From 2d550c104cea85853c52545de979c74364824ab1 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 2 Sep 2015 10:02:05 +0200
Subject: [PATCH] makefu: sort 2configs
---
1systems/pnp.nix | 6 +-
1systems/pornocauster.nix | 16 +++--
1systems/tsp.nix | 4 +-
2configs/fs/cac-boot-partition.nix | 23 +++++++
2configs/{ => fs}/sda-crypto-root-home.nix | 0
2configs/{ => fs}/sda-crypto-root.nix | 0
2configs/{ => fs}/vm-single-partition.nix | 0
2configs/git/brain-retiolum.nix | 77 ++++++++++++++++++++++
2configs/{ => git}/cgit-retiolum.nix | 6 +-
2configs/{ => hw}/tp-x200.nix | 0
2configs/{ => hw}/tp-x220.nix | 0
2configs/{ => hw}/tp-x2x0.nix | 0
3modules/default.nix | 2 +-
13 files changed, 119 insertions(+), 15 deletions(-)
create mode 100644 2configs/fs/cac-boot-partition.nix
rename 2configs/{ => fs}/sda-crypto-root-home.nix (100%)
rename 2configs/{ => fs}/sda-crypto-root.nix (100%)
rename 2configs/{ => fs}/vm-single-partition.nix (100%)
create mode 100644 2configs/git/brain-retiolum.nix
rename 2configs/{ => git}/cgit-retiolum.nix (89%)
rename 2configs/{ => hw}/tp-x200.nix (100%)
rename 2configs/{ => hw}/tp-x220.nix (100%)
rename 2configs/{ => hw}/tp-x2x0.nix (100%)
diff --git a/1systems/pnp.nix b/1systems/pnp.nix
index bbb9939..6ca1f11 100644
--- a/1systems/pnp.nix
+++ b/1systems/pnp.nix
@@ -9,9 +9,9 @@
[ # Include the results of the hardware scan.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/base.nix
- ../2configs/cgit-retiolum.nix
+ ../2configs/git/cgit-retiolum.nix
# ../2configs/graphite-standalone.nix
- ../2configs/vm-single-partition.nix
+ ../2configs/fs/vm-single-partition.nix
../2configs/tinc-basic-retiolum.nix
../2configs/exim-retiolum.nix
@@ -26,7 +26,7 @@
krebs.build.deps = {
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
- rev = "13576925552b1d0751498fdda22e91a055a1ff6c";
+ rev = "03921972268934d900cc32dad253ff383926771c";
};
};
diff --git a/1systems/pornocauster.nix b/1systems/pornocauster.nix
index 1e2c312..4dcfe4e 100644
--- a/1systems/pornocauster.nix
+++ b/1systems/pornocauster.nix
@@ -13,9 +13,7 @@
../2configs/tinc-basic-retiolum.nix
#../2configs/disable_v6.nix
- #../2configs/sda-crypto-root.nix
- ../2configs/sda-crypto-root-home.nix
-
+ # environment
../2configs/zsh-user.nix
# applications
@@ -23,16 +21,22 @@
../2configs/virtualization.nix
../2configs/wwan.nix
- ../2configs/Reaktor/simpleExtend.nix
+ # services
+ ../2configs/git/brain-retiolum.nix
+ # ../2configs/Reaktor/simpleExtend.nix
# hardware specifics are in here
- ../2configs/tp-x220.nix
+ ../2configs/hw/tp-x220.nix
+ # mount points
+ ../2configs/fs/sda-crypto-root-home.nix
];
krebs.build.host = config.krebs.hosts.pornocauster;
krebs.build.user = config.krebs.users.makefu;
krebs.build.target = "root@pornocauster";
+ #krebs.Reaktor.nickname = "makefu|r";
+
networking.firewall.allowedTCPPorts = [
25
];
@@ -41,7 +45,7 @@
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
#url = https://github.com/makefu/nixpkgs;
- rev = "13576925552b1d0751498fdda22e91a055a1ff6c";
+ rev = "03921972268934d900cc32dad253ff383926771c";
};
};
}
diff --git a/1systems/tsp.nix b/1systems/tsp.nix
index 67db224..3c2bb2e 100644
--- a/1systems/tsp.nix
+++ b/1systems/tsp.nix
@@ -9,9 +9,9 @@
../2configs/base.nix
../2configs/base-gui.nix
../2configs/tinc-basic-retiolum.nix
- ../2configs/sda-crypto-root.nix
+ ../2configs/fs/sda-crypto-root.nix
# hardware specifics are in here
- ../2configs/tp-x200.nix #< imports tp-x2x0.nix
+ ../2configs/hw/tp-x200.nix #< imports tp-x2x0.nix
../2configs/disable_v6.nix
../2configs/rad1o.nix
diff --git a/2configs/fs/cac-boot-partition.nix b/2configs/fs/cac-boot-partition.nix
new file mode 100644
index 0000000..fdf4b89
--- /dev/null
+++ b/2configs/fs/cac-boot-partition.nix
@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+# vda1 ext4 (label nixos) -> only root partition
+with lib;
+{
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.device = "/dev/sda";
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-label/nixos";
+ fsType = "ext4";
+ };
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-label/boot";
+ fsType = "ext4";
+ };
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+ hardware.cpu.amd.updateMicrocode = true;
+
+}
diff --git a/2configs/sda-crypto-root-home.nix b/2configs/fs/sda-crypto-root-home.nix
similarity index 100%
rename from 2configs/sda-crypto-root-home.nix
rename to 2configs/fs/sda-crypto-root-home.nix
diff --git a/2configs/sda-crypto-root.nix b/2configs/fs/sda-crypto-root.nix
similarity index 100%
rename from 2configs/sda-crypto-root.nix
rename to 2configs/fs/sda-crypto-root.nix
diff --git a/2configs/vm-single-partition.nix b/2configs/fs/vm-single-partition.nix
similarity index 100%
rename from 2configs/vm-single-partition.nix
rename to 2configs/fs/vm-single-partition.nix
diff --git a/2configs/git/brain-retiolum.nix b/2configs/git/brain-retiolum.nix
new file mode 100644
index 0000000..0ab6477
--- /dev/null
+++ b/2configs/git/brain-retiolum.nix
@@ -0,0 +1,77 @@
+{ config, lib, pkgs, ... }:
+# TODO: remove tv lib :)
+with import ../../../tv/4lib { inherit lib pkgs; };
+let
+
+ repos = priv-repos // krebs-repos ;
+ rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos);
+
+ krebs-repos = mapAttrs make-krebs-repo {
+ brain = {
+ desc = "braiiiins";
+ };
+ };
+
+ priv-repos = mapAttrs make-priv-repo {
+ autosync = { };
+ };
+
+ # TODO move users to separate module
+ make-priv-repo = name: { desc ? null, ... }: {
+ inherit name desc;
+ public = false;
+ };
+
+ make-krebs-repo = with git; name: { desc ? null, ... }: {
+ inherit name desc;
+ public = false;
+ hooks = {
+ post-receive = git.irc-announce {
+ nick = config.networking.hostName;
+ channel = "#retiolum";
+ # TODO remove the hardcoded hostname
+ server = "cd.retiolum";
+ };
+ };
+ };
+
+ set-owners = with git;repo: user:
+ singleton {
+ inherit user;
+ repo = [ repo ];
+ perm = push "refs/*" [ non-fast-forward create delete merge ];
+ };
+
+ set-ro-access = with git; repo: user:
+ optional repo.public {
+ inherit user;
+ repo = [ repo ];
+ perm = fetch;
+ };
+
+ # TODO: get the list of all krebsministers
+ krebsminister = with config.krebs.users; [ lass tv ];
+ all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ];
+
+ priv-rules = repo: set-owners repo all-makefu;
+
+ krebs-rules = repo:
+ set-owners repo all-makefu ++ set-ro-access repo krebsminister;
+
+in {
+ imports = [{
+ krebs.users.makefu-omo = {
+ name = "makefu-omo" ;
+ pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub;
+ };
+ krebs.users.makefu-tsp = {
+ name = "makefu-tsp" ;
+ pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;
+ };
+ }];
+ krebs.git = {
+ enable = true;
+ cgit = false;
+ inherit repos rules;
+ };
+}
diff --git a/2configs/cgit-retiolum.nix b/2configs/git/cgit-retiolum.nix
similarity index 89%
rename from 2configs/cgit-retiolum.nix
rename to 2configs/git/cgit-retiolum.nix
index a40dabb..40b51e6 100644
--- a/2configs/cgit-retiolum.nix
+++ b/2configs/git/cgit-retiolum.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
# TODO: remove tv lib :)
-with import ../../tv/4lib { inherit lib pkgs; };
+with import ../../../tv/4lib { inherit lib pkgs; };
let
repos = priv-repos // krebs-repos ;
@@ -63,11 +63,11 @@ in {
imports = [{
krebs.users.makefu-omo = {
name = "makefu-omo" ;
- pubkey= with builtins; readFile ../../krebs/Zpubkeys/makefu_omo.ssh.pub;
+ pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub;
};
krebs.users.makefu-tsp = {
name = "makefu-tsp" ;
- pubkey= with builtins; readFile ../../krebs/Zpubkeys/makefu_tsp.ssh.pub;
+ pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;
};
}];
krebs.git = {
diff --git a/2configs/tp-x200.nix b/2configs/hw/tp-x200.nix
similarity index 100%
rename from 2configs/tp-x200.nix
rename to 2configs/hw/tp-x200.nix
diff --git a/2configs/tp-x220.nix b/2configs/hw/tp-x220.nix
similarity index 100%
rename from 2configs/tp-x220.nix
rename to 2configs/hw/tp-x220.nix
diff --git a/2configs/tp-x2x0.nix b/2configs/hw/tp-x2x0.nix
similarity index 100%
rename from 2configs/tp-x2x0.nix
rename to 2configs/hw/tp-x2x0.nix
diff --git a/3modules/default.nix b/3modules/default.nix
index 015f472..4178084 100644
--- a/3modules/default.nix
+++ b/3modules/default.nix
@@ -1,6 +1,6 @@
{ config, lib, ... }:
-with import ../../krebs/4lib { inherit lib; };
+with lib;
let
cfg = config.krebs;