path: root/tv/systems/cd.nix
diff options
authortv <>2015-07-27 02:02:34 +0200
committertv <>2015-07-27 02:02:34 +0200
commit869eeb1dc1d3bfeddf67f882e0853b15e63dceb3 (patch)
treefa6bf616e54422468ef7f58c290a710b0710b9b9 /tv/systems/cd.nix
parentb9df7908fc96c6e809c3f22bfca50d8703ce12a1 (diff)
* tv -> tv *
Diffstat (limited to 'tv/systems/cd.nix')
1 files changed, 127 insertions, 0 deletions
diff --git a/tv/systems/cd.nix b/tv/systems/cd.nix
new file mode 100644
index 0000000..461fbc7
--- /dev/null
+++ b/tv/systems/cd.nix
@@ -0,0 +1,127 @@
+{ config, lib, pkgs, ... }:
+with lib;
+ tvpkgs = import ../pkgs { inherit pkgs; };
+ =;
+ imports = [
+ ../configs/CAC-Developer-2.nix
+ ../configs/CAC-CentOS-7-64bit.nix
+ ../configs/base.nix
+ ../configs/consul-server.nix
+ ../configs/exim-smarthost.nix
+ ../configs/git.nix
+ {
+ imports = [ ../configs/charybdis.nix ];
+ tv.charybdis = {
+ enable = true;
+ sslCert = ../../Zcerts/charybdis_cd.crt.pem;
+ };
+ }
+ {
+ tv.ejabberd = {
+ enable = true;
+ hosts = [ "" ];
+ };
+ }
+ {
+ krebs.github-hosts-sync.enable = true;
+ tv.iptables.input-internet-accept-new-tcp =
+ singleton config.krebs.github-hosts-sync.port;
+ }
+ {
+ tv.iptables = {
+ enable = true;
+ input-internet-accept-new-tcp = [
+ "ssh"
+ "tinc"
+ "smtp"
+ "xmpp-client"
+ "xmpp-server"
+ ];
+ input-retiolum-accept-new-tcp = [
+ "http"
+ ];
+ };
+ }
+ {
+ tv.iptables.input-internet-accept-new-tcp = singleton "http";
+ krebs.nginx.servers.cgit.server-names = singleton "";
+ }
+ {
+ # TODO make public_html also available to cd, cd.retiolum (AKA default)
+ tv.iptables.input-internet-accept-new-tcp = singleton "http";
+ krebs.nginx.servers.public_html = {
+ server-names = singleton "";
+ locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
+ alias /home/$1/public_html$2;
+ '');
+ };
+ }
+ {
+ krebs.nginx.servers.viljetic = {
+ server-names = singleton "";
+ # TODO directly set root (instead via location)
+ locations = singleton (nameValuePair "/" ''
+ root ${tvpkgs.viljetic-pages};
+ '');
+ };
+ }
+ {
+ krebs.retiolum = {
+ enable = true;
+ connectTo = [
+ "fastpoke"
+ "pigstarter"
+ "ire"
+ ];
+ };
+ }
+ ];
+ networking.interfaces.enp2s1.ip4 = [
+ {
+ address = "";
+ prefixLength = 24;
+ }
+ ];
+ networking.defaultGateway = "";
+ networking.nameservers = [
+ ""
+ ];
+ environment.systemPackages = with pkgs; [
+ git # required for ./deploy, clone_or_update
+ htop
+ iftop
+ iotop
+ iptables
+ mutt # for mv
+ nethogs
+ rxvt_unicode.terminfo
+ tcpdump
+ ];
+ services.journald.extraConfig = ''
+ SystemMaxUse=1G
+ RuntimeMaxUse=128M
+ '';
+ users.extraUsers = {
+ mv = {
+ uid = 1338;
+ group = "users";
+ home = "/home/mv";
+ createHome = true;
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = [
+ ];
+ };
+ };