Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2015-12-14 15:05:36 +01:00
commit d94784efbe
10 changed files with 129 additions and 4 deletions

View File

@ -84,6 +84,31 @@ with lib;
};
};
};
vbob = {
cores = 2;
dc = "makefu"; #vm local
nets = {
retiolum = {
addrs4 = ["10.243.1.91"];
addrs6 = ["42:0b2c:d90e:e717:03dd:9ac1:0000:a400"];
aliases = [
"vbob.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
flap = rec {
cores = 1;
dc = "cac"; #vps

View File

@ -50,6 +50,14 @@ let
'';
};
extraConfig = mkOption {
type = types.str;
default = "";
description = ''
Extra Configuration to be appended to tinc.conf
'';
};
tincPackage = mkOption {
type = types.package;
default = pkgs.tinc;
@ -203,6 +211,7 @@ let
Interface = ${cfg.network}
${concatStrings (map (c : "ConnectTo = " + c + "\n") cfg.connectTo)}
PrivateKeyFile = /tmp/retiolum-rsa_key.priv
${cfg.extraConfig}
EOF
# source: krebscode/painload/retiolum/scripts/tinc_setup/tinc-up

View File

@ -1,5 +1,7 @@
Address= 195.154.108.70
Address= 195.154.108.70 53
Address= 195.154.108.70 21031
Subnet = 10.243.0.211
Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2

9
krebs/Zhosts/vbob Normal file
View File

@ -0,0 +1,9 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
-----END RSA PUBLIC KEY-----
Subnet = 10.243.1.91/32

View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@nixos

View File

@ -14,14 +14,20 @@ in {
# ../2configs/iodined.nix
../2configs/git/cgit-retiolum.nix
../2configs/mattermost-docker.nix
../2configs/nginx/euer.test.nix
];
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
###### stable
krebs.build.target = "root@gum.krebsco.de";
krebs.build.host = config.krebs.hosts.gum;
krebs.retiolum.extraConfig = ''
ListenAddress = ${external-ip} 53
ListenAddress = ${external-ip} 655
ListenAddress = ${external-ip} 21031
'';
# Chat
environment.systemPackages = with pkgs;[
@ -53,10 +59,18 @@ in {
80 443
# tinc
655
# tinc-shack
21032
# tinc-retiolum
21031
];
allowedUDPPorts = [
# tinc
655 53
# tinc-retiolum
21031
# tinc-shack
21032
];
};
interfaces.et0.ip4 = [{

44
makefu/1systems/vbob.nix Normal file
View File

@ -0,0 +1,44 @@
#
#
#
{ config, pkgs, ... }:
{
krebs.build.host = config.krebs.hosts.vbob;
krebs.build.target = "root@10.10.10.220";
imports =
[ # Include the results of the hardware scan.
<nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
../2configs/main-laptop.nix #< base-gui
# environment
../2configs/zsh-user.nix
../2configs/virtualization.nix
];
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
environment.systemPackages = with pkgs;[
get
];
networking.firewall.allowedTCPPorts = [
25
80
];
krebs.retiolum = {
enable = true;
extraConfig = "Proxy = http global.proxy.alcatel-lucent.com 8000";
hosts = ../../krebs/Zhosts;
connectTo = [
"gum"
];
};
networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000";
fileSystems."/media/share" = {
fsType = "vboxsf";
device = "share";
options = "rw,uid=9001,gid=9001";
};
}

View File

@ -80,7 +80,14 @@ with lib;
"d /tmp 1777 root root - -"
];
environment.variables.EDITOR = mkForce "vim";
environment.variables = {
NIX_PATH = with config.krebs.build.source; with dir; with git;
mkForce (concatStringsSep ":" [
"nixpkgs=${nixpkgs.target-path}"
"${nixpkgs.target-path}"
]);
EDITOR = mkForce "vim";
};
environment.systemPackages = with pkgs; [
jq
@ -124,6 +131,14 @@ with lib;
services.cron.enable = false;
services.nscd.enable = false;
services.ntp.enable = false;
services.timesyncd.enable = true;
services.ntp.servers = [
"pool.ntp.org"
"time.windows.com"
"time.apple.com"
"time.nist.gov"
];
security.setuidPrograms = [ "sendmail" ];
services.journald.extraConfig = ''

View File

@ -24,6 +24,7 @@ let
connector-repos = mapAttrs make-priv-repo {
connector = { };
minikrebs = { };
mattermost = {
desc = "Mattermost Docker files";
};
@ -42,7 +43,7 @@ let
hooks = {
post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;
verbose = config.krebs.build.host.name == "pnp";
verbose = config.krebs.build.host.name == "gum";
channel = "#retiolum";
# TODO remove the hardcoded hostname
server = "cd.retiolum";
@ -54,7 +55,7 @@ let
# TODO: get the list of all krebsministers
krebsminister = with config.krebs.users; [ lass tv uriel ];
all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ];
all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob ];
all-exco = with config.krebs.users; [ exco ];
priv-rules = repo: set-owners repo all-makefu;
@ -85,6 +86,10 @@ in {
name = "makefu-omo" ;
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub;
};
makefu-vbob = {
name = "makefu-vbob" ;
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_vbob.ssh.pub;
};
makefu-tsp = {
name = "makefu-tsp" ;
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;

View File

@ -9,6 +9,7 @@ with lib;
"gum"
"pigstarter"
"fastpoke"
"ire"
];
};
}