From 00bc48d90f95bf9d5de2da6b6c82bca7d78b87f2 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 2 Aug 2015 23:12:38 +0200 Subject: add host tsp (traveling salesman problem) --- makefu/1systems/tsp.nix | 90 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 makefu/1systems/tsp.nix (limited to 'makefu/1systems') diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix new file mode 100644 index 000000000..3de2d300c --- /dev/null +++ b/makefu/1systems/tsp.nix @@ -0,0 +1,90 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ../2configs/base.nix + ../2configs/base-gui.nix + ]; + services.xserver = { + videoDriver = "intel"; + }; + krebs.build.host = config.krebs.hosts.tsp; + krebs.build.user = config.krebs.users.makefu; + krebs.build.target = "root@tsp"; + + krebs.build.deps = { + nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; + }; + # TODO generalize in base.nix + secrets = { + url = "/home/makefu/secrets/${config.krebs.build.host.name}"; + }; + # TODO generalize in base.nix + stockholm = { + url = toString ../..; + }; + }; + + krebs.retiolum = { + enable = true; + hosts = ../../Zhosts; + connectTo = [ + "gum" + "pigstarter" + "fastpoke" + ]; + }; + + boot = { + #x200 specifics + kernelModules = [ "tp_smapi" "msr" ]; + extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; + + loader.grub.enable =true; + loader.grub.version =2; + loader.grub.device = "/dev/sda"; + + # crypto boot + # TODO: use UUID + initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}]; + initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/luksroot"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-label/nixboot"; + fsType = "ext4"; + }; + }; + + # hardware specifics + networking.wireless.enable = true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + # TODO: generalize to numCPU + 1 + nix.maxJobs = 3; + + + networking.firewall.rejectPackets = true; + networking.firewall.allowPing = true; + + + # $ nix-env -qaP | grep wget + environment.systemPackages = with pkgs; [ + vim + jq + ]; +} -- cgit v1.3.1 From b3c25831d1ac80578222cc7d0e8f3559f92f34c1 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 5 Aug 2015 14:56:38 +0200 Subject: add graphite to pnp --- makefu/1systems/pnp.nix | 10 ++++++++-- makefu/2configs/graphite-web.nix | 24 ++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 makefu/2configs/graphite-web.nix (limited to 'makefu/1systems') diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index 549658983..a8df522f2 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -10,6 +10,7 @@ ../2configs/base.nix ../2configs/cgit-retiolum.nix + ../2configs/graphite-standalone.nix ]; krebs.build.host = config.krebs.hosts.pnp; krebs.build.user = config.krebs.users.makefu; @@ -38,8 +39,13 @@ hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; -# networking.firewall is enabled by default - networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.allowedTCPPorts = [ + # nginx runs on 80 + 80 + # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp + 8080 2003 + ]; + networking.firewall.allowedUDPPorts = [ 2003 ]; networking.firewall.rejectPackets = true; networking.firewall.allowPing = true; diff --git a/makefu/2configs/graphite-web.nix b/makefu/2configs/graphite-web.nix new file mode 100644 index 000000000..daa1d49a3 --- /dev/null +++ b/makefu/2configs/graphite-web.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + imports = [ ]; + services.graphite = { + web = { + enable = true; + host = "0.0.0.0"; + }; + carbon = { + enableCache = true; + storageSchemas = '' + [carbon] + pattern = ^carbon\. + retentions = 60:90d + + [default] + pattern = .* + retentions = 60s:30d,300s:1y + ''; + }; + }; +} -- cgit v1.3.1 From dd8c918c876f923b7ca5d9446b03c0b01f82b531 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 5 Aug 2015 15:11:52 +0200 Subject: test vicious for awesome on tsp --- makefu/1systems/tsp.nix | 13 ++++++++----- makefu/2configs/base-gui.nix | 21 ++++++++++++++++----- 2 files changed, 24 insertions(+), 10 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index 3de2d300c..d67a5c076 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -10,17 +10,20 @@ ../2configs/base.nix ../2configs/base-gui.nix ]; - services.xserver = { - videoDriver = "intel"; - }; + # not working in vm + #services.xserver = { + # videoDriver = "intel"; + #}; krebs.build.host = config.krebs.hosts.tsp; krebs.build.user = config.krebs.users.makefu; krebs.build.target = "root@tsp"; krebs.build.deps = { nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; + #url = https://github.com/NixOS/nixpkgs; + url = https://github.com/makefu/nixpkgs; + #rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; + rev = "08275910ba86ed9bd7a2608e6a1e5285faf24cb2"; }; # TODO generalize in base.nix secrets = { diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 5f977251f..056005f75 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -3,13 +3,24 @@ with lib; { imports = [ ]; - services.xserver.enable = true; - services.xserver.layout = "us"; + services.xserver = { + enable = true; + layout = "us"; # use awesome, direct boot into - services.xserver.displayManager.auto.enable =true; - services.xserver.displayManager.auto.user =config.krebs.users.makefu; - services.xserver.windowManager.awesome.enable = true; + displayManager.auto.enable = true; +# TODO: use config.krebs.users.makefu ... or not + displayManager.auto.user = "makefu"; + + windowManager = { + awesome.enable = true; + awesome.luaModules = [ pkgs.luaPackages.vicious ]; + default = "awesome"; + }; + + desktopManager.xterm.enable = false; + desktopManager.default = "none"; + }; security.setuidPrograms = [ "slock" ]; -- cgit v1.3.1 From eeb7a84e988c0fa41113643505d2965b0f81ffb9 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 5 Aug 2015 16:54:15 +0200 Subject: use unstable nixpkgs release --- makefu/1systems/tsp.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index d67a5c076..2d3fd9225 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -23,7 +23,8 @@ #url = https://github.com/NixOS/nixpkgs; url = https://github.com/makefu/nixpkgs; #rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; - rev = "08275910ba86ed9bd7a2608e6a1e5285faf24cb2"; + #rev = "08275910ba86ed9bd7a2608e6a1e5285faf24cb2"; + rev = "53d79a8074e7a4465515e67ea565dc73cbc14c5c"; }; # TODO generalize in base.nix secrets = { -- cgit v1.3.1 From 91a112c24294154be3b812e2b52e1c651d336aff Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 7 Aug 2015 12:10:02 +0200 Subject: refactor tsp --- makefu/1systems/tsp.nix | 51 +++---------------------------------- makefu/2configs/base-gui.nix | 26 ++++++++++++------- makefu/2configs/base.nix | 14 +++++++++- makefu/2configs/sda-crypto-root.nix | 27 ++++++++++++++++++++ makefu/2configs/tp-x200.nix | 23 +++++++++++++++++ 5 files changed, 84 insertions(+), 57 deletions(-) create mode 100644 makefu/2configs/sda-crypto-root.nix create mode 100644 makefu/2configs/tp-x200.nix (limited to 'makefu/1systems') diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index 2d3fd9225..3979b70b9 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -9,11 +9,10 @@ [ # Include the results of the hardware scan. ../2configs/base.nix ../2configs/base-gui.nix + ../2configs/tp-x200.nix + ../2configs/sda-crypto-root.nix ]; # not working in vm - #services.xserver = { - # videoDriver = "intel"; - #}; krebs.build.host = config.krebs.hosts.tsp; krebs.build.user = config.krebs.users.makefu; krebs.build.target = "root@tsp"; @@ -21,18 +20,9 @@ krebs.build.deps = { nixpkgs = { #url = https://github.com/NixOS/nixpkgs; + # rev=$(curl https://nixos.org/channels/nixos-unstable/git-revision -L) url = https://github.com/makefu/nixpkgs; - #rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; - #rev = "08275910ba86ed9bd7a2608e6a1e5285faf24cb2"; - rev = "53d79a8074e7a4465515e67ea565dc73cbc14c5c"; - }; - # TODO generalize in base.nix - secrets = { - url = "/home/makefu/secrets/${config.krebs.build.host.name}"; - }; - # TODO generalize in base.nix - stockholm = { - url = toString ../..; + rev = "8b8b65da24f13f9317504e8bcba476f9161613fe"; }; }; @@ -46,40 +36,7 @@ ]; }; - boot = { - #x200 specifics - kernelModules = [ "tp_smapi" "msr" ]; - extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; - - loader.grub.enable =true; - loader.grub.version =2; - loader.grub.device = "/dev/sda"; - - # crypto boot - # TODO: use UUID - initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}]; - initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - }; - fileSystems = { - "/" = { - device = "/dev/mapper/luksroot"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/disk/by-label/nixboot"; - fsType = "ext4"; - }; - }; - # hardware specifics - networking.wireless.enable = true; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - # TODO: generalize to numCPU + 1 - nix.maxJobs = 3; networking.firewall.rejectPackets = true; diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 056005f75..7f329c6ce 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -1,31 +1,39 @@ { config, lib, pkgs, ... }: - +## +# of course this name is a lie - it prepares a GUI environment close to my +# current configuration. +# +# autologin with mainUser into awesome +## +# with lib; +let + mainUser = config.krebs.build.user.name; +in { imports = [ ]; services.xserver = { enable = true; layout = "us"; -# use awesome, direct boot into - displayManager.auto.enable = true; -# TODO: use config.krebs.users.makefu ... or not - displayManager.auto.user = "makefu"; - windowManager = { awesome.enable = true; awesome.luaModules = [ pkgs.luaPackages.vicious ]; default = "awesome"; }; + displayManager.auto.enable = true; + displayManager.auto.user = mainUser; desktopManager.xterm.enable = false; - desktopManager.default = "none"; }; security.setuidPrograms = [ "slock" ]; -# use pulseaudio - environment.systemPackages = [ pkgs.slock ]; + environment.systemPackages = [ + pkgs.slock + pkgs.rxvt_unicode-with-plugins + ]; + hardware.pulseaudio = { enable = true; systemWide = true; diff --git a/makefu/2configs/base.nix b/makefu/2configs/base.nix index 8dfb2ef27..792cccc71 100644 --- a/makefu/2configs/base.nix +++ b/makefu/2configs/base.nix @@ -6,7 +6,7 @@ with lib; krebs.enable = true; krebs.search-domain = "retiolum"; - networking.hostName = config.krebs.build.host.name; + users.extraUsers = { root = { openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; @@ -24,6 +24,18 @@ with lib; }; }; + networking.hostName = config.krebs.build.host.name; + nix.maxJobs = config.krebs.build.host.cores + 1; + + krebs.build.deps = { + secrets = { + url = "/home/makefu/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; + services.openssh.enable = true; nix.useChroot = true; diff --git a/makefu/2configs/sda-crypto-root.nix b/makefu/2configs/sda-crypto-root.nix new file mode 100644 index 000000000..0d979a0b8 --- /dev/null +++ b/makefu/2configs/sda-crypto-root.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +# sda: bootloader grub2 +# sda1: boot ext4 (label nixboot) +# sda2: cryptoluks -> ext4 +with lib; +{ + boot = { + loader.grub.enable =true; + loader.grub.version =2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}]; + initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/luksroot"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-label/nixboot"; + fsType = "ext4"; + }; + }; +} diff --git a/makefu/2configs/tp-x200.nix b/makefu/2configs/tp-x200.nix new file mode 100644 index 000000000..64d3f85a1 --- /dev/null +++ b/makefu/2configs/tp-x200.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + #services.xserver = { + # videoDriver = "intel"; + #}; + + boot = { + kernelModules = [ "tp_smapi" "msr" ]; + extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; + + }; + + networking.wireless.enable = true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + hardware.trackpoint.enable = true; + hardware.trackpoint.sensitivity = 255; + hardware.trackpoint.speed = 255; +} -- cgit v1.3.1 From 4d460eb95f398797df4d502be496a79481bdd809 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 7 Aug 2015 12:53:02 +0200 Subject: refactor pnp --- makefu/1systems/pnp.nix | 45 +++++++-------------------------- makefu/2configs/graphite-standalone.nix | 1 + makefu/2configs/graphite-web.nix | 24 ------------------ makefu/2configs/tinc-basic-retiolum.nix | 14 ++++++++++ makefu/2configs/vm-single-partition.nix | 20 +++++++++++++++ 5 files changed, 44 insertions(+), 60 deletions(-) delete mode 100644 makefu/2configs/graphite-web.nix create mode 100644 makefu/2configs/tinc-basic-retiolum.nix create mode 100644 makefu/2configs/vm-single-partition.nix (limited to 'makefu/1systems') diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index a8df522f2..bc4c679b7 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -11,6 +11,8 @@ ../2configs/base.nix ../2configs/cgit-retiolum.nix ../2configs/graphite-standalone.nix + ../2configs/vm-single-partition.nix + ../2configs/tinc-basic-retiolum.nix ]; krebs.build.host = config.krebs.hosts.pnp; krebs.build.user = config.krebs.users.makefu; @@ -21,50 +23,21 @@ url = https://github.com/NixOS/nixpkgs; rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; }; - secrets = { - url = "/home/makefu/secrets/${config.krebs.build.host.name}"; - }; - stockholm = { - url = toString ../..; - }; }; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/vda"; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - hardware.enableAllFirmware = true; - hardware.cpu.amd.updateMicrocode = true; - networking.firewall.allowedTCPPorts = [ # nginx runs on 80 - 80 # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp - 8080 2003 - ]; + 80 + 8080 2003 + ]; networking.firewall.allowedUDPPorts = [ 2003 ]; + networking.firewall.rejectPackets = true; networking.firewall.allowPing = true; - fileSystems."/" = - { device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; - krebs.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "gum" - "pigstarter" - "fastpoke" - ]; - }; - # $ nix-env -qaP | grep wget - environment.systemPackages = with pkgs; [ - jq - ]; + environment.systemPackages = with pkgs; [ + jq + ]; } diff --git a/makefu/2configs/graphite-standalone.nix b/makefu/2configs/graphite-standalone.nix index 50c623ab9..8b70c11c8 100644 --- a/makefu/2configs/graphite-standalone.nix +++ b/makefu/2configs/graphite-standalone.nix @@ -5,6 +5,7 @@ with lib; { imports = [ ]; + services.graphite = { web = { enable = true; diff --git a/makefu/2configs/graphite-web.nix b/makefu/2configs/graphite-web.nix deleted file mode 100644 index daa1d49a3..000000000 --- a/makefu/2configs/graphite-web.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -{ - imports = [ ]; - services.graphite = { - web = { - enable = true; - host = "0.0.0.0"; - }; - carbon = { - enableCache = true; - storageSchemas = '' - [carbon] - pattern = ^carbon\. - retentions = 60:90d - - [default] - pattern = .* - retentions = 60s:30d,300s:1y - ''; - }; - }; -} diff --git a/makefu/2configs/tinc-basic-retiolum.nix b/makefu/2configs/tinc-basic-retiolum.nix new file mode 100644 index 000000000..cb1991bd6 --- /dev/null +++ b/makefu/2configs/tinc-basic-retiolum.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + krebs.retiolum = { + enable = true; + hosts = ../../Zhosts; + connectTo = [ + "gum" + "pigstarter" + "fastpoke" + ]; + }; +} diff --git a/makefu/2configs/vm-single-partition.nix b/makefu/2configs/vm-single-partition.nix new file mode 100644 index 000000000..78a5e7175 --- /dev/null +++ b/makefu/2configs/vm-single-partition.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: + +# vda1 ext4 (label nixos) -> only root partition +with lib; +{ + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; + + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + hardware.cpu.amd.updateMicrocode = true; + + +} -- cgit v1.3.1 From fad2a76defb18108a271633392344dbb49bb769b Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 7 Aug 2015 12:53:38 +0200 Subject: begin customization of gui --- makefu/1systems/tsp.nix | 19 +++---------------- makefu/2configs/base-gui.nix | 6 +++--- 2 files changed, 6 insertions(+), 19 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index 3979b70b9..da7466d75 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -9,8 +9,10 @@ [ # Include the results of the hardware scan. ../2configs/base.nix ../2configs/base-gui.nix - ../2configs/tp-x200.nix + ../2configs/tinc-basic-retiolum.nix ../2configs/sda-crypto-root.nix + # hardware specifics are in here + ../2configs/tp-x200.nix ]; # not working in vm krebs.build.host = config.krebs.hosts.tsp; @@ -26,24 +28,9 @@ }; }; - krebs.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "gum" - "pigstarter" - "fastpoke" - ]; - }; - - # hardware specifics - - networking.firewall.rejectPackets = true; networking.firewall.allowPing = true; - - # $ nix-env -qaP | grep wget environment.systemPackages = with pkgs; [ vim jq diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 7f329c6ce..c4755c217 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -15,6 +15,8 @@ in services.xserver = { enable = true; layout = "us"; + xkbVariant = "altgr-intl"; + xkbOptions = "ctrl:nocaps"; windowManager = { awesome.enable = true; @@ -27,10 +29,8 @@ in desktopManager.xterm.enable = false; }; - security.setuidPrograms = [ "slock" ]; - environment.systemPackages = [ - pkgs.slock + pkgs.xlockmore pkgs.rxvt_unicode-with-plugins ]; -- cgit v1.3.1 From 7a378d230d4c75f77f04943b73ad4c883d6750b9 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 11 Aug 2015 19:00:22 +0000 Subject: makefu: move more stuff into base.nix --- makefu/1systems/pnp.nix | 7 ------- makefu/1systems/tsp.nix | 14 +++----------- makefu/2configs/base.nix | 4 ++++ 3 files changed, 7 insertions(+), 18 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index bc4c679b7..6693dc066 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -33,11 +33,4 @@ ]; networking.firewall.allowedUDPPorts = [ 2003 ]; - networking.firewall.rejectPackets = true; - networking.firewall.allowPing = true; - -# $ nix-env -qaP | grep wget - environment.systemPackages = with pkgs; [ - jq - ]; } diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index da7466d75..f19dbfea6 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -1,7 +1,6 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - +# +# +# { config, pkgs, ... }: { @@ -28,11 +27,4 @@ }; }; - networking.firewall.rejectPackets = true; - networking.firewall.allowPing = true; - - environment.systemPackages = with pkgs; [ - vim - jq - ]; } diff --git a/makefu/2configs/base.nix b/makefu/2configs/base.nix index 25d92d63d..906c74f7d 100644 --- a/makefu/2configs/base.nix +++ b/makefu/2configs/base.nix @@ -50,6 +50,10 @@ with lib; users.mutableUsers = false; boot.tmpOnTmpfs = true; + + networking.firewall.rejectPackets = true; + networking.firewall.allowPing = true; + systemd.tmpfiles.rules = [ "d /tmp 1777 root root - -" ]; -- cgit v1.3.1 From 978d5cc9f07ccfcca2cc53cb45ccb5ee0c801869 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Aug 2015 17:15:09 +0200 Subject: makefu/tsp: add exim --- makefu/1systems/tsp.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'makefu/1systems') diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index f19dbfea6..6e93df51e 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -18,6 +18,13 @@ krebs.build.user = config.krebs.users.makefu; krebs.build.target = "root@tsp"; + krebs.exim-retiolum.enable = true; + networking.firewall.allowedTCPPorts = [ + # nginx runs on 80 + # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp + 25 + ]; + krebs.build.deps = { nixpkgs = { #url = https://github.com/NixOS/nixpkgs; -- cgit v1.3.1