From f8fabf4ea6f15b0c7613846e38051f83ef887933 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 13:03:48 +0100
Subject: shared: move stuff from 1/wolf.nix to 2/base.nix

---
 shared/1systems/wolf.nix | 71 +-----------------------------------------------
 1 file changed, 1 insertion(+), 70 deletions(-)

(limited to 'shared/1systems/wolf.nix')

diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index 60d1e8ce8..4fe3388c8 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -1,9 +1,8 @@
 { config, lib, pkgs, ... }:
 
-with lib;
-
 {
   imports = [
+    ../2configs/base.nix
     <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
     ../2configs/collectd-base.nix
   ];
@@ -13,34 +12,6 @@ with lib;
   krebs.build.user = config.krebs.users.shared;
   krebs.build.target = "wolf";
 
-  krebs.enable = true;
-  krebs.retiolum = {
-    enable = true;
-    connectTo = [
-      # TODO remove connectTo cd, this was only used for bootstrapping
-      "cd"
-      "gum"
-      "pigstarter"
-    ];
-  };
-
-  krebs.build.source = {
-    git.nixpkgs = {
-      url = https://github.com/NixOS/nixpkgs;
-      rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
-    };
-    dir.secrets = {
-      host = config.krebs.current.host;
-      path = "${getEnv "HOME"}/secrets/krebs/wolf";
-    };
-    dir.stockholm = {
-      host = config.krebs.current.host;
-      path = "${getEnv "HOME"}/stockholm";
-    };
-  };
-
-  networking.hostName = config.krebs.build.host.name;
-
   boot.kernel.sysctl = {
     # Enable IPv6 Privacy Extensions
     "net.ipv6.conf.all.use_tempaddr" = 2;
@@ -63,45 +34,5 @@ with lib;
     { device = "/dev/disk/by-label/swap"; }
   ];
 
-  nix.maxJobs = 1;
-  nix.trustedBinaryCaches = [
-    "https://cache.nixos.org"
-    "http://cache.nixos.org"
-    "http://hydra.nixos.org"
-  ];
-  nix.useChroot = true;
-
-  nixpkgs.config.packageOverrides = pkgs: {
-    nano = pkgs.vim;
-  };
-
-  environment.systemPackages = with pkgs; [
-    git
-    rxvt_unicode.terminfo
-  ];
-
   time.timeZone = "Europe/Berlin";
-
-  programs.ssh.startAgent = false;
-
-  services.openssh = {
-    enable = true;
-    hostKeys = [
-      { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
-    ];
-  };
-  services.cron.enable = false;
-  services.nscd.enable = false;
-  services.ntp.enable = false;
-
-  users.mutableUsers = false;
-  users.extraUsers.root.openssh.authorizedKeys.keys = [
-    # TODO
-    config.krebs.users.lass.pubkey
-    config.krebs.users.makefu.pubkey
-    config.krebs.users.tv.pubkey
-  ];
-
-  # The NixOS release to be compatible with for stateful data such as databases.
-  system.stateVersion = "15.09";
 }
-- 
cgit v1.3.1


From 5aed0a395b2f78216bc02a7178527034bb079d28 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 22:15:07 +0100
Subject: shared wolf: static ip, fix todo

---
 krebs/3modules/default.nix           |  1 +
 krebs/3modules/shared/default.nix    | 15 ++++++++++-----
 shared/1systems/wolf.nix             | 21 ++++++++++++++++++++-
 shared/2configs/shack-drivedroid.nix | 18 ++++++++++++++++++
 shared/2configs/shack-nix-cacher.nix | 25 +++++++++++++++++++++++++
 5 files changed, 74 insertions(+), 6 deletions(-)
 create mode 100644 shared/2configs/shack-drivedroid.nix
 create mode 100644 shared/2configs/shack-nix-cacher.nix

(limited to 'shared/1systems/wolf.nix')

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index a627d5657..ce52c148c 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -86,6 +86,7 @@ let
       krebs.dns.providers = {
         de.krebsco = "zones";
         gg23 = "hosts";
+        shack = "hosts";
         internet = "hosts";
         retiolum = "hosts";
       };
diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix
index 13aae886b..d5bce469b 100644
--- a/krebs/3modules/shared/default.nix
+++ b/krebs/3modules/shared/default.nix
@@ -33,12 +33,17 @@ let
 in {
   hosts = addNames {
     wolf = {
-      #dc = "shack";
+      dc = "shack";
       nets = {
-        #shack = {
-        #  addrs4 = [ TODO ];
-        #  aliases = ["wolf.shack"];
-        #};
+        shack = {
+          addrs4 = [ "10.42.2.136" ];
+          aliases = [
+            "wolf.shack"
+            "graphite.shack"
+            "acng.shack"
+            "drivedroid.shack"
+          ];
+        };
         retiolum = {
           addrs4 = ["10.243.77.1"];
           addrs6 = ["42:0:0:0:0:0:77:1"];
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index 4fe3388c8..30e6e1d07 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -1,12 +1,31 @@
 { config, lib, pkgs, ... }:
 
+let
+  shack-ip = lib.head config.krebs.build.host.nets.shack.addrs4;
+  internal-ip = lib.head config.krebs.build.host.nets.retiolum.addrs4;
+in
 {
   imports = [
     ../2configs/base.nix
     <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
     ../2configs/collectd-base.nix
+    ../2configs/shack-nix-cacher.nix
+    ../2configs/shack-drivedroid.nix
   ];
 
+  networking = {
+    interfaces.eth0.ip4 = [{
+      address = shack-ip;
+      prefixLength = 20;
+    }];
+
+    defaultGateway = "10.42.0.1";
+    nameservers = [ "8.8.8.8" ];
+  };
+
+  #####################
+  # uninteresting stuff
+  #####################
   krebs.build.host = config.krebs.hosts.wolf;
   # TODO rename shared user to "krebs"
   krebs.build.user = config.krebs.users.shared;
@@ -31,7 +50,7 @@
   fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; };
 
   swapDevices = [
-    { device = "/dev/disk/by-label/swap"; }
+    { device = "/dev/disk/by-label/swap";  }
   ];
 
   time.timeZone = "Europe/Berlin";
diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix
new file mode 100644
index 000000000..294f3a369
--- /dev/null
+++ b/shared/2configs/shack-drivedroid.nix
@@ -0,0 +1,18 @@
+{ pkgs, lib, ... }:
+
+{
+  krebs.nginx = {
+    enable = lib.mkDefault true;
+    servers = {
+      drivedroid-repo = {
+        server-names = [ "drivedroid.shack" ];
+        # TODO: prepare this somehow
+        locations = lib.singleton (lib.nameValuePair "/" ''
+          root /var/srv/drivedroid
+          index main.json
+        '');
+      };
+    };
+  };
+
+}
diff --git a/shared/2configs/shack-nix-cacher.nix b/shared/2configs/shack-nix-cacher.nix
new file mode 100644
index 000000000..7519bb3ac
--- /dev/null
+++ b/shared/2configs/shack-nix-cacher.nix
@@ -0,0 +1,25 @@
+{ pkgs, lib, ... }:
+
+{
+  krebs.nginx = {
+    enable = lib.mkDefault true;
+    servers = {
+      apt-cacher-ng = {
+        server-names = [ "acng.shack" ];
+        locations = lib.singleton (lib.nameValuePair "/" ''
+          proxy_set_header   Host $host;
+          proxy_set_header   X-Real-IP          $remote_addr;
+          proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_pass http://localhost:3142/;
+        '');
+      };
+    };
+  };
+
+  krebs.apt-cacher-ng = {
+    enable = true;
+    port = 3142;
+    bindAddress = "localhost";
+    cacheExpiration = 30;
+  };
+}
-- 
cgit v1.3.1


From e4c46c2ec22613830c5839001550f5fa155e260d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 23:13:09 +0100
Subject: shared 1 wolf: add self to binaryCache

---
 shared/1systems/wolf.nix | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'shared/1systems/wolf.nix')

diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index 30e6e1d07..8c5295bb3 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -12,8 +12,12 @@ in
     ../2configs/shack-nix-cacher.nix
     ../2configs/shack-drivedroid.nix
   ];
+  # use your own binary cache, fallback use cache.nixos.org (which is used by
+  # apt-cacher-ng in first place)
+  nix.binaryCaches = [ "http://localhost:3142/nixos" "https://cache.nixos.org" ];
 
   networking = {
+    firewall.enable = false;
     interfaces.eth0.ip4 = [{
       address = shack-ip;
       prefixLength = 20;
-- 
cgit v1.3.1


From 55ad05879b8ba97e369bfd72810028dd4622e356 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 14 Dec 2015 19:36:06 +0100
Subject: s 1 wolf: initial preparation of ci packaging

---
 makefu/2configs/nginx/euer.test.nix | 26 ++++++++++++++++++++++++++
 shared/1systems/wolf.nix            |  3 ++-
 shared/2configs/cac-ci.nix          | 11 +++++++++++
 3 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 makefu/2configs/nginx/euer.test.nix
 create mode 100644 shared/2configs/cac-ci.nix

(limited to 'shared/1systems/wolf.nix')

diff --git a/makefu/2configs/nginx/euer.test.nix b/makefu/2configs/nginx/euer.test.nix
new file mode 100644
index 000000000..ffdc0bc60
--- /dev/null
+++ b/makefu/2configs/nginx/euer.test.nix
@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  hostname = config.krebs.build.host.name;
+  user = config.services.nginx.user;
+  group = config.services.nginx.group;
+  external-ip = head config.krebs.build.host.nets.internet.addrs4;
+  internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
+in {
+  krebs.nginx = {
+    enable = mkDefault true;
+    servers = {
+      euer-share = {
+        listen = [ ];
+        server-names = [ "share.euer.krebsco.de" ];
+        locations = singleton (nameValuePair "/" ''
+          proxy_set_header   Host $host;
+          proxy_set_header   X-Real-IP          $remote_addr;
+          proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_pass http://localhost:8000/;
+        '');
+      };
+    };
+  };
+}
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index 8c5295bb3..a3e527a3b 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -11,6 +11,7 @@ in
     ../2configs/collectd-base.nix
     ../2configs/shack-nix-cacher.nix
     ../2configs/shack-drivedroid.nix
+    ../2configs/cac-ci.nix
   ];
   # use your own binary cache, fallback use cache.nixos.org (which is used by
   # apt-cacher-ng in first place)
@@ -24,7 +25,7 @@ in
     }];
 
     defaultGateway = "10.42.0.1";
-    nameservers = [ "8.8.8.8" ];
+    nameservers = [ "10.42.0.100" "10.42.0.200" ];
   };
 
   #####################
diff --git a/shared/2configs/cac-ci.nix b/shared/2configs/cac-ci.nix
new file mode 100644
index 000000000..06cce2746
--- /dev/null
+++ b/shared/2configs/cac-ci.nix
@@ -0,0 +1,11 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+  environment.systemPackages = with pkgs;[
+    get
+    cac
+    cacpanel
+    jq
+  ];
+}
-- 
cgit v1.3.1


From c2fd296ad671a73e85f830c84d860e988587d9ac Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Wed, 16 Dec 2015 17:01:22 +0100
Subject: s 1 wolf: provide graphite

---
 shared/1systems/wolf.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'shared/1systems/wolf.nix')

diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index a3e527a3b..2c51ac8fe 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -12,6 +12,7 @@ in
     ../2configs/shack-nix-cacher.nix
     ../2configs/shack-drivedroid.nix
     ../2configs/cac-ci.nix
+    ../2configs/graphite.nix
   ];
   # use your own binary cache, fallback use cache.nixos.org (which is used by
   # apt-cacher-ng in first place)
-- 
cgit v1.3.1