merge shared into krebs

1 files changed, 108 insertions, 0 deletions

diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
new file mode 100644
index 00000000..b8cc1b4a
--- /dev/null
+++ b/krebs/1systems/wolf/config.nix
@@ -0,0 +1,108 @@
+{ config, pkgs, ... }:
+let
+  shack-ip = config.krebs.build.host.nets.shack.ip4.addr;
+in
+{
+  imports = [
+    <stockholm/krebs>
+    <stockholm/krebs/2configs>
+    <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+    <stockholm/krebs/2configs/collectd-base.nix>
+    <stockholm/krebs/2configs/central-stats-client.nix>
+    <stockholm/krebs/2configs/save-diskspace.nix>
+
+    <stockholm/krebs/2configs/cgit-mirror.nix>
+    <stockholm/krebs/2configs/graphite.nix>
+    <stockholm/krebs/2configs/repo-sync.nix>
+    <stockholm/krebs/2configs/shared-buildbot.nix>
+
+    <stockholm/krebs/2configs/shack/worlddomination.nix>
+    <stockholm/krebs/2configs/shack/drivedroid.nix>
+    # <stockholm/krebs/2configs/shack/nix-cacher.nix>
+    <stockholm/krebs/2configs/shack/mqtt_sub.nix>
+    <stockholm/krebs/2configs/shack/muell_caller.nix>
+    <stockholm/krebs/2configs/shack/radioactive.nix>
+    <stockholm/krebs/2configs/shack/share.nix>
+
+  ];
+  # use your own binary cache, fallback use cache.nixos.org (which is used by
+  # apt-cacher-ng in first place)
+
+  services.influxdb.enable = true;
+
+  # local discovery in shackspace
+  nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
+  krebs.tinc.retiolum.extraConfig = "TCPOnly = yes";
+  services.grafana = {
+    enable = true;
+    addr = "0.0.0.0";
+    users.allowSignUp = true;
+    users.allowOrgCreate = true;
+    users.autoAssignOrg = true;
+    auth.anonymous.enable = true;
+    security = import <secrets/grafana_security.nix>;
+  };
+
+  nix = {
+    # use the up to date prism cache
+    binaryCaches = [
+      "http://cache.prism.r"
+      "https://cache.nixos.org/"
+    ];
+    binaryCachePublicKeys = [
+      "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+      "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
+    ];
+  };
+
+  networking = {
+    firewall.enable = false;
+    firewall.allowedTCPPorts = [ 8088 8086 8083 ];
+    interfaces.enp0s3.ip4 = [{
+      address = shack-ip;
+      prefixLength = 20;
+    }];
+
+    defaultGateway = "10.42.0.1";
+    nameservers = [ "10.42.0.100" "10.42.0.200" ];
+  };
+
+  #####################
+  # uninteresting stuff
+  #####################
+  krebs.build.host = config.krebs.hosts.wolf;
+
+  boot.kernel.sysctl = {
+    # Enable IPv6 Privacy Extensions
+    "net.ipv6.conf.all.use_tempaddr" = 2;
+    "net.ipv6.conf.default.use_tempaddr" = 2;
+  };
+
+  boot.initrd.availableKernelModules = [
+    "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk"
+  ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/vda";
+
+  fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; };
+
+  swapDevices = [
+    { device = "/dev/disk/by-label/swap";  }
+  ];
+  # fallout of ipv6calypse
+  networking.extraHosts = ''
+    hass.shack    10.42.2.191
+    heidi.shack   10.42.2.135
+  '';
+
+  users.extraUsers.root.openssh.authorizedKeys.keys = [
+    config.krebs.users.ulrich.pubkey
+  ];
+
+  time.timeZone = "Europe/Berlin";
+  sound.enable = false;
+}