Merge remote-tracking branch 'gum/master'

2015-12-14 15:05:36 +01:00 · 2015-12-14 15:05:36 +01:00 · d94784efbe
commit d94784efbe
parent 9c1207a528 6f150af8ac
10 changed files with 129 additions and 4 deletions
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@ -84,6 +84,31 @@ with lib;
        };
      };
    };
+
+    vbob = {
+      cores = 2;
+      dc = "makefu"; #vm local
+      nets = {
+        retiolum = {
+          addrs4 = ["10.243.1.91"];
+          addrs6 = ["42:0b2c:d90e:e717:03dd:9ac1:0000:a400"];
+          aliases = [
+            "vbob.retiolum"
+          ];
+          tinc.pubkey = ''
+          -----BEGIN RSA PUBLIC KEY-----
+          MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
+          4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
+          AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
+          hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
+          Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
+          AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
+          -----END RSA PUBLIC KEY-----
+
+            '';
+        };
+      };
+    };
    flap = rec {
      cores = 1;
      dc = "cac"; #vps
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
@ -50,6 +50,14 @@ let
      '';
    };

+    extraConfig = mkOption {
+      type = types.str;
+      default = "";
+      description = ''
+        Extra Configuration to be appended to tinc.conf
+      '';
+    };
+
    tincPackage = mkOption {
      type = types.package;
      default = pkgs.tinc;
@ -203,6 +211,7 @@ let
    Interface = ${cfg.network}
    ${concatStrings (map (c : "ConnectTo = " + c + "\n") cfg.connectTo)}
    PrivateKeyFile = /tmp/retiolum-rsa_key.priv
+    ${cfg.extraConfig}
    EOF

    # source: krebscode/painload/retiolum/scripts/tinc_setup/tinc-up
--- a/krebs/Zhosts/gum
+++ b/krebs/Zhosts/gum
@ -1,5 +1,7 @@
 Address= 195.154.108.70
 Address= 195.154.108.70 53
+Address= 195.154.108.70 21031
+
 Subnet = 10.243.0.211
 Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2

--- a/krebs/Zhosts/vbob
+++ b/krebs/Zhosts/vbob
@ -0,0 +1,9 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
+4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
+AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
+hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
+Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
+AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
+-----END RSA PUBLIC KEY-----
+Subnet = 10.243.1.91/32
--- a/krebs/Zpubkeys/makefu_vbob.ssh.pub
+++ b/krebs/Zpubkeys/makefu_vbob.ssh.pub
@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@nixos
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@ -14,14 +14,20 @@ in {
      # ../2configs/iodined.nix
      ../2configs/git/cgit-retiolum.nix
      ../2configs/mattermost-docker.nix
+      ../2configs/nginx/euer.test.nix
  ];


+  nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };

  ###### stable
  krebs.build.target = "root@gum.krebsco.de";
  krebs.build.host = config.krebs.hosts.gum;
-
+  krebs.retiolum.extraConfig = ''
+    ListenAddress = ${external-ip} 53
+    ListenAddress = ${external-ip} 655
+    ListenAddress = ${external-ip} 21031
+  '';

  # Chat
  environment.systemPackages = with pkgs;[
@ -53,10 +59,18 @@ in {
          80 443
          # tinc
          655
+          # tinc-shack
+          21032
+          # tinc-retiolum
+          21031
        ];
        allowedUDPPorts = [
          # tinc
          655 53
+          # tinc-retiolum
+          21031
+          # tinc-shack
+          21032
        ];
    };
    interfaces.et0.ip4 = [{
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@ -0,0 +1,44 @@
+#
+#
+#
+{ config, pkgs, ... }:
+
+{
+  krebs.build.host = config.krebs.hosts.vbob;
+  krebs.build.target = "root@10.10.10.220";
+  imports =
+    [ # Include the results of the hardware scan.
+      <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
+      ../2configs/main-laptop.nix #< base-gui
+
+      # environment
+      ../2configs/zsh-user.nix
+      ../2configs/virtualization.nix
+    ];
+  nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
+  environment.systemPackages = with pkgs;[
+    get
+    ];
+
+  networking.firewall.allowedTCPPorts = [
+    25
+    80
+  ];
+
+  krebs.retiolum = {
+    enable = true;
+    extraConfig = "Proxy = http global.proxy.alcatel-lucent.com 8000";
+    hosts = ../../krebs/Zhosts;
+    connectTo = [
+      "gum"
+    ];
+
+  };
+  networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000";
+  fileSystems."/media/share" = {
+    fsType = "vboxsf";
+    device = "share";
+    options = "rw,uid=9001,gid=9001";
+  };
+
+}
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@ -80,7 +80,14 @@ with lib;
    "d /tmp 1777 root root - -"
  ];

-  environment.variables.EDITOR = mkForce "vim";
+  environment.variables = {
+    NIX_PATH = with config.krebs.build.source; with dir; with git;
+      mkForce (concatStringsSep ":" [
+        "nixpkgs=${nixpkgs.target-path}"
+        "${nixpkgs.target-path}"
+      ]);
+    EDITOR = mkForce "vim";
+  };

  environment.systemPackages = with pkgs; [
      jq
@ -124,6 +131,14 @@ with lib;

  services.cron.enable = false;
  services.nscd.enable = false;
+  services.ntp.enable = false;
+  services.timesyncd.enable = true;
+  services.ntp.servers = [
+    "pool.ntp.org"
+    "time.windows.com"
+    "time.apple.com"
+    "time.nist.gov"
+  ];

  security.setuidPrograms = [ "sendmail" ];
  services.journald.extraConfig = ''
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@ -24,6 +24,7 @@ let

  connector-repos = mapAttrs make-priv-repo {
    connector = { };
+    minikrebs = { };
    mattermost = {
      desc = "Mattermost Docker files";
    };
@ -42,7 +43,7 @@ let
    hooks = {
      post-receive = pkgs.git-hooks.irc-announce {
        nick = config.networking.hostName;
-        verbose = config.krebs.build.host.name == "pnp";
+        verbose = config.krebs.build.host.name == "gum";
        channel = "#retiolum";
        # TODO remove the hardcoded hostname
        server = "cd.retiolum";
@ -54,7 +55,7 @@ let

  # TODO: get the list of all krebsministers
  krebsminister = with config.krebs.users; [ lass tv uriel ];
-  all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ];
+  all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob ];
  all-exco = with config.krebs.users; [ exco ];

  priv-rules = repo: set-owners repo all-makefu;
@ -85,6 +86,10 @@ in {
        name = "makefu-omo" ;
        pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub;
      };
+      makefu-vbob = {
+        name = "makefu-vbob" ;
+        pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_vbob.ssh.pub;
+      };
      makefu-tsp = {
        name = "makefu-tsp" ;
        pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;
--- a/makefu/2configs/tinc-basic-retiolum.nix
+++ b/makefu/2configs/tinc-basic-retiolum.nix
@ -9,6 +9,7 @@ with lib;
      "gum"
      "pigstarter"
      "fastpoke"
+      "ire"
    ];
  };
 }
				`@ -0,0 +1 @@`
				`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@nixos`