Merge remote-tracking branch 'cd/master'
This commit is contained in:
commit
db72d5911f
@ -13,33 +13,34 @@ let
|
||||
enable = mkEnableOption "krebs.nginx";
|
||||
|
||||
servers = mkOption {
|
||||
type = with types; attrsOf optionSet;
|
||||
options = singleton {
|
||||
server-names = mkOption {
|
||||
type = with types; listOf str;
|
||||
# TODO use identity
|
||||
default = [
|
||||
"${config.networking.hostName}"
|
||||
"${config.networking.hostName}.retiolum"
|
||||
];
|
||||
type = types.attrsOf (types.submodule {
|
||||
options = {
|
||||
server-names = mkOption {
|
||||
type = with types; listOf str;
|
||||
# TODO use identity
|
||||
default = [
|
||||
"${config.networking.hostName}"
|
||||
"${config.networking.hostName}.retiolum"
|
||||
];
|
||||
};
|
||||
listen = mkOption {
|
||||
type = with types; either str (listOf str);
|
||||
default = "80";
|
||||
apply = x:
|
||||
if typeOf x != "list"
|
||||
then [x]
|
||||
else x;
|
||||
};
|
||||
locations = mkOption {
|
||||
type = with types; listOf (attrsOf str);
|
||||
default = [];
|
||||
};
|
||||
extraConfig = mkOption {
|
||||
type = with types; string;
|
||||
default = "";
|
||||
};
|
||||
};
|
||||
listen = mkOption {
|
||||
type = with types; either str (listOf str);
|
||||
default = "80";
|
||||
apply = x:
|
||||
if typeOf x != "list"
|
||||
then [x]
|
||||
else x;
|
||||
};
|
||||
locations = mkOption {
|
||||
type = with types; listOf (attrsOf str);
|
||||
default = [];
|
||||
};
|
||||
extraConfig = mkOption {
|
||||
type = with types; string;
|
||||
default = "";
|
||||
};
|
||||
};
|
||||
});
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
|
@ -46,6 +46,7 @@ let
|
||||
check = x:
|
||||
isString x &&
|
||||
match "[0-7][0-7][0-7][0-7]" x != null;
|
||||
merge = mergeOneOption;
|
||||
};
|
||||
};
|
||||
activate = mkOption {
|
||||
|
@ -104,7 +104,7 @@ with config.krebs.lib;
|
||||
ire 60 IN A ${elemAt nets.internet.addrs4 0}
|
||||
'';
|
||||
};
|
||||
nets = {
|
||||
nets = rec {
|
||||
internet = {
|
||||
addrs4 = ["198.147.22.115"];
|
||||
aliases = [
|
||||
@ -115,6 +115,7 @@ with config.krebs.lib;
|
||||
ssh.port = 11423;
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
addrs4 = ["10.243.231.66"];
|
||||
addrs6 = ["42:b912:0f42:a82d:0d27:8610:e89b:490c"];
|
||||
aliases = [
|
||||
@ -286,7 +287,10 @@ with config.krebs.lib;
|
||||
nets = {
|
||||
gg23 = {
|
||||
addrs4 = ["10.23.1.37"];
|
||||
aliases = ["wu.gg23"];
|
||||
aliases = [
|
||||
"wu.gg23"
|
||||
"cache.wu.gg23"
|
||||
];
|
||||
ssh.port = 11423;
|
||||
};
|
||||
retiolum = {
|
||||
|
@ -17,7 +17,7 @@ with config.krebs.lib;
|
||||
};
|
||||
|
||||
push = pkgs.callPackage ./push {
|
||||
inherit (subdirs) get jq;
|
||||
inherit (subdirs) get;
|
||||
};
|
||||
|
||||
ReaktorPlugins = pkgs.callPackage ./Reaktor/plugins.nix {};
|
||||
|
@ -1,33 +0,0 @@
|
||||
{stdenv, fetchurl}:
|
||||
let
|
||||
s = # Generated upstream information
|
||||
rec {
|
||||
baseName="jq";
|
||||
version="1.5";
|
||||
name="${baseName}-${version}";
|
||||
url=https://github.com/stedolan/jq/releases/download/jq-1.5/jq-1.5.tar.gz;
|
||||
sha256="0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4";
|
||||
};
|
||||
buildInputs = [
|
||||
];
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
inherit (s) name version;
|
||||
inherit buildInputs;
|
||||
src = fetchurl {
|
||||
inherit (s) url sha256;
|
||||
};
|
||||
|
||||
# jq is linked to libjq:
|
||||
configureFlags = [
|
||||
"LDFLAGS=-Wl,-rpath,\\\${libdir}"
|
||||
];
|
||||
meta = {
|
||||
inherit (s) version;
|
||||
description = ''A lightweight and flexible command-line JSON processor'';
|
||||
license = stdenv.lib.licenses.mit ;
|
||||
maintainers = [stdenv.lib.maintainers.raskin];
|
||||
platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
|
||||
};
|
||||
}
|
||||
|
@ -15,6 +15,7 @@ with config.krebs.lib;
|
||||
../2configs/nginx-public_html.nix
|
||||
../2configs/pulse.nix
|
||||
../2configs/retiolum.nix
|
||||
../2configs/wu-binary-cache/client.nix
|
||||
../2configs/xserver
|
||||
];
|
||||
|
||||
|
@ -16,6 +16,7 @@ with config.krebs.lib;
|
||||
../2configs/nginx-public_html.nix
|
||||
../2configs/pulse.nix
|
||||
../2configs/retiolum.nix
|
||||
../2configs/wu-binary-cache
|
||||
../2configs/xserver
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
@ -126,12 +127,12 @@ with config.krebs.lib;
|
||||
"/" = {
|
||||
device = "/dev/mapper/vg840-wuroot";
|
||||
fsType = "btrfs";
|
||||
options = "defaults,noatime,ssd,compress=lzo";
|
||||
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||
};
|
||||
"/home" = {
|
||||
device = "/dev/mapper/home";
|
||||
fsType = "btrfs";
|
||||
options = "defaults,noatime,ssd,compress=lzo";
|
||||
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/sda1";
|
||||
@ -139,7 +140,7 @@ with config.krebs.lib;
|
||||
"/tmp" = {
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
options = "nosuid,nodev,noatime";
|
||||
options = ["nosuid" "nodev" "noatime"];
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -15,6 +15,7 @@ with config.krebs.lib;
|
||||
../2configs/nginx-public_html.nix
|
||||
../2configs/pulse.nix
|
||||
../2configs/retiolum.nix
|
||||
../2configs/wu-binary-cache/client.nix
|
||||
../2configs/xserver
|
||||
../2configs/xu-qemu0.nix
|
||||
{
|
||||
@ -137,12 +138,12 @@ with config.krebs.lib;
|
||||
"/" = {
|
||||
device = "/dev/mapper/xuvga-root";
|
||||
fsType = "btrfs";
|
||||
options = "defaults,noatime,ssd,compress=lzo";
|
||||
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||
};
|
||||
"/home" = {
|
||||
device = "/dev/mapper/xuvga-home";
|
||||
fsType = "btrfs";
|
||||
options = "defaults,noatime,ssd,compress=lzo";
|
||||
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/sda1";
|
||||
@ -150,7 +151,7 @@ with config.krebs.lib;
|
||||
"/tmp" = {
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
options = "nosuid,nodev,noatime";
|
||||
options = ["nosuid" "nodev" "noatime"];
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -14,8 +14,7 @@ with config.krebs.lib;
|
||||
stockholm = "/home/tv/stockholm";
|
||||
nixpkgs = {
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
rev = "77f8f35d57618c1ba456d968524f2fb2c3448295";
|
||||
dev = "/home/tv/nixpkgs";
|
||||
rev = "40c586b7ce2c559374df435f46d673baf711c543";
|
||||
};
|
||||
} // optionalAttrs config.krebs.build.host.secure {
|
||||
secrets-master = "/home/tv/secrets/master";
|
||||
@ -49,20 +48,20 @@ with config.krebs.lib;
|
||||
}
|
||||
{
|
||||
security.sudo.extraConfig = ''
|
||||
Defaults env_keep+="SSH_CLIENT"
|
||||
Defaults mailto="${config.krebs.users.tv.mail}"
|
||||
Defaults !lecture
|
||||
'';
|
||||
time.timeZone = "Europe/Berlin";
|
||||
}
|
||||
|
||||
{
|
||||
# TODO check if both are required:
|
||||
nix.chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
|
||||
|
||||
nix.trustedBinaryCaches = [
|
||||
"https://cache.nixos.org"
|
||||
"http://cache.nixos.org"
|
||||
"http://hydra.nixos.org"
|
||||
];
|
||||
nix.requireSignedBinaryCaches = true;
|
||||
|
||||
nix.binaryCaches = ["https://cache.nixos.org"];
|
||||
|
||||
nix.useChroot = true;
|
||||
}
|
||||
@ -177,12 +176,6 @@ with config.krebs.lib;
|
||||
tv.iptables.input-internet-accept-new-tcp = singleton "ssh";
|
||||
}
|
||||
|
||||
{
|
||||
# TODO: exim
|
||||
security.setuidPrograms = [
|
||||
"sendmail" # for sudo
|
||||
];
|
||||
}
|
||||
{
|
||||
environment.systemPackages = [
|
||||
pkgs.get
|
||||
|
@ -4,5 +4,9 @@ with config.krebs.lib;
|
||||
|
||||
{
|
||||
krebs.exim-retiolum.enable = true;
|
||||
krebs.setuid.sendmail = {
|
||||
filename = "${pkgs.exim}/bin/exim";
|
||||
mode = "4111";
|
||||
};
|
||||
tv.iptables.input-retiolum-accept-new-tcp = singleton "smtp";
|
||||
}
|
||||
|
@ -40,5 +40,9 @@ with config.krebs.lib;
|
||||
{ from = "mirko"; to = "mv"; }
|
||||
];
|
||||
};
|
||||
krebs.setuid.sendmail = {
|
||||
filename = "${pkgs.exim}/bin/exim";
|
||||
mode = "4111";
|
||||
};
|
||||
tv.iptables.input-internet-accept-new-tcp = singleton "smtp";
|
||||
}
|
||||
|
@ -13,21 +13,17 @@ let
|
||||
environment.variables.VIMINIT = ":so /etc/vimrc";
|
||||
};
|
||||
|
||||
extra-runtimepath = let
|
||||
inherit (pkgs.vimUtils) buildVimPlugin rtpPath;
|
||||
fromVimPlugins = pkgs: concatStringsSep ","
|
||||
(mapAttrsToList (name: pkg: "${pkg}/${rtpPath}/${name}") pkgs);
|
||||
in fromVimPlugins {
|
||||
inherit (pkgs.vimPlugins) undotree;
|
||||
file-line = buildVimPlugin {
|
||||
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
|
||||
pkgs.vimPlugins.undotree
|
||||
(pkgs.vimUtils.buildVimPlugin {
|
||||
name = "file-line-1.0";
|
||||
src = pkgs.fetchgit {
|
||||
url = git://github.com/bogado/file-line;
|
||||
rev = "refs/tags/1.0";
|
||||
sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
|
||||
};
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
|
||||
dirs = {
|
||||
backupdir = "$HOME/.cache/vim/backup";
|
||||
|
7
tv/2configs/wu-binary-cache/client.nix
Normal file
7
tv/2configs/wu-binary-cache/client.nix
Normal file
@ -0,0 +1,7 @@
|
||||
_:
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = ["http://cache.wu.gg23"];
|
||||
binaryCachePublicKeys = ["cache.wu-1:cdhA201O2R2Ect463vhJFmhpMaNyT/tOvzYvtceT9q8="];
|
||||
};
|
||||
}
|
25
tv/2configs/wu-binary-cache/default.nix
Normal file
25
tv/2configs/wu-binary-cache/default.nix
Normal file
@ -0,0 +1,25 @@
|
||||
{ config, lib, pkgs, ... }: with config.krebs.lib;
|
||||
{
|
||||
services.nix-serve = assert config.krebs.build.host.name == "wu"; {
|
||||
enable = true;
|
||||
secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
|
||||
};
|
||||
systemd.services.nix-serve = {
|
||||
requires = ["secret.service"];
|
||||
after = ["secret.service"];
|
||||
};
|
||||
krebs.secret.files.nix-serve-key = {
|
||||
path = "/run/secret/nix-serve.key";
|
||||
owner.name = "nix-serve";
|
||||
source-path = toString <secrets> + "/nix-serve.key";
|
||||
};
|
||||
krebs.nginx = {
|
||||
enable = true;
|
||||
servers.nix-serve = {
|
||||
server-names = [ "cache.wu.gg23" ];
|
||||
locations = singleton (nameValuePair "/" ''
|
||||
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
||||
'');
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user