makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions 1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'pnp/master'

Browse source
This commit is contained in:
tv 2015-10-01 17:16:57 +02:00
parent 2432695678 d9f4d621bc
commit cd61f94ba0
9 changed files with 160 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
krebs/3modules/Reaktor.nix
View file

@ -2,7 +2,6 @@
let
kpkgs = import ../5pkgs { inherit pkgs; inherit lib; };
inherit (lib)
mkIf
@ -63,13 +62,20 @@ let
configuration appended to the default or overridden configuration
'';
};
ReaktorPkg = mkOption {
default = kpkgs.Reaktor;
extraEnviron = mkOption {
default = {};
type = types.attrsOf types.str;
description = ''
the Reaktor pkg to use.
Environment to be provided to the service, can be:
REAKTOR_HOST
REAKTOR_PORT
REAKTOR_STATEDIR
REAKTOR_CHANNELS
debug and nickname can be set separately via the Reaktor api
'';
};
debug = mkOption {
default = false;
description = ''
@ -80,7 +86,6 @@ let
imp = {
# for reaktor get-config
environment.systemPackages = [ cfg.ReaktorPkg ];
users.extraUsers = singleton {
name = "Reaktor";
# uid = config.ids.uids.Reaktor;
@ -98,7 +103,7 @@ let
systemd.services.Reaktor = {
path = with pkgs; [
utillinux #flock for tell_on-join
# git # for nag
git # for nag
python # for caps
];
description = "Reaktor IRC Bot";
@ -108,17 +113,17 @@ let
GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
REAKTOR_NICKNAME = cfg.nickname;
REAKTOR_DEBUG = (if cfg.debug then "True" else "False");
};
} // cfg.extraEnviron;
serviceConfig= {
ExecStartPre = pkgs.writeScript "Reaktor-init" ''
#! /bin/sh
${if (isString cfg.overrideConfig) then
''cp ${ReaktorConfig} /tmp/config.py''
else
''(${cfg.ReaktorPkg}/bin/reaktor get-config;cat "${ReaktorConfig}" ) > /tmp/config.py''
''(${pkgs.Reaktor}/bin/reaktor get-config;cat "${ReaktorConfig}" ) > /tmp/config.py''
}
'';
ExecStart = "${cfg.ReaktorPkg}/bin/reaktor run /tmp/config.py";
ExecStart = "${pkgs.Reaktor}/bin/reaktor run /tmp/config.py";
PrivateTmp = "true";
User = "Reaktor";
Restart = "on-abort";

66
krebs/3modules/default.nix
View file

@ -352,8 +352,8 @@ let
extraZones = {
"krebsco.de" = ''
mediengewitter IN A ${elemAt nets.internet.addrs4 0}
flap IN A ${elemAt nets.internet.addrs4 0}'';
mediengewitter IN A ${head nets.internet.addrs4}
flap IN A ${head nets.internet.addrs4}'';
};
nets = {
internet = {
@ -390,14 +390,13 @@ let
IN MX 10 mx42
euer IN MX 1 aspmx.l.google.com.
io IN NS pigstarter.krebsco.de.
euer IN A ${elemAt nets.internet.addrs4 0}
pigstarter IN A ${elemAt nets.internet.addrs4 0}
conf IN A ${elemAt nets.internet.addrs4 0}
gold IN A ${elemAt nets.internet.addrs4 0}
graph IN A ${elemAt nets.internet.addrs4 0}
tinc IN A ${elemAt nets.internet.addrs4 0}
boot IN A ${elemAt nets.internet.addrs4 0}
mx42 IN A ${elemAt nets.internet.addrs4 0}'';
pigstarter IN A ${head nets.internet.addrs4}
conf IN A ${head nets.internet.addrs4}
gold IN A ${head nets.internet.addrs4}
graph IN A ${head nets.internet.addrs4}
tinc IN A ${head nets.internet.addrs4}
boot IN A ${head nets.internet.addrs4}
mx42 IN A ${head nets.internet.addrs4}'';
};
nets = {
internet = {
@ -426,15 +425,56 @@ let
};
};
};
wry = rec {
cores = 1;
dc = "makefu"; #dc = "cac";
extraZones = {
"krebsco.de" = ''
wry IN A ${head nets.internet.addrs4}
'';
};
nets = rec {
internet = {
addrs4 = ["162.219.7.216"];
aliases = [
"wry.internet"
];
};
retiolum = {
via = internet;
addrs4 = ["10.243.29.169"];
addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"];
aliases = [
"wry.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
gum = rec {
cores = 1;
dc = "online.net"; #root-server
extraZones = {
"krebsco.de" = ''
omo IN A ${elemAt nets.internet.addrs4 0}
gum IN A ${elemAt nets.internet.addrs4 0}
paste IN A ${elemAt nets.internet.addrs4 0}'';
omo IN A ${head nets.internet.addrs4}
euer IN A ${head nets.internet.addrs4}
gum IN A ${head nets.internet.addrs4}
paste IN A ${head nets.internet.addrs4}'';
};
nets = {
internet = {

11
makefu/1systems/pnp.nix
View file

@ -9,6 +9,7 @@
[ # Include the results of the hardware scan.
# Base
../2configs/base.nix
../2configs/base-sources.nix
../2configs/tinc-basic-retiolum.nix
# HW/FS
@ -31,6 +32,10 @@
];
krebs.Reaktor.enable = true;
krebs.Reaktor.debug = true;
krebs.Reaktor.nickname = "Reaktor|bot";
krebs.Reaktor.extraEnviron = {
REAKTOR_CHANNELS = "#krebs,#binaergewitter";
};
krebs.build.host = config.krebs.hosts.pnp;
krebs.build.user = config.krebs.users.makefu;
@ -38,12 +43,6 @@
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
krebs.build.deps = {
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
rev = "03921972268934d900cc32dad253ff383926771c";
};
};
networking.firewall.allowedTCPPorts = [
# nginx runs on 80

19
makefu/1systems/pornocauster.nix
View file

@ -9,6 +9,9 @@
../2configs/base.nix
../2configs/main-laptop.nix #< base-gui
# configures sources
../2configs/base-sources.nix
# Krebs
../2configs/tinc-basic-retiolum.nix
#../2configs/disable_v6.nix
@ -18,34 +21,30 @@
# applications
../2configs/exim-retiolum.nix
../2configs/virtualization.nix
#../2configs/virtualization.nix
../2configs/virtualization-virtualbox.nix
../2configs/wwan.nix
# services
../2configs/git/brain-retiolum.nix
# ../2configs/Reaktor/simpleExtend.nix
../2configs/tor.nix
# hardware specifics are in here
../2configs/hw/tp-x220.nix
# mount points
../2configs/fs/sda-crypto-root-home.nix
];
krebs.Reaktor.enable = true;
krebs.Reaktor.debug = true;
krebs.Reaktor.nickname = "makefu|r";
krebs.build.host = config.krebs.hosts.pornocauster;
krebs.build.user = config.krebs.users.makefu;
krebs.build.target = "root@pornocauster";
#krebs.Reaktor.nickname = "makefu|r";
networking.firewall.allowedTCPPorts = [
25
];
krebs.build.deps = {
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
#url = https://github.com/makefu/nixpkgs;
rev = "03921972268934d900cc32dad253ff383926771c";
};
};
}

34
makefu/1systems/wry.nix Normal file
View file

@ -0,0 +1,34 @@
{ config, lib, pkgs, ... }:
let
ip = (lib.elemAt config.krebs.build.host.nets.internet.addrs4 0);
in {
imports = [
../../tv/2configs/CAC-CentOS-7-64bit.nix
../2configs/base.nix
../2configs/tinc-basic-retiolum.nix
{
}
];
networking.firewall.allowPing = true;
networking.interfaces.enp2s1.ip4 = [
{
address = ip;
prefixLength = 24;
}
];
networking.defaultGateway = "104.233.80.1";
networking.nameservers = [
"8.8.8.8"
];
# based on ../../tv/2configs/CAC-Developer-2.nix
sound.enable = false;
krebs.build = {
user = config.krebs.users.makefu;
target = "root@${ip}";
host = config.krebs.hosts.wry;
};
}

19
makefu/2configs/base-sources.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
{
krebs.build.source = {
git.nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
#url = https://github.com/makefu/nixpkgs;
rev = "68bd8e4a9dc247726ae89cc8739574261718e328";
};
dir.secrets = {
host = config.krebs.hosts.pornocauster;
path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
};
dir.stockholm = {
host = config.krebs.hosts.pornocauster;
path = toString ../.. ;
};
};
}

9
makefu/2configs/base.nix
View file

@ -37,15 +37,6 @@ with lib;
time.timeZone = "Europe/Berlin";
#nix.maxJobs = 1;
krebs.build.deps = {
secrets = {
url = "/home/makefu/secrets/${config.krebs.build.host.name}";
};
stockholm = {
url = toString ../..;
};
};
services.openssh.enable = true;
nix.useChroot = true;

7
makefu/2configs/tor.nix Normal file
View file

@ -0,0 +1,7 @@
{ config, lib, pkgs, ... }:
{
services.tor.enable = true;
services.tor.client.enable = true;
# also enables services.tor.client.privoxy
}

18
makefu/2configs/virtualization-virtualbox.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, lib, pkgs, ... }:
let
mainUser = config.krebs.build.user;
version = "5.0.4";
rev = "102546";
vboxguestpkg = pkgs.fetchurl {
url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
sha256 = "1ykwpjvfgj11iwhx70bh2hbxhyy3hg6rnqzl4qac7xzg8xw8wqg4";
};
in {
#inherit vboxguestpkg;
virtualisation.virtualbox.host.enable = true;
nixpkgs.config.virtualbox.enableExtensionPack = true;
users.extraGroups.vboxusers.members = [ "${mainUser.name}" ];
environment.systemPackages = [ vboxguestpkg ];
}