Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'cd/master'

Browse Source
This commit is contained in:
lassulus 2016-04-09 00:49:56 +02:00
commit e57841421b
42 changed files with 623 additions and 325 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
krebs/3modules/lass/default.nix
View File

@ -8,15 +8,15 @@ with config.krebs.lib;
cores = 4; cores = 4;
nets = rec { nets = rec {
internet = { internet = {
addrs4 = ["144.76.172.188"]; ip4.addr = "144.76.172.188";
aliases = [ aliases = [
"dishfire.internet" "dishfire.internet"
]; ];
}; };
retiolum = { retiolum = {
via = internet; via = internet;
addrs4 = ["10.243.133.99"]; ip4.addr = "10.243.133.99";
addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"]; ip6.addr = "42:0000:0000:0000:0000:0000:d15f:1233";
aliases = [ aliases = [
"dishfire.retiolum" "dishfire.retiolum"
"dishfire.r" "dishfire.r"
@ -40,15 +40,15 @@ with config.krebs.lib;
cores = 2; cores = 2;
nets = rec { nets = rec {
internet = { internet = {
addrs4 = ["162.252.241.33"]; ip4.addr = "162.252.241.33";
aliases = [ aliases = [
"echelon.internet" "echelon.internet"
]; ];
}; };
retiolum = { retiolum = {
via = internet; via = internet;
addrs4 = ["10.243.206.103"]; ip4.addr = "10.243.206.103";
addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f763"]; ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f763";
aliases = [ aliases = [
"echelon.retiolum" "echelon.retiolum"
"echelon.r" "echelon.r"
@ -75,15 +75,15 @@ with config.krebs.lib;
cores = 4; cores = 4;
nets = rec { nets = rec {
internet = { internet = {
addrs4 = ["213.239.205.240"]; ip4.addr = "213.239.205.240";
aliases = [ aliases = [
"prism.internet" "prism.internet"
]; ];
}; };
retiolum = { retiolum = {
via = internet; via = internet;
addrs4 = ["10.243.0.103"]; ip4.addr = "10.243.0.103";
addrs6 = ["42:0000:0000:0000:0000:0000:0000:15ab"]; ip6.addr = "42:0000:0000:0000:0000:0000:0000:15ab";
aliases = [ aliases = [
"prism.retiolum" "prism.retiolum"
"prism.r" "prism.r"
@ -107,15 +107,15 @@ with config.krebs.lib;
fastpoke = { fastpoke = {
nets = rec { nets = rec {
internet = { internet = {
addrs4 = ["193.22.164.36"]; ip4.addr = "193.22.164.36";
aliases = [ aliases = [
"fastpoke.internet" "fastpoke.internet"
]; ];
}; };
retiolum = { retiolum = {
via = internet; via = internet;
addrs4 = ["10.243.253.152"]; ip4.addr = "10.243.253.152";
addrs6 = ["42:422a:194f:ff3b:e196:2f82:5cf5:bc00"]; ip6.addr = "42:422a:194f:ff3b:e196:2f82:5cf5:bc00";
aliases = [ aliases = [
"fastpoke.retiolum" "fastpoke.retiolum"
"fastpoke.r" "fastpoke.r"
@ -139,15 +139,15 @@ with config.krebs.lib;
cores = 1; cores = 1;
nets = rec { nets = rec {
internet = { internet = {
addrs4 = ["104.167.113.104"]; ip4.addr = "104.167.113.104";
aliases = [ aliases = [
"cloudkrebs.internet" "cloudkrebs.internet"
]; ];
}; };
retiolum = { retiolum = {
via = internet; via = internet;
addrs4 = ["10.243.206.102"]; ip4.addr = "10.243.206.102";
addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f762"]; ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f762";
aliases = [ aliases = [
"cloudkrebs.retiolum" "cloudkrebs.retiolum"
"cloudkrebs.r" "cloudkrebs.r"
@ -172,12 +172,12 @@ with config.krebs.lib;
cores = 1; cores = 1;
nets = { nets = {
gg23 = { gg23 = {
addrs4 = ["10.23.1.12"]; ip4.addr = "10.23.1.12";
aliases = ["uriel.gg23"]; aliases = ["uriel.gg23"];
}; };
retiolum = { retiolum = {
addrs4 = ["10.243.81.176"]; ip4.addr = "10.243.81.176";
addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"]; ip6.addr = "42:dc25:60cf:94ef:759b:d2b6:98a9:2e56";
aliases = [ aliases = [
"uriel.retiolum" "uriel.retiolum"
"uriel.r" "uriel.r"
@ -203,12 +203,12 @@ with config.krebs.lib;
cores = 2; cores = 2;
nets = { nets = {
gg23 = { gg23 = {
addrs4 = ["10.23.1.11"]; ip4.addr = "10.23.1.11";
aliases = ["mors.gg23"]; aliases = ["mors.gg23"];
}; };
retiolum = { retiolum = {
addrs4 = ["10.243.0.2"]; ip4.addr = "10.243.0.2";
addrs6 = ["42:0:0:0:0:0:0:dea7"]; ip6.addr = "42:0:0:0:0:0:0:dea7";
aliases = [ aliases = [
"mors.retiolum" "mors.retiolum"
"mors.r" "mors.r"
@ -234,8 +234,8 @@ with config.krebs.lib;
cores = 2; cores = 2;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.0.3"]; ip4.addr = "10.243.0.3";
addrs6 = ["42:0:0:0:0:0:0:7105"]; ip6.addr = "42:0:0:0:0:0:0:7105";
aliases = [ aliases = [
"helios.retiolum" "helios.retiolum"
"helios.r" "helios.r"

145
krebs/3modules/makefu/default.nix
View File

@ -8,8 +8,8 @@ with config.krebs.lib;
cores = 1; cores = 1;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.0.210"]; ip4.addr = "10.243.0.210";
addrs6 = ["42:f9f1:0000:0000:0000:0000:0000:0001"]; ip6.addr = "42:f9f1:0000:0000:0000:0000:0000:0001";
aliases = [ aliases = [
"pnp.retiolum" "pnp.retiolum"
"cgit.pnp.retiolum" "cgit.pnp.retiolum"
@ -31,8 +31,8 @@ with config.krebs.lib;
cores = 4; cores = 4;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.0.84"]; ip4.addr = "10.243.0.84";
addrs6 = ["42:ff6b:5f0b:460d:2cee:4d05:73f7:5566"]; ip6.addr = "42:ff6b:5f0b:460d:2cee:4d05:73f7:5566";
aliases = [ aliases = [
"darth.retiolum" "darth.retiolum"
"darth.r" "darth.r"
@ -54,8 +54,8 @@ with config.krebs.lib;
cores = 1; cores = 1;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.0.212"]; ip4.addr = "10.243.0.212";
addrs6 = ["42:f9f1:0000:0000:0000:0000:0000:0002"]; ip6.addr = "42:f9f1:0000:0000:0000:0000:0000:0002";
aliases = [ aliases = [
"tsp.retiolum" "tsp.retiolum"
]; ];
@ -81,8 +81,8 @@ with config.krebs.lib;
cores = 2; cores = 2;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.0.91"]; ip4.addr = "10.243.0.91";
addrs6 = ["42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"]; ip6.addr = "42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db";
aliases = [ aliases = [
"pornocauster.retiolum" "pornocauster.retiolum"
"pornocauster.r" "pornocauster.r"
@ -108,8 +108,8 @@ with config.krebs.lib;
cores = 2; cores = 2;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.1.91"]; ip4.addr = "10.243.1.91";
addrs6 = ["42:0b2c:d90e:e717:03dd:9ac1:0000:a400"]; ip6.addr = "42:0b2c:d90e:e717:03dd:9ac1:0000:a400";
aliases = [ aliases = [
"vbob.retiolum" "vbob.retiolum"
]; ];
@ -135,22 +135,22 @@ with config.krebs.lib;
extraZones = { extraZones = {
"krebsco.de" = '' "krebsco.de" = ''
euer IN MX 1 aspmx.l.google.com. euer IN MX 1 aspmx.l.google.com.
pigstarter IN A ${head nets.internet.addrs4} pigstarter IN A ${nets.internet.ip4.addr}
gold IN A ${head nets.internet.addrs4} gold IN A ${nets.internet.ip4.addr}
boot IN A ${head nets.internet.addrs4} boot IN A ${nets.internet.ip4.addr}
''; '';
}; };
nets = { nets = {
internet = { internet = {
addrs4 = ["192.40.56.122"]; ip4.addr = "192.40.56.122";
addrs6 = ["2604:2880::841f:72c"]; ip6.addr = "2604:2880::841f:72c";
aliases = [ aliases = [
"pigstarter.internet" "pigstarter.internet"
]; ];
}; };
retiolum = { retiolum = {
addrs4 = ["10.243.0.153"]; ip4.addr = "10.243.0.153";
addrs6 = ["42:9143:b4c0:f981:6030:7aa2:8bc5:4110"]; ip6.addr = "42:9143:b4c0:f981:6030:7aa2:8bc5:4110";
aliases = [ aliases = [
"pigstarter.retiolum" "pigstarter.retiolum"
]; ];
@ -171,18 +171,18 @@ with config.krebs.lib;
cores = 1; cores = 1;
extraZones = { extraZones = {
"krebsco.de" = '' "krebsco.de" = ''
euer IN A ${head nets.internet.addrs4} euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${head nets.internet.addrs4} wiki.euer IN A ${nets.internet.ip4.addr}
wry IN A ${head nets.internet.addrs4} wry IN A ${nets.internet.ip4.addr}
io IN NS wry.krebsco.de. io IN NS wry.krebsco.de.
graphs IN A ${head nets.internet.addrs4} graphs IN A ${nets.internet.ip4.addr}
paste 60 IN A ${head nets.internet.addrs4} paste 60 IN A ${nets.internet.ip4.addr}
tinc IN A ${head nets.internet.addrs4} tinc IN A ${nets.internet.ip4.addr}
''; '';
}; };
nets = rec { nets = rec {
internet = { internet = {
addrs4 = ["104.233.87.86"]; ip4.addr = "104.233.87.86";
aliases = [ aliases = [
"wry.internet" "wry.internet"
"paste.internet" "paste.internet"
@ -190,8 +190,8 @@ with config.krebs.lib;
}; };
retiolum = { retiolum = {
via = internet; via = internet;
addrs4 = ["10.243.29.169"]; ip4.addr = "10.243.29.169";
addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"]; ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
aliases = [ aliases = [
"graphs.wry.retiolum" "graphs.wry.retiolum"
"graphs.retiolum" "graphs.retiolum"
@ -228,8 +228,8 @@ with config.krebs.lib;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.153.102"]; ip4.addr = "10.243.153.102";
addrs6 = ["42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"]; ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0";
aliases = [ aliases = [
"filepimp.retiolum" "filepimp.retiolum"
]; ];
@ -252,8 +252,8 @@ with config.krebs.lib;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.0.89"]; ip4.addr = "10.243.0.89";
addrs6 = ["42:f9f0::10"]; ip6.addr = "42:f9f0::10";
aliases = [ aliases = [
"omo.retiolum" "omo.retiolum"
"omo.r" "omo.r"
@ -277,8 +277,8 @@ with config.krebs.lib;
cores = 1; cores = 1;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.214.15"]; ip4.addr = "10.243.214.15";
addrs6 = ["42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"]; ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
aliases = [ aliases = [
"wbob.retiolum" "wbob.retiolum"
]; ];
@ -301,24 +301,24 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
extraZones = { extraZones = {
"krebsco.de" = '' "krebsco.de" = ''
share.euer IN A ${head nets.internet.addrs4} share.euer IN A ${nets.internet.ip4.addr}
mattermost.euer IN A ${head nets.internet.addrs4} mattermost.euer IN A ${nets.internet.ip4.addr}
git.euer IN A ${head nets.internet.addrs4} git.euer IN A ${nets.internet.ip4.addr}
gum IN A ${head nets.internet.addrs4} gum IN A ${nets.internet.ip4.addr}
cgit.euer IN A ${head nets.internet.addrs4} cgit.euer IN A ${nets.internet.ip4.addr}
''; '';
}; };
nets = rec { nets = rec {
internet = { internet = {
addrs4 = ["195.154.108.70"]; ip4.addr = "195.154.108.70";
aliases = [ aliases = [
"gum.internet" "gum.internet"
]; ];
}; };
retiolum = { retiolum = {
via = internet; via = internet;
addrs4 = ["10.243.0.211"]; ip4.addr = "10.243.0.211";
addrs6 = ["42:f9f0:0000:0000:0000:0000:0000:70d2"]; ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2";
aliases = [ aliases = [
"gum.r" "gum.r"
"gum.retiolum" "gum.retiolum"
@ -346,20 +346,20 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
cores = 1; cores = 1;
extraZones = { extraZones = {
"krebsco.de" = '' "krebsco.de" = ''
mediengewitter IN A ${head nets.internet.addrs4} mediengewitter IN A ${nets.internet.ip4.addr}
flap IN A ${head nets.internet.addrs4} flap IN A ${nets.internet.ip4.addr}
''; '';
}; };
nets = { nets = {
internet = { internet = {
addrs4 = ["162.248.11.162"]; ip4.addr = "162.248.11.162";
aliases = [ aliases = [
"flap.internet" "flap.internet"
]; ];
}; };
retiolum = { retiolum = {
addrs4 = ["10.243.211.172"]; ip4.addr = "10.243.211.172";
addrs6 = ["42:472a:3d01:bbe4:4425:567e:592b:065d"]; ip6.addr = "42:472a:3d01:bbe4:4425:567e:592b:065d";
aliases = [ aliases = [
"flap.retiolum" "flap.retiolum"
"flap.r" "flap.r"
@ -382,8 +382,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
cores = 1; cores = 1;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.231.219"]; ip4.addr = "10.243.231.219";
addrs6 = ["42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72"]; ip6.addr = "42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72";
aliases = [ aliases = [
"nukular.r" "nukular.r"
]; ];
@ -405,8 +405,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
cores = 1; cores = 1;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.124.21"]; ip4.addr = "10.243.124.21";
addrs6 = ["42:9898:a8be:ce56:0ee3:b99c:42c5:109e"]; ip6.addr = "42:9898:a8be:ce56:0ee3:b99c:42c5:109e";
aliases = [ aliases = [
"heidi.r" "heidi.r"
]; ];
@ -428,7 +428,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
cores = 1; cores = 1;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.69.184"]; ip4.addr = "10.243.69.184";
aliases = [ aliases = [
"soundflower.r" "soundflower.r"
]; ];
@ -450,7 +450,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
cores = 1; cores = 1;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.120.19"]; ip4.addr = "10.243.120.19";
aliases = [ aliases = [
"falk.r" "falk.r"
]; ];
@ -472,8 +472,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
cores = 4; cores = 4;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.189.130"]; ip4.addr = "10.243.189.130";
addrs6 = ["42:c64e:011f:9755:31e1:c3e6:73c0:af2d"]; ip6.addr = "42:c64e:011f:9755:31e1:c3e6:73c0:af2d";
aliases = [ aliases = [
"filebitch.r" "filebitch.r"
]; ];
@ -495,8 +495,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
cores = 1; cores = 1;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.26.29"]; ip4.addr = "10.243.26.29";
addrs6 = ["42:927a:3d59:1cb3:29d6:1a08:78d3:812e"]; ip6.addr = "42:927a:3d59:1cb3:29d6:1a08:78d3:812e";
aliases = [ aliases = [
"excobridge.r" "excobridge.r"
]; ];
@ -518,14 +518,14 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
cores = 1; cores = 1;
nets = { nets = {
internet = { internet = {
addrs4 = ["148.251.47.69"]; ip4.addr = "148.251.47.69";
aliases = [ aliases = [
"wooki.internet" "wooki.internet"
]; ];
}; };
retiolum = { retiolum = {
addrs4 = ["10.243.57.85"]; ip4.addr = "10.243.57.85";
addrs6 = ["42:2f06:b899:a3b5:1dcf:51a4:a02b:8731"]; ip6.addr = "42:2f06:b899:a3b5:1dcf:51a4:a02b:8731";
aliases = [ aliases = [
"wooki.r" "wooki.r"
]; ];
@ -543,18 +543,41 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
}; };
}; };
senderechner = rec {
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.0.163";
ip6.addr = "42:b67b:5752:a730:5f28:d80d:6b37:5bda";
aliases = [
"senderechner.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7
lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X
rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL
inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT
BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO
OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
muhbaasu = rec { muhbaasu = rec {
cores = 1; cores = 1;
nets = { nets = {
internet = { internet = {
addrs4 = ["217.160.206.154"]; ip4.addr = "217.160.206.154";
aliases = [ aliases = [
"muhbaasu.internet" "muhbaasu.internet"
]; ];
}; };
retiolum = { retiolum = {
addrs4 = ["10.243.139.184"]; ip4.addr = "10.243.139.184";
addrs6 = ["42:d568:6106:ba30:753b:0f2a:8225:b1fb"]; ip6.addr = "42:d568:6106:ba30:753b:0f2a:8225:b1fb";
aliases = [ aliases = [
"muhbaasu.r" "muhbaasu.r"
]; ];

4
krebs/3modules/miefda/default.nix
View File

@ -8,8 +8,8 @@ with config.krebs.lib;
cores = 4; cores = 4;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.111.112"]; ip4.addr = "10.243.111.112";
addrs6 = ["42:0:0:0:0:0:111:112"]; ip6.addr = "42:0:0:0:0:0:111:112";
aliases = [ aliases = [
"bobby.retiolum" "bobby.retiolum"
"cgit.bobby.retiolum" "cgit.bobby.retiolum"

4
krebs/3modules/mv/default.nix
View File

@ -8,8 +8,8 @@ with config.krebs.lib;
cores = 4; cores = 4;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.111.111"]; ip4.addr = "10.243.111.111";
addrs6 = ["42:0:0:0:0:0:111:111"]; ip6.addr = "42:0:0:0:0:0:111:111";
aliases = [ aliases = [
"stro.retiolum" "stro.retiolum"
"cgit.stro.retiolum" "cgit.stro.retiolum"

26
krebs/3modules/nginx.nix
View File

@ -117,25 +117,21 @@ let
} }
''; '';
to-server = { server-names, listen, locations, extraConfig, ssl, ... }: to-server = { server-names, listen, locations, extraConfig, ssl, ... }: ''
let server {
_extraConfig = if ssl.enable then server_name ${toString server-names};
extraConfig + '' ${concatMapStringsSep "\n" (x: indent "listen ${x};") listen}
${optionalString ssl.enable (indent ''
listen 443 ssl;
ssl_certificate ${ssl.certificate}; ssl_certificate ${ssl.certificate};
ssl_certificate_key ${ssl.certificate_key}; ssl_certificate_key ${ssl.certificate_key};
${optionalString ssl.prefer_server_ciphers "ssl_prefer_server_ciphers On;"} ${optionalString ssl.prefer_server_ciphers ''
ssl_prefer_server_ciphers On;
''}
ssl_ciphers ${ssl.ciphers}; ssl_ciphers ${ssl.ciphers};
ssl_protocols ${toString ssl.protocols}; ssl_protocols ${toString ssl.protocols};
'' '')}
else ${indent extraConfig}
extraConfig
;
in ''
server {
${concatMapStringsSep "\n" (x: "listen ${x};") (listen ++ optional ssl.enable "443 ssl")}
server_name ${toString server-names};
${indent _extraConfig}
${indent (concatMapStrings to-location locations)} ${indent (concatMapStrings to-location locations)}
} }
''; '';

127
krebs/3modules/retiolum.nix
View File

@ -11,26 +11,13 @@ let
api = { api = {
enable = mkEnableOption "krebs.retiolum"; enable = mkEnableOption "krebs.retiolum";
name = mkOption { host = mkOption {
type = types.str; type = types.host;
default = config.networking.hostName; default = config.krebs.build.host;
# Description stolen from tinc.conf(5).
description = ''
This is the name which identifies this tinc daemon. It must
be unique for the virtual private network this daemon will
connect to. The Name may only consist of alphanumeric and
underscore characters. If Name starts with a $, then the
contents of the environment variable that follows will be
used. In that case, invalid characters will be converted to
underscores. If Name is $HOST, but no such environment
variable exist, the hostname will be read using the
gethostnname() system call This is the name which identifies
the this tinc daemon.
'';
}; };
netname = mkOption { netname = mkOption {
type = types.str; type = types.enum (attrNames cfg.host.nets);
default = "retiolum"; default = "retiolum";
description = '' description = ''
The tinc network name. The tinc network name.
@ -99,17 +86,13 @@ let
description = "Iproute2 package to use."; description = "Iproute2 package to use.";
}; };
privkey = mkOption {
privateKeyFile = mkOption { type = types.secret-file;
# TODO if it's types.path then it gets copied to /nix/store with default = {
# bad unsafe permissions... path = "${cfg.user.home}/tinc.rsa_key.priv";
type = types.str; owner = cfg.user;
default = toString <secrets/retiolum.rsa_key.priv>; source-path = toString <secrets> + "/${cfg.netname}.rsa_key.priv";
description = '' };
Generate file with <literal>tincd -K</literal>.
This file must exist on the local system. The default points to
<secrets/retiolum.rsa_key.priv>.
'';
}; };
connectTo = mkOption { connectTo = mkOption {
@ -122,81 +105,67 @@ let
''; '';
}; };
user = mkOption {
type = types.user;
default = {
name = cfg.netname;
home = "/var/lib/${cfg.user.name}";
};
};
}; };
imp = { imp = {
krebs.secret.files."${cfg.netname}.rsa_key.priv" = cfg.privkey;
environment.systemPackages = [ tinc iproute ]; environment.systemPackages = [ tinc iproute ];
systemd.services.retiolum = { systemd.services.${cfg.netname} = {
description = "Tinc daemon for Retiolum"; description = "Tinc daemon for Retiolum";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "secret.service" ];
path = [ tinc iproute ]; path = [ tinc iproute ];
serviceConfig = rec { serviceConfig = rec {
PermissionsStartOnly = "true";
PrivateTmp = "true";
Restart = "always"; Restart = "always";
# TODO we cannot chroot (-R) b/c we use symlinks to hosts ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
# and the private key. SyslogIdentifier = cfg.netname;
ExecStartPre = pkgs.writeScript "retiolum-init" ''
#! /bin/sh
install -o ${user.name} -m 0400 ${cfg.privateKeyFile} /tmp/retiolum-rsa_key.priv
'';
ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
SyslogIdentifier = "retiolum";
}; };
}; };
users.extraUsers = singleton { users.users.${cfg.user.name} = {
inherit (user) name uid; inherit (cfg.user) home name uid;
createHome = true;
}; };
}; };
user = rec { net = cfg.host.nets.${cfg.netname};
name = "retiolum";
uid = genid name;
};
tinc = cfg.tincPackage; tinc = cfg.tincPackage;
iproute = cfg.iproutePackage; iproute = cfg.iproutePackage;
confDir = pkgs.runCommand "retiolum" { confDir = let
# TODO text namePathPair = name: path: { inherit name path; };
executable = true; in pkgs.linkFarm "${cfg.netname}-etc-tinc" (mapAttrsToList namePathPair {
preferLocalBuild = true; "hosts" = cfg.hostsPackage;
} '' "tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" ''
set -euf Name = ${cfg.host.name}
mkdir -p $out
ln -s ${cfg.hostsPackage} $out/hosts
cat > $out/tinc.conf <<EOF
Name = ${cfg.name}
Device = /dev/net/tun
Interface = ${cfg.netname} Interface = ${cfg.netname}
${concatStrings (map (c : "ConnectTo = " + c + "\n") cfg.connectTo)} ${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)}
PrivateKeyFile = /tmp/retiolum-rsa_key.priv PrivateKeyFile = ${cfg.privkey.path}
${cfg.extraConfig} ${cfg.extraConfig}
EOF
# source: krebscode/painload/retiolum/scripts/tinc_setup/tinc-up
cat > $out/tinc-up <<EOF
host=$out/hosts/${cfg.name}
${iproute}/sbin/ip link set \$INTERFACE up
addr4=\$(sed -n 's|^ *Subnet *= *\(10[.][^ ]*\) *$|\1|p' \$host)
if [ -n "\$addr4" ];then
${iproute}/sbin/ip -4 addr add \$addr4 dev \$INTERFACE
${iproute}/sbin/ip -4 route add 10.243.0.0/16 dev \$INTERFACE
fi
addr6=\$(sed -n 's|^ *Subnet *= *\(42[:][^ ]*\) *$|\1|p' \$host)
${iproute}/sbin/ip -6 addr add \$addr6 dev \$INTERFACE
${iproute}/sbin/ip -6 route add 42::/16 dev \$INTERFACE
EOF
chmod +x $out/tinc-up
''; '';
"tinc-up" = pkgs.writeScript "${cfg.netname}-tinc-up" ''
${iproute}/sbin/ip link set ${cfg.netname} up
${optionalString (net.ip4 != null) ''
${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${cfg.netname}
${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${cfg.netname}
''}
${optionalString (net.ip6 != null) ''
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${cfg.netname}
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${cfg.netname}
''}
'';
});
in out in out

10
krebs/3modules/shared/default.nix
View File

@ -12,8 +12,8 @@ let
cores = 1; cores = 1;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.111.111"]; ip4.addr = "10.243.111.111";
addrs6 = ["42:0:0:0:0:0:0:7357"]; ip6.addr = "42:0:0:0:0:0:0:7357";
aliases = [ aliases = [
"test.r" "test.r"
"test.retiolum" "test.retiolum"
@ -36,7 +36,7 @@ in {
wolf = { wolf = {
nets = { nets = {
shack = { shack = {
addrs4 = [ "10.42.2.150" ]; ip4.addr = "10.42.2.150" ;
aliases = [ aliases = [
"wolf.shack" "wolf.shack"
"graphite.shack" "graphite.shack"
@ -45,8 +45,8 @@ in {
]; ];
}; };
retiolum = { retiolum = {
addrs4 = ["10.243.77.1"]; ip4.addr = "10.243.77.1";
addrs6 = ["42:0:0:0:0:0:77:1"]; ip6.addr = "42:0:0:0:0:0:77:1";
aliases = [ aliases = [
"wolf.retiolum" "wolf.retiolum"
"cgit.wolf.retiolum" "cgit.wolf.retiolum"

112
krebs/3modules/tv/default.nix
View File

@ -13,15 +13,15 @@ with config.krebs.lib;
# TODO generate krebsco.de zone from nets and don't use extraZones at all # TODO generate krebsco.de zone from nets and don't use extraZones at all
"krebsco.de" = '' "krebsco.de" = ''
krebsco.de. 60 IN MX 5 mx23 krebsco.de. 60 IN MX 5 mx23
mx23 60 IN A ${elemAt nets.internet.addrs4 0} mx23 60 IN A ${nets.internet.ip4.addr}
cd 60 IN A ${elemAt nets.internet.addrs4 0} cd 60 IN A ${nets.internet.ip4.addr}
cgit 60 IN A ${elemAt nets.internet.addrs4 0} cgit 60 IN A ${nets.internet.ip4.addr}
cgit.cd 60 IN A ${elemAt nets.internet.addrs4 0} cgit.cd 60 IN A ${nets.internet.ip4.addr}
''; '';
}; };
nets = rec { nets = rec {
internet = { internet = {
addrs4 = ["162.219.7.216"]; ip4.addr = "162.219.7.216";
aliases = [ aliases = [
"cd.i" "cd.i"
"cd.internet" "cd.internet"
@ -34,8 +34,8 @@ with config.krebs.lib;
}; };
retiolum = { retiolum = {
via = internet; via = internet;
addrs4 = ["10.243.113.222"]; ip4.addr = "10.243.113.222";
addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"]; ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af3";
aliases = [ aliases = [
"cd.r" "cd.r"
"cd.retiolum" "cd.retiolum"
@ -62,11 +62,46 @@ with config.krebs.lib;
ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6";
}; };
doppelbock = rec {
cores = 2;
nets = rec {
internet = {
ip4.addr = "45.62.237.203";
aliases = [
"doppelbock.i"
"doppelbock.internet"
];
};
retiolum = {
via = internet;
ip4.addr = "10.243.113.224";
ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af5";
aliases = [
"doppelbock.r"
"doppelbock.retiolum"
"cgit.doppelbock.r"
"cgit.doppelbock.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAq/luvzH4CQX5qRuucUqR3aLwXtzsRmBOdd2hvrPG1z8ML2kKV+IG
0aBfyJmQ8csfeGhOj0y0LEBv4bkEjEtYObs+LJfdWZC5e39eAVUE0z8QbSPOx4di
/7Bo+9sFRELP1kYb47eLR8quiIkslMWQMbTLM5RHoXJ5jE8fQSitfp4WUZYiSPDF
d5F7RU/ZQfTZuh8gv7RmSn/6N6bXAQWrueK6ZqMuImIjBrmYyXUWxgsDnpeHxR5j
j/0F2Bda5lyp+Qzv24PREdPT8FazUfmIQwZTTArXHxiqLq+SEVT21E4WEf2sJRan
dti9yVUW3eiqpu8b9BRpvxOB3YdkyqlrGwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_rsa>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLhrVTEmbtuTsgRTHHxsLrq7ai1Yt7+oKFevr1gzktCQqHuyucXzxn60F00kuNDkNiKIF5fHmWy6ajU+6PKD3TfiFMagT9ah0x0RSB0+0tevxnlOp6VdHhrdM5YrBduWMiELmOiI1lvYhRqKd/ZE7b2mra6KYe5VtTi9UX3wQp8qN+bI01KCxv0p6ciUgEO8fnwLKDBUuFJ2UfE7Ais9XrXFIBFXB+MKcpLnIXvrV6dSXdUEiaswg8wo0Q0Y3tMaQ0dNJdH2yp3FVn1aiX3E/vVnffmDKMWYWqn78klujdEdmLm8/8NkXnc/jpgu8ZlSpQHECO2ZUJzd35yRnVKALv";
};
mkdir = rec { mkdir = rec {
cores = 1; cores = 1;
nets = rec { nets = rec {
internet = { internet = {
addrs4 = ["104.167.114.142"]; ip4.addr = "104.167.114.142";
aliases = [ aliases = [
"mkdir.i" "mkdir.i"
"mkdir.internet" "mkdir.internet"
@ -74,8 +109,8 @@ with config.krebs.lib;
}; };
retiolum = { retiolum = {
via = internet; via = internet;
addrs4 = ["10.243.113.223"]; ip4.addr = "10.243.113.223";
addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"]; ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af4";
aliases = [ aliases = [
"mkdir.r" "mkdir.r"
"mkdir.retiolum" "mkdir.retiolum"
@ -101,12 +136,12 @@ with config.krebs.lib;
extraZones = { extraZones = {
# TODO generate krebsco.de zone from nets and don't use extraZones at all # TODO generate krebsco.de zone from nets and don't use extraZones at all
"krebsco.de" = '' "krebsco.de" = ''
ire 60 IN A ${elemAt nets.internet.addrs4 0} ire 60 IN A ${nets.internet.ip4.addr}
''; '';
}; };
nets = rec { nets = rec {
internet = { internet = {
addrs4 = ["198.147.22.115"]; ip4.addr = "198.147.22.115";
aliases = [ aliases = [
"ire.i" "ire.i"
"ire.internet" "ire.internet"
@ -116,8 +151,8 @@ with config.krebs.lib;
}; };
retiolum = { retiolum = {
via = internet; via = internet;
addrs4 = ["10.243.231.66"]; ip4.addr = "10.243.231.66";
addrs6 = ["42:b912:0f42:a82d:0d27:8610:e89b:490c"]; ip6.addr = "42:b912:0f42:a82d:0d27:8610:e89b:490c";
aliases = [ aliases = [
"ire.r" "ire.r"
"ire.retiolum" "ire.retiolum"
@ -140,7 +175,7 @@ with config.krebs.lib;
kaepsele = { kaepsele = {
nets = { nets = {
internet = { internet = {
addrs4 = ["92.222.10.169"]; ip4.addr = "92.222.10.169";
aliases = [ aliases = [
"kaepsele.i" "kaepsele.i"
"kaepsele.internet" "kaepsele.internet"
@ -148,8 +183,8 @@ with config.krebs.lib;
]; ];
}; };
retiolum = { retiolum = {
addrs4 = ["10.243.166.2"]; ip4.addr = "10.243.166.2";
addrs6 = ["42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d"]; ip6.addr = "42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d";
aliases = [ aliases = [
"kaepsele.r" "kaepsele.r"
"kaepsele.retiolum" "kaepsele.retiolum"
@ -169,10 +204,11 @@ with config.krebs.lib;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF"; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF";
}; };
mu = { mu = {
cores = 2;
nets = { nets = {
retiolum = { retiolum = {
addrs4 = ["10.243.20.1"]; ip4.addr = "10.243.20.1";
addrs6 = ["42:0:0:0:0:0:0:2001"]; ip6.addr = "42:0:0:0:0:0:0:2001";
aliases = [ aliases = [
"mu.r" "mu.r"
"mu.retiolum" "mu.retiolum"
@ -189,18 +225,20 @@ with config.krebs.lib;
''; '';
}; };
}; };
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1vJsAddvxMA84u9iJEOrIkKn7pQiemMbfW5cfK1d7g root@mu";
}; };
nomic = { nomic = {
cores = 2; cores = 2;
nets = rec { nets = rec {
gg23 = { gg23 = {
addrs4 = ["10.23.1.110"]; ip4.addr = "10.23.1.110";
aliases = ["nomic.gg23"]; aliases = ["nomic.gg23"];
ssh.port = 11423; ssh.port = 11423;
}; };
retiolum = { retiolum = {
addrs4 = ["10.243.0.110"]; ip4.addr = "10.243.0.110";
addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"]; ip6.addr = "42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec";
aliases = [ aliases = [
"nomic.r" "nomic.r"
"nomic.retiolum" "nomic.retiolum"
@ -226,7 +264,7 @@ with config.krebs.lib;
ok = { ok = {
nets = { nets = {
gg23 = { gg23 = {
addrs4 = ["10.23.1.1"]; ip4.addr = "10.23.1.1";
aliases = ["ok.gg23"]; aliases = ["ok.gg23"];
}; };
}; };
@ -235,7 +273,7 @@ with config.krebs.lib;
cores = 1; cores = 1;
nets = rec { nets = rec {
internet = { internet = {
addrs4 = ["167.88.34.182"]; ip4.addr = "167.88.34.182";
aliases = [ aliases = [
"rmdir.i" "rmdir.i"
"rmdir.internet" "rmdir.internet"
@ -243,8 +281,8 @@ with config.krebs.lib;
}; };
retiolum = { retiolum = {
via = internet; via = internet;
addrs4 = ["10.243.113.224"]; ip4.addr = "10.243.113.224";
addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"]; ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af5";
aliases = [ aliases = [
"rmdir.r" "rmdir.r"
"rmdir.retiolum" "rmdir.retiolum"
@ -269,7 +307,7 @@ with config.krebs.lib;
schnabeldrucker = { schnabeldrucker = {
nets = { nets = {
gg23 = { gg23 = {
addrs4 = ["10.23.1.21"]; ip4.addr = "10.23.1.21";
aliases = ["schnabeldrucker.gg23"]; aliases = ["schnabeldrucker.gg23"];
}; };
}; };
@ -277,7 +315,7 @@ with config.krebs.lib;
schnabelscanner = { schnabelscanner = {
nets = { nets = {
gg23 = { gg23 = {
addrs4 = ["10.23.1.22"]; ip4.addr = "10.23.1.22";
aliases = ["schnabelscanner.gg23"]; aliases = ["schnabelscanner.gg23"];
}; };
}; };
@ -286,7 +324,7 @@ with config.krebs.lib;
cores = 4; cores = 4;
nets = { nets = {
gg23 = { gg23 = {
addrs4 = ["10.23.1.37"]; ip4.addr = "10.23.1.37";
aliases = [ aliases = [
"wu.gg23" "wu.gg23"
"cache.wu.gg23" "cache.wu.gg23"
@ -294,8 +332,8 @@ with config.krebs.lib;
ssh.port = 11423; ssh.port = 11423;
}; };
retiolum = { retiolum = {
addrs4 = ["10.243.13.37"]; ip4.addr = "10.243.13.37";
addrs6 = ["42:0:0:0:0:0:0:1337"]; ip6.addr = "42:0:0:0:0:0:0:1337";
aliases = [ aliases = [
"wu.r" "wu.r"
"wu.retiolum" "wu.retiolum"
@ -322,13 +360,13 @@ with config.krebs.lib;
cores = 4; cores = 4;
nets = { nets = {
gg23 = { gg23 = {
addrs4 = ["10.23.1.38"]; ip4.addr = "10.23.1.38";
aliases = ["xu.gg23"]; aliases = ["xu.gg23"];
ssh.port = 11423; ssh.port = 11423;
}; };
retiolum = { retiolum = {
addrs4 = ["10.243.13.38"]; ip4.addr = "10.243.13.38";
addrs6 = ["42:0:0:0:0:0:0:1338"]; ip6.addr = "42:0:0:0:0:0:0:1338";
aliases = [ aliases = [
"xu.r" "xu.r"
"xu.retiolum" "xu.retiolum"
@ -387,7 +425,7 @@ with config.krebs.lib;
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----
''; '';
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu";
uid = 1337; # TODO use default uid = 1337; # TODO use default and document what has to be done (for vv)
}; };
tv-nomic = { tv-nomic = {
inherit (tv) mail; inherit (tv) mail;
@ -397,5 +435,9 @@ with config.krebs.lib;
inherit (tv) mail; inherit (tv) mail;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu";
}; };
vv = {
mail = "vv@mu.r";
uid = 2000; # TODO use default
};
}; };
} }

69
krebs/4lib/types.nix
View File

@ -63,28 +63,56 @@ types // rec {
net = submodule ({ config, ... }: { net = submodule ({ config, ... }: {
options = { options = {
name = mkOption {
type = label;
default = config._module.args.name;
};
via = mkOption { via = mkOption {
type = nullOr net; type = nullOr net;
default = null; default = null;
}; };
addrs = mkOption { addrs = mkOption {
type = listOf addr; type = listOf addr;
default = config.addrs4 ++ config.addrs6; default =
# TODO only default addrs make sense optional (config.ip4 != null) config.ip4.addr ++
}; optional (config.ip6 != null) config.ip6.addr;
addrs4 = mkOption { readOnly = true;
type = listOf addr4;
default = [];
};
addrs6 = mkOption {
type = listOf addr6;
default = [];
}; };
aliases = mkOption { aliases = mkOption {
# TODO nonEmptyListOf hostname # TODO nonEmptyListOf hostname
type = listOf hostname; type = listOf hostname;
default = []; default = [];
}; };
ip4 = mkOption {
type = nullOr (submodule {
options = {
addr = mkOption {
type = addr4;
};
prefix = mkOption ({
type = str; # TODO routing prefix (CIDR)
} // optionalAttrs (config.name == "retiolum") {
default = "10.243.0.0/16";
});
};
});
default = null;
};
ip6 = mkOption {
type = nullOr (submodule {
options = {
addr = mkOption {
type = addr6;
};
prefix = mkOption ({
type = str; # TODO routing prefix (CIDR)
} // optionalAttrs (config.name == "retiolum") {
default = "42::/16";
});
};
});
default = null;
};
ssh = mkOption { ssh = mkOption {
type = submodule { type = submodule {
options = { options = {
@ -186,10 +214,23 @@ types // rec {
}; };
}); });
# TODO addr = either addr4 addr6;
addr = str; addr4 = mkOptionType {
addr4 = str; name = "IPv4 address";
addr6 = str; check = let
IPv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in
concatMapStringsSep "." (const d) (range 1 4);
in x: match IPv4address x != null;
merge = mergeOneOption;
};
addr6 = mkOptionType {
name = "IPv6 address";
check = let
# TODO check IPv6 address harder
IPv6address = "[0-9a-f.:]+";
in x: match IPv6address x != null;
merge = mergeOneOption;
};
pgp-pubkey = str; pgp-pubkey = str;

4
krebs/5pkgs/exim/default.nix
View File

@ -1,11 +1,11 @@
{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }: { coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "exim-4.86.2"; name = "exim-4.87";
src = fetchurl { src = fetchurl {
url = "http://mirror.switch.ch/ftp/mirror/exim/exim/exim4/${name}.tar.bz2"; url = "http://mirror.switch.ch/ftp/mirror/exim/exim/exim4/${name}.tar.bz2";
sha256 = "1cvfcc1hi60lydv8h3a2rxlfc0v2nflwpvzjj7h7cdsqs2pxwmkp"; sha256 = "1jbxn13shq90kpn0s73qpjnx5xm8jrpwhcwwgqw5s6sdzw6iwsbl";
}; };
buildInputs = [ coreutils db openssl pcre perl pkgconfig ]; buildInputs = [ coreutils db openssl pcre perl pkgconfig ];

3
lass/1systems/cloudkrebs.nix
View File

@ -2,9 +2,8 @@
let let
inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
inherit (lib) head;
ip = (head config.krebs.build.host.nets.internet.addrs4); ip = config.krebs.build.host.nets.internet.ip4.addr;
in { in {
imports = [ imports = [
../. ../.

3
lass/1systems/echelon.nix
View File

@ -2,9 +2,8 @@
let let
inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
inherit (lib) head;
ip = (head config.krebs.build.host.nets.internet.addrs4); ip = config.krebs.build.host.nets.internet.ip4.addr;
in { in {
imports = [ imports = [
../. ../.

4
lass/1systems/prism.nix
View File

@ -1,9 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
inherit (lib) head; ip = config.krebs.build.host.nets.internet.ip4.addr;
ip = (head config.krebs.build.host.nets.internet.addrs4);
in { in {
imports = [ imports = [
../. ../.

3
lass/2configs/privoxy-retiolum.nix
View File

@ -1,8 +1,7 @@
{ config, lib, ... }: { config, lib, ... }:
let let
r_ip = (head config.krebs.build.host.nets.retiolum.addrs4); r_ip = config.krebs.build.host.nets.retiolum.ip4.addr;
inherit (lib) head;
in { in {
imports = [ imports = [

2
lass/3modules/static_nginx.nix
View File

@ -54,7 +54,7 @@ let
user = config.services.nginx.user; user = config.services.nginx.user;
group = config.services.nginx.group; group = config.services.nginx.group;
external-ip = head config.krebs.build.host.nets.internet.addrs4; external-ip = config.krebs.build.host.nets.internet.ip4.addr;
imp = { imp = {
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: { krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: {

12
makefu/1systems/darth.nix
View File

@ -14,11 +14,23 @@ in {
../2configs/fs/single-partition-ext4.nix ../2configs/fs/single-partition-ext4.nix
../2configs/zsh-user.nix ../2configs/zsh-user.nix
../2configs/smart-monitor.nix ../2configs/smart-monitor.nix
../2configs/exim-retiolum.nix
../2configs/virtualization.nix
]; ];
networking.firewall.allowedUDPPorts = [ 80 655 67 ];
networking.firewall.allowedTCPPorts = [ 80 655 ];
networking.firewall.checkReversePath = false;
#networking.firewall.enable = false;
# virtualisation.nova.enableSingleNode = true; # virtualisation.nova.enableSingleNode = true;
krebs.retiolum.enable = true; krebs.retiolum.enable = true;
boot.kernelModules = [ "coretemp" "f71882fg" ];
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
networking.wireless.enable = true;
# TODO smartd omo darth gum all-in-one # TODO smartd omo darth gum all-in-one
services.smartd.devices = builtins.map (x: { device = x; }) allDisks; services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
zramSwap.enable = true; zramSwap.enable = true;

4
makefu/1systems/gum.nix
View File

@ -2,8 +2,8 @@
with config.krebs.lib; with config.krebs.lib;
let let
external-ip = head config.krebs.build.host.nets.internet.addrs4; external-ip = config.krebs.build.host.nets.internet.ip4.addr;
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
in { in {
imports = [ imports = [
../. ../.

9
makefu/1systems/omo.nix
View File

@ -44,16 +44,21 @@ in {
../2configs/smart-monitor.nix ../2configs/smart-monitor.nix
../2configs/mail-client.nix ../2configs/mail-client.nix
../2configs/share-user-sftp.nix ../2configs/share-user-sftp.nix
../2configs/graphite-standalone.nix
../2configs/omo-share.nix ../2configs/omo-share.nix
]; ];
krebs.retiolum.enable = true; krebs.retiolum.enable = true;
networking.firewall.trustedInterfaces = [ "enp3s0" ]; networking.firewall.trustedInterfaces = [ "enp3s0" ];
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
# tcp:80 - nginx for sharing files # tcp:80 - nginx for sharing files
# tcp:655 udp:655 - tinc # tcp:655 udp:655 - tinc
# tcp:8080 - sabnzbd # tcp:8111 - graphite
# tcp:9090 - sabnzbd
# tcp:9200 - elasticsearch
# tcp:5601 - kibana
networking.firewall.allowedUDPPorts = [ 655 ]; networking.firewall.allowedUDPPorts = [ 655 ];
networking.firewall.allowedTCPPorts = [ 80 655 8080 ]; networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ];
# services.openssh.allowSFTP = false; # services.openssh.allowSFTP = false;

5
makefu/1systems/vbob.nix
View File

@ -15,11 +15,6 @@
]; ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
krebs.build.source.upstream-nixpkgs = {
url = https://github.com/makefu/nixpkgs;
# HTTP Everywhere + libredir
rev = "8239ac6";
};
fileSystems."/nix" = { fileSystems."/nix" = {
device ="/dev/disk/by-label/nixstore"; device ="/dev/disk/by-label/nixstore";
fsType = "ext4"; fsType = "ext4";

4
makefu/1systems/wry.nix
View File

@ -3,8 +3,8 @@
with config.krebs.lib; with config.krebs.lib;
let let
external-ip = head config.krebs.build.host.nets.internet.addrs4; external-ip = config.krebs.build.host.nets.internet.ip4.addr;
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
in { in {
imports = [ imports = [
../. ../.

14
makefu/2configs/base-gui.nix
View File

@ -10,16 +10,6 @@
# #
# if this is not enough, check out main-laptop.nix # if this is not enough, check out main-laptop.nix
## TODO: .Xdefaults:
# URxvt*termName: rxvt
# URxvt.scrollBar : false
# URxvt*scrollBar_right: false
# URxvt*borderLess: false
# URxvt.foreground: white
# URxvt.background: black
# URxvt.urgentOnBell: true
# URxvt.visualBell: false
# URxvt.font : xft:Terminus
with config.krebs.lib; with config.krebs.lib;
let let
@ -83,7 +73,9 @@ in
XTerm*FaceName : Terminus:pixelsize=14 XTerm*FaceName : Terminus:pixelsize=14
URxvt*termName: rxvt URxvt*termName: rxvt
URxvt.scrollBar : False URxvt*saveLines: 10000
URxvt*loginShell: false
URxvt.scrollBar : false
URxvt*scrollBar_right: false URxvt*scrollBar_right: false
URxvt*borderLess: false URxvt*borderLess: false
URxvt.foreground: white URxvt.foreground: white

2
makefu/2configs/deployment/mycube.connector.one.nix
View File

@ -3,7 +3,7 @@
with config.krebs.lib; with config.krebs.lib;
let let
hostname = config.krebs.build.host.name; hostname = config.krebs.build.host.name;
external-ip = head config.krebs.build.host.nets.internet.addrs4; external-ip = config.krebs.build.host.nets.internet.ip4.addr;
wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock"; wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock";
in { in {
services.redis.enable = true; services.redis.enable = true;

2
makefu/2configs/fs/sda-crypto-root-home.nix
View File

@ -19,7 +19,7 @@ with config.krebs.lib;
"/home" = { "/home" = {
device = "/dev/mapper/main-home"; device = "/dev/mapper/main-home";
fsType = "ext4"; fsType = "ext4";
options="defaults,discard"; options = [ "defaults" "discard" ];
}; };
}; };
} }

4
makefu/2configs/fs/sda-crypto-root.nix
View File

@ -18,12 +18,12 @@ with config.krebs.lib;
"/" = { "/" = {
device = "/dev/mapper/luksroot"; device = "/dev/mapper/luksroot";
fsType = "ext4"; fsType = "ext4";
options="defaults,discard"; options = [ "defaults" "discard" ];
}; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-label/nixboot"; device = "/dev/disk/by-label/nixboot";
fsType = "ext4"; fsType = "ext4";
options="defaults,discard"; options = [ "defaults" "discard" ];
}; };
}; };
} }

1
makefu/2configs/hw/tp-x2x0.nix
View File

@ -23,6 +23,7 @@ with config.krebs.lib;
services.tlp.enable = true; services.tlp.enable = true;
services.tlp.extraConfig = '' services.tlp.extraConfig = ''
START_CHARGE_THRESH_BAT0=80 START_CHARGE_THRESH_BAT0=80
STOP_CHARGE_THRESH_BAT0=95
CPU_SCALING_GOVERNOR_ON_AC=performance CPU_SCALING_GOVERNOR_ON_AC=performance
CPU_SCALING_GOVERNOR_ON_BAT=ondemand CPU_SCALING_GOVERNOR_ON_BAT=ondemand

2
makefu/2configs/iodined.nix
View File

@ -10,7 +10,7 @@ in {
enable = true; enable = true;
domain = domain; domain = domain;
ip = "172.16.10.1/24"; ip = "172.16.10.1/24";
extraConfig = "-P ${pw} -l ${pkgs.lib.head config.krebs.build.host.nets.internet.addrs4}"; extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}";
}; };
} }

2
makefu/2configs/mail-client.nix
View File

@ -7,7 +7,7 @@ with config.krebs.lib;
gnupg gnupg
imapfilter imapfilter
msmtp msmtp
mutt-kz mutt
notmuch notmuch
offlineimap offlineimap
openssl openssl

4
makefu/2configs/nginx/euer.blog.nix
View File

@ -8,8 +8,8 @@ let
hostname = config.krebs.build.host.name; hostname = config.krebs.build.host.name;
user = config.services.nginx.user; user = config.services.nginx.user;
group = config.services.nginx.group; group = config.services.nginx.group;
external-ip = head config.krebs.build.host.nets.internet.addrs4; external-ip = config.krebs.build.host.nets.internet.ip4.addr;
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
base-dir = "/var/www/blog.euer"; base-dir = "/var/www/blog.euer";
in { in {
# Prepare Blog directory # Prepare Blog directory

4
makefu/2configs/nginx/euer.test.nix
View File

@ -5,8 +5,8 @@ let
hostname = config.krebs.build.host.name; hostname = config.krebs.build.host.name;
user = config.services.nginx.user; user = config.services.nginx.user;
group = config.services.nginx.group; group = config.services.nginx.group;
external-ip = head config.krebs.build.host.nets.internet.addrs4; external-ip = config.krebs.build.host.nets.internet.ip4.addr;
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
in { in {
krebs.nginx = { krebs.nginx = {
enable = mkDefault true; enable = mkDefault true;

4
makefu/2configs/nginx/euer.wiki.nix
View File

@ -18,8 +18,8 @@ let
# user1 = pass1 # user1 = pass1
# userN = passN # userN = passN
tw-pass-file = "${sec}/tw-pass.ini"; tw-pass-file = "${sec}/tw-pass.ini";
external-ip = head config.krebs.build.host.nets.internet.addrs4; external-ip = config.krebs.build.host.nets.internet.ip4.addr;
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
in { in {
services.phpfpm = { services.phpfpm = {
# phpfpm does not have an enable option # phpfpm does not have an enable option

15
makefu/2configs/nginx/public_html.nix Normal file
View File

@ -0,0 +1,15 @@
{ config, lib, ... }:
with config.krebs.lib;
{
krebs.nginx = {
enable = true;
servers.default.locations = [
(nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
alias /home/$1/public_html$2;
autoindex on;
'')
];
};
}

2
makefu/2configs/nginx/update.connector.one.nix
View File

@ -3,7 +3,7 @@
with config.krebs.lib; with config.krebs.lib;
let let
hostname = config.krebs.build.host.name; hostname = config.krebs.build.host.name;
external-ip = head config.krebs.build.host.nets.internet.addrs4; external-ip = config.krebs.build.host.nets.internet.ip4.addr;
in { in {
krebs.nginx = { krebs.nginx = {
enable = mkDefault true; enable = mkDefault true;

9
makefu/2configs/omo-share.nix
View File

@ -5,7 +5,7 @@ let
hostname = config.krebs.build.host.name; hostname = config.krebs.build.host.name;
# TODO local-ip from the nets config # TODO local-ip from the nets config
local-ip = "192.168.1.11"; local-ip = "192.168.1.11";
# local-ip = head config.krebs.build.host.nets.retiolum.addrs4; # local-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
in { in {
krebs.nginx = { krebs.nginx = {
enable = mkDefault true; enable = mkDefault true;
@ -48,6 +48,13 @@ in {
browseable = "yes"; browseable = "yes";
"guest ok" = "yes"; "guest ok" = "yes";
}; };
emu = {
path = "/media/crypt1/emu";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
usenet = { usenet = {
path = "/media/crypt0/usenet/dst"; path = "/media/crypt0/usenet/dst";
"read only" = "yes"; "read only" = "yes";

30
makefu/4lib/default.nix Normal file
View File

@ -0,0 +1,30 @@
{ config, lib, ... }:
with lib;
let
addDefaultTime = bku-entry: recursiveUpdate {
snapshots = {
daily = { format = "%Y-%m-%d"; retain = 7; };
weekly = { format = "%YW%W"; retain = 4; };
monthly = { format = "%Y-%m"; retain = 12; };
yearly = { format = "%Y"; };
};
startAt = "5:23";
} bku-entry;
backup-host = config.krebs.hosts.omo;
backup-path = "/media/backup";
in {
bku = {
inherit addDefaultTime;
simplePath = addDefaultTime (path: {
method = "pull";
src = { host = config.krebs.build.host; inherit path; };
dst = {
host = backup-host;
path = backup-path ++ config.krebs.build.host.name
++ builtins.replaceStrings ["/"] ["-"] path;
};
});
};
}

4
makefu/5pkgs/mycube-flask/default.nix
View File

@ -10,8 +10,8 @@ with pkgs.pythonPackages;buildPythonPackage rec {
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "makefu"; owner = "makefu";
repo = "mycube-flask"; repo = "mycube-flask";
rev = "5f5260a"; rev = "48dc6857";
sha256 = "1jx0h81nlmi1xry2vw46rvsanq0sdca6hlq31lhh7klqrg885hgh"; sha256 = "1ax1vz6m5982l1mmp9vmywn9nw9p9h4m3ss74zazyspxq1wjim0v";
}; };
meta = { meta = {
homepage = https://github.com/makefu/mycube-flask; homepage = https://github.com/makefu/mycube-flask;

4
shared/1systems/wolf.nix
View File

@ -1,8 +1,8 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
shack-ip = lib.head config.krebs.build.host.nets.shack.addrs4; shack-ip = config.krebs.build.host.nets.shack.ip4.addr;
internal-ip = lib.head config.krebs.build.host.nets.retiolum.addrs4; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
in in
{ {
imports = [ imports = [

23
tv/1systems/doppelbock.nix Normal file
View File

@ -0,0 +1,23 @@
{ config, lib, pkgs, ... }:
with config.krebs.lib;
{
krebs.build.host = config.krebs.hosts.doppelbock;
imports = [
../.
../2configs/hw/CAC-Developer-2.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/retiolum.nix
];
networking = {
interfaces.enp2s1.ip4 = singleton {
address = let
addr = "45.62.237.203";
in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr;
prefixLength = 24;
};
defaultGateway = "45.62.237.1";
nameservers = ["8.8.8.8"];
};
}

11
tv/1systems/mkdir.nix
View File

@ -7,12 +7,7 @@ let
getDefaultGateway = ip: getDefaultGateway = ip:
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
primary-addr4 = config.krebs.build.host.nets.internet.ip4.addr;
primary-addr4 =
builtins.elemAt config.krebs.build.host.nets.internet.addrs4 0;
#secondary-addr4 =
# builtins.elemAt config.krebs.build.host.nets.internet.addrs4 1;
in in
{ {
@ -55,10 +50,6 @@ in
address = primary-addr4; address = primary-addr4;
prefixLength = 24; prefixLength = 24;
} }
#{
# address = secondary-addr4;
# prefixLength = 24;
#}
]; ];
# TODO define gateway in krebs/3modules/default.nix # TODO define gateway in krebs/3modules/default.nix

169
tv/1systems/mu.nix Normal file
View File

@ -0,0 +1,169 @@
{ config, pkgs, ... }:
with config.krebs.lib;
{
imports = [
../../krebs
../2configs
../3modules
../2configs/exim-retiolum.nix
../2configs/retiolum.nix
];
krebs.build.host = config.krebs.hosts.mu;
krebs.build.user = mkForce config.krebs.users.vv;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0"
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0"
# for jack
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
'';
# hardware configuration
boot.initrd.luks.devices = [
{ name = "vgmu1"; device = "/dev/sda2"; }
];
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ];
boot.initrd.availableKernelModules = [ "ahci" ];
boot.kernelModules = [ "fbcon" "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.extraModprobeConfig = ''
options kvm_intel nested=1
'';
fileSystems = {
"/" = {
device = "/dev/vgmu1/nixroot";
fsType = "ext4";
options = [ "defaults" "noatime" ];
};
"/home" = {
device = "/dev/vgmu1/home";
options = [ "defaults" "noatime" ];
};
"/boot" = {
device = "/dev/sda1";
};
"/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = [ "nosuid" "nodev" "noatime" ];
};
};
swapDevices =[ ];
nixpkgs.config.firefox.enableAdobeFlash = true;
nixpkgs.config.chromium.enablePepperFlash = true;
nixpkgs.config.allowUnfree = true;
hardware.opengl.driSupport32Bit = true;
hardware.pulseaudio.enable = true;
hardware.enableAllFirmware = true;
boot.loader.gummiboot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.networkmanager.enable = true;
environment.systemPackages = with pkgs; [
slock
tinc
iptables
vim
gimp
xsane
firefoxWrapper
chromiumDev
skype
libreoffice
kde4.l10n.de
kde4.plasma-nm
pidgin-with-plugins
pidginotr
kde4.print_manager
#foomatic_filters
#gutenprint
#cups_pdf_filter
#ghostscript
];
i18n.defaultLocale = "de_DE.UTF-8";
programs.ssh.startAgent = false;
security.setuidPrograms = [
"sendmail" # for cron
"slock"
];
security.pam.loginLimits = [
# for jack
{ domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; }
{ domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; }
];
fonts.fonts = [
pkgs.xlibs.fontschumachermisc
];
# Enable CUPS to print documents.
services.printing = {
enable = true;
#drivers = [
# #pkgs.foomatic_filters
# #pkgs.gutenprint
# #pkgs.cups_pdf_filter
# #pkgs.ghostscript
#];
#cupsdConf = ''
# LogLevel debug2
#'';
};
services.xserver.enable = true;
services.xserver.layout = "de";
services.xserver.xkbOptions = "eurosign:e";
# TODO this is host specific
services.xserver.synaptics = {
enable = true;
twoFingerScroll = true;
};
services.xserver.desktopManager.kde4.enable = true;
services.xserver.displayManager.auto = {
enable = true;
user = "vv";
};
users.users.vv = {
inherit (config.krebs.users.vv) home uid;
isNormalUser = true;
extraGroups = [
"audio"
"video"
"networkmanager"
];
};
services.journald.extraConfig = ''
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
# see tmpfiles.d(5)
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
];
}

7
tv/1systems/rmdir.nix
View File

@ -7,12 +7,7 @@ let
getDefaultGateway = ip: getDefaultGateway = ip:
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
primary-addr4 = config.krebs.build.host.nets.internet.ip4.addr;
primary-addr4 =
builtins.elemAt config.krebs.build.host.nets.internet.addrs4 0;
#secondary-addr4 =
# builtins.elemAt config.krebs.build.host.nets.internet.addrs4 1;
in in
{ {

2
tv/2configs/exim-smarthost.nix
View File

@ -13,7 +13,7 @@ with config.krebs.lib;
"shackspace.de" "shackspace.de"
"viljetic.de" "viljetic.de"
]; ];
relay_from_hosts = concatMap (host: host.nets.retiolum.addrs4) [ relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
config.krebs.hosts.nomic config.krebs.hosts.nomic
config.krebs.hosts.wu config.krebs.hosts.wu
config.krebs.hosts.xu config.krebs.hosts.xu

9
tv/3modules/charybdis/config.nix
View File

@ -56,9 +56,9 @@ in toFile "charybdis.conf" ''
/* On multi-homed hosts you may need the following. These define /* On multi-homed hosts you may need the following. These define
* the addresses we connect from to other servers. */ * the addresses we connect from to other servers. */
/* for IPv4 */ /* for IPv4 */
vhost = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs4}; vhost = ${toJSON config.krebs.build.host.nets.retiolum.ip4.addr};
/* for IPv6 */ /* for IPv6 */
vhost6 = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs6}; vhost6 = ${toJSON config.krebs.build.host.nets.retiolum.ip6.addr};
/* ssl_private_key: our ssl private key */ /* ssl_private_key: our ssl private key */
ssl_private_key = ${toJSON cfg.ssl_private_key.path}; ssl_private_key = ${toJSON cfg.ssl_private_key.path};
@ -160,10 +160,7 @@ in toFile "charybdis.conf" ''
/* If you want to listen on a specific IP only, specify host. /* If you want to listen on a specific IP only, specify host.
* host definitions apply only to the following port line. * host definitions apply only to the following port line.
*/ */
# XXX This is stupid because only one host is allowed[?] #host = ${toJSON config.krebs.build.host.nets.retiolum.ip4.addr};
#host = ''${concatMapStringsSep ", " toJSON (
# config.krebs.build.host.nets.retiolum.addrs
#)};
port = ${toString cfg.port}; port = ${toString cfg.port};
sslport = ${toString cfg.sslport}; sslport = ${toString cfg.sslport};
}; };