Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
cd7c0971cc
|
@ -10,15 +10,15 @@ let
|
|||
allDisks = [ rootDisk ]; # auxDisk
|
||||
in {
|
||||
imports = [
|
||||
../.
|
||||
../2configs/fs/single-partition-ext4.nix
|
||||
../2configs/zsh-user.nix
|
||||
../2configs/smart-monitor.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/virtualization.nix
|
||||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
||||
<stockholm/makefu/2configs/zsh-user.nix>
|
||||
<stockholm/makefu/2configs/smart-monitor.nix>
|
||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
||||
<stockholm/makefu/2configs/virtualization.nix>
|
||||
|
||||
../2configs/tinc/retiolum.nix
|
||||
../2configs/temp-share-samba.nix
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
<stockholm/makefu/2configs/temp-share-samba.nix>
|
||||
];
|
||||
services.samba.shares = {
|
||||
isos = {
|
3
makefu/1systems/darth/source.nix
Normal file
3
makefu/1systems/darth/source.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="darth";
|
||||
}
|
|
@ -5,10 +5,10 @@ let
|
|||
prefixLength = 18;
|
||||
in {
|
||||
imports = [
|
||||
../.
|
||||
../2configs/hw/CAC.nix
|
||||
../2configs/save-diskspace.nix
|
||||
../2configs/torrent.nix
|
||||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/hw/CAC.nix>
|
||||
<stockholm/makefu/2configs/save-diskspace.nix>
|
||||
<stockholm/makefu/2configs/torrent.nix>
|
||||
];
|
||||
krebs = {
|
||||
enable = true;
|
3
makefu/1systems/drop/source.nix
Normal file
3
makefu/1systems/drop/source.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="drop";
|
||||
}
|
|
@ -22,16 +22,16 @@ let
|
|||
disks = [ { name = "luksroot"; device = rootPartition; } ] ++ dataDisks;
|
||||
in {
|
||||
imports = [
|
||||
../.
|
||||
../2configs/tinc/retiolum.nix
|
||||
../2configs/disable_v6.nix
|
||||
# ../2configs/torrent.nix
|
||||
../2configs/fs/sda-crypto-root.nix
|
||||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
<stockholm/makefu/2configs/disable_v6.nix>
|
||||
# <stockholm/makefu/2configs/torrent.nix>
|
||||
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
|
||||
|
||||
#../2configs/elchos/irc-token.nix
|
||||
../2configs/elchos/log.nix
|
||||
../2configs/elchos/search.nix
|
||||
../2configs/elchos/stats.nix
|
||||
#<stockholm/makefu/2configs/elchos/irc-token.nix>
|
||||
<stockholm/makefu/2configs/elchos/log.nix>
|
||||
<stockholm/makefu/2configs/elchos/search.nix>
|
||||
<stockholm/makefu/2configs/elchos/stats.nix>
|
||||
|
||||
];
|
||||
systemd.services.grafana.serviceConfig.LimitNOFILE=10032;
|
3
makefu/1systems/fileleech/source.nix
Normal file
3
makefu/1systems/fileleech/source.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="fileleech";
|
||||
}
|
|
@ -20,11 +20,11 @@ let
|
|||
in {
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
../.
|
||||
../2configs/fs/single-partition-ext4.nix
|
||||
../2configs/smart-monitor.nix
|
||||
../2configs/tinc/retiolum.nix
|
||||
../2configs/filepimp-share.nix
|
||||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
||||
<stockholm/makefu/2configs/smart-monitor.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
<stockholm/makefu/2configs/filepimp-share.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.filepimp;
|
||||
|
@ -73,9 +73,9 @@ in {
|
|||
xfsmount = name: dev:
|
||||
{ "/media/${name}" = { device = dev; fsType = "xfs"; }; };
|
||||
in
|
||||
# (xfsmount "j0" (part1 jDisk0)) //
|
||||
(xfsmount "j1" (part1 jDisk1)) //
|
||||
(xfsmount "j2" (part1 jDisk2)) //
|
||||
# (xfsmount "j0" (part1 jDisk0)) <stockholm/makefu>
|
||||
(xfsmount "j1" (part1 jDisk1)) <stockholm/makefu>
|
||||
(xfsmount "j2" (part1 jDisk2)) <stockholm/makefu>
|
||||
(xfsmount "par0" (part1 jDisk3))
|
||||
;
|
||||
|
3
makefu/1systems/filepimp/source.nix
Normal file
3
makefu/1systems/filepimp/source.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="filepimp";
|
||||
}
|
|
@ -13,47 +13,47 @@ let
|
|||
main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
|
||||
in {
|
||||
imports = [
|
||||
../.
|
||||
<stockholm/makefu>
|
||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
../2configs/headless.nix
|
||||
../2configs/fs/single-partition-ext4.nix
|
||||
# ../2configs/smart-monitor.nix
|
||||
../2configs/git/cgit-retiolum.nix
|
||||
../2configs/backup.nix
|
||||
# ../2configs/mattermost-docker.nix
|
||||
# ../2configs/disable_v6.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/tinc/retiolum.nix
|
||||
../2configs/urlwatch
|
||||
<stockholm/makefu/2configs/headless.nix>
|
||||
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
||||
# <stockholm/makefu/2configs/smart-monitor.nix>
|
||||
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
|
||||
<stockholm/makefu/2configs/backup.nix>
|
||||
# <stockholm/makefu/2configs/mattermost-docker.nix>
|
||||
# <stockholm/makefu/2configs/disable_v6.nix>
|
||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
<stockholm/makefu/2configs/urlwatch>
|
||||
|
||||
# Security
|
||||
../2configs/sshd-totp.nix
|
||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||
|
||||
# Tools
|
||||
../2configs/tools/core.nix
|
||||
../2configs/tools/dev.nix
|
||||
../2configs/tools/sec.nix
|
||||
<stockholm/makefu/2configs/tools/core.nix>
|
||||
<stockholm/makefu/2configs/tools/dev.nix>
|
||||
<stockholm/makefu/2configs/tools/sec.nix>
|
||||
|
||||
# services
|
||||
../2configs/share/gum.nix
|
||||
../2configs/sabnzbd.nix
|
||||
../2configs/torrent.nix
|
||||
../2configs/iodined.nix
|
||||
<stockholm/makefu/2configs/share/gum.nix>
|
||||
<stockholm/makefu/2configs/sabnzbd.nix>
|
||||
<stockholm/makefu/2configs/torrent.nix>
|
||||
<stockholm/makefu/2configs/iodined.nix>
|
||||
|
||||
## Web
|
||||
../2configs/nginx/share-download.nix
|
||||
../2configs/nginx/euer.test.nix
|
||||
../2configs/nginx/euer.wiki.nix
|
||||
../2configs/nginx/euer.blog.nix
|
||||
../2configs/nginx/public_html.nix
|
||||
../2configs/nginx/update.connector.one.nix
|
||||
<stockholm/makefu/2configs/nginx/share-download.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.test.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.blog.nix>
|
||||
<stockholm/makefu/2configs/nginx/public_html.nix>
|
||||
<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
||||
|
||||
../2configs/deployment/mycube.connector.one.nix
|
||||
../2configs/deployment/graphs.nix
|
||||
../2configs/deployment/owncloud.nix
|
||||
../2configs/deployment/wiki-irc-bot
|
||||
../2configs/deployment/boot-euer.nix
|
||||
../2configs/deployment/hound
|
||||
<stockholm/makefu/2configs/deployment/mycube.connector.one.nix>
|
||||
<stockholm/makefu/2configs/deployment/graphs.nix>
|
||||
<stockholm/makefu/2configs/deployment/owncloud.nix>
|
||||
<stockholm/makefu/2configs/deployment/wiki-irc-bot>
|
||||
<stockholm/makefu/2configs/deployment/boot-euer.nix>
|
||||
<stockholm/makefu/2configs/deployment/hound>
|
||||
{
|
||||
services.taskserver.enable = true;
|
||||
services.taskserver.fqdn = config.krebs.build.host.name;
|
||||
|
@ -64,12 +64,12 @@ in {
|
|||
ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
|
||||
'';
|
||||
}
|
||||
# ../2configs/ipfs.nix
|
||||
../2configs/syncthing.nix
|
||||
# <stockholm/makefu/2configs/ipfs.nix>
|
||||
<stockholm/makefu/2configs/syncthing.nix>
|
||||
|
||||
# ../2configs/opentracker.nix
|
||||
../2configs/stats/client.nix
|
||||
# ../2configs/logging/client.nix
|
||||
# <stockholm/makefu/2configs/opentracker.nix>
|
||||
<stockholm/makefu/2configs/stats/client.nix>
|
||||
# <stockholm/makefu/2configs/logging/client.nix>
|
||||
|
||||
];
|
||||
makefu.dl-dir = "/var/download";
|
3
makefu/1systems/gum/source.nix
Normal file
3
makefu/1systems/gum/source.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="gum";
|
||||
}
|
|
@ -3,10 +3,10 @@
|
|||
with import <stockholm/lib>;
|
||||
{
|
||||
imports = [
|
||||
../.
|
||||
<stockholm/makefu>
|
||||
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
|
||||
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
|
||||
../2configs/tools/core.nix
|
||||
<stockholm/makefu/2configs/tools/core.nix>
|
||||
];
|
||||
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
|
||||
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
|
3
makefu/1systems/iso/source.nix
Normal file
3
makefu/1systems/iso/source.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="iso";
|
||||
}
|
|
@ -39,35 +39,35 @@ let
|
|||
in {
|
||||
imports =
|
||||
[
|
||||
../.
|
||||
<stockholm/makefu>
|
||||
# TODO: unlock home partition via ssh
|
||||
../2configs/fs/sda-crypto-root.nix
|
||||
../2configs/zsh-user.nix
|
||||
../2configs/backup.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/smart-monitor.nix
|
||||
../2configs/mail-client.nix
|
||||
# ../2configs/disable_v6.nix
|
||||
#../2configs/graphite-standalone.nix
|
||||
#../2configs/share-user-sftp.nix
|
||||
../2configs/share/omo.nix
|
||||
../2configs/tinc/retiolum.nix
|
||||
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
|
||||
<stockholm/makefu/2configs/zsh-user.nix>
|
||||
<stockholm/makefu/2configs/backup.nix>
|
||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
||||
<stockholm/makefu/2configs/smart-monitor.nix>
|
||||
<stockholm/makefu/2configs/mail-client.nix>
|
||||
# <stockholm/makefu/2configs/disable_v6.nix>
|
||||
#<stockholm/makefu/2configs/graphite-standalone.nix>
|
||||
#<stockholm/makefu/2configs/share-user-sftp.nix>
|
||||
<stockholm/makefu/2configs/share/omo.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
|
||||
# Logging
|
||||
../2configs/stats/server.nix #influx + grafana
|
||||
../2configs/stats/client.nix
|
||||
../2configs/stats/external/aralast.nix # logs to influx
|
||||
<stockholm/makefu/2configs/stats/server.nix #influx + grafana>
|
||||
<stockholm/makefu/2configs/stats/client.nix>
|
||||
<stockholm/makefu/2configs/stats/external/aralast.nix # logs to influx>
|
||||
|
||||
# services
|
||||
../2configs/syncthing.nix
|
||||
../2configs/mqtt.nix
|
||||
# ../2configs/logging/central-logging-client.nix
|
||||
<stockholm/makefu/2configs/syncthing.nix>
|
||||
<stockholm/makefu/2configs/mqtt.nix>
|
||||
# <stockholm/makefu/2configs/logging/central-logging-client.nix>
|
||||
|
||||
# ../2configs/torrent.nix
|
||||
# <stockholm/makefu/2configs/torrent.nix>
|
||||
|
||||
# ../2configs/elchos/search.nix
|
||||
# ../2configs/elchos/log.nix
|
||||
# ../2configs/elchos/irc-token.nix
|
||||
# <stockholm/makefu/2configs/elchos/search.nix>
|
||||
# <stockholm/makefu/2configs/elchos/log.nix>
|
||||
# <stockholm/makefu/2configs/elchos/irc-token.nix>
|
||||
|
||||
## as long as pyload is not in nixpkgs:
|
||||
# docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
|
3
makefu/1systems/omo/source.nix
Normal file
3
makefu/1systems/omo/source.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="omo";
|
||||
}
|
|
@ -6,16 +6,16 @@
|
|||
{
|
||||
imports =
|
||||
[
|
||||
../.
|
||||
../2configs/headless.nix
|
||||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/headless.nix>
|
||||
../../krebs/3modules/Reaktor.nix
|
||||
|
||||
# these will be overwritten by qemu-vm.nix but will be used if the system
|
||||
# is directly deployed
|
||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
../2configs/fs/vm-single-partition.nix
|
||||
<stockholm/makefu/2configs/fs/vm-single-partition.nix>
|
||||
|
||||
../2configs/tinc/retiolum.nix
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
|
||||
# config.system.build.vm
|
||||
(toString <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>)
|
3
makefu/1systems/pnp/source.nix
Normal file
3
makefu/1systems/pnp/source.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="pnp";
|
||||
}
|
|
@ -7,10 +7,10 @@
|
|||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
../.
|
||||
<stockholm/makefu>
|
||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
../2configs/git/cgit-retiolum.nix
|
||||
../2configs/tinc/retiolum.nix
|
||||
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
];
|
||||
krebs.build.host = config.krebs.hosts.repunit;
|
||||
|
3
makefu/1systems/repunit/source.nix
Normal file
3
makefu/1systems/repunit/source.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="repunit";
|
||||
}
|
|
@ -4,14 +4,14 @@
|
|||
makefu.awesome.modkey = "Mod1";
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
../.
|
||||
<stockholm/makefu>
|
||||
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
|
||||
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
|
||||
../2configs/main-laptop.nix #< base-gui
|
||||
<stockholm/makefu/2configs/main-laptop.nix #< base-gui>
|
||||
# <secrets/extra-hosts.nix>
|
||||
|
||||
# environment
|
||||
../2configs/tinc/retiolum.nix
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
|
||||
];
|
||||
# workaround for https://github.com/NixOS/nixpkgs/issues/16641
|
3
makefu/1systems/sdev/source.nix
Normal file
3
makefu/1systems/sdev/source.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="sdev";
|
||||
}
|
|
@ -9,12 +9,12 @@ let
|
|||
gw = "64.137.234.1";
|
||||
in {
|
||||
imports = [
|
||||
../.
|
||||
../2configs/save-diskspace.nix
|
||||
../2configs/hw/CAC.nix
|
||||
../2configs/fs/CAC-CentOS-7-64bit.nix
|
||||
../2configs/tinc/retiolum.nix
|
||||
../2configs/torrent.nix
|
||||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/save-diskspace.nix>
|
||||
<stockholm/makefu/2configs/hw/CAC.nix>
|
||||
<stockholm/makefu/2configs/fs/CAC-CentOS-7-64bit.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
<stockholm/makefu/2configs/torrent.nix>
|
||||
];
|
||||
|
||||
|
3
makefu/1systems/shoney/source.nix
Normal file
3
makefu/1systems/shoney/source.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="shoney";
|
||||
}
|
|
@ -1,14 +1,14 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
../.
|
||||
../2configs/vncserver.nix
|
||||
../2configs/vim.nix
|
||||
../2configs/disable_v6.nix
|
||||
../2configs/audio/jack-on-pulse.nix
|
||||
../2configs/audio/realtime-audio.nix
|
||||
../2configs/gui/studio.nix
|
||||
../2configs/binary-cache/lass.nix
|
||||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/vncserver.nix>
|
||||
<stockholm/makefu/2configs/vim.nix>
|
||||
<stockholm/makefu/2configs/disable_v6.nix>
|
||||
<stockholm/makefu/2configs/audio/jack-on-pulse.nix>
|
||||
<stockholm/makefu/2configs/audio/realtime-audio.nix>
|
||||
<stockholm/makefu/2configs/gui/studio.nix>
|
||||
<stockholm/makefu/2configs/binary-cache/lass.nix>
|
||||
|
||||
];
|
||||
makefu.gui.user = "user"; # we use an extra user
|
7
makefu/1systems/studio/source.nix
Normal file
7
makefu/1systems/studio/source.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="studio";
|
||||
override.musnix.git = {
|
||||
url = https://github.com/musnix/musnix.git;
|
||||
ref = "f0ec1f3";
|
||||
};
|
||||
}
|
|
@ -1,29 +0,0 @@
|
|||
#
|
||||
#
|
||||
#
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
../.
|
||||
../2configs/gui/base.nix
|
||||
../2configs/fs/sda-crypto-root.nix
|
||||
# hardware specifics are in here
|
||||
../2configs/hw/tp-x200.nix #< imports tp-x2x0.nix
|
||||
|
||||
../2configs/disable_v6.nix
|
||||
../2configs/rad1o.nix
|
||||
|
||||
../2configs/zsh-user.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/tinc/retiolum.nix
|
||||
];
|
||||
# not working in vm
|
||||
krebs.build.host = config.krebs.hosts.tsp;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
25
|
||||
];
|
||||
|
||||
}
|
29
makefu/1systems/tsp/config.nix
Normal file
29
makefu/1systems/tsp/config.nix
Normal file
|
@ -0,0 +1,29 @@
|
|||
#
|
||||
#
|
||||
#
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/gui/base.nix>
|
||||
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
|
||||
# hardware specifics are in here
|
||||
<stockholm/makefu/2configs/hw/tp-x200.nix #< imports tp-x2x0.nix>
|
||||
|
||||
<stockholm/makefu/2configs/disable_v6.nix>
|
||||
<stockholm/makefu/2configs/rad1o.nix>
|
||||
|
||||
<stockholm/makefu/2configs/zsh-user.nix>
|
||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
];
|
||||
# not working in vm
|
||||
krebs.build.host = config.krebs.hosts.tsp;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
25
|
||||
];
|
||||
|
||||
}
|
3
makefu/1systems/tsp/source.nix
Normal file
3
makefu/1systems/tsp/source.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="tsp";
|
||||
}
|
|
@ -4,24 +4,24 @@
|
|||
makefu.awesome.modkey = "Mod1";
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
../.
|
||||
<stockholm/makefu>
|
||||
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
|
||||
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
|
||||
../2configs/main-laptop.nix #< base-gui
|
||||
../2configs/sshd-totp.nix
|
||||
<stockholm/makefu/2configs/main-laptop.nix #< base-gui>
|
||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||
|
||||
# Tools
|
||||
../2configs/tools/core.nix
|
||||
../2configs/tools/core-gui.nix
|
||||
../2configs/tools/dev.nix
|
||||
../2configs/tools/extra-gui.nix
|
||||
../2configs/tools/sec.nix
|
||||
<stockholm/makefu/2configs/tools/core.nix>
|
||||
<stockholm/makefu/2configs/tools/core-gui.nix>
|
||||
<stockholm/makefu/2configs/tools/dev.nix>
|
||||
<stockholm/makefu/2configs/tools/extra-gui.nix>
|
||||
<stockholm/makefu/2configs/tools/sec.nix>
|
||||
|
||||
# environment
|
||||
../2configs/tinc/retiolum.nix
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
|
||||
../2configs/audio/jack-on-pulse.nix
|
||||
../2configs/audio/realtime-audio.nix
|
||||
<stockholm/makefu/2configs/audio/jack-on-pulse.nix>
|
||||
<stockholm/makefu/2configs/audio/realtime-audio.nix>
|
||||
|
||||
];
|
||||
networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
|
3
makefu/1systems/vbob/source.nix
Normal file
3
makefu/1systems/vbob/source.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="vbob";
|
||||
}
|
|
@ -7,23 +7,23 @@ in {
|
|||
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
../.
|
||||
../2configs/zsh-user.nix
|
||||
../2configs/tools/core.nix
|
||||
../2configs/tools/core-gui.nix
|
||||
../2configs/tools/extra-gui.nix
|
||||
../2configs/tools/media.nix
|
||||
../2configs/virtualization.nix
|
||||
../2configs/tinc/retiolum.nix
|
||||
../2configs/mqtt.nix
|
||||
../2configs/deployment/led-fader.nix
|
||||
# ../2configs/gui/wbob-kiosk.nix
|
||||
../2configs/stats/client.nix
|
||||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/zsh-user.nix>
|
||||
<stockholm/makefu/2configs/tools/core.nix>
|
||||
<stockholm/makefu/2configs/tools/core-gui.nix>
|
||||
<stockholm/makefu/2configs/tools/extra-gui.nix>
|
||||
<stockholm/makefu/2configs/tools/media.nix>
|
||||
<stockholm/makefu/2configs/virtualization.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
<stockholm/makefu/2configs/mqtt.nix>
|
||||
<stockholm/makefu/2configs/deployment/led-fader.nix>
|
||||
# <stockholm/makefu/2configs/gui/wbob-kiosk.nix>
|
||||
<stockholm/makefu/2configs/stats/client.nix>
|
||||
|
||||
../2configs/gui/studio.nix
|
||||
../2configs/audio/jack-on-pulse.nix
|
||||
../2configs/audio/realtime-audio.nix
|
||||
../2configs/vncserver.nix
|
||||
<stockholm/makefu/2configs/gui/studio.nix>
|
||||
<stockholm/makefu/2configs/audio/jack-on-pulse.nix>
|
||||
<stockholm/makefu/2configs/audio/realtime-audio.nix>
|
||||
<stockholm/makefu/2configs/vncserver.nix>
|
||||
];
|
||||
|
||||
krebs = {
|
3
makefu/1systems/wbob/source.nix
Normal file
3
makefu/1systems/wbob/source.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="wbob";
|
||||
}
|
|
@ -7,26 +7,26 @@ let
|
|||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
in {
|
||||
imports = [
|
||||
../.
|
||||
<stockholm/makefu>
|
||||
# TODO: copy this config or move to krebs
|
||||
../2configs/hw/CAC.nix
|
||||
../2configs/fs/CAC-CentOS-7-64bit.nix
|
||||
../2configs/save-diskspace.nix
|
||||
<stockholm/makefu/2configs/hw/CAC.nix>
|
||||
<stockholm/makefu/2configs/fs/CAC-CentOS-7-64bit.nix>
|
||||
<stockholm/makefu/2configs/save-diskspace.nix>
|
||||
|
||||
# ../2configs/bepasty-dual.nix
|
||||
# <stockholm/makefu/2configs/bepasty-dual.nix>
|
||||
|
||||
../2configs/iodined.nix
|
||||
../2configs/backup.nix
|
||||
<stockholm/makefu/2configs/iodined.nix>
|
||||
<stockholm/makefu/2configs/backup.nix>
|
||||
|
||||
# other nginx
|
||||
# ../2configs/nginx/euer.test.nix
|
||||
# <stockholm/makefu/2configs/nginx/euer.test.nix>
|
||||
|
||||
# collectd
|
||||
../2configs/stats/client.nix
|
||||
../2configs/logging/client.nix
|
||||
<stockholm/makefu/2configs/stats/client.nix>
|
||||
<stockholm/makefu/2configs/logging/client.nix>
|
||||
|
||||
../2configs/tinc/retiolum.nix
|
||||
# ../2configs/torrent.nix
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
# <stockholm/makefu/2configs/torrent.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.wry;
|
3
makefu/1systems/wry/source.nix
Normal file
3
makefu/1systems/wry/source.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="wry";
|
||||
}
|
|
@ -1,91 +0,0 @@
|
|||
#
|
||||
#
|
||||
#
|
||||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # base
|
||||
../.
|
||||
../2configs/main-laptop.nix
|
||||
../2configs/extra-fonts.nix
|
||||
../2configs/tools/all.nix
|
||||
../2configs/laptop-backup.nix
|
||||
../2configs/dnscrypt.nix
|
||||
../2configs/avahi.nix
|
||||
|
||||
# Debugging
|
||||
# ../2configs/disable_v6.nix
|
||||
|
||||
# Testing
|
||||
# ../2configs/lanparty/lancache.nix
|
||||
# ../2configs/lanparty/lancache-dns.nix
|
||||
# ../2configs/deployment/dirctator.nix
|
||||
# ../2configs/vncserver.nix
|
||||
# ../2configs/deployment/led-fader
|
||||
# ../2configs/deployment/hound
|
||||
|
||||
# development
|
||||
../2configs/sources
|
||||
|
||||
# Krebs
|
||||
../2configs/tinc/retiolum.nix
|
||||
|
||||
# applications
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/mail-client.nix
|
||||
../2configs/printer.nix
|
||||
../2configs/task-client.nix
|
||||
|
||||
# Virtualization
|
||||
../2configs/virtualization.nix
|
||||
../2configs/docker.nix
|
||||
../2configs/virtualization-virtualbox.nix
|
||||
|
||||
# Services
|
||||
../2configs/git/brain-retiolum.nix
|
||||
../2configs/tor.nix
|
||||
../2configs/steam.nix
|
||||
# ../2configs/buildbot-standalone.nix
|
||||
|
||||
# Hardware
|
||||
../2configs/hw/tp-x230.nix
|
||||
../2configs/hw/rtl8812au.nix
|
||||
../2configs/hw/exfat-nofuse.nix
|
||||
../2configs/hw/wwan.nix
|
||||
# ../2configs/hw/stk1160.nix
|
||||
# ../2configs/rad1o.nix
|
||||
|
||||
# Filesystem
|
||||
../2configs/fs/sda-crypto-root-home.nix
|
||||
|
||||
# Security
|
||||
../2configs/sshd-totp.nix
|
||||
|
||||
];
|
||||
|
||||
makefu.server.primary-itf = "wlp3s0";
|
||||
makefu.full-populate = true;
|
||||
makefu.umts.apn = "web.vodafone.de";
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
environment.systemPackages = [ pkgs.passwdqc-utils ];
|
||||
|
||||
|
||||
# configure pulseAudio to provide a HDMI sink as well
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
|
||||
networking.firewall.allowedUDPPorts = [ 665 26061 ];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.x;
|
||||
|
||||
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
|
||||
|
||||
networking.extraHosts = ''
|
||||
192.168.1.11 omo.local
|
||||
'';
|
||||
# hard dependency because otherwise the device will not be unlocked
|
||||
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
|
||||
}
|
88
makefu/1systems/x/config.nix
Normal file
88
makefu/1systems/x/config.nix
Normal file
|
@ -0,0 +1,88 @@
|
|||
#
|
||||
#
|
||||
#
|
||||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # base
|
||||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/main-laptop.nix>
|
||||
<stockholm/makefu/2configs/extra-fonts.nix>
|
||||
<stockholm/makefu/2configs/tools/all.nix>
|
||||
<stockholm/makefu/2configs/laptop-backup.nix>
|
||||
<stockholm/makefu/2configs/dnscrypt.nix>
|
||||
<stockholm/makefu/2configs/avahi.nix>
|
||||
|
||||
# Debugging
|
||||
# <stockholm/makefu/2configs/disable_v6.nix>
|
||||
|
||||
# Testing
|
||||
# <stockholm/makefu/2configs/lanparty/lancache.nix>
|
||||
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
|
||||
# <stockholm/makefu/2configs/deployment/dirctator.nix>
|
||||
# <stockholm/makefu/2configs/vncserver.nix>
|
||||
# <stockholm/makefu/2configs/deployment/led-fader>
|
||||
# <stockholm/makefu/2configs/deployment/hound>
|
||||
|
||||
# Krebs
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
|
||||
# applications
|
||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
||||
<stockholm/makefu/2configs/mail-client.nix>
|
||||
<stockholm/makefu/2configs/printer.nix>
|
||||
<stockholm/makefu/2configs/task-client.nix>
|
||||
|
||||
# Virtualization
|
||||
<stockholm/makefu/2configs/virtualization.nix>
|
||||
<stockholm/makefu/2configs/docker.nix>
|
||||
<stockholm/makefu/2configs/virtualization-virtualbox.nix>
|
||||
|
||||
# Services
|
||||
<stockholm/makefu/2configs/git/brain-retiolum.nix>
|
||||
<stockholm/makefu/2configs/tor.nix>
|
||||
<stockholm/makefu/2configs/steam.nix>
|
||||
# <stockholm/makefu/2configs/buildbot-standalone.nix>
|
||||
|
||||
# Hardware
|
||||
<stockholm/makefu/2configs/hw/tp-x230.nix>
|
||||
<stockholm/makefu/2configs/hw/rtl8812au.nix>
|
||||
<stockholm/makefu/2configs/hw/exfat-nofuse.nix>
|
||||
<stockholm/makefu/2configs/hw/wwan.nix>
|
||||
# <stockholm/makefu/2configs/hw/stk1160.nix>
|
||||
# <stockholm/makefu/2configs/rad1o.nix>
|
||||
|
||||
# Filesystem
|
||||
<stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
|
||||
|
||||
# Security
|
||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||
|
||||
];
|
||||
|
||||
makefu.server.primary-itf = "wlp3s0";
|
||||
makefu.full-populate = true;
|
||||
makefu.umts.apn = "web.vodafone.de";
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
environment.systemPackages = [ pkgs.passwdqc-utils ];
|
||||
|
||||
|
||||
# configure pulseAudio to provide a HDMI sink as well
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
|
||||
networking.firewall.allowedUDPPorts = [ 665 26061 ];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.x;
|
||||
|
||||
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
|
||||
|
||||
networking.extraHosts = ''
|
||||
192.168.1.11 omo.local
|
||||
'';
|
||||
# hard dependency because otherwise the device will not be unlocked
|
||||
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
|
||||
}
|
4
makefu/1systems/x/source.nix
Normal file
4
makefu/1systems/x/source.nix
Normal file
|
@ -0,0 +1,4 @@
|
|||
import <stockholm/makefu/source.nix> {
|
||||
name="x";
|
||||
full = true;
|
||||
}
|
|
@ -4,7 +4,6 @@ let
|
|||
in
|
||||
{
|
||||
imports = [
|
||||
../sources/musnix.nix # populate musnix
|
||||
<musnix>
|
||||
];
|
||||
musnix.enable = true;
|
||||
|
|
|
@ -18,34 +18,7 @@ with import <stockholm/lib>;
|
|||
|
||||
dns.providers.lan = "hosts";
|
||||
search-domain = "r";
|
||||
build = {
|
||||
user = config.krebs.users.makefu;
|
||||
source = let
|
||||
inherit (config.krebs.build) host user;
|
||||
ref = "06734d1"; # unstable @ 2017-07-03 + graceful requests2 (a772c3aa)
|
||||
in {
|
||||
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
|
||||
{
|
||||
git = { url = https://github.com/makefu/nixpkgs; inherit ref; };
|
||||
}
|
||||
else
|
||||
# TODO use http, once it is implemented
|
||||
# right now it is simply extracted revision folder
|
||||
|
||||
## prepare so we do not have to wait for rsync:
|
||||
## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff -L | tar zx && mv NixOS-nixpkgs-125ffff nixpkgs
|
||||
{ file = "/home/makefu/store/${ref}";};
|
||||
secrets.file =
|
||||
if getEnv "dummy_secrets" == "true"
|
||||
then toString <stockholm/makefu/6tests/data/secrets>
|
||||
else "/home/makefu/secrets/${host.name}";
|
||||
stockholm.file = getEnv "PWD";
|
||||
|
||||
# Defaults for all stockholm users?
|
||||
nixos-config.symlink =
|
||||
"stockholm/${user.name}/1systems/${host.name}.nix";
|
||||
};
|
||||
};
|
||||
build.user = config.krebs.users.makefu;
|
||||
};
|
||||
|
||||
users.extraUsers = {
|
||||
|
|
|
@ -12,7 +12,7 @@ in {
|
|||
enable = true;
|
||||
domain = domain;
|
||||
ip = "172.16.10.1/24";
|
||||
extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}";
|
||||
extraConfig = "-c -P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
# the builder pc (my laptop) will also require the sources i use to deploy
|
||||
# other boxes
|
||||
{
|
||||
imports = [
|
||||
./musnix.nix
|
||||
];
|
||||
}
|
|
@ -1,6 +0,0 @@
|
|||
{
|
||||
krebs.build.source.musnix.git = {
|
||||
url = https://github.com/musnix/musnix.git;
|
||||
ref = "f0ec1f3";
|
||||
};
|
||||
}
|
38
makefu/source.nix
Normal file
38
makefu/source.nix
Normal file
|
@ -0,0 +1,38 @@
|
|||
with import <stockholm/lib>;
|
||||
host@{ name, secure ? false, override ? {}, full ? false }: let
|
||||
builder = if getEnv "dummy_secrets" == "true"
|
||||
then "buildbot"
|
||||
else "makefu";
|
||||
_file = <stockholm> + "/makefu/1systems/${name}/source.nix";
|
||||
ref = "06734d1"; # unstable @ 2017-07-03 + graceful requests2 (a772c3aa)
|
||||
|
||||
in
|
||||
evalSource (toString _file) [
|
||||
{
|
||||
nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix";
|
||||
# always perform a full populate when buildbot
|
||||
nixpkgs = if full || (builder == "buildbot" ) then {
|
||||
git = {
|
||||
url = https://github.com/makefu/nixpkgs;
|
||||
inherit ref;
|
||||
};
|
||||
} else {
|
||||
# TODO use http, once it is implemented
|
||||
# right now it is simply extracted revision folder
|
||||
|
||||
## prepare so we do not have to wait for rsync:
|
||||
## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff -L | tar zx && mv NixOS-nixpkgs-125ffff nixpkgs
|
||||
file = "/home/makefu/store/${ref}";
|
||||
};
|
||||
|
||||
secrets.file = getAttr builder {
|
||||
buildbot = toString <stockholm/makefu/6tests/data/secrets>;
|
||||
makefu = "/home/makefu/secrets/${name}";
|
||||
};
|
||||
stockholm.file = toString <stockholm>;
|
||||
}
|
||||
(mkIf (builder == "makefu") {
|
||||
secrets-common.file = "/home/makefu/secrets/common";
|
||||
})
|
||||
override
|
||||
]
|
Loading…
Reference in a new issue