Merge remote-tracking branch 'cd/master'

This commit is contained in:
makefu 2016-02-28 02:26:44 +01:00
commit db72d5911f
14 changed files with 95 additions and 90 deletions

View File

@ -13,33 +13,34 @@ let
enable = mkEnableOption "krebs.nginx"; enable = mkEnableOption "krebs.nginx";
servers = mkOption { servers = mkOption {
type = with types; attrsOf optionSet; type = types.attrsOf (types.submodule {
options = singleton { options = {
server-names = mkOption { server-names = mkOption {
type = with types; listOf str; type = with types; listOf str;
# TODO use identity # TODO use identity
default = [ default = [
"${config.networking.hostName}" "${config.networking.hostName}"
"${config.networking.hostName}.retiolum" "${config.networking.hostName}.retiolum"
]; ];
};
listen = mkOption {
type = with types; either str (listOf str);
default = "80";
apply = x:
if typeOf x != "list"
then [x]
else x;
};
locations = mkOption {
type = with types; listOf (attrsOf str);
default = [];
};
extraConfig = mkOption {
type = with types; string;
default = "";
};
}; };
listen = mkOption { });
type = with types; either str (listOf str);
default = "80";
apply = x:
if typeOf x != "list"
then [x]
else x;
};
locations = mkOption {
type = with types; listOf (attrsOf str);
default = [];
};
extraConfig = mkOption {
type = with types; string;
default = "";
};
};
default = {}; default = {};
}; };
}; };

View File

@ -46,6 +46,7 @@ let
check = x: check = x:
isString x && isString x &&
match "[0-7][0-7][0-7][0-7]" x != null; match "[0-7][0-7][0-7][0-7]" x != null;
merge = mergeOneOption;
}; };
}; };
activate = mkOption { activate = mkOption {

View File

@ -104,7 +104,7 @@ with config.krebs.lib;
ire 60 IN A ${elemAt nets.internet.addrs4 0} ire 60 IN A ${elemAt nets.internet.addrs4 0}
''; '';
}; };
nets = { nets = rec {
internet = { internet = {
addrs4 = ["198.147.22.115"]; addrs4 = ["198.147.22.115"];
aliases = [ aliases = [
@ -115,6 +115,7 @@ with config.krebs.lib;
ssh.port = 11423; ssh.port = 11423;
}; };
retiolum = { retiolum = {
via = internet;
addrs4 = ["10.243.231.66"]; addrs4 = ["10.243.231.66"];
addrs6 = ["42:b912:0f42:a82d:0d27:8610:e89b:490c"]; addrs6 = ["42:b912:0f42:a82d:0d27:8610:e89b:490c"];
aliases = [ aliases = [
@ -286,7 +287,10 @@ with config.krebs.lib;
nets = { nets = {
gg23 = { gg23 = {
addrs4 = ["10.23.1.37"]; addrs4 = ["10.23.1.37"];
aliases = ["wu.gg23"]; aliases = [
"wu.gg23"
"cache.wu.gg23"
];
ssh.port = 11423; ssh.port = 11423;
}; };
retiolum = { retiolum = {

View File

@ -17,7 +17,7 @@ with config.krebs.lib;
}; };
push = pkgs.callPackage ./push { push = pkgs.callPackage ./push {
inherit (subdirs) get jq; inherit (subdirs) get;
}; };
ReaktorPlugins = pkgs.callPackage ./Reaktor/plugins.nix {}; ReaktorPlugins = pkgs.callPackage ./Reaktor/plugins.nix {};

View File

@ -1,33 +0,0 @@
{stdenv, fetchurl}:
let
s = # Generated upstream information
rec {
baseName="jq";
version="1.5";
name="${baseName}-${version}";
url=https://github.com/stedolan/jq/releases/download/jq-1.5/jq-1.5.tar.gz;
sha256="0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4";
};
buildInputs = [
];
in
stdenv.mkDerivation {
inherit (s) name version;
inherit buildInputs;
src = fetchurl {
inherit (s) url sha256;
};
# jq is linked to libjq:
configureFlags = [
"LDFLAGS=-Wl,-rpath,\\\${libdir}"
];
meta = {
inherit (s) version;
description = ''A lightweight and flexible command-line JSON processor'';
license = stdenv.lib.licenses.mit ;
maintainers = [stdenv.lib.maintainers.raskin];
platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
};
}

View File

@ -15,6 +15,7 @@ with config.krebs.lib;
../2configs/nginx-public_html.nix ../2configs/nginx-public_html.nix
../2configs/pulse.nix ../2configs/pulse.nix
../2configs/retiolum.nix ../2configs/retiolum.nix
../2configs/wu-binary-cache/client.nix
../2configs/xserver ../2configs/xserver
]; ];

View File

@ -16,6 +16,7 @@ with config.krebs.lib;
../2configs/nginx-public_html.nix ../2configs/nginx-public_html.nix
../2configs/pulse.nix ../2configs/pulse.nix
../2configs/retiolum.nix ../2configs/retiolum.nix
../2configs/wu-binary-cache
../2configs/xserver ../2configs/xserver
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -126,12 +127,12 @@ with config.krebs.lib;
"/" = { "/" = {
device = "/dev/mapper/vg840-wuroot"; device = "/dev/mapper/vg840-wuroot";
fsType = "btrfs"; fsType = "btrfs";
options = "defaults,noatime,ssd,compress=lzo"; options = ["defaults" "noatime" "ssd" "compress=lzo"];
}; };
"/home" = { "/home" = {
device = "/dev/mapper/home"; device = "/dev/mapper/home";
fsType = "btrfs"; fsType = "btrfs";
options = "defaults,noatime,ssd,compress=lzo"; options = ["defaults" "noatime" "ssd" "compress=lzo"];
}; };
"/boot" = { "/boot" = {
device = "/dev/sda1"; device = "/dev/sda1";
@ -139,7 +140,7 @@ with config.krebs.lib;
"/tmp" = { "/tmp" = {
device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
options = "nosuid,nodev,noatime"; options = ["nosuid" "nodev" "noatime"];
}; };
}; };

View File

@ -15,6 +15,7 @@ with config.krebs.lib;
../2configs/nginx-public_html.nix ../2configs/nginx-public_html.nix
../2configs/pulse.nix ../2configs/pulse.nix
../2configs/retiolum.nix ../2configs/retiolum.nix
../2configs/wu-binary-cache/client.nix
../2configs/xserver ../2configs/xserver
../2configs/xu-qemu0.nix ../2configs/xu-qemu0.nix
{ {
@ -137,12 +138,12 @@ with config.krebs.lib;
"/" = { "/" = {
device = "/dev/mapper/xuvga-root"; device = "/dev/mapper/xuvga-root";
fsType = "btrfs"; fsType = "btrfs";
options = "defaults,noatime,ssd,compress=lzo"; options = ["defaults" "noatime" "ssd" "compress=lzo"];
}; };
"/home" = { "/home" = {
device = "/dev/mapper/xuvga-home"; device = "/dev/mapper/xuvga-home";
fsType = "btrfs"; fsType = "btrfs";
options = "defaults,noatime,ssd,compress=lzo"; options = ["defaults" "noatime" "ssd" "compress=lzo"];
}; };
"/boot" = { "/boot" = {
device = "/dev/sda1"; device = "/dev/sda1";
@ -150,7 +151,7 @@ with config.krebs.lib;
"/tmp" = { "/tmp" = {
device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
options = "nosuid,nodev,noatime"; options = ["nosuid" "nodev" "noatime"];
}; };
}; };

View File

@ -14,8 +14,7 @@ with config.krebs.lib;
stockholm = "/home/tv/stockholm"; stockholm = "/home/tv/stockholm";
nixpkgs = { nixpkgs = {
url = https://github.com/NixOS/nixpkgs; url = https://github.com/NixOS/nixpkgs;
rev = "77f8f35d57618c1ba456d968524f2fb2c3448295"; rev = "40c586b7ce2c559374df435f46d673baf711c543";
dev = "/home/tv/nixpkgs";
}; };
} // optionalAttrs config.krebs.build.host.secure { } // optionalAttrs config.krebs.build.host.secure {
secrets-master = "/home/tv/secrets/master"; secrets-master = "/home/tv/secrets/master";
@ -49,20 +48,20 @@ with config.krebs.lib;
} }
{ {
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
Defaults env_keep+="SSH_CLIENT"
Defaults mailto="${config.krebs.users.tv.mail}" Defaults mailto="${config.krebs.users.tv.mail}"
Defaults !lecture Defaults !lecture
''; '';
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
} }
{ {
# TODO check if both are required: # TODO check if both are required:
nix.chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ]; nix.chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
nix.trustedBinaryCaches = [ nix.requireSignedBinaryCaches = true;
"https://cache.nixos.org"
"http://cache.nixos.org" nix.binaryCaches = ["https://cache.nixos.org"];
"http://hydra.nixos.org"
];
nix.useChroot = true; nix.useChroot = true;
} }
@ -177,12 +176,6 @@ with config.krebs.lib;
tv.iptables.input-internet-accept-new-tcp = singleton "ssh"; tv.iptables.input-internet-accept-new-tcp = singleton "ssh";
} }
{
# TODO: exim
security.setuidPrograms = [
"sendmail" # for sudo
];
}
{ {
environment.systemPackages = [ environment.systemPackages = [
pkgs.get pkgs.get

View File

@ -4,5 +4,9 @@ with config.krebs.lib;
{ {
krebs.exim-retiolum.enable = true; krebs.exim-retiolum.enable = true;
krebs.setuid.sendmail = {
filename = "${pkgs.exim}/bin/exim";
mode = "4111";
};
tv.iptables.input-retiolum-accept-new-tcp = singleton "smtp"; tv.iptables.input-retiolum-accept-new-tcp = singleton "smtp";
} }

View File

@ -40,5 +40,9 @@ with config.krebs.lib;
{ from = "mirko"; to = "mv"; } { from = "mirko"; to = "mv"; }
]; ];
}; };
krebs.setuid.sendmail = {
filename = "${pkgs.exim}/bin/exim";
mode = "4111";
};
tv.iptables.input-internet-accept-new-tcp = singleton "smtp"; tv.iptables.input-internet-accept-new-tcp = singleton "smtp";
} }

View File

@ -13,21 +13,17 @@ let
environment.variables.VIMINIT = ":so /etc/vimrc"; environment.variables.VIMINIT = ":so /etc/vimrc";
}; };
extra-runtimepath = let extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
inherit (pkgs.vimUtils) buildVimPlugin rtpPath; pkgs.vimPlugins.undotree
fromVimPlugins = pkgs: concatStringsSep "," (pkgs.vimUtils.buildVimPlugin {
(mapAttrsToList (name: pkg: "${pkg}/${rtpPath}/${name}") pkgs);
in fromVimPlugins {
inherit (pkgs.vimPlugins) undotree;
file-line = buildVimPlugin {
name = "file-line-1.0"; name = "file-line-1.0";
src = pkgs.fetchgit { src = pkgs.fetchgit {
url = git://github.com/bogado/file-line; url = git://github.com/bogado/file-line;
rev = "refs/tags/1.0"; rev = "refs/tags/1.0";
sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
}; };
}; })
}; ];
dirs = { dirs = {
backupdir = "$HOME/.cache/vim/backup"; backupdir = "$HOME/.cache/vim/backup";

View File

@ -0,0 +1,7 @@
_:
{
nix = {
binaryCaches = ["http://cache.wu.gg23"];
binaryCachePublicKeys = ["cache.wu-1:cdhA201O2R2Ect463vhJFmhpMaNyT/tOvzYvtceT9q8="];
};
}

View File

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }: with config.krebs.lib;
{
services.nix-serve = assert config.krebs.build.host.name == "wu"; {
enable = true;
secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
};
systemd.services.nix-serve = {
requires = ["secret.service"];
after = ["secret.service"];
};
krebs.secret.files.nix-serve-key = {
path = "/run/secret/nix-serve.key";
owner.name = "nix-serve";
source-path = toString <secrets> + "/nix-serve.key";
};
krebs.nginx = {
enable = true;
servers.nix-serve = {
server-names = [ "cache.wu.gg23" ];
locations = singleton (nameValuePair "/" ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
'');
};
};
}