From 00bc48d90f95bf9d5de2da6b6c82bca7d78b87f2 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 2 Aug 2015 23:12:38 +0200
Subject: [PATCH 01/36] add host tsp (traveling salesman problem)
---
Zhosts/tsp | 16 +++++++
krebs/3modules/default.nix | 28 +++++++++++
makefu/1systems/tsp.nix | 90 ++++++++++++++++++++++++++++++++++++
makefu/2configs/base-gui.nix | 23 +++++++++
4 files changed, 157 insertions(+)
create mode 100644 Zhosts/tsp
create mode 100644 makefu/1systems/tsp.nix
create mode 100644 makefu/2configs/base-gui.nix
diff --git a/Zhosts/tsp b/Zhosts/tsp
new file mode 100644
index 000000000..6c2b450d8
--- /dev/null
+++ b/Zhosts/tsp
@@ -0,0 +1,16 @@
+Subnet = 10.243.0.211
+Subnet = 42:f9f1:0000:0000:0000:0000:0000:0002
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
+HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
+mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
+n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
+R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
+Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
+aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
+ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
+KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
+XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
+teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 668d66ccf..fb25f8178 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -306,6 +306,34 @@ let
};
};
};
+ tsp = {
+ cores = 4;
+ dc = "makefu"; #x200
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.0.211"];
+ addrs6 = ["42:f9f1:0000:0000:0000:0000:0000:0002"];
+ aliases = [
+ "tsp.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
+ HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
+ mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
+ n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
+ R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
+ Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
+ aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
+ ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
+ KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
+ XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
+ teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
};
users = addNames {
makefu = {
diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix
new file mode 100644
index 000000000..3de2d300c
--- /dev/null
+++ b/makefu/1systems/tsp.nix
@@ -0,0 +1,90 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+ imports =
+ [ # Include the results of the hardware scan.
+ ../2configs/base.nix
+ ../2configs/base-gui.nix
+ ];
+ services.xserver = {
+ videoDriver = "intel";
+ };
+ krebs.build.host = config.krebs.hosts.tsp;
+ krebs.build.user = config.krebs.users.makefu;
+ krebs.build.target = "root@tsp";
+
+ krebs.build.deps = {
+ nixpkgs = {
+ url = https://github.com/NixOS/nixpkgs;
+ rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
+ };
+ # TODO generalize in base.nix
+ secrets = {
+ url = "/home/makefu/secrets/${config.krebs.build.host.name}";
+ };
+ # TODO generalize in base.nix
+ stockholm = {
+ url = toString ../..;
+ };
+ };
+
+ krebs.retiolum = {
+ enable = true;
+ hosts = ../../Zhosts;
+ connectTo = [
+ "gum"
+ "pigstarter"
+ "fastpoke"
+ ];
+ };
+
+ boot = {
+ #x200 specifics
+ kernelModules = [ "tp_smapi" "msr" ];
+ extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
+
+ loader.grub.enable =true;
+ loader.grub.version =2;
+ loader.grub.device = "/dev/sda";
+
+ # crypto boot
+ # TODO: use UUID
+ initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}];
+ initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/luksroot";
+ fsType = "ext4";
+ };
+ "/boot" = {
+ device = "/dev/disk/by-label/nixboot";
+ fsType = "ext4";
+ };
+ };
+
+ # hardware specifics
+ networking.wireless.enable = true;
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+
+ # TODO: generalize to numCPU + 1
+ nix.maxJobs = 3;
+
+
+ networking.firewall.rejectPackets = true;
+ networking.firewall.allowPing = true;
+
+
+ # $ nix-env -qaP | grep wget
+ environment.systemPackages = with pkgs; [
+ vim
+ jq
+ ];
+}
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
new file mode 100644
index 000000000..5f977251f
--- /dev/null
+++ b/makefu/2configs/base-gui.nix
@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+ imports = [ ];
+ services.xserver.enable = true;
+ services.xserver.layout = "us";
+
+# use awesome, direct boot into
+ services.xserver.displayManager.auto.enable =true;
+ services.xserver.displayManager.auto.user =config.krebs.users.makefu;
+ services.xserver.windowManager.awesome.enable = true;
+
+ security.setuidPrograms = [ "slock" ];
+
+# use pulseaudio
+ environment.systemPackages = [ pkgs.slock ];
+ hardware.pulseaudio = {
+ enable = true;
+ systemWide = true;
+ };
+
+}
From 7d75cf113fc2ed694e100cd1e6e0f040ef870f19 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 4 Aug 2015 14:55:06 +0200
Subject: [PATCH 02/36] fix mkdir /root/root@<host>/secret
previously /root/root@<host>/secret folder was created on the
destination host but /root/secret/ is required.
This commit fixes this behavior and creates the correct folder for
bootstrapping
---
krebs/3modules/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index fb25f8178..e677ba5ea 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -55,7 +55,7 @@ let
--exclude .git \
--exclude .graveyard \
--exclude old \
- --rsync-path="mkdir -p \"$dst\" && rsync" \
+ --rsync-path="mkdir -p \"$2\" && rsync" \
--usermap=\*:0 \
--groupmap=\*:0 \
--delete-excluded \
From a385b9a4ec7751276c81e09b51427b22a344c9a3 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 4 Aug 2015 16:13:50 +0200
Subject: [PATCH 03/36] add minimal graphite installation to pnp
---
makefu/2configs/graphite-standalone.nix | 33 +++++++++++++++++++++++++
1 file changed, 33 insertions(+)
create mode 100644 makefu/2configs/graphite-standalone.nix
diff --git a/makefu/2configs/graphite-standalone.nix b/makefu/2configs/graphite-standalone.nix
new file mode 100644
index 000000000..50c623ab9
--- /dev/null
+++ b/makefu/2configs/graphite-standalone.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+
+# graphite-web on port 8080
+# carbon cache on port 2003 (tcp/udp)
+with lib;
+{
+ imports = [ ];
+ services.graphite = {
+ web = {
+ enable = true;
+ host = "0.0.0.0";
+ };
+ carbon = {
+ enableCache = true;
+ # save disk usage by restricting to 1 bulk update per second
+ config = ''
+ [cache]
+ MAX_CACHE_SIZE = inf
+ MAX_UPDATES_PER_SECOND = 1
+ MAX_CREATES_PER_MINUTE = 50
+ '';
+ storageSchemas = ''
+ [carbon]
+ pattern = ^carbon\.
+ retentions = 60:90d
+
+ [default]
+ pattern = .*
+ retentions = 60s:30d,300s:1y
+ '';
+ };
+ };
+}
From b3c25831d1ac80578222cc7d0e8f3559f92f34c1 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 5 Aug 2015 14:56:38 +0200
Subject: [PATCH 04/36] add graphite to pnp
---
makefu/1systems/pnp.nix | 10 ++++++++--
makefu/2configs/graphite-web.nix | 24 ++++++++++++++++++++++++
2 files changed, 32 insertions(+), 2 deletions(-)
create mode 100644 makefu/2configs/graphite-web.nix
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index 549658983..a8df522f2 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -10,6 +10,7 @@
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/base.nix
../2configs/cgit-retiolum.nix
+ ../2configs/graphite-standalone.nix
];
krebs.build.host = config.krebs.hosts.pnp;
krebs.build.user = config.krebs.users.makefu;
@@ -38,8 +39,13 @@
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
-# networking.firewall is enabled by default
- networking.firewall.allowedTCPPorts = [ 80 ];
+ networking.firewall.allowedTCPPorts = [
+ # nginx runs on 80
+ 80
+ # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp
+ 8080 2003
+ ];
+ networking.firewall.allowedUDPPorts = [ 2003 ];
networking.firewall.rejectPackets = true;
networking.firewall.allowPing = true;
diff --git a/makefu/2configs/graphite-web.nix b/makefu/2configs/graphite-web.nix
new file mode 100644
index 000000000..daa1d49a3
--- /dev/null
+++ b/makefu/2configs/graphite-web.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+ imports = [ ];
+ services.graphite = {
+ web = {
+ enable = true;
+ host = "0.0.0.0";
+ };
+ carbon = {
+ enableCache = true;
+ storageSchemas = ''
+ [carbon]
+ pattern = ^carbon\.
+ retentions = 60:90d
+
+ [default]
+ pattern = .*
+ retentions = 60s:30d,300s:1y
+ '';
+ };
+ };
+}
From dd8c918c876f923b7ca5d9446b03c0b01f82b531 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 5 Aug 2015 15:11:52 +0200
Subject: [PATCH 05/36] test vicious for awesome on tsp
---
makefu/1systems/tsp.nix | 13 ++++++++-----
makefu/2configs/base-gui.nix | 21 ++++++++++++++++-----
2 files changed, 24 insertions(+), 10 deletions(-)
diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix
index 3de2d300c..d67a5c076 100644
--- a/makefu/1systems/tsp.nix
+++ b/makefu/1systems/tsp.nix
@@ -10,17 +10,20 @@
../2configs/base.nix
../2configs/base-gui.nix
];
- services.xserver = {
- videoDriver = "intel";
- };
+ # not working in vm
+ #services.xserver = {
+ # videoDriver = "intel";
+ #};
krebs.build.host = config.krebs.hosts.tsp;
krebs.build.user = config.krebs.users.makefu;
krebs.build.target = "root@tsp";
krebs.build.deps = {
nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
+ #url = https://github.com/NixOS/nixpkgs;
+ url = https://github.com/makefu/nixpkgs;
+ #rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
+ rev = "08275910ba86ed9bd7a2608e6a1e5285faf24cb2";
};
# TODO generalize in base.nix
secrets = {
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
index 5f977251f..056005f75 100644
--- a/makefu/2configs/base-gui.nix
+++ b/makefu/2configs/base-gui.nix
@@ -3,13 +3,24 @@
with lib;
{
imports = [ ];
- services.xserver.enable = true;
- services.xserver.layout = "us";
+ services.xserver = {
+ enable = true;
+ layout = "us";
# use awesome, direct boot into
- services.xserver.displayManager.auto.enable =true;
- services.xserver.displayManager.auto.user =config.krebs.users.makefu;
- services.xserver.windowManager.awesome.enable = true;
+ displayManager.auto.enable = true;
+# TODO: use config.krebs.users.makefu ... or not
+ displayManager.auto.user = "makefu";
+
+ windowManager = {
+ awesome.enable = true;
+ awesome.luaModules = [ pkgs.luaPackages.vicious ];
+ default = "awesome";
+ };
+
+ desktopManager.xterm.enable = false;
+ desktopManager.default = "none";
+ };
security.setuidPrograms = [ "slock" ];
From 662f22a1ddd32d33157d3807756b0742e7d21752 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Wed, 5 Aug 2015 15:24:50 +0200
Subject: [PATCH 06/36] make eval: don't use $json anymore
---
Makefile | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/Makefile b/Makefile
index ca828fd2b..54656e9e1 100644
--- a/Makefile
+++ b/Makefile
@@ -25,7 +25,7 @@ deploy:;@
eval:
@
ifeq ($(filter),json)
- extraArgs=--json
+ extraArgs='--json --strict'
filter() { jq -r .; }
else
filter() { cat; }
@@ -33,8 +33,6 @@ endif
NIX_PATH=stockholm=$$PWD:$$NIX_PATH \
nix-instantiate \
$${extraArgs-} \
- $${json+--json} \
- $${json+--strict} \
--eval \
-A "$$get" \
'<stockholm>' \
From eeb7a84e988c0fa41113643505d2965b0f81ffb9 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 5 Aug 2015 16:54:15 +0200
Subject: [PATCH 07/36] use unstable nixpkgs release
---
makefu/1systems/tsp.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix
index d67a5c076..2d3fd9225 100644
--- a/makefu/1systems/tsp.nix
+++ b/makefu/1systems/tsp.nix
@@ -23,7 +23,8 @@
#url = https://github.com/NixOS/nixpkgs;
url = https://github.com/makefu/nixpkgs;
#rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
- rev = "08275910ba86ed9bd7a2608e6a1e5285faf24cb2";
+ #rev = "08275910ba86ed9bd7a2608e6a1e5285faf24cb2";
+ rev = "53d79a8074e7a4465515e67ea565dc73cbc14c5c";
};
# TODO generalize in base.nix
secrets = {
From 2499c472a08783d1cc1105c9b4c48b04f8062b5b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 5 Aug 2015 16:55:10 +0200
Subject: [PATCH 08/36] fix ip of tsp (211 is already in use)
---
krebs/3modules/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index e677ba5ea..4644e59eb 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -311,7 +311,7 @@ let
dc = "makefu"; #x200
nets = {
retiolum = {
- addrs4 = ["10.243.0.211"];
+ addrs4 = ["10.243.0.212"];
addrs6 = ["42:f9f1:0000:0000:0000:0000:0000:0002"];
aliases = [
"tsp.retiolum"
From 01681b908f58e988f028054dd10de44579ca24ff Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 6 Aug 2015 00:11:26 +0200
Subject: [PATCH 09/36] tv 2 git: add public repo: cac
---
tv/2configs/git.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index ecb98cef2..8d662494c 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -20,6 +20,9 @@ let
rules = concatMap make-rules (attrValues repos);
public-repos = mapAttrs make-public-repo {
+ cac = {
+ desc = "CloudAtCost command line interface";
+ };
cgserver = {};
crude-mail-setup = {};
dot-xmonad = {};
From a982edd25d442e443bc67159064eeb080ed3339c Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 6 Aug 2015 00:21:40 +0200
Subject: [PATCH 10/36] krebs pkgs cac: init at 07ef31c
---
krebs/5pkgs/cac.nix | 36 ++++++++++++++++++++++++++++++++++++
krebs/5pkgs/default.nix | 1 +
tv/1systems/wu.nix | 1 +
3 files changed, 38 insertions(+)
create mode 100644 krebs/5pkgs/cac.nix
diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix
new file mode 100644
index 000000000..3322e1a13
--- /dev/null
+++ b/krebs/5pkgs/cac.nix
@@ -0,0 +1,36 @@
+{ stdenv, fetchgit, coreutils, curl, gnused, jq, ... }:
+
+stdenv.mkDerivation {
+ name = "cac";
+
+ src = fetchgit {
+ url = http://cgit.cd.retiolum/cac;
+ rev = "07ef31c50613634e88a31233d1fcd2ec3e52bfe8";
+ sha256 = "4e94709a3f580a53983ca418fa0b470817ac917aa1b2d095f2420afd36ea9158";
+ };
+
+ phases = [
+ "unpackPhase"
+ "installPhase"
+ ];
+
+ installPhase =
+ let
+ path = stdenv.lib.makeSearchPath "bin" [
+ coreutils
+ curl
+ gnused
+ jq
+ ];
+ in
+ ''
+ mkdir -p $out/bin
+
+ sed \
+ 's,^\( true) \)\(cac "$@";;\)$,\1 PATH=${path} \2,' \
+ < ./cac \
+ > $out/bin/cac
+
+ chmod +x $out/bin/cac
+ '';
+}
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index 231fda797..5de84f66c 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -6,6 +6,7 @@ in
pkgs //
{
+ cac = callPackage ./cac.nix {};
dic = callPackage ./dic.nix {};
genid = callPackage ./genid.nix {};
github-hosts-sync = callPackage ./github-hosts-sync.nix {};
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 27691ec56..ae6ef1327 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -91,6 +91,7 @@ in
sxiv
texLive
tmux
+ tvpkgs.cac
tvpkgs.dic
zathura
From 7d9f1a321dfc8a27f7dbf65ba9ddf00202d3b53e Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 6 Aug 2015 00:56:28 +0200
Subject: [PATCH 11/36] krebs pkgs cac: add missing dep: sshpass
---
krebs/5pkgs/cac.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix
index 3322e1a13..336f96b92 100644
--- a/krebs/5pkgs/cac.nix
+++ b/krebs/5pkgs/cac.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchgit, coreutils, curl, gnused, jq, ... }:
+{ stdenv, fetchgit, coreutils, curl, gnused, jq, sshpass, ... }:
stdenv.mkDerivation {
name = "cac";
@@ -21,6 +21,7 @@ stdenv.mkDerivation {
curl
gnused
jq
+ sshpass
];
in
''
From c98cbf2169f6399bab88f936db0a21bd46cefd65 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 6 Aug 2015 00:59:34 +0200
Subject: [PATCH 12/36] krebs pkgs cac: 07ef31c -> 0fc9cbe
---
krebs/5pkgs/cac.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix
index 336f96b92..cce88920d 100644
--- a/krebs/5pkgs/cac.nix
+++ b/krebs/5pkgs/cac.nix
@@ -5,8 +5,8 @@ stdenv.mkDerivation {
src = fetchgit {
url = http://cgit.cd.retiolum/cac;
- rev = "07ef31c50613634e88a31233d1fcd2ec3e52bfe8";
- sha256 = "4e94709a3f580a53983ca418fa0b470817ac917aa1b2d095f2420afd36ea9158";
+ rev = "0fc9cbeba4060380f698f51bb74081e2fcefadf3";
+ sha256 = "9759c78aa9aa04ab82486d0f24264bff1081513bc07cac0f8b3c0bdf52260fb3";
};
phases = [
From 3e7220b417c398479e13617bd85d5c2c316c6bcd Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 6 Aug 2015 01:01:43 +0200
Subject: [PATCH 13/36] krebs pkgs cac: add missing dep: ncurses
---
krebs/5pkgs/cac.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix
index cce88920d..223d1ccf9 100644
--- a/krebs/5pkgs/cac.nix
+++ b/krebs/5pkgs/cac.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchgit, coreutils, curl, gnused, jq, sshpass, ... }:
+{ stdenv, fetchgit, coreutils, curl, gnused, jq, ncurses, sshpass, ... }:
stdenv.mkDerivation {
name = "cac";
@@ -21,6 +21,7 @@ stdenv.mkDerivation {
curl
gnused
jq
+ ncurses
sshpass
];
in
From 1692022c670e96a78b0d452d1ecbd6cb81961391 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 6 Aug 2015 01:02:49 +0200
Subject: [PATCH 14/36] krebs pkgs cac: leak $PATH for $PAGER
---
krebs/5pkgs/cac.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix
index 223d1ccf9..49a5bd276 100644
--- a/krebs/5pkgs/cac.nix
+++ b/krebs/5pkgs/cac.nix
@@ -29,7 +29,7 @@ stdenv.mkDerivation {
mkdir -p $out/bin
sed \
- 's,^\( true) \)\(cac "$@";;\)$,\1 PATH=${path} \2,' \
+ 's,^\( true) \)\(cac "$@";;\)$,\1 PATH=${path}${PATH+:$PATH} \2,' \
< ./cac \
> $out/bin/cac
From 90e0d14b3ec91cebb0119974c54a9bc9cdc6d70c Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 6 Aug 2015 19:39:18 +0200
Subject: [PATCH 15/36] krebs pkgs cac: 0fc9cbe -> f458915
---
krebs/5pkgs/cac.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix
index 49a5bd276..eff523048 100644
--- a/krebs/5pkgs/cac.nix
+++ b/krebs/5pkgs/cac.nix
@@ -5,8 +5,8 @@ stdenv.mkDerivation {
src = fetchgit {
url = http://cgit.cd.retiolum/cac;
- rev = "0fc9cbeba4060380f698f51bb74081e2fcefadf3";
- sha256 = "9759c78aa9aa04ab82486d0f24264bff1081513bc07cac0f8b3c0bdf52260fb3";
+ rev = "f4589158572ab35969b9bccf801ea07e115705e1";
+ sha256 = "9d761cd1d7ff68507392cbfd6c3f6000ddff9cc540293da2b3c4ee902321fb27";
};
phases = [
From 91a112c24294154be3b812e2b52e1c651d336aff Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 7 Aug 2015 12:10:02 +0200
Subject: [PATCH 16/36] refactor tsp
---
makefu/1systems/tsp.nix | 51 +++--------------------------
makefu/2configs/base-gui.nix | 26 ++++++++++-----
makefu/2configs/base.nix | 14 +++++++-
makefu/2configs/sda-crypto-root.nix | 27 +++++++++++++++
makefu/2configs/tp-x200.nix | 23 +++++++++++++
5 files changed, 84 insertions(+), 57 deletions(-)
create mode 100644 makefu/2configs/sda-crypto-root.nix
create mode 100644 makefu/2configs/tp-x200.nix
diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix
index 2d3fd9225..3979b70b9 100644
--- a/makefu/1systems/tsp.nix
+++ b/makefu/1systems/tsp.nix
@@ -9,11 +9,10 @@
[ # Include the results of the hardware scan.
../2configs/base.nix
../2configs/base-gui.nix
+ ../2configs/tp-x200.nix
+ ../2configs/sda-crypto-root.nix
];
# not working in vm
- #services.xserver = {
- # videoDriver = "intel";
- #};
krebs.build.host = config.krebs.hosts.tsp;
krebs.build.user = config.krebs.users.makefu;
krebs.build.target = "root@tsp";
@@ -21,18 +20,9 @@
krebs.build.deps = {
nixpkgs = {
#url = https://github.com/NixOS/nixpkgs;
+ # rev=$(curl https://nixos.org/channels/nixos-unstable/git-revision -L)
url = https://github.com/makefu/nixpkgs;
- #rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
- #rev = "08275910ba86ed9bd7a2608e6a1e5285faf24cb2";
- rev = "53d79a8074e7a4465515e67ea565dc73cbc14c5c";
- };
- # TODO generalize in base.nix
- secrets = {
- url = "/home/makefu/secrets/${config.krebs.build.host.name}";
- };
- # TODO generalize in base.nix
- stockholm = {
- url = toString ../..;
+ rev = "8b8b65da24f13f9317504e8bcba476f9161613fe";
};
};
@@ -46,40 +36,7 @@
];
};
- boot = {
- #x200 specifics
- kernelModules = [ "tp_smapi" "msr" ];
- extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
-
- loader.grub.enable =true;
- loader.grub.version =2;
- loader.grub.device = "/dev/sda";
-
- # crypto boot
- # TODO: use UUID
- initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}];
- initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
- initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- };
- fileSystems = {
- "/" = {
- device = "/dev/mapper/luksroot";
- fsType = "ext4";
- };
- "/boot" = {
- device = "/dev/disk/by-label/nixboot";
- fsType = "ext4";
- };
- };
-
# hardware specifics
- networking.wireless.enable = true;
-
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
-
- # TODO: generalize to numCPU + 1
- nix.maxJobs = 3;
networking.firewall.rejectPackets = true;
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
index 056005f75..7f329c6ce 100644
--- a/makefu/2configs/base-gui.nix
+++ b/makefu/2configs/base-gui.nix
@@ -1,31 +1,39 @@
{ config, lib, pkgs, ... }:
-
+##
+# of course this name is a lie - it prepares a GUI environment close to my
+# current configuration.
+#
+# autologin with mainUser into awesome
+##
+#
with lib;
+let
+ mainUser = config.krebs.build.user.name;
+in
{
imports = [ ];
services.xserver = {
enable = true;
layout = "us";
-# use awesome, direct boot into
- displayManager.auto.enable = true;
-# TODO: use config.krebs.users.makefu ... or not
- displayManager.auto.user = "makefu";
-
windowManager = {
awesome.enable = true;
awesome.luaModules = [ pkgs.luaPackages.vicious ];
default = "awesome";
};
+ displayManager.auto.enable = true;
+ displayManager.auto.user = mainUser;
desktopManager.xterm.enable = false;
- desktopManager.default = "none";
};
security.setuidPrograms = [ "slock" ];
-# use pulseaudio
- environment.systemPackages = [ pkgs.slock ];
+ environment.systemPackages = [
+ pkgs.slock
+ pkgs.rxvt_unicode-with-plugins
+ ];
+
hardware.pulseaudio = {
enable = true;
systemWide = true;
diff --git a/makefu/2configs/base.nix b/makefu/2configs/base.nix
index 8dfb2ef27..792cccc71 100644
--- a/makefu/2configs/base.nix
+++ b/makefu/2configs/base.nix
@@ -6,7 +6,7 @@ with lib;
krebs.enable = true;
krebs.search-domain = "retiolum";
- networking.hostName = config.krebs.build.host.name;
+
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
@@ -24,6 +24,18 @@ with lib;
};
};
+ networking.hostName = config.krebs.build.host.name;
+ nix.maxJobs = config.krebs.build.host.cores + 1;
+
+ krebs.build.deps = {
+ secrets = {
+ url = "/home/makefu/secrets/${config.krebs.build.host.name}";
+ };
+ stockholm = {
+ url = toString ../..;
+ };
+ };
+
services.openssh.enable = true;
nix.useChroot = true;
diff --git a/makefu/2configs/sda-crypto-root.nix b/makefu/2configs/sda-crypto-root.nix
new file mode 100644
index 000000000..0d979a0b8
--- /dev/null
+++ b/makefu/2configs/sda-crypto-root.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+# sda: bootloader grub2
+# sda1: boot ext4 (label nixboot)
+# sda2: cryptoluks -> ext4
+with lib;
+{
+ boot = {
+ loader.grub.enable =true;
+ loader.grub.version =2;
+ loader.grub.device = "/dev/sda";
+
+ initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}];
+ initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/luksroot";
+ fsType = "ext4";
+ };
+ "/boot" = {
+ device = "/dev/disk/by-label/nixboot";
+ fsType = "ext4";
+ };
+ };
+}
diff --git a/makefu/2configs/tp-x200.nix b/makefu/2configs/tp-x200.nix
new file mode 100644
index 000000000..64d3f85a1
--- /dev/null
+++ b/makefu/2configs/tp-x200.nix
@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+ #services.xserver = {
+ # videoDriver = "intel";
+ #};
+
+ boot = {
+ kernelModules = [ "tp_smapi" "msr" ];
+ extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
+
+ };
+
+ networking.wireless.enable = true;
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+
+ hardware.trackpoint.enable = true;
+ hardware.trackpoint.sensitivity = 255;
+ hardware.trackpoint.speed = 255;
+}
From 4d460eb95f398797df4d502be496a79481bdd809 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 7 Aug 2015 12:53:02 +0200
Subject: [PATCH 17/36] refactor pnp
---
makefu/1systems/pnp.nix | 45 +++++--------------------
makefu/2configs/graphite-standalone.nix | 1 +
makefu/2configs/graphite-web.nix | 24 -------------
makefu/2configs/tinc-basic-retiolum.nix | 14 ++++++++
makefu/2configs/vm-single-partition.nix | 20 +++++++++++
5 files changed, 44 insertions(+), 60 deletions(-)
delete mode 100644 makefu/2configs/graphite-web.nix
create mode 100644 makefu/2configs/tinc-basic-retiolum.nix
create mode 100644 makefu/2configs/vm-single-partition.nix
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index a8df522f2..bc4c679b7 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -11,6 +11,8 @@
../2configs/base.nix
../2configs/cgit-retiolum.nix
../2configs/graphite-standalone.nix
+ ../2configs/vm-single-partition.nix
+ ../2configs/tinc-basic-retiolum.nix
];
krebs.build.host = config.krebs.hosts.pnp;
krebs.build.user = config.krebs.users.makefu;
@@ -21,50 +23,21 @@
url = https://github.com/NixOS/nixpkgs;
rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
};
- secrets = {
- url = "/home/makefu/secrets/${config.krebs.build.host.name}";
- };
- stockholm = {
- url = toString ../..;
- };
};
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.device = "/dev/vda";
-
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ];
- boot.kernelModules = [ ];
- boot.extraModulePackages = [ ];
- hardware.enableAllFirmware = true;
- hardware.cpu.amd.updateMicrocode = true;
-
networking.firewall.allowedTCPPorts = [
# nginx runs on 80
- 80
# graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp
- 8080 2003
- ];
+ 80
+ 8080 2003
+ ];
networking.firewall.allowedUDPPorts = [ 2003 ];
+
networking.firewall.rejectPackets = true;
networking.firewall.allowPing = true;
- fileSystems."/" =
- { device = "/dev/disk/by-label/nixos";
- fsType = "ext4";
- };
- krebs.retiolum = {
- enable = true;
- hosts = ../../Zhosts;
- connectTo = [
- "gum"
- "pigstarter"
- "fastpoke"
- ];
- };
-
# $ nix-env -qaP | grep wget
- environment.systemPackages = with pkgs; [
- jq
- ];
+ environment.systemPackages = with pkgs; [
+ jq
+ ];
}
diff --git a/makefu/2configs/graphite-standalone.nix b/makefu/2configs/graphite-standalone.nix
index 50c623ab9..8b70c11c8 100644
--- a/makefu/2configs/graphite-standalone.nix
+++ b/makefu/2configs/graphite-standalone.nix
@@ -5,6 +5,7 @@
with lib;
{
imports = [ ];
+
services.graphite = {
web = {
enable = true;
diff --git a/makefu/2configs/graphite-web.nix b/makefu/2configs/graphite-web.nix
deleted file mode 100644
index daa1d49a3..000000000
--- a/makefu/2configs/graphite-web.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-{
- imports = [ ];
- services.graphite = {
- web = {
- enable = true;
- host = "0.0.0.0";
- };
- carbon = {
- enableCache = true;
- storageSchemas = ''
- [carbon]
- pattern = ^carbon\.
- retentions = 60:90d
-
- [default]
- pattern = .*
- retentions = 60s:30d,300s:1y
- '';
- };
- };
-}
diff --git a/makefu/2configs/tinc-basic-retiolum.nix b/makefu/2configs/tinc-basic-retiolum.nix
new file mode 100644
index 000000000..cb1991bd6
--- /dev/null
+++ b/makefu/2configs/tinc-basic-retiolum.nix
@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+ krebs.retiolum = {
+ enable = true;
+ hosts = ../../Zhosts;
+ connectTo = [
+ "gum"
+ "pigstarter"
+ "fastpoke"
+ ];
+ };
+}
diff --git a/makefu/2configs/vm-single-partition.nix b/makefu/2configs/vm-single-partition.nix
new file mode 100644
index 000000000..78a5e7175
--- /dev/null
+++ b/makefu/2configs/vm-single-partition.nix
@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+# vda1 ext4 (label nixos) -> only root partition
+with lib;
+{
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.device = "/dev/vda";
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-label/nixos";
+ fsType = "ext4";
+ };
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+ hardware.cpu.amd.updateMicrocode = true;
+
+
+}
From fad2a76defb18108a271633392344dbb49bb769b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 7 Aug 2015 12:53:38 +0200
Subject: [PATCH 18/36] begin customization of gui
---
makefu/1systems/tsp.nix | 19 +++----------------
makefu/2configs/base-gui.nix | 6 +++---
2 files changed, 6 insertions(+), 19 deletions(-)
diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix
index 3979b70b9..da7466d75 100644
--- a/makefu/1systems/tsp.nix
+++ b/makefu/1systems/tsp.nix
@@ -9,8 +9,10 @@
[ # Include the results of the hardware scan.
../2configs/base.nix
../2configs/base-gui.nix
- ../2configs/tp-x200.nix
+ ../2configs/tinc-basic-retiolum.nix
../2configs/sda-crypto-root.nix
+ # hardware specifics are in here
+ ../2configs/tp-x200.nix
];
# not working in vm
krebs.build.host = config.krebs.hosts.tsp;
@@ -26,24 +28,9 @@
};
};
- krebs.retiolum = {
- enable = true;
- hosts = ../../Zhosts;
- connectTo = [
- "gum"
- "pigstarter"
- "fastpoke"
- ];
- };
-
- # hardware specifics
-
-
networking.firewall.rejectPackets = true;
networking.firewall.allowPing = true;
-
- # $ nix-env -qaP | grep wget
environment.systemPackages = with pkgs; [
vim
jq
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
index 7f329c6ce..c4755c217 100644
--- a/makefu/2configs/base-gui.nix
+++ b/makefu/2configs/base-gui.nix
@@ -15,6 +15,8 @@ in
services.xserver = {
enable = true;
layout = "us";
+ xkbVariant = "altgr-intl";
+ xkbOptions = "ctrl:nocaps";
windowManager = {
awesome.enable = true;
@@ -27,10 +29,8 @@ in
desktopManager.xterm.enable = false;
};
- security.setuidPrograms = [ "slock" ];
-
environment.systemPackages = [
- pkgs.slock
+ pkgs.xlockmore
pkgs.rxvt_unicode-with-plugins
];
From 7bb85d74f8dbf8751344f9248b9365b4543bf20f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 7 Aug 2015 13:51:49 +0200
Subject: [PATCH 19/36] makefu/2configs:add hashedPasswords
---
makefu/2configs/base.nix | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/makefu/2configs/base.nix b/makefu/2configs/base.nix
index 792cccc71..2e18acf7c 100644
--- a/makefu/2configs/base.nix
+++ b/makefu/2configs/base.nix
@@ -2,7 +2,13 @@
with lib;
{
- imports = [ ];
+ imports = [
+ {
+ users.extraUsers =
+ mapAttrs (_: h: { hashedPassword = h; })
+ (import /root/src/secrets/hashedPasswords.nix);
+ }
+ ];
krebs.enable = true;
krebs.search-domain = "retiolum";
@@ -39,7 +45,7 @@ with lib;
services.openssh.enable = true;
nix.useChroot = true;
- users.mutableUsers = true;
+ users.mutableUsers = false;
boot.tmpOnTmpfs = true;
systemd.tmpfiles.rules = [
From a919ddb3878c59f1306d8d22f46b603aceb90e27 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 7 Aug 2015 15:50:06 +0200
Subject: [PATCH 20/36] makefu:include vim.nix
---
makefu/2configs/base.nix | 2 +
makefu/2configs/vim.nix | 119 +++++++++++++++++++++++++++++++++++++++
2 files changed, 121 insertions(+)
create mode 100644 makefu/2configs/vim.nix
diff --git a/makefu/2configs/base.nix b/makefu/2configs/base.nix
index 2e18acf7c..25d92d63d 100644
--- a/makefu/2configs/base.nix
+++ b/makefu/2configs/base.nix
@@ -8,6 +8,7 @@ with lib;
mapAttrs (_: h: { hashedPassword = h; })
(import /root/src/secrets/hashedPasswords.nix);
}
+ ./vim.nix
];
krebs.enable = true;
krebs.search-domain = "retiolum";
@@ -32,6 +33,7 @@ with lib;
networking.hostName = config.krebs.build.host.name;
nix.maxJobs = config.krebs.build.host.cores + 1;
+ #nix.maxJobs = 1;
krebs.build.deps = {
secrets = {
diff --git a/makefu/2configs/vim.nix b/makefu/2configs/vim.nix
new file mode 100644
index 000000000..b71d95148
--- /dev/null
+++ b/makefu/2configs/vim.nix
@@ -0,0 +1,119 @@
+{ config, pkgs, ... }:
+
+let
+ customPlugins.vim-better-whitespace = pkgs.vimUtils.buildVimPlugin {
+ name = "vim-better-whitespace";
+ src = pkgs.fetchFromGitHub {
+ owner = "ntpeters";
+ repo = "vim-better-whitespace";
+ rev = "984c8da518799a6bfb8214e1acdcfd10f5f1eed7";
+ sha256 = "10l01a8xaivz6n01x6hzfx7gd0igd0wcf9ril0sllqzbq7yx2bbk";
+ };
+ };
+
+in {
+
+ environment.systemPackages = [
+ pkgs.python27Full # required for youcompleteme
+ (pkgs.vim_configurable.customize {
+ name = "vim";
+
+ vimrcConfig.customRC = ''
+ set nocompatible
+ syntax on
+
+ filetype off
+ filetype plugin indent on
+
+ colorscheme darkblue
+ set background=dark
+
+ set number
+ set relativenumber
+ set mouse=a
+ set ignorecase
+ set incsearch
+ set wildignore=*.o,*.obj,*.bak,*.exe,*.os
+ set textwidth=79
+ set shiftwidth=2
+ set expandtab
+ set softtabstop=2
+ set shiftround
+ set smarttab
+ set tabstop=2
+ set et
+ set autoindent
+ set backspace=indent,eol,start
+
+
+ inoremap <F1> <ESC>
+ nnoremap <F1> <ESC>
+ vnoremap <F1> <ESC>
+
+ nnoremap <F5> :UndotreeToggle<CR>
+ set undodir =~/.vim/undo
+ set undofile
+ "maximum number of changes that can be undone
+ set undolevels=1000000
+ "maximum number lines to save for undo on a buffer reload
+ set undoreload=10000000
+
+ nnoremap <F2> :set invpaste paste?<CR>
+ set pastetoggle=<F2>
+ set showmode
+
+ set showmatch
+ set matchtime=3
+ set hlsearch
+
+ autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red
+
+
+ " save on focus lost
+ au FocusLost * :wa
+
+ autocmd BufRead *.json set filetype=json
+ au BufNewFile,BufRead *.mustache set syntax=mustache
+
+ cnoremap SudoWrite w !sudo tee > /dev/null %
+
+ " create Backup/tmp/undo dirs
+ set backupdir=~/.vim/backup
+ set directory=~/.vim/tmp
+
+ function! InitBackupDir()
+ let l:parent = $HOME . '/.vim/'
+ let l:backup = l:parent . 'backup/'
+ let l:tmpdir = l:parent . 'tmp/'
+ let l:undodir= l:parent . 'undo/'
+
+
+ if !isdirectory(l:parent)
+ call mkdir(l:parent)
+ endif
+ if !isdirectory(l:backup)
+ call mkdir(l:backup)
+ endif
+ if !isdirectory(l:tmpdir)
+ call mkdir(l:tmpdir)
+ endif
+ if !isdirectory(l:undodir)
+ call mkdir(l:undodir)
+ endif
+ endfunction
+ call InitBackupDir()
+
+
+ '';
+
+ vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
+ vimrcConfig.vam.pluginDictionaries = [
+ { names = [ "undotree"
+ "YouCompleteMe"
+ "vim-better-whitespace" ]; }
+ { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
+ ];
+
+ })
+ ];
+}
From 4fc382180ffcbe2326ac559de158fefff6370ab5 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 9 Aug 2015 14:53:24 +0200
Subject: [PATCH 21/36] makefu: fix tsp ip, add font in base-gui
---
Zhosts/tsp | 2 +-
makefu/2configs/base-gui.nix | 22 ++++++++++++++++++----
2 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/Zhosts/tsp b/Zhosts/tsp
index 6c2b450d8..314abb3f5 100644
--- a/Zhosts/tsp
+++ b/Zhosts/tsp
@@ -1,4 +1,4 @@
-Subnet = 10.243.0.211
+Subnet = 10.243.0.212
Subnet = 42:f9f1:0000:0000:0000:0000:0000:0002
-----BEGIN RSA PUBLIC KEY-----
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
index c4755c217..6cfd0e50c 100644
--- a/makefu/2configs/base-gui.nix
+++ b/makefu/2configs/base-gui.nix
@@ -29,14 +29,28 @@ in
desktopManager.xterm.enable = false;
};
- environment.systemPackages = [
- pkgs.xlockmore
- pkgs.rxvt_unicode-with-plugins
+## FONTS
+# TODO: somewhere else?
+
+ i18n.consoleFont = "Lat2-Terminus16";
+
+ fonts = {
+ enableCoreFonts = true;
+ enableFontDir = true;
+ enableGhostscriptFonts = false;
+ fonts = [ pkgs.terminus_font ];
+ };
+
+ environment.systemPackages = with pkgs;[
+ xlockmore
+ rxvt_unicode-with-plugins
+ vlc
+ firefox
+ chromium
];
hardware.pulseaudio = {
enable = true;
systemWide = true;
};
-
}
From 23da0b49331d5eba92c776ebcd1864b04e3ff8cf Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 9 Aug 2015 15:13:01 +0200
Subject: [PATCH 22/36] tsp can push stockholm in cgit
---
Zpubkeys/makefu_tsp.ssh.pub | 1 +
makefu/2configs/cgit-retiolum.nix | 10 +++++-----
2 files changed, 6 insertions(+), 5 deletions(-)
create mode 100644 Zpubkeys/makefu_tsp.ssh.pub
diff --git a/Zpubkeys/makefu_tsp.ssh.pub b/Zpubkeys/makefu_tsp.ssh.pub
new file mode 100644
index 000000000..9a9c9b6f8
--- /dev/null
+++ b/Zpubkeys/makefu_tsp.ssh.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp
diff --git a/makefu/2configs/cgit-retiolum.nix b/makefu/2configs/cgit-retiolum.nix
index 7dfb181c5..d352f5792 100644
--- a/makefu/2configs/cgit-retiolum.nix
+++ b/makefu/2configs/cgit-retiolum.nix
@@ -52,11 +52,7 @@ let
# TODO: get the list of all krebsministers
krebsminister = with config.krebs.users; [ lass tv uriel ];
-
- #all-makefu = with config.krebs.users; [ makefu ];
-
-
- all-makefu = with config.krebs.users; [ makefu makefu-omo ];
+ all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ];
priv-rules = repo: set-owners repo all-makefu;
@@ -69,6 +65,10 @@ in {
name = "makefu-omo" ;
pubkey= with builtins; readFile ../../Zpubkeys/makefu_omo.ssh.pub;
};
+ krebs.users.makefu-tsp = {
+ name = "makefu-tsp" ;
+ pubkey= with builtins; readFile ../../Zpubkeys/makefu_tsp.ssh.pub;
+ };
}];
krebs.git = {
enable = true;
From 8b302ea8866fb6f0703f34540f31cf5871440e53 Mon Sep 17 00:00:00 2001
From: makefu <makefu@tsp>
Date: Sun, 9 Aug 2015 13:17:37 +0000
Subject: [PATCH 23/36] makefu: x200 - add middle mouse scroll
---
makefu/2configs/tp-x200.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/makefu/2configs/tp-x200.nix b/makefu/2configs/tp-x200.nix
index 64d3f85a1..25a2537e8 100644
--- a/makefu/2configs/tp-x200.nix
+++ b/makefu/2configs/tp-x200.nix
@@ -20,4 +20,9 @@ with lib;
hardware.trackpoint.enable = true;
hardware.trackpoint.sensitivity = 255;
hardware.trackpoint.speed = 255;
+ services.xserver.displayManager.sessionCommands = ''
+ xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 1
+ xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 2
+ xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 200
+ '';
}
From 450d9e71ff0afc99511b840bed77a979795a988a Mon Sep 17 00:00:00 2001
From: makefu <makefu@tsp>
Date: Mon, 10 Aug 2015 17:49:55 +0000
Subject: [PATCH 24/36] makefu:base-gui audio working on earplugs
---
makefu/2configs/base-gui.nix | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
index 6cfd0e50c..4e5558a1f 100644
--- a/makefu/2configs/base-gui.nix
+++ b/makefu/2configs/base-gui.nix
@@ -48,9 +48,10 @@ in
firefox
chromium
];
-
+ # TODO: use mainUser
+ users.extraUsers.makefu.extraGroups = [ "audio" ];
hardware.pulseaudio = {
enable = true;
- systemWide = true;
+ # systemWide = true;
};
}
From 7a378d230d4c75f77f04943b73ad4c883d6750b9 Mon Sep 17 00:00:00 2001
From: makefu <makefu@tsp>
Date: Tue, 11 Aug 2015 19:00:22 +0000
Subject: [PATCH 25/36] makefu: move more stuff into base.nix
---
makefu/1systems/pnp.nix | 7 -------
makefu/1systems/tsp.nix | 14 +++-----------
makefu/2configs/base.nix | 4 ++++
3 files changed, 7 insertions(+), 18 deletions(-)
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index bc4c679b7..6693dc066 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -33,11 +33,4 @@
];
networking.firewall.allowedUDPPorts = [ 2003 ];
- networking.firewall.rejectPackets = true;
- networking.firewall.allowPing = true;
-
-# $ nix-env -qaP | grep wget
- environment.systemPackages = with pkgs; [
- jq
- ];
}
diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix
index da7466d75..f19dbfea6 100644
--- a/makefu/1systems/tsp.nix
+++ b/makefu/1systems/tsp.nix
@@ -1,7 +1,6 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
+#
+#
+#
{ config, pkgs, ... }:
{
@@ -28,11 +27,4 @@
};
};
- networking.firewall.rejectPackets = true;
- networking.firewall.allowPing = true;
-
- environment.systemPackages = with pkgs; [
- vim
- jq
- ];
}
diff --git a/makefu/2configs/base.nix b/makefu/2configs/base.nix
index 25d92d63d..906c74f7d 100644
--- a/makefu/2configs/base.nix
+++ b/makefu/2configs/base.nix
@@ -50,6 +50,10 @@ with lib;
users.mutableUsers = false;
boot.tmpOnTmpfs = true;
+
+ networking.firewall.rejectPackets = true;
+ networking.firewall.allowPing = true;
+
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
From 0862e949f6b736c76b601acd3b17262521175c31 Mon Sep 17 00:00:00 2001
From: makefu <makefu@tsp>
Date: Wed, 12 Aug 2015 16:58:21 +0200
Subject: [PATCH 26/36] tsp: 2 cores
---
krebs/3modules/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 4644e59eb..a533fcf64 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -307,7 +307,7 @@ let
};
};
tsp = {
- cores = 4;
+ cores = 2;
dc = "makefu"; #x200
nets = {
retiolum = {
From 7c578b1cad5d33c4a2773459ef62a8a72c585972 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 13 Aug 2015 11:46:09 +0200
Subject: [PATCH 27/36] {tv 2 => krebs 3}/exim-retiolum
---
krebs/3modules/default.nix | 1 +
krebs/3modules/exim-retiolum.nix | 142 +++++++++++++++++++++++++++++++
tv/1systems/nomic.nix | 4 +-
tv/1systems/wu.nix | 4 +-
tv/2configs/exim-retiolum.nix | 126 ---------------------------
5 files changed, 149 insertions(+), 128 deletions(-)
create mode 100644 krebs/3modules/exim-retiolum.nix
delete mode 100644 tv/2configs/exim-retiolum.nix
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index e677ba5ea..fd795a036 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -6,6 +6,7 @@ let
out = {
imports = [
+ ./exim-retiolum.nix
./github-hosts-sync.nix
./git.nix
./nginx.nix
diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix
new file mode 100644
index 000000000..09372f074
--- /dev/null
+++ b/krebs/3modules/exim-retiolum.nix
@@ -0,0 +1,142 @@
+{ config, pkgs, lib, ... }:
+
+with builtins;
+with lib;
+let
+ cfg = config.krebs.exim-retiolum;
+
+ out = {
+ options.krebs.exim-retiolum = api;
+ config =
+ # This configuration makes only sense for retiolum-enabled hosts.
+ # TODO modular configuration
+ assert config.krebs.retiolum.enable;
+ mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "krebs.exim-retiolum";
+ };
+
+ imp = {
+ services.exim = {
+ enable = true;
+ config = ''
+ primary_hostname = ${retiolumHostname}
+ domainlist local_domains = @ : localhost
+ domainlist relay_to_domains = *.retiolum
+ hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
+
+ acl_smtp_rcpt = acl_check_rcpt
+ acl_smtp_data = acl_check_data
+
+ host_lookup = *
+ rfc1413_hosts = *
+ rfc1413_query_timeout = 5s
+
+ log_file_path = syslog
+ syslog_timestamp = false
+ syslog_duplication = false
+
+ begin acl
+
+ acl_check_rcpt:
+ accept hosts = :
+ control = dkim_disable_verify
+
+ deny message = Restricted characters in address
+ domains = +local_domains
+ local_parts = ^[.] : ^.*[@%!/|]
+
+ deny message = Restricted characters in address
+ domains = !+local_domains
+ local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+ accept local_parts = postmaster
+ domains = +local_domains
+
+ #accept
+ # hosts = *.retiolum
+ # domains = *.retiolum
+ # control = dkim_disable_verify
+
+ #require verify = sender
+
+ accept hosts = +relay_from_hosts
+ control = submission
+ control = dkim_disable_verify
+
+ accept authenticated = *
+ control = submission
+ control = dkim_disable_verify
+
+ require message = relay not permitted
+ domains = +local_domains : +relay_to_domains
+
+ require verify = recipient
+
+ accept
+
+
+ acl_check_data:
+ accept
+
+
+ begin routers
+
+ retiolum:
+ driver = manualroute
+ domains = ! ${retiolumHostname} : *.retiolum
+ transport = remote_smtp
+ route_list = ^.* $0 byname
+ no_more
+
+ nonlocal:
+ debug_print = "R: nonlocal for $local_part@$domain"
+ driver = redirect
+ domains = ! +local_domains
+ allow_fail
+ data = :fail: Mailing to remote domains not supported
+ no_more
+
+ local_user:
+ # debug_print = "R: local_user for $local_part@$domain"
+ driver = accept
+ check_local_user
+ # local_part_suffix = +* : -*
+ # local_part_suffix_optional
+ transport = home_maildir
+ cannot_route_message = Unknown user
+
+
+ begin transports
+
+ remote_smtp:
+ driver = smtp
+
+ home_maildir:
+ driver = appendfile
+ maildir_format
+ directory = $home/Maildir
+ directory_mode = 0700
+ delivery_date_add
+ envelope_to_add
+ return_path_add
+ # group = mail
+ # mode = 0660
+
+ begin retry
+ *.retiolum * F,42d,1m
+ * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+ begin rewrite
+
+ begin authenticators
+ '';
+ };
+ };
+
+ # TODO get the hostname from somewhere else.
+ retiolumHostname = "${config.networking.hostName}.retiolum";
+in
+out
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index b9a10cb4f..896c1ad29 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -25,7 +25,6 @@ with lib;
../2configs/AO753.nix
../2configs/base.nix
../2configs/consul-server.nix
- ../2configs/exim-retiolum.nix
../2configs/git.nix
{
tv.iptables = {
@@ -38,6 +37,9 @@ with lib;
];
};
}
+ {
+ krebs.exim-retiolum = true;
+ }
{
krebs.nginx = {
enable = true;
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index ae6ef1327..a5cbde3ec 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -29,7 +29,6 @@ in
../2configs/w110er.nix
../2configs/base.nix
../2configs/consul-client.nix
- ../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/mail-client.nix
../2configs/xserver.nix
@@ -165,6 +164,9 @@ in
];
};
}
+ {
+ krebs.exim-retiolum = true;
+ }
{
krebs.nginx = {
enable = true;
diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
deleted file mode 100644
index 851a0c625..000000000
--- a/tv/2configs/exim-retiolum.nix
+++ /dev/null
@@ -1,126 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- services.exim =
- # This configuration makes only sense for retiolum-enabled hosts.
- # TODO modular configuration
- assert config.krebs.retiolum.enable;
- let
- # TODO get the hostname from config.krebs.retiolum.
- retiolumHostname = "${config.networking.hostName}.retiolum";
- in
- { enable = true;
- config = ''
- primary_hostname = ${retiolumHostname}
- domainlist local_domains = @ : localhost
- domainlist relay_to_domains = *.retiolum
- hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
-
- acl_smtp_rcpt = acl_check_rcpt
- acl_smtp_data = acl_check_data
-
- host_lookup = *
- rfc1413_hosts = *
- rfc1413_query_timeout = 5s
-
- log_file_path = syslog
- syslog_timestamp = false
- syslog_duplication = false
-
- begin acl
-
- acl_check_rcpt:
- accept hosts = :
- control = dkim_disable_verify
-
- deny message = Restricted characters in address
- domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
-
- deny message = Restricted characters in address
- domains = !+local_domains
- local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
-
- accept local_parts = postmaster
- domains = +local_domains
-
- #accept
- # hosts = *.retiolum
- # domains = *.retiolum
- # control = dkim_disable_verify
-
- #require verify = sender
-
- accept hosts = +relay_from_hosts
- control = submission
- control = dkim_disable_verify
-
- accept authenticated = *
- control = submission
- control = dkim_disable_verify
-
- require message = relay not permitted
- domains = +local_domains : +relay_to_domains
-
- require verify = recipient
-
- accept
-
-
- acl_check_data:
- accept
-
-
- begin routers
-
- retiolum:
- driver = manualroute
- domains = ! ${retiolumHostname} : *.retiolum
- transport = remote_smtp
- route_list = ^.* $0 byname
- no_more
-
- nonlocal:
- debug_print = "R: nonlocal for $local_part@$domain"
- driver = redirect
- domains = ! +local_domains
- allow_fail
- data = :fail: Mailing to remote domains not supported
- no_more
-
- local_user:
- # debug_print = "R: local_user for $local_part@$domain"
- driver = accept
- check_local_user
- # local_part_suffix = +* : -*
- # local_part_suffix_optional
- transport = home_maildir
- cannot_route_message = Unknown user
-
-
- begin transports
-
- remote_smtp:
- driver = smtp
-
- home_maildir:
- driver = appendfile
- maildir_format
- directory = $home/Maildir
- directory_mode = 0700
- delivery_date_add
- envelope_to_add
- return_path_add
- # group = mail
- # mode = 0660
-
- begin retry
- *.retiolum * F,42d,1m
- * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
-
- begin rewrite
-
- begin authenticators
- '';
- };
-}
From ab2d3f96be09e4a77f33b7ce2f3b96dbc9b57c39 Mon Sep 17 00:00:00 2001
From: makefu <makefu@tsp>
Date: Thu, 13 Aug 2015 12:02:26 +0200
Subject: [PATCH 28/36] services: add pigstarter
---
krebs/3modules/default.nix | 39 +++++++++++++++++++++++++++++++++++++-
1 file changed, 38 insertions(+), 1 deletion(-)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index a533fcf64..8573c5a05 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -164,7 +164,7 @@ let
{ krebs = tv-imp; }
{
krebs.dns.providers = {
- de.krebsco = "ovh";
+ de.krebsco = "zones";
internet = "hosts";
retiolum = "hosts";
};
@@ -334,6 +334,43 @@ let
};
};
};
+ pigstarter = {
+ cores = 1;
+ dc = "makefu"; #x200
+ nets = {
+ internet = {
+ addrs4 = ["192.40.56.122"];
+ addrs6 = ["2604:2880::841f:72c"];
+ aliases = [
+ "pigstarter.internet"
+ ];
+ zones = [
+ { "pigstarter.krebsco.de" = "A";}
+ { "io.krebsco.de" = "NS";}
+ { "io.krebsco.de" = "A";}
+ { "mx42.krebsco.de" = "MX";}
+ { "mx42.krebsco.de" = "A";}
+ ];
+ };
+ retiolum = {
+ addrs4 = ["10.243.0.153"];
+ addrs6 = ["42:9143:b4c0:f981:6030:7aa2:8bc5:4110"];
+ aliases = [
+ "pigstarter.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA/efJuJRLUIZROe3QE8WYTD/zyNGRh9I2/yw+5It9HSNVDMIOV1FZ
+ 9PaspsC+YQSBUQRN8SJ95G4RM6TIn/+ei7LiUYsf1Ik+uEOpP5EPthXqvdJEeswv
+ 3QFwbpBeOMNdvmGvQLeR1uJKVyf39iep1wWGOSO1sLtUA+skUuN38QKc1BPASzFG
+ 4ATM6rd2Tkt8+9hCeoePJdLr3pXat9BBuQIxImgx7m5EP02SH1ndb2wttQeAi9cE
+ DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv
+ sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
};
users = addNames {
makefu = {
From 6c2c01b5cbf0a6b6a4db46ad4f0623772a5b7c15 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 13 Aug 2015 11:46:09 +0200
Subject: [PATCH 29/36] {tv 2 => krebs 3}/exim-retiolum
---
krebs/3modules/default.nix | 1 +
krebs/3modules/exim-retiolum.nix | 143 +++++++++++++++++++++++++++++++
tv/1systems/nomic.nix | 4 +-
tv/1systems/wu.nix | 4 +-
tv/2configs/exim-retiolum.nix | 126 ---------------------------
5 files changed, 150 insertions(+), 128 deletions(-)
create mode 100644 krebs/3modules/exim-retiolum.nix
delete mode 100644 tv/2configs/exim-retiolum.nix
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index e677ba5ea..fd795a036 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -6,6 +6,7 @@ let
out = {
imports = [
+ ./exim-retiolum.nix
./github-hosts-sync.nix
./git.nix
./nginx.nix
diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix
new file mode 100644
index 000000000..71c091917
--- /dev/null
+++ b/krebs/3modules/exim-retiolum.nix
@@ -0,0 +1,143 @@
+{ config, pkgs, lib, ... }:
+
+with builtins;
+with lib;
+let
+ cfg = config.krebs.exim-retiolum;
+
+ out = {
+ options.krebs.exim-retiolum = api;
+ config =
+ # This configuration makes only sense for retiolum-enabled hosts.
+ # TODO modular configuration
+ mkIf cfg.enable (
+ #assert config.krebs.retiolum.enable;
+ imp);
+ };
+
+ api = {
+ enable = mkEnableOption "krebs.exim-retiolum";
+ };
+
+ imp = {
+ services.exim = {
+ enable = true;
+ config = ''
+ primary_hostname = ${retiolumHostname}
+ domainlist local_domains = @ : localhost
+ domainlist relay_to_domains = *.retiolum
+ hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
+
+ acl_smtp_rcpt = acl_check_rcpt
+ acl_smtp_data = acl_check_data
+
+ host_lookup = *
+ rfc1413_hosts = *
+ rfc1413_query_timeout = 5s
+
+ log_file_path = syslog
+ syslog_timestamp = false
+ syslog_duplication = false
+
+ begin acl
+
+ acl_check_rcpt:
+ accept hosts = :
+ control = dkim_disable_verify
+
+ deny message = Restricted characters in address
+ domains = +local_domains
+ local_parts = ^[.] : ^.*[@%!/|]
+
+ deny message = Restricted characters in address
+ domains = !+local_domains
+ local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+ accept local_parts = postmaster
+ domains = +local_domains
+
+ #accept
+ # hosts = *.retiolum
+ # domains = *.retiolum
+ # control = dkim_disable_verify
+
+ #require verify = sender
+
+ accept hosts = +relay_from_hosts
+ control = submission
+ control = dkim_disable_verify
+
+ accept authenticated = *
+ control = submission
+ control = dkim_disable_verify
+
+ require message = relay not permitted
+ domains = +local_domains : +relay_to_domains
+
+ require verify = recipient
+
+ accept
+
+
+ acl_check_data:
+ accept
+
+
+ begin routers
+
+ retiolum:
+ driver = manualroute
+ domains = ! ${retiolumHostname} : *.retiolum
+ transport = remote_smtp
+ route_list = ^.* $0 byname
+ no_more
+
+ nonlocal:
+ debug_print = "R: nonlocal for $local_part@$domain"
+ driver = redirect
+ domains = ! +local_domains
+ allow_fail
+ data = :fail: Mailing to remote domains not supported
+ no_more
+
+ local_user:
+ # debug_print = "R: local_user for $local_part@$domain"
+ driver = accept
+ check_local_user
+ # local_part_suffix = +* : -*
+ # local_part_suffix_optional
+ transport = home_maildir
+ cannot_route_message = Unknown user
+
+
+ begin transports
+
+ remote_smtp:
+ driver = smtp
+
+ home_maildir:
+ driver = appendfile
+ maildir_format
+ directory = $home/Maildir
+ directory_mode = 0700
+ delivery_date_add
+ envelope_to_add
+ return_path_add
+ # group = mail
+ # mode = 0660
+
+ begin retry
+ *.retiolum * F,42d,1m
+ * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+ begin rewrite
+
+ begin authenticators
+ '';
+ };
+ };
+
+ # TODO get the hostname from somewhere else.
+ retiolumHostname = "${config.networking.hostName}.retiolum";
+in
+out
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index b9a10cb4f..896c1ad29 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -25,7 +25,6 @@ with lib;
../2configs/AO753.nix
../2configs/base.nix
../2configs/consul-server.nix
- ../2configs/exim-retiolum.nix
../2configs/git.nix
{
tv.iptables = {
@@ -38,6 +37,9 @@ with lib;
];
};
}
+ {
+ krebs.exim-retiolum = true;
+ }
{
krebs.nginx = {
enable = true;
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index ae6ef1327..a5cbde3ec 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -29,7 +29,6 @@ in
../2configs/w110er.nix
../2configs/base.nix
../2configs/consul-client.nix
- ../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/mail-client.nix
../2configs/xserver.nix
@@ -165,6 +164,9 @@ in
];
};
}
+ {
+ krebs.exim-retiolum = true;
+ }
{
krebs.nginx = {
enable = true;
diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
deleted file mode 100644
index 851a0c625..000000000
--- a/tv/2configs/exim-retiolum.nix
+++ /dev/null
@@ -1,126 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- services.exim =
- # This configuration makes only sense for retiolum-enabled hosts.
- # TODO modular configuration
- assert config.krebs.retiolum.enable;
- let
- # TODO get the hostname from config.krebs.retiolum.
- retiolumHostname = "${config.networking.hostName}.retiolum";
- in
- { enable = true;
- config = ''
- primary_hostname = ${retiolumHostname}
- domainlist local_domains = @ : localhost
- domainlist relay_to_domains = *.retiolum
- hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
-
- acl_smtp_rcpt = acl_check_rcpt
- acl_smtp_data = acl_check_data
-
- host_lookup = *
- rfc1413_hosts = *
- rfc1413_query_timeout = 5s
-
- log_file_path = syslog
- syslog_timestamp = false
- syslog_duplication = false
-
- begin acl
-
- acl_check_rcpt:
- accept hosts = :
- control = dkim_disable_verify
-
- deny message = Restricted characters in address
- domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
-
- deny message = Restricted characters in address
- domains = !+local_domains
- local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
-
- accept local_parts = postmaster
- domains = +local_domains
-
- #accept
- # hosts = *.retiolum
- # domains = *.retiolum
- # control = dkim_disable_verify
-
- #require verify = sender
-
- accept hosts = +relay_from_hosts
- control = submission
- control = dkim_disable_verify
-
- accept authenticated = *
- control = submission
- control = dkim_disable_verify
-
- require message = relay not permitted
- domains = +local_domains : +relay_to_domains
-
- require verify = recipient
-
- accept
-
-
- acl_check_data:
- accept
-
-
- begin routers
-
- retiolum:
- driver = manualroute
- domains = ! ${retiolumHostname} : *.retiolum
- transport = remote_smtp
- route_list = ^.* $0 byname
- no_more
-
- nonlocal:
- debug_print = "R: nonlocal for $local_part@$domain"
- driver = redirect
- domains = ! +local_domains
- allow_fail
- data = :fail: Mailing to remote domains not supported
- no_more
-
- local_user:
- # debug_print = "R: local_user for $local_part@$domain"
- driver = accept
- check_local_user
- # local_part_suffix = +* : -*
- # local_part_suffix_optional
- transport = home_maildir
- cannot_route_message = Unknown user
-
-
- begin transports
-
- remote_smtp:
- driver = smtp
-
- home_maildir:
- driver = appendfile
- maildir_format
- directory = $home/Maildir
- directory_mode = 0700
- delivery_date_add
- envelope_to_add
- return_path_add
- # group = mail
- # mode = 0660
-
- begin retry
- *.retiolum * F,42d,1m
- * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
-
- begin rewrite
-
- begin authenticators
- '';
- };
-}
From 647550f3e747a024044bda9f49a6bac5669dd60b Mon Sep 17 00:00:00 2001
From: makefu <makefu@tsp>
Date: Thu, 13 Aug 2015 12:03:59 +0200
Subject: [PATCH 30/36] types: add zones
---
krebs/4lib/types.nix | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index 92410dd58..975c36b08 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -20,6 +20,7 @@ types // rec {
type = attrsOf net;
apply = x: assert hasAttr "retiolum" x; x;
};
+
secure = mkOption {
type = bool;
default = false;
@@ -73,6 +74,11 @@ types // rec {
}));
default = null;
};
+ zones = mkOption {
+ default = [];
+ # TODO: string is either MX, NS, A or AAAA
+ type = with types; listOf (attrsOf str);
+ };
};
});
From 6b9a70d2d0d4e773d60251acec2ab882c8dd56d7 Mon Sep 17 00:00:00 2001
From: makefu <makefu@tsp>
Date: Thu, 13 Aug 2015 12:03:59 +0200
Subject: [PATCH 31/36] types: add zones
---
krebs/4lib/types.nix | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index 92410dd58..975c36b08 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -20,6 +20,7 @@ types // rec {
type = attrsOf net;
apply = x: assert hasAttr "retiolum" x; x;
};
+
secure = mkOption {
type = bool;
default = false;
@@ -73,6 +74,11 @@ types // rec {
}));
default = null;
};
+ zones = mkOption {
+ default = [];
+ # TODO: string is either MX, NS, A or AAAA
+ type = with types; listOf (attrsOf str);
+ };
};
});
From 9f92ba455c4b13f4d960bae65cd577c9aad30dc4 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 13 Aug 2015 12:08:36 +0200
Subject: [PATCH 32/36] krebs.exim-retiolum: assert krebs.retiolum.enable
---
krebs/3modules/exim-retiolum.nix | 182 +++++++++++++++----------------
1 file changed, 91 insertions(+), 91 deletions(-)
diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix
index 71c091917..e1315d8c8 100644
--- a/krebs/3modules/exim-retiolum.nix
+++ b/krebs/3modules/exim-retiolum.nix
@@ -8,11 +8,7 @@ let
out = {
options.krebs.exim-retiolum = api;
config =
- # This configuration makes only sense for retiolum-enabled hosts.
- # TODO modular configuration
- mkIf cfg.enable (
- #assert config.krebs.retiolum.enable;
- imp);
+ mkIf cfg.enable imp;
};
api = {
@@ -20,121 +16,125 @@ let
};
imp = {
- services.exim = {
- enable = true;
- config = ''
- primary_hostname = ${retiolumHostname}
- domainlist local_domains = @ : localhost
- domainlist relay_to_domains = *.retiolum
- hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
+ services.exim =
+ # This configuration makes only sense for retiolum-enabled hosts.
+ # TODO modular configuration
+ assert config.krebs.retiolum.enable;
+ {
+ enable = true;
+ config = ''
+ primary_hostname = ${retiolumHostname}
+ domainlist local_domains = @ : localhost
+ domainlist relay_to_domains = *.retiolum
+ hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
- acl_smtp_rcpt = acl_check_rcpt
- acl_smtp_data = acl_check_data
+ acl_smtp_rcpt = acl_check_rcpt
+ acl_smtp_data = acl_check_data
- host_lookup = *
- rfc1413_hosts = *
- rfc1413_query_timeout = 5s
+ host_lookup = *
+ rfc1413_hosts = *
+ rfc1413_query_timeout = 5s
- log_file_path = syslog
- syslog_timestamp = false
- syslog_duplication = false
+ log_file_path = syslog
+ syslog_timestamp = false
+ syslog_duplication = false
- begin acl
+ begin acl
- acl_check_rcpt:
- accept hosts = :
- control = dkim_disable_verify
+ acl_check_rcpt:
+ accept hosts = :
+ control = dkim_disable_verify
- deny message = Restricted characters in address
- domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
+ deny message = Restricted characters in address
+ domains = +local_domains
+ local_parts = ^[.] : ^.*[@%!/|]
- deny message = Restricted characters in address
- domains = !+local_domains
- local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+ deny message = Restricted characters in address
+ domains = !+local_domains
+ local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
- accept local_parts = postmaster
- domains = +local_domains
+ accept local_parts = postmaster
+ domains = +local_domains
- #accept
- # hosts = *.retiolum
- # domains = *.retiolum
- # control = dkim_disable_verify
+ #accept
+ # hosts = *.retiolum
+ # domains = *.retiolum
+ # control = dkim_disable_verify
- #require verify = sender
+ #require verify = sender
- accept hosts = +relay_from_hosts
- control = submission
- control = dkim_disable_verify
+ accept hosts = +relay_from_hosts
+ control = submission
+ control = dkim_disable_verify
- accept authenticated = *
- control = submission
- control = dkim_disable_verify
+ accept authenticated = *
+ control = submission
+ control = dkim_disable_verify
- require message = relay not permitted
- domains = +local_domains : +relay_to_domains
+ require message = relay not permitted
+ domains = +local_domains : +relay_to_domains
- require verify = recipient
+ require verify = recipient
- accept
+ accept
- acl_check_data:
- accept
+ acl_check_data:
+ accept
- begin routers
+ begin routers
- retiolum:
- driver = manualroute
- domains = ! ${retiolumHostname} : *.retiolum
- transport = remote_smtp
- route_list = ^.* $0 byname
- no_more
+ retiolum:
+ driver = manualroute
+ domains = ! ${retiolumHostname} : *.retiolum
+ transport = remote_smtp
+ route_list = ^.* $0 byname
+ no_more
- nonlocal:
- debug_print = "R: nonlocal for $local_part@$domain"
- driver = redirect
- domains = ! +local_domains
- allow_fail
- data = :fail: Mailing to remote domains not supported
- no_more
+ nonlocal:
+ debug_print = "R: nonlocal for $local_part@$domain"
+ driver = redirect
+ domains = ! +local_domains
+ allow_fail
+ data = :fail: Mailing to remote domains not supported
+ no_more
- local_user:
- # debug_print = "R: local_user for $local_part@$domain"
- driver = accept
- check_local_user
- # local_part_suffix = +* : -*
- # local_part_suffix_optional
- transport = home_maildir
- cannot_route_message = Unknown user
+ local_user:
+ # debug_print = "R: local_user for $local_part@$domain"
+ driver = accept
+ check_local_user
+ # local_part_suffix = +* : -*
+ # local_part_suffix_optional
+ transport = home_maildir
+ cannot_route_message = Unknown user
- begin transports
+ begin transports
- remote_smtp:
- driver = smtp
+ remote_smtp:
+ driver = smtp
- home_maildir:
- driver = appendfile
- maildir_format
- directory = $home/Maildir
- directory_mode = 0700
- delivery_date_add
- envelope_to_add
- return_path_add
- # group = mail
- # mode = 0660
+ home_maildir:
+ driver = appendfile
+ maildir_format
+ directory = $home/Maildir
+ directory_mode = 0700
+ delivery_date_add
+ envelope_to_add
+ return_path_add
+ # group = mail
+ # mode = 0660
- begin retry
- *.retiolum * F,42d,1m
- * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
+ begin retry
+ *.retiolum * F,42d,1m
+ * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
- begin rewrite
+ begin rewrite
- begin authenticators
- '';
- };
+ begin authenticators
+ '';
+ };
};
# TODO get the hostname from somewhere else.
From 978d5cc9f07ccfcca2cc53cb45ccb5ee0c801869 Mon Sep 17 00:00:00 2001
From: makefu <makefu@tsp>
Date: Thu, 13 Aug 2015 17:15:09 +0200
Subject: [PATCH 33/36] makefu/tsp: add exim
---
makefu/1systems/tsp.nix | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix
index f19dbfea6..6e93df51e 100644
--- a/makefu/1systems/tsp.nix
+++ b/makefu/1systems/tsp.nix
@@ -18,6 +18,13 @@
krebs.build.user = config.krebs.users.makefu;
krebs.build.target = "root@tsp";
+ krebs.exim-retiolum.enable = true;
+ networking.firewall.allowedTCPPorts = [
+ # nginx runs on 80
+ # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp
+ 25
+ ];
+
krebs.build.deps = {
nixpkgs = {
#url = https://github.com/NixOS/nixpkgs;
From bdc58a02f93661796d8816818c0792cbab65f7c1 Mon Sep 17 00:00:00 2001
From: makefu <makefu@tsp>
Date: Thu, 13 Aug 2015 17:45:43 +0200
Subject: [PATCH 34/36] krebs: add pigstarter,mail
---
krebs/3modules/default.nix | 32 ++++++++++++++++++++++++++++++--
1 file changed, 30 insertions(+), 2 deletions(-)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 467cc4459..35ccd278d 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -335,9 +335,37 @@ let
};
};
};
+ pornocauster = {
+ cores = 2;
+ dc = "makefu"; #x220
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.0.91"];
+ addrs6 = ["42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"];
+ aliases = [
+ "pornocauster.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
+ HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
+ mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
+ n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
+ R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
+ Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
+ aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
+ ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
+ KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
+ XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
+ teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
pigstarter = {
cores = 1;
- dc = "makefu"; #x200
+ dc = "frontrange"; #vps
nets = {
internet = {
addrs4 = ["192.40.56.122"];
@@ -375,7 +403,7 @@ let
};
users = addNames {
makefu = {
- mail = "root@euer.krebsco.de";
+ mail = "root@tsp.retiolum";
pubkey = readFile ../../Zpubkeys/makefu_arch.ssh.pub;
};
};
From d230db96d9b7403da64887b6ceebcacc564c268b Mon Sep 17 00:00:00 2001
From: makefu <makefu@tsp>
Date: Thu, 13 Aug 2015 20:28:21 +0000
Subject: [PATCH 35/36] krebs: add extraZones
---
krebs/3modules/default.nix | 56 ++++++++++++++++++++++++++++++++------
krebs/4lib/types.nix | 11 ++++----
2 files changed, 53 insertions(+), 14 deletions(-)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 35ccd278d..d77d00c05 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -184,7 +184,42 @@ let
) host.nets
) cfg.hosts
));
- }
+
+ # krebs.hosts.bob = rec {
+ # addrs4 = "10.0.0.1";
+ # extraZones = {
+ # # extraZones
+ # "krebsco.de" = ''
+ # krebsco.de. IN MX 10 mx1
+ # mx1 IN A ${addrs4}
+ # '';
+ # "dickbutt.de" = ''
+ # dickbutt.de. IN NS ns
+ # ns IN A ${addrs4}
+ # ''
+ # }
+ # }
+ # krebs.hosts.khan = rec {
+ # addrs4 = "10.0.0.2";
+ # extraZones = {
+ # "krebsco.de" = ''
+ # khan.krebsco.de IN A ${addrs4}
+ # };
+ # }
+ #
+ # =>
+ # "zone/krebsco.de".text = ''
+ # krebsco.de. IN MX 10 mx1
+ # mx1 IN A 10.0.0.1
+ # khan.krebsco.de IN A 10.0.0.2
+ # '';
+
+
+ environment.etc = mapAttrs'
+ (name: value:
+ nameValuePair (("zones/" + name)) ({ text=value;}))
+ cfg.hosts.pigstarter.extraZones;
+ }
];
lass-imp = {
@@ -363,9 +398,19 @@ let
};
};
};
- pigstarter = {
+ pigstarter = rec {
cores = 1;
dc = "frontrange"; #vps
+
+ extraZones = {
+ "de.krebsco" = ''
+ pigstarter.krebsco.de IN A ${elemAt nets.internet.addrs4 0}
+ krebsco.de. IN NS io
+ io IN A ${elemAt nets.internet.addrs4 0}
+ krebsco.de. IN MX 10 mx42
+ mx42 IN A ${elemAt nets.internet.addrs4 0}
+ '';
+ };
nets = {
internet = {
addrs4 = ["192.40.56.122"];
@@ -373,13 +418,6 @@ let
aliases = [
"pigstarter.internet"
];
- zones = [
- { "pigstarter.krebsco.de" = "A";}
- { "io.krebsco.de" = "NS";}
- { "io.krebsco.de" = "A";}
- { "mx42.krebsco.de" = "MX";}
- { "mx42.krebsco.de" = "A";}
- ];
};
retiolum = {
addrs4 = ["10.243.0.153"];
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index 975c36b08..f767d20fe 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -21,6 +21,12 @@ types // rec {
apply = x: assert hasAttr "retiolum" x; x;
};
+ extraZones = mkOption {
+ default = {};
+ # TODO: string is either MX, NS, A or AAAA
+ type = with types; attrsOf string;
+ };
+
secure = mkOption {
type = bool;
default = false;
@@ -74,11 +80,6 @@ types // rec {
}));
default = null;
};
- zones = mkOption {
- default = [];
- # TODO: string is either MX, NS, A or AAAA
- type = with types; listOf (attrsOf str);
- };
};
});
From db4b55527d527158bd4e7f93128668e646f2cf1f Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 13 Aug 2015 22:31:40 +0200
Subject: [PATCH 36/36] krebs/3: add cd extraZones
---
krebs/3modules/default.nix | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index d77d00c05..9ad9c9f91 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -455,6 +455,13 @@ let
cd = {
cores = 2;
dc = "tv"; #dc = "cac";
+ extraZones = {
+ "de.krebsco" = ''
+ mx23 IN A ${elemAt nets.internet.addrs4 0}
+ cd IN A ${elemAt nets.internet.addrs4 0}
+ krebsco.de. IN MX 5 mx23
+ '';
+ };
nets = rec {
internet = {
addrs4 = ["162.219.7.216"];