makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'lass/master'

Browse source
This commit is contained in:
makefu 2018-01-06 21:27:05 +01:00
parent 149aad4cb7 acecab4292
commit 3aaab59b7f
No known key found for this signature in database
GPG key ID: 36F7711F3FC0F225
22 changed files with 106 additions and 79 deletions
jeschli
1systems
bln
config.nix
brauerei
config.nix
source.nix
krebs
1systems
hotdog
config.nix
wolf
config.nix
2configs
buildbot-all.nix
3modules
buildbot
slave.nix
tv
default.nix
5pkgs/simple/stockholm
default.nix
lass
1systems
daedalus
config.nix
dishfire
config.nix
mors
config.nix
prism
config.nix
2configs
IM.nixdns-stuff.nixrebuild-on-boot.nixsecurity-workarounds.nix
tv
1systems/wu
config.nix
2configs
default.nix
hw
w110er.nix
vim.nix
source.nix

12
jeschli/1systems/bln/config.nix
View file

@ -38,7 +38,7 @@
networking.hostName = "BLN02NB0154"; # Define your hostname.
networking.networkmanager.enable = true;
#networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Select internationalisation properties.
# i18n = {
@ -54,7 +54,11 @@
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
nixpkgs.config.allowUnfree = true;
environment.shellAliases = { n = "nix-shell"; };
environment.shellAliases = {
n = "nix-shell";
gd = "cd /home/markus/go/src/gitlab.dcso.lolcat";
gh = "cd /home/markus/go/src/github.com";
};
environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
environment.systemPackages = with pkgs; [
# system helper
@ -62,6 +66,7 @@
copyq
dmenu
git
tig
i3lock
keepass
networkmanagerapplet
@ -72,6 +77,8 @@
rxvt_unicode
# editors
emacs
# databases
sqlite
# internet
thunderbird
hipchat
@ -91,6 +98,7 @@
jetbrains.pycharm-professional
jetbrains.webstorm
jetbrains.goland
jetbrains.datagrip
texlive.combined.scheme-full
pandoc
redis

2
jeschli/1systems/brauerei/config.nix
View file

@ -96,7 +96,7 @@
# Enable the X11 windowing system.
services.xserver.enable = true;
# services.xserver.layout = "us";
services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.

2
jeschli/source.nix
View file

@ -10,7 +10,7 @@ in
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "f9390d6";
ref = "d83c808";
};
secrets.file = getAttr builder {
buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>;

5
krebs/1systems/hotdog/config.nix
View file

@ -20,10 +20,5 @@
boot.isContainer = true;
networking.useDHCP = false;
krebs.repo-sync.repos.stockholm.timerConfig = {
OnBootSec = "5min";
OnUnitInactiveSec = "2min";
RandomizedDelaySec = "2min";
};
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
}

1
krebs/1systems/wolf/config.nix
View file

@ -10,7 +10,6 @@ in
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
<stockholm/krebs/2configs/collectd-base.nix>
<stockholm/krebs/2configs/stats/wolf-client.nix>
<stockholm/krebs/2configs/save-diskspace.nix>
<stockholm/krebs/2configs/graphite.nix>
<stockholm/krebs/2configs/buildbot-krebs.nix>

4
krebs/2configs/buildbot-all.nix
View file

@ -1,10 +1,6 @@
with import <stockholm/lib>;
{ lib, config, pkgs, ... }:
{
imports = [
<stockholm/krebs/2configs/repo-sync.nix>
];
networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
krebs.ci.enable = true;
krebs.ci.treeStableTimer = 1;

2
krebs/3modules/buildbot/slave.nix
View file

@ -161,7 +161,7 @@ let
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
set -efux
#remove garbage from old versions
rm -r ${workdir}
rm -rf ${workdir}
mkdir -p ${workdir}/info
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
echo ${contact} > ${workdir}/info/admin

18
krebs/3modules/tv/default.nix
View file

@ -201,24 +201,6 @@ with import <stockholm/lib>;
};
};
};
schnabeldrucker = {
external = true;
nets = {
gg23 = {
ip4.addr = "10.23.1.21";
aliases = ["schnabeldrucker.gg23"];
};
};
};
schnabelscanner = {
external = true;
nets = {
gg23 = {
ip4.addr = "10.23.1.22";
aliases = ["schnabelscanner.gg23"];
};
};
};
wu = {
ci = true;
cores = 4;

23
krebs/5pkgs/simple/stockholm/default.nix
View file

@ -92,6 +92,17 @@
-I "$target_path"
'');
cmds.get-version = pkgs.writeDash "get-version" ''
set -efu
hostname=''${HOSTNAME-$(${pkgs.nettools}/bin/hostname)}
version=git.$(${pkgs.git}/bin/git describe --always --dirty)
case $version in (*-dirty)
version=$version@$hostname
esac
date=$(${pkgs.coreutils}/bin/date +%y.%m)
echo "$date.$version"
'';
cmds.install = pkgs.withGetopt {
force-populate = { default = /* sh */ "false"; switch = true; };
quiet = { default = /* sh */ "false"; switch = true; };
@ -205,7 +216,7 @@
init.env = pkgs.writeText "init.env" /* sh */ ''
export HOSTNAME="$(${pkgs.nettools}/bin/hostname)"
export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}"
export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${cmds.get-version})}"
export quiet
export system
@ -274,16 +285,6 @@
fi
'';
shell.get-version = pkgs.writeDash "stockholm.get-version" ''
set -efu
version=git.$(${pkgs.git}/bin/git describe --always --dirty)
case $version in (*-dirty)
version=$version@$HOSTNAME
esac
date=$(${pkgs.coreutils}/bin/date +%y.%m)
echo "$date.$version"
'';
in
pkgs.writeOut "stockholm" (lib.mapAttrs' (name: link:

1
lass/1systems/daedalus/config.nix
View file

@ -41,6 +41,7 @@ with import <stockholm/lib>;
skype
wine
];
nixpkgs.config.firefox.enableAdobeFlash = true;
services.xserver.enable = true;
services.xserver.displayManager.lightdm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;

1
lass/1systems/dishfire/config.nix
View file

@ -43,6 +43,7 @@
networking.dhcpcd.allowInterfaces = [
"enp*"
"eth*"
"ens*"
];
}
{

4
lass/1systems/mors/config.nix
View file

@ -70,10 +70,6 @@ with import <stockholm/lib>;
pkgs.ovh-zone
];
}
{
#ps vita stuff
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
}
{
services.tor = {
enable = true;

16
lass/1systems/prism/config.nix
View file

@ -184,14 +184,17 @@ in {
}
{
#hotdog
systemd.services."container@hotdog".reloadIfChanged = mkForce false;
containers.hotdog = {
config = { ... }: {
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
autoStart = true;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.1";
@ -200,8 +203,10 @@ in {
}
{
#kaepsele
systemd.services."container@kaepsele".reloadIfChanged = mkForce false;
containers.kaepsele = {
config = { ... }: {
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
@ -209,6 +214,7 @@ in {
tv.pubkey
];
};
autoStart = true;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.3";
@ -217,8 +223,10 @@ in {
}
{
#onondaga
systemd.services."container@onondaga".reloadIfChanged = mkForce false;
containers.onondaga = {
config = { ... }: {
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
@ -226,6 +234,7 @@ in {
config.krebs.users.nin.pubkey
];
};
autoStart = true;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.5";
@ -302,6 +311,13 @@ in {
}
];
}
{
krebs.repo-sync.repos.stockholm.timerConfig = {
OnBootSec = "5min";
OnUnitInactiveSec = "2min";
RandomizedDelaySec = "2min";
};
}
];
krebs.build.host = config.krebs.hosts.prism;

15
lass/2configs/IM.nix
View file

@ -20,6 +20,17 @@ let
'';
in {
services.bitlbee = {
enable = true;
portNumber = 6666;
plugins = [
pkgs.bitlbee-facebook
pkgs.bitlbee-steam
pkgs.bitlbee-discord
];
libpurple_plugins = [ pkgs.telegram-purple ];
};
users.extraUsers.chat = {
home = "/home/chat";
uid = genid "chat";
@ -46,6 +57,10 @@ in {
restartIfChanged = false;
path = [
pkgs.rxvt_unicode.terminfo
];
serviceConfig = {
User = "chat";
RemainAfterExit = true;

22
lass/2configs/dns-stuff.nix
View file

@ -11,24 +11,6 @@ with import <stockholm/lib>;
key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C";
};
};
services.dnsmasq = {
enable = true;
resolveLocalQueries = false;
extraConfig = ''
server=127.1.0.1
#no-resolv
cache-size=1000
min-cache-ttl=3600
bind-dynamic
all-servers
dnssec
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
rebind-domain-ok=/onion/
server=/.onion/127.0.0.1#9053
port=53
'';
};
networking.extraResolvconfConf = ''
name_servers='127.0.0.1'
'';
services.resolved.enable = true;
services.resolved.fallbackDns = [ "127.1.0.1" ];
}

18
lass/2configs/rebuild-on-boot.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
systemd.services.rebuild-on-boot = {
wantedBy = [ "multi-user.target" ];
environment = {
NIX_REMOTE = "daemon";
HOME = "/var/empty";
};
serviceConfig = {
ExecStart = pkgs.writeScript "rebuild" ''
#!${pkgs.bash}/bin/bash
(/run/current-system/sw/bin/nixos-rebuild -I /var/src switch) &
'';
ExecStop = "${pkgs.coreutils}/bin/sleep 10";
};
};
}

2
lass/2configs/security-workarounds.nix
View file

@ -5,4 +5,6 @@ with import <stockholm/lib>;
boot.extraModprobeConfig = ''
install dccp /run/current-system/sw/bin/false
'';
boot.kernelPackages = pkgs.linuxPackages_latest;
}

6
tv/1systems/wu/config.nix
View file

@ -44,12 +44,6 @@ with import <stockholm/lib>;
};
};
krebs.nixpkgs.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name;
hardware.bumblebee.enable = true;
hardware.bumblebee.group = "video";
hardware.enableRedistributableFirmware= true;
hardware.opengl.driSupport32Bit = true;
services.printing.enable = true;
services.udev.extraRules = ''

2
tv/2configs/default.nix
View file

@ -1,6 +1,8 @@
with import <stockholm/lib>;
{ config, pkgs, ... }: {
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.tmpOnTmpfs = true;
krebs.enable = true;

17
tv/2configs/hw/w110er.nix
View file

@ -1,8 +1,20 @@
with import <stockholm/lib>;
{ pkgs, ... }:
{
imports = [
../smartd.nix
{
# nvidia doesn't build despite
# https://github.com/NixOS/nixpkgs/issues/33284
#hardware.bumblebee.enable = true;
#hardware.bumblebee.group = "video";
#hardware.enableRedistributableFirmware= true;
#krebs.nixpkgs.allowUnfreePredicate = pkg:
# hasPrefix "nvidia-x11-" pkg.name ||
# hasPrefix "nvidia-persistenced-" pkg.name ||
# hasPrefix "nvidia-settings-" pkg.name;
}
];
boot.extraModprobeConfig = ''
@ -15,6 +27,7 @@
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
hardware.opengl.driSupport32Bit = true;
hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
networking.wireless.enable = true;
@ -41,4 +54,8 @@
echo auto > $i/power/control # defaults to 'on'
done)
'';
services.xserver = {
videoDriver = "intel";
};
}

2
tv/2configs/vim.nix
View file

@ -233,7 +233,7 @@ let {
lua = {};
sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
sh.extraStart = concatStringsSep ''\|'' [
''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''
''write\(A\|Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''
''[a-z]*Phase[ \t\r\n]*=''
];
yaml = {};

10
tv/source.nix
View file

@ -1,8 +1,10 @@
with import <stockholm/lib>;
host@{ name, secure ? false, override ? {} }: let
builder = if getEnv "dummy_secrets" == "true"
then "buildbot"
else "tv";
{ name
, dummy_secrets ? getEnv "dummy_secrets" == "true"
, override ? {}
, secure ? false
}@host: let
builder = if dummy_secrets then "buildbot" else "tv";
_file = <stockholm> + "/tv/1systems/${name}/source.nix";
in
evalSource (toString _file) [