From ad00352682ee3d1e564cd4edf4ea60c45cf2ccb7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 4 Aug 2016 22:58:59 +0200 Subject: s: always import 2configs (formerly base.nix) --- shared/2configs/default.nix | 65 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 shared/2configs/default.nix (limited to 'shared/2configs/default.nix') diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix new file mode 100644 index 000000000..492689427 --- /dev/null +++ b/shared/2configs/default.nix @@ -0,0 +1,65 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +{ + krebs.enable = true; + krebs.tinc.retiolum.enable = true; + + # TODO rename shared user to "krebs" + krebs.build.user = mkDefault config.krebs.users.shared; + krebs.build.source = let inherit (config.krebs.build) host user; in { + nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; + nixpkgs.git = { + url = https://github.com/NixOS/nixpkgs; + ref = "63b9785"; # stable @ 2016-06-01 + }; + secrets.file = "${getEnv "HOME"}/secrets/krebs/${host.name}"; + stockholm.file = getEnv "PWD"; + }; + + networking.hostName = config.krebs.build.host.name; + + nix.maxJobs = 1; + nix.trustedBinaryCaches = [ + "https://cache.nixos.org" + "http://cache.nixos.org" + "http://hydra.nixos.org" + ]; + nix.useChroot = true; + + nixpkgs.config.packageOverrides = pkgs: { + nano = pkgs.vim; + }; + + environment.systemPackages = with pkgs; [ + git + rxvt_unicode.terminfo + ]; + + programs.ssh.startAgent = false; + + services.openssh = { + enable = true; + hostKeys = [ + { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + services.cron.enable = false; + services.nscd.enable = false; + services.ntp.enable = false; + + users.mutableUsers = false; + users.extraUsers.root.openssh.authorizedKeys.keys = [ + # TODO + config.krebs.users.lass.pubkey + config.krebs.users.makefu.pubkey + # TODO HARDER: + config.krebs.users.makefu-omo.pubkey + config.krebs.users.tv.pubkey + ]; + + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "15.09"; + +} -- cgit v1.2.3 From d68b340b9b8acb717a6b4d5626600448ba7fd67a Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Aug 2016 13:30:27 +0200 Subject: s: add dummy_secrets for tests --- shared/2configs/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'shared/2configs/default.nix') diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index 492689427..1c875d24c 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -13,7 +13,10 @@ with config.krebs.lib; url = https://github.com/NixOS/nixpkgs; ref = "63b9785"; # stable @ 2016-06-01 }; - secrets.file = "${getEnv "HOME"}/secrets/krebs/${host.name}"; + secrets.file = + if getEnv "dummy_secrets" == "true" + then toString + else "${getEnv "HOME"}/secrets/krebs/${host.name}"; stockholm.file = getEnv "PWD"; }; -- cgit v1.2.3 From 50708fb20cf0ecffc98e1f9dfed784492692c5e9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 6 Aug 2016 15:16:41 +0200 Subject: s 2: nixpkgs 63b9785 -> 9cb194c --- shared/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'shared/2configs/default.nix') diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index 1c875d24c..31f786d1d 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -11,7 +11,7 @@ with config.krebs.lib; nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "63b9785"; # stable @ 2016-06-01 + ref = "9cb194cfa449c43f63185a25c8d10307aea3b358"; # nixos-16.03 @ 2016-08-05 }; secrets.file = if getEnv "dummy_secrets" == "true" -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/cf200000.lock: No such file or directory (2)