From 7656868d1b3232d5a17ed422c25c38e37c81e588 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Oct 2015 19:48:56 +0200 Subject: m 1 wry: start Reaktor --- makefu/1systems/wry.nix | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 819a208ac..d8c8d6fa1 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -5,23 +5,29 @@ let ip = (lib.head config.krebs.build.host.nets.internet.addrs4); in { imports = [ - ../../tv/2configs/CAC-CentOS-7-64bit.nix - ../2configs/base.nix - ../2configs/base-sources.nix - ../2configs/tinc-basic-retiolum.nix + # TODO: copy this config or move to krebs + ../../tv/2configs/CAC-CentOS-7-64bit.nix + ../2configs/base.nix + ../2configs/base-sources.nix + ../2configs/tinc-basic-retiolum.nix + + # Reaktor + ../2configs/Reaktor/simpleExtend.nix ]; + krebs.Reaktor.enable = true; + networking.firewall.allowPing = true; networking.interfaces.enp2s1.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = "104.233.87.1"; - networking.nameservers = [ - "8.8.8.8" - ]; + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = "104.233.87.1"; + networking.nameservers = [ + "8.8.8.8" + ]; # based on ../../tv/2configs/CAC-Developer-2.nix sound.enable = false; -- cgit v1.2.3 From 858034cc615469c6e4b7e48711f6fb026f16ffb4 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Oct 2015 21:51:20 +0200 Subject: m 1 wry: host is the new provider for tinc.krebsco.de --- makefu/1systems/wry.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index d8c8d6fa1..03b19d1c7 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -34,15 +34,19 @@ in { # prepare graphs nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + krebs.nginx.enable = true; + krebs.retiolum-bootstrap.enable = true; makefu.tinc_graphs.enable = true; + makefu.tinc_graphs.krebsNginx = { enable = true; # TODO: remove hard-coded hostname hostnames_complete = [ "graphs.wry" ]; hostnames_anonymous = [ "graphs.krebsco.de" ]; }; - networking.firewall.allowedTCPPorts = [80]; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; krebs.build = { user = config.krebs.users.makefu; -- cgit v1.2.3 From ded0821d9bf7c85e2197cb7811d5f95987ded02e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Oct 2015 23:46:10 +0200 Subject: m 1,2 : wry serves as iodine entry point --- makefu/1systems/wry.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 03b19d1c7..a7ed93c43 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -11,6 +11,8 @@ in { ../2configs/base-sources.nix ../2configs/tinc-basic-retiolum.nix + ../2configs/iodined.nix + # Reaktor ../2configs/Reaktor/simpleExtend.nix ]; @@ -46,7 +48,7 @@ in { hostnames_anonymous = [ "graphs.krebsco.de" ]; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ 53 80 443 ]; krebs.build = { user = config.krebs.users.makefu; -- cgit v1.2.3 From be44341c6ba0d8fe66220f4fe6493a88fdce849b Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 20 Oct 2015 14:25:49 +0200 Subject: m 2 mail: split exim-retiolum --- makefu/1systems/pornocauster.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu/1systems') diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 8f7f5ea7c..97cf86a4e 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -21,6 +21,7 @@ # applications ../2configs/exim-retiolum.nix + ../2configs/mail-client.nix #../2configs/virtualization.nix ../2configs/virtualization-virtualbox.nix ../2configs/wwan.nix -- cgit v1.2.3 From 6eb195b0bc1b2ecd1a39c842da4d14d4837d98cc Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Oct 2015 18:49:20 +0200 Subject: wry: is the new provider for paste.krebsco.de --- makefu/1systems/wry.nix | 73 +++++++++++++++++++++++++++++-------------------- 1 file changed, 43 insertions(+), 30 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index a7ed93c43..63b1f47f7 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -1,59 +1,72 @@ { config, lib, pkgs, ... }: +with lib; let - ip = (lib.head config.krebs.build.host.nets.internet.addrs4); + external-ip = head config.krebs.build.host.nets.internet.addrs4; + internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; in { imports = [ # TODO: copy this config or move to krebs ../../tv/2configs/CAC-CentOS-7-64bit.nix ../2configs/base.nix - ../2configs/base-sources.nix + ../2configs/unstable-sources.nix ../2configs/tinc-basic-retiolum.nix + ../2configs/bepasty-dual.nix + ../2configs/iodined.nix # Reaktor ../2configs/Reaktor/simpleExtend.nix ]; - krebs.Reaktor.enable = true; + krebs.build = { + user = config.krebs.users.makefu; + target = "root@wry"; + host = config.krebs.hosts.wry; + }; - networking.firewall.allowPing = true; - networking.interfaces.enp2s1.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = "104.233.87.1"; - networking.nameservers = [ - "8.8.8.8" - ]; - # based on ../../tv/2configs/CAC-Developer-2.nix - sound.enable = false; - # prepare graphs - nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + krebs.Reaktor.enable = true; + + # bepasty to listen only on the correct interfaces + krebs.bepasty.servers.internal.nginx.listen = [ "${internal-ip}:80" ]; + krebs.bepasty.servers.external.nginx.listen = [ "${external-ip}:80" "${external-ip}:443 ssl" ]; + # prepare graphs krebs.nginx.enable = true; krebs.retiolum-bootstrap.enable = true; - makefu.tinc_graphs.enable = true; - makefu.tinc_graphs.krebsNginx = { + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + makefu.tinc_graphs = { enable = true; - # TODO: remove hard-coded hostname - hostnames_complete = [ "graphs.wry" ]; - hostnames_anonymous = [ "graphs.krebsco.de" ]; + nginx = { + enable = true; + # TODO: remove hard-coded hostname + complete = { + listen = [ "${internal-ip}:80" ]; + server-names = [ "graphs.wry" ]; + }; + anonymous = { + listen = [ "${external-ip}:80" ] ; + server-names = [ "graphs.krebsco.de" ]; + }; + }; }; - - networking.firewall.allowedTCPPorts = [ 53 80 443 ]; - - krebs.build = { - user = config.krebs.users.makefu; - target = "root@${ip}"; - host = config.krebs.hosts.wry; + networking = { + firewall.allowPing = true; + firewall.allowedTCPPorts = [ 53 80 443 ]; + interfaces.enp2s1.ip4 = [{ + address = external-ip; + prefixLength = 24; + }]; + defaultGateway = "104.233.87.1"; + nameservers = [ "8.8.8.8" ]; }; + + # based on ../../tv/2configs/CAC-Developer-2.nix + sound.enable = false; } -- cgit v1.2.3 From 9bb3069f69ed801d98034a2effcb4d88f279a92f Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 22 Oct 2015 15:33:05 +0200 Subject: krebs 3 tinc_graphs: mv from makefu 3 tinc_graphs --- makefu/1systems/wry.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 63b1f47f7..6627d87b5 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -40,7 +40,7 @@ in { krebs.retiolum-bootstrap.enable = true; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; - makefu.tinc_graphs = { + krebs.tinc_graphs = { enable = true; nginx = { enable = true; -- cgit v1.2.3