Merge remote-tracking branch 'lass/master'

This commit is contained in:
makefu 2017-02-04 14:31:47 +01:00
commit d6c9edd9dc
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
26 changed files with 458 additions and 329 deletions

View File

@ -38,6 +38,11 @@ let
'';
default = {};
};
maxTime = mkOption {
type = types.int;
default = 0;
description = "Time to wait before download is aborted";
};
};
fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" ''
@ -45,7 +50,7 @@ let
mkdir -p ${shell.escape cfg.stateDir}
cd ${shell.escape cfg.stateDir}
(curl -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || :
(curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || :
feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
'';

View File

@ -93,6 +93,7 @@ with import <stockholm/lib>;
"cgit.prism.retiolum"
"cgit.prism.r"
"cache.prism.r"
"paste.r" "paste.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@ -119,7 +120,6 @@ with import <stockholm/lib>;
ssh.port = 2223;
};
};
ssh.pubkey = "ssh-dss AAAAB3NzaC1kc3MAAAEBAPH5Hcrc2QzIi7KQLf17N+aUuFfwb7uKxuojzmO3kyb3nMdn3s+rfTCJLWTJeHCeKb6yMpDF1XGXZwVN+omWV8CsA9tivOHYzZws3b0QB/JENjYmhHbNkKijm6EWXSyvsJ2RuFj0PC8+cv77ZFx7VTnrwZk6Excv7v51j+qo5BejLL1ZybISld/n3kQWE+GJqBYJ9zp/25XEl7macH02o58lRhfqygunDlKm4yiq34pfkA7FS4eHNzcXGvmtQlAHeDts1APbKq8OAoYoyCo0gjK9nbAwbfm0yqM51+eIo3H6xLWjSBdMI9guqndNJWps9PpKHa3bvM1xFB3vfoQZ6m8AAAAVAKf8ZCwMgP4ZpqwwNw4vIn1AuLnfAAABAQCVfUrpUWFvf/TXPucJde4CuAmtoMOrjpepAiXK7N9dwGyq/PbVxr4tnJ/RTyNGOFmBroc6/n0MnxR0qmkQPJNtM/Yz+kk+BCgwsyu2uenVOIX/eJFuQPQYiUdktTcgAyChMp99WF4yfKKgv1CDdMkpFi8xgBEN03s1sOKCRNwJ5rlpTNqh9LatuRyzWOIjNd7atkEYIQK92idJgqSmleo+UhJFfoOGjYlRbsnRVbvfqh7GVd7SSydhKhdb2eZjj2J8eMBwHNl1FLtqt02cnFW3FQDdXPbYYakN25z3F3sex/CPuBGJ0HRGq+y/Ynj/m99TPq9vLkzSUQPR4MmQ5feoAAABAG5L9ffMc/8T9dTeF7FEPlS54ka73M+pNY/5ehMykrrS9CVjFmvpeclnxkBpvjt3G5IlvkSsjUEE6kMk7mW9EV+USL0TTU/LavxXD8fLCSiIwResfLDRxjixjxVI1ouZeKNQ6B3tPOWOEIKR5nPlc7iy435nS77/NM3yBFH0KGdepr+3ZmdgWAjDLKjQhNyCz4Joc1IH1Vf5Ccvb6rsaJ91ajiq29iI2ZpLXXIQsS1ZYzO1Gr9xBTNgmzEmeLqFMcxDSJ+rLMF4VDjRdL2zz5BSmv/Ffj2nICMgv/gj3zzuk7zcMpnbvGyA3W8VWb6IjJDvww4rJ21Q2gHBC5XCohJs=";
};
cloudkrebs = {
cores = 1;

View File

@ -313,7 +313,6 @@ with import <stockholm/lib>;
"graphs.wry.retiolum"
"graphs.r" "graphs.retiolum"
"paste.wry.retiolum"
"paste.r" "paste.retiolum"
"wry.r" "wry.retiolum"
"wiki.makefu.retiolum"
"wiki.wry.retiolum"

View File

@ -31,13 +31,6 @@ with import <stockholm/lib>;
];
}
#{
# services.mysql = {
# enable = true;
# package = pkgs.mariadb;
# rootPassword = "<secrets>/mysql_rootPassword";
# };
#}
#{
# services.elasticsearch = {
# enable = true;
# plugins = [
@ -83,140 +76,56 @@ with import <stockholm/lib>;
{
services.redis.enable = true;
}
{
virtualisation.libvirtd.enable = true;
}
{
services.nginx = {
enable = mkDefault true;
virtualHosts = {
"stats.mors" = {
locations = {
"/" = {
proxyPass = "http://localhost:3000/";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
};
};
};
};
services.grafana = {
enable = true;
addr = "127.0.0.1";
users.allowSignUp = false;
users.allowOrgCreate = false;
users.autoAssignOrg = false;
auth.anonymous.enable = true;
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
};
services.graphite = {
api = {
enable = true;
listenAddress = "127.0.0.1";
port = 18080;
};
carbon = {
enableCache = true;
# save disk usage by restricting to 1 bulk update per second
config = ''
[cache]
MAX_CACHE_SIZE = inf
MAX_UPDATES_PER_SECOND = 1
MAX_CREATES_PER_MINUTE = 500
'';
storageSchemas = ''
[carbon]
pattern = ^carbon\.
retentions = 60:90d
[elchos]
patterhn = ^elchos\.
retentions = 10s:30d,60s:3y
[default]
pattern = .*
retentions = 30s:30d,300s:1y
'';
};
};
services.collectd = {
enable = true;
include = [ (toString (pkgs.writeText "collectd-graphite-cfg" ''
LoadPlugin write_graphite
<Plugin "write_graphite">
<Carbon>
Host "localhost"
Port "2003"
EscapeCharacter "_"
StoreRates false
AlwaysAppendDS false
</Carbon>
</Plugin>
''))
];
extraConfig = ''
LoadPlugin interface
LoadPlugin battery
LoadPlugin load
LoadPlugin cpu
LoadPlugin entropy
LoadPlugin write_graphite
<Plugin "interface">
Interface "et0"
Interface "wl0"
Interface "retiolum"
</Plugin>
'';
};
services.graphite.beacon = {
enable = true;
config = {
graphite_url = "http://localhost:18080";
cli = {
command = ''${pkgs.irc-announce}/bin/irc-announce irc.freenode.org 6667 mors-beacon-alert \#krebs ' ''${level} ''${name} ''${value}' '';
};
smtp = {
from = "beacon@mors.r";
to = [
"lass@mors.r"
];
};
normal_handlers = [
"smtp"
"cli"
];
warning_handlers = [
"smtp"
"cli"
];
critical_handlers = [
"smtp"
"cli"
];
alerts = [
{
name = "testbattery";
query = "*.battery-0.capacity";
method = "last_value";
interval = "1minute";
logging = "info";
repeat_interval = "5minute";
rules = [
"warning: < 30.0"
"critical: < 10.0"
];
}
];
};
};
}
#{
# #gitit magic
# imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ];
# services.gitit = {
# enable = true;
# haskellPackages = pkgs.haskell.packages.ghc7103;
# };
#}
#{
# lass.icinga2 = {
# enable = true;
# configFiles = [
# ''
# template Service "generic-service" {
# max_check_attempts = 3
# check_interval = 5m
# retry_interval = 1m
# enable_perfdata = true
# }
# apply Service "ping4" {
# }
# ''
# ];
# };
# services.mysql = {
# enable = true;
# package = pkgs.mariadb;
# rootPassword = "<secrets>/mysql_rootPassword";
# };
# lass.icingaweb2 = {
# enable = true;
# initialRootPasswordHash = "$1$HpWDCehI$ITbAoyfOB6HEN1ftooxZq0";
# resources = {
# icinga2db = {
# type = "mysql";
# host = "localhost";
# user = "icingaweb2";
# db = "icinga";
# passfile = <secrets/icinga2-pw>;
# };
# icingaweb2db = {
# type = "mysql";
# host = "localhost";
# user = "icingaweb2";
# db = "icingaweb2";
# passfile = <secrets/icinga2-pw>;
# };
# };
# };
#}
];
krebs.build.host = config.krebs.hosts.mors;
@ -229,7 +138,6 @@ with import <stockholm/lib>;
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
};
fileSystems = {
"/" = {
@ -266,11 +174,6 @@ with import <stockholm/lib>;
fsType = "ext4";
};
"/mnt/public" = {
device = "/dev/big/public";
fsType = "ext4";
};
"/mnt/conf" = {
device = "/dev/big/conf";
fsType = "ext4";

View File

@ -43,6 +43,17 @@ in {
../2configs/libvirt.nix
../2configs/hfos.nix
../2configs/makefu-sip.nix
../2configs/monitoring/server.nix
{
imports = [
../2configs/bepasty.nix
];
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
return 403;
}
'';
}
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
@ -202,20 +213,6 @@ in {
];
};
}
{
services.nginx = {
enable = true;
virtualHosts.public = {
port = 8088;
locations."~ ^/~(.+?)(/.*)?\$".extraConfig = ''
alias /home/$1/public_html$2;
'';
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8088"; target = "ACCEPT"; }
];
}
{
krebs.repo-sync.timerConfig = {
OnCalendar = "*:0/5";
@ -227,6 +224,7 @@ in {
};
}
{
# Nin stuff
users.users.nin = {
uid = genid "nin";
inherit (config.krebs.users.nin) home;
@ -240,18 +238,6 @@ in {
"libvirtd"
];
};
krebs.git.rules = [
{
user = [ config.krebs.users.nin ];
repo = [ config.krebs.git.repos.stockholm ];
perm = with git; push "refs/heads/nin" [ fast-forward non-fast-forward create delete merge ];
}
];
krebs.repo-sync.repos.stockholm.nin = {
origin.url = "http://cgit.prism/stockholm";
origin.ref = "heads/nin";
mirror.url = "git@${config.networking.hostName}:stockholm";
};
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.240 -p tcp --dport 1337"; target = "DNAT --to-destination 192.168.122.24:22"; }
];
@ -272,7 +258,6 @@ in {
-XFlexibleInstances -XMultiParamTypeClasses \
-XOverloadedStrings -XFunctionalDependencies \'';
in [
sed-plugin
url-title
(buildSimpleReaktorPlugin "lambdabot-pl" {
pattern = "^@pl (?P<args>.*)$$";

40
lass/2configs/bepasty.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
# secrets used:
# wildcard.krebsco.de.crt
# wildcard.krebsco.de.key
# bepasty-secret.nix <- contains single string
with import <stockholm/lib>;
let
secKey = import <secrets/bepasty-secret.nix>;
ext-dom = "paste.lassul.us" ;
in {
services.nginx.enable = mkDefault true;
krebs.bepasty = {
enable = true;
serveNginx= true;
servers = {
"paste.r" = {
nginx = {
serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
};
defaultPermissions = "admin,list,create,read,delete";
secretKey = secKey;
};
"${ext-dom}" = {
nginx = {
enableSSL = true;
forceSSL = true;
enableACME = true;
};
defaultPermissions = "read";
secretKey = secKey;
};
};
};
}

View File

@ -58,6 +58,11 @@ in {
"NIX_REMOTE": "daemon",
"dummy_secrets": "true",
}
env_nin = {
"LOGNAME": "nin",
"NIX_REMOTE": "daemon",
"dummy_secrets": "true",
}
env_shared = {
"LOGNAME": "shared",
"NIX_REMOTE": "daemon",
@ -126,6 +131,18 @@ in {
]
)
for i in [ "hiawatha", "onondaga" ]:
addShell(f,name="build-{}".format(i),env=env_nin,
command=nixshell + \
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
make \
test \
target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
method=build \
system={}".format(i)
]
)
bu.append(
util.BuilderConfig(
name="build-hosts",

View File

@ -9,6 +9,7 @@ with import <stockholm/lib>;
../2configs/mc.nix
../2configs/nixpkgs.nix
../2configs/vim.nix
../2configs/monitoring/client.nix
./backups.nix
{
users.extraUsers =
@ -98,7 +99,6 @@ with import <stockholm/lib>;
# multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = ''
EDITOR=vim
MANPAGER=most
'';
nixpkgs.config.allowUnfree = true;

View File

@ -16,6 +16,7 @@ with import <stockholm/lib>;
lass.pubkey
lass-shodan.pubkey
lass-helios.pubkey
lass-icarus.pubkey
makefu.pubkey
];
};

View File

@ -7,6 +7,7 @@ in {
enable = true;
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
url = "prism/wallpaper.png";
maxTime = 10;
};
systemd.services.fetchWallpaper = {
after = [ "xmonad.service" ];

View File

@ -57,7 +57,7 @@ let
server = "ni.r";
verbose = config.krebs.build.host.name == "prism";
# TODO define branches in some kind of option per repo
branches = [ "master" "newest" "nin" ];
branches = [ "master" "newest" ];
};
};
};

View File

@ -47,12 +47,5 @@ with import <stockholm/lib>;
pkgs.vaapiVdpau
];
services.xserver = {
videoDriver = "intel";
deviceSection = ''
Option "AccelMethod" "sna"
'';
};
security.rngd.enable = true;
}

View File

@ -0,0 +1,94 @@
{pkgs, config, ...}:
with import <stockholm/lib>;
{
lass.telegraf = {
enable = true;
interval = "1s";
outputs = ''
[outputs.influxdb]
urls = ["http://prism:8086"]
database = "telegraf_db"
user_agent = "telegraf"
'';
inputs = [
''
[cpu]
percpu = false
totalcpu = true
drop = ["cpu_time"]
''
''
[[inputs.mem]]
''
''
[[inputs.ping]]
urls = ["8.8.8.8"]
''
''
[[inputs.net]]
''
''
[[inputs.dns_query]]
servers = ["8.8.8.8"]
''
];
};
systemd.services.telegraf.path = with pkgs; [
iputils
lm_sensors
];
services.collectd = {
enable = true;
autoLoadPlugin = true;
extraConfig = ''
Hostname ${config.krebs.build.host.name}
LoadPlugin load
LoadPlugin disk
LoadPlugin memory
Interval 30.0
LoadPlugin interface
<Plugin "interface">
Interface "*Link"
Interface "lo"
Interface "vboxnet*"
Interface "virbr*"
IgnoreSelected true
</Plugin>
LoadPlugin df
<Plugin "df">
MountPoint "/nix/store"
FSType "tmpfs"
FSType "binfmt_misc"
FSType "debugfs"
FSType "mqueue"
FSType "hugetlbfs"
FSType "systemd-1"
FSType "cgroup"
FSType "securityfs"
FSType "ramfs"
FSType "proc"
FSType "devpts"
FSType "devtmpfs"
MountPoint "/var/lib/docker/devicemapper"
IgnoreSelected true
</Plugin>
LoadPlugin cpu
<Plugin cpu>
ReportByCpu true
ReportByState true
ValuesPercentage true
</Plugin>
LoadPlugin network
<Plugin "network">
Server "prism" "25826"
</Plugin>
'';
};
}

View File

@ -0,0 +1,66 @@
{pkgs, config, ...}:
with import <stockholm/lib>;
{
services.influxdb = {
enable = true;
};
services.influxdb.extraConfig = {
meta.hostname = config.krebs.build.host.name;
# meta.logging-enabled = true;
http.bind-address = ":8086";
admin.bind-address = ":8083";
monitoring = {
enabled = false;
# write-interval = "24h";
};
collectd = [{
enabled = true;
typesdb = "${pkgs.collectd}/share/collectd/types.db";
database = "collectd_db";
port = 25826;
}];
};
lass.kapacitor =
let
echoToIrc = pkgs.writeDash "echo_irc" ''
set -euf
data="$(${pkgs.jq}/bin/jq -r .message)"
export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \
irc.freenode.org 6667 prism-alarm \#krebs-bots "$data" >/dev/null
'';
in {
enable = true;
alarms = {
test2 = ''
batch
|query(${"'''"}
SELECT mean("usage_user") AS mean
FROM "${config.lass.kapacitor.check_db}"."default"."cpu"
${"'''"})
.every(3m)
.period(1m)
.groupBy('host')
|alert()
.crit(lambda: "mean" > 90)
// Whenever we get an alert write it to a file.
.log('/tmp/alerts.log')
.exec('${echoToIrc}')
'';
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
{ predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
{ predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; }
];
services.grafana = {
enable = true;
addr = "0.0.0.0";
auth.anonymous.enable = true;
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
};
}

View File

@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "39098270855c171f0824c09d071b606ae991ff87";
ref = "5fff5a902594b34471b613eb2babcec923e1e1f1";
};
}

View File

@ -44,6 +44,10 @@ let
origin.url = "http://cgit.ni.r/${name}";
mirror.url = "${mirror}${name}";
};
nin = {
origin.url = "http://cgit.onondaga.r/${name}";
mirror.url = "${mirror}${name}";
};
lassulus = {
origin.url = "http://cgit.prism/${name}";
mirror.url = "${mirror}${name}";

View File

@ -0,0 +1 @@
"bla"

View File

@ -66,6 +66,7 @@ in {
"karlaskop.ubikmedia.de"
"nb.ubikmedia.de"
"youthtube.ubikmedia.de"
"joemisch.com"
])
];

View File

@ -21,6 +21,14 @@ let
type = types.str;
default = "kapacitor";
};
alarms = mkOption {
type = with types; attrsOf str;
default = {};
};
check_db = mkOption {
type = types.str;
default = "all_data";
};
config = mkOption {
type = types.str;
#TODO: find a good default
@ -74,115 +82,7 @@ let
[logging]
file = "STDERR"
level = "INFO"
[collectd]
enabled = false
bind-address = ":25826"
database = "collectd"
retention-policy = ""
batch-size = 5000
batch-pending = 10
batch-timeout = "10s"
read-buffer = 0
typesdb = "/usr/share/collectd/types.db"
[opentsdb]
enabled = false
bind-address = ":4242"
database = "opentsdb"
retention-policy = ""
consistency-level = "one"
tls-enabled = false
certificate = "/etc/ssl/influxdb.pem"
batch-size = 1000
batch-pending = 5
batch-timeout = "1s"
log-point-errors = true
[smtp]
enabled = false
host = "localhost"
port = 25
username = ""
password = ""
no-verify = false
global = false
state-changes-only = false
from = ""
idle-timeout = "30s"
[opsgenie]
enabled = false
api-key = ""
url = "https://api.opsgenie.com/v1/json/alert"
recovery_url = "https://api.opsgenie.com/v1/json/alert/note"
global = false
[victorops]
enabled = false
api-key = ""
routing-key = ""
url = "https://alert.victorops.com/integrations/generic/20131114/alert"
global = false
[pagerduty]
enabled = false
url = "https://events.pagerduty.com/generic/2010-04-15/create_event.json"
service-key = ""
global = false
[sensu]
enabled = false
addr = ""
source = "Kapacitor"
[slack]
enabled = false
url = ""
channel = ""
global = false
state-changes-only = false
[telegram]
enabled = false
url = "https://api.telegram.org/bot"
token = ""
chat-id = ""
parse-mode = ""
disable-web-page-preview = false
disable-notification = false
global = false
state-changes-only = false
[hipchat]
enabled = false
url = ""
token = ""
room = ""
global = false
state-changes-only = false
[alerta]
enabled = false
url = ""
token = ""
environment = ""
origin = ""
[reporting]
enabled = true
url = "https://usage.influxdata.com"
[stats]
enabled = true
stats-interval = "10s"
database = "_kapacitor"
retention-policy = "autogen"
timing-sample-rate = 0.1
timing-movavg-size = 1000
[udf]
level = "DEBUG"
[deadman]
interval = "10s"
@ -190,11 +90,6 @@ let
id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'"
message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL."
global = false
[talk]
enabled = false
url = ""
author_name = ""
'';
description = "configuration kapacitor is started with";
};
@ -216,6 +111,29 @@ let
ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${configFile}";
};
};
systemd.services.kapacitor-alarms = {
description = "kapacitor-alarms";
after = [ "kapacitor.service" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.writeDash "add_alarms" ''
${pkgs.kapacitor}/bin/kapacitor delete tasks \*
${concatStrings (mapAttrsToList (name: alarm: ''
${pkgs.kapacitor}/bin/kapacitor define ${name} \
-type batch \
-tick ${pkgs.writeText "${name}.tick" alarm} \
-dbrp ${cfg.check_db}.default
${pkgs.kapacitor}/bin/kapacitor enable ${name}
'') cfg.alarms)}
'';
};
};
};
in out

View File

@ -21,26 +21,43 @@ let
type = types.str;
default = "telegraf";
};
outputs = mkOption {
type = types.str;
default = ''
[outputs.influxdb]
urls = ["http://localhost:8086"]
database = "telegraf_db"
user_agent = "telegraf"
'';
};
inputs = mkOption {
type = with types; listOf str;
default = [
''
[cpu]
percpu = false
totalcpu = true
drop = ["cpu_time"]
''
];
};
interval = mkOption {
type = types.str;
default = "10s";
};
config = mkOption {
type = types.str;
#TODO: find a good default
default = ''
[agent]
interval = "1s"
interval = "${cfg.interval}"
[outputs]
# Configuration to send data to InfluxDB.
[outputs.influxdb]
urls = ["http://localhost:8086"]
database = "kapacitor_example"
user_agent = "telegraf"
${cfg.outputs}
${concatStringsSep "\n" cfg.inputs}
# Collect metrics about cpu usage
[cpu]
percpu = false
totalcpu = true
drop = ["cpu_time"]
'';
description = "configuration telegraf is started with";
};

View File

@ -11,6 +11,7 @@ with lib;
../.
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
../2configs/retiolum.nix
../2configs/git.nix
];
krebs.build.host = config.krebs.hosts.hiawatha;
@ -76,15 +77,13 @@ with lib;
environment.systemPackages = with pkgs; [
firefox
git
networkmanagerapplet
python
steam
thunderbird
vim
git
hexchat
networkmanagerapplet
python
virtmanager
libvirt
];
nixpkgs.config = {

View File

@ -10,6 +10,7 @@
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/retiolum.nix
../2configs/weechat.nix
../2configs/git.nix
];
krebs.build.host = config.krebs.hosts.onondaga;

View File

@ -46,6 +46,12 @@ with import <stockholm/lib>;
SSL_CERT_FILE = ca-bundle;
};
})
{
nix = {
binaryCaches = ["http://cache.prism.r"];
binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
};
}
];
networking.hostName = config.krebs.build.host.name;
@ -58,7 +64,10 @@ with import <stockholm/lib>;
user = config.krebs.users.nin;
source = let inherit (config.krebs.build) host; in {
nixos-config.symlink = "stockholm/nin/1systems/${host.name}.nix";
secrets.file = "/home/nin/secrets/${host.name}";
secrets.file =
if getEnv "dummy_secrets" == "true"
then toString <stockholm/nin/6tests/dummysecrets>
else "/home/nin/secrets/${host.name}";
stockholm.file = getEnv "PWD";
};
};
@ -82,11 +91,14 @@ with import <stockholm/lib>;
# multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = ''
EDITOR=vim
MANPAGER=most
'';
nixpkgs.config.allowUnfree = true;
environment.shellAliases = {
gs = "git status";
};
environment.systemPackages = with pkgs; [
#stockholm
git
@ -95,6 +107,7 @@ with import <stockholm/lib>;
proot
populate
p7zip
termite
unzip
unrar
hashPassword

70
nin/2configs/git.nix Normal file
View File

@ -0,0 +1,70 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
out = {
krebs.git = {
enable = true;
cgit = {
settings = {
root-title = "public repositories at ${config.krebs.build.host.name}";
root-desc = "keep calm and engage";
};
};
repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
rules = rules;
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
];
};
repos = public-repos;
rules = concatMap make-rules (attrValues repos);
public-repos = mapAttrs make-public-repo {
stockholm = {
cgit.desc = "take all the computers hostage, they'll love you!";
};
};
make-public-repo = name: { cgit ? {}, ... }: {
inherit cgit name;
public = true;
hooks = {
post-receive = pkgs.git-hooks.irc-announce {
# TODO make nick = config.krebs.build.host.name the default
nick = config.krebs.build.host.name;
channel = "#retiolum";
server = "ni.r";
verbose = config.krebs.build.host.name == "onondaga";
# TODO define branches in some kind of option per repo
branches = [ "master" ];
};
};
};
make-rules =
with git // config.krebs.users;
repo:
singleton {
user = [ nin ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
optional repo.public {
user = attrValues config.krebs.users;
repo = [ repo ];
perm = fetch;
} ++
optional (length (repo.collaborators or []) > 0) {
user = repo.collaborators;
repo = [ repo ];
perm = fetch;
};
in out

View File

@ -0,0 +1 @@
{}

View File