init users.shared.wolf

2015-10-25 14:07:51 +01:00 · 2015-10-25 14:07:51 +01:00 · daa8fe2aa8
parent 39236213ab
commit daa8fe2aa8
6 changed files with 171 additions and 0 deletions
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@ -76,6 +76,7 @@ let
  imp = mkMerge [
    { krebs = import ./lass { inherit lib; }; }
    { krebs = import ./makefu { inherit lib; }; }
+    { krebs = import ./shared { inherit lib; }; }
    { krebs = import ./tv { inherit lib; }; }
    {
      krebs.dns.providers = {
--- a/krebs/3modules/shared/default.nix
+++ b/krebs/3modules/shared/default.nix
@ -0,0 +1,42 @@
+{ lib, ... }:
+
+with lib;
+
+{
+  hosts = addNames {
+    wolf = {
+      #dc = "shack";
+      nets = {
+        #shack = {
+        #  addrs4 = [ TODO ];
+        #  aliases = ["wolf.shack"];
+        #};
+        retiolum = {
+          addrs4 = ["10.243.77.1"];
+          addrs6 = ["42:0:0:0:0:0:77:1"];
+          aliases = [
+            "wolf.retiolum"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEAzpXyEATt8+ElxPq650/fkboEC9RvTWqN6UIAl/R4Zu+uDhAZ2ekb
+            HBjoSbRxu/0w2I37nwWUhEOemxGm4PXCgWrtO0jeRF4nVNYu3ZBppA3vuVALUWq7
+            apxRUEL9FdsWQlXGo4PVd20dGaDTi8M/Ggo755MStVTY0rRLluxyPq6VAa015sNg
+            4NOFuWm0NDn4e+qrahTCTiSjbCU8rWixm0GktV40kdg0QAiFbEcRhuXF1s9/yojk
+            7JT/nFg6LELjWUSSNZnioj5oSfVbThDRelIld9VaAKBAZZ5/zy6T2XSeDfoepytH
+            8aw6itEuTCy1M1DTiTG+12SPPw+ubG+NqQIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR";
+    };
+  };
+  users = addNames {
+    shared = {
+      mail = "spam@krebsco.de";
+      pubkey = "lol"; # TODO krebs.users.shared.pubkey should be unnecessary
+    };
+  };
+}
--- a/krebs/Zhosts/wolf
+++ b/krebs/Zhosts/wolf
@ -0,0 +1,10 @@
+Subnet = 10.243.77.1/32
+Subnet = 42:0:0:0:0:0:77:1/128
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAzpXyEATt8+ElxPq650/fkboEC9RvTWqN6UIAl/R4Zu+uDhAZ2ekb
+HBjoSbRxu/0w2I37nwWUhEOemxGm4PXCgWrtO0jeRF4nVNYu3ZBppA3vuVALUWq7
+apxRUEL9FdsWQlXGo4PVd20dGaDTi8M/Ggo755MStVTY0rRLluxyPq6VAa015sNg
+4NOFuWm0NDn4e+qrahTCTiSjbCU8rWixm0GktV40kdg0QAiFbEcRhuXF1s9/yojk
+7JT/nFg6LELjWUSSNZnioj5oSfVbThDRelIld9VaAKBAZZ5/zy6T2XSeDfoepytH
+8aw6itEuTCy1M1DTiTG+12SPPw+ubG+NqQIDAQAB
+-----END RSA PUBLIC KEY-----
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@ -0,0 +1,108 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+  imports = [
+    <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+  ];
+
+  krebs.build.host = config.krebs.hosts.wolf;
+  # TODO rename shared user to "krebs"
+  krebs.build.user = config.krebs.users.shared;
+  krebs.build.target = "wolf";
+
+  krebs.enable = true;
+  krebs.retiolum = {
+    enable = true;
+    connectTo = [
+      # TODO remove connectTo cd, this was only used for bootstrapping
+      "cd"
+      "gum"
+      "pigstarter"
+    ];
+  };
+
+  krebs.build.source = {
+    git.nixpkgs = {
+      url = https://github.com/NixOS/nixpkgs;
+      rev = "e916273209560b302ab231606babf5ce1c481f08";
+    };
+    dir.secrets = {
+      # TODO use current-host-name to determine secrets host
+      host = config.krebs.hosts.wu;
+      path = "${getEnv "HOME"}/secrets/krebs/wolf";
+    };
+    dir.stockholm = {
+      # TODO use current-host-name to determine stockholm host
+      host = config.krebs.hosts.wu;
+      path = "${getEnv "HOME"}/stockholm";
+    };
+  };
+
+  networking.hostName = config.krebs.build.host.name;
+
+  boot.kernel.sysctl = {
+    # Enable IPv6 Privacy Extensions
+    "net.ipv6.conf.all.use_tempaddr" = 2;
+    "net.ipv6.conf.default.use_tempaddr" = 2;
+  };
+
+  boot.initrd.availableKernelModules = [
+    "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk"
+  ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/vda";
+
+  fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; };
+
+  swapDevices = [
+    { device = "/dev/disk/by-label/swap"; }
+  ];
+
+  nix.maxJobs = 1;
+  nix.trustedBinaryCaches = [
+    "https://cache.nixos.org"
+    "http://cache.nixos.org"
+    "http://hydra.nixos.org"
+  ];
+  nix.useChroot = true;
+
+  nixpkgs.config.packageOverrides = pkgs: {
+    nano = pkgs.vim;
+  };
+
+  environment.systemPackages = with pkgs; [
+    git
+    rxvt_unicode.terminfo
+  ];
+
+  time.timeZone = "Europe/Berlin";
+
+  programs.ssh.startAgent = false;
+
+  services.openssh = {
+    enable = true;
+    hostKeys = [
+      { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+    ];
+  };
+  services.cron.enable = false;
+  services.nscd.enable = false;
+  services.ntp.enable = false;
+
+  users.mutableUsers = false;
+  users.extraUsers.root.openssh.authorizedKeys.keys = [
+    # TODO
+    config.krebs.users.lass.pubkey
+    config.krebs.users.makefu.pubkey
+    config.krebs.users.tv.pubkey
+  ];
+
+  # The NixOS release to be compatible with for stateful data such as databases.
+  system.stateVersion = "15.09";
+}
--- a/shared/3modules/default.nix
+++ b/shared/3modules/default.nix
@ -0,0 +1,5 @@
+# TODO don't require 3modules
+_:
+
+{
+}
--- a/shared/5pkgs/default.nix
+++ b/shared/5pkgs/default.nix
@ -0,0 +1,5 @@
+# TODO don't require 5pkgs
+_:
+
+{
+}