diff --git a/1systems/makefu/pnp.nix b/1systems/makefu/pnp.nix
index 51f5bb00c..f98cd5276 100644
--- a/1systems/makefu/pnp.nix
+++ b/1systems/makefu/pnp.nix
@@ -9,7 +9,10 @@
[ # Include the results of the hardware scan.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../../2configs/makefu/base.nix
+ ../../3modules/krebs/retiolum.nix
+ ../../2configs/makefu/cgit-retiolum.nix
];
+ krebs.enable = true;
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
@@ -20,19 +23,32 @@
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
+ # networking.firewall is enabled by default
+ networking.firewall.allowedTCPPorts = [ 80 ];
+
fileSystems."/" =
{ device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
+ krebs.retiolum = {
+ enable = true;
+ hosts = ../../Zhosts;
+ connectTo = [
+ "gum"
+ "pigstarter"
+ "fastpoke"
+ ];
+ };
nix.maxJobs = 1;
networking.hostName = "pnp"; # Define your hostname.
# $ nix-env -qaP | grep wget
- environment.systemPackages = with pkgs; [
+ environment.systemPackages = with pkgs; [
wget
git
gnumake
- ];
+ jq
+ ];
}
diff --git a/2configs/makefu/cgit-retiolum.nix b/2configs/makefu/cgit-retiolum.nix
new file mode 100644
index 000000000..d5ad35fda
--- /dev/null
+++ b/2configs/makefu/cgit-retiolum.nix
@@ -0,0 +1,52 @@
+{ config, lib, pkgs, ... }:
+with import ../../4lib/tv { inherit lib pkgs; };
+let
+
+ out = {
+ imports = [ ../../3modules/krebs/git.nix ];
+ krebs.git = {
+ enable = true;
+ root-title = "public repositories ";
+ root-desc = "keep calm and enrage";
+ inherit repos rules ;
+ };
+ };
+
+ repos = public-repos;
+ rules = concatMap make-rules (attrValues repos);
+
+ public-repos = mapAttrs make-public-repo {
+ stockholm = {
+ desc = "take all the computers hostage, they'll love you!";
+ };
+ };
+
+ # TODO move users to separate module
+
+ make-public-repo = name: { desc ? null, ... }: {
+ inherit name desc;
+ public = true;
+ hooks = {
+ post-receive = git.irc-announce {
+ nick = config.networking.hostName;
+ channel = "#retiolum";
+ server = "cd.retiolum";
+ };
+ };
+ };
+
+ make-rules =
+ with git // config.krebs.users;
+ repo:
+ singleton {
+ user = makefu;
+ repo = [ repo ];
+ perm = push "refs/*" [ non-fast-forward create delete merge ];
+ } ++
+ optional repo.public {
+ user = [ lass tv uriel ];
+ repo = [ repo ];
+ perm = fetch;
+ };
+
+in out
diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix
index 4da2d7fa2..999e68da2 100644
--- a/3modules/krebs/default.nix
+++ b/3modules/krebs/default.nix
@@ -49,10 +49,34 @@ let
makefu-imp = {
hosts = addNames {
+ pnp = {
+ cores = 1;
+ dc = "makefu"; #vm on 'omo'
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.0.210"];
+ addrs6 = ["42:f9f1:0000:0000:0000:0000:0000:0001"];
+ aliases = [
+ "pnp.retiolum"
+ "cgit.pnp.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAugkgEK4iy2C5+VZHwhjj/q3IOhhazE3TYHuipz37KxHWX8ZbjH+g
+ Ewtm79dVysujAOX8ZqV8nD8JgDAvkIZDp8FCIK0/rgckhpTsy1HVlHxa7ECrOS8V
+ pGz4xOxgcPFRbv5H2coHtbnfQc4GdA5fcNedQ3BP3T2Tn7n/dbbVs30bOP5V0EMR
+ SqZwNmtqaDQxOvjpPg9EoHvAYTevrpbbIst9UzCyvmNli9R+SsiDrzEPgB7zOc4T
+ TG12MT+XQr6JUu4jPpzdhb6H/36V6ADCIkBjzWh0iSfWGiFDQFinD+YSWbA1NOTr
+ Qtd1I3Ov+He7uc2Z719mb0Og2kCGnCnPIwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
};
users = addNames {
makefu = {
- pubkey = readFile ../../Zpubkeys/makefu.ssh.pub;
+ pubkey = readFile ../../Zpubkeys/makefu_arch.ssh.pub;
};
};
};
diff --git a/3modules/makefu/default.nix b/3modules/makefu/default.nix
new file mode 100644
index 000000000..45ca8c3eb
--- /dev/null
+++ b/3modules/makefu/default.nix
@@ -0,0 +1,19 @@
+{ config, lib, ... }:
+
+with import ../../4lib/krebs { inherit lib; };
+let
+ cfg = config.krebs;
+
+ out = {
+ imports = [
+ ];
+ options.krebs = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = { };
+
+ imp = { };
+
+in
+out