From 58380c82848c3db0bd6c3d74904153f3464c2098 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 14 Jul 2017 00:17:58 +0200 Subject: merge shared into krebs --- shared/2configs/central-stats-client.nix | 68 -------- shared/2configs/cgit-mirror.nix | 45 ------ shared/2configs/collectd-base.nix | 41 ----- shared/2configs/default.nix | 52 ------ shared/2configs/graphite.nix | 93 ----------- .../2configs/os-templates/CAC-CentOS-6.5-64bit.nix | 47 ------ .../2configs/os-templates/CAC-CentOS-7-64bit.nix | 47 ------ shared/2configs/repo-sync.nix | 31 ---- shared/2configs/save-diskspace.nix | 11 -- shared/2configs/shack/bincache.nix | 6 - shared/2configs/shack/drivedroid.nix | 49 ------ shared/2configs/shack/mqtt_sub.nix | 34 ---- shared/2configs/shack/muell_caller.nix | 41 ----- shared/2configs/shack/nix-cacher.nix | 31 ---- shared/2configs/shack/radioactive.nix | 35 ---- shared/2configs/shack/share.nix | 38 ----- shared/2configs/shack/worlddomination.nix | 67 -------- shared/2configs/shared-buildbot.nix | 178 --------------------- shared/2configs/temp/dirs.nix | 1 - shared/2configs/temp/networking.nix | 1 - 20 files changed, 916 deletions(-) delete mode 100644 shared/2configs/central-stats-client.nix delete mode 100644 shared/2configs/cgit-mirror.nix delete mode 100644 shared/2configs/collectd-base.nix delete mode 100644 shared/2configs/default.nix delete mode 100644 shared/2configs/graphite.nix delete mode 100644 shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix delete mode 100644 shared/2configs/os-templates/CAC-CentOS-7-64bit.nix delete mode 100644 shared/2configs/repo-sync.nix delete mode 100644 shared/2configs/save-diskspace.nix delete mode 100644 shared/2configs/shack/bincache.nix delete mode 100644 shared/2configs/shack/drivedroid.nix delete mode 100644 shared/2configs/shack/mqtt_sub.nix delete mode 100644 shared/2configs/shack/muell_caller.nix delete mode 100644 shared/2configs/shack/nix-cacher.nix delete mode 100644 shared/2configs/shack/radioactive.nix delete mode 100644 shared/2configs/shack/share.nix delete mode 100644 shared/2configs/shack/worlddomination.nix delete mode 100644 shared/2configs/shared-buildbot.nix delete mode 100644 shared/2configs/temp/dirs.nix delete mode 100644 shared/2configs/temp/networking.nix (limited to 'shared/2configs') diff --git a/shared/2configs/central-stats-client.nix b/shared/2configs/central-stats-client.nix deleted file mode 100644 index 0412eba9a..000000000 --- a/shared/2configs/central-stats-client.nix +++ /dev/null @@ -1,68 +0,0 @@ -{pkgs, config, ...}: -{ - services.collectd = { - enable = true; - autoLoadPlugin = true; - extraConfig = '' - Hostname ${config.krebs.build.host.name} - LoadPlugin load - LoadPlugin disk - LoadPlugin memory - LoadPlugin df - Interval 30.0 - - LoadPlugin interface - - Interface "*Link" - Interface "lo" - Interface "vboxnet*" - Interface "virbr*" - IgnoreSelected true - - - LoadPlugin df - - MountPoint "/nix/store" - # MountPoint "/run*" - # MountPoint "/sys*" - # MountPoint "/dev" - # MountPoint "/dev/shm" - # MountPoint "/tmp" - FSType "tmpfs" - FSType "binfmt_misc" - FSType "debugfs" - FSType "mqueue" - FSType "hugetlbfs" - FSType "systemd-1" - FSType "cgroup" - FSType "securityfs" - FSType "ramfs" - FSType "proc" - FSType "devpts" - FSType "devtmpfs" - MountPoint "/var/lib/docker/devicemapper" - IgnoreSelected true - - - LoadPlugin cpu - - ReportByCpu true - ReportByState true - ValuesPercentage true - - - LoadPlugin network - - Server "stats.makefu.r" "25826" - - - LoadPlugin curl - - - URL "http://smarthome.shack/"; - MeasureResponseTime true - - - ''; - }; -} diff --git a/shared/2configs/cgit-mirror.nix b/shared/2configs/cgit-mirror.nix deleted file mode 100644 index c2326a5cc..000000000 --- a/shared/2configs/cgit-mirror.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - rules = with git; singleton { - user = [ wolf-repo-sync ]; - repo = [ stockholm-mirror ]; - perm = push ''refs/*'' [ non-fast-forward create delete merge ]; - }; - - stockholm-mirror = { - public = true; - name = "stockholm-mirror"; - cgit.desc = "mirror for all stockholm branches"; - hooks = { - post-receive = pkgs.git-hooks.irc-announce { - nick = config.networking.hostName; - verbose = false; - channel = "#retiolum"; - server = "ni.r"; - }; - }; - }; - - wolf-repo-sync = { - name = "wolf-repo-sync"; - mail = "spam@krebsco.de"; - # TODO put git-sync pubkey somewhere more appropriate - pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwuAZB3wtAvBJFYh+gWdyGaZU4mtqM2dFXmh2rORlbXeh02msu1uv07ck1VKkQ4LgvCBcBsAOeVa1NTz99eLqutwgcqMCytvRNUCibcoEWwHObsK53KhDJj+zotwlFhnPPeK9+EpOP4ngh/tprJikttos5BwBwe2K+lfiid3fmVPZcTTYa77nCwijimMvWEx6CEjq1wiXMUc4+qcEn8Swbwomz/EEQdNE2hgoC3iMW9RqduTFdIJWnjVi0KaxenX9CvQRGbVK5SSu2gwzN59D/okQOCP6+p1gL5r3QRHSLSSRiEHctVQTkpKOifrtLZGSr5zArEmLd/cOVyssHQPCX repo-sync@wolf''; - }; - -in { - krebs.users.wolf-repo-sync = wolf-repo-sync; - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "Shared Repos"; - root-desc = "keep on krebsing"; - }; - }; - inherit rules; - repos.stockholm-mirror = stockholm-mirror; - }; -} diff --git a/shared/2configs/collectd-base.nix b/shared/2configs/collectd-base.nix deleted file mode 100644 index 440f83fce..000000000 --- a/shared/2configs/collectd-base.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, lib, pkgs, ... }: - -# TODO: krebs.collectd.plugins -with import ; -let - connect-time-cfg = with pkgs; writeText "collectd-connect-time.conf" '' - LoadPlugin python - - ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/" - Import "collectd_connect_time" - - target "localhost:22" "google.com" "google.de" "gum.r:22" "gum.krebsco.de" "heidi.shack:22" "10.42.0.1:22" "heise.de" "t-online.de" - interval 10 - - - ''; - graphite-cfg = pkgs.writeText "collectd-graphite.conf" '' - LoadPlugin write_graphite - - - Host "heidi.shack" - Port "2003" - Prefix "retiolum." - EscapeCharacter "_" - StoreRates false - AlwaysAppendDS false - - - ''; -in { - imports = [ ]; - - nixpkgs.config.packageOverrides = pkgs: with pkgs; { - collectd = pkgs.collectd.override { python= pkgs.python; }; - }; - services.collectd = { - enable = true; - include = [ (toString connect-time-cfg) (toString graphite-cfg) ]; - }; - -} diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix deleted file mode 100644 index 2146f42e8..000000000 --- a/shared/2configs/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -{ - krebs.enable = true; - krebs.tinc.retiolum.enable = true; - - # TODO rename shared user to "krebs" - krebs.build.user = mkDefault config.krebs.users.shared; - - networking.hostName = config.krebs.build.host.name; - - nix.maxJobs = 1; - nix.trustedBinaryCaches = [ - "https://cache.nixos.org" - "http://cache.nixos.org" - "http://hydra.nixos.org" - ]; - nix.useSandbox = true; - - environment.systemPackages = with pkgs; [ - git - rxvt_unicode.terminfo - ]; - - programs.ssh.startAgent = false; - - services.openssh = { - enable = true; - hostKeys = [ - { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - services.cron.enable = false; - services.nscd.enable = false; - services.ntp.enable = false; - - users.mutableUsers = false; - users.extraUsers.root.openssh.authorizedKeys.keys = [ - # TODO - config.krebs.users.lass.pubkey - config.krebs.users.makefu.pubkey - # TODO HARDER: - config.krebs.users.makefu-omo.pubkey - config.krebs.users.tv.pubkey - ]; - - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "15.09"; - -} diff --git a/shared/2configs/graphite.nix b/shared/2configs/graphite.nix deleted file mode 100644 index 64222e43a..000000000 --- a/shared/2configs/graphite.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ config, lib, pkgs, ... }: - -# graphite-web on port 8080 -# carbon cache on port 2003 (tcp/udp) - -# TODO: krebs.graphite.minimal.enable -# TODO: configure firewall -with import ; -{ - imports = [ ]; - - services.graphite = { - api = { - enable = true; - listenAddress = "0.0.0.0"; - }; - carbon = { - enableCache = true; - # save disk usage by restricting to 1 bulk update per second - config = '' - [cache] - MAX_CACHE_SIZE = inf - MAX_UPDATES_PER_SECOND = 1 - MAX_CREATES_PER_MINUTE = 50 - MAX_UPDATES_PER_SECOND_ONSHUTDOWN = 9001 - - LOG_CACHE_HITS = False - LOG_CACHE_QUEUE_SORTS = False - LOG_UPDATES = False - LOG_LISTENER_CONNECTIONS = False - LOG_CREATES = True - ''; - storageAggregation = '' - ''; - storageSchemas = '' - [carbon] - pattern = ^carbon\. - retentions = 60:90d - - - [radiation_sensor] - pattern = ^sensors\.radiation\. - retentions = 1m:30d,5m:180d,10m:3y - - [motion_sensors] - pattern = ^sensors\.motion\. - retentions = 1s:1h,60s:30d,300s:1y - - [motion_sensors] - pattern = ^retiolum\. - retentions = 10s:1h,30s:30d,300s:1y - - [homeassistant] - pattern = ^homeassistant\. - retentions = 10s:24h,30s:30d,300s:1y,3600s:5y - - [ara] - pattern = ^ara\. - retentions = 60s:30d,300s:1y - - [openweathermap] - pattern = ^weather\.openweathermap - retentions = 30m:30d,1h:5y - - [stadtklima] - pattern = ^weather\.stadtklima-stuttgart - retentions = 15m:30d,30m:5y - - [sensebox] - pattern = ^weather\.sensebox - retentions = 1m:90d,30m:5y - - [elchos] - pattern = ^elchos\. - retentions = 10s:14d,1m:90d,10m:5y - - [icinga_default] - pattern = ^icinga - retentions = 10s:14d,5m:90d,10m:5y - - [icinga_internals] - pattern = ^icinga.*\.(max_check_attempts|reachable|current_attempt|execution_time|latency|state|state_type) - retentions = 5m:7d - - [default] - pattern = .* - retentions = 60s:30d,300s:1y - ''; - }; - }; - systemd.services.carbonCache.serviceConfig.Restart="always"; - systemd.services.graphiteApi.serviceConfig.Restart="always"; -} diff --git a/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix b/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix deleted file mode 100644 index b5ec722a0..000000000 --- a/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix +++ /dev/null @@ -1,47 +0,0 @@ -_: - -{ - boot.loader.grub = { - device = "/dev/sda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - ]; - - fileSystems."/" = { - device = "/dev/VolGroup/lv_root"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; - - swapDevices = [ - { device = "/dev/VolGroup/lv_swap"; } - ]; - - users.extraGroups = { - # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories - # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) - # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago - # Docs: man:tmpfiles.d(5) - # man:systemd-tmpfiles(8) - # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) - # Main PID: 19272 (code=exited, status=1/FAILURE) - # - # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE - # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. - # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. - # warning: error(s) occured while switching to the new configuration - lock.gid = 10001; - }; -} diff --git a/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix b/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix deleted file mode 100644 index 168d1d97b..000000000 --- a/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix +++ /dev/null @@ -1,47 +0,0 @@ -_: - -{ - boot.loader.grub = { - device = "/dev/sda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - ]; - - fileSystems."/" = { - device = "/dev/centos/root"; - fsType = "xfs"; - }; - - fileSystems."/boot" = { - device = "/dev/sda1"; - fsType = "xfs"; - }; - - swapDevices = [ - { device = "/dev/centos/swap"; } - ]; - - users.extraGroups = { - # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories - # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) - # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago - # Docs: man:tmpfiles.d(5) - # man:systemd-tmpfiles(8) - # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) - # Main PID: 19272 (code=exited, status=1/FAILURE) - # - # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE - # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. - # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. - # warning: error(s) occured while switching to the new configuration - lock.gid = 10001; - }; -} diff --git a/shared/2configs/repo-sync.nix b/shared/2configs/repo-sync.nix deleted file mode 100644 index 637a26e3c..000000000 --- a/shared/2configs/repo-sync.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -{ - krebs.repo-sync = let - # TODO addMirrorURL function - mirror = "git@wolf:stockholm-mirror"; - in { - enable = true; - repos.stockholm = { - branches = { - makefu = { - origin.url = http://cgit.gum/stockholm ; - mirror.url = mirror; - }; - tv = { - origin.url = http://cgit.ni.r/stockholm; - mirror.url = mirror; - }; - lassulus = { - origin.url = http://cgit.prism/stockholm ; - mirror.url = mirror; - }; - }; - latest = { - url = mirror; - ref = "heads/master"; - }; - }; - }; -} diff --git a/shared/2configs/save-diskspace.nix b/shared/2configs/save-diskspace.nix deleted file mode 100644 index ab074c750..000000000 --- a/shared/2configs/save-diskspace.nix +++ /dev/null @@ -1,11 +0,0 @@ -{lib, ... }: -# TODO: do not check out nixpkgs master but fetch revision from github -{ - environment.noXlibs = true; - nix.gc.automatic = true; - nix.gc.dates = lib.mkDefault "03:10"; - programs.info.enable = false; - programs.man.enable = false; - services.journald.extraConfig = "SystemMaxUse=50M"; - services.nixosManual.enable = false; -} diff --git a/shared/2configs/shack/bincache.nix b/shared/2configs/shack/bincache.nix deleted file mode 100644 index 9cd7fae23..000000000 --- a/shared/2configs/shack/bincache.nix +++ /dev/null @@ -1,6 +0,0 @@ -{...}: -{ - nix.binaryCaches = [ - "http://wolf.shack:3142/nixos" - ]; -} diff --git a/shared/2configs/shack/drivedroid.nix b/shared/2configs/shack/drivedroid.nix deleted file mode 100644 index 12e4a39c3..000000000 --- a/shared/2configs/shack/drivedroid.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, pkgs, ... }: -with import ; -let - root = "/var/srv/drivedroid"; -in -{ - environment.systemPackages = [ pkgs.drivedroid-gen-repo ]; - - services.nginx = { - enable = mkDefault true; - virtualHosts.shack-drivedroid = { - serverAliases = [ - "drivedroid.shack" - ]; - # TODO: prepare this somehow - locations."/".extraConfig = '' - root ${root}; - index main.json; - ''; - }; - }; - - systemd.services.drivedroid-gen-repo = { - description = "generates drivedroid repo file"; - path = [ - pkgs.coreutils - pkgs.drivedroid-gen-repo - pkgs.inotify-tools - ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - Type = "simple"; - Restart = "always"; - ExecStartPre = pkgs.writeDash "prepare-drivedroid-gen-repo" '' - mkdir -p ${root}/repos - ''; - ExecStart = pkgs.writeDash "start-drivedroid-gen-repo" '' - set -efu - cd ${root} - while sleep 60; do - if inotifywait -r .; then - drivedroid-gen-repo repos > main.json - fi - done - ''; - }; - }; -} diff --git a/shared/2configs/shack/mqtt_sub.nix b/shared/2configs/shack/mqtt_sub.nix deleted file mode 100644 index a8427dde4..000000000 --- a/shared/2configs/shack/mqtt_sub.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - pkg = pkgs.stdenv.mkDerivation { - name = "mqtt2graphite-2017-05-29"; - src = pkgs.fetchgit { - url = "https://github.com/shackspace/mqtt2graphite/"; - rev = "117179d"; - sha256 = "1334jbbzlqizyp7zcn4hdswhhrnkj1p4p435n5nph82lzffrsi44"; - }; - buildInputs = [ - (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [ - docopt - paho-mqtt - ])) - ]; - installPhase = '' - install -m755 -D sub.py $out/bin/sub - install -m755 -D sub2.py $out/bin/sub-new - ''; - }; -in { - systemd.services.mqtt_sub = { - description = "subscribe to mqtt, send to graphite"; - # after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; - ExecStart = "${pkg}/bin/sub-new"; - PrivateTmp = true; - }; - }; -} diff --git a/shared/2configs/shack/muell_caller.nix b/shared/2configs/shack/muell_caller.nix deleted file mode 100644 index 2d8d78e33..000000000 --- a/shared/2configs/shack/muell_caller.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - pkg = pkgs.stdenv.mkDerivation { - name = "muell_caller-2017-06-01"; - src = pkgs.fetchgit { - url = "https://github.com/shackspace/muell_caller/"; - rev = "bbd4009"; - sha256 = "1bfnfl2vdh0p5wzyz5p48qh04vvsg2445avg86fzhzragx25fqv0"; - }; - buildInputs = [ - (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ - docopt - requests2 - paramiko - python - ])) - ]; - installPhase = '' - install -m755 -D call.py $out/bin/call-muell - ''; - }; - cfg = "${toString }/tell.json"; -in { - systemd.services.call_muell = { - description = "call muell"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; # TODO separate user - ExecStartPre = pkgs.writeDash "call-muell-pre" '' - cp ${cfg} /tmp/tell.json - chown nobody /tmp/tell.json - ''; - ExecStart = "${pkg}/bin/call-muell --cfg /tmp/tell.json --mode mpd loop 60"; - Restart = "always"; - PrivateTmp = true; - PermissionsStartOnly = true; - }; - }; -} diff --git a/shared/2configs/shack/nix-cacher.nix b/shared/2configs/shack/nix-cacher.nix deleted file mode 100644 index 8feeca9af..000000000 --- a/shared/2configs/shack/nix-cacher.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, pkgs, ... }: -with import ; -let - cfg = config.krebs.apt-cacher-ng; -in -{ - imports = [ - ./bincache.nix - ]; - krebs.apt-cacher-ng = { - enable = true; - port = 3142; - bindAddress = "localhost"; - cacheExpiration = 30; - }; - - services.nginx = { - enable = mkDefault true; - virtualHosts.shack-nix-cacher = { - serverAliases = [ - "acng.shack" - ]; - locations."/".extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://localhost:${toString cfg.port}/; - ''; - }; - }; -} diff --git a/shared/2configs/shack/radioactive.nix b/shared/2configs/shack/radioactive.nix deleted file mode 100644 index 378b54056..000000000 --- a/shared/2configs/shack/radioactive.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - pkg = pkgs.stdenv.mkDerivation { - name = "radioactive-2017-06-01"; - src = pkgs.fetchgit { - url = "https://github.com/makefu/nagios-radioactiveathome-plugins/"; - rev = "955f614"; - sha256 = "0ql6npl3n6shvij0ly6a52yjmf7dc31c5x29y927k9lvp8ygin20"; - }; - buildInputs = [ - (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ - docopt - requests2 - python - ])) - ]; - installPhase = '' - install -m755 -D add_many_points.py $out/bin/radioactive-add-many - ''; - }; -in { - systemd.services.radioactive = { - description = "radioactive"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; # TODO separate user - ExecStart = "${pkg}/bin/radioactive-add-many loop 60"; - Restart = "always"; - PrivateTmp = true; - PermissionsStartOnly = true; - }; - }; -} diff --git a/shared/2configs/shack/share.nix b/shared/2configs/shack/share.nix deleted file mode 100644 index 247b9ee7d..000000000 --- a/shared/2configs/shack/share.nix +++ /dev/null @@ -1,38 +0,0 @@ -{config, ... }:{ - users.users.smbguest = { - name = "smbguest"; - uid = config.ids.uids.smbguest; - group = "share"; - description = "smb guest user"; - home = "/home/share"; - createHome = true; - }; - - networking.firewall.allowedTCPPorts = [ - 139 445 # samba - ]; - - networking.firewall.allowedUDPPorts = [ - 137 138 - ]; - services.samba = { - enable = true; - shares = { - share-home = { - path = "/home/share/"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - ''; - }; -} diff --git a/shared/2configs/shack/worlddomination.nix b/shared/2configs/shack/worlddomination.nix deleted file mode 100644 index d0f9f5fa6..000000000 --- a/shared/2configs/shack/worlddomination.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - pythonPackages = pkgs.python3Packages; - # https://github.com/chrysn/aiocoap - aiocoap = pythonPackages.buildPythonPackage { - name = "aiocoap-0.3"; - src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; }; - propagatedBuildInputs = [ ]; - doCheck = false; # 2 errors, dunnolol - meta = with pkgs.stdenv.lib; { - homepage = ""; - license = licenses.mit; - description = "Python CoAP library"; - }; - }; - LinkHeader = pythonPackages.buildPythonPackage { - name = "LinkHeader-0.4.3"; - src = pkgs.fetchurl { url = "https://pypi.python.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; }; - propagatedBuildInputs = [ ]; - meta = with pkgs.stdenv.lib; { - homepage = ""; - license = licenses.bsdOriginal; - description = "Parse and format link headers according to RFC 5988 \"Web Linking\""; - }; - }; - pkg = pkgs.stdenv.mkDerivation { - name = "worlddomination-2017-06-10"; - src = pkgs.fetchgit { - url = "https://github.com/shackspace/worlddomination/"; - rev = "72fc9b5"; - sha256 = "05h500rswzypcxy4i22qc1vkc8izbzfqa9m86xg289hjxh133xyf"; - }; - buildInputs = [ - (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ - docopt - LinkHeader - aiocoap - requests2 - paramiko - python - ])) - ]; - installPhase = '' - install -m755 -D backend/push_led.py $out/bin/push-led - install -m755 -D backend/loop_single.py $out/bin/loop-single - # copy the provided file to the package - install -m755 -D backend/wd.lst $out/${wdpath} - ''; - }; - wdpath = "/usr/worlddomination/wd.lst"; - esphost = "10.42.24.7"; # esp8266 - timeout = 10; # minutes -in { - systemd.services.worlddomination = { - description = "run worlddomination"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; # TODO separate user - ExecStart = "${pkg}/bin/push-led ${esphost} ${pkg}/${wdpath} loop ${toString timeout}"; - Restart = "always"; - PrivateTmp = true; - PermissionsStartOnly = true; - }; - }; -} diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix deleted file mode 100644 index 1d6883afe..000000000 --- a/shared/2configs/shared-buildbot.nix +++ /dev/null @@ -1,178 +0,0 @@ -{ lib, config, pkgs, ... }: -# The buildbot config is self-contained and currently provides a way -# to test "shared" configuration (infrastructure to be used by every krebsminister). - -# You can add your own test, test steps as required. Deploy the config on a -# shared host like wolf and everything should be fine. - -# TODO for all users schedule a build for fast tests -{ - # due to the fact that we actually build stuff on the box via the daemon, - # /nix/store should be cleaned up automatically as well - services.nginx.virtualHosts.build = { - serverAliases = [ "build.wolf.r" ]; - locations."/".extraConfig = '' - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://localhost:${toString config.krebs.buildbot.master.web.port}; - ''; - }; - - nix.gc.automatic = true; - nix.gc.dates = "05:23"; - networking.firewall.allowedTCPPorts = [ 8010 9989 ]; - krebs.buildbot.master = let - stockholm-mirror-url = http://cgit.wolf.r/stockholm-mirror ; - in { - secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ]; - workers = { - testworker = "krebspass"; - }; - change_source.stockholm = '' - stockholm_repo = '${stockholm-mirror-url}' - cs.append(changes.GitPoller( - stockholm_repo, - workdir='stockholm-poller', branches=True, - project='stockholm', - pollinterval=60)) - ''; - scheduler = { - force-scheduler = '' - sched.append(schedulers.ForceScheduler( - name="force", - builderNames=[ - # "full-tests", - "fast-tests", - "build-local" - ])) - ''; - fast-tests-scheduler = '' - # test everything real quick - sched.append(schedulers.AnyBranchScheduler( - treeStableTimer=10, - name="fast-all-branches", - builderNames=["fast-tests"])) - ''; - test-cac-infest-master = '' - # files everyone depends on or are part of the share branch - def shared_files(change): - r =re.compile("^((krebs|shared)/.*|Makefile|default.nix)") - for file in change.files: - if r.match(file): - return True - return False - - sched.append(schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter(branch="master"), - fileIsImportant=shared_files, - treeStableTimer=60*60, # master was stable for the last hour - name="full-master", - builderNames=[ - # "full-tests", - "build-local" - ])) - ''; - }; - builder_pre = '' - # prepare grab_repo step for stockholm - grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') - - env = { - "LOGNAME": "shared", - "NIX_REMOTE": "daemon", - "dummy_secrets": "true", - } - - # prepare nix-shell - # the dependencies which are used by the test script - deps = [ "gnumake", "jq", "nix", - "(import ).pkgs.populate", - "(import ).pkgs.test.infest-cac-centos7" ] - # TODO: --pure , prepare ENV in nix-shell command: - # SSL_CERT_FILE,LOGNAME,NIX_REMOTE - nixshell = ["nix-shell", - "-I", "stockholm=.", - "-I", "nixpkgs=/var/src/nixpkgs", - "-p" ] + deps + [ "--run" ] - - # prepare addShell function - def addShell(factory,**kwargs): - factory.addStep(steps.ShellCommand(**kwargs)) - ''; - builder = { - fast-tests = '' - f = util.BuildFactory() - f.addStep(grab_repo) - - for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]: - addShell(f,name="build-{}".format(i),env=env, - command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=eval \ - system={}".format(i)]) - - bu.append(util.BuilderConfig(name="fast-tests", - workernames=workernames, - factory=f)) - - ''; - # this build will try to build against local nixpkgs - # TODO change to do a 'local' populate and use the retrieved nixpkgs - build-local = '' - f = util.BuildFactory() - f.addStep(grab_repo) - - - bu.append(util.BuilderConfig(name="build-local", - workernames=workernames, - factory=f)) - ''; -# slow-tests = '' -# s = util.BuildFactory() -# s.addStep(grab_repo) -# -# # worker needs 2 files: -# # * cac.json -# # * retiolum -# s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/cac.json", workerdest="cac.json")) -# s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/retiolum-ci.rsa_key.priv", workerdest="retiolum.rsa_key.priv")) -# addShell(s, name="infest-cac-centos7",env=env, -# sigtermTime=60, # SIGTERM 1 minute before SIGKILL -# timeout=10800, # 3h -# command=nixshell + ["infest-cac-centos7"]) -# -# bu.append(util.BuilderConfig(name="full-tests", -# workernames=workernames, -# factory=s)) -# ''; - }; - enable = true; - web = { - enable = true; - }; - irc = { - enable = true; - nick = "wolfbot"; - server = "ni.r"; - channels = [ { channel = "retiolum"; } ]; - allowForce = true; - }; - extraConfig = '' - c['buildbotURL'] = "http://build.wolf.r/" - ''; - }; - - krebs.buildbot.worker = { - enable = true; - masterhost = "localhost"; - username = "testworker"; - password = "krebspass"; - packages = with pkgs; [ gnumake jq nix populate ]; - # all nix commands will need a working nixpkgs installation - extraEnviron = { - NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; }; - }; -} diff --git a/shared/2configs/temp/dirs.nix b/shared/2configs/temp/dirs.nix deleted file mode 100644 index 958608a54..000000000 --- a/shared/2configs/temp/dirs.nix +++ /dev/null @@ -1 +0,0 @@ -_: { } diff --git a/shared/2configs/temp/networking.nix b/shared/2configs/temp/networking.nix deleted file mode 100644 index 958608a54..000000000 --- a/shared/2configs/temp/networking.nix +++ /dev/null @@ -1 +0,0 @@ -_: { } -- cgit v1.2.3