Merge remote-tracking branch 'gum/master'

krebs/3modules/makefu/default.nix

@@ -84,6 +84,31 @@ with lib;
         };
       };
     };
+
+    vbob = {
+      cores = 2;
+      dc = "makefu"; #vm local
+      nets = {
+        retiolum = {
+          addrs4 = ["10.243.1.91"];
+          addrs6 = ["42:0b2c:d90e:e717:03dd:9ac1:0000:a400"];
+          aliases = [
+            "vbob.retiolum"
+          ];
+          tinc.pubkey = ''
+          -----BEGIN RSA PUBLIC KEY-----
+          MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
+          4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
+          AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
+          hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
+          Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
+          AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
+          -----END RSA PUBLIC KEY-----
+
+            '';
+        };
+      };
+    };
     flap = rec {
       cores = 1;
       dc = "cac"; #vps

krebs/3modules/retiolum.nix

@@ -50,6 +50,14 @@ let
       '';
     };
 
+    extraConfig = mkOption {
+      type = types.str;
+      default = "";
+      description = ''
+        Extra Configuration to be appended to tinc.conf
+      '';
+    };
+
     tincPackage = mkOption {
       type = types.package;
       default = pkgs.tinc;
@@ -203,6 +211,7 @@ let
     Interface = ${cfg.network}
     ${concatStrings (map (c : "ConnectTo = " + c + "\n") cfg.connectTo)}
     PrivateKeyFile = /tmp/retiolum-rsa_key.priv
+    ${cfg.extraConfig}
     EOF
 
     # source: krebscode/painload/retiolum/scripts/tinc_setup/tinc-up

krebs/Zhosts/gum

@@ -1,5 +1,7 @@
 Address= 195.154.108.70
 Address= 195.154.108.70 53
+Address= 195.154.108.70 21031
+
 Subnet = 10.243.0.211
 Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
 

krebs/Zhosts/vbob

@@ -0,0 +1,9 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
+4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
+AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
+hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
+Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
+AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
+-----END RSA PUBLIC KEY-----
+Subnet = 10.243.1.91/32

krebs/Zpubkeys/makefu_vbob.ssh.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@nixos

makefu/1systems/gum.nix

@@ -14,14 +14,20 @@ in {
       # ../2configs/iodined.nix
       ../2configs/git/cgit-retiolum.nix
       ../2configs/mattermost-docker.nix
+      ../2configs/nginx/euer.test.nix
   ];
 
 
+  nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
 
   ###### stable
   krebs.build.target = "root@gum.krebsco.de";
   krebs.build.host = config.krebs.hosts.gum;
-
+  krebs.retiolum.extraConfig = ''
+    ListenAddress = ${external-ip} 53
+    ListenAddress = ${external-ip} 655
+    ListenAddress = ${external-ip} 21031
+  '';
 
   # Chat
   environment.systemPackages = with pkgs;[
@@ -53,10 +59,18 @@ in {
           80 443
           # tinc
           655
+          # tinc-shack
+          21032
+          # tinc-retiolum
+          21031
         ];
         allowedUDPPorts = [
           # tinc
           655 53
+          # tinc-retiolum
+          21031
+          # tinc-shack
+          21032
         ];
     };
     interfaces.et0.ip4 = [{

makefu/1systems/vbob.nix

@@ -0,0 +1,44 @@
+#
+#
+#
+{ config, pkgs, ... }:
+
+{
+  krebs.build.host = config.krebs.hosts.vbob;
+  krebs.build.target = "root@10.10.10.220";
+  imports =
+    [ # Include the results of the hardware scan.
+      <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
+      ../2configs/main-laptop.nix #< base-gui
+
+      # environment
+      ../2configs/zsh-user.nix
+      ../2configs/virtualization.nix
+    ];
+  nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
+  environment.systemPackages = with pkgs;[
+    get
+    ];
+
+  networking.firewall.allowedTCPPorts = [
+    25
+    80
+  ];
+
+  krebs.retiolum = {
+    enable = true;
+    extraConfig = "Proxy = http global.proxy.alcatel-lucent.com 8000";
+    hosts = ../../krebs/Zhosts;
+    connectTo = [
+      "gum"
+    ];
+
+  };
+  networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000";
+  fileSystems."/media/share" = {
+    fsType = "vboxsf";
+    device = "share";
+    options = "rw,uid=9001,gid=9001";
+  };
+
+}

makefu/2configs/default.nix

@@ -80,7 +80,14 @@ with lib;
     "d /tmp 1777 root root - -"
   ];
 
-  environment.variables.EDITOR = mkForce "vim";
+  environment.variables = {
+    NIX_PATH = with config.krebs.build.source; with dir; with git;
+      mkForce (concatStringsSep ":" [
+        "nixpkgs=${nixpkgs.target-path}"
+        "${nixpkgs.target-path}"
+      ]);
+    EDITOR = mkForce "vim";
+  };
 
   environment.systemPackages = with pkgs; [
       jq
@@ -124,6 +131,14 @@ with lib;
 
   services.cron.enable = false;
   services.nscd.enable = false;
+  services.ntp.enable = false;
+  services.timesyncd.enable = true;
+  services.ntp.servers = [
+    "pool.ntp.org"
+    "time.windows.com"
+    "time.apple.com"
+    "time.nist.gov"
+  ];
 
   security.setuidPrograms = [ "sendmail" ];
   services.journald.extraConfig = ''

makefu/2configs/git/cgit-retiolum.nix

@@ -24,6 +24,7 @@ let
 
   connector-repos = mapAttrs make-priv-repo {
     connector = { };
+    minikrebs = { };
     mattermost = {
       desc = "Mattermost Docker files";
     };
@@ -42,7 +43,7 @@ let
     hooks = {
       post-receive = pkgs.git-hooks.irc-announce {
         nick = config.networking.hostName;
-        verbose = config.krebs.build.host.name == "pnp";
+        verbose = config.krebs.build.host.name == "gum";
         channel = "#retiolum";
         # TODO remove the hardcoded hostname
         server = "cd.retiolum";
@@ -54,7 +55,7 @@ let
 
   # TODO: get the list of all krebsministers
   krebsminister = with config.krebs.users; [ lass tv uriel ];
-  all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ];
+  all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob ];
   all-exco = with config.krebs.users; [ exco ];
 
   priv-rules = repo: set-owners repo all-makefu;
@@ -85,6 +86,10 @@ in {
         name = "makefu-omo" ;
         pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub;
       };
+      makefu-vbob = {
+        name = "makefu-vbob" ;
+        pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_vbob.ssh.pub;
+      };
       makefu-tsp = {
         name = "makefu-tsp" ;
         pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;

makefu/2configs/tinc-basic-retiolum.nix

@@ -9,6 +9,7 @@ with lib;
       "gum"
       "pigstarter"
       "fastpoke"
+      "ire"
     ];
   };
 }