makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions 1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'cloudkrebs/master'

Browse source
This commit is contained in:
makefu 2015-10-23 15:38:01 +02:00
parent 709ebf6bbc 93dcfe5ad6
commit a1d05482e5
41 changed files with 751 additions and 270 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
default.nix
View file

@ -17,7 +17,8 @@
{ current-date ? abort "current-date not defined" { current-date ? abort "current-date not defined"
, current-host-name ? abort "current-host-name not defined" , current-host-name ? abort "current-host-name not defined"
, current-user-name ? builtins.getEnv "LOGNAME" , current-user-name ? builtins.getEnv "LOGNAME"
}@current: , StrictHostKeyChecking ? "yes"
}@args:
let stockholm = { let stockholm = {
# The generated scripts to deploy (or infest) systems can be found in the # The generated scripts to deploy (or infest) systems can be found in the
@ -44,11 +45,25 @@ let stockholm = {
# Additionally, output lib and pkgs for easy access from the shell. # Additionally, output lib and pkgs for easy access from the shell.
# Notice how we're evaluating just the base module to obtain pkgs. # Notice how we're evaluating just the base module to obtain pkgs.
inherit lib; inherit lib;
inherit (eval {}) pkgs; inherit pkgs;
}; };
krebs = import ./krebs (current // { inherit stockholm; }); krebs = import ./krebs (args // { inherit lib stockholm; });
inherit (krebs) lib;
lib =
let
lib = import <nixpkgs/lib>;
klib = import ./krebs/4lib { inherit lib; };
#ulib = import (./. + "/${current-user-name}/4lib") { lib = lib // klib; };
ulib = {}; # TODO
in
builtins // lib // klib // ulib // rec {
# TODO move this stuff
stockholm-path = ./.;
nspath = ns: p: stockholm-path + "/${ns}/${p}";
};
inherit (eval {}) pkgs;
# Path resolvers for common and individual files. # Path resolvers for common and individual files.
# Example: `upath "3modules"` produces the current user's 3modules directory # Example: `upath "3modules"` produces the current user's 3modules directory
@ -65,8 +80,8 @@ let stockholm = {
let let
# Notice the ordering. Krebs packages can only depend on Nixpkgs, # Notice the ordering. Krebs packages can only depend on Nixpkgs,
# whereas user packages additionally can depend on krebs packages. # whereas user packages additionally can depend on krebs packages.
kpkgs = import (kpath "5pkgs") { inherit pkgs; }; kpkgs = import (kpath "5pkgs") { inherit lib pkgs; };
upkgs = import (upath "5pkgs") { pkgs = pkgs // kpkgs; }; upkgs = import (upath "5pkgs") { inherit lib; pkgs = pkgs // kpkgs; };
in in
kpkgs // upkgs; kpkgs // upkgs;
}; };
@ -76,8 +91,10 @@ let stockholm = {
# packages and modules on top of NixOS. Some of this stuff might become # packages and modules on top of NixOS. Some of this stuff might become
# useful to a broader audience, at which point it should probably be merged # useful to a broader audience, at which point it should probably be merged
# and pull-requested for inclusion into NixOS/nixpkgs. # and pull-requested for inclusion into NixOS/nixpkgs.
# TODO provide krebs lib, so modules don't have to import it awkwardly
eval = config: import <nixpkgs/nixos/lib/eval-config.nix> { eval = config: import <nixpkgs/nixos/lib/eval-config.nix> {
specialArgs = {
inherit lib;
};
modules = [ modules = [
base-module base-module
config config

2
krebs/3modules/build.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
with import ../4lib { inherit lib; }; with lib;
let let
target = config.krebs.build // { user.name = "root"; }; target = config.krebs.build // { user.name = "root"; };

2
krebs/3modules/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
with import ../4lib { inherit lib; }; with lib;
let let
cfg = config.krebs; cfg = config.krebs;

2
krebs/3modules/git.nix
View file

@ -6,7 +6,7 @@
# TODO when authorized_keys changes, then restart ssh # TODO when authorized_keys changes, then restart ssh
# (or kill already connected users somehow) # (or kill already connected users somehow)
with import ../4lib { inherit lib; }; with lib;
let let
cfg = config.krebs.git; cfg = config.krebs.git;

3
krebs/3modules/github-hosts-sync.nix
View file

@ -1,7 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with builtins; with lib;
with import ../4lib { inherit lib; };
let let
cfg = config.krebs.github-hosts-sync; cfg = config.krebs.github-hosts-sync;

62
krebs/3modules/lass/default.nix
View file

@ -1,8 +1,36 @@
{ lib, ... }: { lib, ... }:
with import ../../4lib { inherit lib; }; with lib;
{ let
testHosts = lib.genAttrs [
"test-arch"
"test-centos6"
"test-centos7"
] (name: {
inherit name;
cores = 1;
nets = {
retiolum = {
addrs4 = ["10.243.111.111"];
addrs6 = ["42:0:0:0:0:0:0:7357"];
aliases = [
"test.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAy41YKF/wpHLnN370MSdnAo63QUW30aw+6O79cnaJyxoL6ZQkk4Nd
mrX2tBIfb2hhhgm4Jecy33WVymoEL7EiRZ6gshJaYwte51Jnrac6IFQyiRGMqHY5
TG/6IzzTOkeQrT1fw3Yfh0NRfqLBZLr0nAFoqgzIVRxvy+QO1gCU2UDKkQ/y5df1
K+YsMipxU08dsOkPkmLdC/+vDaZiEdYljIS3Omd+ED5JmLM3MSs/ZPQ8xjkjEAy8
QqD9/67bDoeXyg1ZxED2n0+aRKtU/CK/66Li//yev6yv38OQSEM4t/V0dr9sjLcY
VIdkxKf96F9r3vcDf/9xw2HrqVoy+D5XYQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
});
in {
hosts = addNames { hosts = addNames {
echelon = { echelon = {
cores = 4; cores = 4;
@ -104,7 +132,11 @@ with import ../../4lib { inherit lib; };
uriel = { uriel = {
cores = 1; cores = 1;
dc = "lass"; dc = "lass";
nets = rec { nets = {
gg23 = {
addrs4 = ["10.23.1.12"];
aliases = ["uriel.gg23"];
};
retiolum = { retiolum = {
addrs4 = ["10.243.81.176"]; addrs4 = ["10.243.81.176"];
addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"]; addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"];
@ -131,7 +163,11 @@ with import ../../4lib { inherit lib; };
mors = { mors = {
cores = 2; cores = 2;
dc = "lass"; dc = "lass";
nets = rec { nets = {
gg23 = {
addrs4 = ["10.23.1.11"];
aliases = ["mors.gg23"];
};
retiolum = { retiolum = {
addrs4 = ["10.243.0.2"]; addrs4 = ["10.243.0.2"];
addrs6 = ["42:0:0:0:0:0:0:dea7"]; addrs6 = ["42:0:0:0:0:0:0:dea7"];
@ -155,8 +191,24 @@ with import ../../4lib { inherit lib; };
ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
}; };
schnabel-ap = {
nets = {
gg23 = {
addrs4 = ["10.23.1.20"];
aliases = ["schnabel-ap.gg23"];
};
};
};
Reichsfunk-ap = {
nets = {
gg23 = {
addrs4 = ["10.23.1.10"];
aliases = ["Reichsfunk-ap.gg23"];
};
};
};
}; } // testHosts;
users = addNames { users = addNames {
lass = { lass = {
pubkey = readFile ../../Zpubkeys/lass.ssh.pub; pubkey = readFile ../../Zpubkeys/lass.ssh.pub;

2
krebs/3modules/makefu/default.nix
View file

@ -1,6 +1,6 @@
{ lib, ... }: { lib, ... }:
with import ../../4lib { inherit lib; }; with lib;
{ {
hosts = addNames { hosts = addNames {

5
krebs/3modules/tv/default.nix
View file

@ -1,6 +1,6 @@
{ lib, ... }: { lib, ... }:
with import ../../4lib { inherit lib; }; with lib;
{ {
dns.providers = { dns.providers = {
@ -65,7 +65,7 @@ with import ../../4lib { inherit lib; };
dc = "tv"; #dc = "cac"; dc = "tv"; #dc = "cac";
nets = rec { nets = rec {
internet = { internet = {
addrs4 = ["104.233.84.215"]; addrs4 = ["104.167.114.142"];
aliases = [ aliases = [
"mkdir.internet" "mkdir.internet"
]; ];
@ -231,6 +231,7 @@ with import ../../4lib { inherit lib; };
addrs6 = ["42:0:0:0:0:0:0:1337"]; addrs6 = ["42:0:0:0:0:0:0:1337"];
aliases = [ aliases = [
"wu.retiolum" "wu.retiolum"
"cgit.wu.retiolum"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----

2
krebs/4lib/default.nix
View file

@ -3,8 +3,6 @@
with builtins; with builtins;
with lib; with lib;
builtins //
lib //
rec { rec {
eq = x: y: x == y; eq = x: y: x == y;

2
krebs/4lib/infest/finalize.sh
View file

@ -3,8 +3,8 @@ set -eux
{ {
umount /mnt/nix umount /mnt/nix
umount /mnt/root umount /mnt/root
umount /boot || :
umount /mnt/boot umount /mnt/boot
umount /boot || :
umount /mnt umount /mnt
coreutils_path=$(set +f; for i in /nix/store/*coreutils*/bin; do :; done; echo $i) coreutils_path=$(set +f; for i in /nix/store/*coreutils*/bin; do :; done; echo $i)

7
krebs/4lib/infest/prepare.sh
View file

@ -18,6 +18,13 @@ prepare() {(
esac esac
;; ;;
esac esac
elif test -e /etc/centos-release; then
case $(cat /etc/centos-release) in
'CentOS release 6.5 (Final)')
prepare_centos "$@"
exit
;;
esac
fi fi
echo "$0 prepare: unknown OS" >&2 echo "$0 prepare: unknown OS" >&2
exit -1 exit -1

5
krebs/5pkgs/default.nix
View file

@ -1,7 +1,6 @@
{ pkgs, ... }: { lib, pkgs, ... }:
with import ../4lib { inherit (pkgs) lib; };
with lib;
let let
subdirs = mapAttrs (_: flip pkgs.callPackage {}) (subdirsOf ./.); subdirs = mapAttrs (_: flip pkgs.callPackage {}) (subdirsOf ./.);
pkgs' = pkgs // subdirs; pkgs' = pkgs // subdirs;

149
krebs/default.nix
View file

@ -1,14 +1,16 @@
{ current-date { current-date
, current-host-name , current-host-name
, current-user-name , current-user-name
, lib
, stockholm , stockholm
, StrictHostKeyChecking ? "yes"
}: }:
let out = { let out = {
inherit deploy; inherit deploy;
inherit infest; inherit infest;
inherit init; inherit init;
inherit lib; inherit nixos-install;
}; };
deploy = deploy =
@ -23,7 +25,7 @@ let out = {
set -efu set -efu
(${populate args}) (${populate args})
${rootssh target '' ${rootssh target ''
${install args} ${nix-install args}
${config.krebs.build.profile}/bin/switch-to-configuration switch ${config.krebs.build.profile}/bin/switch-to-configuration switch
''} ''}
echo OK echo OK
@ -39,63 +41,14 @@ let out = {
# krebs.infest # krebs.infest
set -efu set -efu
# XXX type -p is non-standard ${rootssh target ''
#export RSYNC_RSH; RSYNC_RSH="$(type -p ssh) \
# -o 'HostName $ {target.host.infest.addr}' \
# -o 'Port $ {toString target.host.infest.port}' \
#"
#ssh() {
# eval "$RSYNC_RSH \"\$@\""
#}
${lib.rootssh target ''
${builtins.readFile ./4lib/infest/prepare.sh} ${builtins.readFile ./4lib/infest/prepare.sh}
${builtins.readFile ./4lib/infest/install-nix.sh} ${builtins.readFile ./4lib/infest/install-nix.sh}
''} ''}
(${lib.populate args}) (${nixos-install args})
${lib.rootssh target ''
export PATH; PATH=/root/.nix-profile/bin:$PATH
src=$(type -p nixos-install)
cat_src() {
sed < "$src" "$(
{ sed < "$src" -n '
/^if ! test -e "\$mountPoint\/\$NIXOS_CONFIG/,/^fi$/=
/^nixpkgs=/=
/^NIX_PATH=/,/^$/{/./=}
# Disable: Copy the NixOS/Nixpkgs sources to the target as
# the initial contents of the NixOS channel.
/^srcs=/,/^ln -sfn /=
'
} | sed 's:$:s/^/#krebs#/:'
)"
}
# Location to insert install
i=$(sed -n '/^echo "building the system configuration/=' "$src")
{
cat_src | sed -n "1,$i{p}"
cat ${lib.doc (install args)}
cat_src | sed -n "$i,\''${$i!p}"
} > nixos-install
chmod +x nixos-install
## Wrap inserted install into chroot.
#nix_env=$(cat_src | sed -n '
# s:.*\(/nix/store/[a-z0-9]*-nix-[0-9.]\+/bin/nix-env\).*:\1:p;T;q
#')
#echo nix-env is $nix_env
#sed -i '
# s:^nix-env:chroot $mountPoint '"$nix_env"':
#' nixos-install
unset SSL_CERT_FILE
./nixos-install
${rootssh target ''
${builtins.readFile ./4lib/infest/finalize.sh} ${builtins.readFile ./4lib/infest/finalize.sh}
''} ''}
''; '';
@ -135,10 +88,74 @@ let out = {
EOF EOF
''; '';
lib = import ./4lib { lib = import <nixpkgs/lib>; } // rec { nixos-install =
stockholm-path = ../.; { system ? current-host-name
nspath = ns: p: stockholm-path + "/${ns}/${p}"; , target ? system
}; }@args: let
in ''
#! /bin/sh
# ${current-date} ${current-user-name}@${current-host-name}
# krebs.nixos-install
(${populate args})
${rootssh target ''
export PATH; PATH=/root/.nix-profile/bin:$PATH
src=$(type -p nixos-install)
cat_src() {
sed < "$src" "$(
{ sed < "$src" -n '
/^if ! test -e "\$mountPoint\/\$NIXOS_CONFIG/,/^fi$/=
/^nixpkgs=/=
/^NIX_PATH=/,/^$/{/./=}
# Disable: Copy the NixOS/Nixpkgs sources to the target as
# the initial contents of the NixOS channel.
/^srcs=/,/^ln -sfn /=
'
} | sed 's:$:s/^/#krebs#/:'
)"
}
# Location to insert `nix-install`
i=$(sed -n '/^echo "building the system configuration/=' "$src")
{
cat_src | sed -n "1,$i{p}"
cat ${doc (nix-install args)}
cat_src | sed -n "$i,\''${$i!p}"
} > nixos-install
chmod +x nixos-install
# Wrap inserted nix-install into chroot.
nix_env=$(cat_src | sed -n '
s:.*\(/nix/store/[a-z0-9]*-nix-[0-9.]\+/bin/nix-env\).*:\1:p;T;q
')
echo "nix-env is $nix_env" >&2
findpkg() {(
name=$1
path=$(find /nix/store \
-mindepth 1 -maxdepth 1 -type d -name '*-'"$name"'-*' \
| head -n 1 | sed s:^/mnt::)
if echo "$path" | grep .; then
echo "$name is $path" >&2
else
echo "Error: package not found: $name" >&2
exit 1
fi
)}
cacert=$(findpkg cacert)
coreutils=$(findpkg coreutils)
cp "$cacert"/etc/ssl/certs/ca-bundle.crt /mnt/root/SSL_CERT_FILE
env="$coreutils/bin/env SSL_CERT_FILE=/root/SSL_CERT_FILE"
sed -i '
s:^NIX_PATH=:chroot $mountPoint '"$env"' &:
s:^nix-env:'"$nix_env"':
' nixos-install
./nixos-install
''}
'';
doc = s: doc = s:
let b = "EOF${builtins.hashString "sha256" s}"; in let b = "EOF${builtins.hashString "sha256" s}"; in
@ -152,7 +169,7 @@ let out = {
stockholm.users.${current-user-name}.${system}.config stockholm.users.${current-user-name}.${system}.config
or (abort "unknown system: ${system}, user: ${current-user-name}"); or (abort "unknown system: ${system}, user: ${current-user-name}");
install = nix-install =
{ system ? current-host-name { system ? current-host-name
, target ? system , target ? system
}: }:
@ -203,11 +220,8 @@ let out = {
current-host = config.krebs.hosts.${current-host-name}; current-host = config.krebs.hosts.${current-host-name};
current-user = config.krebs.users.${current-user-name}; current-user = config.krebs.users.${current-user-name};
target-host = config.krebs.hosts.${system};
methods.dir = config: methods.dir = config:
let let
can-link = config.host.name == target-host.name;
can-push = config.host.name == current-host.name; can-push = config.host.name == current-host.name;
push-method = '' push-method = ''
rsync \ rsync \
@ -221,11 +235,11 @@ let out = {
${config.path}/ \ ${config.path}/ \
root@${target}:${config.target-path} root@${target}:${config.target-path}
''; '';
url = "file://${config.host.name}${config.path}";
in in
#if can-link then link-method else
if can-push then push-method else if can-push then push-method else
throw "cannot source ${url}"; let dir = "file://${config.host.name}${config.path}"; in
# /!\ revise this message when using more than just push-method
throw "No way to push ${dir} from ${current-host.name} to ${target}";
methods.git = config: methods.git = config:
rootssh target '' rootssh target ''
@ -251,7 +265,10 @@ let out = {
in out; in out;
rootssh = target: script: rootssh = target: script:
"ssh root@${target} -T ${doc '' let
flags = "-o StrictHostKeyChecking=${StrictHostKeyChecking}";
in
"ssh ${flags} root@${target} -T ${doc ''
set -efu set -efu
${script} ${script}
''}"; ''}";

23
lass/1systems/cloudkrebs.nix
View file

@ -27,30 +27,9 @@ in {
} }
{ {
nix.maxJobs = 1;
sound.enable = false; sound.enable = false;
} }
]; ];
krebs.build = { krebs.build.host = config.krebs.hosts.cloudkrebs;
user = config.krebs.users.lass;
host = config.krebs.hosts.cloudkrebs;
source = {
dir.secrets = {
host = config.krebs.hosts.mors;
path = "/home/lass/secrets/${config.krebs.build.host.name}";
};
dir.stockholm = {
host = config.krebs.hosts.mors;
path = "/home/lass/dev/stockholm";
};
};
};
networking.hostName = "cloudkrebs";
environment.systemPackages = [
pkgs.dic
];
} }

33
lass/1systems/echelon.nix
View file

@ -31,26 +31,23 @@ in {
} }
{ {
nix.maxJobs = 1;
sound.enable = false; sound.enable = false;
} }
{
imports = [
../3modules/dnsmasq.nix
];
lass.dnsmasq = {
enable = true;
config = ''
interface=retiolum
'';
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-i retiolum -p udp --dport 53"; target = "ACCEPT"; }
];
}
]; ];
krebs.build = { krebs.build.host = config.krebs.hosts.echelon;
user = config.krebs.users.lass;
host = config.krebs.hosts.echelon;
source = {
dir.secrets = {
host = config.krebs.hosts.mors;
path = "/home/lass/secrets/${config.krebs.build.host.name}";
};
dir.stockholm = {
host = config.krebs.hosts.mors;
path = "/home/lass/dev/stockholm";
};
};
};
networking.hostName = config.krebs.build.host.name;
} }

37
lass/1systems/mors.nix
View file

@ -2,7 +2,7 @@
{ {
imports = [ imports = [
../2configs/desktop-base.nix ../2configs/baseX.nix
../2configs/programs.nix ../2configs/programs.nix
../2configs/bitcoin.nix ../2configs/bitcoin.nix
../2configs/browsers.nix ../2configs/browsers.nix
@ -10,7 +10,6 @@
../2configs/pass.nix ../2configs/pass.nix
../2configs/virtualbox.nix ../2configs/virtualbox.nix
../2configs/elster.nix ../2configs/elster.nix
../2configs/urxvt.nix
../2configs/steam.nix ../2configs/steam.nix
../2configs/wine.nix ../2configs/wine.nix
../2configs/texlive.nix ../2configs/texlive.nix
@ -18,7 +17,6 @@
#../2configs/ircd.nix #../2configs/ircd.nix
../2configs/chromium-patched.nix ../2configs/chromium-patched.nix
../2configs/git.nix ../2configs/git.nix
#../../2configs/tv/synaptics.nix
../2configs/retiolum.nix ../2configs/retiolum.nix
../2configs/wordpress.nix ../2configs/wordpress.nix
../2configs/bitlbee.nix ../2configs/bitlbee.nix
@ -26,22 +24,8 @@
../2configs/skype.nix ../2configs/skype.nix
]; ];
krebs.build = { krebs.build.host = config.krebs.hosts.mors;
user = config.krebs.users.lass;
host = config.krebs.hosts.mors;
source = {
dir.secrets = {
host = config.krebs.hosts.mors;
path = "/home/lass/secrets/${config.krebs.build.host.name}";
};
dir.stockholm = {
host = config.krebs.hosts.mors;
path = "/home/lass/dev/stockholm";
};
};
};
networking.hostName = "mors";
networking.wireless.enable = true; networking.wireless.enable = true;
networking.extraHosts = '' networking.extraHosts = ''
@ -52,8 +36,6 @@
10.243.206.102 apanowicz.de 10.243.206.102 apanowicz.de
''; '';
nix.maxJobs = 4;
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -159,11 +141,6 @@
emulateWheel = true; emulateWheel = true;
}; };
#system.activationScripts.trackpoint = ''
# echo 0 > '/sys/devices/platform/i8042/serio1/serio2/speed'
# echo 220 > '/sys/devices/platform/i8042/serio1/serio2/sensitivity'
#'';
services.xserver = { services.xserver = {
videoDriver = "intel"; videoDriver = "intel";
vaapiDrivers = [ pkgs.vaapiIntel ]; vaapiDrivers = [ pkgs.vaapiIntel ];
@ -210,9 +187,19 @@
]; ];
}; };
}; };
#touchpad config #touchpad config
services.xserver.synaptics = { services.xserver.synaptics = {
enable = true; enable = true;
accelFactor = "0.035";
additionalOptions = ''
Option "FingerHigh" "60"
Option "FingerLow" "60"
'';
tapButtons = false; tapButtons = false;
twoFingerScroll = true;
}; };
#for google hangout
users.extraUsers.gm.extraGroups = [ "audio" "video" ];
} }

36
lass/1systems/test-arch.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, lib, pkgs, ... }:
let
inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
inherit (lib) head;
in {
imports = [
../2configs/base.nix
{
boot.loader.grub = {
device = "/dev/sda";
splashImage = null;
};
boot.initrd.availableKernelModules = [
"ata_piix"
"vmw_pvscsi"
];
fileSystems."/" = {
device = "/dev/sda1";
};
}
{
networking.dhcpcd.allowInterfaces = [
"enp*"
];
}
{
sound.enable = false;
}
];
krebs.build.host = config.krebs.hosts.test-arch;
}

30
lass/1systems/test-centos6.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, lib, pkgs, ... }:
let
inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
inherit (lib) head;
ip = "168.235.148.52";
in {
imports = [
../2configs/base.nix
../2configs/os-templates/CAC-CentOS-6.5-64bit.nix
{
networking.interfaces.enp11s0.ip4 = [
{
address = ip;
prefixLength = 24;
}
];
networking.defaultGateway = getDefaultGateway ip;
networking.nameservers = [
"8.8.8.8"
];
}
{
sound.enable = false;
}
];
krebs.build.host = config.krebs.hosts.test-centos6;
}

31
lass/1systems/test-centos7.nix Normal file
View file

@ -0,0 +1,31 @@
{ config, lib, pkgs, ... }:
let
inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
inherit (lib) head;
ip = "168.235.145.85";
in {
imports = [
../2configs/base.nix
../2configs/os-templates/CAC-CentOS-7-64bit.nix
{
networking.interfaces.enp2s1.ip4 = [
{
address = ip;
prefixLength = 24;
}
];
networking.defaultGateway = getDefaultGateway ip;
networking.nameservers = [
"8.8.8.8"
];
}
{
sound.enable = false;
}
];
krebs.build.host = config.krebs.hosts.test-centos7;
}

31
lass/1systems/uriel.nix
View file

@ -3,11 +3,10 @@
with builtins; with builtins;
{ {
imports = [ imports = [
../2configs/desktop-base.nix ../2configs/baseX.nix
../2configs/browsers.nix ../2configs/browsers.nix
../2configs/games.nix ../2configs/games.nix
../2configs/pass.nix ../2configs/pass.nix
../2configs/urxvt.nix
../2configs/bird.nix ../2configs/bird.nix
../2configs/git.nix ../2configs/git.nix
../2configs/chromium-patched.nix ../2configs/chromium-patched.nix
@ -25,26 +24,9 @@ with builtins;
} }
]; ];
krebs.build = { krebs.build.host = config.krebs.hosts.uriel;
user = config.krebs.users.lass;
target = "root@uriel";
host = config.krebs.hosts.uriel;
source = {
dir.secrets = {
host = config.krebs.hosts.mors;
path = "/home/lass/secrets/${config.krebs.build.host.name}";
};
dir.stockholm = {
host = config.krebs.hosts.mors;
path = "/home/lass/dev/stockholm";
};
};
};
networking.hostName = "uriel";
networking.wireless.enable = true; networking.wireless.enable = true;
nix.maxJobs = 2;
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -65,8 +47,6 @@ with builtins;
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ]; #kernelModules = [ "kvm-intel" "msr" ];
kernelModules = [ "msr" ]; kernelModules = [ "msr" ];
extraModprobeConfig = ''
'';
}; };
fileSystems = { fileSystems = {
"/" = { "/" = {
@ -93,11 +73,4 @@ with builtins;
Option "FingerLow" "60" Option "FingerLow" "60"
''; '';
}; };
environment.systemPackages = with pkgs; [
];
#for google hangout
users.extraUsers.google.extraGroups = [ "audio" "video" ];
} }

31
lass/2configs/base.nix
View file

@ -38,14 +38,28 @@ with lib;
} }
]; ];
networking.hostName = config.krebs.build.host.name;
nix.maxJobs = config.krebs.build.host.cores;
krebs = { krebs = {
enable = true; enable = true;
search-domain = "retiolum"; search-domain = "retiolum";
exim-retiolum.enable = true; exim-retiolum.enable = true;
build.source = { build = {
git.nixpkgs = { user = config.krebs.users.lass;
url = https://github.com/Lassulus/nixpkgs; source = {
rev = "b9270a2e8ac3d2cf4c95075a9529528aa1d859da"; git.nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
rev = "33bdc011f5360288cd10b9fda90da2950442b2ab";
};
dir.secrets = {
host = config.krebs.hosts.mors;
path = "/home/lass/secrets/${config.krebs.build.host.name}";
};
dir.stockholm = {
host = config.krebs.hosts.mors;
path = "/home/lass/stockholm";
};
}; };
}; };
}; };
@ -82,6 +96,9 @@ with lib;
#network #network
iptables iptables
#stuff for dl
aria2
]; ];
programs.bash = { programs.bash = {
@ -123,12 +140,6 @@ with lib;
"sendmail" "sendmail"
]; ];
#services.gitolite = {
# enable = true;
# dataDir = "/home/gitolite";
# adminPubkey = config.sshKeys.lass.pub;
#};
services.openssh = { services.openssh = {
enable = true; enable = true;
hostKeys = [ hostKeys = [

2
lass/2configs/desktop-base.nix → lass/2configs/baseX.nix
View file

@ -5,6 +5,7 @@ let
in { in {
imports = [ imports = [
./base.nix ./base.nix
./urxvt.nix
]; ];
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
@ -30,6 +31,7 @@ in {
powertop powertop
sxiv sxiv
much much
push
#window manager stuff #window manager stuff
haskellPackages.xmobar haskellPackages.xmobar

202
lass/2configs/newsbot-js.nix Normal file
View file

@ -0,0 +1,202 @@
{ config, pkgs, ... }:
let
newsfile = pkgs.writeText "feeds" ''
aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#news
aktuelle_themen|http://bundestag.de/service/rss/Bundestag_Aktuelle_Themen.rss|#news #bundestag
allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#news
anon|http://anoninsiders.net/feed/|#news
antirez|http://antirez.com/rss|#news
arbor|http://feeds2.feedburner.com/asert/|#news
archlinux|http://www.archlinux.org/feeds/news/|#news
ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news
asiaone_asia|http://news.asiaone.com/rss/asia|#news
asiaone_business|http://business.asiaone.com/rss.xml|#news
asiaone_sci|http://news.asiaone.com/rss/science-and-tech|#news
asiaone_world|http://news.asiaone.com/rss/world|#news
augustl|http://augustl.com/atom.xml|#news
bbc|http://feeds.bbci.co.uk/news/rss.xml|#news
bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag
bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#news #bundestag
bdt_pressemitteilungen|http://bundestag.de/service/rss/Bundestag_Presse.rss|#news #bundestag
bdt_wd|http://bundestag.de/service/rss/Bundestag_WD.rss|#news #bundestag
bitcoinpakistan|https://bitcoinspakistan.com/feed/|#news #financial
cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#news
carta|http://feeds2.feedburner.com/carta-standard-rss|#news
catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#news
cbc_busi|http://rss.cbc.ca/lineup/business.xml|#news
cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#news
cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#news
cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#news
cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#news
ccc|http://www.ccc.de/rss/updates.rdf|#news
chan_b|https://boards.4chan.org/b/index.rss|#brainfuck
chan_biz|https://boards.4chan.org/biz/index.rss|#news #brainfuck
chan_int|https://boards.4chan.org/int/index.rss|#news #brainfuck
cna|http://www.channelnewsasia.com/starterkit/servlet/cna/rss/home.xml|#news
coinspotting|http://coinspotting.com/rss|#news #financial
cryptanalysis|https://cryptanalys.is/rss.php|#news
cryptocoinsnews|http://www.cryptocoinsnews.com/feed/|#news #financial
cryptogon|http://www.cryptogon.com/?feed=rss2|#news
csm|http://rss.csmonitor.com/feeds/csm|#news
csm_world|http://rss.csmonitor.com/feeds/world|#news
cyberguerrilla|https://www.cyberguerrilla.org/a/2012/?feed=rss2|#news
danisch|http://www.danisch.de/blog/feed/|#news
dod|http://www.defense.gov/news/afps2.xml|#news
dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#news
ecat|http://ecat.com/feed|#news
eia_press|http://www.eia.gov/rss/press_rss.xml|#news
eia_today|http://www.eia.gov/rss/todayinenergy.xml|#news
embargowatch|https://embargowatch.wordpress.com/feed/|#news
ethereum-comments|http://blog.ethereum.org/comments/feed|#news
ethereum|http://blog.ethereum.org/feed|#news
europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#news
eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#news
exploitdb|http://www.exploit-db.com/rss.xml|#news
fars|http://www.farsnews.com/rss.php|#news #test
faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#news
faz_politik|http://www.faz.net/rss/aktuell/politik/|#news
faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#news #financial
fbi|http://www.fbi.gov/homepage/RSS|#news #bullerei
fbi_news|http://www.fbi.gov/news/news_blog/rss.xml|#news
fbi_press|http://www.fbi.gov/news/current/rss.xml|#news #bullerei
fbi_stories|http://www.fbi.gov/news/stories/all-stories/rss.xml|#news #bullerei
fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#news #financial
fefe|http://blog.fefe.de/rss.xml|#news
forbes|http://www.forbes.com/forbes/feed2/|#news
forbes_realtime|http://www.forbes.com/real-time/feed2/|#news
fox|http://feeds.foxnews.com/foxnews/latest|#news
geheimorganisation|http://geheimorganisation.org/feed/|#news
GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#news
gmanet|http://www.gmanetwork.com/news/rss/news|#news
golem|http://www.golem.de/rss.php?feed=RSS1.0|#news
google|http://news.google.com/?output=rss|#news
greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#news
guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#news
gulli|http://ticker.gulli.com/rss/|#news
handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#news #financial
heise|http://heise.de.feedsportal.com/c/35207/f/653902/index.rss|#news
hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial
hindu|http://www.thehindu.com/?service=rss|#news
hintergrund|http://www.hintergrund.de/index.php?option=com_bca-rss-syndicator&feed_id=8|#news
ign|http://feeds.ign.com/ign/all|#news
independent|http://www.independent.com/rss/headlines/|#news
indymedia|http://de.indymedia.org/RSS/newswire.xml|#news
info_libera|http://www.informationliberation.com/rss.xml|#news
klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#news
korea_herald|http://www.koreaherald.com/rss_xml.php|#news
linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#news
lisp|http://planet.lisp.org/rss20.xml|#news
liveleak|http://www.liveleak.com/rss|#news
lolmythesis|http://lolmythesis.com/rss|#news
LtU|http://lambda-the-ultimate.org/rss.xml|#news
lukepalmer|http://lukepalmer.wordpress.com/feed/|#news
mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#news
mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#news
nds|http://www.nachdenkseiten.de/?feed=atom|#news
netzpolitik|https://netzpolitik.org/feed/|#news
newsbtc|http://newsbtc.com/feed/|#news #financial
nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#news
npr_busi|http://www.npr.org/rss/rss.php?id=1006|#news
npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#news
npr_pol|http://www.npr.org/rss/rss.php?id=1012|#news
npr_world|http://www.npr.org/rss/rss.php?id=1004|#news
nsa|http://www.nsa.gov/rss.shtml|#news #bullerei
nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news
painload|https://github.com/krebscode/painload/commits/master.atom|#news
phys|http://phys.org/rss-feed/|#news
piraten|https://www.piratenpartei.de/feed/|#news
polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#news #bullerei
presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#news #bullerei
presseportal|http://www.presseportal.de/rss/presseportal.rss2|#news
prisonplanet|http://prisonplanet.com/feed.rss|#news
proofmarket|https://proofmarket.org/feed_problem|#news
rawstory|http://www.rawstory.com/rs/feed/|#news
reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#news #brainfuck
reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#news
reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#news #financial
reddit_prog|http://www.reddit.com/r/programming/new/.rss|#news
reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#news #tpp
reddit_world|http://www.reddit.com/r/worldnews/.rss|#news
r-ethereum|http://www.reddit.com/r/ethereum/.rss|#news
reuters|http://feeds.reuters.com/Reuters/worldNews|#news
reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#news
rt|http://rt.com/rss/news/|#news
schallurauch|http://feeds.feedburner.com/SchallUndRauch|#news
sciencemag|http://news.sciencemag.org/rss/current.xml|#news
scmp|http://www.scmp.com/rss/91/feed|#news
sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#news
shackspace|http://shackspace.de/?feed=rss2|#news
shz_news|http://www.shz.de/nachrichten/newsticker/rss|#news
sky_busi|http://news.sky.com/feeds/rss/business.xml|#news
sky_pol|http://news.sky.com/feeds/rss/politics.xml|#news
sky_strange|http://news.sky.com/feeds/rss/strange.xml|#news
sky_tech|http://news.sky.com/feeds/rss/technology.xml|#news
sky_world|http://news.sky.com/feeds/rss/world.xml|#news
slashdot|http://rss.slashdot.org/Slashdot/slashdot|#news
slate|http://feeds.slate.com/slate|#news
spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#news
spiegelfechter|http://feeds.feedburner.com/DerSpiegelfechter?format=xml|#news
spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#news
standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#news
stern|http://www.stern.de/feed/standard/all/|#news
stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#news
sz_politik|http://rss.sueddeutsche.de/rss/Politik|#news
sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#news #financial
sz_wissen|http://suche.sueddeutsche.de/rss/Wissen|#news
tagesschau|http://www.tagesschau.de/newsticker.rdf|#news
taz|http://taz.de/Themen-des-Tages/!p15;rss/|#news
telegraph_finance|http://www.telegraph.co.uk/finance/rss|#news #financial
telegraph_pol|http://www.telegraph.co.uk/news/politics/rss|#news
telegraph_uk|http://www.telegraph.co.uk/news/uknews/rss|#news
telegraph_world|http://www.telegraph.co.uk/news/worldnews/rss|#news
telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news
the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#news
tigsource|http://www.tigsource.com/feed/|#news
times|http://www.thetimes.co.uk/tto/news/rss|#news
tinc|http://tinc-vpn.org/news/index.rss|#news
topix_b|http://www.topix.com/rss/wire/de/berlin|#news
torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news
torrentfreak|http://feeds.feedburner.com/Torrentfreak|#news
torr_news|http://feed.torrentfreak.com/Torrentfreak/|#news
travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#news
truther|http://truthernews.wordpress.com/feed/|#news
un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#news
un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#news
un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#news
un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#news
un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#news
un_top|http://www.un.org/apps/news/rss/rss_top.asp|#news
us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#news
vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
weechat|http://dev.weechat.org/feed/atom|#news
wired_sci|http://www.wired.com/category/science/feed/|#news
wp_world|http://feeds.washingtonpost.com/rss/rss_blogpost|#news
xkcd|https://xkcd.com/rss.xml|#news
zdnet|http://www.zdnet.com/news/rss.xml|#news
chan_g|https://boards.4chan.org/g/index.rss|#news
chan_x|https://boards.4chan.org/x/index.rss|#news
chan_sci|https://boards.4chan.org/sci/index.rss|#news
reddit_consp|http://reddit.com/r/conspiracy/.rss|#news
reddit_sci|http://www.reddit.com/r/science/.rss|#news
reddit_tech|http://www.reddit.com/r/technology/.rss|#news
reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
hackernews|https://news.ycombinator.com/rss|#news
'';
in {
imports = [
../3modules/newsbot-js.nix
];
environment.systemPackages = [
pkgs.newsbot-js
];
lass.newsbot-js = {
enable = true;
ircServer = "localhost";
feeds = newsfile;
urlShortenerHost = "go";
urlShortenerPort = "80";
};
}

47
lass/2configs/os-templates/CAC-CentOS-6.5-64bit.nix Normal file
View file

@ -0,0 +1,47 @@
_:
{
boot.loader.grub = {
device = "/dev/sda";
splashImage = null;
};
boot.initrd.availableKernelModules = [
"ata_piix"
"vmw_pvscsi"
];
fileSystems."/" = {
device = "/dev/VolGroup/lv_root";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/sda1";
fsType = "ext4";
};
swapDevices = [
{ device = "/dev/VolGroup/lv_swap"; }
];
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
# Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
# Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
# Docs: man:tmpfiles.d(5)
# man:systemd-tmpfiles(8)
# Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
# Main PID: 19272 (code=exited, status=1/FAILURE)
#
# Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
# Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
# Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
# warning: error(s) occured while switching to the new configuration
lock.gid = 10001;
};
}

11
lass/2configs/sshkeys.nix
View file

@ -1,11 +0,0 @@
{ config, ... }:
{
imports = [
../3modules/sshkeys.nix
];
config.sshKeys.lass.pub = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
config.sshKeys.uriel.pub = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";
}

8
lass/3modules/default.nix
View file

@ -1,7 +1,13 @@
_: _:
{ {
imports = [ imports = [
./xresources.nix ./xresources.nix
./bitlbee.nix
./folderPerms.nix
./go.nix
./newsbot-js.nix
./per-user.nix
./urxvtd.nix
./xresources.nix
]; ];
} }

55
lass/3modules/dnsmasq.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, lib, pkgs, ... }:
with builtins;
with lib;
let
cfg = config.lass.dnsmasq;
out = {
options.lass.dnsmasq = api;
config = mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "dnsmasq";
config = mkOption {
type = types.str;
#TODO: find a good default
default = ''
'';
description = "configuration dnsmasq is started with";
};
};
configFile = pkgs.writeText "dnsmasq.conf" cfg.config;
imp = {
#users.extraUsers.go = {
# name = "go";
# uid = 42774411; #genid go
# description = "go url shortener user";
# home = "/var/lib/go";
# createHome = true;
#};
systemd.services.dnsmasq = {
description = "dnsmasq";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
dnsmasq
];
restartIfChanged = true;
serviceConfig = {
Restart = "always";
ExecStart = "${pkgs.dnsmasq}/bin/dnsmasq -k -C ${configFile}";
};
};
};
in out

87
lass/3modules/newsbot-js.nix Normal file
View file

@ -0,0 +1,87 @@
{ config, lib, pkgs, ... }:
with builtins;
with lib;
let
cfg = config.lass.newsbot-js;
out = {
options.lass.newsbot-js = api;
config = mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "Enable krebs newsbot";
ircServer = mkOption {
type = types.str;
default = "echelon.retiolum";
description = "to which server the bot should connect";
};
channel = mkOption {
type = types.str;
default = "#news";
description = "post the news in this channel";
};
masterNick = mkOption {
type = types.str;
default = "knews";
description = "nickname of the master bot";
};
feeds = mkOption {
type = types.path;
description = ''
file with feeds to post
format:
$nick|$feedURI
'';
};
urlShortenerHost = mkOption {
type = types.str;
default = "echelon";
description = "what server to use for url shortening, host";
};
urlShortenerPort = mkOption {
type = types.str;
default = "80";
description = "what server to use for url shortening, port";
};
};
imp = {
users.extraUsers.newsbot-js = {
name = "newsbot-js";
uid = 1616759810; #genid newsbot-js
description = "newsbot-js user";
home = "/var/empty";
};
systemd.services.newsbot-js = {
description = "krebs newsbot";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
newsbot-js
];
environment = {
irc_server = cfg.ircServer;
master_nick = cfg.masterNick;
news_channel = cfg.channel;
feeds_file = cfg.feeds;
url_shortener_host = cfg.urlShortenerHost;
url_shortener_port = cfg.urlShortenerPort;
};
restartIfChanged = true;
serviceConfig = {
User = "newsbot-js";
Restart = "always";
ExecStart = "${pkgs.newsbot-js}/bin/newsbot";
};
};
};
in out

26
lass/3modules/sshkeys.nix
View file

@ -1,26 +0,0 @@
{ lib, ... }:
with lib;
{
options = {
sshKeys = mkOption {
type = types.attrsOf (types.submodule (
{ config, ... }:
{
options = {
pub = mkOption {
type = types.str;
description = "Public part of the ssh key.";
};
priv = mkOption {
type = types.str;
description = "Private part of the ssh key.";
};
};
}));
description = "collection of ssh-keys";
};
};
}

8
lass/4lib/default.nix
View file

@ -1,12 +1,8 @@
{ lib, pkgs, ... }: { lib, pkgs, ... }:
let with lib;
krebs = import ../../krebs/4lib { inherit lib; };
in
with krebs; {
krebs // rec {
simpleScript = name: content: simpleScript = name: content:
pkgs.stdenv.mkDerivation { pkgs.stdenv.mkDerivation {

4
lass/5pkgs/newsbot-js/default.nix
View file

@ -26,8 +26,8 @@ in nodePackages.buildNodePackage {
src = fetchgit { src = fetchgit {
url = "http://cgit.echelon/newsbot-js/"; url = "http://cgit.echelon/newsbot-js/";
rev = "cd32ef7b39819f53c7125b22c594202724cc8754"; rev = "b22729670236bfa6491207d57c5d7565137625ca";
sha256 = "425e800f7638a5679ed8a049614a7533f3c8dd09659061885240dc93952ff0ae"; sha256 = "8ff00de56d85543399776c82d41d92ccc68000e5dce0f008d926748e188f3c69";
}; };
phases = [ phases = [

1
tv/1systems/cd.nix
View file

@ -114,7 +114,6 @@ with lib;
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git # required for ./deploy, clone_or_update
htop htop
iftop iftop
iotop iotop

1
tv/1systems/mkdir.nix
View file

@ -88,7 +88,6 @@ in
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git # required for ./deploy, clone_or_update
htop htop
iftop iftop
iotop iotop

13
tv/1systems/nomic.nix
View file

@ -64,27 +64,24 @@ with lib;
]; ];
boot.initrd.luks = { boot.initrd.luks = {
cryptoModules = [ "aes" "sha1" "xts" ]; cryptoModules = [ "aes" "sha512" "xts" ];
devices = [ devices = [
{ { name = "luks1"; device = "/dev/sda2"; }
name = "luks1";
device = "/dev/disk/by-uuid/cac73902-1023-4906-8e95-3a8b245337d4";
}
]; ];
}; };
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/de4780fc-0473-4708-81df-299b7383274c"; { device = "/dev/mapper/nomic1-root";
fsType = "btrfs"; fsType = "btrfs";
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/be3a1d80-3157-4d7c-86cc-ef01b64eff5e"; { device = "/dev/sda1";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/home" = fileSystems."/home" =
{ device = "/dev/disk/by-uuid/9db9c8ff-51da-4cbd-9f0a-0cd3333bbaff"; { device = "/dev/mapper/nomic1-home";
fsType = "btrfs"; fsType = "btrfs";
}; };

1
tv/1systems/rmdir.nix
View file

@ -84,7 +84,6 @@ in
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git # required for ./deploy, clone_or_update
htop htop
iftop iftop
iotop iotop

1
tv/1systems/wu.nix
View file

@ -37,7 +37,6 @@ with lib;
# stockholm # stockholm
genid genid
git
gnumake gnumake
hashPassword hashPassword
lentil lentil

6
tv/2configs/base.nix
View file

@ -14,6 +14,12 @@ in
networking.hostName = config.krebs.build.host.name; networking.hostName = config.krebs.build.host.name;
imports = [ imports = [
{
# stockholm dependencies
environment.systemPackages = with pkgs; [
git
];
}
{ {
# TODO never put hashedPassword into the store # TODO never put hashedPassword into the store
users.extraUsers = users.extraUsers =

2
tv/2configs/test.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import ../4lib { inherit lib pkgs; }; with lib;
let let
out = { out = {

4
tv/2configs/urlwatch.nix
View file

@ -29,10 +29,6 @@
# 2014-09-24 ref https://github.com/4z3/xintmap # 2014-09-24 ref https://github.com/4z3/xintmap
http://www.mathstat.dal.ca/~selinger/quipper/ http://www.mathstat.dal.ca/~selinger/quipper/
# 2014-12-12 remove nixopsUnstable when nixops get's bumped to 1.3
# ref https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/package-management/nixops/unstable.nix
http://nixos.org/releases/nixops/
## other ## other
https://nixos.org/channels/nixos-unstable/git-revision https://nixos.org/channels/nixos-unstable/git-revision

2
tv/3modules/consul.nix
View file

@ -5,7 +5,7 @@
# TODO consul-bootstrap HOST that actually does is # TODO consul-bootstrap HOST that actually does is
# TODO tools to inspect state of a cluster in outage state # TODO tools to inspect state of a cluster in outage state
with import ../4lib { inherit lib pkgs; }; with lib;
let let
cfg = config.tv.consul; cfg = config.tv.consul;

14
tv/4lib/default.nix
View file

@ -1,20 +1,14 @@
{ lib, pkgs, ... }: { lib, pkgs, ... }:
let lib // rec {
krebs = import ../../krebs/4lib { inherit lib; };
in
with krebs;
krebs // rec {
git = import ./git.nix { git = import ./git.nix {
lib = krebs; inherit lib pkgs;
inherit pkgs;
}; };
# "7.4.335" -> "74" # "7.4.335" -> "74"
majmin = with lib; x : concatStrings (take 2 (splitString "." x)); majmin = with lib; x : concatStrings (take 2 (splitString "." x));
shell-escape = krebs.shell.escape; # TODO deprecate shell-escape for lass
shell-escape = lib.shell.escape;
} }