makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'gum/master'

Browse source
This commit is contained in:
lassulus 2017-04-11 21:50:29 +02:00
parent 575a37f00e 9224e9c4c8
commit 1f317b8a1a
8 changed files with 57 additions and 43 deletions
krebs/3modules/makefu
default.nix
makefu
1systems
gum.nixwry.nix
2configs
bepasty-dual.nixdefault.nix
deployment
graphs.nix
urlwatch.nix
5pkgs/awesomecfg
default.nix

23
krebs/3modules/makefu/default.nix
View file

@ -285,12 +285,9 @@ with import <stockholm/lib>;
cores = 1;
extraZones = {
"krebsco.de" = ''
euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
wry IN A ${nets.internet.ip4.addr}
io IN NS wry.krebsco.de.
graphs IN A ${nets.internet.ip4.addr}
tinc IN A ${nets.internet.ip4.addr}
wry IN A ${nets.internet.ip4.addr}
io IN NS wry.krebsco.de.
tinc IN A ${nets.internet.ip4.addr}
'';
};
nets = rec {
@ -307,13 +304,8 @@ with import <stockholm/lib>;
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
aliases = [
"graphs.wry.retiolum"
"graphs.r" "graphs.retiolum"
"paste.wry.retiolum"
"wry.r" "wry.retiolum"
"wiki.makefu.retiolum"
"wiki.wry.retiolum"
"blog.makefu.retiolum"
"blog.wry.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@ -452,6 +444,9 @@ with import <stockholm/lib>;
cgit.euer IN A ${nets.internet.ip4.addr}
o.euer IN A ${nets.internet.ip4.addr}
dl.euer IN A ${nets.internet.ip4.addr}
euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
graphs IN A ${nets.internet.ip4.addr}
'';
};
nets = rec {
@ -473,6 +468,12 @@ with import <stockholm/lib>;
"o.gum.retiolum"
"tracker.makefu.r"
"tracker.makefu.retiolum"
"graphs.r" "graphs.retiolum"
"wiki.makefu.retiolum"
"wiki.wry.retiolum"
"blog.makefu.retiolum"
"blog.wry.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----

3
makefu/1systems/gum.nix
View file

@ -29,9 +29,12 @@ in {
../2configs/deployment/owncloud.nix
../2configs/nginx/share-download.nix
../2configs/nginx/euer.test.nix
../2configs/nginx/euer.wiki.nix
../2configs/nginx/euer.blog.nix
../2configs/nginx/public_html.nix
../2configs/nginx/update.connector.one.nix
../2configs/deployment/mycube.connector.one.nix
../2configs/deployment/graphs.nix
# ../2configs/opentracker.nix
../2configs/logging/central-stats-client.nix

27
makefu/1systems/wry.nix
View file

@ -19,8 +19,6 @@ in {
../2configs/backup.nix
# other nginx
../2configs/nginx/euer.wiki.nix
../2configs/nginx/euer.blog.nix
# ../2configs/nginx/euer.test.nix
# collectd
@ -36,31 +34,6 @@ in {
# prepare graphs
services.nginx.enable = true;
krebs.retiolum-bootstrap.enable = true;
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
if ( $server_addr = "${external-ip}" ) {
return 403;
}
'';
krebs.tinc_graphs = {
enable = true;
nginx = {
enable = true;
# TODO: remove hard-coded hostname
complete = {
extraConfig = ''
if ( $server_addr = "${external-ip}" ) {
return 403;
}
'';
serverAliases = [ "graphs.r" "graphs.retiolum" "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ];
};
anonymous = {
enableSSL = true;
forceSSL = true;
enableACME = true;
};
};
};
networking = {
firewall = {

6
makefu/2configs/bepasty-dual.nix
View file

@ -14,7 +14,7 @@ with import <stockholm/lib>;
let
sec = toString <secrets>;
# secKey is nothing worth protecting on a local machine
secKey = import <secrets/bepasty-secret.nix>;
secKey = "${secrets}/bepasty-secret";
acmepath = "/var/lib/acme/";
acmechall = acmepath + "/challenges/";
ext-dom = "paste.krebsco.de" ;
@ -31,7 +31,7 @@ in {
serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
};
defaultPermissions = "admin,list,create,read,delete";
secretKey = secKey;
secretKeyFile = secKey;
};
"${ext-dom}" = {
@ -41,7 +41,7 @@ in {
enableACME = true;
};
defaultPermissions = "read";
secretKey = secKey;
secretKeyFile = secKey;
};
};
};

2
makefu/2configs/default.nix
View file

@ -22,7 +22,7 @@ with import <stockholm/lib>;
user = config.krebs.users.makefu;
source = let
inherit (config.krebs.build) host user;
ref = "3ff00fa"; # unstable @ 2017-03-31 + cups-dymo
ref = "2982661"; # unstable @ 2017-03-31 + cups-dymo + snapraid-11.1
in {
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
{

37
makefu/2configs/deployment/graphs.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
hn = config.krebs.build.host.name;
in {
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
if ( $server_addr = "${external-ip}" ) {
return 403;
}
'';
krebs.tinc_graphs = {
enable = true;
nginx = {
enable = true;
# TODO: remove hard-coded hostname
complete = {
extraConfig = ''
if ( $server_addr = "${external-ip}" ) {
return 403;
}
'';
serverAliases = [
"graphs.r" "graphs.retiolum"
"graphs.${hn}" "graphs.${hn}.retiolum"
];
};
anonymous = {
enableSSL = true;
forceSSL = true;
enableACME = true;
};
};
};
}

1
makefu/2configs/urlwatch.nix
View file

@ -9,7 +9,6 @@
## nixpkgs maintenance
https://api.github.com/repos/ovh/python-ovh/tags
https://api.github.com/repos/embray/d2to1/tags
http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release
https://api.github.com/repos/Mic92/vicious/tags
https://pypi.python.org/simple/bepasty/
https://pypi.python.org/simple/xstatic/

1
makefu/5pkgs/awesomecfg/default.nix
View file

@ -1,6 +1,7 @@
_:
{
# TODO: requires in path: amixer, xlock, xbacklight
full = ./full.cfg;
kiosk = ./kiosk.lua;
}