From db9a1e4bb93f8023daf7b360b2719dc92f744217 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Mar 2019 16:06:39 +0100 Subject: l blue.r & littleT.r: import syncthing --- lass/1systems/blue/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems/blue') diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index a84bb37f6..d740403da 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -8,6 +8,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.blue; -- cgit v1.3.1 From bd539533789a85a1786ae6f997a76d16d453b7f4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 26 Mar 2019 14:39:52 +0100 Subject: l blue: use file nixpkgs deployment when not testing --- lass/1systems/blue/source.nix | 17 ++++------------- lass/krops.nix | 5 ++--- 2 files changed, 6 insertions(+), 16 deletions(-) (limited to 'lass/1systems/blue') diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index a52771a4d..8f748ab8f 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -1,20 +1,11 @@ { lib, pkgs, ... }: { nixpkgs = lib.mkForce { - derivation = let + file = toString (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; - in '' - with import (builtins.fetchTarball { - url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; - sha256 = "${sha256}"; - }) {}; - pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = "${rev}"; - sha256 = "${sha256}"; - } - ''; + }); }; } diff --git a/lass/krops.nix b/lass/krops.nix index d64454ea5..12652216a 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -11,7 +11,7 @@ {} ; - source = { test }: lib.evalSource [ + source = { test }: lib.evalSource ([ (krebs-source { test = test; }) { nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; @@ -24,8 +24,7 @@ }; }; } - host-source - ]; + ] ++ (lib.optional (! test) host-source)); in { -- cgit v1.3.1 From 797dd8cc2ac3b67ec385e0350db1c3c77012486f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:44:57 +0200 Subject: l: sync more with syncthing --- lass/1systems/blue/config.nix | 7 +++++++ lass/1systems/mors/config.nix | 10 ++++++++++ lass/2configs/syncthing.nix | 11 ++++++++++- 3 files changed, 27 insertions(+), 1 deletion(-) (limited to 'lass/1systems/blue') diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index d740403da..da555a860 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -13,6 +13,13 @@ with import ; krebs.build.host = config.krebs.hosts.blue; + krebs.syncthing.folders = [ + { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + ]; + environment.shellAliases = { deploy = pkgs.writeDash "deploy" '' set -eu diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index f35ebff56..250d96e53 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -48,6 +48,16 @@ with import ; { predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; } ]; } + { + krebs.syncthing.folders = [ + { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; } + ]; + } { lass.umts = { enable = true; diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 164e89679..842abc195 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -3,6 +3,7 @@ with import ; { services.syncthing = { enable = true; + group = "syncthing"; }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 22000"; target = "ACCEPT";} @@ -14,7 +15,15 @@ with import ; key = toString ; peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts); folders = [ - { path = "/tmp/testsync"; peers = [ "icarus" "mors" "skynet" ]; } + { path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism"]; } ]; }; + + system.activationScripts.syncthing-home = '' + ${pkgs.coreutils}/bin/chmod a+x /home/lass + ''; + + lass.ensure-permissions = [ + { folder = "/home/lass/sync"; owner = "lass"; group = "syncthing"; } + ]; } -- cgit v1.3.1 From 4769b3186597117daec579ac71df79e2fafabcf5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:55:47 +0200 Subject: l blue.r: backup with services.restic --- lass/1systems/blue/config.nix | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) (limited to 'lass/1systems/blue') diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index da555a860..84c8a5b3e 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -30,7 +30,7 @@ with import ; networking.nameservers = [ "1.1.1.1" ]; - lass.restic = genAttrs [ + services.restic.backups = genAttrs [ "daedalus" "icarus" "littleT" @@ -38,20 +38,19 @@ with import ; "shodan" "skynet" ] (dest: { - dirs = [ - "/home/" - "/var/lib" + initialize = true; + extraOptions = [ + "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" ]; + repository = "sftp:backup@${dest}.r:/backups/blue"; passwordFile = (toString ) + "/restic/${dest}"; - repo = "sftp:backup@${dest}.r:/backups/blue"; - extraArguments = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" + timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; + paths = [ + "/home/" + "/var/lib" ]; - timerConfig = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; }); + time.timeZone = "Europe/Berlin"; users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ]; } -- cgit v1.3.1 From d72523a157380b602f9033404c63f512693cbb09 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:56:27 +0200 Subject: l blue.r deploy: point to stockholms new dir --- lass/1systems/blue/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems/blue') diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index 84c8a5b3e..a287f548b 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -24,7 +24,7 @@ with import ; deploy = pkgs.writeDash "deploy" '' set -eu export SYSTEM="$1" - $(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) + $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) ''; }; -- cgit v1.3.1 From fc85c6d16800f73eb088c42cf67f9f6918ce3001 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 18:56:50 +0200 Subject: l blue.r: add checksum check to nixpkgs populate --- lass/1systems/blue/source.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'lass/1systems/blue') diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index 8f748ab8f..21f3a8bd5 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -1,11 +1,14 @@ { lib, pkgs, ... }: { nixpkgs = lib.mkForce { - file = toString (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; - sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; - }); + file = { + path = toString (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; + sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; + }); + useChecksum = true; + }; }; } -- cgit v1.3.1 From 04d10421ed339a2342e92f5cabda83afbd7fd450 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 6 Mar 2019 16:54:31 +0100 Subject: l: NIX_REMOTE is now set by nixos correctly --- lass/1systems/blue/physical.nix | 1 - lass/1systems/red/physical.nix | 1 - lass/1systems/yellow/physical.nix | 1 - 3 files changed, 3 deletions(-) (limited to 'lass/1systems/blue') diff --git a/lass/1systems/blue/physical.nix b/lass/1systems/blue/physical.nix index 7499ff723..b6aa3a894 100644 --- a/lass/1systems/blue/physical.nix +++ b/lass/1systems/blue/physical.nix @@ -4,5 +4,4 @@ ]; boot.isContainer = true; networking.useDHCP = false; - environment.variables.NIX_REMOTE = "daemon"; } diff --git a/lass/1systems/red/physical.nix b/lass/1systems/red/physical.nix index 7499ff723..b6aa3a894 100644 --- a/lass/1systems/red/physical.nix +++ b/lass/1systems/red/physical.nix @@ -4,5 +4,4 @@ ]; boot.isContainer = true; networking.useDHCP = false; - environment.variables.NIX_REMOTE = "daemon"; } diff --git a/lass/1systems/yellow/physical.nix b/lass/1systems/yellow/physical.nix index 7499ff723..b6aa3a894 100644 --- a/lass/1systems/yellow/physical.nix +++ b/lass/1systems/yellow/physical.nix @@ -4,5 +4,4 @@ ]; boot.isContainer = true; networking.useDHCP = false; - environment.variables.NIX_REMOTE = "daemon"; } -- cgit v1.3.1