From 1fb964e8412106a5d9b764e86a995aabbcd060c3 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 8 Jul 2017 15:00:30 +0200 Subject: shell: call proxy nix-shell with --run --- shell.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shell.nix b/shell.nix index 3e7ba81c1..83ff7f039 100644 --- a/shell.nix +++ b/shell.nix @@ -109,7 +109,7 @@ let NIX_PATH=$(q "$target_path") \ STOCKHOLM_VERSION=$STOCKHOLM_VERSION \ nix-shell \ - --command $(q \ + --run $(q \ config=$config \ system=$system \ target=$target \ -- cgit v1.3.1 From fc3f5d3d56a299b7b46c1a42d3fec57c536a5917 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 8 Jul 2017 14:58:09 +0200 Subject: shell: don't populate when source doesn't evaluate --- shell.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/shell.nix b/shell.nix index 83ff7f039..e0c60e330 100644 --- a/shell.nix +++ b/shell.nix @@ -85,18 +85,19 @@ let }; populate = pkgs.writeDash "init.env.populate" '' set -efu - ${pkgs.nix}/bin/nix-instantiate \ + _source=$(${pkgs.nix}/bin/nix-instantiate \ --eval \ --json \ --readonly-mode \ --show-trace \ --strict \ -I nixos-config="$config" \ - -E 'with import ; config.krebs.build.source' \ - | + -E 'with import ; config.krebs.build.source') + echo $_source | ${pkgs.populate}/bin/populate \ "$target_user@$target_host:$target_port$target_path" \ >&2 + unset _source ''; proxy = pkgs.writeDash "init.env.proxy" '' set -efu -- cgit v1.3.1 From 7fdc46bb9d911838edfa723d985ede6a604c0c5a Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 6 Jul 2017 21:47:47 +0200 Subject: move source config from module system to 1systems/*/source.nix --- Makefile | 2 +- krebs/3modules/build.nix | 7 -- lib/default.nix | 3 + lib/eval-source.nix | 17 +++++ shell.nix | 6 +- tv/1systems/alnus.nix | 96 ------------------------ tv/1systems/alnus/config.nix | 96 ++++++++++++++++++++++++ tv/1systems/alnus/source.nix | 3 + tv/1systems/caxi.nix | 25 ------- tv/1systems/caxi/config.nix | 25 +++++++ tv/1systems/caxi/source.nix | 3 + tv/1systems/cd.nix | 34 --------- tv/1systems/cd/config.nix | 34 +++++++++ tv/1systems/cd/source.nix | 3 + tv/1systems/mu.nix | 160 --------------------------------------- tv/1systems/mu/config.nix | 160 +++++++++++++++++++++++++++++++++++++++ tv/1systems/mu/source.nix | 3 + tv/1systems/nomic.nix | 74 ------------------ tv/1systems/nomic/config.nix | 74 ++++++++++++++++++ tv/1systems/nomic/source.nix | 4 + tv/1systems/test/source.nix | 3 + tv/1systems/wu.nix | 174 ------------------------------------------- tv/1systems/wu/config.nix | 174 +++++++++++++++++++++++++++++++++++++++++++ tv/1systems/wu/source.nix | 4 + tv/1systems/xu.nix | 174 ------------------------------------------- tv/1systems/xu/config.nix | 174 +++++++++++++++++++++++++++++++++++++++++++ tv/1systems/xu/source.nix | 4 + tv/1systems/zu.nix | 170 ------------------------------------------ tv/1systems/zu/config.nix | 170 ++++++++++++++++++++++++++++++++++++++++++ tv/1systems/zu/source.nix | 4 + tv/2configs/default.nix | 18 +---- tv/source.nix | 22 ++++++ 32 files changed, 986 insertions(+), 934 deletions(-) create mode 100644 lib/eval-source.nix delete mode 100644 tv/1systems/alnus.nix create mode 100644 tv/1systems/alnus/config.nix create mode 100644 tv/1systems/alnus/source.nix delete mode 100644 tv/1systems/caxi.nix create mode 100644 tv/1systems/caxi/config.nix create mode 100644 tv/1systems/caxi/source.nix delete mode 100644 tv/1systems/cd.nix create mode 100644 tv/1systems/cd/config.nix create mode 100644 tv/1systems/cd/source.nix delete mode 100644 tv/1systems/mu.nix create mode 100644 tv/1systems/mu/config.nix create mode 100644 tv/1systems/mu/source.nix delete mode 100644 tv/1systems/nomic.nix create mode 100644 tv/1systems/nomic/config.nix create mode 100644 tv/1systems/nomic/source.nix create mode 100644 tv/1systems/test/source.nix delete mode 100644 tv/1systems/wu.nix create mode 100644 tv/1systems/wu/config.nix create mode 100644 tv/1systems/wu/source.nix delete mode 100644 tv/1systems/xu.nix create mode 100644 tv/1systems/xu/config.nix create mode 100644 tv/1systems/xu/source.nix delete mode 100644 tv/1systems/zu.nix create mode 100644 tv/1systems/zu/config.nix create mode 100644 tv/1systems/zu/source.nix create mode 100644 tv/source.nix diff --git a/Makefile b/Makefile index cab53d52a..e35aa89bc 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ export STOCKHOLM_VERSION ?= $(shell \ system ?= $(HOSTNAME) $(if $(system),,$(error unbound variable: system)) -nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system).nix +nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system)/config.nix ifneq ($(words $(wildcard $(nixos-config))),1) $(error bad nixos-config: $(nixos-config)) endif diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 976d378f9..904deb164 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -14,16 +14,9 @@ with import ; default = "/nix/var/nix/profiles/system"; }; - source = mkOption { - type = types.attrsOf types.source; - default = {}; - }; - # TODO deprecate krebs.build.user user = mkOption { type = types.user; }; }; - - config.krebs.build.source.stockholm.file = mkDefault (toString ); } diff --git a/lib/default.nix b/lib/default.nix index 803a614a1..4c54f60aa 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,6 +1,9 @@ let nixpkgs-lib = import ; lib = with lib; nixpkgs-lib // builtins // { + + evalSource = import ./eval-source.nix; + git = import ./git.nix { inherit lib; }; shell = import ./shell.nix { inherit lib; }; types = nixpkgs-lib.types // import ./types.nix { inherit lib; }; diff --git a/lib/eval-source.nix b/lib/eval-source.nix new file mode 100644 index 000000000..de5f0b43c --- /dev/null +++ b/lib/eval-source.nix @@ -0,0 +1,17 @@ +with import ; +let + eval = _file: source: evalModules { + modules = singleton { + inherit _file; + options.source = mkOption { + type = types.attrsOf types.source; + default = {}; + }; + config = { + inherit source; + }; + }; + }; +in + # This function's return value can be used as pkgs.populate input. + _file: source: (eval _file source).config.source diff --git a/shell.nix b/shell.nix index e0c60e330..57957f823 100644 --- a/shell.nix +++ b/shell.nix @@ -43,9 +43,11 @@ let ''; init.env = pkgs.writeText "init.env" /* sh */ '' - config=''${config-$LOGNAME/1systems/$system.nix} + config=''${config-$LOGNAME/1systems/$system/config.nix} + source=''${source-$LOGNAME/1systems/$system/source.nix} export config + export source export system export target @@ -92,7 +94,7 @@ let --show-trace \ --strict \ -I nixos-config="$config" \ - -E 'with import ; config.krebs.build.source') + "$source") echo $_source | ${pkgs.populate}/bin/populate \ "$target_user@$target_host:$target_port$target_path" \ diff --git a/tv/1systems/alnus.nix b/tv/1systems/alnus.nix deleted file mode 100644 index ef2a0500f..000000000 --- a/tv/1systems/alnus.nix +++ /dev/null @@ -1,96 +0,0 @@ -{ config, pkgs, ... }: - -with import ; - -{ - imports = [ - ../. - ../2configs/hw/x220.nix - ../2configs/exim-retiolum.nix - ../2configs/retiolum.nix - ]; - - # TODO remove non-hardware stuff from ../2configs/hw/x220.nix - # networking.wireless.enable collides with networkmanager - networking.wireless.enable = mkForce false; - - boot = { - initrd = { - availableKernelModules = [ "ahci" ]; - luks = { - cryptoModules = [ "aes" "sha512" "xts" ]; - devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - }; - }; - }; - - environment.systemPackages = with pkgs; [ - chromium - firefoxWrapper - networkmanagerapplet - pidginotr - pidgin-with-plugins - ]; - - fileSystems = { - "/boot" = { - device = "/dev/sda1"; - }; - "/" = { - device = "/dev/mapper/main-root"; - fsType = "btrfs"; - options = [ "defaults" "noatime" ]; - }; - "/home" = { - device = "/dev/mapper/main-home"; - fsType = "btrfs"; - options = [ "defaults" "noatime" ]; - }; - }; - - hardware = { - opengl.driSupport32Bit = true; - pulseaudio.enable = true; - }; - - i18n.defaultLocale = "de_DE.UTF-8"; - - krebs.build = { - host = config.krebs.hosts.alnus; - user = mkForce config.krebs.users.dv; - source.nixpkgs.git.ref = mkForce "9b948ea439ddbaa26740ce35543e7e35d2aa6d18"; - }; - - networking.networkmanager.enable = true; - - nixpkgs.config = { - allowUnfree = true; - }; - - services.xserver = { - enable = true; - layout = "de"; - xkbOptions = "eurosign:e"; - synaptics = { - enable = true; - twoFingerScroll = true; - }; - desktopManager.xfce.enable = true; - displayManager.auto = { - enable = true; - user = "dv"; - }; - }; - - swapDevices =[ ]; - - users.users.dv = { - inherit (config.krebs.users.dv) home uid; - isNormalUser = true; - extraGroups = [ - "audio" - "video" - "networkmanager" - ]; - }; -} diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix new file mode 100644 index 000000000..d08a2901b --- /dev/null +++ b/tv/1systems/alnus/config.nix @@ -0,0 +1,96 @@ +{ config, pkgs, ... }: + +with import ; + +{ + imports = [ + + + + + ]; + + # TODO remove non-hardware stuff from ../2configs/hw/x220.nix + # networking.wireless.enable collides with networkmanager + networking.wireless.enable = mkForce false; + + boot = { + initrd = { + availableKernelModules = [ "ahci" ]; + luks = { + cryptoModules = [ "aes" "sha512" "xts" ]; + devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + chromium + firefoxWrapper + networkmanagerapplet + pidginotr + pidgin-with-plugins + ]; + + fileSystems = { + "/boot" = { + device = "/dev/sda1"; + }; + "/" = { + device = "/dev/mapper/main-root"; + fsType = "btrfs"; + options = [ "defaults" "noatime" ]; + }; + "/home" = { + device = "/dev/mapper/main-home"; + fsType = "btrfs"; + options = [ "defaults" "noatime" ]; + }; + }; + + hardware = { + opengl.driSupport32Bit = true; + pulseaudio.enable = true; + }; + + i18n.defaultLocale = "de_DE.UTF-8"; + + krebs.build = { + host = config.krebs.hosts.alnus; + user = mkForce config.krebs.users.dv; + source.nixpkgs.git.ref = mkForce "9b948ea439ddbaa26740ce35543e7e35d2aa6d18"; + }; + + networking.networkmanager.enable = true; + + nixpkgs.config = { + allowUnfree = true; + }; + + services.xserver = { + enable = true; + layout = "de"; + xkbOptions = "eurosign:e"; + synaptics = { + enable = true; + twoFingerScroll = true; + }; + desktopManager.xfce.enable = true; + displayManager.auto = { + enable = true; + user = "dv"; + }; + }; + + swapDevices =[ ]; + + users.users.dv = { + inherit (config.krebs.users.dv) home uid; + isNormalUser = true; + extraGroups = [ + "audio" + "video" + "networkmanager" + ]; + }; +} diff --git a/tv/1systems/alnus/source.nix b/tv/1systems/alnus/source.nix new file mode 100644 index 000000000..f9dcefee6 --- /dev/null +++ b/tv/1systems/alnus/source.nix @@ -0,0 +1,3 @@ +import { + name = "alnus"; +} diff --git a/tv/1systems/caxi.nix b/tv/1systems/caxi.nix deleted file mode 100644 index 59f3cd63a..000000000 --- a/tv/1systems/caxi.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, ... }: - -with import ; - -{ - krebs.build.host = config.krebs.hosts.caxi; - - imports = [ - ../. - ../2configs/hw/CAC-Developer-1.nix - ../2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/retiolum.nix - ]; - - networking = let - inherit (config.krebs.build.host.nets.internet) ip4; - in { - interfaces.enp2s1.ip4 = singleton { - address = ip4.addr; - prefixLength = fromJSON (head (match ".*/([0-9]+)" ip4.prefix)); - }; - defaultGateway = head (match "([^/]*)\.0/[0-9]+" ip4.prefix) + ".1"; - nameservers = ["8.8.8.8"]; - }; -} diff --git a/tv/1systems/caxi/config.nix b/tv/1systems/caxi/config.nix new file mode 100644 index 000000000..b136d1ade --- /dev/null +++ b/tv/1systems/caxi/config.nix @@ -0,0 +1,25 @@ +{ config, ... }: + +with import ; + +{ + krebs.build.host = config.krebs.hosts.caxi; + + imports = [ + + + + + ]; + + networking = let + inherit (config.krebs.build.host.nets.internet) ip4; + in { + interfaces.enp2s1.ip4 = singleton { + address = ip4.addr; + prefixLength = fromJSON (head (match ".*/([0-9]+)" ip4.prefix)); + }; + defaultGateway = head (match "([^/]*)\.0/[0-9]+" ip4.prefix) + ".1"; + nameservers = ["8.8.8.8"]; + }; +} diff --git a/tv/1systems/caxi/source.nix b/tv/1systems/caxi/source.nix new file mode 100644 index 000000000..bc875b768 --- /dev/null +++ b/tv/1systems/caxi/source.nix @@ -0,0 +1,3 @@ +import { + name = "caxi"; +} diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix deleted file mode 100644 index 9f2cec574..000000000 --- a/tv/1systems/cd.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -{ - krebs.build.host = config.krebs.hosts.cd; - - imports = [ - ../. - ../2configs/hw/CAC-Developer-2.nix - ../2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/exim-smarthost.nix - ../2configs/retiolum.nix - ]; - - networking = { - interfaces.enp2s1.ip4 = singleton { - address = let - addr = "45.62.237.203"; - in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr; - prefixLength = 24; - }; - defaultGateway = "45.62.237.1"; - nameservers = ["8.8.8.8"]; - }; - - environment.systemPackages = with pkgs; [ - iftop - iotop - iptables - nethogs - tcpdump - ]; -} diff --git a/tv/1systems/cd/config.nix b/tv/1systems/cd/config.nix new file mode 100644 index 000000000..f78bcafeb --- /dev/null +++ b/tv/1systems/cd/config.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +with import ; + +{ + krebs.build.host = config.krebs.hosts.cd; + + imports = [ + + + + + + ]; + + networking = { + interfaces.enp2s1.ip4 = singleton { + address = let + addr = "45.62.237.203"; + in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr; + prefixLength = 24; + }; + defaultGateway = "45.62.237.1"; + nameservers = ["8.8.8.8"]; + }; + + environment.systemPackages = with pkgs; [ + iftop + iotop + iptables + nethogs + tcpdump + ]; +} diff --git a/tv/1systems/cd/source.nix b/tv/1systems/cd/source.nix new file mode 100644 index 000000000..019e8bc22 --- /dev/null +++ b/tv/1systems/cd/source.nix @@ -0,0 +1,3 @@ +import { + name = "cd"; +} diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix deleted file mode 100644 index 3f3b2c2f4..000000000 --- a/tv/1systems/mu.nix +++ /dev/null @@ -1,160 +0,0 @@ -{ config, pkgs, ... }: - -with import ; - -{ - imports = [ - ../../krebs - ../2configs - ../3modules - ../2configs/exim-retiolum.nix - ../2configs/retiolum.nix - ]; - - krebs.build.host = config.krebs.hosts.mu; - krebs.build.user = mkForce config.krebs.users.vv; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0" - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0" - - # for jack - KERNEL=="rtc0", GROUP="audio" - KERNEL=="hpet", GROUP="audio" - ''; - - - # hardware configuration - boot.initrd.luks.devices = [ - { name = "vgmu1"; device = "/dev/sda2"; } - ]; - boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ]; - boot.initrd.availableKernelModules = [ "ahci" ]; - boot.kernelModules = [ "fbcon" "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - boot.extraModprobeConfig = '' - options kvm_intel nested=1 - ''; - - fileSystems = { - "/" = { - device = "/dev/vgmu1/nixroot"; - fsType = "ext4"; - options = [ "defaults" "noatime" ]; - }; - "/home" = { - device = "/dev/vgmu1/home"; - options = [ "defaults" "noatime" ]; - }; - "/boot" = { - device = "/dev/sda1"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = [ "nosuid" "nodev" "noatime" ]; - }; - }; - - swapDevices =[ ]; - - nixpkgs.config.allowUnfree = true; - hardware.opengl.driSupport32Bit = true; - - hardware.pulseaudio.enable = true; - - hardware.enableAllFirmware = true; - - boot.loader.gummiboot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.networkmanager.enable = true; - - environment.systemPackages = with pkgs; [ - slock - tinc_pre - iptables - vim - gimp - xsane - firefoxWrapper - chromium - skype - libreoffice - pidgin-with-plugins - pidginotr - - #foomatic_filters - #gutenprint - #cups_pdf_filter - #ghostscript - ]; - - - i18n.defaultLocale = "de_DE.UTF-8"; - - programs.ssh.startAgent = false; - - security.wrappers = { - sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron - slock.source = "${pkgs.slock}/bin/slock"; - }; - - security.pam.loginLimits = [ - # for jack - { domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; } - { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; } - ]; - - fonts.fonts = [ - pkgs.xlibs.fontschumachermisc - ]; - - # Enable CUPS to print documents. - services.printing = { - enable = true; - #drivers = [ - # #pkgs.foomatic_filters - # #pkgs.gutenprint - # #pkgs.cups_pdf_filter - # #pkgs.ghostscript - #]; - #cupsdConf = '' - # LogLevel debug2 - #''; - }; - - services.xserver.enable = true; - services.xserver.layout = "de"; - services.xserver.xkbOptions = "eurosign:e"; - - # TODO this is host specific - services.xserver.synaptics = { - enable = true; - twoFingerScroll = true; - }; - - services.xserver.desktopManager.plasma5 = { - enable = true; - }; - services.xserver.displayManager.auto = { - enable = true; - user = "vv"; - }; - - users.users.vv = { - inherit (config.krebs.users.vv) home uid; - isNormalUser = true; - extraGroups = [ - "audio" - "video" - "networkmanager" - ]; - }; - - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; -} diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix new file mode 100644 index 000000000..239f333b5 --- /dev/null +++ b/tv/1systems/mu/config.nix @@ -0,0 +1,160 @@ +{ config, pkgs, ... }: + +with import ; + +{ + imports = [ + + + + + + ]; + + krebs.build.host = config.krebs.hosts.mu; + krebs.build.user = mkForce config.krebs.users.vv; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0" + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0" + + # for jack + KERNEL=="rtc0", GROUP="audio" + KERNEL=="hpet", GROUP="audio" + ''; + + + # hardware configuration + boot.initrd.luks.devices = [ + { name = "vgmu1"; device = "/dev/sda2"; } + ]; + boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ]; + boot.initrd.availableKernelModules = [ "ahci" ]; + boot.kernelModules = [ "fbcon" "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + boot.extraModprobeConfig = '' + options kvm_intel nested=1 + ''; + + fileSystems = { + "/" = { + device = "/dev/vgmu1/nixroot"; + fsType = "ext4"; + options = [ "defaults" "noatime" ]; + }; + "/home" = { + device = "/dev/vgmu1/home"; + options = [ "defaults" "noatime" ]; + }; + "/boot" = { + device = "/dev/sda1"; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = [ "nosuid" "nodev" "noatime" ]; + }; + }; + + swapDevices =[ ]; + + nixpkgs.config.allowUnfree = true; + hardware.opengl.driSupport32Bit = true; + + hardware.pulseaudio.enable = true; + + hardware.enableAllFirmware = true; + + boot.loader.gummiboot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.networkmanager.enable = true; + + environment.systemPackages = with pkgs; [ + slock + tinc_pre + iptables + vim + gimp + xsane + firefoxWrapper + chromium + skype + libreoffice + pidgin-with-plugins + pidginotr + + #foomatic_filters + #gutenprint + #cups_pdf_filter + #ghostscript + ]; + + + i18n.defaultLocale = "de_DE.UTF-8"; + + programs.ssh.startAgent = false; + + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + slock.source = "${pkgs.slock}/bin/slock"; + }; + + security.pam.loginLimits = [ + # for jack + { domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; } + { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; } + ]; + + fonts.fonts = [ + pkgs.xlibs.fontschumachermisc + ]; + + # Enable CUPS to print documents. + services.printing = { + enable = true; + #drivers = [ + # #pkgs.foomatic_filters + # #pkgs.gutenprint + # #pkgs.cups_pdf_filter + # #pkgs.ghostscript + #]; + #cupsdConf = '' + # LogLevel debug2 + #''; + }; + + services.xserver.enable = true; + services.xserver.layout = "de"; + services.xserver.xkbOptions = "eurosign:e"; + + # TODO this is host specific + services.xserver.synaptics = { + enable = true; + twoFingerScroll = true; + }; + + services.xserver.desktopManager.plasma5 = { + enable = true; + }; + services.xserver.displayManager.auto = { + enable = true; + user = "vv"; + }; + + users.users.vv = { + inherit (config.krebs.users.vv) home uid; + isNormalUser = true; + extraGroups = [ + "audio" + "video" + "networkmanager" + ]; + }; + + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" # does this work with mounted /tmp? + ]; +} diff --git a/tv/1systems/mu/source.nix b/tv/1systems/mu/source.nix new file mode 100644 index 000000000..7e148cf36 --- /dev/null +++ b/tv/1systems/mu/source.nix @@ -0,0 +1,3 @@ +import { + name = "mu"; +} diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix deleted file mode 100644 index 9b9502254..000000000 --- a/tv/1systems/nomic.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -{ - krebs.build.host = config.krebs.hosts.nomic; - - imports = [ - ../. - ../2configs/hw/x220.nix - ../2configs/exim-retiolum.nix - ../2configs/gitrepos.nix - ../2configs/im.nix - ../2configs/mail-client.nix - ../2configs/nginx/public_html.nix - ../2configs/pulse.nix - ../2configs/retiolum.nix - ../2configs/xserver - ]; - - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "xts" ]; - devices = [ - { name = "luks1"; device = "/dev/sda2"; } - ]; - }; - - # Don't use UEFI because current disk was partitioned/formatted for AO753. - # TODO remove following bool.loader section after repartitioning/reformatting - boot.loader = { - grub = { - device = "/dev/sda"; - splashImage = null; - }; - systemd-boot.enable = mkForce false; - }; - - fileSystems."/" = - { device = "/dev/mapper/nomic1-root"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = - { device = "/dev/sda1"; - fsType = "ext4"; - }; - - fileSystems."/home" = - { device = "/dev/mapper/nomic1-home"; - fsType = "btrfs"; - }; - - swapDevices = [ ]; - - # TODO base - boot.tmpOnTmpfs = true; - - environment.systemPackages = with pkgs; [ - (writeDashBin "play" '' - set -euf - mpv() { exec ${mpv}/bin/mpv "$@"; } - case $1 in - deepmix) mpv http://deepmix.ru/deepmix128.pls;; - groovesalad) mpv http://somafm.com/play/groovesalad;; - ntslive) mpv http://listen2.ntslive.co.uk/listen.pls;; - *) - echo "$0: bad argument: $*" >&2 - exit 23 - esac - '') - gnupg - tmux - ]; -} diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix new file mode 100644 index 000000000..d0144986b --- /dev/null +++ b/tv/1systems/nomic/config.nix @@ -0,0 +1,74 @@ +{ config, lib, pkgs, ... }: + +with import ; + +{ + krebs.build.host = config.krebs.hosts.nomic; + + imports = [ + + + + + + + + + + + ]; + + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "xts" ]; + devices = [ + { name = "luks1"; device = "/dev/sda2"; } + ]; + }; + + # Don't use UEFI because current disk was partitioned/formatted for AO753. + # TODO remove following bool.loader section after repartitioning/reformatting + boot.loader = { + grub = { + device = "/dev/sda"; + splashImage = null; + }; + systemd-boot.enable = mkForce false; + }; + + fileSystems."/" = + { device = "/dev/mapper/nomic1-root"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = + { device = "/dev/sda1"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/mapper/nomic1-home"; + fsType = "btrfs"; + }; + + swapDevices = [ ]; + + # TODO base + boot.tmpOnTmpfs = true; + + environment.systemPackages = with pkgs; [ + (writeDashBin "play" '' + set -euf + mpv() { exec ${mpv}/bin/mpv "$@"; } + case $1 in + deepmix) mpv http://deepmix.ru/deepmix128.pls;; + groovesalad) mpv http://somafm.com/play/groovesalad;; + ntslive) mpv http://listen2.ntslive.co.uk/listen.pls;; + *) + echo "$0: bad argument: $*" >&2 + exit 23 + esac + '') + gnupg + tmux + ]; +} diff --git a/tv/1systems/nomic/source.nix b/tv/1systems/nomic/source.nix new file mode 100644 index 000000000..f173b65a6 --- /dev/null +++ b/tv/1systems/nomic/source.nix @@ -0,0 +1,4 @@ +import { + name = "nomic"; + secure = true; +} diff --git a/tv/1systems/test/source.nix b/tv/1systems/test/source.nix new file mode 100644 index 000000000..f756b8586 --- /dev/null +++ b/tv/1systems/test/source.nix @@ -0,0 +1,3 @@ +import { + name = "test"; +} diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix deleted file mode 100644 index 4b3bf8538..000000000 --- a/tv/1systems/wu.nix +++ /dev/null @@ -1,174 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -{ - krebs.build.host = config.krebs.hosts.wu; - - imports = [ - ../. - ../2configs/hw/w110er.nix - ../2configs/exim-retiolum.nix - ../2configs/gitrepos.nix - ../2configs/im.nix - ../2configs/mail-client.nix - ../2configs/man.nix - ../2configs/nginx/public_html.nix - ../2configs/pulse.nix - ../2configs/retiolum.nix - ../2configs/xserver - { - environment.systemPackages = with pkgs; [ - # root - cryptsetup - - # tv - bc - bind # dig - cac-api - dic - file - get - gnupg1compat - haskellPackages.hledger - jq - mkpasswd - netcat - nix-repl - nmap - p7zip - push - qrencode - tmux - - #ack - #apache-httpd - #ascii - #emacs - #es - #esniper - #gcc - #gptfdisk - #graphviz - #haskellPackages.cabal2nix - #haskellPackages.ghc - #haskellPackages.shake - #hdparm - #i7z - #iftop - #imagemagick - #inotifyTools - #iodine - #iotop - #lshw - #lsof - #minicom - #mtools - #ncmpc - #neovim - #nethogs - #nix-prefetch-scripts #cvs bug - #openssl - #openswan - #parted - #perl - #powertop - #ppp - #proot - #pythonPackages.arandr - #pythonPackages.youtube-dl - #racket - #rxvt_unicode-with-plugins - #scrot - #sec - #silver-searcher - #sloccount - #smartmontools - #socat - #sshpass - #strongswan - #sysdig - #sysstat - #tcpdump - #tlsdate - #unetbootin - #utillinuxCurses - #wvdial - #xdotool - #xkill - #xl2tpd - #xsel - - unison - ]; - } - ]; - - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "xts" ]; - devices = [ - { name = "wuca"; device = "/dev/sda2"; } - ]; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/wuvga-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/bku" = { - device = "/dev/mapper/wuvga-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/home" = { - device = "/dev/mapper/wuvga-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/boot" = { - device = "/dev/sda1"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - krebs.nixpkgs.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name; - hardware.bumblebee.enable = true; - hardware.bumblebee.group = "video"; - hardware.enableAllFirmware = true; - hardware.opengl.driSupport32Bit = true; - - environment.systemPackages = with pkgs; [ - ethtool - tinc_pre - iptables - #jack2 - ]; - - security.wrappers = { - sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron - }; - - services.printing.enable = true; - - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0" - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0" - - # for jack - KERNEL=="rtc0", GROUP="audio" - KERNEL=="hpet", GROUP="audio" - ''; - - virtualisation.virtualbox.host.enable = true; -} diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix new file mode 100644 index 000000000..5b2542acd --- /dev/null +++ b/tv/1systems/wu/config.nix @@ -0,0 +1,174 @@ +{ config, lib, pkgs, ... }: + +with import ; + +{ + krebs.build.host = config.krebs.hosts.wu; + + imports = [ + + + + + + + + + + + + { + environment.systemPackages = with pkgs; [ + # root + cryptsetup + + # tv + bc + bind # dig + cac-api + dic + file + get + gnupg1compat + haskellPackages.hledger + jq + mkpasswd + netcat + nix-repl + nmap + p7zip + push + qrencode + tmux + + #ack + #apache-httpd + #ascii + #emacs + #es + #esniper + #gcc + #gptfdisk + #graphviz + #haskellPackages.cabal2nix + #haskellPackages.ghc + #haskellPackages.shake + #hdparm + #i7z + #iftop + #imagemagick + #inotifyTools + #iodine + #iotop + #lshw + #lsof + #minicom + #mtools + #ncmpc + #neovim + #nethogs + #nix-prefetch-scripts #cvs bug + #openssl + #openswan + #parted + #perl + #powertop + #ppp + #proot + #pythonPackages.arandr + #pythonPackages.youtube-dl + #racket + #rxvt_unicode-with-plugins + #scrot + #sec + #silver-searcher + #sloccount + #smartmontools + #socat + #sshpass + #strongswan + #sysdig + #sysstat + #tcpdump + #tlsdate + #unetbootin + #utillinuxCurses + #wvdial + #xdotool + #xkill + #xl2tpd + #xsel + + unison + ]; + } + ]; + + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "xts" ]; + devices = [ + { name = "wuca"; device = "/dev/sda2"; } + ]; + }; + + fileSystems = { + "/" = { + device = "/dev/mapper/wuvga-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/bku" = { + device = "/dev/mapper/wuvga-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/home" = { + device = "/dev/mapper/wuvga-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/boot" = { + device = "/dev/sda1"; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + krebs.nixpkgs.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name; + hardware.bumblebee.enable = true; + hardware.bumblebee.group = "video"; + hardware.enableAllFirmware = true; + hardware.opengl.driSupport32Bit = true; + + environment.systemPackages = with pkgs; [ + ethtool + tinc_pre + iptables + #jack2 + ]; + + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; + + services.printing.enable = true; + + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" # does this work with mounted /tmp? + ]; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0" + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0" + + # for jack + KERNEL=="rtc0", GROUP="audio" + KERNEL=="hpet", GROUP="audio" + ''; + + virtualisation.virtualbox.host.enable = true; +} diff --git a/tv/1systems/wu/source.nix b/tv/1systems/wu/source.nix new file mode 100644 index 000000000..2e9cdeb8a --- /dev/null +++ b/tv/1systems/wu/source.nix @@ -0,0 +1,4 @@ +import { + name = "wu"; + secure = true; +} diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix deleted file mode 100644 index d82f45ac0..000000000 --- a/tv/1systems/xu.nix +++ /dev/null @@ -1,174 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -{ - krebs.build.host = config.krebs.hosts.xu; - - imports = [ - ../. - ../2configs/hw/x220.nix - ../2configs/exim-retiolum.nix - ../2configs/gitconfig.nix - ../2configs/gitrepos.nix - ../2configs/mail-client.nix - ../2configs/man.nix - ../2configs/nginx/public_html.nix - ../2configs/pulse.nix - ../2configs/retiolum.nix - ../2configs/binary-cache - ../2configs/xserver - { - environment.systemPackages = with pkgs; [ - - - # root - cryptsetup - - # tv - bc - bind # dig - brain - cac-api - dic - file - gnupg1compat - haskellPackages.hledger - jq - krebszones - mkpasswd - netcat - netcup - nix-repl - nmap - p7zip - pass - q - qrencode - texlive.combined.scheme-full - tmux - - #ack - #apache-httpd - #ascii - #emacs - #es - #esniper - #gcc - #gptfdisk - #graphviz - #haskellPackages.cabal2nix - #haskellPackages.ghc - #haskellPackages.shake - #hdparm - #i7z - #iftop - #imagemagick - #inotifyTools - #iodine - #iotop - #lshw - #lsof - #minicom - #mtools - #ncmpc - #nethogs - #nix-prefetch-scripts #cvs bug - #openssl - #openswan - #parted - #perl - #powertop - #ppp - #proot - #pythonPackages.arandr - #pythonPackages.youtube-dl - #racket - #rxvt_unicode-with-plugins - #scrot - #sec - #silver-searcher - #sloccount - #smartmontools - #socat - #sshpass - #strongswan - #sysdig - #sysstat - #tcpdump - #tlsdate - #unetbootin - #utillinuxCurses - #wvdial - #xdotool - #xkill - #xl2tpd - #xsel - - unison - ]; - } - ]; - - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "xts" ]; - devices = [ - { name = "xuca"; device = "/dev/sda2"; } - ]; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/xuvga-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/bku" = { - device = "/dev/mapper/xuvga-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/home" = { - device = "/dev/mapper/xuvga-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/boot" = { - device = "/dev/sda1"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - environment.systemPackages = with pkgs; [ - ethtool - tinc_pre - iptables - #jack2 - - gptfdisk - ]; - - security.wrappers = { - sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron - }; - - services.printing.enable = true; - - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; - - #services.bitlbee.enable = true; - #services.tor.client.enable = true; - #services.tor.enable = true; - #services.virtualboxHost.enable = true; - - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "15.09"; -} diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix new file mode 100644 index 000000000..2bffdddb3 --- /dev/null +++ b/tv/1systems/xu/config.nix @@ -0,0 +1,174 @@ +{ config, lib, pkgs, ... }: + +with import ; + +{ + krebs.build.host = config.krebs.hosts.xu; + + imports = [ + + + + + + + + + + + + + { + environment.systemPackages = with pkgs; [ + + + # root + cryptsetup + + # tv + bc + bind # dig + brain + cac-api + dic + file + gnupg1compat + haskellPackages.hledger + jq + krebszones + mkpasswd + netcat + netcup + nix-repl + nmap + p7zip + pass + q + qrencode + texlive.combined.scheme-full + tmux + + #ack + #apache-httpd + #ascii + #emacs + #es + #esniper + #gcc + #gptfdisk + #graphviz + #haskellPackages.cabal2nix + #haskellPackages.ghc + #haskellPackages.shake + #hdparm + #i7z + #iftop + #imagemagick + #inotifyTools + #iodine + #iotop + #lshw + #lsof + #minicom + #mtools + #ncmpc + #nethogs + #nix-prefetch-scripts #cvs bug + #openssl + #openswan + #parted + #perl + #powertop + #ppp + #proot + #pythonPackages.arandr + #pythonPackages.youtube-dl + #racket + #rxvt_unicode-with-plugins + #scrot + #sec + #silver-searcher + #sloccount + #smartmontools + #socat + #sshpass + #strongswan + #sysdig + #sysstat + #tcpdump + #tlsdate + #unetbootin + #utillinuxCurses + #wvdial + #xdotool + #xkill + #xl2tpd + #xsel + + unison + ]; + } + ]; + + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "xts" ]; + devices = [ + { name = "xuca"; device = "/dev/sda2"; } + ]; + }; + + fileSystems = { + "/" = { + device = "/dev/mapper/xuvga-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/bku" = { + device = "/dev/mapper/xuvga-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/home" = { + device = "/dev/mapper/xuvga-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/boot" = { + device = "/dev/sda1"; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + environment.systemPackages = with pkgs; [ + ethtool + tinc_pre + iptables + #jack2 + + gptfdisk + ]; + + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; + + services.printing.enable = true; + + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" # does this work with mounted /tmp? + ]; + + #services.bitlbee.enable = true; + #services.tor.client.enable = true; + #services.tor.enable = true; + #services.virtualboxHost.enable = true; + + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "15.09"; +} diff --git a/tv/1systems/xu/source.nix b/tv/1systems/xu/source.nix new file mode 100644 index 000000000..46e1aee90 --- /dev/null +++ b/tv/1systems/xu/source.nix @@ -0,0 +1,4 @@ +import { + name = "xu"; + secure = true; +} diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix deleted file mode 100644 index 4fae3ca75..000000000 --- a/tv/1systems/zu.nix +++ /dev/null @@ -1,170 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -{ - krebs.build.host = config.krebs.hosts.zu; - - imports = [ - { - options.tv.test.sercret-file = mkOption { - type = types.secret-file; - default = {}; - }; - } - ../. - ../2configs/hw/x220.nix - ../2configs/exim-retiolum.nix - ../2configs/gitrepos.nix - ../2configs/mail-client.nix - ../2configs/man.nix - ../2configs/nginx/public_html.nix - ../2configs/pulse.nix - ../2configs/retiolum.nix - ../2configs/xserver - { - environment.systemPackages = with pkgs; [ - - # root - cryptsetup - - # tv - bc - bind # dig - cac-api - dic - file - gnupg1compat - haskellPackages.hledger - jq - mkpasswd - netcat - nix-repl - nmap - p7zip - pass - q - qrencode - # XXX fails at systemd.services.dbus.unitConfig - #texlive - tmux - - #ack - #apache-httpd - #ascii - #emacs - #es - #esniper - #gcc - #gptfdisk - #graphviz - #haskellPackages.cabal2nix - #haskellPackages.ghc - #haskellPackages.shake - #hdparm - #i7z - #iftop - #imagemagick - #inotifyTools - #iodine - #iotop - #lshw - #lsof - #minicom - #mtools - #ncmpc - #nethogs - #nix-prefetch-scripts #cvs bug - #openssl - #openswan - #parted - #perl - #powertop - #ppp - #proot - #pythonPackages.arandr - #pythonPackages.youtube-dl - #racket - #rxvt_unicode-with-plugins - #scrot - #sec - #silver-searcher - #sloccount - #smartmontools - #socat - #sshpass - #strongswan - #sysdig - #sysstat - #tcpdump - #tlsdate - #unetbootin - #utillinuxCurses - #wvdial - #xdotool - #xkill - #xl2tpd - #xsel - - unison - ]; - } - ]; - - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "xts" ]; - devices = [ - { name = "zuca"; device = "/dev/sda2"; } - ]; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/zuvga-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/home" = { - device = "/dev/mapper/zuvga-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/boot" = { - device = "/dev/sda1"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - environment.systemPackages = with pkgs; [ - ethtool - tinc_pre - iptables - #jack2 - - gptfdisk - ]; - - security.wrappers = { - sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron - }; - - services.printing.enable = true; - - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; - - #services.bitlbee.enable = true; - #services.tor.client.enable = true; - #services.tor.enable = true; - #services.virtualboxHost.enable = true; - - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "15.09"; -} diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix new file mode 100644 index 000000000..d2aab8c51 --- /dev/null +++ b/tv/1systems/zu/config.nix @@ -0,0 +1,170 @@ +{ config, lib, pkgs, ... }: + +with import ; + +{ + krebs.build.host = config.krebs.hosts.zu; + + imports = [ + { + options.tv.test.sercret-file = mkOption { + type = types.secret-file; + default = {}; + }; + } + + + + + + + + + + + { + environment.systemPackages = with pkgs; [ + + # root + cryptsetup + + # tv + bc + bind # dig + cac-api + dic + file + gnupg1compat + haskellPackages.hledger + jq + mkpasswd + netcat + nix-repl + nmap + p7zip + pass + q + qrencode + # XXX fails at systemd.services.dbus.unitConfig + #texlive + tmux + + #ack + #apache-httpd + #ascii + #emacs + #es + #esniper + #gcc + #gptfdisk + #graphviz + #haskellPackages.cabal2nix + #haskellPackages.ghc + #haskellPackages.shake + #hdparm + #i7z + #iftop + #imagemagick + #inotifyTools + #iodine + #iotop + #lshw + #lsof + #minicom + #mtools + #ncmpc + #nethogs + #nix-prefetch-scripts #cvs bug + #openssl + #openswan + #parted + #perl + #powertop + #ppp + #proot + #pythonPackages.arandr + #pythonPackages.youtube-dl + #racket + #rxvt_unicode-with-plugins + #scrot + #sec + #silver-searcher + #sloccount + #smartmontools + #socat + #sshpass + #strongswan + #sysdig + #sysstat + #tcpdump + #tlsdate + #unetbootin + #utillinuxCurses + #wvdial + #xdotool + #xkill + #xl2tpd + #xsel + + unison + ]; + } + ]; + + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "xts" ]; + devices = [ + { name = "zuca"; device = "/dev/sda2"; } + ]; + }; + + fileSystems = { + "/" = { + device = "/dev/mapper/zuvga-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/home" = { + device = "/dev/mapper/zuvga-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/boot" = { + device = "/dev/sda1"; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + environment.systemPackages = with pkgs; [ + ethtool + tinc_pre + iptables + #jack2 + + gptfdisk + ]; + + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; + + services.printing.enable = true; + + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" # does this work with mounted /tmp? + ]; + + #services.bitlbee.enable = true; + #services.tor.client.enable = true; + #services.tor.enable = true; + #services.virtualboxHost.enable = true; + + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "15.09"; +} diff --git a/tv/1systems/zu/source.nix b/tv/1systems/zu/source.nix new file mode 100644 index 000000000..7a5c4f523 --- /dev/null +++ b/tv/1systems/zu/source.nix @@ -0,0 +1,4 @@ +import { + name = "zu"; + secure = true; +} diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 3d95d6dee..07496fd1f 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -6,23 +6,7 @@ with import ; in { krebs.enable = true; - krebs.build = { - user = config.krebs.users.tv; - source = let inherit (config.krebs.build) host; in { - nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix"; - secrets.file = getAttr builder { - buildbot = toString ; - tv = "/home/tv/secrets/${host.name}"; - }; - secrets-common.file = "/home/tv/secrets/common"; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "057f89b9344e5341796046f25ae4f269be6d4529"; # nixos-17.03 - }; - } // optionalAttrs host.secure { - secrets-master.file = "/home/tv/secrets/master"; - }; - }; + krebs.build.user = config.krebs.users.tv; networking.hostName = config.krebs.build.host.name; diff --git a/tv/source.nix b/tv/source.nix new file mode 100644 index 000000000..7306cd954 --- /dev/null +++ b/tv/source.nix @@ -0,0 +1,22 @@ +with import ; +host@{ name, secure ? false }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "tv"; + _file = + "/tv/1systems/${name}/source.nix"; +in + evalSource (toString _file) { + nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix"; + secrets.file = getAttr builder { + buildbot = toString ; + tv = "/home/tv/secrets/${name}"; + }; + stockholm.file = toString ; + secrets-common.file = "/home/tv/secrets/common"; + nixpkgs.git = { + url = https://github.com/NixOS/nixpkgs; + ref = "1b57bf274ae5c76e91b2b264d8aa8bfcecb72102"; # nixos-17.03 + }; + } // optionalAttrs secure { + secrets-master.file = "/home/tv/secrets/master"; + } -- cgit v1.3.1 From 8fc6574c63d5727ef36292f24297bb291b9b4f06 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 12 Jul 2017 16:56:14 +0200 Subject: whatsupnix: exit != 0 on Nix errors --- krebs/5pkgs/simple/whatsupnix/whatsupnix.bash | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash index 2ad9aadc9..e21e0f1b3 100644 --- a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash +++ b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash @@ -14,15 +14,30 @@ # # 1 Usage error; arguments couldn't be parsed. # -# 2 Build error; at least one failed derivation could be found. +# 2 Nix error; input looks like Nix failed. +# +# 3 Build error; at least one failed derivation could be found. # -failed_drvs=$(mktemp --tmpdir whatsupnix.XXXXXXXX) -trap 'rm -f -- "$failed_drvs"' EXIT +tmpdir=$(mktemp -d --tmpdir whatsupnix.XXXXXXXX) +failed_drvs=$tmpdir/failed_drvs; touch "$failed_drvs" +nix_errors=$tmpdir/nix_errors; touch "$nix_errors" +cleanup() { + rm "$failed_drvs" + rm "$nix_errors" + rmdir "$tmpdir" +} +trap cleanup EXIT exec >&2 -gawk -v failed_drvs="$failed_drvs" ' +gawk \ + -v failed_drvs="$failed_drvs" \ + -v nix_errors="$nix_errors" \ +' + /^(\033\[31;1m)?error:/ { + print $0 >> nix_errors + } match($0, /^builder for ‘(\/nix\/store\/[^’]+\.drv)’ failed/, m) { print m[1] >> failed_drvs } @@ -73,8 +88,10 @@ while read -r drv; do echo done < "$failed_drvs" -if test -s "$failed_drvs"; then +if test -s "$nix_errors"; then exit 2 +elif test -s "$failed_drvs"; then + exit 3 else exit 0 fi -- cgit v1.3.1 From cc4b146ff6c2a05cd7a96f2121335de904591465 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 12 Jul 2017 17:25:23 +0200 Subject: tv x220: enable{All => Redistributable}Firmware --- tv/2configs/hw/x220.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix index 6cc295dc5..e0a04e214 100644 --- a/tv/2configs/hw/x220.nix +++ b/tv/2configs/hw/x220.nix @@ -11,7 +11,7 @@ networking.wireless.enable = true; # Required for Centrino. - hardware.enableAllFirmware = true; + hardware.enableRedistributableFirmware = true; hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; -- cgit v1.3.1 From eb4a9b17627b2eadb4cabc9758d1cd7815dc53ec Mon Sep 17 00:00:00 2001 From: nin Date: Tue, 27 Jun 2017 17:38:23 +0200 Subject: nin nixpkgs: 0afb6d7 -> 6916f24 --- nin/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix index 14ddb7920..4c6f5189b 100644 --- a/nin/2configs/nixpkgs.nix +++ b/nin/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "0afb6d7"; + ref = "6916f24"; }; } -- cgit v1.3.1 From 8cc4a36b42eeff734b58a91164f6cabc5c55db38 Mon Sep 17 00:00:00 2001 From: nin Date: Tue, 4 Jul 2017 22:41:16 +0200 Subject: nin nixpkgs 6916f24 -> 01c3847 --- nin/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix index 4c6f5189b..c46331b0d 100644 --- a/nin/2configs/nixpkgs.nix +++ b/nin/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "6916f24"; + ref = "01c3847"; }; } -- cgit v1.3.1 From 070d282df215eb891f298ef2e3c147a78e139119 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 10 Jul 2017 10:25:35 +0200 Subject: l nixpkgs: 2e983f1 -> d72efac --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 151242e45..f5a3bbf88 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "2e983f1"; + ref = "d72efac"; }; } -- cgit v1.3.1 From a543ef02ce6f2565823d56ae3bfed4794db15392 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 10 Jul 2017 19:49:14 +0200 Subject: l wine: add user to video group --- lass/2configs/wine.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index ee688e18c..d4a91e645 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -13,7 +13,10 @@ in { description = "user for running wine"; home = "/home/wine"; useDefaultShell = true; - extraGroups = [ "audio" ]; + extraGroups = [ + "audio" + "video" + ]; createHome = true; }; }; -- cgit v1.3.1 From 2ff81c4a0d81e8387925dfcc66685e7206c131cf Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Jul 2017 00:07:22 +0200 Subject: l mail: use reverse_names --- lass/2configs/mail.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index e39c09b84..9a3c4e829 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -43,10 +43,14 @@ let set nm_record = yes set nm_record_tags = "-inbox me archive" set virtual_spoolfile=yes # enable virtual folders - set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail + + + set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail set from="lassulus@lassul.us" + alternates ^.*@lassul\.us$ ^.*@.*\.r$ set use_from=yes set envelope_from=yes + set reverse_name set sort=threads -- cgit v1.3.1 From 9215b5b6880c833721caa7572b7480c7912d7fd6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Jul 2017 00:08:05 +0200 Subject: l mail: show recipent in mutt index --- lass/2configs/mail.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 9a3c4e829..6555b1b45 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -54,7 +54,15 @@ let set sort=threads - set index_format="%4C %Z %?GI?%GI& ? %[%d/%b] %-16.15F %?M?(%3M)& ? %s %> %?g?%g?" + set index_format="${pkgs.writeDash "mutt-index" '' + # http://www.mutt.org/doc/manual/#formatstrings + recipent="$(echo $1 | sed 's/.*<\([^>]*\).*/\1/')" + # output to mutt + # V + echo "%4C %Z %?GI?%GI& ? %[%d/%b] %-20.20a %?M?(%3M)& ? %s %> $recipent %?g?%g?%" + # args to mutt-index dash script + # V + ''} %r |" virtual-mailboxes \ "INBOX" "notmuch://?query=tag:inbox and NOT tag:killed"\ -- cgit v1.3.1 From 3363a8746c9152709abcd5adbbcdc00c2df0ff39 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Jul 2017 11:26:24 +0200 Subject: move source config from module system to 1systems/*/source.nix --- lass/1systems/cloudkrebs.nix | 35 --- lass/1systems/cloudkrebs/config.nix | 34 +++ lass/1systems/cloudkrebs/source.nix | 3 + lass/1systems/dishfire.nix | 97 ------- lass/1systems/dishfire/config.nix | 96 +++++++ lass/1systems/dishfire/source.nix | 3 + lass/1systems/echelon.nix | 70 ----- lass/1systems/echelon/config.nix | 65 +++++ lass/1systems/echelon/source.nix | 3 + lass/1systems/icarus.nix | 61 ----- lass/1systems/icarus/config.nix | 60 +++++ lass/1systems/icarus/source.nix | 4 + lass/1systems/iso.nix | 11 +- lass/1systems/mors.nix | 195 -------------- lass/1systems/mors/config.nix | 194 ++++++++++++++ lass/1systems/mors/source.nix | 4 + lass/1systems/prism.nix | 296 ---------------------- lass/1systems/prism/config.nix | 292 +++++++++++++++++++++ lass/1systems/prism/source.nix | 3 + lass/1systems/shodan.nix | 108 -------- lass/1systems/shodan/config.nix | 108 ++++++++ lass/1systems/shodan/source.nix | 3 + lass/1systems/uriel.nix | 100 -------- lass/1systems/uriel/config.nix | 100 ++++++++ lass/1systems/uriel/source.nix | 3 + lass/2configs/default.nix | 12 +- lass/2configs/nixpkgs.nix | 8 - lass/source.nix | 24 ++ shared/1systems/test-all-krebs-modules.nix | 54 ---- shared/1systems/test-all-krebs-modules/config.nix | 54 ++++ shared/1systems/test-all-krebs-modules/source.nix | 3 + shared/1systems/test-arch.nix | 32 --- shared/1systems/test-arch/config.nix | 32 +++ shared/1systems/test-arch/source.nix | 3 + shared/1systems/test-centos6.nix | 30 --- shared/1systems/test-centos6/config.nix | 30 +++ shared/1systems/test-centos6/source.nix | 3 + shared/1systems/test-centos7.nix | 16 -- shared/1systems/test-centos7/config.nix | 16 ++ shared/1systems/test-centos7/source.nix | 3 + shared/1systems/test-failing.nix | 9 - shared/1systems/test-failing/config.nix | 9 + shared/1systems/test-failing/source.nix | 3 + shared/1systems/test-minimal-deploy.nix | 16 -- shared/1systems/test-minimal-deploy/config.nix | 16 ++ shared/1systems/test-minimal-deploy/source.nix | 3 + shared/1systems/wolf.nix | 106 -------- shared/1systems/wolf/config.nix | 107 ++++++++ shared/1systems/wolf/source.nix | 3 + shared/2configs/default.nix | 12 - shared/source.nix | 19 ++ 51 files changed, 1309 insertions(+), 1262 deletions(-) delete mode 100644 lass/1systems/cloudkrebs.nix create mode 100644 lass/1systems/cloudkrebs/config.nix create mode 100644 lass/1systems/cloudkrebs/source.nix delete mode 100644 lass/1systems/dishfire.nix create mode 100644 lass/1systems/dishfire/config.nix create mode 100644 lass/1systems/dishfire/source.nix delete mode 100644 lass/1systems/echelon.nix create mode 100644 lass/1systems/echelon/config.nix create mode 100644 lass/1systems/echelon/source.nix delete mode 100644 lass/1systems/icarus.nix create mode 100644 lass/1systems/icarus/config.nix create mode 100644 lass/1systems/icarus/source.nix delete mode 100644 lass/1systems/mors.nix create mode 100644 lass/1systems/mors/config.nix create mode 100644 lass/1systems/mors/source.nix delete mode 100644 lass/1systems/prism.nix create mode 100644 lass/1systems/prism/config.nix create mode 100644 lass/1systems/prism/source.nix delete mode 100644 lass/1systems/shodan.nix create mode 100644 lass/1systems/shodan/config.nix create mode 100644 lass/1systems/shodan/source.nix delete mode 100644 lass/1systems/uriel.nix create mode 100644 lass/1systems/uriel/config.nix create mode 100644 lass/1systems/uriel/source.nix delete mode 100644 lass/2configs/nixpkgs.nix create mode 100644 lass/source.nix delete mode 100644 shared/1systems/test-all-krebs-modules.nix create mode 100644 shared/1systems/test-all-krebs-modules/config.nix create mode 100644 shared/1systems/test-all-krebs-modules/source.nix delete mode 100644 shared/1systems/test-arch.nix create mode 100644 shared/1systems/test-arch/config.nix create mode 100644 shared/1systems/test-arch/source.nix delete mode 100644 shared/1systems/test-centos6.nix create mode 100644 shared/1systems/test-centos6/config.nix create mode 100644 shared/1systems/test-centos6/source.nix delete mode 100644 shared/1systems/test-centos7.nix create mode 100644 shared/1systems/test-centos7/config.nix create mode 100644 shared/1systems/test-centos7/source.nix delete mode 100644 shared/1systems/test-failing.nix create mode 100644 shared/1systems/test-failing/config.nix create mode 100644 shared/1systems/test-failing/source.nix delete mode 100644 shared/1systems/test-minimal-deploy.nix create mode 100644 shared/1systems/test-minimal-deploy/config.nix create mode 100644 shared/1systems/test-minimal-deploy/source.nix delete mode 100644 shared/1systems/wolf.nix create mode 100644 shared/1systems/wolf/config.nix create mode 100644 shared/1systems/wolf/source.nix create mode 100644 shared/source.nix diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix deleted file mode 100644 index e65b13d00..000000000 --- a/lass/1systems/cloudkrebs.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; - - ip = config.krebs.build.host.nets.internet.ip4.addr; -in { - imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/os-templates/CAC-CentOS-7-64bit.nix - ../2configs/exim-retiolum.nix - ../2configs/git.nix - ../2configs/realwallpaper.nix - ../2configs/privoxy-retiolum.nix - { - networking.interfaces.enp2s1.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = getDefaultGateway ip; - networking.nameservers = [ - "8.8.8.8" - ]; - - } - { - sound.enable = false; - } - ]; - - krebs.build.host = config.krebs.hosts.cloudkrebs; -} diff --git a/lass/1systems/cloudkrebs/config.nix b/lass/1systems/cloudkrebs/config.nix new file mode 100644 index 000000000..aa9a1f1ab --- /dev/null +++ b/lass/1systems/cloudkrebs/config.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +let + inherit (import { inherit pkgs lib; }) getDefaultGateway; + ip = config.krebs.build.host.nets.internet.ip4.addr; +in { + imports = [ + + + + + + + + { + networking.interfaces.enp2s1.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = getDefaultGateway ip; + networking.nameservers = [ + "8.8.8.8" + ]; + + } + { + sound.enable = false; + } + ]; + + krebs.build.host = config.krebs.hosts.cloudkrebs; +} diff --git a/lass/1systems/cloudkrebs/source.nix b/lass/1systems/cloudkrebs/source.nix new file mode 100644 index 000000000..99e71e755 --- /dev/null +++ b/lass/1systems/cloudkrebs/source.nix @@ -0,0 +1,3 @@ +import { + name = "cloudkrebs"; +} diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix deleted file mode 100644 index e12367aca..000000000 --- a/lass/1systems/dishfire.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ../. - ../2configs/retiolum.nix - - #../2configs/exim-retiolum.nix - ../2configs/git.nix - { - boot.loader.grub = { - device = "/dev/vda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "ehci_pci" - "uhci_hcd" - "virtio_pci" - "virtio_blk" - ]; - - fileSystems."/" = { - device = "/dev/mapper/pool-nix"; - fsType = "ext4"; - }; - - fileSystems."/srv/http" = { - device = "/dev/pool/srv_http"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/vda1"; - fsType = "ext4"; - }; - fileSystems."/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; - } - { - networking.dhcpcd.allowInterfaces = [ - "enp*" - "eth*" - ]; - } - { - sound.enable = false; - } - { - environment.systemPackages = with pkgs; [ - mk_sql_pair - ]; - } - { - imports = [ - ../2configs/websites/fritz.nix - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - { predicate = "-p tcp --dport https"; target = "ACCEPT"; } - ]; - } - { - #TODO: abstract & move to own file - krebs.exim-smarthost = { - enable = true; - relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ - config.krebs.hosts.mors - config.krebs.hosts.uriel - ]; - system-aliases = [ - { from = "mailer-daemon"; to = "postmaster"; } - { from = "postmaster"; to = "root"; } - { from = "nobody"; to = "root"; } - { from = "hostmaster"; to = "root"; } - { from = "usenet"; to = "root"; } - { from = "news"; to = "root"; } - { from = "webmaster"; to = "root"; } - { from = "www"; to = "root"; } - { from = "ftp"; to = "root"; } - { from = "abuse"; to = "root"; } - { from = "noc"; to = "root"; } - { from = "security"; to = "root"; } - { from = "root"; to = "lass"; } - ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } - ]; - } - ]; - - krebs.build.host = config.krebs.hosts.dishfire; -} diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix new file mode 100644 index 000000000..416edeb82 --- /dev/null +++ b/lass/1systems/dishfire/config.nix @@ -0,0 +1,96 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + + { + boot.loader.grub = { + device = "/dev/vda"; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "ehci_pci" + "uhci_hcd" + "virtio_pci" + "virtio_blk" + ]; + + fileSystems."/" = { + device = "/dev/mapper/pool-nix"; + fsType = "ext4"; + }; + + fileSystems."/srv/http" = { + device = "/dev/pool/srv_http"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + fileSystems."/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; + } + { + networking.dhcpcd.allowInterfaces = [ + "enp*" + "eth*" + ]; + } + { + sound.enable = false; + } + { + environment.systemPackages = with pkgs; [ + mk_sql_pair + ]; + } + { + imports = [ + + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport http"; target = "ACCEPT"; } + { predicate = "-p tcp --dport https"; target = "ACCEPT"; } + ]; + } + { + #TODO: abstract & move to own file + krebs.exim-smarthost = { + enable = true; + relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + config.krebs.hosts.mors + config.krebs.hosts.uriel + ]; + system-aliases = [ + { from = "mailer-daemon"; to = "postmaster"; } + { from = "postmaster"; to = "root"; } + { from = "nobody"; to = "root"; } + { from = "hostmaster"; to = "root"; } + { from = "usenet"; to = "root"; } + { from = "news"; to = "root"; } + { from = "webmaster"; to = "root"; } + { from = "www"; to = "root"; } + { from = "ftp"; to = "root"; } + { from = "abuse"; to = "root"; } + { from = "noc"; to = "root"; } + { from = "security"; to = "root"; } + { from = "root"; to = "lass"; } + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } + ]; + } + ]; + + krebs.build.host = config.krebs.hosts.dishfire; +} diff --git a/lass/1systems/dishfire/source.nix b/lass/1systems/dishfire/source.nix new file mode 100644 index 000000000..2445af130 --- /dev/null +++ b/lass/1systems/dishfire/source.nix @@ -0,0 +1,3 @@ +import { + name = "dishfire"; +} diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix deleted file mode 100644 index da8864011..000000000 --- a/lass/1systems/echelon.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; - - ip = config.krebs.build.host.nets.internet.ip4.addr; -in { - imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/os-templates/CAC-CentOS-7-64bit.nix - ../2configs/exim-retiolum.nix - ../2configs/realwallpaper.nix - ../2configs/privoxy-retiolum.nix - ../2configs/git.nix - #../2configs/redis.nix - ../2configs/go.nix - ../2configs/ircd.nix - ../2configs/newsbot-js.nix - { - networking.interfaces.enp2s1.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = getDefaultGateway ip; - networking.nameservers = [ - "8.8.8.8" - ]; - - } - { - sound.enable = false; - } - { - imports = [ - ../3modules/dnsmasq.nix - ]; - lass.dnsmasq = { - enable = true; - config = '' - interface=retiolum - ''; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p udp --dport 53"; target = "ACCEPT"; } - ]; - } - { - users.extraUsers = { - satan = { - name = "satan"; - uid = 1338; - home = "/home/satan"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com" - ]; - }; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.echelon; -} diff --git a/lass/1systems/echelon/config.nix b/lass/1systems/echelon/config.nix new file mode 100644 index 000000000..f064a4788 --- /dev/null +++ b/lass/1systems/echelon/config.nix @@ -0,0 +1,65 @@ +{ config, lib, pkgs, ... }: + +let + inherit (import { inherit pkgs lib; }) getDefaultGateway; + ip = config.krebs.build.host.nets.internet.ip4.addr; +in { + imports = [ + + + + + + + + + + + { + networking.interfaces.enp2s1.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = getDefaultGateway ip; + networking.nameservers = [ + "8.8.8.8" + ]; + + } + { + sound.enable = false; + } + { + lass.dnsmasq = { + enable = true; + config = '' + interface=retiolum + ''; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p udp --dport 53"; target = "ACCEPT"; } + ]; + } + { + users.extraUsers = { + satan = { + name = "satan"; + uid = 1338; + home = "/home/satan"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com" + ]; + }; + }; + } + ]; + + krebs.build.host = config.krebs.hosts.echelon; +} diff --git a/lass/1systems/echelon/source.nix b/lass/1systems/echelon/source.nix new file mode 100644 index 000000000..96888d5a8 --- /dev/null +++ b/lass/1systems/echelon/source.nix @@ -0,0 +1,3 @@ +import { + name = "echelon"; +} diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus.nix deleted file mode 100644 index 13c517e3b..000000000 --- a/lass/1systems/icarus.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ config, pkgs, ... }: - -with import ; -{ - imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/hw/tp-x220.nix - ../2configs/git.nix - ../2configs/exim-retiolum.nix - ../2configs/baseX.nix - ../2configs/browsers.nix - ../2configs/programs.nix - ../2configs/fetchWallpaper.nix - ../2configs/backups.nix - ../2configs/games.nix - ]; - - krebs.build.host = config.krebs.hosts.icarus; - - boot = { - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = "/dev/sda"; - loader.grub.efiSupport = true; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - }; - fileSystems = { - "/" = { - device = "/dev/mapper/pool-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/boot" = { - device = "/dev/sda2"; - }; - #"/bku" = { - # device = "/dev/mapper/pool-bku"; - # fsType = "btrfs"; - # options = ["defaults" "noatime" "ssd" "compress=lzo"]; - #}; - "/home" = { - device = "/dev/mapper/pool-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" - ''; -} diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix new file mode 100644 index 000000000..791ce0f46 --- /dev/null +++ b/lass/1systems/icarus/config.nix @@ -0,0 +1,60 @@ +{ config, pkgs, ... }: + +{ + imports = [ + + + + + + + + + + + + ]; + + krebs.build.host = config.krebs.hosts.icarus; + + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + loader.grub.efiSupport = true; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/pool-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/boot" = { + device = "/dev/sda2"; + }; + #"/bku" = { + # device = "/dev/mapper/pool-bku"; + # fsType = "btrfs"; + # options = ["defaults" "noatime" "ssd" "compress=lzo"]; + #}; + "/home" = { + device = "/dev/mapper/pool-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + ''; +} diff --git a/lass/1systems/icarus/source.nix b/lass/1systems/icarus/source.nix new file mode 100644 index 000000000..5b46a44f3 --- /dev/null +++ b/lass/1systems/icarus/source.nix @@ -0,0 +1,4 @@ +import { + name = "icarus"; + secure = true; +} diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index b45d5b228..820ef74b8 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -4,12 +4,11 @@ with import ; { imports = [ - ../../krebs - ../3modules - ../5pkgs - ../2configs/mc.nix - ../2configs/nixpkgs.nix - ../2configs/vim.nix + + + + + { # /dev/stderr doesn't work. I don't know why # /proc/self doesn't seem to work correctly diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix deleted file mode 100644 index 0bfd54515..000000000 --- a/lass/1systems/mors.nix +++ /dev/null @@ -1,195 +0,0 @@ -{ config, pkgs, ... }: - -with import ; -{ - imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/hw/tp-x220.nix - ../2configs/baseX.nix - ../2configs/exim-retiolum.nix - ../2configs/programs.nix - ../2configs/bitcoin.nix - ../2configs/browsers.nix - ../2configs/games.nix - ../2configs/pass.nix - ../2configs/elster.nix - ../2configs/steam.nix - ../2configs/wine.nix - ../2configs/git.nix - ../2configs/virtualbox.nix - ../2configs/fetchWallpaper.nix - #../2configs/c-base.nix - ../2configs/mail.nix - ../2configs/repo-sync.nix - ../2configs/ircd.nix - ../2configs/logf.nix - ../2configs/syncthing.nix - { - #risk of rain port - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } - ]; - } - { - services.elasticsearch = { - enable = true; - }; - } - { - #zalando project - services.postgresql = { - enable = true; - package = pkgs.postgresql; - }; - virtualisation.docker.enable = true; - #users.users.mainUser.extraGroups = [ "docker" ]; - } - { - lass.umts = { - enable = true; - modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09"; - initstrings = '' - Init1 = AT+CFUN=1 - Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 - ''; - }; - } - { - services.nginx = { - enable = true; - virtualHosts.default = { - serverAliases = [ - "localhost" - "${config.krebs.build.host.name}" - "${config.krebs.build.host.name}.r" - ]; - locations."~ ^/~(.+?)(/.*)?\$".extraConfig = '' - alias /home/$1/public_html$2; - ''; - }; - }; - } - { - services.redis.enable = true; - } - { - environment.systemPackages = [ - pkgs.ovh-zone - ]; - } - { - #ps vita stuff - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; - } - { - services.tor = { - enable = true; - client.enable = true; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.mors; - - boot = { - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = "/dev/sda"; - loader.grub.efiSupport = true; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - }; - fileSystems = { - "/" = { - device = "/dev/mapper/pool-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/boot" = { - device = "/dev/sda2"; - }; - #"/bku" = { - # device = "/dev/mapper/pool-bku"; - # fsType = "btrfs"; - # options = ["defaults" "noatime" "ssd" "compress=lzo"]; - #}; - "/home" = { - device = "/dev/mapper/pool-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" - ''; - - #TODO activationScripts seem broken, fix them! - #activationScripts - #split up and move into base - system.activationScripts.powertopTunables = '' - #Runtime PMs - echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control' - ''; - - environment.systemPackages = with pkgs; [ - acronym - brain - cac-api - sshpass - get - teamspeak_client - hashPassword - urban - mk_sql_pair - remmina - thunderbird - - iodine - - macchanger - ]; - - #TODO: fix this shit - ##fprint stuff - ##sudo fprintd-enroll $USER to save fingerprints - #services.fprintd.enable = true; - #security.pam.services.sudo.fprintAuth = true; - - users.extraGroups = { - loot = { - members = [ - config.users.extraUsers.mainUser.name - "firefox" - "chromium" - "google" - "virtual" - ]; - }; - }; - - krebs.repo-sync.timerConfig = { - OnCalendar = "00:37"; - }; -} diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix new file mode 100644 index 000000000..bb0a4e23e --- /dev/null +++ b/lass/1systems/mors/config.nix @@ -0,0 +1,194 @@ +{ config, pkgs, ... }: + +with import ; +{ + imports = [ + + + + + + + + + + + + + + + + + + + + + + { + #risk of rain port + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } + ]; + } + { + services.elasticsearch = { + enable = true; + }; + } + { + #zalando project + services.postgresql = { + enable = true; + package = pkgs.postgresql; + }; + virtualisation.docker.enable = true; + #users.users.mainUser.extraGroups = [ "docker" ]; + } + { + lass.umts = { + enable = true; + modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09"; + initstrings = '' + Init1 = AT+CFUN=1 + Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + ''; + }; + } + { + services.nginx = { + enable = true; + virtualHosts.default = { + serverAliases = [ + "localhost" + "${config.krebs.build.host.name}" + "${config.krebs.build.host.name}.r" + ]; + locations."~ ^/~(.+?)(/.*)?\$".extraConfig = '' + alias /home/$1/public_html$2; + ''; + }; + }; + } + { + services.redis.enable = true; + } + { + environment.systemPackages = [ + pkgs.ovh-zone + ]; + } + { + #ps vita stuff + boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + } + { + services.tor = { + enable = true; + client.enable = true; + }; + } + ]; + + krebs.build.host = config.krebs.hosts.mors; + + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + loader.grub.efiSupport = true; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/pool-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/boot" = { + device = "/dev/sda2"; + }; + #"/bku" = { + # device = "/dev/mapper/pool-bku"; + # fsType = "btrfs"; + # options = ["defaults" "noatime" "ssd" "compress=lzo"]; + #}; + "/home" = { + device = "/dev/mapper/pool-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + ''; + + #TODO activationScripts seem broken, fix them! + #activationScripts + #split up and move into base + system.activationScripts.powertopTunables = '' + #Runtime PMs + echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control' + ''; + + environment.systemPackages = with pkgs; [ + acronym + brain + cac-api + sshpass + get + teamspeak_client + hashPassword + urban + mk_sql_pair + remmina + thunderbird + + iodine + + macchanger + ]; + + #TODO: fix this shit + ##fprint stuff + ##sudo fprintd-enroll $USER to save fingerprints + #services.fprintd.enable = true; + #security.pam.services.sudo.fprintAuth = true; + + users.extraGroups = { + loot = { + members = [ + config.users.extraUsers.mainUser.name + "firefox" + "chromium" + "google" + "virtual" + ]; + }; + }; + + krebs.repo-sync.timerConfig = { + OnCalendar = "00:37"; + }; +} diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix new file mode 100644 index 000000000..a9dfa2eb6 --- /dev/null +++ b/lass/1systems/mors/source.nix @@ -0,0 +1,4 @@ +import { + name = "mors"; + secure = true; +} diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix deleted file mode 100644 index 531dec9df..000000000 --- a/lass/1systems/prism.nix +++ /dev/null @@ -1,296 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; - -let - ip = config.krebs.build.host.nets.internet.ip4.addr; - - inherit (import {inherit lib pkgs;}) - manageCerts - ; - -in { - imports = [ - ../. - { - networking.interfaces.et0.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = "213.239.205.225"; - networking.nameservers = [ - "8.8.8.8" - ]; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" - ''; - } - ../2configs/retiolum.nix - ../2configs/exim-smarthost.nix - ../2configs/downloading.nix - ../2configs/ts3.nix - ../2configs/bitlbee.nix - ../2configs/weechat.nix - ../2configs/privoxy-retiolum.nix - ../2configs/radio.nix - ../2configs/buildbot-standalone.nix - ../2configs/repo-sync.nix - ../2configs/binary-cache/server.nix - ../2configs/iodined.nix - ../2configs/libvirt.nix - ../2configs/hfos.nix - ../2configs/makefu-sip.nix - ../2configs/monitoring/server.nix - ../2configs/monitoring/monit-alarms.nix - ../2configs/paste.nix - ../2configs/syncthing.nix - ../2configs/coders-irc.nix - ../2configs/ciko.nix - { - lass.pyload.enable = true; - } - { - imports = [ - ../2configs/bepasty.nix - ]; - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { - return 403; - } - ''; - } - { - users.extraGroups = { - # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories - # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) - # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago - # Docs: man:tmpfiles.d(5) - # man:systemd-tmpfiles(8) - # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) - # Main PID: 19272 (code=exited, status=1/FAILURE) - # - # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE - # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. - # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. - # warning: error(s) occured while switching to the new configuration - lock.gid = 10001; - }; - } - { - boot.loader.grub = { - devices = [ - "/dev/sda" - "/dev/sdb" - ]; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - ]; - - fileSystems."/" = { - device = "/dev/pool/nix"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36"; - }; - - fileSystems."/var/download" = { - device = "/dev/pool/download"; - }; - - fileSystems."/srv/http" = { - device = "/dev/pool/http"; - }; - - fileSystems."/srv/o.ubikmedia.de-data" = { - device = "/dev/pool/owncloud-ubik-data"; - }; - - fileSystems."/bku" = { - device = "/dev/pool/bku"; - }; - - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - - } - { - sound.enable = false; - } - { - nixpkgs.config.allowUnfree = true; - } - { - #stuff for juhulian - users.extraUsers.juhulian = { - name = "juhulian"; - uid = 1339; - home = "/home/juhulian"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" - ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} - ]; - } - { - environment.systemPackages = [ - pkgs.perlPackages.Plack - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8080"; target = "ACCEPT";} - ]; - } - { - users.users.chat.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH" - ]; - } - { - time.timeZone = "Europe/Berlin"; - } - { - imports = [ - ../2configs/websites/domsen.nix - ../2configs/websites/lassulus.nix - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - { predicate = "-p tcp --dport https"; target = "ACCEPT"; } - ]; - } - { - services.tor = { - enable = true; - }; - } - { - lass.ejabberd = { - enable = true; - hosts = [ "lassul.us" ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } - { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } - ]; - } - { - imports = [ - ../2configs/realwallpaper.nix - ]; - services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' - alias /var/realwallpaper/realwallpaper.png; - ''; - } - { - environment.systemPackages = with pkgs; [ - mk_sql_pair - ]; - } - { - users.users.tv = { - uid = genid "tv"; - inherit (config.krebs.users.tv) home; - group = "users"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.tv.pubkey - ]; - }; - } - { - krebs.repo-sync.timerConfig = { - OnBootSec = "15min"; - OnUnitInactiveSec = "90min"; - RandomizedDelaySec = "30min"; - }; - krebs.repo-sync.repos.stockholm.timerConfig = { - OnBootSec = "5min"; - OnUnitInactiveSec = "2min"; - RandomizedDelaySec = "2min"; - }; - krebs.repo-sync.repos.nixpkgs.timerConfig = { - OnBootSec = "90min"; - OnUnitInactiveSec = "24h"; - }; - } - { - lass.usershadow = { - enable = true; - }; - } - { - # Nin stuff - users.users.nin = { - uid = genid "nin"; - inherit (config.krebs.users.nin) home; - group = "users"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - extraGroups = [ - "libvirtd" - ]; - }; - krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 213.239.205.240 -p tcp --dport 1337"; target = "DNAT --to-destination 192.168.122.24:22"; } - ]; - krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } - ]; - } - { - krebs.Reaktor.prism = { - nickname = "Reaktor|lass"; - channels = [ "#retiolum" ]; - extraEnviron = { - REAKTOR_HOST = "ni.r"; - }; - plugins = with pkgs.ReaktorPlugins; [ - sed-plugin - ]; - }; - } - { - #stuff for dritter - users.extraUsers.dritter = { - name = "dritter"; - uid = genid "dritter"; - home = "/home/dritter"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway" - ]; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.prism; -} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix new file mode 100644 index 000000000..9faa4d473 --- /dev/null +++ b/lass/1systems/prism/config.nix @@ -0,0 +1,292 @@ +{ config, lib, pkgs, ... }: +with import ; + +let + ip = config.krebs.build.host.nets.internet.ip4.addr; + +in { + imports = [ + + { + networking.interfaces.et0.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = "213.239.205.225"; + networking.nameservers = [ + "8.8.8.8" + ]; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" + ''; + } + + + + + + + + + + + + + + + + + + + + + + { + lass.pyload.enable = true; + } + { + imports = [ + + ]; + krebs.bepasty.servers."paste.r".nginx.extraConfig = '' + if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { + return 403; + } + ''; + } + { + users.extraGroups = { + # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories + # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) + # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago + # Docs: man:tmpfiles.d(5) + # man:systemd-tmpfiles(8) + # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) + # Main PID: 19272 (code=exited, status=1/FAILURE) + # + # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE + # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. + # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. + # warning: error(s) occured while switching to the new configuration + lock.gid = 10001; + }; + } + { + boot.loader.grub = { + devices = [ + "/dev/sda" + "/dev/sdb" + ]; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + + fileSystems."/" = { + device = "/dev/pool/nix"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36"; + }; + + fileSystems."/var/download" = { + device = "/dev/pool/download"; + }; + + fileSystems."/srv/http" = { + device = "/dev/pool/http"; + }; + + fileSystems."/srv/o.ubikmedia.de-data" = { + device = "/dev/pool/owncloud-ubik-data"; + }; + + fileSystems."/bku" = { + device = "/dev/pool/bku"; + }; + + fileSystems."/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + + } + { + sound.enable = false; + } + { + nixpkgs.config.allowUnfree = true; + } + { + #stuff for juhulian + users.extraUsers.juhulian = { + name = "juhulian"; + uid = 1339; + home = "/home/juhulian"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + ]; + } + { + environment.systemPackages = [ + pkgs.perlPackages.Plack + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8080"; target = "ACCEPT";} + ]; + } + { + users.users.chat.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH" + ]; + } + { + time.timeZone = "Europe/Berlin"; + } + { + imports = [ + + + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport http"; target = "ACCEPT"; } + { predicate = "-p tcp --dport https"; target = "ACCEPT"; } + ]; + } + { + services.tor = { + enable = true; + }; + } + { + lass.ejabberd = { + enable = true; + hosts = [ "lassul.us" ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } + { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } + ]; + } + { + imports = [ + + ]; + services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' + alias /var/realwallpaper/realwallpaper.png; + ''; + } + { + environment.systemPackages = with pkgs; [ + mk_sql_pair + ]; + } + { + users.users.tv = { + uid = genid "tv"; + inherit (config.krebs.users.tv) home; + group = "users"; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.tv.pubkey + ]; + }; + } + { + krebs.repo-sync.timerConfig = { + OnBootSec = "15min"; + OnUnitInactiveSec = "90min"; + RandomizedDelaySec = "30min"; + }; + krebs.repo-sync.repos.stockholm.timerConfig = { + OnBootSec = "5min"; + OnUnitInactiveSec = "2min"; + RandomizedDelaySec = "2min"; + }; + krebs.repo-sync.repos.nixpkgs.timerConfig = { + OnBootSec = "90min"; + OnUnitInactiveSec = "24h"; + }; + } + { + lass.usershadow = { + enable = true; + }; + } + { + # Nin stuff + users.users.nin = { + uid = genid "nin"; + inherit (config.krebs.users.nin) home; + group = "users"; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + extraGroups = [ + "libvirtd" + ]; + }; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 213.239.205.240 -p tcp --dport 1337"; target = "DNAT --to-destination 192.168.122.24:22"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } + ]; + } + { + krebs.Reaktor.prism = { + nickname = "Reaktor|lass"; + channels = [ "#retiolum" ]; + extraEnviron = { + REAKTOR_HOST = "ni.r"; + }; + plugins = with pkgs.ReaktorPlugins; [ + sed-plugin + ]; + }; + } + { + #stuff for dritter + users.extraUsers.dritter = { + name = "dritter"; + uid = genid "dritter"; + home = "/home/dritter"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + "download" + ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway" + ]; + }; + } + ]; + + krebs.build.host = config.krebs.hosts.prism; +} diff --git a/lass/1systems/prism/source.nix b/lass/1systems/prism/source.nix new file mode 100644 index 000000000..557fbf509 --- /dev/null +++ b/lass/1systems/prism/source.nix @@ -0,0 +1,3 @@ +import { + name = "prism"; +} diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix deleted file mode 100644 index 044e2ccf8..000000000 --- a/lass/1systems/shodan.nix +++ /dev/null @@ -1,108 +0,0 @@ -{ config, pkgs, ... }: - -with import ; -{ - imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/hw/tp-x220.nix - ../2configs/baseX.nix - ../2configs/git.nix - ../2configs/exim-retiolum.nix - ../2configs/browsers.nix - ../2configs/programs.nix - ../2configs/fetchWallpaper.nix - ../2configs/backups.nix - ../2configs/wine.nix - #{ - # users.extraUsers = { - # root = { - # openssh.authorizedKeys.keys = map readFile [ - # ../../krebs/Zpubkeys/uriel.ssh.pub - # ]; - # }; - # }; - #} - { - users.users.sokratess = { - uid = genid "sokratess"; - home = "/home/sokratess"; - group = "users"; - createHome = true; - extraGroups = [ - "audio" - "networkmanager" - ]; - useDefaultShell = true; - password = "aidsballs"; - }; - krebs.per-user.sokratess.packages = [ - pkgs.firefox - pkgs.python27Packages.virtualenv - pkgs.python27Packages.ipython - pkgs.python27Packages.python - ]; - } - { - krebs.monit = let - echoToIrc = msg: - pkgs.writeDash "echo_irc" '' - set -euf - export LOGNAME=prism-alarm - ${pkgs.irc-announce}/bin/irc-announce \ - ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null - ''; - in { - enable = true; - http.enable = true; - alarms = { - hfos = { - test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'"; - alarm = echoToIrc "test hfos failed"; - }; - }; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; } - ]; - } - ]; - - krebs.build.host = config.krebs.hosts.shodan; - - boot = { - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = "/dev/sda"; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; - }; - fileSystems = { - "/" = { - device = "/dev/pool/nix"; - fsType = "btrfs"; - }; - - "/boot" = { - device = "/dev/sda1"; - }; - - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - "/bku" = { - device = "/dev/pool/bku"; - fsType = "btrfs"; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" - ''; -} diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix new file mode 100644 index 000000000..a68471aa0 --- /dev/null +++ b/lass/1systems/shodan/config.nix @@ -0,0 +1,108 @@ +{ config, pkgs, ... }: + +with import ; +{ + imports = [ + + + + + + + + + + + + #{ + # users.extraUsers = { + # root = { + # openssh.authorizedKeys.keys = map readFile [ + # ../../krebs/Zpubkeys/uriel.ssh.pub + # ]; + # }; + # }; + #} + { + users.users.sokratess = { + uid = genid "sokratess"; + home = "/home/sokratess"; + group = "users"; + createHome = true; + extraGroups = [ + "audio" + "networkmanager" + ]; + useDefaultShell = true; + password = "aidsballs"; + }; + krebs.per-user.sokratess.packages = [ + pkgs.firefox + pkgs.python27Packages.virtualenv + pkgs.python27Packages.ipython + pkgs.python27Packages.python + ]; + } + { + krebs.monit = let + echoToIrc = msg: + pkgs.writeDash "echo_irc" '' + set -euf + export LOGNAME=prism-alarm + ${pkgs.irc-announce}/bin/irc-announce \ + ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null + ''; + in { + enable = true; + http.enable = true; + alarms = { + hfos = { + test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'"; + alarm = echoToIrc "test hfos failed"; + }; + }; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; } + ]; + } + ]; + + krebs.build.host = config.krebs.hosts.shodan; + + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + #kernelModules = [ "kvm-intel" "msr" ]; + }; + fileSystems = { + "/" = { + device = "/dev/pool/nix"; + fsType = "btrfs"; + }; + + "/boot" = { + device = "/dev/sda1"; + }; + + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + "/bku" = { + device = "/dev/pool/bku"; + fsType = "btrfs"; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + ''; +} diff --git a/lass/1systems/shodan/source.nix b/lass/1systems/shodan/source.nix new file mode 100644 index 000000000..be24ae2d5 --- /dev/null +++ b/lass/1systems/shodan/source.nix @@ -0,0 +1,3 @@ +import { + name = "shodan"; +} diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix deleted file mode 100644 index b84fec317..000000000 --- a/lass/1systems/uriel.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ config, pkgs, ... }: - -with builtins; -with import ; -{ - imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/exim-retiolum.nix - { - # locke config - i18n.defaultLocale ="de_DE.UTF-8"; - time.timeZone = "Europe/Berlin"; - services.xserver.enable = true; - users.users.locke = { - uid = genid "locke"; - home = "/home/locke"; - group = "users"; - createHome = true; - extraGroups = [ - "audio" - "networkmanager" - ]; - useDefaultShell = true; - }; - networking.networkmanager.enable = true; - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - environment.systemPackages = with pkgs; [ - pavucontrol - firefox - hexchat - networkmanagerapplet - ]; - services.xserver.desktopManager.xfce = { - enable = true; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.uriel; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - boot = { - #kernelParams = [ - # "acpi.brightness_switch_enabled=0" - #]; - #loader.grub.enable = true; - #loader.grub.version = 2; - #loader.grub.device = "/dev/sda"; - - loader.systemd-boot.enable = true; - loader.timeout = 5; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; - }; - fileSystems = { - "/" = { - device = "/dev/pool/root"; - fsType = "ext4"; - }; - - "/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/sda1"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" - ''; - - services.xserver.synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - additionalOptions = '' - Option "FingerHigh" "60" - Option "FingerLow" "60" - ''; - }; -} diff --git a/lass/1systems/uriel/config.nix b/lass/1systems/uriel/config.nix new file mode 100644 index 000000000..70bef9883 --- /dev/null +++ b/lass/1systems/uriel/config.nix @@ -0,0 +1,100 @@ +{ config, pkgs, ... }: + +with builtins; +with import ; +{ + imports = [ + + + + { + # locke config + i18n.defaultLocale ="de_DE.UTF-8"; + time.timeZone = "Europe/Berlin"; + services.xserver.enable = true; + users.users.locke = { + uid = genid "locke"; + home = "/home/locke"; + group = "users"; + createHome = true; + extraGroups = [ + "audio" + "networkmanager" + ]; + useDefaultShell = true; + }; + networking.networkmanager.enable = true; + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + environment.systemPackages = with pkgs; [ + pavucontrol + firefox + hexchat + networkmanagerapplet + ]; + services.xserver.desktopManager.xfce = { + enable = true; + }; + } + ]; + + krebs.build.host = config.krebs.hosts.uriel; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + boot = { + #kernelParams = [ + # "acpi.brightness_switch_enabled=0" + #]; + #loader.grub.enable = true; + #loader.grub.version = 2; + #loader.grub.device = "/dev/sda"; + + loader.systemd-boot.enable = true; + loader.timeout = 5; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + #kernelModules = [ "kvm-intel" "msr" ]; + kernelModules = [ "msr" ]; + }; + fileSystems = { + "/" = { + device = "/dev/pool/root"; + fsType = "ext4"; + }; + + "/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; + + "/boot" = { + device = "/dev/sda1"; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" + ''; + + services.xserver.synaptics = { + enable = true; + twoFingerScroll = true; + accelFactor = "0.035"; + additionalOptions = '' + Option "FingerHigh" "60" + Option "FingerLow" "60" + ''; + }; +} diff --git a/lass/1systems/uriel/source.nix b/lass/1systems/uriel/source.nix new file mode 100644 index 000000000..11d6e1c34 --- /dev/null +++ b/lass/1systems/uriel/source.nix @@ -0,0 +1,3 @@ +import { + name = "uriel"; +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 27b74a30b..c643fa130 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -6,7 +6,6 @@ with import ; ../2configs/binary-cache/client.nix ../2configs/gc.nix ../2configs/mc.nix - ../2configs/nixpkgs.nix ../2configs/vim.nix ../2configs/monitoring/client.nix ./htop.nix @@ -71,16 +70,7 @@ with import ; krebs = { enable = true; search-domain = "r"; - build = { - user = config.krebs.users.lass; - source = let inherit (config.krebs.build) host; in { - nixos-config.symlink = "stockholm/lass/1systems/${host.name}.nix"; - secrets.file = - if getEnv "dummy_secrets" == "true" - then toString - else "/home/lass/secrets/${host.name}"; - }; - }; + build.user = config.krebs.users.lass; }; nix.useSandbox = true; diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix deleted file mode 100644 index f5a3bbf88..000000000 --- a/lass/2configs/nixpkgs.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - krebs.build.source.nixpkgs.git = { - url = https://cgit.lassul.us/nixpkgs; - ref = "d72efac"; - }; -} diff --git a/lass/source.nix b/lass/source.nix new file mode 100644 index 000000000..a4e9d9d6a --- /dev/null +++ b/lass/source.nix @@ -0,0 +1,24 @@ +with import ; +host@{ name, secure ? false }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "lass"; + _file = + "/lass/1systems/${name}/source.nix"; +in + evalSource (toString _file) { + nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; + secrets.file = getAttr builder { + buildbot = toString ; + lass = "/home/lass/secrets/${name}"; + }; + stockholm.file = toString ; + nixpkgs.git = { + url = https://cgit.lassul.us/nixpkgs; + # nixos-17.03 + # + copytoram: + # 87a4615 & 334ac4f + # + acme permissions for groups + # fd7a8f1 + ref = "0aac3fc"; + }; + } diff --git a/shared/1systems/test-all-krebs-modules.nix b/shared/1systems/test-all-krebs-modules.nix deleted file mode 100644 index 39d7c494b..000000000 --- a/shared/1systems/test-all-krebs-modules.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, pkgs, lib, ... }: -let - en = { enable = true;}; -in { - imports = [ - ../. - ]; - krebs = { - enable = true; - build.user = config.krebs.users.shared; - build.host = config.krebs.hosts.test-all-krebs-modules; - Reaktor.test = {}; - apt-cacher-ng.enable = true; - backup.enable = true; - bepasty.enable = true; - # FIXME fast-tests / instantiate-test-all-modules fails at wolfbot - # http://wolf:8010/builders/fast-tests/builds/442 - #buildbot.master.enable = true; - buildbot.worker = { - enable = true; - username = "lol"; - password = "wut"; - }; - # XXX exim-retiolum and exim-smarthost are mutually exclusive - #exim-retiolum = { - # enable = true; - # primary_hostname = "test.r"; - #}; - exim-smarthost = { - enable = true; - primary_hostname = "test.r"; - system-aliases = [ { from = "dick"; to = "butt"; } ]; - }; - go.enable = true; - iptables = { - enable = true; - tables = {}; - }; - realwallpaper.enable = true; - tinc.retiolum.enable = true; - retiolum-bootstrap.enable = true; - tinc_graphs.enable = true; - urlwatch.enable = true; - fetchWallpaper = { - enable = true; - url ="localhost"; - }; - }; - # just get the system running - boot.loader.grub.devices = ["/dev/sda"]; - fileSystems."/" = { - device = "/dev/lol"; - }; -} diff --git a/shared/1systems/test-all-krebs-modules/config.nix b/shared/1systems/test-all-krebs-modules/config.nix new file mode 100644 index 000000000..7ebcf3b50 --- /dev/null +++ b/shared/1systems/test-all-krebs-modules/config.nix @@ -0,0 +1,54 @@ +{ config, pkgs, lib, ... }: +let + en = { enable = true;}; +in { + imports = [ + + ]; + krebs = { + enable = true; + build.user = config.krebs.users.shared; + build.host = config.krebs.hosts.test-all-krebs-modules; + Reaktor.test = {}; + apt-cacher-ng.enable = true; + backup.enable = true; + bepasty.enable = true; + # FIXME fast-tests / instantiate-test-all-modules fails at wolfbot + # http://wolf:8010/builders/fast-tests/builds/442 + #buildbot.master.enable = true; + buildbot.worker = { + enable = true; + username = "lol"; + password = "wut"; + }; + # XXX exim-retiolum and exim-smarthost are mutually exclusive + #exim-retiolum = { + # enable = true; + # primary_hostname = "test.r"; + #}; + exim-smarthost = { + enable = true; + primary_hostname = "test.r"; + system-aliases = [ { from = "dick"; to = "butt"; } ]; + }; + go.enable = true; + iptables = { + enable = true; + tables = {}; + }; + realwallpaper.enable = true; + tinc.retiolum.enable = true; + retiolum-bootstrap.enable = true; + tinc_graphs.enable = true; + urlwatch.enable = true; + fetchWallpaper = { + enable = true; + url ="localhost"; + }; + }; + # just get the system running + boot.loader.grub.devices = ["/dev/sda"]; + fileSystems."/" = { + device = "/dev/lol"; + }; +} diff --git a/shared/1systems/test-all-krebs-modules/source.nix b/shared/1systems/test-all-krebs-modules/source.nix new file mode 100644 index 000000000..58d72365f --- /dev/null +++ b/shared/1systems/test-all-krebs-modules/source.nix @@ -0,0 +1,3 @@ +import { + name = "test-all-krebs-modules"; +} diff --git a/shared/1systems/test-arch.nix b/shared/1systems/test-arch.nix deleted file mode 100644 index a13fea425..000000000 --- a/shared/1systems/test-arch.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ../. - { - boot.loader.grub = { - device = "/dev/sda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - ]; - - fileSystems."/" = { - device = "/dev/sda1"; - }; - } - { - networking.dhcpcd.allowInterfaces = [ - "enp*" - ]; - } - { - sound.enable = false; - } - ]; - - krebs.build.host = config.krebs.hosts.test-arch; -} diff --git a/shared/1systems/test-arch/config.nix b/shared/1systems/test-arch/config.nix new file mode 100644 index 000000000..453483d48 --- /dev/null +++ b/shared/1systems/test-arch/config.nix @@ -0,0 +1,32 @@ +{ config, pkgs, ... }: + +{ + imports = [ + + { + boot.loader.grub = { + device = "/dev/sda"; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + + fileSystems."/" = { + device = "/dev/sda1"; + }; + } + { + networking.dhcpcd.allowInterfaces = [ + "enp*" + ]; + } + { + sound.enable = false; + } + ]; + + krebs.build.host = config.krebs.hosts.test-arch; +} diff --git a/shared/1systems/test-arch/source.nix b/shared/1systems/test-arch/source.nix new file mode 100644 index 000000000..ca2305684 --- /dev/null +++ b/shared/1systems/test-arch/source.nix @@ -0,0 +1,3 @@ +import { + name = "test-arch"; +} diff --git a/shared/1systems/test-centos6.nix b/shared/1systems/test-centos6.nix deleted file mode 100644 index ebcece383..000000000 --- a/shared/1systems/test-centos6.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) head; - - ip = "168.235.148.52"; - gw = "168.235.148.1"; -in { - imports = [ - ../. - ../2configs/os-templates/CAC-CentOS-6.5-64bit.nix - { - networking.interfaces.enp11s0.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = gw; - networking.nameservers = [ - "8.8.8.8" - ]; - } - { - sound.enable = false; - } - ]; - - krebs.build.host = config.krebs.hosts.test-centos6; -} diff --git a/shared/1systems/test-centos6/config.nix b/shared/1systems/test-centos6/config.nix new file mode 100644 index 000000000..a81ff7c51 --- /dev/null +++ b/shared/1systems/test-centos6/config.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) head; + + ip = "168.235.148.52"; + gw = "168.235.148.1"; +in { + imports = [ + + + { + networking.interfaces.enp11s0.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = gw; + networking.nameservers = [ + "8.8.8.8" + ]; + } + { + sound.enable = false; + } + ]; + + krebs.build.host = config.krebs.hosts.test-centos6; +} diff --git a/shared/1systems/test-centos6/source.nix b/shared/1systems/test-centos6/source.nix new file mode 100644 index 000000000..0c7c78ec0 --- /dev/null +++ b/shared/1systems/test-centos6/source.nix @@ -0,0 +1,3 @@ +import { + name = "test-centos6"; +} diff --git a/shared/1systems/test-centos7.nix b/shared/1systems/test-centos7.nix deleted file mode 100644 index 9ea063c9b..000000000 --- a/shared/1systems/test-centos7.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) head; - -in { - imports = [ - ../. - ../2configs/os-templates/CAC-CentOS-7-64bit.nix - ../2configs/temp/networking.nix - ../2configs/temp/dirs.nix - ]; - - sound.enable = false; - krebs.build.host = config.krebs.hosts.test-centos7; -} diff --git a/shared/1systems/test-centos7/config.nix b/shared/1systems/test-centos7/config.nix new file mode 100644 index 000000000..58f99e87c --- /dev/null +++ b/shared/1systems/test-centos7/config.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) head; + +in { + imports = [ + + + + + ]; + + sound.enable = false; + krebs.build.host = config.krebs.hosts.test-centos7; +} diff --git a/shared/1systems/test-centos7/source.nix b/shared/1systems/test-centos7/source.nix new file mode 100644 index 000000000..5144477fe --- /dev/null +++ b/shared/1systems/test-centos7/source.nix @@ -0,0 +1,3 @@ +import { + name = "test-centos7"; +} diff --git a/shared/1systems/test-failing.nix b/shared/1systems/test-failing.nix deleted file mode 100644 index fe1c2cb65..000000000 --- a/shared/1systems/test-failing.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ../. - ]; - programs.ssh.startAgent = true; - programs.ssh.startAgent = false; -} diff --git a/shared/1systems/test-failing/config.nix b/shared/1systems/test-failing/config.nix new file mode 100644 index 000000000..fb6a58397 --- /dev/null +++ b/shared/1systems/test-failing/config.nix @@ -0,0 +1,9 @@ +{ config, pkgs, ... }: + +{ + imports = [ + + ]; + programs.ssh.startAgent = true; + programs.ssh.startAgent = false; +} diff --git a/shared/1systems/test-failing/source.nix b/shared/1systems/test-failing/source.nix new file mode 100644 index 000000000..3e17d0b52 --- /dev/null +++ b/shared/1systems/test-failing/source.nix @@ -0,0 +1,3 @@ +import { + name = "test-failing"; +} diff --git a/shared/1systems/test-minimal-deploy.nix b/shared/1systems/test-minimal-deploy.nix deleted file mode 100644 index bec2b38d5..000000000 --- a/shared/1systems/test-minimal-deploy.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - imports = [ - ../. - ]; - krebs = { - enable = true; - build.user = config.krebs.users.shared; - build.host = config.krebs.hosts.test-all-krebs-modules; - }; - # just get the system to eval in nixos without errors - boot.loader.grub.devices = ["/dev/sda"]; - fileSystems."/" = { - device = "/dev/lol"; - }; -} diff --git a/shared/1systems/test-minimal-deploy/config.nix b/shared/1systems/test-minimal-deploy/config.nix new file mode 100644 index 000000000..eab703671 --- /dev/null +++ b/shared/1systems/test-minimal-deploy/config.nix @@ -0,0 +1,16 @@ +{ config, pkgs, lib, ... }: +{ + imports = [ + + ]; + krebs = { + enable = true; + build.user = config.krebs.users.shared; + build.host = config.krebs.hosts.test-all-krebs-modules; + }; + # just get the system to eval in nixos without errors + boot.loader.grub.devices = ["/dev/sda"]; + fileSystems."/" = { + device = "/dev/lol"; + }; +} diff --git a/shared/1systems/test-minimal-deploy/source.nix b/shared/1systems/test-minimal-deploy/source.nix new file mode 100644 index 000000000..2368cdd49 --- /dev/null +++ b/shared/1systems/test-minimal-deploy/source.nix @@ -0,0 +1,3 @@ +import { + name = "test-minimal-deploy"; +} diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix deleted file mode 100644 index 584ee0373..000000000 --- a/shared/1systems/wolf.nix +++ /dev/null @@ -1,106 +0,0 @@ -{ config, pkgs, ... }: -let - shack-ip = config.krebs.build.host.nets.shack.ip4.addr; -in -{ - imports = [ - ../. - - ../2configs/collectd-base.nix - ../2configs/central-stats-client.nix - ../2configs/save-diskspace.nix - - ../2configs/cgit-mirror.nix - ../2configs/graphite.nix - ../2configs/repo-sync.nix - ../2configs/shared-buildbot.nix - - ../2configs/shack/worlddomination.nix - ../2configs/shack/drivedroid.nix - # ../2configs/shack/nix-cacher.nix - ../2configs/shack/mqtt_sub.nix - ../2configs/shack/muell_caller.nix - ../2configs/shack/radioactive.nix - ../2configs/shack/share.nix - - ]; - # use your own binary cache, fallback use cache.nixos.org (which is used by - # apt-cacher-ng in first place) - - services.influxdb.enable = true; - - # local discovery in shackspace - nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; - krebs.tinc.retiolum.extraConfig = "TCPOnly = yes"; - services.grafana = { - enable = true; - addr = "0.0.0.0"; - users.allowSignUp = true; - users.allowOrgCreate = true; - users.autoAssignOrg = true; - auth.anonymous.enable = true; - security = import ; - }; - - nix = { - binaryCaches = [ - "http://cache.prism.r" - "https://cache.nixos.org/" - ]; - binaryCachePublicKeys = [ - "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" - "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" - ]; - }; - - networking = { - firewall.enable = false; - firewall.allowedTCPPorts = [ 8088 8086 8083 ]; - interfaces.enp0s3.ip4 = [{ - address = shack-ip; - prefixLength = 20; - }]; - - defaultGateway = "10.42.0.1"; - nameservers = [ "10.42.0.100" "10.42.0.200" ]; - }; - - ##################### - # uninteresting stuff - ##################### - krebs.build.host = config.krebs.hosts.wolf; - - boot.kernel.sysctl = { - # Enable IPv6 Privacy Extensions - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" - ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/vda"; - - fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; - - swapDevices = [ - { device = "/dev/disk/by-label/swap"; } - ]; - # fallout of ipv6calypse - networking.extraHosts = '' - hass.shack 10.42.2.191 - heidi.shack 10.42.2.135 - ''; - - users.extraUsers.root.openssh.authorizedKeys.keys = [ - config.krebs.users.ulrich.pubkey - ]; - - time.timeZone = "Europe/Berlin"; - sound.enable = false; -} diff --git a/shared/1systems/wolf/config.nix b/shared/1systems/wolf/config.nix new file mode 100644 index 000000000..636f8e822 --- /dev/null +++ b/shared/1systems/wolf/config.nix @@ -0,0 +1,107 @@ +{ config, pkgs, ... }: +let + shack-ip = config.krebs.build.host.nets.shack.ip4.addr; +in +{ + imports = [ + + + + + + + + + + + + + + # + + + + + + ]; + # use your own binary cache, fallback use cache.nixos.org (which is used by + # apt-cacher-ng in first place) + + services.influxdb.enable = true; + + # local discovery in shackspace + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + krebs.tinc.retiolum.extraConfig = "TCPOnly = yes"; + services.grafana = { + enable = true; + addr = "0.0.0.0"; + users.allowSignUp = true; + users.allowOrgCreate = true; + users.autoAssignOrg = true; + auth.anonymous.enable = true; + security = import ; + }; + + nix = { + # use the up to date prism cache + binaryCaches = [ + "http://cache.prism.r" + "https://cache.nixos.org/" + ]; + binaryCachePublicKeys = [ + "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" + ]; + }; + + networking = { + firewall.enable = false; + firewall.allowedTCPPorts = [ 8088 8086 8083 ]; + interfaces.enp0s3.ip4 = [{ + address = shack-ip; + prefixLength = 20; + }]; + + defaultGateway = "10.42.0.1"; + nameservers = [ "10.42.0.100" "10.42.0.200" ]; + }; + + ##################### + # uninteresting stuff + ##################### + krebs.build.host = config.krebs.hosts.wolf; + + boot.kernel.sysctl = { + # Enable IPv6 Privacy Extensions + "net.ipv6.conf.all.use_tempaddr" = 2; + "net.ipv6.conf.default.use_tempaddr" = 2; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" + ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; + + fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; + + swapDevices = [ + { device = "/dev/disk/by-label/swap"; } + ]; + # fallout of ipv6calypse + networking.extraHosts = '' + hass.shack 10.42.2.191 + heidi.shack 10.42.2.135 + ''; + + users.extraUsers.root.openssh.authorizedKeys.keys = [ + config.krebs.users.ulrich.pubkey + ]; + + time.timeZone = "Europe/Berlin"; + sound.enable = false; +} diff --git a/shared/1systems/wolf/source.nix b/shared/1systems/wolf/source.nix new file mode 100644 index 000000000..d2bc4952a --- /dev/null +++ b/shared/1systems/wolf/source.nix @@ -0,0 +1,3 @@ +import { + name = "wolf"; +} diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index 398f125e4..2146f42e8 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -7,18 +7,6 @@ with import ; # TODO rename shared user to "krebs" krebs.build.user = mkDefault config.krebs.users.shared; - krebs.build.source = let inherit (config.krebs.build) host user; in { - nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "72c9ed78d0b1d9d5f531805ddf5bf06bfd447614"; # nixos-17.03 @ 2017-06-17 - }; - secrets.file = - if getEnv "dummy_secrets" == "true" - then toString - else "${getEnv "HOME"}/secrets/krebs/${host.name}"; - stockholm.file = getEnv "PWD"; - }; networking.hostName = config.krebs.build.host.name; diff --git a/shared/source.nix b/shared/source.nix new file mode 100644 index 000000000..8ec9fbb6f --- /dev/null +++ b/shared/source.nix @@ -0,0 +1,19 @@ +with import ; +host@{ name, secure ? false }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "shared"; + _file = + "/shared/1systems/${name}/source.nix"; +in + evalSource (toString _file) { + nixos-config.symlink = "stockholm/shared/1systems/${name}/config.nix"; + secrets.file = getAttr builder { + buildbot = toString ; + lass = "${getEnv "HOME"}/secrets/krebs/${host.name}"; + }; + stockholm.file = toString ; + nixpkgs.git = { + url = https://github.com/NixOS/nixpkgs; + ref = "72c9ed78d0b1d9d5f531805ddf5bf06bfd447614"; # nixos-17.03 @ 2017-06-17 + }; + } -- cgit v1.3.1 From a03ded0b93077f5d028d6df47aceaee7f28f4847 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Jul 2017 17:55:58 +0200 Subject: lass: add dnsmasq to modules --- lass/3modules/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index fd353e008..e7744395d 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -1,6 +1,7 @@ _: { imports = [ + ./dnsmasq.nix ./ejabberd ./folderPerms.nix ./hosts.nix -- cgit v1.3.1 From be2a5a88c4914f27571e19ffd73389fc0cb6c3d9 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 12 Jul 2017 17:53:41 +0200 Subject: lib.eval-source: allow source to be a list --- lib/eval-source.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/eval-source.nix b/lib/eval-source.nix index de5f0b43c..468fc92d1 100644 --- a/lib/eval-source.nix +++ b/lib/eval-source.nix @@ -3,13 +3,11 @@ let eval = _file: source: evalModules { modules = singleton { inherit _file; + imports = map (source: { inherit source; }) (toList source); options.source = mkOption { type = types.attrsOf types.source; default = {}; }; - config = { - inherit source; - }; }; }; in -- cgit v1.3.1 From 007608f01290516f45eeb56874d507bca01fb57d Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 12 Jul 2017 18:00:23 +0200 Subject: tv source: make nixpkgs ref easily overridable --- tv/source.nix | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/tv/source.nix b/tv/source.nix index 7306cd954..4ede976d3 100644 --- a/tv/source.nix +++ b/tv/source.nix @@ -1,22 +1,27 @@ with import ; -host@{ name, secure ? false }: let +host@{ name, secure ? false, override ? {} }: let builder = if getEnv "dummy_secrets" == "true" then "buildbot" else "tv"; _file = + "/tv/1systems/${name}/source.nix"; in - evalSource (toString _file) { - nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix"; - secrets.file = getAttr builder { - buildbot = toString ; - tv = "/home/tv/secrets/${name}"; - }; - stockholm.file = toString ; - secrets-common.file = "/home/tv/secrets/common"; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "1b57bf274ae5c76e91b2b264d8aa8bfcecb72102"; # nixos-17.03 - }; - } // optionalAttrs secure { - secrets-master.file = "/home/tv/secrets/master"; - } + evalSource (toString _file) [ + { + nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix"; + nixpkgs.git = { + # nixos-17.03 + ref = mkDefault "1b57bf274ae5c76e91b2b264d8aa8bfcecb72102"; + url = https://github.com/NixOS/nixpkgs; + }; + secrets.file = getAttr builder { + buildbot = toString ; + tv = "/home/tv/secrets/${name}"; + }; + secrets-common.file = "/home/tv/secrets/common"; + stockholm.file = toString ; + } + (mkIf secure { + secrets-master.file = "/home/tv/secrets/master"; + }) + override + ] -- cgit v1.3.1 From cd47613a4d8daf185f4ac0f8ef43af11985a2f65 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 12 Jul 2017 18:01:18 +0200 Subject: tv alnus source: overrid nixpkgs ref --- tv/1systems/alnus/config.nix | 1 - tv/1systems/alnus/source.nix | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix index d08a2901b..dd9e594fc 100644 --- a/tv/1systems/alnus/config.nix +++ b/tv/1systems/alnus/config.nix @@ -58,7 +58,6 @@ with import ; krebs.build = { host = config.krebs.hosts.alnus; user = mkForce config.krebs.users.dv; - source.nixpkgs.git.ref = mkForce "9b948ea439ddbaa26740ce35543e7e35d2aa6d18"; }; networking.networkmanager.enable = true; diff --git a/tv/1systems/alnus/source.nix b/tv/1systems/alnus/source.nix index f9dcefee6..c3ed4dcfb 100644 --- a/tv/1systems/alnus/source.nix +++ b/tv/1systems/alnus/source.nix @@ -1,3 +1,4 @@ import { name = "alnus"; + override.nixpkgs.git.ref = "9b948ea439ddbaa26740ce35543e7e35d2aa6d18"; } -- cgit v1.3.1 [cgit] Unable to lock slot /tmp/cgit/8c000000.lock: No such file or directory (2)