From 1edc8c249da009e8e99ee4d0f6dce9449ab03c41 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 19 Jul 2015 22:51:39 +0200 Subject: 2 lass.desktop-base: remove german keyboard layout --- 2configs/lass/desktop-base.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/2configs/lass/desktop-base.nix b/2configs/lass/desktop-base.nix index ee7a94bc9..9b98e4a8b 100644 --- a/2configs/lass/desktop-base.nix +++ b/2configs/lass/desktop-base.nix @@ -55,11 +55,9 @@ in { displayManager.auto.enable = true; displayManager.auto.user = mainUser.name; - layout = "us,de"; + layout = "us"; xkbModel = "evdev"; - xkbVariant = "altgr-intl,nodeadkeys"; - xkbOptions = "grp:caps_toggle"; - + xkbVariant = "altgr-intl"; }; } -- cgit v1.2.3 From 2eb1002f7a47b09b64ae1985642168e9733c92e7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Jul 2015 18:57:58 +0200 Subject: 1&2 lass: move userconfig to base.nix --- 1systems/lass/mors.nix | 15 --------------- 1systems/lass/uriel.nix | 33 ++++++++++----------------------- 2configs/lass/base.nix | 26 ++++++++++++++++++++++++-- 3 files changed, 34 insertions(+), 40 deletions(-) diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix index 940dc4fdb..7e70be8c4 100644 --- a/1systems/lass/mors.nix +++ b/1systems/lass/mors.nix @@ -168,21 +168,6 @@ ''; }; - users.extraUsers = { - #main user - mainUser = { - uid = 1337; - name = "lass"; - #isNormalUser = true; - group = "users"; - createHome = true; - home = "/home/lass"; - useDefaultShell = true; - isSystemUser = false; - extraGroups = [ "wheel" "audio" ]; - }; - }; - environment.systemPackages = with pkgs; [ ]; diff --git a/1systems/lass/uriel.nix b/1systems/lass/uriel.nix index 25745d055..a5a0833dc 100644 --- a/1systems/lass/uriel.nix +++ b/1systems/lass/uriel.nix @@ -1,5 +1,6 @@ { config, pkgs, ... }: +with builtins; { imports = [ ../../2configs/lass/desktop-base.nix @@ -30,6 +31,15 @@ enable = true; }; } + { + users.extraUsers = { + root = { + openssh.authorizedKeys.keys = map readFile [ + ../../Zpubkeys/uriel.ssh.pub + ]; + }; + }; + } ]; networking.hostName = "uriel"; @@ -87,29 +97,6 @@ ''; }; - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ - config.sshKeys.lass.pub - ]; - }; - mainUser = { - uid = 1337; - name = "lass"; - #isNormalUser = true; - group = "users"; - createHome = true; - home = "/home/lass"; - useDefaultShell = true; - isSystemUser = false; - description = "lassulus"; - extraGroups = [ "wheel" "audio" ]; - openssh.authorizedKeys.keys = [ - config.sshKeys.lass.pub - ]; - }; - }; - environment.systemPackages = with pkgs; [ ]; diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix index 5e5b8a7b1..26e6cae51 100644 --- a/2configs/lass/base.nix +++ b/2configs/lass/base.nix @@ -3,14 +3,36 @@ with lib; { imports = [ - ./sshkeys.nix ../../3modules/lass/iptables.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) (import /root/src/secrets/hashedPasswords.nix); } - + { + users.extraUsers = { + root = { + openssh.authorizedKeys.keys = map readFile [ + ../../Zpubkeys/lass.ssh.pub + ]; + }; + mainUser = { + name = "lass"; + uid = 1337; + home = "/home/lass"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + "audio" + "wheel" + ]; + openssh.authorizedKeys.keys = map readFile [ + ../../Zpubkeys/lass.ssh.pub + ]; + }; + }; + } ]; nix.useChroot = true; -- cgit v1.2.3 From 69a4c44f08d6e2c6e9a3b9a797fc535d1333833b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Jul 2015 19:02:31 +0200 Subject: 2 lass: remove gitolite from base.nix --- 2configs/lass/base.nix | 33 +++++---------------------------- 1 file changed, 5 insertions(+), 28 deletions(-) diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix index 26e6cae51..a0d3c3ad4 100644 --- a/2configs/lass/base.nix +++ b/2configs/lass/base.nix @@ -99,11 +99,11 @@ with lib; "sendmail" ]; - services.gitolite = { - enable = true; - dataDir = "/home/gitolite"; - adminPubkey = config.sshKeys.lass.pub; - }; + #services.gitolite = { + # enable = true; + # dataDir = "/home/gitolite"; + # adminPubkey = config.sshKeys.lass.pub; + #}; services.openssh = { enable = true; @@ -132,27 +132,4 @@ with lib; }; }; - #Networking.firewall = { - # enable = true; - - # allowedTCPPorts = [ - # 22 - # ]; - - # extraCommands = '' - # iptables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED - # iptables -A INPUT -j ACCEPT -i lo - # #http://serverfault.com/questions/84963/why-not-block-icmp - # iptables -A INPUT -j ACCEPT -p icmp - - # #TODO: fix Retiolum firewall - # #iptables -N RETIOLUM - # #iptables -A INPUT -j RETIOLUM -i retiolum - # #iptables -A RETIOLUM -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED - # #iptables -A RETIOLUM -j REJECT -p tcp --reject-with tcp-reset - # #iptables -A RETIOLUM -j REJECT -p udp --reject-with icmp-port-unreachable - # #iptables -A RETIOLUM -j REJECT --reject-with icmp-proto-unreachable - # #iptables -A RETIOLUM -j REJECT - # ''; - #}; } -- cgit v1.2.3 From bf4f2e31d3b5872fedc363325c90897f6826402f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Jul 2015 19:04:40 +0200 Subject: lass: add cloudkrebs system --- 0make/lass/cloudkrebs.makefile | 4 ++++ 1systems/lass/cloudkrebs.nix | 43 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 0make/lass/cloudkrebs.makefile create mode 100644 1systems/lass/cloudkrebs.nix diff --git a/0make/lass/cloudkrebs.makefile b/0make/lass/cloudkrebs.makefile new file mode 100644 index 000000000..baf7660b4 --- /dev/null +++ b/0make/lass/cloudkrebs.makefile @@ -0,0 +1,4 @@ +deploy_host := root@cloudkrebs +nixpkgs_url := https://github.com/Lassulus/nixpkgs +nixpkgs_rev := 1879a011925c561f0a7fd4043da0768bbff41d0b +secrets_dir := /home/lass/secrets/cloudkrebs diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix new file mode 100644 index 000000000..dc27affe7 --- /dev/null +++ b/1systems/lass/cloudkrebs.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ../../2configs/tv/CAC-Developer-2.nix + ../../2configs/tv/CAC-CentOS-7-64bit.nix + ../../2configs/lass/base.nix + { + networking.interfaces.enp2s1.ip4 = [ + { + address = "104.167.113.104"; + prefixLength = 24; + } + ]; + networking.defaultGateway = "104.167.113.1"; + networking.nameservers = [ + "8.8.8.8" + ]; + + } + { + imports = [ ../../3modules/tv/retiolum.nix ]; + tv.retiolum = { + enable = true; + hosts = ../../Zhosts; + connectTo = [ + "fastpoke" + "gum" + "pigstarter" + ]; + }; + } + { + imports = [ ../../3modules/tv/identity.nix ]; + tv.identity = { + enable = true; + }; + } + ]; + + networking.hostName = "cloudkrebs"; + +} -- cgit v1.2.3 From a1ea09404f717493cac5bd320093a7240dac32fd Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Jul 2015 19:14:15 +0200 Subject: 2 lass.git-repos: change irc-server to cd --- 2configs/lass/git-repos.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2configs/lass/git-repos.nix b/2configs/lass/git-repos.nix index c0c305b85..b4f446aef 100644 --- a/2configs/lass/git-repos.nix +++ b/2configs/lass/git-repos.nix @@ -39,7 +39,7 @@ let post-receive = git.irc-announce { nick = config.networking.hostName; # TODO make this the default channel = "#retiolum"; - server = "ire.retiolum"; + server = "cd.retiolum"; }; }; }; @@ -63,7 +63,7 @@ let post-receive = git.irc-announce { nick = config.networking.hostName; # TODO make this the default channel = "#retiolum"; - server = "ire.retiolum"; + server = "cd.retiolum"; }; }; public = true; -- cgit v1.2.3 From d94b2132d54a7b38fa307bb1ad5c0ddf9812f54e Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 02:11:56 +0200 Subject: 1&2 lass: move exim/retiolum to retiolum.nix --- 1systems/lass/cloudkrebs.nix | 13 +------------ 1systems/lass/mors.nix | 14 +------------- 1systems/lass/uriel.nix | 14 +------------- 2configs/lass/retiolum.nix | 29 +++++++++++++++++++++++++++++ 4 files changed, 32 insertions(+), 38 deletions(-) create mode 100644 2configs/lass/retiolum.nix diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix index dc27affe7..53e23dbee 100644 --- a/1systems/lass/cloudkrebs.nix +++ b/1systems/lass/cloudkrebs.nix @@ -5,6 +5,7 @@ ../../2configs/tv/CAC-Developer-2.nix ../../2configs/tv/CAC-CentOS-7-64bit.nix ../../2configs/lass/base.nix + ../../2configs/lass/retiolum.nix { networking.interfaces.enp2s1.ip4 = [ { @@ -18,18 +19,6 @@ ]; } - { - imports = [ ../../3modules/tv/retiolum.nix ]; - tv.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "fastpoke" - "gum" - "pigstarter" - ]; - }; - } { imports = [ ../../3modules/tv/identity.nix ]; tv.identity = { diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix index 7e70be8c4..dacf7668e 100644 --- a/1systems/lass/mors.nix +++ b/1systems/lass/mors.nix @@ -20,19 +20,7 @@ ../../2configs/lass/chromium-patched.nix ../../2configs/lass/git-repos.nix ../../2configs/tv/synaptics.nix - ../../2configs/tv/exim-retiolum.nix - { - imports = [ ../../3modules/tv/retiolum.nix ]; - tv.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "fastpoke" - "gum" - "pigstarter" - ]; - }; - } + ../../2configs/lass/retiolum.nix { imports = [ ../../3modules/tv/identity.nix ]; tv.identity = { diff --git a/1systems/lass/uriel.nix b/1systems/lass/uriel.nix index a5a0833dc..7a5da23e1 100644 --- a/1systems/lass/uriel.nix +++ b/1systems/lass/uriel.nix @@ -12,19 +12,7 @@ with builtins; ../../2configs/lass/bird.nix ../../2configs/lass/git-repos.nix ../../2configs/lass/chromium-patched.nix - ../../2configs/tv/exim-retiolum.nix - { - imports = [ ../../3modules/tv/retiolum.nix ]; - tv.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "fastpoke" - "gum" - "pigstarter" - ]; - }; - } + ../../2configs/lass/retiolum.nix { imports = [ ../../3modules/tv/identity.nix ]; tv.identity = { diff --git a/2configs/lass/retiolum.nix b/2configs/lass/retiolum.nix new file mode 100644 index 000000000..d1389ad2a --- /dev/null +++ b/2configs/lass/retiolum.nix @@ -0,0 +1,29 @@ +{ ... }: + +{ + imports = [ + ../../3modules/lass/iptables.nix + ../../3modules/tv/retiolum.nix + ../../2configs/tv/exim-retiolum.nix + ]; + + lass.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } + { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } + { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } + ]; + }; + }; + + tv.retiolum = { + enable = true; + hosts = ../../Zhosts; + connectTo = [ + "fastpoke" + "cloudkrebs" + "pigstarter" + ]; + }; +} -- cgit v1.2.3 From 47f68443a39d8492b4bd056de8e35cfef2027f0c Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 02:17:40 +0200 Subject: 1&2 lass: move vim.nix import to base.nix --- 1systems/lass/mors.nix | 1 - 1systems/lass/uriel.nix | 1 - 2configs/lass/base.nix | 1 + 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix index dacf7668e..300738089 100644 --- a/1systems/lass/mors.nix +++ b/1systems/lass/mors.nix @@ -8,7 +8,6 @@ ../../2configs/lass/browsers.nix ../../2configs/lass/games.nix ../../2configs/lass/pass.nix - ../../2configs/lass/vim.nix ../../2configs/lass/virtualbox.nix ../../2configs/lass/elster.nix ../../2configs/lass/urxvt.nix diff --git a/1systems/lass/uriel.nix b/1systems/lass/uriel.nix index 7a5da23e1..a6f5a82d6 100644 --- a/1systems/lass/uriel.nix +++ b/1systems/lass/uriel.nix @@ -7,7 +7,6 @@ with builtins; ../../2configs/lass/browsers.nix ../../2configs/lass/games.nix ../../2configs/lass/pass.nix - ../../2configs/lass/vim.nix ../../2configs/lass/urxvt.nix ../../2configs/lass/bird.nix ../../2configs/lass/git-repos.nix diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix index a0d3c3ad4..35631ffef 100644 --- a/2configs/lass/base.nix +++ b/2configs/lass/base.nix @@ -4,6 +4,7 @@ with lib; { imports = [ ../../3modules/lass/iptables.nix + ../../2configs/lass/vim.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) -- cgit v1.2.3 From ab9a4dac127f378471126a72c7dc36a5ae7c29d6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 02:18:45 +0200 Subject: 3 lass.iptables: fix precedence sort order --- 3modules/lass/iptables.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3modules/lass/iptables.nix b/3modules/lass/iptables.nix index c97b9f730..8c6ad3fa1 100644 --- a/3modules/lass/iptables.nix +++ b/3modules/lass/iptables.nix @@ -106,7 +106,7 @@ let buildChain = tn: cn: let - sortedRules = sort (a: b: a.precedence < b.precedence) ts."${tn}"."${cn}".rules; + sortedRules = sort (a: b: a.precedence > b.precedence) ts."${tn}"."${cn}".rules; in #TODO: double check should be unneccessary, refactor! -- cgit v1.2.3 From 5913192e74212e3398b126d50030cfd60333c295 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 02:19:24 +0200 Subject: 2 lass.base: use precedence in iptables config --- 2configs/lass/base.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix index 35631ffef..b24e6a9a4 100644 --- a/2configs/lass/base.nix +++ b/2configs/lass/base.nix @@ -125,10 +125,10 @@ with lib; filter.INPUT.policy = "DROP"; filter.FORWARD.policy = "DROP"; filter.INPUT.rules = [ - { predicate = "-i lo"; target = "ACCEPT"; } - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; } - { predicate = "-p icmp"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; } + { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } + { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } + { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } ]; }; }; -- cgit v1.2.3 From 118b74fdb21d348c82b4bdc8ba88e5f39afe2ea7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 02:19:46 +0200 Subject: 2 lass.base: add nmap to defaultPackages --- 2configs/lass/base.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix index b24e6a9a4..494cafa95 100644 --- a/2configs/lass/base.nix +++ b/2configs/lass/base.nix @@ -53,6 +53,8 @@ with lib; ''; environment.systemPackages = with pkgs; [ + nmap + git most rxvt_unicode.terminfo -- cgit v1.2.3 From b590d9e21d8c99a91fd419c3e0bea949a9ac6849 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 02:20:44 +0200 Subject: 1 lass.cloudkrebs: move config to fastpoke-pages --- 1systems/lass/cloudkrebs.nix | 1 + 2configs/lass/fastpoke-pages.nix | 103 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 104 insertions(+) create mode 100644 2configs/lass/fastpoke-pages.nix diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix index 53e23dbee..8b3e41584 100644 --- a/1systems/lass/cloudkrebs.nix +++ b/1systems/lass/cloudkrebs.nix @@ -6,6 +6,7 @@ ../../2configs/tv/CAC-CentOS-7-64bit.nix ../../2configs/lass/base.nix ../../2configs/lass/retiolum.nix + ../../2configs/lass/fastpoke-pages.nix { networking.interfaces.enp2s1.ip4 = [ { diff --git a/2configs/lass/fastpoke-pages.nix b/2configs/lass/fastpoke-pages.nix new file mode 100644 index 000000000..2fd9a863a --- /dev/null +++ b/2configs/lass/fastpoke-pages.nix @@ -0,0 +1,103 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + imports = [ + ../../3modules/tv/nginx.nix + ../../3modules/lass/iptables.nix + ]; + + lass.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-p tcp --dport http"; target = "ACCEPT"; } + ]; + }; + }; + + #createStaticPage = domain: + # { + # irc.nginx.servers."${domain}" = { + # server-names = [ + # "${domain}" + # "www.${domain}" + # ]; + # locations = [ + # (nameValuePair "/" '' + # root /var/lib/http/${domain}; + # '') + # ]; + # }; + # networking.extraHosts = '' + # 10.243.206.102 ${domain} + # ''; + # }; + + #map createStaticPage [ + # "habsys.de" + # "pixelpocket.de" + # "karlaskop.de" + # "ubikmedia.de" + # "apanowicz.de" + # "aidsballs.de" + #]; + + tv.nginx = { + enable = true; + servers = { + + "habsys.de" = { + server-names = [ + "habsys.de" + "www.habsys.de" + ]; + locations = [ + (nameValuePair "/" '' + root /var/lib/http/habsys.de; + '') + ]; + }; + + "karlaskop.de" = { + server-names = [ + "karlaskop.de" + "www.karlaskop.de" + ]; + locations = [ + (nameValuePair "/" '' + root /var/lib/http/karlaskop.de; + '') + ]; + }; + + "pixelpocket.de" = { + server-names = [ + "pixelpocket.de" + "www.karlaskop.de" + ]; + locations = [ + (nameValuePair "/" '' + root /var/lib/http/karlaskop.de; + '') + ]; + }; + + }; + }; + + networking.extraHosts = '' + 10.243.206.102 habsys.de karlaskop.de pixelpocket.de ubikmedia.de apanowicz.de + 10.243.206.102 aidsballs.de + ''; + + #services.postgresql = { + # enable = true; + #}; + + #config.services.vsftpd = { + # enable = true; + # userlistEnable = true; + # userlistFile = pkgs.writeFile "vsftpd-userlist" '' + # ''; + #}; +} -- cgit v1.2.3 From 4f131c40c88ab131e07e294cd1ddfa19b2f26d26 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 13:14:32 +0200 Subject: 1 lass.cloudkrebs: add identity --- 1systems/lass/cloudkrebs.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix index 8b3e41584..57b191020 100644 --- a/1systems/lass/cloudkrebs.nix +++ b/1systems/lass/cloudkrebs.nix @@ -7,6 +7,10 @@ ../../2configs/lass/base.nix ../../2configs/lass/retiolum.nix ../../2configs/lass/fastpoke-pages.nix + ../../2configs/lass/identity.nix + { + tv.identity.self = config.tv.identity.hosts.cloudkrebs; + } { networking.interfaces.enp2s1.ip4 = [ { -- cgit v1.2.3 From 629f621918589d6e2efa70d360e4c8bad61f5c4d Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 13:15:38 +0200 Subject: 3 tv.identity: add cloudkrebs domains --- 3modules/tv/identity.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/3modules/tv/identity.nix b/3modules/tv/identity.nix index 584b27165..9a83908a6 100644 --- a/3modules/tv/identity.nix +++ b/3modules/tv/identity.nix @@ -55,6 +55,12 @@ let retiolum = "hosts"; de.viljetic = "regfish"; de.krebsco = "ovh"; + de.habsys = "hosts"; + de.pixelpocket = "hosts"; + de.karlaskop = "hosts"; + de.ubikmedia = "hosts"; + de.apanowicz = "hosts"; + de.aidsballs = "hosts"; }; # splitByProvider : [alias] -> set providername [alias] -- cgit v1.2.3 From e2cf12b59d7142ce292cc086d260c7b5539adf05 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Jul 2015 13:16:30 +0200 Subject: 2 lass.identity: add with cloudkrebs --- 2configs/lass/identity.nix | 48 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 2configs/lass/identity.nix diff --git a/2configs/lass/identity.nix b/2configs/lass/identity.nix new file mode 100644 index 000000000..bfaad14d2 --- /dev/null +++ b/2configs/lass/identity.nix @@ -0,0 +1,48 @@ +{ config, ... }: + +{ + imports = [ ../../3modules/tv/identity.nix ]; + tv.identity = { + enable = true; + search = "retiolum"; + hosts = { + cloudkrebs = { + cores = 1; + dc = "lass"; #dc = "cac"; + nets = rec { + internet = { + addrs4 = ["104.167.113.104"]; + aliases = [ + "cloudkrebs.internet" + ]; + }; + retiolum = { + via = internet; + addrs4 = ["10.243.206.102"]; + addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f762"]; + aliases = [ + "cloudkrebs.retiolum" + "cgit.cloudkrebs.retiolum" + "habsys.de" + "pixelpocket.de" + "karlaskop.de" + "ubikmedia.de" + "apanowicz.de" + "aidsballs.de" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAttUygCu7G6lIA9y+9rfTpLKIy2UgNDglUVoKZYLs8JPjtAtQVbtA + OcWwwPc8ijLQvwJWa8e/shqSzSIrtOe+HJbRGdXLdBLtOuLKpz+ZFHcS+95RS5aF + QTehg+QY7pvhbrrwKX936tkMR568suTQG6C8qNC/5jWYO/wIxFMhnQ2iRRKQOq1v + 3aGGPC16KeXKVioY9KoV98S3n1rZW1JK07CIsZU4qb5txtLlW6FplJ7UmhVku1WC + sgOOj9yi6Zk1t8R2Pwv9gxa3Hc270voj5U+I2hgLV/LjheE8yhQgYHEA4vXerPdO + TGSATlSmMtE2NYGrKsLM7pKn286aSpXinwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + }; + }; +} -- cgit v1.2.3 From 6476abd6ac7e000d0759569a1e2754acb2f518ca Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 24 Jul 2015 14:00:28 +0200 Subject: 2 lass.fastpoke-pages: use functions for static --- 2configs/lass/fastpoke-pages.nix | 121 ++++++++++++++++++++------------------- 1 file changed, 61 insertions(+), 60 deletions(-) diff --git a/2configs/lass/fastpoke-pages.nix b/2configs/lass/fastpoke-pages.nix index 2fd9a863a..4db4847f4 100644 --- a/2configs/lass/fastpoke-pages.nix +++ b/2configs/lass/fastpoke-pages.nix @@ -1,10 +1,37 @@ { config, lib, pkgs, ... }: with lib; -{ + +let + createStaticPage = domain: + { + tv.nginx.servers."${domain}" = { + server-names = [ + "${domain}" + "www.${domain}" + ]; + locations = [ + (nameValuePair "/" '' + root /var/lib/http/${domain}; + '') + ]; + }; + #networking.extraHosts = '' + # 10.243.206.102 ${domain} + #''; + }; + +in { imports = [ ../../3modules/tv/nginx.nix ../../3modules/lass/iptables.nix + ] ++ map createStaticPage [ + "habsys.de" + "pixelpocket.de" + "karlaskop.de" + "ubikmedia.de" + "apanowicz.de" + "aidsballs.de" ]; lass.iptables = { @@ -15,72 +42,46 @@ with lib; }; }; - #createStaticPage = domain: - # { - # irc.nginx.servers."${domain}" = { - # server-names = [ - # "${domain}" - # "www.${domain}" - # ]; - # locations = [ - # (nameValuePair "/" '' - # root /var/lib/http/${domain}; - # '') - # ]; - # }; - # networking.extraHosts = '' - # 10.243.206.102 ${domain} - # ''; - # }; - - #map createStaticPage [ - # "habsys.de" - # "pixelpocket.de" - # "karlaskop.de" - # "ubikmedia.de" - # "apanowicz.de" - # "aidsballs.de" - #]; tv.nginx = { enable = true; servers = { - "habsys.de" = { - server-names = [ - "habsys.de" - "www.habsys.de" - ]; - locations = [ - (nameValuePair "/" '' - root /var/lib/http/habsys.de; - '') - ]; - }; + #"habsys.de" = { + # server-names = [ + # "habsys.de" + # "www.habsys.de" + # ]; + # locations = [ + # (nameValuePair "/" '' + # root /var/lib/http/habsys.de; + # '') + # ]; + #}; - "karlaskop.de" = { - server-names = [ - "karlaskop.de" - "www.karlaskop.de" - ]; - locations = [ - (nameValuePair "/" '' - root /var/lib/http/karlaskop.de; - '') - ]; - }; + #"karlaskop.de" = { + # server-names = [ + # "karlaskop.de" + # "www.karlaskop.de" + # ]; + # locations = [ + # (nameValuePair "/" '' + # root /var/lib/http/karlaskop.de; + # '') + # ]; + #}; - "pixelpocket.de" = { - server-names = [ - "pixelpocket.de" - "www.karlaskop.de" - ]; - locations = [ - (nameValuePair "/" '' - root /var/lib/http/karlaskop.de; - '') - ]; - }; + #"pixelpocket.de" = { + # server-names = [ + # "pixelpocket.de" + # "www.karlaskop.de" + # ]; + # locations = [ + # (nameValuePair "/" '' + # root /var/lib/http/karlaskop.de; + # '') + # ]; + #}; }; }; -- cgit v1.2.3 From f392909ea3ce9585e5ecc533af772602559d2c3e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 13:54:29 +0200 Subject: 1 lass: get identity from krebs --- 1systems/lass/cloudkrebs.nix | 12 ++---------- 1systems/lass/mors.nix | 9 +++------ 1systems/lass/uriel.nix | 9 +++------ 3 files changed, 8 insertions(+), 22 deletions(-) diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix index 57b191020..ba32ae579 100644 --- a/1systems/lass/cloudkrebs.nix +++ b/1systems/lass/cloudkrebs.nix @@ -7,10 +7,6 @@ ../../2configs/lass/base.nix ../../2configs/lass/retiolum.nix ../../2configs/lass/fastpoke-pages.nix - ../../2configs/lass/identity.nix - { - tv.identity.self = config.tv.identity.hosts.cloudkrebs; - } { networking.interfaces.enp2s1.ip4 = [ { @@ -24,14 +20,10 @@ ]; } - { - imports = [ ../../3modules/tv/identity.nix ]; - tv.identity = { - enable = true; - }; - } ]; + krebs.enable = true; + krebs.build.host = config.krebs.hosts.cloudkrebs; networking.hostName = "cloudkrebs"; } diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix index 300738089..882cb9ff1 100644 --- a/1systems/lass/mors.nix +++ b/1systems/lass/mors.nix @@ -20,14 +20,11 @@ ../../2configs/lass/git-repos.nix ../../2configs/tv/synaptics.nix ../../2configs/lass/retiolum.nix - { - imports = [ ../../3modules/tv/identity.nix ]; - tv.identity = { - enable = true; - }; - } ]; + krebs.enable = true; + krebs.build.host = config.krebs.hosts.mors; + networking.hostName = "mors"; networking.wireless.enable = true; diff --git a/1systems/lass/uriel.nix b/1systems/lass/uriel.nix index a6f5a82d6..d8858b4f6 100644 --- a/1systems/lass/uriel.nix +++ b/1systems/lass/uriel.nix @@ -12,12 +12,6 @@ with builtins; ../../2configs/lass/git-repos.nix ../../2configs/lass/chromium-patched.nix ../../2configs/lass/retiolum.nix - { - imports = [ ../../3modules/tv/identity.nix ]; - tv.identity = { - enable = true; - }; - } { users.extraUsers = { root = { @@ -29,7 +23,10 @@ with builtins; } ]; + krebs.enable = true; + krebs.build.host = config.krebs.hosts.uriel; networking.hostName = "uriel"; + networking.wireless.enable = true; nix.maxJobs = 2; -- cgit v1.2.3 From 5daf0be71967de2d2ef9d9902d9132cee6e68d83 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 13:55:16 +0200 Subject: 2 lass.fastpoke-pages: tv.nginx -> krebs.nginx --- 2configs/lass/fastpoke-pages.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/2configs/lass/fastpoke-pages.nix b/2configs/lass/fastpoke-pages.nix index 4db4847f4..3d6fcf2e1 100644 --- a/2configs/lass/fastpoke-pages.nix +++ b/2configs/lass/fastpoke-pages.nix @@ -5,7 +5,7 @@ with lib; let createStaticPage = domain: { - tv.nginx.servers."${domain}" = { + krebs.nginx.servers."${domain}" = { server-names = [ "${domain}" "www.${domain}" @@ -23,7 +23,6 @@ let in { imports = [ - ../../3modules/tv/nginx.nix ../../3modules/lass/iptables.nix ] ++ map createStaticPage [ "habsys.de" @@ -43,7 +42,7 @@ in { }; - tv.nginx = { + krebs.nginx = { enable = true; servers = { -- cgit v1.2.3 From cee80c3a67ba9d097733e9c42fa740729803f393 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 13:56:46 +0200 Subject: 2 lass.retiolum: tv.retiolum -> krebs.retiolum --- 2configs/lass/retiolum.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/2configs/lass/retiolum.nix b/2configs/lass/retiolum.nix index d1389ad2a..767a1ce83 100644 --- a/2configs/lass/retiolum.nix +++ b/2configs/lass/retiolum.nix @@ -3,7 +3,6 @@ { imports = [ ../../3modules/lass/iptables.nix - ../../3modules/tv/retiolum.nix ../../2configs/tv/exim-retiolum.nix ]; @@ -17,7 +16,7 @@ }; }; - tv.retiolum = { + krebs.retiolum = { enable = true; hosts = ../../Zhosts; connectTo = [ -- cgit v1.2.3 From 611ae1101e303c860624c39a62c745420a37cd18 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 13:57:46 +0200 Subject: 1 lass: use new-repos.nix --- 1systems/lass/cloudkrebs.nix | 1 + 1systems/lass/mors.nix | 2 +- 1systems/lass/uriel.nix | 2 +- 2configs/lass/new-repos.nix | 77 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 80 insertions(+), 2 deletions(-) create mode 100644 2configs/lass/new-repos.nix diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix index ba32ae579..2c755d8cb 100644 --- a/1systems/lass/cloudkrebs.nix +++ b/1systems/lass/cloudkrebs.nix @@ -7,6 +7,7 @@ ../../2configs/lass/base.nix ../../2configs/lass/retiolum.nix ../../2configs/lass/fastpoke-pages.nix + ../../2configs/lass/new-repos.nix { networking.interfaces.enp2s1.ip4 = [ { diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix index 882cb9ff1..ee2184afd 100644 --- a/1systems/lass/mors.nix +++ b/1systems/lass/mors.nix @@ -17,7 +17,7 @@ ../../2configs/lass/binary-caches.nix ../../2configs/lass/ircd.nix ../../2configs/lass/chromium-patched.nix - ../../2configs/lass/git-repos.nix + ../../2configs/lass/new-repos.nix ../../2configs/tv/synaptics.nix ../../2configs/lass/retiolum.nix ]; diff --git a/1systems/lass/uriel.nix b/1systems/lass/uriel.nix index d8858b4f6..4fe8cf21a 100644 --- a/1systems/lass/uriel.nix +++ b/1systems/lass/uriel.nix @@ -9,7 +9,7 @@ with builtins; ../../2configs/lass/pass.nix ../../2configs/lass/urxvt.nix ../../2configs/lass/bird.nix - ../../2configs/lass/git-repos.nix + ../../2configs/lass/new-repos.nix ../../2configs/lass/chromium-patched.nix ../../2configs/lass/retiolum.nix { diff --git a/2configs/lass/new-repos.nix b/2configs/lass/new-repos.nix new file mode 100644 index 000000000..2c73f9509 --- /dev/null +++ b/2configs/lass/new-repos.nix @@ -0,0 +1,77 @@ +{ config, lib, pkgs, ... }: + +with import ../../4lib/tv { inherit lib pkgs; }; +let + + out = { + krebs.git = { + enable = true; + root-title = "public repositories at ${config.krebs.build.host.name}"; + root-desc = "keep calm and engage"; + inherit repos rules; + }; + }; + + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) ( + public-repos // + optionalAttrs config.krebs.build.host.secure restricted-repos + ); + + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo { + painload = {}; + stockholm = { + desc = "take all the computers hostage, they'll love you!"; + }; + wai-middleware-time = {}; + web-routes-wai-custom = {}; + }; + + restricted-repos = mapAttrs make-restricted-repo ( + { + brain = { + collaborators = with config.krebs.users; [ tv makefu ]; + }; + } // + import /root/src/secrets/repos.nix { inherit config lib pkgs; } + ); + + make-public-repo = name: { desc ? null, ... }: { + inherit name desc; + public = true; + hooks = { + post-receive = git.irc-announce { + # TODO make nick = config.krebs.build.host.name the default + nick = config.krebs.build.host.name; + channel = "#retiolum"; + server = "cd.retiolum"; + }; + }; + }; + + make-restricted-repo = name: { desc ? null, ... }: { + inherit name desc; + public = false; + }; + + make-rules = + with git // config.krebs.users; + repo: + singleton { + user = lass; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = [ tv makefu uriel ]; + repo = [ repo ]; + perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; + }; + +in out -- cgit v1.2.3 From e621099022e7ae136c0342a401c75c70f32a0d69 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 13:59:00 +0200 Subject: 3 krebs: add lass's hosts domain --- 3modules/krebs/default.nix | 91 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix index 33c108811..5251f97ca 100644 --- a/3modules/krebs/default.nix +++ b/3modules/krebs/default.nix @@ -66,6 +66,11 @@ let retiolum = "hosts"; de.viljetic = "regfish"; de.krebsco = "ovh"; + de.habsys = "hosts"; + de.pixelpocket = "hosts"; + de.karlaskop = "hosts"; + de.ubikmedia = "hosts"; + de.apanowicz = "hosts"; }; # splitByProvider : [alias] -> listset providername alias @@ -93,6 +98,92 @@ let lass-imp = { hosts = addNames { + cloudkrebs = { + cores = 1; + dc = "lass"; #dc = "cac"; + nets = rec { + internet = { + addrs4 = ["104.167.113.104"]; + aliases = [ + "cloudkrebs.internet" + ]; + }; + retiolum = { + via = internet; + addrs4 = ["10.243.206.102"]; + addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f762"]; + aliases = [ + "cloudkrebs.retiolum" + "cgit.cloudkrebs.retiolum" + "habsys.de" + "pixelpocket.de" + "karlaskop.de" + "ubikmedia.de" + "apanowicz.de" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAttUygCu7G6lIA9y+9rfTpLKIy2UgNDglUVoKZYLs8JPjtAtQVbtA + OcWwwPc8ijLQvwJWa8e/shqSzSIrtOe+HJbRGdXLdBLtOuLKpz+ZFHcS+95RS5aF + QTehg+QY7pvhbrrwKX936tkMR568suTQG6C8qNC/5jWYO/wIxFMhnQ2iRRKQOq1v + 3aGGPC16KeXKVioY9KoV98S3n1rZW1JK07CIsZU4qb5txtLlW6FplJ7UmhVku1WC + sgOOj9yi6Zk1t8R2Pwv9gxa3Hc270voj5U+I2hgLV/LjheE8yhQgYHEA4vXerPdO + TGSATlSmMtE2NYGrKsLM7pKn286aSpXinwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + uriel = { + cores = 1; + dc = "lass"; + nets = rec { + retiolum = { + addrs4 = ["10.243.81.176"]; + addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"]; + aliases = [ + "uriel.retiolum" + "cgit.uriel.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAzw0pvoEmqeqiZrzSOPH0IT99gr1rrvMZbvabXoU4MAiVgGoGrkmR + duJkk8Fj12ftMc+Of1gnwDkFhRcfAKOeH1RSc4CTircWVq99WyecTwEZoaR/goQb + MND022kIBoG6NQNxv1Y5I1B/h7hfloMFEPym9oFtOAXoGhBY2vVl4g64NNz+RLME + m1RipLXKANAh6LRNPGPQCUYX4TVY2ZJVxM3CM1XdomUAdOYXJmWFyUg9NcIKaacx + uRrmuy7J9yFBcihZX5Y7NV361kINrpRmZYxJRf9cr0hb5EkJJ7bMIKQMEFQ5RnYo + u7MPGKD7aNHa6hLLCeIfJ5u0igVmSLh3pwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + mors = { + cores = 2; + dc = "lass"; + nets = rec { + retiolum = { + addrs4 = ["10.243.0.2"]; + addrs6 = ["42:0:0:0:0:0:0:dea7"]; + aliases = [ + "mors.retiolum" + "cgit.mors.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAsj1PCibKOfF68gmFQ+wwyfhUWpqKqpznrJX1dZ+daae7l7nBHvsE + H0QwkiMmk3aZy1beq3quM6gX13aT+/wMfWnLyuvT11T5C9JEf/IS91STpM2BRN+R + +P/DhbuDcW4UsdEe6uwQDGEJbXRN5ZA7GI0bmcYcwHJ9SQmW5v7P9Z3oZ+09hMD+ + 1cZ3HkPN7weSdMLMPpUpmzCsI92cXGW0xRC4iBEt1ZeBwjkLCRsBFBGcUMuKWwVa + 9sovca0q3DUar+kikEKVrVy26rZUlGuBLobMetDGioSawWkRSxVlfZvTHjAK5JzU + O6y6hj0yQ1sp6W2JjU8ntDHf63aM71dB9QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + }; + }; users = addNames { lass = { -- cgit v1.2.3 From 8d2cb8cfcf6b7a087163eb879471ec74b902379c Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 13:59:22 +0200 Subject: 1 lass.mors: open tcp 8000 --- 1systems/lass/mors.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix index ee2184afd..e854dd525 100644 --- a/1systems/lass/mors.nix +++ b/1systems/lass/mors.nix @@ -186,4 +186,12 @@ services.mongodb = { enable = true; }; + + lass.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; } + ]; + }; + }; } -- cgit v1.2.3 From da925fd8223b5e7e066d78759faf89df8ddd2e9d Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 13:59:47 +0200 Subject: 2 lass.fastpoke-pages: dont write /etc/hosts --- 2configs/lass/fastpoke-pages.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/2configs/lass/fastpoke-pages.nix b/2configs/lass/fastpoke-pages.nix index 3d6fcf2e1..74e92ccc3 100644 --- a/2configs/lass/fastpoke-pages.nix +++ b/2configs/lass/fastpoke-pages.nix @@ -30,7 +30,6 @@ in { "karlaskop.de" "ubikmedia.de" "apanowicz.de" - "aidsballs.de" ]; lass.iptables = { @@ -85,11 +84,6 @@ in { }; }; - networking.extraHosts = '' - 10.243.206.102 habsys.de karlaskop.de pixelpocket.de ubikmedia.de apanowicz.de - 10.243.206.102 aidsballs.de - ''; - #services.postgresql = { # enable = true; #}; -- cgit v1.2.3 From f2fd8a6ec978d73df9df1bf280dc2173e7039e05 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 14:00:37 +0200 Subject: 2 lass.git-repos: delete --- 2configs/lass/git-repos.nix | 140 -------------------------------------------- 1 file changed, 140 deletions(-) delete mode 100644 2configs/lass/git-repos.nix diff --git a/2configs/lass/git-repos.nix b/2configs/lass/git-repos.nix deleted file mode 100644 index b4f446aef..000000000 --- a/2configs/lass/git-repos.nix +++ /dev/null @@ -1,140 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (builtins) map readFile; - inherit (lib) concatMap listToAttrs; - # TODO lib should already include our stuff - inherit (import ../../4lib/tv { inherit lib pkgs; }) addNames git; - - x-repos = [ - (krebs-private "brain") - - (public "painload") - (public "shitment") - (public "wai-middleware-time") - (public "web-routes-wai-custom") - - (secret "pass") - - (tv-lass "emse-drywall") - (tv-lass "emse-hsdb") - ]; - - users = addNames { - tv = { pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub; }; - lass = { pubkey = readFile ../../Zpubkeys/lass.ssh.pub; }; - uriel = { pubkey = readFile ../../Zpubkeys/uriel.ssh.pub; }; - makefu = { pubkey = readFile ../../Zpubkeys/makefu.ssh.pub; }; - }; - - repos = listToAttrs (map ({ repo, ... }: { name = repo.name; value = repo; }) x-repos); - - rules = concatMap ({ rules, ... }: rules) x-repos; - - krebs-private = repo-name: - rec { - repo = { - name = repo-name; - hooks = { - post-receive = git.irc-announce { - nick = config.networking.hostName; # TODO make this the default - channel = "#retiolum"; - server = "cd.retiolum"; - }; - }; - }; - rules = with git; with users; [ - { user = lass; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } - { user = [ tv makefu uriel ]; - repo = [ repo ]; - perm = fetch; - } - ]; - }; - - public = repo-name: - rec { - repo = { - name = repo-name; - hooks = { - post-receive = git.irc-announce { - nick = config.networking.hostName; # TODO make this the default - channel = "#retiolum"; - server = "cd.retiolum"; - }; - }; - public = true; - }; - rules = with git; with users; [ - { user = lass; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } - { user = [ tv makefu uriel ]; - repo = [ repo ]; - perm = fetch; - } - ]; - }; - - secret = repo-name: - rec { - repo = { - name = repo-name; - hooks = {}; - }; - rules = with git; with users; [ - { user = lass; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } - { user = [ uriel ]; - repo = [ repo ]; - perm = fetch; - } - ]; - }; - - tv-lass = repo-name: - rec { - repo = { - name = repo-name; - hooks = {}; - }; - rules = with git; with users; [ - { user = lass; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } - { user = [ tv ]; - repo = [ repo ]; - perm = fetch; - } - ]; - }; - -in - -{ - imports = [ - ../../3modules/tv/git.nix - ../../3modules/lass/iptables.nix - ]; - - tv.git = { - enable = true; - inherit repos rules users; - }; - - lass.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - }; - -} -- cgit v1.2.3 From 0be43cc3df3e02ad51642a97496b32e897c5dd00 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 14:01:00 +0200 Subject: 3 lass: init default.nix --- 3modules/lass/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 3modules/lass/default.nix diff --git a/3modules/lass/default.nix b/3modules/lass/default.nix new file mode 100644 index 000000000..d4e231ec7 --- /dev/null +++ b/3modules/lass/default.nix @@ -0,0 +1,8 @@ +_: + +{ + imports = [ + ./xresources.nix + ./iptables.nix + ]; +} -- cgit v1.2.3 From a141fa1e0c7ed11510d3a1006576b05ce4e280cb Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 27 Jul 2015 17:03:20 +0200 Subject: lass: move krebs config to base --- 1systems/lass/mors.nix | 1 - 2configs/lass/base.nix | 5 +++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix index e854dd525..8cda1eac3 100644 --- a/1systems/lass/mors.nix +++ b/1systems/lass/mors.nix @@ -22,7 +22,6 @@ ../../2configs/lass/retiolum.nix ]; - krebs.enable = true; krebs.build.host = config.krebs.hosts.mors; networking.hostName = "mors"; diff --git a/2configs/lass/base.nix b/2configs/lass/base.nix index 494cafa95..8d4a9c896 100644 --- a/2configs/lass/base.nix +++ b/2configs/lass/base.nix @@ -36,6 +36,11 @@ with lib; } ]; + krebs = { + enable = true; + search-domain = "retiolum"; + }; + nix.useChroot = true; users.mutableUsers = false; -- cgit v1.2.3 From 6167afb8b5f5e06a51745b71a47b6b0339aa0e99 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 27 Jul 2015 16:26:50 +0200 Subject: krebs.build.script: update system profile --- 3modules/krebs/default.nix | 100 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix index 5251f97ca..c71b70ab4 100644 --- a/3modules/krebs/default.nix +++ b/3modules/krebs/default.nix @@ -22,6 +22,106 @@ let build = mkOption { type = types.submodule { options = { + target = mkOption { + type = with types; nullOr str; + default = null; + }; + deps = mkOption { + type = with types; attrsOf (submodule { + options = { + url = mkOption { + type = str; + }; + rev = mkOption { + type = nullOr str; + default = null; + }; + }; + }); + default = {}; + }; + script = mkOption { + type = types.str; + default = '' + #! /bin/sh + set -efux + + target=${escapeShellArg cfg.build.target} + + push(){( + src=$1/ + dst=$target:$2 + rsync \ + --exclude .git \ + --exclude .graveyard \ + --exclude old \ + --rsync-path="mkdir -p \"$dst\" && rsync" \ + --usermap=\*:0 \ + --groupmap=\*:0 \ + --delete-excluded \ + -vrLptgoD \ + "$src" "$dst" + )} + + ${concatStrings (mapAttrsToList (name: { url, rev, ... }: + optionalString (rev == null) '' + push ${toString (map escapeShellArg [ + "${url}" + "/root/src/${name}" + ])} + '') config.deps)} + + exec ssh -S none "$target" /bin/sh <<\EOF + set -efux + fetch(){( + url=$1 + rev=$2 + dst=$3 + mkdir -p "$dst" + cd "$dst" + if ! test -e .git; then + git init + fi + if ! cur_url=$(git config remote.origin.url 2>/dev/null); then + git remote add origin "$url" + elif test "$cur_url" != "$url"; then + git remote set-url origin "$url" + fi + if test "$(git rev-parse --verify HEAD 2>/dev/null)" != "$rev"; then + git fetch origin + git checkout "$rev" -- . + git checkout -q "$rev" + git submodule init + git submodule update + fi + git clean -dxf + )} + + ${concatStrings (mapAttrsToList (name: { url, rev, ... }: + optionalString (rev != null) '' + fetch ${toString (map escapeShellArg [ + url + rev + "/root/src/${name}" + ])} + '') config.deps)} + + echo build system... + profile=/nix/var/nix/profiles/system + NIX_PATH=/root/src \ + nix-env \ + -Q \ + -p "$profile" \ + -f '' \ + --set \ + -A system \ + --argstr user-name ${escapeShellArg cfg.build.user.name} \ + --argstr system-name ${escapeShellArg cfg.build.host.name} + + exec "$profile"/bin/switch-to-configuration switch + EOF + ''; + }; host = mkOption { type = types.host; }; -- cgit v1.2.3 From ac64527c5707cca5fc6e6e6ecf3957129cdb32b2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Jul 2015 20:28:21 +0200 Subject: lass: port everything to stockholm --- 1systems/lass/cloudkrebs.nix | 30 ------ 1systems/lass/mors.nix | 196 ---------------------------------- 1systems/lass/uriel.nix | 166 ----------------------------- 2configs/lass/base.nix | 143 ------------------------- 2configs/lass/binary-caches.nix | 13 --- 2configs/lass/bird.nix | 13 --- 2configs/lass/bitcoin.nix | 17 --- 2configs/lass/browsers.nix | 67 ------------ 2configs/lass/chromium-patched.nix | 48 --------- 2configs/lass/desktop-base.nix | 63 ----------- 2configs/lass/elster.nix | 20 ---- 2configs/lass/fastpoke-pages.nix | 97 ----------------- 2configs/lass/games.nix | 25 ----- 2configs/lass/gitolite-base.nix | 173 ------------------------------ 2configs/lass/identity.nix | 48 --------- 2configs/lass/ircd.nix | 92 ---------------- 2configs/lass/mors/repos.nix | 87 --------------- 2configs/lass/mors/retiolum.nix | 21 ---- 2configs/lass/new-repos.nix | 77 -------------- 2configs/lass/pass.nix | 10 -- 2configs/lass/programs.nix | 24 ----- 2configs/lass/retiolum.nix | 28 ----- 2configs/lass/sshkeys.nix | 11 -- 2configs/lass/steam.nix | 30 ------ 2configs/lass/texlive.nix | 7 -- 2configs/lass/urxvt.nix | 40 ------- 2configs/lass/vim.nix | 118 --------------------- 2configs/lass/virtualbox.nix | 22 ---- 2configs/lass/wine.nix | 23 ---- 3modules/lass/default.nix | 8 -- 3modules/lass/iptables.nix | 187 -------------------------------- 3modules/lass/sshkeys.nix | 26 ----- 3modules/lass/urxvtd.nix | 55 ---------- 3modules/lass/xresources.nix | 57 ---------- lass/1systems/cloudkrebs.nix | 45 ++++++++ lass/1systems/mors.nix | 211 +++++++++++++++++++++++++++++++++++++ lass/1systems/uriel.nix | 181 +++++++++++++++++++++++++++++++ lass/2configs/base.nix | 143 +++++++++++++++++++++++++ lass/2configs/binary-caches.nix | 13 +++ lass/2configs/bird.nix | 13 +++ lass/2configs/bitcoin.nix | 17 +++ lass/2configs/browsers.nix | 67 ++++++++++++ lass/2configs/chromium-patched.nix | 48 +++++++++ lass/2configs/desktop-base.nix | 63 +++++++++++ lass/2configs/elster.nix | 20 ++++ lass/2configs/fastpoke-pages.nix | 97 +++++++++++++++++ lass/2configs/games.nix | 25 +++++ lass/2configs/gitolite-base.nix | 173 ++++++++++++++++++++++++++++++ lass/2configs/identity.nix | 48 +++++++++ lass/2configs/ircd.nix | 92 ++++++++++++++++ lass/2configs/mors/repos.nix | 87 +++++++++++++++ lass/2configs/mors/retiolum.nix | 21 ++++ lass/2configs/new-repos.nix | 77 ++++++++++++++ lass/2configs/pass.nix | 10 ++ lass/2configs/programs.nix | 24 +++++ lass/2configs/retiolum.nix | 28 +++++ lass/2configs/sshkeys.nix | 11 ++ lass/2configs/steam.nix | 30 ++++++ lass/2configs/texlive.nix | 7 ++ lass/2configs/urxvt.nix | 40 +++++++ lass/2configs/vim.nix | 118 +++++++++++++++++++++ lass/2configs/virtualbox.nix | 22 ++++ lass/2configs/wine.nix | 23 ++++ lass/3modules/default.nix | 8 ++ lass/3modules/iptables.nix | 187 ++++++++++++++++++++++++++++++++ lass/3modules/sshkeys.nix | 26 +++++ lass/3modules/urxvtd.nix | 55 ++++++++++ lass/3modules/xresources.nix | 57 ++++++++++ 68 files changed, 2087 insertions(+), 2042 deletions(-) delete mode 100644 1systems/lass/cloudkrebs.nix delete mode 100644 1systems/lass/mors.nix delete mode 100644 1systems/lass/uriel.nix delete mode 100644 2configs/lass/base.nix delete mode 100644 2configs/lass/binary-caches.nix delete mode 100644 2configs/lass/bird.nix delete mode 100644 2configs/lass/bitcoin.nix delete mode 100644 2configs/lass/browsers.nix delete mode 100644 2configs/lass/chromium-patched.nix delete mode 100644 2configs/lass/desktop-base.nix delete mode 100644 2configs/lass/elster.nix delete mode 100644 2configs/lass/fastpoke-pages.nix delete mode 100644 2configs/lass/games.nix delete mode 100644 2configs/lass/gitolite-base.nix delete mode 100644 2configs/lass/identity.nix delete mode 100644 2configs/lass/ircd.nix delete mode 100644 2configs/lass/mors/repos.nix delete mode 100644 2configs/lass/mors/retiolum.nix delete mode 100644 2configs/lass/new-repos.nix delete mode 100644 2configs/lass/pass.nix delete mode 100644 2configs/lass/programs.nix delete mode 100644 2configs/lass/retiolum.nix delete mode 100644 2configs/lass/sshkeys.nix delete mode 100644 2configs/lass/steam.nix delete mode 100644 2configs/lass/texlive.nix delete mode 100644 2configs/lass/urxvt.nix delete mode 100644 2configs/lass/vim.nix delete mode 100644 2configs/lass/virtualbox.nix delete mode 100644 2configs/lass/wine.nix delete mode 100644 3modules/lass/default.nix delete mode 100644 3modules/lass/iptables.nix delete mode 100644 3modules/lass/sshkeys.nix delete mode 100644 3modules/lass/urxvtd.nix delete mode 100644 3modules/lass/xresources.nix create mode 100644 lass/1systems/cloudkrebs.nix create mode 100644 lass/1systems/mors.nix create mode 100644 lass/1systems/uriel.nix create mode 100644 lass/2configs/base.nix create mode 100644 lass/2configs/binary-caches.nix create mode 100644 lass/2configs/bird.nix create mode 100644 lass/2configs/bitcoin.nix create mode 100644 lass/2configs/browsers.nix create mode 100644 lass/2configs/chromium-patched.nix create mode 100644 lass/2configs/desktop-base.nix create mode 100644 lass/2configs/elster.nix create mode 100644 lass/2configs/fastpoke-pages.nix create mode 100644 lass/2configs/games.nix create mode 100644 lass/2configs/gitolite-base.nix create mode 100644 lass/2configs/identity.nix create mode 100644 lass/2configs/ircd.nix create mode 100644 lass/2configs/mors/repos.nix create mode 100644 lass/2configs/mors/retiolum.nix create mode 100644 lass/2configs/new-repos.nix create mode 100644 lass/2configs/pass.nix create mode 100644 lass/2configs/programs.nix create mode 100644 lass/2configs/retiolum.nix create mode 100644 lass/2configs/sshkeys.nix create mode 100644 lass/2configs/steam.nix create mode 100644 lass/2configs/texlive.nix create mode 100644 lass/2configs/urxvt.nix create mode 100644 lass/2configs/vim.nix create mode 100644 lass/2configs/virtualbox.nix create mode 100644 lass/2configs/wine.nix create mode 100644 lass/3modules/default.nix create mode 100644 lass/3modules/iptables.nix create mode 100644 lass/3modules/sshkeys.nix create mode 100644 lass/3modules/urxvtd.nix create mode 100644 lass/3modules/xresources.nix diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix deleted file mode 100644 index 2c755d8cb..000000000 --- a/1systems/lass/cloudkrebs.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ../../2configs/tv/CAC-Developer-2.nix - ../../2configs/tv/CAC-CentOS-7-64bit.nix - ../../2configs/lass/base.nix - ../../2configs/lass/retiolum.nix - ../../2configs/lass/fastpoke-pages.nix - ../../2configs/lass/new-repos.nix - { - networking.interfaces.enp2s1.ip4 = [ - { - address = "104.167.113.104"; - prefixLength = 24; - } - ]; - networking.defaultGateway = "104.167.113.1"; - networking.nameservers = [ - "8.8.8.8" - ]; - - } - ]; - - krebs.enable = true; - krebs.build.host = config.krebs.hosts.cloudkrebs; - networking.hostName = "cloudkrebs"; - -} diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix deleted file mode 100644 index 8cda1eac3..000000000 --- a/1systems/lass/mors.nix +++ /dev/null @@ -1,196 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ../../2configs/lass/desktop-base.nix - ../../2configs/lass/programs.nix - ../../2configs/lass/bitcoin.nix - ../../2configs/lass/browsers.nix - ../../2configs/lass/games.nix - ../../2configs/lass/pass.nix - ../../2configs/lass/virtualbox.nix - ../../2configs/lass/elster.nix - ../../2configs/lass/urxvt.nix - ../../2configs/lass/steam.nix - ../../2configs/lass/wine.nix - ../../2configs/lass/texlive.nix - ../../2configs/lass/binary-caches.nix - ../../2configs/lass/ircd.nix - ../../2configs/lass/chromium-patched.nix - ../../2configs/lass/new-repos.nix - ../../2configs/tv/synaptics.nix - ../../2configs/lass/retiolum.nix - ]; - - krebs.build.host = config.krebs.hosts.mors; - - networking.hostName = "mors"; - networking.wireless.enable = true; - - networking.extraHosts = '' - ''; - - nix.maxJobs = 4; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - boot = { - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = "/dev/sda"; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; - }; - fileSystems = { - "/" = { - device = "/dev/big/nix"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/sda1"; - }; - - "/mnt/loot" = { - device = "/dev/big/loot"; - fsType = "ext4"; - }; - - "/home" = { - device = "/dev/big/home"; - fsType = "ext4"; - }; - - "/home/lass" = { - device = "/dev/big/home-lass"; - fsType = "ext4"; - }; - - "/mnt/backups" = { - device = "/dev/big/backups"; - fsType = "ext4"; - }; - - "/home/games/.local/share/Steam" = { - device = "/dev/big/steam"; - fsType = "ext4"; - }; - - "/home/virtual/virtual" = { - device = "/dev/big/virtual"; - fsType = "ext4"; - }; - - "/mnt/public" = { - device = "/dev/big/public"; - fsType = "ext4"; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" - ''; - - #TODO activationScripts seem broken, fix them! - #activationScripts - #split up and move into base - system.activationScripts.powertopTunables = '' - #Enable Audio codec power management - echo '1' > '/sys/module/snd_hda_intel/parameters/power_save' - #VM writeback timeout - echo '1500' > '/proc/sys/vm/dirty_writeback_centisecs' - #Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp] - echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control' - #Autosuspend for USB device Biometric Coprocessor - echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control' - - #Runtime PMs - echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:16.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:03:00.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:0d:00.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:16.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control' - ''; - - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - #system.activationScripts.trackpoint = '' - # echo 0 > '/sys/devices/platform/i8042/serio1/serio2/speed' - # echo 220 > '/sys/devices/platform/i8042/serio1/serio2/sensitivity' - #''; - - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; - - environment.systemPackages = with pkgs; [ - ]; - - #TODO: fix this shit - ##fprint stuff - ##sudo fprintd-enroll $USER to save fingerprints - #services.fprintd.enable = true; - #security.pam.services.sudo.fprintAuth = true; - - users.extraGroups = { - loot = { - members = [ - config.users.extraUsers.mainUser.name - "firefox" - "chromium" - "google" - "virtual" - ]; - }; - }; - - networking.firewall = { - allowPing = true; - allowedTCPPorts = [ - 8000 - ]; - allowedUDPPorts = [ - 67 - ]; - }; - - services.mongodb = { - enable = true; - }; - - lass.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; } - ]; - }; - }; -} diff --git a/1systems/lass/uriel.nix b/1systems/lass/uriel.nix deleted file mode 100644 index 4fe8cf21a..000000000 --- a/1systems/lass/uriel.nix +++ /dev/null @@ -1,166 +0,0 @@ -{ config, pkgs, ... }: - -with builtins; -{ - imports = [ - ../../2configs/lass/desktop-base.nix - ../../2configs/lass/browsers.nix - ../../2configs/lass/games.nix - ../../2configs/lass/pass.nix - ../../2configs/lass/urxvt.nix - ../../2configs/lass/bird.nix - ../../2configs/lass/new-repos.nix - ../../2configs/lass/chromium-patched.nix - ../../2configs/lass/retiolum.nix - { - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = map readFile [ - ../../Zpubkeys/uriel.ssh.pub - ]; - }; - }; - } - ]; - - krebs.enable = true; - krebs.build.host = config.krebs.hosts.uriel; - networking.hostName = "uriel"; - - networking.wireless.enable = true; - nix.maxJobs = 2; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - boot = { - #kernelParams = [ - # "acpi.brightness_switch_enabled=0" - #]; - #loader.grub.enable = true; - #loader.grub.version = 2; - #loader.grub.device = "/dev/sda"; - - loader.gummiboot.enable = true; - loader.gummiboot.ti