From df017132338d1c22adbc414a301e879035e5ba4f Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 14 Jan 2016 15:54:44 +0100 Subject: tv nixpkgs: c44a593 -> b7ff030 --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv/2configs/default.nix') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index c300633bb..17e260b56 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -11,7 +11,7 @@ with lib; source = { git.nixpkgs = { url = mkDefault https://github.com/NixOS/nixpkgs; - rev = mkDefault "c44a593aa43bba6a0708f6f36065a514a5110613"; + rev = mkDefault "b7ff0301d6f26bd8419e888fd0e129f3dc8bd328"; target-path = mkDefault "/var/src/nixpkgs"; }; dir.secrets = { -- cgit v1.2.3 From 780ddec4ab268fbfd43ea9bf511ed4b3b0d35783 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 14 Jan 2016 16:31:48 +0100 Subject: tv ssh_config: UseRoaming=no --- tv/2configs/default.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'tv/2configs/default.nix') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 17e260b56..d3a1778f0 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -142,7 +142,12 @@ with lib; ''; }; - programs.ssh.startAgent = false; + programs.ssh = { + extraConfig = '' + UseRoaming no + ''; + startAgent = false; + }; } { -- cgit v1.2.3 From 1a4437cb26a29400d33486d6c8a220a9e88f4132 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 28 Jan 2016 13:49:14 +0100 Subject: tv nixpkgs: b7ff030 -> 77f8f35 --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv/2configs/default.nix') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index d3a1778f0..dc55a4330 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -11,7 +11,7 @@ with lib; source = { git.nixpkgs = { url = mkDefault https://github.com/NixOS/nixpkgs; - rev = mkDefault "b7ff0301d6f26bd8419e888fd0e129f3dc8bd328"; + rev = mkDefault "77f8f35d57618c1ba456d968524f2fb2c3448295"; target-path = mkDefault "/var/src/nixpkgs"; }; dir.secrets = { -- cgit v1.2.3 From c3c4aac670cf0ac26340061cef1527b3d7f64386 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 03:00:48 +0100 Subject: make deploy2: deploy using nixos-rebuild switch --- tv/2configs/default.nix | 36 +++++++++++++++++------------------- 1 file changed, 17 insertions(+), 19 deletions(-) (limited to 'tv/2configs/default.nix') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index dc55a4330..e7197c4c4 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -8,20 +8,23 @@ with lib; krebs.build = { user = config.krebs.users.tv; target = mkDefault "root@${config.krebs.build.host.name}"; - source = { - git.nixpkgs = { - url = mkDefault https://github.com/NixOS/nixpkgs; - rev = mkDefault "77f8f35d57618c1ba456d968524f2fb2c3448295"; - target-path = mkDefault "/var/src/nixpkgs"; + source-version = 2; + source = mapAttrs (_: mkDefault) ({ + nixos-config = "symlink:stockholm-private/1systems/${config.krebs.build.host.name}.nix"; + nixpkgs = symlink:stockholm-nixpkgs; + secrets = "/home/tv/secrets/${config.krebs.build.host.name}"; + secrets-common = "/home/tv/secrets/common"; + stockholm-krebs = "/home/tv/stockholm/krebs"; + stockholm-nixpkgs = "/home/tv/stockholm/nixpkgs"; + stockholm-private = "/home/tv/stockholm/tv"; + upstream-nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + rev = "77f8f35d57618c1ba456d968524f2fb2c3448295"; + dev = "/home/tv/nixpkgs"; }; - dir.secrets = { - path = mkDefault "/home/tv/secrets/${config.krebs.build.host.name}"; - }; - dir.stockholm = { - path = mkDefault "/home/tv/stockholm"; - target-path = mkDefault "/var/src/stockholm"; - }; - }; + } // optionalAttrs config.krebs.build.host.secure { + secrets-master = "/home/tv/secrets/master"; + }); }; networking.hostName = config.krebs.build.host.name; @@ -98,12 +101,7 @@ with lib; }; environment.variables = { - NIX_PATH = - with config.krebs.build.source; with dir; with git; - mkForce (concatStringsSep ":" [ - "nixpkgs=${nixpkgs.target-path}" - "secrets=${stockholm.target-path}/null" - ]); + NIX_PATH = mkForce "/var/src"; }; programs.bash = { -- cgit v1.2.3 From 8217472e99ad5c9392a4da443dd2fe66343c8668 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 03:31:24 +0100 Subject: tv config: isUser root == true --- tv/2configs/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'tv/2configs/default.nix') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index e7197c4c4..310077021 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -180,7 +180,8 @@ with lib; { systemd.tmpfiles.rules = let forUsers = flip map users; - isUser = { group, ... }: hasSuffix "users" group; + isUser = { name, group, ... }: + name == "root" || hasSuffix "users" group; users = filter isUser (mapAttrsToList (_: id) config.users.users); in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -"); environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME"; -- cgit v1.2.3 From bb1dbae8187601cea2ddfbdcdc9baa456bc5b4ab Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:40:25 +0100 Subject: tv: open ssh port by default --- tv/2configs/default.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'tv/2configs/default.nix') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 310077021..abe9d3de8 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -162,6 +162,10 @@ with lib; }; } + { + tv.iptables.enable = true; + } + { services.openssh = { enable = true; @@ -169,6 +173,7 @@ with lib; { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } ]; }; + tv.iptables.input-internet-accept-new-tcp = singleton "ssh"; } { -- cgit v1.2.3 From 03e5d03c129190451e1431fac6aae70f745812f9 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 19:17:19 +0100 Subject: tv config: use null for dummy secrets --- tv/2configs/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'tv/2configs/default.nix') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index abe9d3de8..777cd4ea3 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -12,6 +12,7 @@ with lib; source = mapAttrs (_: mkDefault) ({ nixos-config = "symlink:stockholm-private/1systems/${config.krebs.build.host.name}.nix"; nixpkgs = symlink:stockholm-nixpkgs; + null = "/home/tv/stockholm/null"; secrets = "/home/tv/secrets/${config.krebs.build.host.name}"; secrets-common = "/home/tv/secrets/common"; stockholm-krebs = "/home/tv/stockholm/krebs"; @@ -101,7 +102,7 @@ with lib; }; environment.variables = { - NIX_PATH = mkForce "/var/src"; + NIX_PATH = mkForce "secrets=/var/src/null:/var/src"; }; programs.bash = { -- cgit v1.2.3 From 44b9f90b2c70c997399afcc550dac2fff155af6b Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 20:12:06 +0100 Subject: tv config: allowUnfree = false --- tv/2configs/default.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'tv/2configs/default.nix') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 777cd4ea3..ee1d9521d 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -70,6 +70,9 @@ with lib; nix.useChroot = true; } + { + nixpkgs.config.allowUnfree = false; + } { environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ]; -- cgit v1.2.3 From fb734eded558aad5a728eb1b1b350235a921d541 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 03:07:47 +0100 Subject: stockholm: stockholm-path -> ./. --- tv/2configs/default.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'tv/2configs/default.nix') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index ee1d9521d..46320b738 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -10,14 +10,13 @@ with lib; target = mkDefault "root@${config.krebs.build.host.name}"; source-version = 2; source = mapAttrs (_: mkDefault) ({ - nixos-config = "symlink:stockholm-private/1systems/${config.krebs.build.host.name}.nix"; - nixpkgs = symlink:stockholm-nixpkgs; - null = "/home/tv/stockholm/null"; + nixos-config = "symlink:stockholm/tv/1systems/${config.krebs.build.host.name}.nix"; + nixpkgs = symlink:stockholm/nixpkgs; + null = "symlink:stockholm/null"; secrets = "/home/tv/secrets/${config.krebs.build.host.name}"; secrets-common = "/home/tv/secrets/common"; - stockholm-krebs = "/home/tv/stockholm/krebs"; - stockholm-nixpkgs = "/home/tv/stockholm/nixpkgs"; - stockholm-private = "/home/tv/stockholm/tv"; + stockholm = "/home/tv/stockholm"; + stockholm-user = "symlink:stockholm/tv"; upstream-nixpkgs = { url = https://github.com/NixOS/nixpkgs; rev = "77f8f35d57618c1ba456d968524f2fb2c3448295"; -- cgit v1.2.3 From b857a48632128be0324c68be95bee16fb0f1b15f Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 05:40:26 +0100 Subject: krebs.build.populate: init and drop support for v1 --- tv/2configs/default.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'tv/2configs/default.nix') diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 46320b738..57c4620c4 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -8,11 +8,9 @@ with lib; krebs.build = { user = config.krebs.users.tv; target = mkDefault "root@${config.krebs.build.host.name}"; - source-version = 2; source = mapAttrs (_: mkDefault) ({ nixos-config = "symlink:stockholm/tv/1systems/${config.krebs.build.host.name}.nix"; nixpkgs = symlink:stockholm/nixpkgs; - null = "symlink:stockholm/null"; secrets = "/home/tv/secrets/${config.krebs.build.host.name}"; secrets-common = "/home/tv/secrets/common"; stockholm = "/home/tv/stockholm"; @@ -104,7 +102,7 @@ with lib; }; environment.variables = { - NIX_PATH = mkForce "secrets=/var/src/null:/var/src"; + NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; }; programs.bash = { -- cgit v1.2.3