modules/makefu/default.nix
View File

@ -344,7 +344,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
cores = 1; cores = 1;
nets = { nets = {
internet = { internet = {
ip4.addr = "64.137.235.70"; ip4.addr = "64.137.234.215";
aliases = [ aliases = [
"shoney.i" "shoney.i"
]; ];

30
makefu/1systems/darth.nix
View File

@ -17,19 +17,37 @@ in {
../2configs/exim-retiolum.nix ../2configs/exim-retiolum.nix
../2configs/virtualization.nix ../2configs/virtualization.nix
]; ];
services.tinc.networks.siem = {
networking.firewall.allowedUDPPorts = [ 80 655 67 ]; name = "sdarth";
networking.firewall.allowedTCPPorts = [ 80 655 ]; extraConfig = "ConnectTo = sjump";
networking.firewall.checkReversePath = false; };
#networking.firewall.enable = false; #networking.firewall.enable = false;
# virtualisation.nova.enableSingleNode = true;
krebs.retiolum.enable = true; krebs.retiolum.enable = true;
boot.kernelModules = [ "coretemp" "f71882fg" ]; boot.kernelModules = [ "coretemp" "f71882fg" ];
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
networking.wireless.enable = true; networking = {
wireless.enable = true;
firewall = {
allowPing = true;
logRefusedConnections = false;
allowedUDPPorts = [ 80 655 67 ];
allowedTCPPorts = [ 80 655 ];
};
nat = {
enable = true;
internalIPs = [ "10.8.10.0/24" ];
#internalInterfaces = [ "tinc.siem" ];
externalIP = "10.8.8.2";
externalInterface = "virbr3";
};
interfaces.virbr3.ip4 = [{
address = "10.8.8.2";
prefixLength = 24;
}];
};
# TODO smartd omo darth gum all-in-one # TODO smartd omo darth gum all-in-one
services.smartd.devices = builtins.map (x: { device = x; }) allDisks; services.smartd.devices = builtins.map (x: { device = x; }) allDisks;

24
makefu/1systems/shoney.nix
View File

@ -1,15 +1,20 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
ip = "64.137.235.70"; ip = "64.137.234.215";
gw = "64.137.235.1"; alt-ip = "64.137.234.210";
extra-ip = "64.137.234.114"; #currently unused
gw = "64.137.234.1";
in { in {
imports = [ imports = [
../. ../.
../../tv/2configs/hw/CAC.nix ../2configs/hw/CAC.nix
../../tv/2configs/fs/CAC-CentOS-7-64bit.nix ../2configs/fs/CAC-CentOS-7-64bit.nix
]; ];
services.tinc.networks.siem.name = "sjump";
# minimal resources # minimal resources
services.nixosManual.enable = false; services.nixosManual.enable = false;
programs.man.enable = false; programs.man.enable = false;
@ -21,10 +26,13 @@ in {
retiolum.enable = true; retiolum.enable = true;
build.host = config.krebs.hosts.shoney; build.host = config.krebs.hosts.shoney;
}; };
networking.interfaces.enp2s1.ip4 = [ { networking.interfaces.enp2s1.ip4 = [
address = ip; { address = ip; prefixLength = 24; }
prefixLength = 24; { address = alt-ip; prefixLength = 24; }
} ]; ];
networking.defaultGateway = gw; networking.defaultGateway = gw;
networking.nameservers = [ "8.8.8.8" ]; networking.nameservers = [ "8.8.8.8" ];
networking.firewall.allowedUDPPorts = [ 655 1655 ];
networking.firewall.allowedTCPPorts = [ 655 1655 ];
} }

4
makefu/1systems/wry.nix
View File

@ -9,8 +9,8 @@ in {
imports = [ imports = [
../. ../.
# TODO: copy this config or move to krebs # TODO: copy this config or move to krebs
../../tv/2configs/hw/CAC.nix ../2configs/hw/CAC.nix
../../tv/2configs/fs/CAC-CentOS-7-64bit.nix ../2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/headless.nix ../2configs/headless.nix
../2configs/bepasty-dual.nix ../2configs/bepasty-dual.nix

20
makefu/2configs/fs/CAC-CentOS-7-64bit.nix Normal file
View File

@ -0,0 +1,20 @@
_:
{
boot.loader.grub = {
device = "/dev/sda";
};
fileSystems = {
"/" = {
device = "/dev/centos/root";
fsType = "xfs";
};
"/boot" = {
device = "/dev/sda1";
fsType = "xfs";
};
};
swapDevices = [
{ device = "/dev/centos/swap"; }
];
}

13
makefu/2configs/hw/CAC.nix Normal file
View File

@ -0,0 +1,13 @@
_:
{
boot.initrd.availableKernelModules = [
"ata_piix"
"vmw_pvscsi"
];
boot.loader.grub.splashImage = null;
nix = {
daemonIONiceLevel = 1;
daemonNiceLevel = 1;
};
sound.enable = false;
}

4
shared/1systems/wolf.nix
View File

@ -22,7 +22,7 @@ in
# local discovery in shackspace # local discovery in shackspace
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
krebs.retiolum.extraConfig = "TCPOnly = yes";
services.grafana = { services.grafana = {
enable = true; enable = true;
addr = "0.0.0.0"; addr = "0.0.0.0";
@ -37,7 +37,7 @@ in
networking = { networking = {
firewall.enable = false; firewall.enable = false;
interfaces.eth0.ip4 = [{ interfaces.enp0s3.ip4 = [{
address = shack-ip; address = shack-ip;
prefixLength = 20; prefixLength = 20;
}]; }];

4
shared/2configs/shared-buildbot.nix
View File

@ -26,7 +26,7 @@
stockholm_repo, stockholm_repo,
workdir='stockholm-poller', branches=True, workdir='stockholm-poller', branches=True,
project='stockholm', project='stockholm',
pollinterval=120)) pollinterval=60))
''; '';
scheduler = { scheduler = {
force-scheduler = '' force-scheduler = ''
@ -43,7 +43,7 @@
sched.append(schedulers.SingleBranchScheduler( sched.append(schedulers.SingleBranchScheduler(
## all branches ## all branches
change_filter=util.ChangeFilter(branch_re=".*"), change_filter=util.ChangeFilter(branch_re=".*"),
# treeStableTimer=10, treeStableTimer=10,
name="fast-all-branches", name="fast-all-branches",
builderNames=["fast-tests"])) builderNames=["fast-tests"]))
''; '';