Merge remote-tracking branch 'cd/master'

This commit is contained in:
makefu 2016-02-28 02:26:44 +01:00
commit db72d5911f
14 changed files with 95 additions and 90 deletions

View File

@ -13,33 +13,34 @@ let
enable = mkEnableOption "krebs.nginx";
servers = mkOption {
type = with types; attrsOf optionSet;
options = singleton {
server-names = mkOption {
type = with types; listOf str;
# TODO use identity
default = [
"${config.networking.hostName}"
"${config.networking.hostName}.retiolum"
];
type = types.attrsOf (types.submodule {
options = {
server-names = mkOption {
type = with types; listOf str;
# TODO use identity
default = [
"${config.networking.hostName}"
"${config.networking.hostName}.retiolum"
];
};
listen = mkOption {
type = with types; either str (listOf str);
default = "80";
apply = x:
if typeOf x != "list"
then [x]
else x;
};
locations = mkOption {
type = with types; listOf (attrsOf str);
default = [];
};
extraConfig = mkOption {
type = with types; string;
default = "";
};
};
listen = mkOption {
type = with types; either str (listOf str);
default = "80";
apply = x:
if typeOf x != "list"
then [x]
else x;
};
locations = mkOption {
type = with types; listOf (attrsOf str);
default = [];
};
extraConfig = mkOption {
type = with types; string;
default = "";
};
};
});
default = {};
};
};

View File

@ -46,6 +46,7 @@ let
check = x:
isString x &&
match "[0-7][0-7][0-7][0-7]" x != null;
merge = mergeOneOption;
};
};
activate = mkOption {

View File

@ -104,7 +104,7 @@ with config.krebs.lib;
ire 60 IN A ${elemAt nets.internet.addrs4 0}
'';
};
nets = {
nets = rec {
internet = {
addrs4 = ["198.147.22.115"];
aliases = [
@ -115,6 +115,7 @@ with config.krebs.lib;
ssh.port = 11423;
};
retiolum = {
via = internet;
addrs4 = ["10.243.231.66"];
addrs6 = ["42:b912:0f42:a82d:0d27:8610:e89b:490c"];
aliases = [
@ -286,7 +287,10 @@ with config.krebs.lib;
nets = {
gg23 = {
addrs4 = ["10.23.1.37"];
aliases = ["wu.gg23"];
aliases = [
"wu.gg23"
"cache.wu.gg23"
];
ssh.port = 11423;
};
retiolum = {

View File

@ -17,7 +17,7 @@ with config.krebs.lib;
};
push = pkgs.callPackage ./push {
inherit (subdirs) get jq;
inherit (subdirs) get;
};
ReaktorPlugins = pkgs.callPackage ./Reaktor/plugins.nix {};

View File

@ -1,33 +0,0 @@
{stdenv, fetchurl}:
let
s = # Generated upstream information
rec {
baseName="jq";
version="1.5";
name="${baseName}-${version}";
url=https://github.com/stedolan/jq/releases/download/jq-1.5/jq-1.5.tar.gz;
sha256="0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4";
};
buildInputs = [
];
in
stdenv.mkDerivation {
inherit (s) name version;
inherit buildInputs;
src = fetchurl {
inherit (s) url sha256;
};
# jq is linked to libjq:
configureFlags = [
"LDFLAGS=-Wl,-rpath,\\\${libdir}"
];
meta = {
inherit (s) version;
description = ''A lightweight and flexible command-line JSON processor'';
license = stdenv.lib.licenses.mit ;
maintainers = [stdenv.lib.maintainers.raskin];
platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
};
}

View File

@ -15,6 +15,7 @@ with config.krebs.lib;
../2configs/nginx-public_html.nix
../2configs/pulse.nix
../2configs/retiolum.nix
../2configs/wu-binary-cache/client.nix
../2configs/xserver
];

View File

@ -16,6 +16,7 @@ with config.krebs.lib;
../2configs/nginx-public_html.nix
../2configs/pulse.nix
../2configs/retiolum.nix
../2configs/wu-binary-cache
../2configs/xserver
{
environment.systemPackages = with pkgs; [
@ -126,12 +127,12 @@ with config.krebs.lib;
"/" = {
device = "/dev/mapper/vg840-wuroot";
fsType = "btrfs";
options = "defaults,noatime,ssd,compress=lzo";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/home" = {
device = "/dev/mapper/home";
fsType = "btrfs";
options = "defaults,noatime,ssd,compress=lzo";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/boot" = {
device = "/dev/sda1";
@ -139,7 +140,7 @@ with config.krebs.lib;
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = "nosuid,nodev,noatime";
options = ["nosuid" "nodev" "noatime"];
};
};

View File

@ -15,6 +15,7 @@ with config.krebs.lib;
../2configs/nginx-public_html.nix
../2configs/pulse.nix
../2configs/retiolum.nix
../2configs/wu-binary-cache/client.nix
../2configs/xserver
../2configs/xu-qemu0.nix
{
@ -137,12 +138,12 @@ with config.krebs.lib;
"/" = {
device = "/dev/mapper/xuvga-root";
fsType = "btrfs";
options = "defaults,noatime,ssd,compress=lzo";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/home" = {
device = "/dev/mapper/xuvga-home";
fsType = "btrfs";
options = "defaults,noatime,ssd,compress=lzo";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/boot" = {
device = "/dev/sda1";
@ -150,7 +151,7 @@ with config.krebs.lib;
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = "nosuid,nodev,noatime";
options = ["nosuid" "nodev" "noatime"];
};
};

View File

@ -14,8 +14,7 @@ with config.krebs.lib;
stockholm = "/home/tv/stockholm";
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
rev = "77f8f35d57618c1ba456d968524f2fb2c3448295";
dev = "/home/tv/nixpkgs";
rev = "40c586b7ce2c559374df435f46d673baf711c543";
};
} // optionalAttrs config.krebs.build.host.secure {
secrets-master = "/home/tv/secrets/master";
@ -49,20 +48,20 @@ with config.krebs.lib;
}
{
security.sudo.extraConfig = ''
Defaults env_keep+="SSH_CLIENT"
Defaults mailto="${config.krebs.users.tv.mail}"
Defaults !lecture
'';
time.timeZone = "Europe/Berlin";
}
{
# TODO check if both are required:
nix.chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
nix.trustedBinaryCaches = [
"https://cache.nixos.org"
"http://cache.nixos.org"
"http://hydra.nixos.org"
];
nix.requireSignedBinaryCaches = true;
nix.binaryCaches = ["https://cache.nixos.org"];
nix.useChroot = true;
}
@ -177,12 +176,6 @@ with config.krebs.lib;
tv.iptables.input-internet-accept-new-tcp = singleton "ssh";
}
{
# TODO: exim
security.setuidPrograms = [
"sendmail" # for sudo
];
}
{
environment.systemPackages = [
pkgs.get

View File

@ -4,5 +4,9 @@ with config.krebs.lib;
{
krebs.exim-retiolum.enable = true;
krebs.setuid.sendmail = {
filename = "${pkgs.exim}/bin/exim";
mode = "4111";
};
tv.iptables.input-retiolum-accept-new-tcp = singleton "smtp";
}

View File

@ -40,5 +40,9 @@ with config.krebs.lib;
{ from = "mirko"; to = "mv"; }
];
};
krebs.setuid.sendmail = {
filename = "${pkgs.exim}/bin/exim";
mode = "4111";
};
tv.iptables.input-internet-accept-new-tcp = singleton "smtp";
}

View File

@ -13,21 +13,17 @@ let
environment.variables.VIMINIT = ":so /etc/vimrc";
};
extra-runtimepath = let
inherit (pkgs.vimUtils) buildVimPlugin rtpPath;
fromVimPlugins = pkgs: concatStringsSep ","
(mapAttrsToList (name: pkg: "${pkg}/${rtpPath}/${name}") pkgs);
in fromVimPlugins {
inherit (pkgs.vimPlugins) undotree;
file-line = buildVimPlugin {
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
pkgs.vimPlugins.undotree
(pkgs.vimUtils.buildVimPlugin {
name = "file-line-1.0";
src = pkgs.fetchgit {
url = git://github.com/bogado/file-line;
rev = "refs/tags/1.0";
sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
};
};
};
})
];
dirs = {
backupdir = "$HOME/.cache/vim/backup";

View File

@ -0,0 +1,7 @@
_:
{
nix = {
binaryCaches = ["http://cache.wu.gg23"];
binaryCachePublicKeys = ["cache.wu-1:cdhA201O2R2Ect463vhJFmhpMaNyT/tOvzYvtceT9q8="];
};
}

View File

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }: with config.krebs.lib;
{
services.nix-serve = assert config.krebs.build.host.name == "wu"; {
enable = true;
secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
};
systemd.services.nix-serve = {
requires = ["secret.service"];
after = ["secret.service"];
};
krebs.secret.files.nix-serve-key = {
path = "/run/secret/nix-serve.key";
owner.name = "nix-serve";
source-path = toString <secrets> + "/nix-serve.key";
};
krebs.nginx = {
enable = true;
servers.nix-serve = {
server-names = [ "cache.wu.gg23" ];
locations = singleton (nameValuePair "/" ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
'');
};
};
}