Merge remote-tracking branch 'pnp/master'
This commit is contained in:
commit
f531e7e625
157
krebs/3modules/apt-cacher-ng.nix
Normal file
157
krebs/3modules/apt-cacher-ng.nix
Normal file
@ -0,0 +1,157 @@
|
|||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
acng-config = pkgs.writeTextFile {
|
||||||
|
name = "acng-configuration";
|
||||||
|
destination = "/acng.conf";
|
||||||
|
text = ''
|
||||||
|
ForeGround: 1
|
||||||
|
CacheDir: ${cfg.cacheDir}
|
||||||
|
LogDir: ${cfg.logDir}
|
||||||
|
PidFile: /var/run/apt-cacher-ng.pid
|
||||||
|
ExTreshold: ${toString cfg.cacheExpiration}
|
||||||
|
CAfile: ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
|
||||||
|
|
||||||
|
Port: ${toString cfg.port}
|
||||||
|
BindAddress: ${cfg.bindAddress}
|
||||||
|
|
||||||
|
# defaults:
|
||||||
|
Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian
|
||||||
|
Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu
|
||||||
|
Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol
|
||||||
|
Remap-cygwin: file:cygwin_mirrors /cygwin
|
||||||
|
Remap-sfnet: file:sfnet_mirrors
|
||||||
|
Remap-alxrep: file:archlx_mirrors /archlinux
|
||||||
|
Remap-fedora: file:fedora_mirrors
|
||||||
|
Remap-epel: file:epel_mirrors
|
||||||
|
Remap-slrep: file:sl_mirrors # Scientific Linux
|
||||||
|
Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo
|
||||||
|
|
||||||
|
ReportPage: acng-report.html
|
||||||
|
SupportDir: ${pkgs.apt-cacher-ng}/lib/apt-cacher-ng
|
||||||
|
LocalDirs: acng-doc ${pkgs.apt-cacher-ng}/share/doc/apt-cacher-ng
|
||||||
|
|
||||||
|
# Nix cache
|
||||||
|
${optionalString cfg.enableNixCache ''
|
||||||
|
Remap-nix: http://cache.nixos.org /nixos ; https://cache.nixos.org
|
||||||
|
PfilePatternEx: (^|.*?/).*\.nar(info)?(|\.gz|\.xz|\.bz2)$
|
||||||
|
VfilePatternEx: (^|.*?/)nix-cache-info$
|
||||||
|
''}
|
||||||
|
|
||||||
|
${cfg.extraConfig}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
acng-home = "/var/cache/acng";
|
||||||
|
cfg = config.krebs.apt-cacher-ng;
|
||||||
|
|
||||||
|
api = {
|
||||||
|
enable = mkEnableOption "apt-cacher-ng";
|
||||||
|
|
||||||
|
cacheDir = mkOption {
|
||||||
|
default = acng-home + "/cache";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
Path to apt-cacher-ng cache directory.
|
||||||
|
Will be created and chowned to acng-user
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
logDir = mkOption {
|
||||||
|
default = acng-home + "/log";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
Path to apt-cacher-ng log directory.
|
||||||
|
Will be created and chowned to acng-user
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
default = 3142;
|
||||||
|
type = types.int;
|
||||||
|
description = ''
|
||||||
|
port of apt-cacher-ng
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
bindAddress = mkOption {
|
||||||
|
default = "";
|
||||||
|
type = types.str;
|
||||||
|
example = "localhost 192.168.7.254 publicNameOnMainInterface";
|
||||||
|
description = ''
|
||||||
|
listen address of apt-cacher-ng. Defaults to every interface.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
cacheExpiration = mkOption {
|
||||||
|
default = 4;
|
||||||
|
type = types.int;
|
||||||
|
description = ''
|
||||||
|
number of days before packages expire in the cache without being
|
||||||
|
requested.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
enableNixCache = mkOption {
|
||||||
|
default = true;
|
||||||
|
type = types.bool;
|
||||||
|
description = ''
|
||||||
|
enable cache.nixos.org caching via PfilePatternEx and VfilePatternEx.
|
||||||
|
|
||||||
|
to use the apt-cacher-ng in your nixos configuration:
|
||||||
|
nix.binary-cache = [ http://acng-host:port/nixos ];
|
||||||
|
|
||||||
|
These options cannot be used in extraConfig, use SVfilePattern and
|
||||||
|
SPfilePattern or disable this option.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = mkOption {
|
||||||
|
default = "";
|
||||||
|
type = types.lines;
|
||||||
|
description = ''
|
||||||
|
extra config appended to the generated acng.conf
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
imp = {
|
||||||
|
|
||||||
|
users.extraUsers.acng = {
|
||||||
|
# uid = config.ids.uids.acng;
|
||||||
|
uid = 897955083; #genid Reaktor
|
||||||
|
description = "apt-cacher-ng";
|
||||||
|
home = acng-home;
|
||||||
|
createHome = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.extraGroups.acng = {
|
||||||
|
gid = 897955083; #genid Reaktor
|
||||||
|
# gid = config.ids.gids.Reaktor;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.apt-cacher-ng = {
|
||||||
|
description = "apt-cacher-ng";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
PermissionsStartOnly = true;
|
||||||
|
ExecStartPre = pkgs.writeScript "acng-init" ''
|
||||||
|
#!/bin/sh
|
||||||
|
mkdir -p ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
|
||||||
|
chown acng:acng ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
|
||||||
|
'';
|
||||||
|
ExecStart = "${pkgs.apt-cacher-ng}/bin/apt-cacher-ng -c ${acng-config}";
|
||||||
|
PrivateTmp = "true";
|
||||||
|
User = "acng";
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = "10";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.krebs.apt-cacher-ng = api;
|
||||||
|
config = mkIf cfg.enable imp;
|
||||||
|
}
|
@ -6,6 +6,7 @@ let
|
|||||||
|
|
||||||
out = {
|
out = {
|
||||||
imports = [
|
imports = [
|
||||||
|
./apt-cacher-ng.nix
|
||||||
./bepasty-server.nix
|
./bepasty-server.nix
|
||||||
./build.nix
|
./build.nix
|
||||||
./current.nix
|
./current.nix
|
||||||
@ -86,6 +87,7 @@ let
|
|||||||
krebs.dns.providers = {
|
krebs.dns.providers = {
|
||||||
de.krebsco = "zones";
|
de.krebsco = "zones";
|
||||||
gg23 = "hosts";
|
gg23 = "hosts";
|
||||||
|
shack = "hosts";
|
||||||
internet = "hosts";
|
internet = "hosts";
|
||||||
retiolum = "hosts";
|
retiolum = "hosts";
|
||||||
};
|
};
|
||||||
|
@ -33,12 +33,17 @@ let
|
|||||||
in {
|
in {
|
||||||
hosts = addNames {
|
hosts = addNames {
|
||||||
wolf = {
|
wolf = {
|
||||||
#dc = "shack";
|
dc = "shack";
|
||||||
nets = {
|
nets = {
|
||||||
#shack = {
|
shack = {
|
||||||
# addrs4 = [ TODO ];
|
addrs4 = [ "10.42.2.150" ];
|
||||||
# aliases = ["wolf.shack"];
|
aliases = [
|
||||||
#};
|
"wolf.shack"
|
||||||
|
"graphite.shack"
|
||||||
|
"acng.shack"
|
||||||
|
"drivedroid.shack"
|
||||||
|
];
|
||||||
|
};
|
||||||
retiolum = {
|
retiolum = {
|
||||||
addrs4 = ["10.243.77.1"];
|
addrs4 = ["10.243.77.1"];
|
||||||
addrs6 = ["42:0:0:0:0:0:77:1"];
|
addrs6 = ["42:0:0:0:0:0:77:1"];
|
||||||
|
@ -89,9 +89,9 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
restartIfChanged = true;
|
restartIfChanged = true;
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
|
restart = "always";
|
||||||
|
|
||||||
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
|
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
@ -2,14 +2,14 @@
|
|||||||
|
|
||||||
python3Packages.buildPythonPackage rec {
|
python3Packages.buildPythonPackage rec {
|
||||||
name = "Reaktor-${version}";
|
name = "Reaktor-${version}";
|
||||||
version = "0.5.0";
|
version = "0.5.1";
|
||||||
propagatedBuildInputs = with pkgs;[
|
propagatedBuildInputs = with pkgs;[
|
||||||
python3Packages.docopt
|
python3Packages.docopt
|
||||||
python3Packages.requests2
|
python3Packages.requests2
|
||||||
];
|
];
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://pypi.python.org/packages/source/R/Reaktor/Reaktor-${version}.tar.gz";
|
url = "https://pypi.python.org/packages/source/R/Reaktor/Reaktor-${version}.tar.gz";
|
||||||
sha256 = "1npag52xmnyqv56z0anyf6xf00q0smfzsippal0xdbxrfj7s8qim";
|
sha256 = "0dn9r0cyxi1sji2pnybsrc4hhaaq7hmf235nlgkrxqlsdb7y6n6n";
|
||||||
};
|
};
|
||||||
meta = {
|
meta = {
|
||||||
homepage = http://krebsco.de/;
|
homepage = http://krebsco.de/;
|
||||||
|
21
krebs/5pkgs/apt-cacher-ng/default.nix
Normal file
21
krebs/5pkgs/apt-cacher-ng/default.nix
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
{ stdenv, fetchurl, cmake, doxygen, zlib, openssl, bzip2, pkgconfig, libpthreadstubs }:
|
||||||
|
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
name = "apt-cacher-ng-${version}";
|
||||||
|
version = "0.8.6";
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz";
|
||||||
|
sha256 = "0044dfks8djl11fs28jj8894i4rq424xix3d3fkvzz2i6lnp8nr5";
|
||||||
|
};
|
||||||
|
|
||||||
|
NIX_LDFLAGS = "-lpthread";
|
||||||
|
buildInputs = [ doxygen cmake zlib openssl bzip2 pkgconfig libpthreadstubs ];
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
description = "A caching proxy specialized for linux distribution files";
|
||||||
|
homepage = http://www.unix-ag.uni-kl.de/~bloch/acng/;
|
||||||
|
license = stdenv.lib.licenses.gpl2;
|
||||||
|
maintainers = [ stdenv.lib.maintainers.makefu ];
|
||||||
|
};
|
||||||
|
}
|
22
krebs/5pkgs/drivedroid-gen-repo/default.nix
Normal file
22
krebs/5pkgs/drivedroid-gen-repo/default.nix
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
{stdenv,fetchurl,pkgs,python3Packages, ... }:
|
||||||
|
|
||||||
|
python3Packages.buildPythonPackage rec {
|
||||||
|
name = "drivedroid-gen-repo-${version}";
|
||||||
|
version = "0.4.2";
|
||||||
|
|
||||||
|
propagatedBuildInputs = with pkgs;[
|
||||||
|
python3Packages.docopt
|
||||||
|
];
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
url = "https://pypi.python.org/packages/source/d/drivedroid-gen-repo/drivedroid-gen-repo-${version}.tar.gz";
|
||||||
|
sha256 = "1w4dqc9ndyiv5kjh2y8n4p4c280vhqyj8s7y6al2klchcp2ab7q7";
|
||||||
|
};
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
homepage = http://krebsco.de/;
|
||||||
|
description = "Generate Drivedroid repos";
|
||||||
|
license = stdenv.lib.licenses.wtfpl;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
1
krebs/Zpubkeys/exco.ssh.pub
Normal file
1
krebs/Zpubkeys/exco.ssh.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== christian.stoeveken@gmail.com
|
@ -7,8 +7,6 @@
|
|||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
../2configs/default.nix
|
|
||||||
../2configs/fs/vm-single-partition.nix
|
|
||||||
../2configs/fs/single-partition-ext4.nix
|
../2configs/fs/single-partition-ext4.nix
|
||||||
../2configs/tinc-basic-retiolum.nix
|
../2configs/tinc-basic-retiolum.nix
|
||||||
];
|
];
|
||||||
|
@ -9,14 +9,15 @@ in {
|
|||||||
# TODO: copy this config or move to krebs
|
# TODO: copy this config or move to krebs
|
||||||
../2configs/tinc-basic-retiolum.nix
|
../2configs/tinc-basic-retiolum.nix
|
||||||
../2configs/headless.nix
|
../2configs/headless.nix
|
||||||
|
../2configs/fs/simple-swap.nix
|
||||||
../2configs/fs/single-partition-ext4.nix
|
../2configs/fs/single-partition-ext4.nix
|
||||||
# ../2configs/iodined.nix
|
# ../2configs/iodined.nix
|
||||||
|
../2configs/git/cgit-retiolum.nix
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.target = "root@gum.krebsco.de";
|
krebs.build.target = "root@gum.krebsco.de";
|
||||||
krebs.build.host = config.krebs.hosts.gum;
|
krebs.build.host = config.krebs.hosts.gum;
|
||||||
|
|
||||||
# Chat
|
# Chat
|
||||||
environment.systemPackages = with pkgs;[
|
environment.systemPackages = with pkgs;[
|
||||||
weechat
|
weechat
|
||||||
@ -33,21 +34,24 @@ in {
|
|||||||
services.udev.extraRules = ''
|
services.udev.extraRules = ''
|
||||||
SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
|
SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
|
||||||
'';
|
'';
|
||||||
|
boot.kernelParams = [ "ipv6.disable=1" ];
|
||||||
networking = {
|
networking = {
|
||||||
firewall = {
|
enableIPv6 = false;
|
||||||
allowPing = true;
|
firewall = {
|
||||||
allowedTCPPorts = [
|
allowPing = true;
|
||||||
# smtp
|
logRefusedConnections = false;
|
||||||
25
|
allowedTCPPorts = [
|
||||||
# http
|
# smtp
|
||||||
80 443
|
25
|
||||||
# tinc
|
# http
|
||||||
655
|
80 443
|
||||||
];
|
# tinc
|
||||||
allowedUDPPorts = [
|
655
|
||||||
# tinc
|
];
|
||||||
655 53
|
allowedUDPPorts = [
|
||||||
];
|
# tinc
|
||||||
|
655 53
|
||||||
|
];
|
||||||
};
|
};
|
||||||
interfaces.et0.ip4 = [{
|
interfaces.et0.ip4 = [{
|
||||||
address = external-ip;
|
address = external-ip;
|
||||||
|
@ -24,11 +24,11 @@ in {
|
|||||||
# other nginx
|
# other nginx
|
||||||
../2configs/nginx/euer.wiki.nix
|
../2configs/nginx/euer.wiki.nix
|
||||||
../2configs/nginx/euer.blog.nix
|
../2configs/nginx/euer.blog.nix
|
||||||
|
../2configs/nginx/euer.test.nix
|
||||||
|
|
||||||
# collectd
|
# collectd
|
||||||
../2configs/collectd/collectd-base.nix
|
../2configs/collectd/collectd-base.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.wry;
|
krebs.build.host = config.krebs.hosts.wry;
|
||||||
|
|
||||||
krebs.Reaktor.enable = true;
|
krebs.Reaktor.enable = true;
|
||||||
@ -59,9 +59,12 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
firewall.allowPing = true;
|
firewall = {
|
||||||
firewall.allowedTCPPorts = [ 53 80 443 ];
|
allowPing = true;
|
||||||
firewall.allowedUDPPorts = [ 655 ];
|
logRefusedConnections = false;
|
||||||
|
allowedTCPPorts = [ 53 80 443 ];
|
||||||
|
allowedUDPPorts = [ 655 ];
|
||||||
|
};
|
||||||
interfaces.enp2s1.ip4 = [{
|
interfaces.enp2s1.ip4 = [{
|
||||||
address = external-ip;
|
address = external-ip;
|
||||||
prefixLength = 24;
|
prefixLength = 24;
|
||||||
@ -70,5 +73,9 @@ in {
|
|||||||
nameservers = [ "8.8.8.8" ];
|
nameservers = [ "8.8.8.8" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = [ pkgs.translate-shell ];
|
# small machine - do not forget to gc every day
|
||||||
|
nix.gc.automatic = true;
|
||||||
|
nix.gc.dates = "03:10";
|
||||||
|
|
||||||
|
environment.systemPackages = [ ];
|
||||||
}
|
}
|
||||||
|
11
makefu/2configs/fs/simple-swap.nix
Normal file
11
makefu/2configs/fs/simple-swap.nix
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
_:
|
||||||
|
{
|
||||||
|
# do not swap that often
|
||||||
|
boot.kernel.sysctl = {
|
||||||
|
"vm.swappiness" = 25;
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [
|
||||||
|
{ device = "/dev/disk/by-label/swap"; }
|
||||||
|
];
|
||||||
|
}
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
# TODO: remove tv lib :)
|
# TODO: remove tv lib :)
|
||||||
with import ../../../tv/4lib { inherit lib pkgs; };
|
with lib;
|
||||||
let
|
let
|
||||||
|
|
||||||
repos = priv-repos // krebs-repos ;
|
repos = priv-repos // krebs-repos ;
|
||||||
@ -26,7 +26,7 @@ let
|
|||||||
inherit name desc;
|
inherit name desc;
|
||||||
public = false;
|
public = false;
|
||||||
hooks = {
|
hooks = {
|
||||||
post-receive = git.irc-announce {
|
post-receive = pkgs.git-hooks.irc-announce {
|
||||||
nick = config.networking.hostName;
|
nick = config.networking.hostName;
|
||||||
channel = "#retiolum";
|
channel = "#retiolum";
|
||||||
# TODO remove the hardcoded hostname
|
# TODO remove the hardcoded hostname
|
||||||
|
@ -1,10 +1,12 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
# TODO: remove tv lib :)
|
# TODO: remove tv lib :)
|
||||||
with import ../../../tv/4lib { inherit lib pkgs; };
|
with lib;
|
||||||
let
|
let
|
||||||
|
|
||||||
repos = priv-repos // krebs-repos ;
|
repos = priv-repos // krebs-repos // connector-repos ;
|
||||||
rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos);
|
rules = concatMap krebs-rules (attrValues krebs-repos)
|
||||||
|
++ concatMap priv-rules (attrValues priv-repos)
|
||||||
|
++ concatMap connector-rules (attrValues connector-repos);
|
||||||
|
|
||||||
krebs-repos = mapAttrs make-krebs-repo {
|
krebs-repos = mapAttrs make-krebs-repo {
|
||||||
stockholm = {
|
stockholm = {
|
||||||
@ -19,6 +21,10 @@ let
|
|||||||
autosync = { };
|
autosync = { };
|
||||||
};
|
};
|
||||||
|
|
||||||
|
connector-repos = mapAttrs make-priv-repo {
|
||||||
|
connector = { };
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
# TODO move users to separate module
|
# TODO move users to separate module
|
||||||
make-priv-repo = name: { desc ? null, ... }: {
|
make-priv-repo = name: { desc ? null, ... }: {
|
||||||
@ -30,7 +36,7 @@ let
|
|||||||
inherit name desc;
|
inherit name desc;
|
||||||
public = true;
|
public = true;
|
||||||
hooks = {
|
hooks = {
|
||||||
post-receive = git.irc-announce {
|
post-receive = pkgs.git-hooks.irc-announce {
|
||||||
nick = config.networking.hostName;
|
nick = config.networking.hostName;
|
||||||
verbose = config.krebs.build.host.name == "pnp";
|
verbose = config.krebs.build.host.name == "pnp";
|
||||||
channel = "#retiolum";
|
channel = "#retiolum";
|
||||||
@ -40,12 +46,19 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
set-owners = with git;repo: user:
|
|
||||||
singleton {
|
|
||||||
inherit user;
|
# TODO: get the list of all krebsministers
|
||||||
repo = [ repo ];
|
krebsminister = with config.krebs.users; [ lass tv uriel ];
|
||||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ];
|
||||||
};
|
all-exco = with config.krebs.users; [ exco ];
|
||||||
|
|
||||||
|
priv-rules = repo: set-owners repo all-makefu;
|
||||||
|
|
||||||
|
connector-rules = repo: set-owners repo all-makefu ++ set-owners repo all-exco;
|
||||||
|
|
||||||
|
krebs-rules = repo:
|
||||||
|
set-owners repo all-makefu ++ set-ro-access repo krebsminister;
|
||||||
|
|
||||||
set-ro-access = with git; repo: user:
|
set-ro-access = with git; repo: user:
|
||||||
optional repo.public {
|
optional repo.public {
|
||||||
@ -54,24 +67,28 @@ let
|
|||||||
perm = fetch;
|
perm = fetch;
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: get the list of all krebsministers
|
set-owners = with git;repo: user:
|
||||||
krebsminister = with config.krebs.users; [ lass tv uriel ];
|
singleton {
|
||||||
all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ];
|
inherit user;
|
||||||
|
repo = [ repo ];
|
||||||
priv-rules = repo: set-owners repo all-makefu;
|
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||||
|
};
|
||||||
krebs-rules = repo:
|
|
||||||
set-owners repo all-makefu ++ set-ro-access repo krebsminister;
|
|
||||||
|
|
||||||
in {
|
in {
|
||||||
imports = [{
|
imports = [{
|
||||||
krebs.users.makefu-omo = {
|
krebs.users = {
|
||||||
|
makefu-omo = {
|
||||||
name = "makefu-omo" ;
|
name = "makefu-omo" ;
|
||||||
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub;
|
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub;
|
||||||
};
|
};
|
||||||
krebs.users.makefu-tsp = {
|
makefu-tsp = {
|
||||||
name = "makefu-tsp" ;
|
name = "makefu-tsp" ;
|
||||||
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;
|
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;
|
||||||
|
};
|
||||||
|
exco = {
|
||||||
|
name = "exco";
|
||||||
|
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/exco.ssh.pub;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}];
|
}];
|
||||||
krebs.git = {
|
krebs.git = {
|
||||||
|
@ -12,7 +12,7 @@ with lib;
|
|||||||
firefox
|
firefox
|
||||||
chromium
|
chromium
|
||||||
keepassx
|
keepassx
|
||||||
|
ntfs3g
|
||||||
virtmanager
|
virtmanager
|
||||||
at_spi2_core # dep for virtmanager?
|
at_spi2_core # dep for virtmanager?
|
||||||
];
|
];
|
||||||
|
@ -2,11 +2,11 @@
|
|||||||
|
|
||||||
let
|
let
|
||||||
mainUser = config.krebs.build.user;
|
mainUser = config.krebs.build.user;
|
||||||
version = "5.0.4";
|
version = "5.0.6";
|
||||||
rev = "102546";
|
rev = "103037";
|
||||||
vboxguestpkg = pkgs.fetchurl {
|
vboxguestpkg = pkgs.fetchurl {
|
||||||
url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
|
url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
|
||||||
sha256 = "1ykwpjvfgj11iwhx70bh2hbxhyy3hg6rnqzl4qac7xzg8xw8wqg4";
|
sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf";
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
#inherit vboxguestpkg;
|
#inherit vboxguestpkg;
|
||||||
|
@ -1,12 +1,35 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
shack-ip = lib.head config.krebs.build.host.nets.shack.addrs4;
|
||||||
|
internal-ip = lib.head config.krebs.build.host.nets.retiolum.addrs4;
|
||||||
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../2configs/base.nix
|
../2configs/base.nix
|
||||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||||
../2configs/collectd-base.nix
|
../2configs/collectd-base.nix
|
||||||
|
../2configs/shack-nix-cacher.nix
|
||||||
|
../2configs/shack-drivedroid.nix
|
||||||
];
|
];
|
||||||
|
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
||||||
|
# apt-cacher-ng in first place)
|
||||||
|
nix.binaryCaches = [ "http://localhost:3142/nixos" "https://cache.nixos.org" ];
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
firewall.enable = false;
|
||||||
|
interfaces.eth0.ip4 = [{
|
||||||
|
address = shack-ip;
|
||||||
|
prefixLength = 20;
|
||||||
|
}];
|
||||||
|
|
||||||
|
defaultGateway = "10.42.0.1";
|
||||||
|
nameservers = [ "8.8.8.8" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
#####################
|
||||||
|
# uninteresting stuff
|
||||||
|
#####################
|
||||||
krebs.build.host = config.krebs.hosts.wolf;
|
krebs.build.host = config.krebs.hosts.wolf;
|
||||||
# TODO rename shared user to "krebs"
|
# TODO rename shared user to "krebs"
|
||||||
krebs.build.user = config.krebs.users.shared;
|
krebs.build.user = config.krebs.users.shared;
|
||||||
@ -31,7 +54,7 @@
|
|||||||
fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; };
|
fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; };
|
||||||
|
|
||||||
swapDevices = [
|
swapDevices = [
|
||||||
{ device = "/dev/disk/by-label/swap"; }
|
{ device = "/dev/disk/by-label/swap"; }
|
||||||
];
|
];
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
@ -64,6 +64,8 @@ with lib;
|
|||||||
# TODO
|
# TODO
|
||||||
config.krebs.users.lass.pubkey
|
config.krebs.users.lass.pubkey
|
||||||
config.krebs.users.makefu.pubkey
|
config.krebs.users.makefu.pubkey
|
||||||
|
# TODO HARDER:
|
||||||
|
(readFile ../../krebs/Zpubkeys/makefu_omo.ssh.pub)
|
||||||
config.krebs.users.tv.pubkey
|
config.krebs.users.tv.pubkey
|
||||||
];
|
];
|
||||||
|
|
||||||
|
42
shared/2configs/shack-drivedroid.nix
Normal file
42
shared/2configs/shack-drivedroid.nix
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
{ pkgs, lib, config, ... }:
|
||||||
|
let
|
||||||
|
repodir = "/var/srv/drivedroid";
|
||||||
|
srepodir = lib.shell.escape repodir;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
systemd.paths.drivedroid = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
Description = "triggers for changes in drivedroid dir";
|
||||||
|
pathConfig = {
|
||||||
|
PathModified = repodir;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.drivedroid = {
|
||||||
|
ServiceConfig = {
|
||||||
|
ExecStartPre = pkgs.writeScript "prepare-drivedroid-repo-gen" ''
|
||||||
|
#!/bin/sh
|
||||||
|
mkdir -p ${srepodir}/repos
|
||||||
|
'';
|
||||||
|
ExecStart = pkgs.writeScript "start-drivedroid-repo-gen" ''
|
||||||
|
#!/bin/sh
|
||||||
|
{pkgs.drivedroid-gen-repo}/bin/drivedroid-gen-repo --chdir "${srepodir}" repos/ > "${srepodir}/main.json"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.nginx = {
|
||||||
|
enable = lib.mkDefault true;
|
||||||
|
servers = {
|
||||||
|
drivedroid-repo = {
|
||||||
|
server-names = [ "drivedroid.shack" ];
|
||||||
|
# TODO: prepare this somehow
|
||||||
|
locations = lib.singleton (lib.nameValuePair "/" ''
|
||||||
|
root ${repodir};
|
||||||
|
index main.json;
|
||||||
|
'');
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
25
shared/2configs/shack-nix-cacher.nix
Normal file
25
shared/2configs/shack-nix-cacher.nix
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{ pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
krebs.nginx = {
|
||||||
|
enable = lib.mkDefault true;
|
||||||
|
servers = {
|
||||||
|
apt-cacher-ng = {
|
||||||
|
server-names = [ "acng.shack" ];
|
||||||
|
locations = lib.singleton (lib.nameValuePair "/" ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_pass http://localhost:3142/;
|
||||||
|
'');
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.apt-cacher-ng = {
|
||||||
|
enable = true;
|
||||||
|
port = 3142;
|
||||||
|
bindAddress = "localhost";
|
||||||
|
cacheExpiration = 30;
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user