diff options
| -rw-r--r-- | krebs/3modules/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/mv/default.nix | 40 | ||||
| -rw-r--r-- | mv/1systems/stro/config.nix | 155 | ||||
| -rw-r--r-- | mv/1systems/stro/source.nix | 3 | ||||
| -rw-r--r-- | mv/dummy_secrets/default.nix | 8 | ||||
| -rw-r--r-- | mv/dummy_secrets/ssh.ed25519 | 3 | ||||
| -rw-r--r-- | mv/source.nix | 30 |
7 files changed, 0 insertions, 240 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 83334976..6328fe8f 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -109,7 +109,6 @@ let { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } - { krebs = import ./mv { inherit config; }; } { krebs = import ./nin { inherit config; }; } { krebs = import ./tv { inherit config; }; } { diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix deleted file mode 100644 index c8d138a4..00000000 --- a/krebs/3modules/mv/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, ... }: - -with import <stockholm/lib>; - -{ - hosts = mapAttrs (_: setAttr "owner" config.krebs.users.mv) { - stro = { - ci = true; - cores = 4; - nets = { - retiolum = { - ip4.addr = "10.243.111.111"; - ip6.addr = "42:0:0:0:0:0:111:111"; - aliases = [ - "stro.r" - "cgit.stro.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0vIzLyoetOyi3R7qOh3gjSvUVjPEdqCvd0NEevDCIhhFy0nIbZ/b - vnuk3EUeTb6e384J8fKB4agig0JeR3JjtDvtjy5g9Cdy2nrU71w8wqU0etmv2PTb - FjbCFfeBXn0N3U7gXwjZGCvjAXa1a4jGb4R2iYBYGG3aY4reCN8B8Ah81h+S0oLg - ZJJfaBmWM5vNRFEI5X4CLaVnwtsoZuXIjYStgNn/9Mg/Y6NQS0H0H+HFeyhigAqG - oYGqNar/2QqPU176V/FwrD30F3qJV1uyzuPta7hmdfOxqYjZ/jqdPSRYtlunYYcq - XbH5oYmzO9NEeVWzjdac/DiV2OP8HufoYwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro"; - }; - }; - users = { - mv = { - mail = "mv@stro.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfMqkfXsGRaXJ86Pi5svAx4508ij5kc4cMLGwr1CLvFI5G7EHggiHMZYooibmkZimBF1PvLM1lOdoptJ4nSmc3UGuQaeV9BpZ1dNXexc8wOmVPKzAHYZG/2upcV/xVZQ9lk3UOmDym6fDUXThMx4nXdhOjScgWpKp7+0N3JRCf2UHusZjWFGlhE9l4irLFHCwlZeBQ16DNF4fc03vsfZBB1ZrGGZlaVpkcY+FTC3sm8R0iF5QGaq8PgltJoCNnp3L1g3Yn7Elva7kCHjZfJC1pu5icV8vZMNptPn1b10gPsNwb302FCjvZohzRcMo39L2gwdNWQmflYfYk+NPY9EgqkLtSvZJywYu8oTVLeYBAp0ZGzJR4+uIH9at/WQF499HFMxpF4uwYiQweUcPiHrrOqI5zLQoOvqh9Jv0UMsnFynNrszbCTgwzeW8bcvv8ILcjE9of8GXRCrlIMvt7Z9q8xrb5j1RhKscvusyyNOAL+HMZl6jgSxUBDtzRqPZ62QHJsBEBdRXdJRQLGeHNW9kGPrh/tiKGucuT3/HZC+2Rcemxt3RVT60+lHkghrMLi0/VOWBUKL9J94UK5xIE4Gb3RTW9DcNK53U4ql+N4ORSSEuhk3Rqzx3Bzv7AXpLKQCFKdB7tjxzGN7sCQM3PBUUo6Tk0VG2cIKOjzTRnDJlb7Q== mv@stro"; - }; - }; -} diff --git a/mv/1systems/stro/config.nix b/mv/1systems/stro/config.nix deleted file mode 100644 index 941b3f69..00000000 --- a/mv/1systems/stro/config.nix +++ /dev/null @@ -1,155 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ - krebs = { - enable = true; - build = { - user = config.krebs.users.mv; - host = config.krebs.hosts.stro; - }; - }; - - imports = [ - <secrets> - <stockholm/krebs> - <stockholm/tv/2configs/bash> - <stockholm/tv/2configs/exim-retiolum.nix> - <stockholm/tv/2configs/hw/x220.nix> - <stockholm/tv/2configs/im.nix> - <stockholm/tv/2configs/mail-client.nix> - <stockholm/tv/2configs/nginx/public_html.nix> - <stockholm/tv/2configs/retiolum.nix> - <stockholm/tv/2configs/ssh.nix> - <stockholm/tv/2configs/sshd.nix> - <stockholm/tv/2configs/vim.nix> - <stockholm/tv/2configs/xdg.nix> - <stockholm/tv/2configs/xserver> - <stockholm/tv/3modules> - ]; - - boot.kernel.sysctl = { - # Enable IPv6 Privacy Extensions - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; - }; - - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "xts" ]; - devices = [ - { - name = "luks1"; - device = "/dev/disk/by-id/ata-TOSHIBA-TR150_467B50JXK8WU-part2"; - } - ]; - }; - - environment = { - profileRelativeEnvVars.PATH = mkForce [ "/bin" ]; - shellAliases = mkForce { - gp = "${pkgs.pari}/bin/gp -q"; - df = "df -h"; - du = "du -h"; - ls = "ls -h --color=auto --group-directories-first"; - dmesg = "dmesg -L --reltime"; - view = "vim -R"; - - reload = "systemctl reload"; - restart = "systemctl restart"; - start = "systemctl start"; - status = "systemctl status"; - stop = "systemctl stop"; - }; - systemPackages = with pkgs; [ - dic - htop - p7zip - q - - pavucontrol - rxvt_unicode.terminfo - - # stockholm - git - gnumake - populate - ]; - variables = { - NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; - }; - }; - - fileSystems = { - "/boot" = { - device = "/dev/disk/by-id/ata-TOSHIBA-TR150_467B50JXK8WU-part1"; - }; - "/" = { - device = "/dev/mapper/vg1-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/home" = { - device = "/dev/mapper/vg1-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - - networking.hostName = config.krebs.build.host.name; - - nix = { - binaryCaches = ["https://cache.nixos.org"]; - requireSignedBinaryCaches = true; - # TODO check if both are required: - sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ]; - useSandbox = true; - }; - - nixpkgs.config.packageOverrides = import <stockholm/tv/5pkgs> pkgs; - - users = { - defaultUserShell = "/run/current-system/sw/bin/bash"; - mutableUsers = false; - users = { - mv = { - inherit (config.krebs.users.mv) home uid; - isNormalUser = true; - }; - }; - }; - - security.sudo.extraConfig = '' - Defaults env_keep+="SSH_CLIENT" - Defaults mailto="${config.krebs.users.mv.mail}" - Defaults !lecture - ''; - - services.cron.enable = false; - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - services.nscd.enable = false; - services.ntp.enable = false; - services.timesyncd.enable = true; - - time.timeZone = "Europe/Berlin"; - - tv.iptables = { - enable = true; - accept-echo-request = "internet"; - }; - - system.stateVersion = "16.03"; -} diff --git a/mv/1systems/stro/source.nix b/mv/1systems/stro/source.nix deleted file mode 100644 index 888d616c..00000000 --- a/mv/1systems/stro/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/mv/source.nix> { - name = "stro"; -} diff --git a/mv/dummy_secrets/default.nix b/mv/dummy_secrets/default.nix deleted file mode 100644 index 84a5e118..00000000 --- a/mv/dummy_secrets/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, ... }: -{ - users.users.root = { - openssh.authorizedKeys.keys = [ - config.krebs.users.mv.pubkey - ]; - }; -} diff --git a/mv/dummy_secrets/ssh.ed25519 b/mv/dummy_secrets/ssh.ed25519 deleted file mode 100644 index a7d2adab..00000000 --- a/mv/dummy_secrets/ssh.ed25519 +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -dummy ------END OPENSSH PRIVATE KEY----- diff --git a/mv/source.nix b/mv/source.nix deleted file mode 100644 index 29dfe972..00000000 --- a/mv/source.nix +++ /dev/null @@ -1,30 +0,0 @@ -with import <stockholm/lib>; -host@{ name, override ? {} }: let - builder = if getEnv "dummy_secrets" == "true" - then "buildbot" - else "mv"; - _file = <stockholm> + "/mv/1systems/${name}/source.nix"; - pkgs = import <nixpkgs> { - overlays = map import [ - <stockholm/krebs/5pkgs> - <stockholm/submodules/nix-writers/pkgs> - ]; - }; -in - evalSource (toString _file) [ - { - nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix"; - nixpkgs.git = { - # nixos-17.09 - ref = mkDefault "0653b73bf61f3a23d28c38ab7e9c69a318d433de"; - url = https://github.com/NixOS/nixpkgs; - }; - secrets.file = getAttr builder { - buildbot = toString <stockholm/mv/dummy_secrets>; - mv = "/home/mv/secrets/${name}"; - }; - stockholm.file = toString <stockholm>; - stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; - } - override - ] |