11 files changed, 89 insertions, 65 deletions

diff --git a/makefu/2configs/base-sources.nix b/makefu/2configs/base-sources.nix
deleted file mode 100644
index 65c6e8e76..000000000
--- a/makefu/2configs/base-sources.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  system.stateVersion = "15.09";
-  krebs.build.source = {
-    git.nixpkgs = {
-      #url = https://github.com/NixOS/nixpkgs;
-      url = https://github.com/makefu/nixpkgs;
-      rev = "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picked iodine
-    };
-
-    dir.secrets = {
-      host = config.krebs.hosts.pornocauster;
-      path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
-    };
-    dir.stockholm = {
-      host = config.krebs.hosts.pornocauster;
-      path = toString ../.. ;
-    };
-  };
-}
diff --git a/makefu/2configs/base.nix b/makefu/2configs/default.nix
index 4e38c27f8..3d9174788 100644
--- a/makefu/2configs/base.nix
+++ b/makefu/2configs/default.nix
@@ -2,6 +2,8 @@
 
 with lib;
 {
+  system.stateVersion = "15.09";
+
   imports = [
     {
       users.extraUsers =
@@ -10,10 +12,36 @@ with lib;
     }
     ./vim.nix
   ];
-  krebs.enable = true;
-  krebs.search-domain = "retiolum";
 
 
+  krebs = {
+    enable = true;
+    search-domain = "retiolum";
+    build =  {
+      target = mkDefault "root@${config.krebs.build.host.name}";
+      user = config.krebs.users.makefu;
+      source = {
+        git.nixpkgs = {
+          #url = https://github.com/NixOS/nixpkgs;
+          url = mkDefault https://github.com/makefu/nixpkgs;
+          rev = mkDefault "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picking
+          target-path = "/var/src/nixpkgs";
+        };
+
+        dir.secrets = {
+          host = config.krebs.hosts.pornocauster;
+          path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
+        };
+
+        dir.stockholm = {
+          host = config.krebs.hosts.pornocauster;
+          path = "/home/makefu/stockholm" ;
+          target-path = "/var/src/stockholm";
+        };
+      };
+    };
+  };
+
   users.extraUsers = {
     root = {
         openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
@@ -56,7 +84,6 @@ with lib;
   environment.systemPackages = with pkgs; [
       jq
       git
-      vim
       gnumake
       rxvt_unicode.terminfo
       htop
diff --git a/makefu/2configs/fs/cac-boot-partition.nix b/makefu/2configs/fs/cac-boot-partition.nix
index fdf4b89d8..cec004582 100644
--- a/makefu/2configs/fs/cac-boot-partition.nix
+++ b/makefu/2configs/fs/cac-boot-partition.nix
@@ -18,6 +18,4 @@ with lib;
 
   hardware.enableAllFirmware = true;
   nixpkgs.config.allowUnfree = true;
-  hardware.cpu.amd.updateMicrocode = true;
-
 }
diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix
index 54db87547..2bfe26960 100644
--- a/makefu/2configs/fs/sda-crypto-root.nix
+++ b/makefu/2configs/fs/sda-crypto-root.nix
@@ -6,8 +6,8 @@
 with lib;
 {
   boot = {
-    loader.grub.enable =true;
-    loader.grub.version =2;
+    loader.grub.enable = true;
+    loader.grub.version = 2;
     loader.grub.device = "/dev/sda";
 
     initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
diff --git a/makefu/2configs/fs/single-partition-ext4.nix b/makefu/2configs/fs/single-partition-ext4.nix
new file mode 100644
index 000000000..1970c949f
--- /dev/null
+++ b/makefu/2configs/fs/single-partition-ext4.nix
@@ -0,0 +1,10 @@
+{config, ...}:
+{
+  boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true;
+  boot.loader.grub.version = 2;
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+  };
+}
diff --git a/makefu/2configs/fs/vm-single-partition.nix b/makefu/2configs/fs/vm-single-partition.nix
index 78a5e7175..27e28cb68 100644
--- a/makefu/2configs/fs/vm-single-partition.nix
+++ b/makefu/2configs/fs/vm-single-partition.nix
@@ -3,18 +3,9 @@
 # vda1 ext4 (label nixos) -> only root partition
 with lib;
 {
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
+  imports = [
+    ./single-partition-ext4.nix
+  ];
   boot.loader.grub.device = "/dev/vda";
 
-  fileSystems."/" = {
-    device = "/dev/disk/by-label/nixos";
-    fsType = "ext4";
-  };
-
-  hardware.enableAllFirmware = true;
-  nixpkgs.config.allowUnfree = true;
-  hardware.cpu.amd.updateMicrocode = true;
-
-
 }
diff --git a/makefu/2configs/headless.nix b/makefu/2configs/headless.nix
index 33847c5e1..772ca3771 100644
--- a/makefu/2configs/headless.nix
+++ b/makefu/2configs/headless.nix
@@ -1,4 +1,4 @@
-_:
+{lib,... }:
 {
-  sound.enable = false;
+  sound.enable = lib.mkForce false;
 }
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index aa2fc2050..047895ce6 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -8,6 +8,8 @@ with lib;
   hardware.enableAllFirmware = true;
   nixpkgs.config.allowUnfree = true;
 
+  hardware.cpu.intel.updateMicrocode = true;
+
   zramSwap.enable = true;
   zramSwap.numDevices = 2;
 
diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix
index e97050ec4..c6724c617 100644
--- a/makefu/2configs/nginx/euer.blog.nix
+++ b/makefu/2configs/nginx/euer.blog.nix
@@ -5,14 +5,40 @@ let
   sec = toString <secrets>;
   ssl_cert = "${sec}/wildcard.krebsco.de.crt";
   ssl_key  = "${sec}/wildcard.krebsco.de.key";
-  hostname = krebs.build.host.name;
+  hostname = config.krebs.build.host.name;
+  user = config.services.nginx.user;
+  group = config.services.nginx.group;
+  external-ip = head config.krebs.build.host.nets.internet.addrs4;
+  internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
+  base-dir = "/var/www/blog.euer";
 in {
+  # Prepare Blog directory
+  systemd.services.prepare-euer-blog = {
+    wantedBy = [ "local-fs.target" ];
+    before = [ "nginx.service" ];
+    serviceConfig = {
+      # do nothing if the base dir already exists
+      ExecStart = pkgs.writeScript "prepare-euer-blog-service" ''
+        #!/bin/sh
+        if ! test -d "${base-dir}" ;then
+          mkdir -p "${base-dir}"
+          chown ${user}:${group} "${base-dir}"
+          chmod 700 "${base-dir}"
+        fi
+      '';
+      Type = "oneshot";
+      RemainAfterExit = "yes";
+      TimeoutSec = "0";
+    };
+  };
+
   krebs.nginx = {
     enable = mkDefault true;
     servers = {
       euer-blog = {
-        listen = [ "80" "443 ssl" ];
-        server-names = [ "euer.krebsco.de" "euer.blog.krebsco.de" "blog.${hostname}" ];
+        listen = [ "${external-ip}:80" "${external-ip}:443 ssl"
+                   "${internal-ip}:80" "${internal-ip}:443 ssl" ];
+        server-names = [ "euer.krebsco.de" "blog.euer.krebsco.de" "blog.${hostname}" ];
         extraConfig = ''
           gzip on;
           gzip_buffers 4 32k;
@@ -22,7 +48,7 @@ in {
           default_type text/plain;
         '';
         locations = singleton (nameValuePair "/" ''
-          root /var/www/euer.blog/;
+          root ${base-dir};
         '');
       };
     };
diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix
index fbcfe2047..2b5fa6ead 100644
--- a/makefu/2configs/nginx/euer.wiki.nix
+++ b/makefu/2configs/nginx/euer.wiki.nix
@@ -51,18 +51,21 @@ in {
     serviceConfig = {
       ExecStart = pkgs.writeScript "prepare-tw-service" ''
         #!/bin/sh
-        mkdir -p "${wiki-dir}" "${backup-dir}"
+        if ! test -d "${base-dir}" ;then
+          mkdir -p "${wiki-dir}" "${backup-dir}"
 
-        # write the base configuration
-        cat > "${base-cfg}" <<EOF
+          # write the base configuration
+          cat > "${base-cfg}" <<EOF
         [users]
         $(cat "${tw-pass-file}")
         [directories]
         backupdir = ${backup-dir}
         savedir = ${wiki-dir}
         EOF
-        chown -R ${user}:${group} "${base-dir}"
-        chmod 700  -R "${base-dir}"
+
+          chown -R ${user}:${group} "${base-dir}"
+          chmod 700  -R "${base-dir}"
+        fi
       '';
       Type = "oneshot";
       RemainAfterExit = "yes";
diff --git a/makefu/2configs/unstable-sources.nix b/makefu/2configs/unstable-sources.nix
index 7bd5f50cb..7a9a8a81c 100644
--- a/makefu/2configs/unstable-sources.nix
+++ b/makefu/2configs/unstable-sources.nix
@@ -1,20 +1,8 @@
-{ config, lib, pkgs, ... }:
+_:
 
 {
-  system.stateVersion = "15.09";
-  krebs.build.source = {
-    git.nixpkgs = {
+  krebs.build.source.git.nixpkgs = {
       url = https://github.com/makefu/nixpkgs;
       rev = "15b5bbfbd1c8a55e7d9e05dd9058dc102fac04fe"; # cherry-picked collectd
     };
-
-    dir.secrets = {
-      host = config.krebs.hosts.pornocauster;
-      path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
-    };
-    dir.stockholm = {
-      host = config.krebs.hosts.pornocauster;
-      path = toString ../.. ;
-    };
-  };
 }