Merge branch 'master' of prism:stockholm

author: makefu <github@syntax-fehler.de> 2017-07-21 09:11:08 +0200
committer: makefu <github@syntax-fehler.de> 2017-07-21 09:11:08 +0200
commit: 77ea3dc79ba5c82663977755d673d2c8f8fdd0b1 (patch)
tree: b030977f43c10cd13968836aff6f91dacfb849b2 /krebs
parent: 0cce2f9d14766dc29674c098fe84aaca0adc7876 (diff)
parent: 8bfcf85531c4b8455c301504ccd74f95487e86d0 (diff)
6 files changed, 87 insertions, 2 deletions
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
new file mode 100644
index 00000000..5e5f6cdb
--- /dev/null
+++ b/krebs/1systems/puyak/config.nix
@@ -0,0 +1,55 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    <stockholm/krebs>
+    <stockholm/krebs/2configs>
+    <stockholm/krebs/2configs/secret-passwords.nix>
+  ];
+
+  krebs.build.host = config.krebs.hosts.puyak;
+
+  boot = {
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+
+    initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ];
+    initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+    initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/mapper/pool-root";
+      fsType = "btrfs";
+      options = ["defaults" "noatime" "ssd" "compress=lzo"];
+    };
+    "/boot" = {
+      device = "/dev/sda2";
+    };
+    "/home" = {
+      device = "/dev/mapper/pool-home";
+      fsType = "btrfs";
+      options = ["defaults" "noatime" "ssd" "compress=lzo"];
+    };
+    "/tmp" = {
+      device = "tmpfs";
+      fsType = "tmpfs";
+      options = ["nosuid" "nodev" "noatime"];
+    };
+  };
+
+  hardware.enableAllFirmware = true;
+  networking.wireless.enable = true;
+  nixpkgs.config.allowUnfree = true;
+
+  services.logind.extraConfig = ''
+    HandleLidSwitch=ignore
+  '';
+
+  services.udev.extraRules = ''
+    SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0"
+    SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0"
+  '';
+
+}
diff --git a/krebs/1systems/puyak/source.nix b/krebs/1systems/puyak/source.nix
new file mode 100644
index 00000000..a2165189
--- /dev/null
+++ b/krebs/1systems/puyak/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/krebs/source.nix> {
+  name = "puyak";
+}
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 53ad56d6..901516e5 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -46,6 +46,6 @@ with import <stockholm/lib>;
 
 
   # The NixOS release to be compatible with for stateful data such as databases.
-  system.stateVersion = "15.09";
+  system.stateVersion = "17.03";
 
 }
diff --git a/krebs/2configs/shared-buildbot.nix b/krebs/2configs/shared-buildbot.nix
index efb41cc3..51984209 100644
--- a/krebs/2configs/shared-buildbot.nix
+++ b/krebs/2configs/shared-buildbot.nix
@@ -14,7 +14,7 @@
     locations."/".extraConfig = ''
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
-      proxy_pass http://localhost:${toString config.krebs.buildbot.master.web.port};
+      proxy_pass http://127.0.0.1:${toString config.krebs.buildbot.master.web.port};
     '';
   };
 
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 0aa0cac9..f11b8ef4 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -30,6 +30,30 @@ let
   });
 in {
   hosts = {
+    puyak = {
+      owner = config.krebs.users.krebs;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.77.2";
+          ip6.addr = "42:0:0:0:0:0:77:2";
+          aliases = [
+            "puyak.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEAwwDvaVKSJmAi1fpbsmjLz1DQVTgqnx56GkHKbz5sHwAfPVQej955
+            SwotAPBrOT5P3pZ52Pu326SR5nj9XWfN6GD0CkcDQddtRG5OOtUWlvkYzZraNh33
+            p9l8TBgHJKogGe6umbs+4v7pWfbS0k708L2ttwY0ceju6RL6UqShIYB6qhDzwalU
+            p8s7pypl7BwrsTwYkUGleIptiN78cYv/NHvXhvXBuVGz4J0tCH4GMvdTHCah1l1r
+            zwEpKlAq0FD6bgYTJL94Tvxe2xzyr8c+xn1+XbJtMudGmrRjIHS6YupzO/Y2MO7w
+            UkbMKDhYVhSPFEyk6PMm0SU9uAh4I1+8BQIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY";
+    };
     wolf = {
       owner = config.krebs.users.krebs;
       nets = {
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 05b7b507..139f02dd 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -335,5 +335,8 @@ with import <stockholm/lib>;
     };
     sokratess = {
     };
+    wine-mors = {
+      pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKfTIKmbe1RjX1fjAn//08363zAsI0CijWnaYyAC842";
+    };
   };
 }
author	makefu <github@syntax-fehler.de>	2017-07-21 09:11:08 +0200
committer	makefu <github@syntax-fehler.de>	2017-07-21 09:11:08 +0200
commit	77ea3dc79ba5c82663977755d673d2c8f8fdd0b1 (patch)
tree	b030977f43c10cd13968836aff6f91dacfb849b2 /krebs
parent	0cce2f9d14766dc29674c098fe84aaca0adc7876 (diff)
parent	8bfcf85531c4b8455c301504ccd74f95487e86d0 (diff)