Merge remote-tracking branch 'lass/master'

author: makefu <github@syntax-fehler.de> 2017-07-31 19:29:03 +0200
committer: makefu <github@syntax-fehler.de> 2017-07-31 19:29:03 +0200
commit: 681042eedf2dbad2f999dec5cf43a018c52f2d7d (patch)
tree: 0d96f8e60624f8037a1280834e47a586e71ef403
parent: adace5302f92fa8e41d7c3d1fde62623328a4633 (diff)
parent: 47abe1c1a28eda6d8bb90d49356ded7e0341f1ea (diff)
19 files changed, 165 insertions, 75 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index c056b4eaf..3eb7b9aa1 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -16,4 +16,9 @@
 
   boot.isContainer = true;
   networking.useDHCP = false;
+  krebs.repo-sync.repos.stockholm.timerConfig = {
+    OnBootSec = "5min";
+    OnUnitInactiveSec = "2min";
+    RandomizedDelaySec = "2min";
+  };
 }
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index a1df11901..deede4493 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -9,6 +9,7 @@
 
     <stockholm/krebs/2configs/buildbot-krebs.nix>
     <stockholm/krebs/2configs/stats/puyak-client.nix>
+    <stockholm/krebs/2configs/binary-cache/prism.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.puyak;
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index a0113fce8..ec9c78db5 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -13,6 +13,7 @@ in
 
     <stockholm/krebs/2configs/graphite.nix>
     <stockholm/krebs/2configs/buildbot-krebs.nix>
+    <stockholm/krebs/2configs/binary-cache/prism.nix>
 
     <stockholm/krebs/2configs/shack/worlddomination.nix>
     <stockholm/krebs/2configs/shack/drivedroid.nix>
@@ -44,11 +45,9 @@ in
   nix = {
     # use the up to date prism cache
     binaryCaches = [
-      "http://cache.prism.r"
       "https://cache.nixos.org/"
     ];
     binaryCachePublicKeys = [
-      "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
       "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
     ];
   };
diff --git a/krebs/2configs/binary-cache/prism.nix b/krebs/2configs/binary-cache/prism.nix
new file mode 100644
index 000000000..4813eeb0f
--- /dev/null
+++ b/krebs/2configs/binary-cache/prism.nix
@@ -0,0 +1,12 @@
+{ config, ... }:
+
+{
+  nix = {
+    binaryCaches = [
+      "http://cache.prism.r"
+    ];
+    binaryCachePublicKeys = [
+      "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+    ];
+  };
+}
diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix
index fe982c870..acd806d6e 100644
--- a/krebs/2configs/buildbot-all.nix
+++ b/krebs/2configs/buildbot-all.nix
@@ -1,8 +1,13 @@
 { lib, config, pkgs, ... }:
 {
   imports = [
-    <stockholm/krebs/2configs/buildbot-krebs.nix>
+    <stockholm/krebs/2configs/repo-sync.nix>
   ];
+
+  networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
+  krebs.ci.enable = true;
+  krebs.ci.treeStableTimer = 1;
+  krebs.ci.users.krebs.all = true;
   krebs.ci.users.lass.all = true;
   krebs.ci.users.makefu.all = true;
   krebs.ci.users.nin.all = true;
diff --git a/krebs/2configs/buildbot-krebs.nix b/krebs/2configs/buildbot-krebs.nix
index 7f243b506..40ca3c66d 100644
--- a/krebs/2configs/buildbot-krebs.nix
+++ b/krebs/2configs/buildbot-krebs.nix
@@ -6,13 +6,8 @@
 
   networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
   krebs.ci.enable = true;
-  krebs.ci.users.krebs ={
-    all = true;
-    hosts = [
-      "test-arch"
-      "test-centos6"
-      "test-centos7"
-      "test-all-krebs-modules"
-    ];
-  };
+  krebs.ci.treeStableTimer = 120;
+  krebs.ci.users.krebs.hosts = [
+    config.networking.hostName
+  ];
 }
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index 6e4db6edd..71e7d4aeb 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -8,12 +8,17 @@ in
 {
   options.krebs.ci = {
     enable = mkEnableOption "krebs continous integration";
+    treeStableTimer = mkOption {
+      type = types.int;
+      default = 10;
+      description = "how long to wait until we test changes (in minutes)";
+    };
     users = mkOption {
       type = with types; attrsOf (submodule {
         options = {
           all = mkOption {
             type = bool;
-            default = true;
+            default = false;
           };
           hosts = mkOption {
             type = listOf str;
@@ -48,9 +53,6 @@ in
       };
     };
 
-    nix.gc.automatic = true;
-    nix.gc.dates = "05:23";
-
     krebs.buildbot.master = {
       slaves = {
         testslave = "lasspass";
@@ -72,7 +74,7 @@ in
           sched.append(
                 schedulers.SingleBranchScheduler(
                     change_filter=util.ChangeFilter(branch_re=".*"),
-                    treeStableTimer=10,
+                    treeStableTimer=${toString cfg.treeStableTimer}*60,
                     name="build-all-branches",
                     builderNames=[
                         "build-hosts"
@@ -122,7 +124,8 @@ in
                       "--force-populate",
                       "--target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user),
                     ])
-                  ]
+                  ],
+                  timeout=90001
               )
 
           ${let
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index f0722e9ba..27009981b 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -301,6 +301,32 @@ with import <stockholm/lib>;
       ssh.privkey.path = <secrets/ssh.id_ed25519>;
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g";
     };
+    skynet = {
+      cores = 2;
+      nets = rec {
+        retiolum = {
+          ip4.addr = "10.243.133.116";
+          ip6.addr = "42:0:0:0:0:0:0:1101";
+          aliases = [
+            "skynet.r"
+            "cgit.skynet.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEArNpBoTs7MoaZq2edGJLYUjmoLa5ZtXhOFBHjS1KtQ3hMtWkcqpYX
+            Ic457utOSGxTE+90yXXez2DD9llJMMyd+O06lHJ7CxtbJGBNr3jwoUZVCdBuuo5B
+            p9XfhXU9l9fUsbc1+a/cDjPBhQv8Uqmc6tOX+52H1aqZsa4W50c9Dv5vjsHgxCB0
+            yiUd2MrKptCQTdmMM9Mf0XWKPPOuwpHpxaomlrpUz07LisFVGGHCflOvj5PAy8Da
+            NC+AfNgR/76yfuYWcv4NPo9acjD9AIftS2c0tD3szyHBCGaYK/atKzIoBbFbOtMb
+            mwG3B0X3UdphkqGDGsvT+66Kcv2jnKwL0wIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+      secure = true;
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t";
+    };
     iso = {
       cores = 1;
       managed = false;
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 6e5f522dc..60827d589 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -9,6 +9,7 @@ with import <stockholm/lib>;
   hosts = mapAttrs (_: setAttr "owner" config.krebs.users.tv) {
     alnus = {
       cores = 2;
+      managed = true;
       nets = {
         retiolum = {
           ip4.addr = "10.243.21.1";
@@ -31,47 +32,6 @@ with import <stockholm/lib>;
       ssh.privkey.path = <secrets/ssh.id_rsa>;
       ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q==";
     };
-    caxi = {
-      cores = 2;
-      extraZones = {
-        "krebsco.de" = ''
-          caxi 60 IN A ${config.krebs.hosts.caxi.nets.internet.ip4.addr}
-        '';
-      };
-      nets = {
-        internet = {
-          ip4 = {
-            addr = "104.233.124.70";
-            prefix = "104.233.124.0/24";
-          };
-          aliases = [
-            "caxi.i"
-            "caxi.krebsco.de"
-          ];
-          ssh.port = 11423;
-        };
-        retiolum = {
-          via = config.krebs.hosts.caxi.nets.internet;
-          ip4.addr = "10.243.113.226";
-          ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af6";
-          aliases = [
-            "caxi.r"
-          ];
-          tinc.pubkey = ''
-            -----BEGIN RSA PUBLIC KEY-----
-            MIIBCgKCAQEAxNh1xhvCFzjUOmBq+F6NjUdntKh/7qo7LrsXjPVn92r1hGTVHJO1
-            E+XP5dabZ/mFWySY8GvG7XlZ27wsjkvHEyb16IhOqYrnaONf9LifAWQ3qBlHtp1T
-            eZeP6wcXLhR/pOPy0pT6EABmDHbOzErjYv4pdrXHuxlM10Ljtpp3mClNeXY9eby+
-            HekEE8LY8/zWqJ90lMaxPhLh1VqEvTVTnem5e1F8HDzNvRWa0kWUYG33zPQMyKgR
-            BCvp1DR7Y2LwDmGKnhzBm4JTcP+fcs+z/eGie/CEIgFM0BFJaTBAYZOtUlhBSe0y
-            UYE2W9CJkPN2Uepf53nPnshjKC64fgTr7wIDAQAB
-            -----END RSA PUBLIC KEY-----
-          '';
-        };
-      };
-      ssh.privkey.path = <secrets/ssh.id_ed25519>;
-      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdJ4xGi+qn4IfMZJ3Kv7AGZGbhlR+GrkD87z2tcyRZy";
-    };
     cd = {
       cores = 2;
       extraZones = {
@@ -80,6 +40,7 @@ with import <stockholm/lib>;
           cd          60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
         '';
       };
+      managed = true;
       nets = {
         internet = {
           ip4.addr = "45.62.237.203";
@@ -182,6 +143,7 @@ with import <stockholm/lib>;
     };
     mu = {
       cores = 2;
+      managed = true;
       nets = {
         retiolum = {
           ip4.addr = "10.243.20.1";
@@ -251,6 +213,7 @@ with import <stockholm/lib>;
     };
     nomic = {
       cores = 2;
+      managed = true;
       nets = {
         gg23 = {
           ip4.addr = "10.23.1.110";
@@ -306,6 +269,7 @@ with import <stockholm/lib>;
     };
     wu = {
       cores = 4;
+      managed = true;
       nets = {
         gg23 = {
           ip4.addr = "10.23.1.37";
@@ -343,6 +307,7 @@ with import <stockholm/lib>;
         pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s=";
       };
       cores = 4;
+      managed = true;
       nets = {
         gg23 = {
           ip4.addr = "10.23.1.38";
@@ -377,6 +342,7 @@ with import <stockholm/lib>;
     };
     zu = {
       cores = 4;
+      managed = true;
       nets = {
         gg23 = {
           ip4.addr = "10.23.1.39";
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index 39e89a4b6..af4cbb3ba 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -15,11 +15,6 @@ foldl' mergeAttrs {}
 {
   ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {};
 
-  buildbot-full = self.callPackage ./simple/buildbot {
-    plugins = with self.buildbot-plugins; [ www console-view waterfall-view ];
-  };
-  buildbot-worker = self.callPackage ./simple/buildbot/worker.nix {};
-
   # https://github.com/proot-me/PRoot/issues/106
   proot = self.writeDashBin "proot" ''
     export PROOT_NO_SECCOMP=1
diff --git a/krebs/source.nix b/krebs/source.nix
index 1995d2b36..db30e1e35 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -14,6 +14,6 @@ in
     stockholm.file = toString <stockholm>;
     nixpkgs.git = {
       url = https://github.com/NixOS/nixpkgs;
-      ref = "72c9ed78d0b1d9d5f531805ddf5bf06bfd447614"; # nixos-17.03 @ 2017-06-17
+      ref = "0590ecbe9e6b9a076065be29370701da758c61f1"; # nixos-17.03 @ 2017-07-30
     };
   }
diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix
index 4431a702c..0b048a2b1 100644
--- a/lass/1systems/iso.nix
+++ b/lass/1systems/iso.nix
@@ -88,6 +88,7 @@ with import <stockholm/lib>;
         aria2
 
       #neat utils
+        hashPassword
         krebspaste
         pciutils
         pop
diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
new file mode 100644
index 000000000..a48df02b9
--- /dev/null
+++ b/lass/1systems/skynet/config.nix
@@ -0,0 +1,59 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+  imports = [
+    <stockholm/lass>
+    <stockholm/lass/2configs/hw/x220.nix>
+    <stockholm/lass/2configs/boot/stock-x220.nix>
+
+    <stockholm/lass/2configs/retiolum.nix>
+    #<stockholm/lass/2configs/exim-retiolum.nix>
+    <stockholm/lass/2configs/fetchWallpaper.nix>
+    <stockholm/lass/2configs/backups.nix>
+    {
+      # discordius config
+      services.xserver.enable = true;
+      users.users.discordius = {
+        uid = genid "discordius";
+        home = "/home/discordius";
+        group = "users";
+        createHome = true;
+        extraGroups = [
+          "audio"
+          "networkmanager"
+        ];
+        useDefaultShell = true;
+      };
+      networking.networkmanager.enable = true;
+      networking.wireless.enable = mkForce false;
+      hardware.pulseaudio = {
+        enable = true;
+        systemWide = true;
+      };
+      environment.systemPackages = with pkgs; [
+        pavucontrol
+        firefox
+        hexchat
+        networkmanagerapplet
+      ];
+      services.xserver.desktopManager.gnome3 = {
+        enable = true;
+      };
+    }
+  ];
+
+  krebs.build.host = config.krebs.hosts.daedalus;
+
+  #fileSystems = {
+  #  "/bku" = {
+  #    device = "/dev/mapper/pool-bku";
+  #    fsType = "btrfs";
+  #    options = ["defaults" "noatime" "ssd" "compress=lzo"];
+  #  };
+  #};
+
+  services.udev.extraRules = ''
+    SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0"
+    SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0"
+  '';
+}
diff --git a/lass/1systems/skynet/source.nix b/lass/1systems/skynet/source.nix
new file mode 100644
index 000000000..2aa627f5c
--- /dev/null
+++ b/lass/1systems/skynet/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/lass/source.nix> {
+  name = "skynet";
+  secure = true;
+}
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index fe3aa20bf..a43dfa215 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -36,6 +36,9 @@ with import <stockholm/lib>;
       { from = "shack@lassul.us"; to = lass.mail; }
       { from = "nix@lassul.us"; to = lass.mail; }
       { from = "c-base@lassul.us"; to = lass.mail; }
+      { from = "paypal@lassul.us"; to = lass.mail; }
+      { from = "patreon@lassul.us"; to = lass.mail; }
+      { from = "steam@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 9f5e3d523..fe82fea59 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -65,8 +65,15 @@ let
     ''} %r |"
 
     virtual-mailboxes \
-        "INBOX"     "notmuch://?query=tag:inbox and NOT tag:killed"\
+        "INBOX"     "notmuch://?query=tag:inbox \
+                     and NOT tag:killed \
+                     and NOT to:shackspace \
+                     and NOT to:c-base \
+                     and NOT to:nix-devel"\
         "Unread"    "notmuch://?query=tag:unread"\
+        "shack"     "notmuch://?query=to:shackspace"\
+        "c-base"    "notmuch://?query=to:c-base"\
+        "nix"       "notmuch://?query=to:nix-devel"\
         "TODO"      "notmuch://?query=tag:TODO"\
         "Starred"   "notmuch://?query=tag:*"\
         "Archive"   "notmuch://?query=tag:archive"\
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 3e1ad6638..b0e5375c7 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -125,6 +125,7 @@ in {
       { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
       { from = "dma@ubikmedia.de"; to = "domsen"; }
       { from = "dma@ubikmedia.eu"; to = "domsen"; }
+      { from = "bruno@apanowicz.de"; to = "bruno"; }
       { from = "mail@jla-trading.com"; to = "jla-trading"; }
       { from = "jms@ubikmedia.eu"; to = "jms"; }
       { from = "ms@ubikmedia.eu"; to = "ms"; }
@@ -151,6 +152,13 @@ in {
     createHome = true;
   };
 
+  users.users.bruno = {
+    uid = genid_signed "bruno";
+    home = "/home/bruno";
+    useDefaultShell = true;
+    createHome = true;
+  };
+
   users.users.jla-trading = {
     uid = genid_signed "jla-trading";
     home = "/home/jla-trading";
diff --git a/lass/source.nix b/lass/source.nix
index 63adbd95c..1d64e3059 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -19,6 +19,6 @@ in
       #   87a4615 & 334ac4f
       # + acme permissions for groups
       #   fd7a8f1
-      ref = "d486531";
+      ref = "a732dcf";
     };
   }
diff --git a/tv/1systems/cd/config.nix b/tv/1systems/cd/config.nix
index f78bcafeb..341a62e45 100644
--- a/tv/1systems/cd/config.nix
+++ b/tv/1systems/cd/config.nix
@@ -1,8 +1,9 @@
-{ config, lib, pkgs, ... }:
-
 with import <stockholm/lib>;
+{ config, pkgs, ... }: let
+
+  bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1";
 
-{
+in {
   krebs.build.host = config.krebs.hosts.cd;
 
   imports = [
@@ -13,14 +14,14 @@ with import <stockholm/lib>;
     <stockholm/tv/2configs/retiolum.nix>
   ];
 
-  networking = {
+  networking = let
+    address = config.krebs.build.host.nets.internet.ip4.addr;
+  in {
+    defaultGateway = bestGuessGateway address;
     interfaces.enp2s1.ip4 = singleton {
-      address = let
-        addr = "45.62.237.203";
-      in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr;
+      inherit address;
       prefixLength = 24;
     };
-    defaultGateway = "45.62.237.1";
     nameservers = ["8.8.8.8"];
   };
author	makefu <github@syntax-fehler.de>	2017-07-31 19:29:03 +0200
committer	makefu <github@syntax-fehler.de>	2017-07-31 19:29:03 +0200
commit	681042eedf2dbad2f999dec5cf43a018c52f2d7d (patch)
tree	0d96f8e60624f8037a1280834e47a586e71ef403
parent	adace5302f92fa8e41d7c3d1fde62623328a4633 (diff)
parent	47abe1c1a28eda6d8bb90d49356ded7e0341f1ea (diff)