Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2017-07-16 12:05:35 +02:00
commit cd7c0971cc
42 changed files with 365 additions and 315 deletions

View file

@ -10,15 +10,15 @@ let
allDisks = [ rootDisk ]; # auxDisk
in {
imports = [
../.
../2configs/fs/single-partition-ext4.nix
../2configs/zsh-user.nix
../2configs/smart-monitor.nix
../2configs/exim-retiolum.nix
../2configs/virtualization.nix
<stockholm/makefu>
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/virtualization.nix>
../2configs/tinc/retiolum.nix
../2configs/temp-share-samba.nix
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/temp-share-samba.nix>
];
services.samba.shares = {
isos = {

View file

@ -0,0 +1,3 @@
import <stockholm/makefu/source.nix> {
name="darth";
}

View file

@ -5,10 +5,10 @@ let
prefixLength = 18;
in {
imports = [
../.
../2configs/hw/CAC.nix
../2configs/save-diskspace.nix
../2configs/torrent.nix
<stockholm/makefu>
<stockholm/makefu/2configs/hw/CAC.nix>
<stockholm/makefu/2configs/save-diskspace.nix>
<stockholm/makefu/2configs/torrent.nix>
];
krebs = {
enable = true;

View file

@ -0,0 +1,3 @@
import <stockholm/makefu/source.nix> {
name="drop";
}

View file

@ -22,16 +22,16 @@ let
disks = [ { name = "luksroot"; device = rootPartition; } ] ++ dataDisks;
in {
imports = [
../.
../2configs/tinc/retiolum.nix
../2configs/disable_v6.nix
# ../2configs/torrent.nix
../2configs/fs/sda-crypto-root.nix
<stockholm/makefu>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/disable_v6.nix>
# <stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
#../2configs/elchos/irc-token.nix
../2configs/elchos/log.nix
../2configs/elchos/search.nix
../2configs/elchos/stats.nix
#<stockholm/makefu/2configs/elchos/irc-token.nix>
<stockholm/makefu/2configs/elchos/log.nix>
<stockholm/makefu/2configs/elchos/search.nix>
<stockholm/makefu/2configs/elchos/stats.nix>
];
systemd.services.grafana.serviceConfig.LimitNOFILE=10032;

View file

@ -0,0 +1,3 @@
import <stockholm/makefu/source.nix> {
name="fileleech";
}

View file

@ -20,11 +20,11 @@ let
in {
imports =
[ # Include the results of the hardware scan.
../.
../2configs/fs/single-partition-ext4.nix
../2configs/smart-monitor.nix
../2configs/tinc/retiolum.nix
../2configs/filepimp-share.nix
<stockholm/makefu>
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
<stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/filepimp-share.nix>
];
krebs.build.host = config.krebs.hosts.filepimp;
@ -73,9 +73,9 @@ in {
xfsmount = name: dev:
{ "/media/${name}" = { device = dev; fsType = "xfs"; }; };
in
# (xfsmount "j0" (part1 jDisk0)) //
(xfsmount "j1" (part1 jDisk1)) //
(xfsmount "j2" (part1 jDisk2)) //
# (xfsmount "j0" (part1 jDisk0)) <stockholm/makefu>
(xfsmount "j1" (part1 jDisk1)) <stockholm/makefu>
(xfsmount "j2" (part1 jDisk2)) <stockholm/makefu>
(xfsmount "par0" (part1 jDisk3))
;

View file

@ -0,0 +1,3 @@
import <stockholm/makefu/source.nix> {
name="filepimp";
}

View file

@ -13,47 +13,47 @@ let
main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
in {
imports = [
../.
<stockholm/makefu>
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/headless.nix
../2configs/fs/single-partition-ext4.nix
# ../2configs/smart-monitor.nix
../2configs/git/cgit-retiolum.nix
../2configs/backup.nix
# ../2configs/mattermost-docker.nix
# ../2configs/disable_v6.nix
../2configs/exim-retiolum.nix
../2configs/tinc/retiolum.nix
../2configs/urlwatch
<stockholm/makefu/2configs/headless.nix>
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
# <stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
<stockholm/makefu/2configs/backup.nix>
# <stockholm/makefu/2configs/mattermost-docker.nix>
# <stockholm/makefu/2configs/disable_v6.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/urlwatch>
# Security
../2configs/sshd-totp.nix
<stockholm/makefu/2configs/sshd-totp.nix>
# Tools
../2configs/tools/core.nix
../2configs/tools/dev.nix
../2configs/tools/sec.nix
<stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/sec.nix>
# services
../2configs/share/gum.nix
../2configs/sabnzbd.nix
../2configs/torrent.nix
../2configs/iodined.nix
<stockholm/makefu/2configs/share/gum.nix>
<stockholm/makefu/2configs/sabnzbd.nix>
<stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/iodined.nix>
## Web
../2configs/nginx/share-download.nix
../2configs/nginx/euer.test.nix
../2configs/nginx/euer.wiki.nix
../2configs/nginx/euer.blog.nix
../2configs/nginx/public_html.nix
../2configs/nginx/update.connector.one.nix
<stockholm/makefu/2configs/nginx/share-download.nix>
<stockholm/makefu/2configs/nginx/euer.test.nix>
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
<stockholm/makefu/2configs/nginx/euer.blog.nix>
<stockholm/makefu/2configs/nginx/public_html.nix>
<stockholm/makefu/2configs/nginx/update.connector.one.nix>
../2configs/deployment/mycube.connector.one.nix
../2configs/deployment/graphs.nix
../2configs/deployment/owncloud.nix
../2configs/deployment/wiki-irc-bot
../2configs/deployment/boot-euer.nix
../2configs/deployment/hound
<stockholm/makefu/2configs/deployment/mycube.connector.one.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
<stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/wiki-irc-bot>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
<stockholm/makefu/2configs/deployment/hound>
{
services.taskserver.enable = true;
services.taskserver.fqdn = config.krebs.build.host.name;
@ -64,12 +64,12 @@ in {
ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
'';
}
# ../2configs/ipfs.nix
../2configs/syncthing.nix
# <stockholm/makefu/2configs/ipfs.nix>
<stockholm/makefu/2configs/syncthing.nix>
# ../2configs/opentracker.nix
../2configs/stats/client.nix
# ../2configs/logging/client.nix
# <stockholm/makefu/2configs/opentracker.nix>
<stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/logging/client.nix>
];
makefu.dl-dir = "/var/download";

View file

@ -0,0 +1,3 @@
import <stockholm/makefu/source.nix> {
name="gum";
}

View file

@ -3,10 +3,10 @@
with import <stockholm/lib>;
{
imports = [
../.
<stockholm/makefu>
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
../2configs/tools/core.nix
<stockholm/makefu/2configs/tools/core.nix>
];
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos

View file

@ -0,0 +1,3 @@
import <stockholm/makefu/source.nix> {
name="iso";
}

View file

@ -39,35 +39,35 @@ let
in {
imports =
[
../.
<stockholm/makefu>
# TODO: unlock home partition via ssh
../2configs/fs/sda-crypto-root.nix
../2configs/zsh-user.nix
../2configs/backup.nix
../2configs/exim-retiolum.nix
../2configs/smart-monitor.nix
../2configs/mail-client.nix
# ../2configs/disable_v6.nix
#../2configs/graphite-standalone.nix
#../2configs/share-user-sftp.nix
../2configs/share/omo.nix
../2configs/tinc/retiolum.nix
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/backup.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/mail-client.nix>
# <stockholm/makefu/2configs/disable_v6.nix>
#<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix>
<stockholm/makefu/2configs/share/omo.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
# Logging
../2configs/stats/server.nix #influx + grafana
../2configs/stats/client.nix
../2configs/stats/external/aralast.nix # logs to influx
<stockholm/makefu/2configs/stats/server.nix #influx + grafana>
<stockholm/makefu/2configs/stats/client.nix>
<stockholm/makefu/2configs/stats/external/aralast.nix # logs to influx>
# services
../2configs/syncthing.nix
../2configs/mqtt.nix
# ../2configs/logging/central-logging-client.nix
<stockholm/makefu/2configs/syncthing.nix>
<stockholm/makefu/2configs/mqtt.nix>
# <stockholm/makefu/2configs/logging/central-logging-client.nix>
# ../2configs/torrent.nix
# <stockholm/makefu/2configs/torrent.nix>
# ../2configs/elchos/search.nix
# ../2configs/elchos/log.nix
# ../2configs/elchos/irc-token.nix
# <stockholm/makefu/2configs/elchos/search.nix>
# <stockholm/makefu/2configs/elchos/log.nix>
# <stockholm/makefu/2configs/elchos/irc-token.nix>
## as long as pyload is not in nixpkgs:
# docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload

View file

@ -0,0 +1,3 @@
import <stockholm/makefu/source.nix> {
name="omo";
}

View file

@ -6,16 +6,16 @@
{
imports =
[
../.
../2configs/headless.nix
<stockholm/makefu>
<stockholm/makefu/2configs/headless.nix>
../../krebs/3modules/Reaktor.nix
# these will be overwritten by qemu-vm.nix but will be used if the system
# is directly deployed
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/fs/vm-single-partition.nix
<stockholm/makefu/2configs/fs/vm-single-partition.nix>
../2configs/tinc/retiolum.nix
<stockholm/makefu/2configs/tinc/retiolum.nix>
# config.system.build.vm
(toString <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>)

View file

@ -0,0 +1,3 @@
import <stockholm/makefu/source.nix> {
name="pnp";
}

View file

@ -7,10 +7,10 @@
{
imports =
[ # Include the results of the hardware scan.
../.
<stockholm/makefu>
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/git/cgit-retiolum.nix
../2configs/tinc/retiolum.nix
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
];
krebs.build.host = config.krebs.hosts.repunit;

View file

@ -0,0 +1,3 @@
import <stockholm/makefu/source.nix> {
name="repunit";
}

View file

@ -4,14 +4,14 @@
makefu.awesome.modkey = "Mod1";
imports =
[ # Include the results of the hardware scan.
../.
<stockholm/makefu>
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
../2configs/main-laptop.nix #< base-gui
<stockholm/makefu/2configs/main-laptop.nix #< base-gui>
# <secrets/extra-hosts.nix>
# environment
../2configs/tinc/retiolum.nix
<stockholm/makefu/2configs/tinc/retiolum.nix>
];
# workaround for https://github.com/NixOS/nixpkgs/issues/16641

View file

@ -0,0 +1,3 @@
import <stockholm/makefu/source.nix> {
name="sdev";
}

View file

@ -9,12 +9,12 @@ let
gw = "64.137.234.1";
in {
imports = [
../.
../2configs/save-diskspace.nix
../2configs/hw/CAC.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/tinc/retiolum.nix
../2configs/torrent.nix
<stockholm/makefu>
<stockholm/makefu/2configs/save-diskspace.nix>
<stockholm/makefu/2configs/hw/CAC.nix>
<stockholm/makefu/2configs/fs/CAC-CentOS-7-64bit.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/torrent.nix>
];

View file

@ -0,0 +1,3 @@
import <stockholm/makefu/source.nix> {
name="shoney";
}

View file

@ -1,14 +1,14 @@
{ config, pkgs, ... }:
{
imports = [
../.
../2configs/vncserver.nix
../2configs/vim.nix
../2configs/disable_v6.nix
../2configs/audio/jack-on-pulse.nix
../2configs/audio/realtime-audio.nix
../2configs/gui/studio.nix
../2configs/binary-cache/lass.nix
<stockholm/makefu>
<stockholm/makefu/2configs/vncserver.nix>
<stockholm/makefu/2configs/vim.nix>
<stockholm/makefu/2configs/disable_v6.nix>
<stockholm/makefu/2configs/audio/jack-on-pulse.nix>
<stockholm/makefu/2configs/audio/realtime-audio.nix>
<stockholm/makefu/2configs/gui/studio.nix>
<stockholm/makefu/2configs/binary-cache/lass.nix>
];
makefu.gui.user = "user"; # we use an extra user

View file

@ -0,0 +1,7 @@
import <stockholm/makefu/source.nix> {
name="studio";
override.musnix.git = {
url = https://github.com/musnix/musnix.git;
ref = "f0ec1f3";
};
}

View file

@ -1,29 +0,0 @@
#
#
#
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
../.
../2configs/gui/base.nix
../2configs/fs/sda-crypto-root.nix
# hardware specifics are in here
../2configs/hw/tp-x200.nix #< imports tp-x2x0.nix
../2configs/disable_v6.nix
../2configs/rad1o.nix
../2configs/zsh-user.nix
../2configs/exim-retiolum.nix
../2configs/tinc/retiolum.nix
];
# not working in vm
krebs.build.host = config.krebs.hosts.tsp;
networking.firewall.allowedTCPPorts = [
25
];
}

View file

@ -0,0 +1,29 @@
#
#
#
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
<stockholm/makefu>
<stockholm/makefu/2configs/gui/base.nix>
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
# hardware specifics are in here
<stockholm/makefu/2configs/hw/tp-x200.nix #< imports tp-x2x0.nix>
<stockholm/makefu/2configs/disable_v6.nix>
<stockholm/makefu/2configs/rad1o.nix>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
];
# not working in vm
krebs.build.host = config.krebs.hosts.tsp;
networking.firewall.allowedTCPPorts = [
25
];
}

View file

@ -0,0 +1,3 @@
import <stockholm/makefu/source.nix> {
name="tsp";
}

View file

@ -4,24 +4,24 @@
makefu.awesome.modkey = "Mod1";
imports =
[ # Include the results of the hardware scan.
../.
<stockholm/makefu>
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
../2configs/main-laptop.nix #< base-gui
../2configs/sshd-totp.nix
<stockholm/makefu/2configs/main-laptop.nix #< base-gui>
<stockholm/makefu/2configs/sshd-totp.nix>
# Tools
../2configs/tools/core.nix
../2configs/tools/core-gui.nix
../2configs/tools/dev.nix
../2configs/tools/extra-gui.nix
../2configs/tools/sec.nix
<stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/tools/core-gui.nix>
<stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/extra-gui.nix>
<stockholm/makefu/2configs/tools/sec.nix>
# environment
../2configs/tinc/retiolum.nix
<stockholm/makefu/2configs/tinc/retiolum.nix>
../2configs/audio/jack-on-pulse.nix
../2configs/audio/realtime-audio.nix
<stockholm/makefu/2configs/audio/jack-on-pulse.nix>
<stockholm/makefu/2configs/audio/realtime-audio.nix>
];
networking.extraHosts = import (toString <secrets/extra-hosts.nix>);

View file

@ -0,0 +1,3 @@
import <stockholm/makefu/source.nix> {
name="vbob";
}

View file

@ -7,23 +7,23 @@ in {
imports =
[ # Include the results of the hardware scan.
../.
../2configs/zsh-user.nix
../2configs/tools/core.nix
../2configs/tools/core-gui.nix
../2configs/tools/extra-gui.nix
../2configs/tools/media.nix
../2configs/virtualization.nix
../2configs/tinc/retiolum.nix
../2configs/mqtt.nix
../2configs/deployment/led-fader.nix
# ../2configs/gui/wbob-kiosk.nix
../2configs/stats/client.nix
<stockholm/makefu>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/tools/core-gui.nix>
<stockholm/makefu/2configs/tools/extra-gui.nix>
<stockholm/makefu/2configs/tools/media.nix>
<stockholm/makefu/2configs/virtualization.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/deployment/led-fader.nix>
# <stockholm/makefu/2configs/gui/wbob-kiosk.nix>
<stockholm/makefu/2configs/stats/client.nix>
../2configs/gui/studio.nix
../2configs/audio/jack-on-pulse.nix
../2configs/audio/realtime-audio.nix
../2configs/vncserver.nix
<stockholm/makefu/2configs/gui/studio.nix>
<stockholm/makefu/2configs/audio/jack-on-pulse.nix>
<stockholm/makefu/2configs/audio/realtime-audio.nix>
<stockholm/makefu/2configs/vncserver.nix>
];
krebs = {

View file

@ -0,0 +1,3 @@
import <stockholm/makefu/source.nix> {
name="wbob";
}

View file

@ -7,26 +7,26 @@ let
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
in {
imports = [
../.
<stockholm/makefu>
# TODO: copy this config or move to krebs
../2configs/hw/CAC.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/save-diskspace.nix
<stockholm/makefu/2configs/hw/CAC.nix>
<stockholm/makefu/2configs/fs/CAC-CentOS-7-64bit.nix>
<stockholm/makefu/2configs/save-diskspace.nix>
# ../2configs/bepasty-dual.nix
# <stockholm/makefu/2configs/bepasty-dual.nix>
../2configs/iodined.nix
../2configs/backup.nix
<stockholm/makefu/2configs/iodined.nix>
<stockholm/makefu/2configs/backup.nix>
# other nginx
# ../2configs/nginx/euer.test.nix
# <stockholm/makefu/2configs/nginx/euer.test.nix>
# collectd
../2configs/stats/client.nix
../2configs/logging/client.nix
<stockholm/makefu/2configs/stats/client.nix>
<stockholm/makefu/2configs/logging/client.nix>
../2configs/tinc/retiolum.nix
# ../2configs/torrent.nix
<stockholm/makefu/2configs/tinc/retiolum.nix>
# <stockholm/makefu/2configs/torrent.nix>
];
krebs.build.host = config.krebs.hosts.wry;

View file

@ -0,0 +1,3 @@
import <stockholm/makefu/source.nix> {
name="wry";
}

View file

@ -1,91 +0,0 @@
#
#
#
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
imports =
[ # base
../.
../2configs/main-laptop.nix
../2configs/extra-fonts.nix
../2configs/tools/all.nix
../2configs/laptop-backup.nix
../2configs/dnscrypt.nix
../2configs/avahi.nix
# Debugging
# ../2configs/disable_v6.nix
# Testing
# ../2configs/lanparty/lancache.nix
# ../2configs/lanparty/lancache-dns.nix
# ../2configs/deployment/dirctator.nix
# ../2configs/vncserver.nix
# ../2configs/deployment/led-fader
# ../2configs/deployment/hound
# development
../2configs/sources
# Krebs
../2configs/tinc/retiolum.nix
# applications
../2configs/exim-retiolum.nix
../2configs/mail-client.nix
../2configs/printer.nix
../2configs/task-client.nix
# Virtualization
../2configs/virtualization.nix
../2configs/docker.nix
../2configs/virtualization-virtualbox.nix
# Services
../2configs/git/brain-retiolum.nix
../2configs/tor.nix
../2configs/steam.nix
# ../2configs/buildbot-standalone.nix
# Hardware
../2configs/hw/tp-x230.nix
../2configs/hw/rtl8812au.nix
../2configs/hw/exfat-nofuse.nix
../2configs/hw/wwan.nix
# ../2configs/hw/stk1160.nix
# ../2configs/rad1o.nix
# Filesystem
../2configs/fs/sda-crypto-root-home.nix
# Security
../2configs/sshd-totp.nix
];
makefu.server.primary-itf = "wlp3s0";
makefu.full-populate = true;
makefu.umts.apn = "web.vodafone.de";
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [ pkgs.passwdqc-utils ];
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
networking.firewall.allowedUDPPorts = [ 665 26061 ];
krebs.build.host = config.krebs.hosts.x;
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
networking.extraHosts = ''
192.168.1.11 omo.local
'';
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
}

View file

@ -0,0 +1,88 @@
#
#
#
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
imports =
[ # base
<stockholm/makefu>
<stockholm/makefu/2configs/main-laptop.nix>
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
<stockholm/makefu/2configs/laptop-backup.nix>
<stockholm/makefu/2configs/dnscrypt.nix>
<stockholm/makefu/2configs/avahi.nix>
# Debugging
# <stockholm/makefu/2configs/disable_v6.nix>
# Testing
# <stockholm/makefu/2configs/lanparty/lancache.nix>
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
# <stockholm/makefu/2configs/deployment/dirctator.nix>
# <stockholm/makefu/2configs/vncserver.nix>
# <stockholm/makefu/2configs/deployment/led-fader>
# <stockholm/makefu/2configs/deployment/hound>
# Krebs
<stockholm/makefu/2configs/tinc/retiolum.nix>
# applications
<stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/mail-client.nix>
<stockholm/makefu/2configs/printer.nix>
<stockholm/makefu/2configs/task-client.nix>
# Virtualization
<stockholm/makefu/2configs/virtualization.nix>
<stockholm/makefu/2configs/docker.nix>
<stockholm/makefu/2configs/virtualization-virtualbox.nix>
# Services
<stockholm/makefu/2configs/git/brain-retiolum.nix>
<stockholm/makefu/2configs/tor.nix>
<stockholm/makefu/2configs/steam.nix>
# <stockholm/makefu/2configs/buildbot-standalone.nix>
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
<stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/exfat-nofuse.nix>
<stockholm/makefu/2configs/hw/wwan.nix>
# <stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/rad1o.nix>
# Filesystem
<stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
];
makefu.server.primary-itf = "wlp3s0";
makefu.full-populate = true;
makefu.umts.apn = "web.vodafone.de";
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [ pkgs.passwdqc-utils ];
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
networking.firewall.allowedUDPPorts = [ 665 26061 ];
krebs.build.host = config.krebs.hosts.x;
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
networking.extraHosts = ''
192.168.1.11 omo.local
'';
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
}

View file

@ -0,0 +1,4 @@
import <stockholm/makefu/source.nix> {
name="x";
full = true;
}

View file

@ -4,7 +4,6 @@ let
in
{
imports = [
../sources/musnix.nix # populate musnix
<musnix>
];
musnix.enable = true;

View file

@ -18,34 +18,7 @@ with import <stockholm/lib>;
dns.providers.lan = "hosts";
search-domain = "r";
build = {
user = config.krebs.users.makefu;
source = let
inherit (config.krebs.build) host user;
ref = "06734d1"; # unstable @ 2017-07-03 + graceful requests2 (a772c3aa)
in {
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
{
git = { url = https://github.com/makefu/nixpkgs; inherit ref; };
}
else
# TODO use http, once it is implemented
# right now it is simply extracted revision folder
## prepare so we do not have to wait for rsync:
## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff -L | tar zx && mv NixOS-nixpkgs-125ffff nixpkgs
{ file = "/home/makefu/store/${ref}";};
secrets.file =
if getEnv "dummy_secrets" == "true"
then toString <stockholm/makefu/6tests/data/secrets>
else "/home/makefu/secrets/${host.name}";
stockholm.file = getEnv "PWD";
# Defaults for all stockholm users?
nixos-config.symlink =
"stockholm/${user.name}/1systems/${host.name}.nix";
};
};
build.user = config.krebs.users.makefu;
};
users.extraUsers = {

View file

@ -12,7 +12,7 @@ in {
enable = true;
domain = domain;
ip = "172.16.10.1/24";
extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}";
extraConfig = "-c -P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}";
};
};

View file

@ -1,7 +0,0 @@
# the builder pc (my laptop) will also require the sources i use to deploy
# other boxes
{
imports = [
./musnix.nix
];
}

View file

@ -1,6 +0,0 @@
{
krebs.build.source.musnix.git = {
url = https://github.com/musnix/musnix.git;
ref = "f0ec1f3";
};
}

38
makefu/source.nix Normal file
View file

@ -0,0 +1,38 @@
with import <stockholm/lib>;
host@{ name, secure ? false, override ? {}, full ? false }: let
builder = if getEnv "dummy_secrets" == "true"
then "buildbot"
else "makefu";
_file = <stockholm> + "/makefu/1systems/${name}/source.nix";
ref = "06734d1"; # unstable @ 2017-07-03 + graceful requests2 (a772c3aa)
in
evalSource (toString _file) [
{
nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix";
# always perform a full populate when buildbot
nixpkgs = if full || (builder == "buildbot" ) then {
git = {
url = https://github.com/makefu/nixpkgs;
inherit ref;
};
} else {
# TODO use http, once it is implemented
# right now it is simply extracted revision folder
## prepare so we do not have to wait for rsync:
## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff -L | tar zx && mv NixOS-nixpkgs-125ffff nixpkgs
file = "/home/makefu/store/${ref}";
};
secrets.file = getAttr builder {
buildbot = toString <stockholm/makefu/6tests/data/secrets>;
makefu = "/home/makefu/secrets/${name}";
};
stockholm.file = toString <stockholm>;
}
(mkIf (builder == "makefu") {
secrets-common.file = "/home/makefu/secrets/common";
})
override
]