diff options
| author | tv <tv@krebsco.de> | 2017-07-13 00:37:54 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2017-07-13 00:37:54 +0200 |
| commit | bc6c6a3164d31141f39333914c1b15ff261e7859 (patch) | |
| tree | 8bff8dd19f1d9f9fcc2b78b7c8d3fb81a332aab4 | |
| parent | 4da01794605291bdb7bd9fa9dc7109764f4faf58 (diff) | |
| parent | 7212de210bb7fc751ffade00d6b1b08f195ddf47 (diff) | |
Merge remote-tracking branch 'prism/master'
42 files changed, 256 insertions, 192 deletions
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs/config.nix index e65b13d00..aa9a1f1ab 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs/config.nix @@ -1,18 +1,17 @@ { config, lib, pkgs, ... }: let - inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; - + inherit (import <stockholm/lass/4lib> { inherit pkgs lib; }) getDefaultGateway; ip = config.krebs.build.host.nets.internet.ip4.addr; in { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/os-templates/CAC-CentOS-7-64bit.nix - ../2configs/exim-retiolum.nix - ../2configs/git.nix - ../2configs/realwallpaper.nix - ../2configs/privoxy-retiolum.nix + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/git.nix> + <stockholm/lass/2configs/realwallpaper.nix> + <stockholm/lass/2configs/privoxy-retiolum.nix> { networking.interfaces.enp2s1.ip4 = [ { diff --git a/lass/1systems/cloudkrebs/source.nix b/lass/1systems/cloudkrebs/source.nix new file mode 100644 index 000000000..99e71e755 --- /dev/null +++ b/lass/1systems/cloudkrebs/source.nix @@ -0,0 +1,3 @@ +import <stockholm/lass/source.nix> { + name = "cloudkrebs"; +} diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire/config.nix index e12367aca..416edeb82 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire/config.nix @@ -2,11 +2,10 @@ { imports = [ - ../. - ../2configs/retiolum.nix + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - #../2configs/exim-retiolum.nix - ../2configs/git.nix + <stockholm/lass/2configs/git.nix> { boot.loader.grub = { device = "/dev/vda"; @@ -56,7 +55,7 @@ } { imports = [ - ../2configs/websites/fritz.nix + <stockholm/lass/2configs/websites/fritz.nix> ]; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport http"; target = "ACCEPT"; } diff --git a/lass/1systems/dishfire/source.nix b/lass/1systems/dishfire/source.nix new file mode 100644 index 000000000..2445af130 --- /dev/null +++ b/lass/1systems/dishfire/source.nix @@ -0,0 +1,3 @@ +import <stockholm/lass/source.nix> { + name = "dishfire"; +} diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon/config.nix index da8864011..f064a4788 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon/config.nix @@ -1,22 +1,20 @@ { config, lib, pkgs, ... }: let - inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; - + inherit (import <stockholm/lass/4lib> { inherit pkgs lib; }) getDefaultGateway; ip = config.krebs.build.host.nets.internet.ip4.addr; in { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/os-templates/CAC-CentOS-7-64bit.nix - ../2configs/exim-retiolum.nix - ../2configs/realwallpaper.nix - ../2configs/privoxy-retiolum.nix - ../2configs/git.nix - #../2configs/redis.nix - ../2configs/go.nix - ../2configs/ircd.nix - ../2configs/newsbot-js.nix + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/realwallpaper.nix> + <stockholm/lass/2configs/privoxy-retiolum.nix> + <stockholm/lass/2configs/git.nix> + <stockholm/lass/2configs/go.nix> + <stockholm/lass/2configs/ircd.nix> + <stockholm/lass/2configs/newsbot-js.nix> { networking.interfaces.enp2s1.ip4 = [ { @@ -34,9 +32,6 @@ in { sound.enable = false; } { - imports = [ - ../3modules/dnsmasq.nix - ]; lass.dnsmasq = { enable = true; config = '' diff --git a/lass/1systems/echelon/source.nix b/lass/1systems/echelon/source.nix new file mode 100644 index 000000000..96888d5a8 --- /dev/null +++ b/lass/1systems/echelon/source.nix @@ -0,0 +1,3 @@ +import <stockholm/lass/source.nix> { + name = "echelon"; +} diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus/config.nix index 13c517e3b..1d20c081a 100644 --- a/lass/1systems/icarus.nix +++ b/lass/1systems/icarus/config.nix @@ -1,19 +1,18 @@ { config, pkgs, ... }: -with import <stockholm/lib>; { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/hw/tp-x220.nix - ../2configs/git.nix - ../2configs/exim-retiolum.nix - ../2configs/baseX.nix - ../2configs/browsers.nix - ../2configs/programs.nix - ../2configs/fetchWallpaper.nix - ../2configs/backups.nix - ../2configs/games.nix + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/hw/tp-x220.nix> + <stockholm/lass/2configs/git.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + <stockholm/lass/2configs/backups.nix> + <stockholm/lass/2configs/games.nix> ]; krebs.build.host = config.krebs.hosts.icarus; @@ -55,7 +54,7 @@ with import <stockholm/lib>; }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; } diff --git a/lass/1systems/icarus/source.nix b/lass/1systems/icarus/source.nix new file mode 100644 index 000000000..5b46a44f3 --- /dev/null +++ b/lass/1systems/icarus/source.nix @@ -0,0 +1,4 @@ +import <stockholm/lass/source.nix> { + name = "icarus"; + secure = true; +} diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index b45d5b228..820ef74b8 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -4,12 +4,11 @@ with import <stockholm/lib>; { imports = [ <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix> - ../../krebs - ../3modules - ../5pkgs - ../2configs/mc.nix - ../2configs/nixpkgs.nix - ../2configs/vim.nix + <stockholm/krebs> + <stockholm/lass/3modules> + <stockholm/lass/5pkgs> + <stockholm/lass/2configs/mc.nix> + <stockholm/lass/2configs/vim.nix> { # /dev/stderr doesn't work. I don't know why # /proc/self doesn't seem to work correctly diff --git a/lass/1systems/mors.nix b/lass/1systems/mors/config.nix index 0bfd54515..45b3f740f 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors/config.nix @@ -3,28 +3,27 @@ with import <stockholm/lib>; { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/hw/tp-x220.nix - ../2configs/baseX.nix - ../2configs/exim-retiolum.nix - ../2configs/programs.nix - ../2configs/bitcoin.nix - ../2configs/browsers.nix - ../2configs/games.nix - ../2configs/pass.nix - ../2configs/elster.nix - ../2configs/steam.nix - ../2configs/wine.nix - ../2configs/git.nix - ../2configs/virtualbox.nix - ../2configs/fetchWallpaper.nix - #../2configs/c-base.nix - ../2configs/mail.nix - ../2configs/repo-sync.nix - ../2configs/ircd.nix - ../2configs/logf.nix - ../2configs/syncthing.nix + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/hw/tp-x220.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/bitcoin.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/games.nix> + <stockholm/lass/2configs/pass.nix> + <stockholm/lass/2configs/elster.nix> + <stockholm/lass/2configs/steam.nix> + <stockholm/lass/2configs/wine.nix> + <stockholm/lass/2configs/git.nix> + <stockholm/lass/2configs/virtualbox.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + <stockholm/lass/2configs/mail.nix> + <stockholm/lass/2configs/repo-sync.nix> + <stockholm/lass/2configs/ircd.nix> + <stockholm/lass/2configs/logf.nix> + <stockholm/lass/2configs/syncthing.nix> { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ @@ -48,7 +47,7 @@ with import <stockholm/lib>; { lass.umts = { enable = true; - modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09"; + modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_C12AD95CB7B78F90-if09"; initstrings = '' Init1 = AT+CFUN=1 Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 @@ -129,7 +128,7 @@ with import <stockholm/lib>; }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix new file mode 100644 index 000000000..a9dfa2eb6 --- /dev/null +++ b/lass/1systems/mors/source.nix @@ -0,0 +1,4 @@ +import <stockholm/lass/source.nix> { + name = "mors"; + secure = true; +} diff --git a/lass/1systems/prism.nix b/lass/1systems/prism/config.nix index 531dec9df..9faa4d473 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism/config.nix @@ -4,13 +4,9 @@ with import <stockholm/lib>; let ip = config.krebs.build.host.nets.internet.ip4.addr; - inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;}) - manageCerts - ; - in { imports = [ - ../. + <stockholm/lass> { networking.interfaces.et0.ip4 = [ { @@ -26,33 +22,33 @@ in { SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" ''; } - ../2configs/retiolum.nix - ../2configs/exim-smarthost.nix - ../2configs/downloading.nix - ../2configs/ts3.nix - ../2configs/bitlbee.nix - ../2configs/weechat.nix - ../2configs/privoxy-retiolum.nix - ../2configs/radio.nix - ../2configs/buildbot-standalone.nix - ../2configs/repo-sync.nix - ../2configs/binary-cache/server.nix - ../2configs/iodined.nix - ../2configs/libvirt.nix - ../2configs/hfos.nix - ../2configs/makefu-sip.nix - ../2configs/monitoring/server.nix - ../2configs/monitoring/monit-alarms.nix - ../2configs/paste.nix - ../2configs/syncthing.nix - ../2configs/coders-irc.nix - ../2configs/ciko.nix + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/exim-smarthost.nix> + <stockholm/lass/2configs/downloading.nix> + <stockholm/lass/2configs/ts3.nix> + <stockholm/lass/2configs/bitlbee.nix> + <stockholm/lass/2configs/weechat.nix> + <stockholm/lass/2configs/privoxy-retiolum.nix> + <stockholm/lass/2configs/radio.nix> + <stockholm/lass/2configs/buildbot-standalone.nix> + <stockholm/lass/2configs/repo-sync.nix> + <stockholm/lass/2configs/binary-cache/server.nix> + <stockholm/lass/2configs/iodined.nix> + <stockholm/lass/2configs/libvirt.nix> + <stockholm/lass/2configs/hfos.nix> + <stockholm/lass/2configs/makefu-sip.nix> + <stockholm/lass/2configs/monitoring/server.nix> + <stockholm/lass/2configs/monitoring/monit-alarms.nix> + <stockholm/lass/2configs/paste.nix> + <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/coders-irc.nix> + <stockholm/lass/2configs/ciko.nix> { lass.pyload.enable = true; } { imports = [ - ../2configs/bepasty.nix + <stockholm/lass/2configs/bepasty.nix> ]; krebs.bepasty.servers."paste.r".nginx.extraConfig = '' if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { @@ -170,8 +166,8 @@ in { } { imports = [ - ../2configs/websites/domsen.nix - ../2configs/websites/lassulus.nix + <stockholm/lass/2configs/websites/domsen.nix> + <stockholm/lass/2configs/websites/lassulus.nix> ]; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport http"; target = "ACCEPT"; } @@ -195,7 +191,7 @@ in { } { imports = [ - ../2configs/realwallpaper.nix + <stockholm/lass/2configs/realwallpaper.nix> ]; services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' alias /var/realwallpaper/realwallpaper.png; diff --git a/lass/1systems/prism/source.nix b/lass/1systems/prism/source.nix new file mode 100644 index 000000000..557fbf509 --- /dev/null +++ b/lass/1systems/prism/source.nix @@ -0,0 +1,3 @@ +import <stockholm/lass/source.nix> { + name = "prism"; +} diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan/config.nix index 044e2ccf8..a68471aa0 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan/config.nix @@ -3,17 +3,17 @@ with import <stockholm/lib>; { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/hw/tp-x220.nix - ../2configs/baseX.nix - ../2configs/git.nix - ../2configs/exim-retiolum.nix - ../2configs/browsers.nix - ../2configs/programs.nix - ../2configs/fetchWallpaper.nix - ../2configs/backups.nix - ../2configs/wine.nix + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/hw/tp-x220.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/git.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + <stockholm/lass/2configs/backups.nix> + <stockholm/lass/2configs/wine.nix> #{ # users.extraUsers = { # root = { diff --git a/lass/1systems/shodan/source.nix b/lass/1systems/shodan/source.nix new file mode 100644 index 000000000..be24ae2d5 --- /dev/null +++ b/lass/1systems/shodan/source.nix @@ -0,0 +1,3 @@ +import <stockholm/lass/source.nix> { + name = "shodan"; +} diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel/config.nix index b84fec317..70bef9883 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel/config.nix @@ -4,9 +4,9 @@ with builtins; with import <stockholm/lib>; { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/exim-retiolum.nix + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/exim-retiolum.nix> { # locke config i18n.defaultLocale ="de_DE.UTF-8"; diff --git a/lass/1systems/uriel/source.nix b/lass/1systems/uriel/source.nix new file mode 100644 index 000000000..11d6e1c34 --- /dev/null +++ b/lass/1systems/uriel/source.nix @@ -0,0 +1,3 @@ +import <stockholm/lass/source.nix> { + name = "uriel"; +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 27b74a30b..22a7b1c19 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -6,7 +6,6 @@ with import <stockholm/lib>; ../2configs/binary-cache/client.nix ../2configs/gc.nix ../2configs/mc.nix - ../2configs/nixpkgs.nix ../2configs/vim.nix ../2configs/monitoring/client.nix ./htop.nix @@ -36,6 +35,7 @@ with import <stockholm/lib>; extraGroups = [ "audio" "fuse" + "wheel" ]; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey @@ -71,16 +71,7 @@ with import <stockholm/lib>; krebs = { enable = true; search-domain = "r"; - build = { - user = config.krebs.users.lass; - source = let inherit (config.krebs.build) host; in { - nixos-config.symlink = "stockholm/lass/1systems/${host.name}.nix"; - secrets.file = - if getEnv "dummy_secrets" == "true" - then toString <stockholm/lass/2configs/tests/dummy-secrets> - else "/home/lass/secrets/${host.name}"; - }; - }; + build.user = config.krebs.users.lass; }; nix.useSandbox = true; diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 5f686e26e..4137c482e 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -65,7 +65,7 @@ let server = "ni.r"; verbose = config.krebs.build.host.name == "prism"; # TODO define branches in some kind of option per repo - branches = [ "master" ]; + branches = [ "master" "staging*" ]; }; }; }; diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index e39c09b84..9f5e3d523 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -43,14 +43,26 @@ let set nm_record = yes set nm_record_tags = "-inbox me archive" set virtual_spoolfile=yes # enable virtual folders - set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail + + + set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail set from="lassulus@lassul.us" + alternates ^.*@lassul\.us$ ^.*@.*\.r$ set use_from=yes set envelope_from=yes + set reverse_name set sort=threads - set index_format="%4C %Z %?GI?%GI& ? %[%d/%b] %-16.15F %?M?(%3M)& ? %s %> %?g?%g?" + set index_format="${pkgs.writeDash "mutt-index" '' + # http://www.mutt.org/doc/manual/#formatstrings + recipent="$(echo $1 | sed 's/[^,]*<\([^>]*\)[^,]*/ \1/g')" + # output to mutt + # V + echo "%4C %Z %?GI?%GI& ? %[%d/%b] %-20.20a %?M?(%3M)& ? %s %> $recipent %?g?%g?%" + # args to mutt-index dash script + # V + ''} %r |" virtual-mailboxes \ "INBOX" "notmuch://?query=tag:inbox and NOT tag:killed"\ diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix deleted file mode 100644 index 151242e45..000000000 --- a/lass/2configs/nixpkgs.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - krebs.build.source.nixpkgs.git = { - url = https://cgit.lassul.us/nixpkgs; - ref = "2e983f1"; - }; -} diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index ee688e18c..d4a91e645 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -13,7 +13,10 @@ in { description = "user for running wine"; home = "/home/wine"; useDefaultShell = true; - extraGroups = [ "audio" ]; + extraGroups = [ + "audio" + "video" + ]; createHome = true; }; }; diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index fd353e008..e7744395d 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -1,6 +1,7 @@ _: { imports = [ + ./dnsmasq.nix ./ejabberd ./folderPerms.nix ./hosts.nix diff --git a/lass/source.nix b/lass/source.nix new file mode 100644 index 000000000..a4e9d9d6a --- /dev/null +++ b/lass/source.nix @@ -0,0 +1,24 @@ +with import <stockholm/lib>; +host@{ name, secure ? false }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "lass"; + _file = <stockholm> + "/lass/1systems/${name}/source.nix"; +in + evalSource (toString _file) { + nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; + secrets.file = getAttr builder { + buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>; + lass = "/home/lass/secrets/${name}"; + }; + stockholm.file = toString <stockholm>; + nixpkgs.git = { + url = https://cgit.lassul.us/nixpkgs; + # nixos-17.03 + # + copytoram: + # 87a4615 & 334ac4f + # + acme permissions for groups + # fd7a8f1 + ref = "0aac3fc"; + }; + } diff --git a/nin/2configs/nixpkgs.nix b/nin/2configs/nixpkgs.nix index 14ddb7920..c46331b0d 100644 --- a/nin/2configs/nixpkgs.nix +++ b/ |