summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/default.nix3
-rw-r--r--krebs/3modules/iptables.nix30
-rw-r--r--lass/2configs/baseX.nix1
-rw-r--r--lass/2configs/buildbot-standalone.nix87
-rw-r--r--lass/2configs/games.nix18
-rw-r--r--lass/2configs/nixpkgs.nix2
-rw-r--r--lass/2configs/vim.nix4
-rw-r--r--makefu/1systems/x.nix37
8 files changed, 110 insertions, 72 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 7f5d2c7bd..bf09b7424 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -155,14 +155,13 @@ let
to = concatMapStringsSep "," (getAttr "mail") (toList to);
};
in mapAttrsToList format (with config.krebs.users; let
- eloop-ml = spam-ml ++ [ ciko Mic92 ];
+ eloop-ml = spam-ml ++ [ ciko ];
spam-ml = [
lass
makefu
tv
];
ciko.mail = "wieczorek.stefan@gmail.com";
- Mic92.mail = "joerg@higgsboson.tk";
in {
"anmeldung@eloop.org" = eloop-ml;
"cfp@eloop.org" = eloop-ml;
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index a4a4de6f9..09b493c20 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -29,9 +29,10 @@ let
tables = mkOption {
type = with types; attrsOf (attrsOf (submodule ({
options = {
+ #TODO: find out good defaults.
policy = mkOption {
type = str;
- default = "-";
+ default = "ACCEPT";
};
rules = mkOption {
type = nullOr (listOf (submodule ({
@@ -133,30 +134,9 @@ let
#=====
rules = iptables-version:
- let
- #TODO: find out good defaults.
- tables-defaults = {
- nat.PREROUTING.policy = "ACCEPT";
- nat.INPUT.policy = "ACCEPT";
- nat.OUTPUT.policy = "ACCEPT";
- nat.POSTROUTING.policy = "ACCEPT";
- filter.INPUT.policy = "ACCEPT";
- filter.FORWARD.policy = "ACCEPT";
- filter.OUTPUT.policy = "ACCEPT";
-
- #if someone specifies any other rules on this chain, the default rules get lost.
- #is this wanted beahiviour or a bug?
- #TODO: implement abstraction of rules
- filter.INPUT.rules = [
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
- ];
- };
- tables = tables-defaults // cfg.tables;
-
- in
- pkgs.writeText "krebs-iptables-rules${iptables-version}" ''
- ${buildTables iptables-version tables}
- '';
+ pkgs.writeText "krebs-iptables-rules${iptables-version}" ''
+ ${buildTables iptables-version cfg.tables}
+ '';
startScript = pkgs.writeDash "krebs-iptables_start" ''
set -euf
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index fbab23500..cdb6d34ab 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -36,6 +36,7 @@ in {
gitAndTools.qgit
lm_sensors
much
+ ncdu
nmap
pavucontrol
powertop
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index e7fbccb77..72cd66420 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -18,25 +18,34 @@ in {
};
change_source.stockholm = ''
stockholm_repo = '${stockholm-mirror-url}'
- cs.append(changes.GitPoller(
+ cs.append(
+ changes.GitPoller(
stockholm_repo,
workdir='stockholm-poller', branches=True,
project='stockholm',
- pollinterval=120))
+ pollinterval=120
+ )
+ )
'';
scheduler = {
build-scheduler = ''
# build all hosts
- sched.append(schedulers.SingleBranchScheduler(
- change_filter=util.ChangeFilter(branch_re=".*"),
- treeStableTimer=10,
- name="build-all-branches",
- builderNames=["build-all", "build-pkgs"]))
+ sched.append(
+ schedulers.SingleBranchScheduler(
+ change_filter=util.ChangeFilter(branch_re=".*"),
+ treeStableTimer=10,
+ name="build-all-branches",
+ builderNames=["build-hosts", "build-pkgs"]
+ )
+ )
'';
};
builder_pre = ''
# prepare grab_repo step for stockholm
- grab_repo = steps.Git(repourl=stockholm_repo, mode='full')
+ grab_repo = steps.Git(
+ repourl=stockholm_repo,
+ mode='full'
+ )
# TODO: get nixpkgs/stockholm paths from krebs
env_lass = {
@@ -57,45 +66,73 @@ in {
# prepare nix-shell
# the dependencies which are used by the test script
- deps = [ "gnumake", "jq", "nix", "(import <stockholm>).pkgs.populate", "openssh" ]
+ deps = [
+ "gnumake",
+ "jq",
+ "nix",
+ "(import <stockholm>).pkgs.populate",
+ "openssh"
+ ]
# TODO: --pure , prepare ENV in nix-shell command:
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
- nixshell = ["nix-shell",
- "-I", "stockholm=.",
- "-I", "nixpkgs=/var/src/nixpkgs",
- "-p" ] + deps + [ "--run" ]
+ nixshell = [
+ "nix-shell",
+ "-I", "stockholm=.",
+ "-I", "nixpkgs=/var/src/nixpkgs",
+ "-p"
+ ] + deps + [ "--run" ]
# prepare addShell function
def addShell(factory,**kwargs):
factory.addStep(steps.ShellCommand(**kwargs))
'';
builder = {
- build-all = ''
+ build-hosts = ''
f = util.BuildFactory()
f.addStep(grab_repo)
+ for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]:
+ addShell(f,name="build-{}".format(i),env=env_shared,
+ command=nixshell + \
+ ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
+ make \
+ test \
+ target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
+ method=build \
+ system={}".format(i)
+ ]
+ )
+
for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
- addShell(f,name="build-{}".format(i),env=env_lass,
- command=nixshell + \
- ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
+ addShell(f,name="build-{}".format(i),env=env_lass,
+ command=nixshell + \
+ ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
make \
test \
target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
method=build \
- system={}".format(i)])
+ system={}".format(i)
+ ]
+ )
for i in [ "x", "wry", "vbob", "wbob", "shoney" ]:
- addShell(f,name="build-{}".format(i),env=env_makefu,
- command=nixshell + \
- ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
+ addShell(f,name="build-{}".format(i),env=env_makefu,
+ command=nixshell + \
+ ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
make \
test \
target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
method=build \
- system={}".format(i)])
+ system={}".format(i)
+ ]
+ )
- bu.append(util.BuilderConfig(name="build-all",
- workernames=workernames,
- factory=f))
+ bu.append(
+ util.BuilderConfig(
+ name="build-hosts",
+ workernames=workernames,
+ factory=f
+ )
+ )
'';
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 0eec97922..82b7eb2c9 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -2,10 +2,28 @@
let
mainUser = config.users.extraUsers.mainUser;
+ doom = pkgs.writeDash "doom" ''
+ DOOM_DIR=''${DOOM_DIR:-~/doom/}
+ ${pkgs.zandronum}/bin/zandronum \
+ -file $DOOM_DIR/lib/brutalv20.pk3 \
+ -file $DOOM_DIR/lib/RebotStarcraftMarines.pk3 \
+ -fov 120 \
+ "$@"
+ '';
+ doom1 = pkgs.writeDashBin "doom1" ''
+ DOOM_DIR=''${DOOM_DIR:-~/doom/}
+ ${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
+ '';
+ doom2 = pkgs.writeDashBin "doom2" ''
+ DOOM_DIR=''${DOOM_DIR:-~/doom/}
+ ${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
+ '';
in {
environment.systemPackages = with pkgs; [
dwarf_fortress
+ doom1
+ doom2
];
users.extraUsers = {
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index caca98746..48472f7a1 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "ee52e9809185bdf44452f2913e3f6ef839c15c4e";
+ ref = "e360c7205f84be180d80b97f3980fb809a951486";
};
}
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index aac2b96d4..bfaae24c8 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -175,8 +175,8 @@ let
"Syntastic config
let g:syntastic_python_checkers=['flake8']
- nmap <esc>q :buffer
- nmap <M-q> :buffer
+ nmap <esc>q :buffer
+ nmap <M-q> :buffer
cnoremap <C-A> <Home>
diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix
index e1aec360d..6fe3883a1 100644
--- a/makefu/1systems/x.nix
+++ b/makefu/1systems/x.nix
@@ -5,25 +5,39 @@
{
imports =
- [ # Include the results of the hardware scan.
+ [ # base
../.
- ../2configs/main-laptop.nix #< base-gui + zsh
+ ../2configs/main-laptop.nix
../2configs/laptop-utils.nix
../2configs/laptop-backup.nix
- # Krebs
- #../2configs/disable_v6.nix
- ../2configs/rad1o.nix
+ # testing
+ #../2configs/elchos/search.nix
+ #../2configs/temp/share-samba.nix
+ # ../2configs/mediawiki.nix
+ # ../2configs/wordpress.nix
+ # ../2configs/nginx/public_html.nix
+ # ../2configs/nginx/icecult.nix
+ ../2configs/laptop-backup.nix
+ #../2configs/temp/elkstack.nix
+ # ../2configs/temp/sabnzbd.nix
+ ../2configs/tinc/siem.nix
+ #../2configs/torrent.nix
- # applications
+ # Krebs
+ ../2configs/disable_v6.nix
+ ../2configs/tinc/retiolum.nix
+
+ # applications
../2configs/exim-retiolum.nix
../2configs/mail-client.nix
../2configs/printer.nix
../2configs/virtualization.nix
../2configs/virtualization-virtualbox.nix
../2configs/wwan.nix
+ ../2configs/rad1o.nix
# services
../2configs/git/brain-retiolum.nix
@@ -37,19 +51,8 @@
../2configs/hw/bcm4352.nix
# mount points
../2configs/fs/sda-crypto-root-home.nix
- # ../2configs/mediawiki.nix
- #../2configs/wordpress.nix
- #../2configs/nginx/public_html.nix
- ../2configs/nginx/icecult.nix
- ../2configs/tinc/retiolum.nix
# temporary modules
- ../2configs/temp/share-samba.nix
- ../2configs/laptop-backup.nix
- #../2configs/temp/elkstack.nix
- # ../2configs/temp/sabnzbd.nix
- ../2configs/tinc/siem.nix
- #../2configs/torrent.nix
];
makefu.full-populate = true;