From 7fdc46bb9d911838edfa723d985ede6a604c0c5a Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 6 Jul 2017 21:47:47 +0200 Subject: move source config from module system to 1systems/*/source.nix --- Makefile | 2 +- krebs/3modules/build.nix | 7 -- lib/default.nix | 3 + lib/eval-source.nix | 17 +++++ shell.nix | 6 +- tv/1systems/alnus.nix | 96 ------------------------ tv/1systems/alnus/config.nix | 96 ++++++++++++++++++++++++ tv/1systems/alnus/source.nix | 3 + tv/1systems/caxi.nix | 25 ------- tv/1systems/caxi/config.nix | 25 +++++++ tv/1systems/caxi/source.nix | 3 + tv/1systems/cd.nix | 34 --------- tv/1systems/cd/config.nix | 34 +++++++++ tv/1systems/cd/source.nix | 3 + tv/1systems/mu.nix | 160 --------------------------------------- tv/1systems/mu/config.nix | 160 +++++++++++++++++++++++++++++++++++++++ tv/1systems/mu/source.nix | 3 + tv/1systems/nomic.nix | 74 ------------------ tv/1systems/nomic/config.nix | 74 ++++++++++++++++++ tv/1systems/nomic/source.nix | 4 + tv/1systems/test/source.nix | 3 + tv/1systems/wu.nix | 174 ------------------------------------------- tv/1systems/wu/config.nix | 174 +++++++++++++++++++++++++++++++++++++++++++ tv/1systems/wu/source.nix | 4 + tv/1systems/xu.nix | 174 ------------------------------------------- tv/1systems/xu/config.nix | 174 +++++++++++++++++++++++++++++++++++++++++++ tv/1systems/xu/source.nix | 4 + tv/1systems/zu.nix | 170 ------------------------------------------ tv/1systems/zu/config.nix | 170 ++++++++++++++++++++++++++++++++++++++++++ tv/1systems/zu/source.nix | 4 + tv/2configs/default.nix | 18 +---- tv/source.nix | 22 ++++++ 32 files changed, 986 insertions(+), 934 deletions(-) create mode 100644 lib/eval-source.nix delete mode 100644 tv/1systems/alnus.nix create mode 100644 tv/1systems/alnus/config.nix create mode 100644 tv/1systems/alnus/source.nix delete mode 100644 tv/1systems/caxi.nix create mode 100644 tv/1systems/caxi/config.nix create mode 100644 tv/1systems/caxi/source.nix delete mode 100644 tv/1systems/cd.nix create mode 100644 tv/1systems/cd/config.nix create mode 100644 tv/1systems/cd/source.nix delete mode 100644 tv/1systems/mu.nix create mode 100644 tv/1systems/mu/config.nix create mode 100644 tv/1systems/mu/source.nix delete mode 100644 tv/1systems/nomic.nix create mode 100644 tv/1systems/nomic/config.nix create mode 100644 tv/1systems/nomic/source.nix create mode 100644 tv/1systems/test/source.nix delete mode 100644 tv/1systems/wu.nix create mode 100644 tv/1systems/wu/config.nix create mode 100644 tv/1systems/wu/source.nix delete mode 100644 tv/1systems/xu.nix create mode 100644 tv/1systems/xu/config.nix create mode 100644 tv/1systems/xu/source.nix delete mode 100644 tv/1systems/zu.nix create mode 100644 tv/1systems/zu/config.nix create mode 100644 tv/1systems/zu/source.nix create mode 100644 tv/source.nix diff --git a/Makefile b/Makefile index cab53d52..e35aa89b 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ export STOCKHOLM_VERSION ?= $(shell \ system ?= $(HOSTNAME) $(if $(system),,$(error unbound variable: system)) -nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system).nix +nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system)/config.nix ifneq ($(words $(wildcard $(nixos-config))),1) $(error bad nixos-config: $(nixos-config)) endif diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 976d378f..904deb16 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -14,16 +14,9 @@ with import ; default = "/nix/var/nix/profiles/system"; }; - source = mkOption { - type = types.attrsOf types.source; - default = {}; - }; - # TODO deprecate krebs.build.user user = mkOption { type = types.user; }; }; - - config.krebs.build.source.stockholm.file = mkDefault (toString ); } diff --git a/lib/default.nix b/lib/default.nix index 803a614a..4c54f60a 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,6 +1,9 @@ let nixpkgs-lib = import ; lib = with lib; nixpkgs-lib // builtins // { + + evalSource = import ./eval-source.nix; + git = import ./git.nix { inherit lib; }; shell = import ./shell.nix { inherit lib; }; types = nixpkgs-lib.types // import ./types.nix { inherit lib; }; diff --git a/lib/eval-source.nix b/lib/eval-source.nix new file mode 100644 index 00000000..de5f0b43 --- /dev/null +++ b/lib/eval-source.nix @@ -0,0 +1,17 @@ +with import ; +let + eval = _file: source: evalModules { + modules = singleton { + inherit _file; + options.source = mkOption { + type = types.attrsOf types.source; + default = {}; + }; + config = { + inherit source; + }; + }; + }; +in + # This function's return value can be used as pkgs.populate input. + _file: source: (eval _file source).config.source diff --git a/shell.nix b/shell.nix index e0c60e33..57957f82 100644 --- a/shell.nix +++ b/shell.nix @@ -43,9 +43,11 @@ let ''; init.env = pkgs.writeText "init.env" /* sh */ '' - config=''${config-$LOGNAME/1systems/$system.nix} + config=''${config-$LOGNAME/1systems/$system/config.nix} + source=''${source-$LOGNAME/1systems/$system/source.nix} export config + export source export system export target @@ -92,7 +94,7 @@ let --show-trace \ --strict \ -I nixos-config="$config" \ - -E 'with import ; config.krebs.build.source') + "$source") echo $_source | ${pkgs.populate}/bin/populate \ "$target_user@$target_host:$target_port$target_path" \ diff --git a/tv/1systems/alnus.nix b/tv/1systems/alnus.nix deleted file mode 100644 index ef2a0500..00000000 --- a/tv/1systems/alnus.nix +++ /dev/null @@ -1,96 +0,0 @@ -{ config, pkgs, ... }: - -with import ; - -{ - imports = [ - ../. - ../2configs/hw/x220.nix - ../2configs/exim-retiolum.nix - ../2configs/retiolum.nix - ]; - - # TODO remove non-hardware stuff from ../2configs/hw/x220.nix - # networking.wireless.enable collides with networkmanager - networking.wireless.enable = mkForce false; - - boot = { - initrd = { - availableKernelModules = [ "ahci" ]; - luks = { - cryptoModules = [ "aes" "sha512" "xts" ]; - devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - }; - }; - }; - - environment.systemPackages = with pkgs; [ - chromium - firefoxWrapper - networkmanagerapplet - pidginotr - pidgin-with-plugins - ]; - - fileSystems = { - "/boot" = { - device = "/dev/sda1"; - }; - "/" = { - device = "/dev/mapper/main-root"; - fsType = "btrfs"; - options = [ "defaults" "noatime" ]; - }; - "/home" = { - device = "/dev/mapper/main-home"; - fsType = "btrfs"; - options = [ "defaults" "noatime" ]; - }; - }; - - hardware = { - opengl.driSupport32Bit = true; - pulseaudio.enable = true; - }; - - i18n.defaultLocale = "de_DE.UTF-8"; - - krebs.build = { - host = config.krebs.hosts.alnus; - user = mkForce config.krebs.users.dv; - source.nixpkgs.git.ref = mkForce "9b948ea439ddbaa26740ce35543e7e35d2aa6d18"; - }; - - networking.networkmanager.enable = true; - - nixpkgs.config = { - allowUnfree = true; - }; - - services.xserver = { - enable = true; - layout = "de"; - xkbOptions = "eurosign:e"; - synaptics = { - enable = true; - twoFingerScroll = true; - }; - desktopManager.xfce.enable = true; - displayManager.auto = { - enable = true; - user = "dv"; - }; - }; - - swapDevices =[ ]; - - users.users.dv = { - inherit (config.krebs.users.dv) home uid; - isNormalUser = true; - extraGroups = [ - "audio" - "video" - "networkmanager" - ]; - }; -} diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix new file mode 100644 index 00000000..d08a2901 --- /dev/null +++ b/tv/1systems/alnus/config.nix @@ -0,0 +1,96 @@ +{ config, pkgs, ... }: + +with import ; + +{ + imports = [ + + + + + ]; + + # TODO remove non-hardware stuff from ../2configs/hw/x220.nix + # networking.wireless.enable collides with networkmanager + networking.wireless.enable = mkForce false; + + boot = { + initrd = { + availableKernelModules = [ "ahci" ]; + luks = { + cryptoModules = [ "aes" "sha512" "xts" ]; + devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + chromium + firefoxWrapper + networkmanagerapplet + pidginotr + pidgin-with-plugins + ]; + + fileSystems = { + "/boot" = { + device = "/dev/sda1"; + }; + "/" = { + device = "/dev/mapper/main-root"; + fsType = "btrfs"; + options = [ "defaults" "noatime" ]; + }; + "/home" = { + device = "/dev/mapper/main-home"; + fsType = "btrfs"; + options = [ "defaults" "noatime" ]; + }; + }; + + hardware = { + opengl.driSupport32Bit = true; + pulseaudio.enable = true; + }; + + i18n.defaultLocale = "de_DE.UTF-8"; + + krebs.build = { + host = config.krebs.hosts.alnus; + user = mkForce config.krebs.users.dv; + source.nixpkgs.git.ref = mkForce "9b948ea439ddbaa26740ce35543e7e35d2aa6d18"; + }; + + networking.networkmanager.enable = true; + + nixpkgs.config = { + allowUnfree = true; + }; + + services.xserver = { + enable = true; + layout = "de"; + xkbOptions = "eurosign:e"; + synaptics = { + enable = true; + twoFingerScroll = true; + }; + desktopManager.xfce.enable = true; + displayManager.auto = { + enable = true; + user = "dv"; + }; + }; + + swapDevices =[ ]; + + users.users.dv = { + inherit (config.krebs.users.dv) home uid; + isNormalUser = true; + extraGroups = [ + "audio" + "video" + "networkmanager" + ]; + }; +} diff --git a/tv/1systems/alnus/source.nix b/tv/1systems/alnus/source.nix new file mode 100644 index 00000000..f9dcefee --- /dev/null +++ b/tv/1systems/alnus/source.nix @@ -0,0 +1,3 @@ +import { + name = "alnus"; +} diff --git a/tv/1systems/caxi.nix b/tv/1systems/caxi.nix deleted file mode 100644 index 59f3cd63..00000000 --- a/tv/1systems/caxi.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, ... }: - -with import ; - -{ - krebs.build.host = config.krebs.hosts.caxi; - - imports = [ - ../. - ../2configs/hw/CAC-Developer-1.nix - ../2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/retiolum.nix - ]; - - networking = let - inherit (config.krebs.build.host.nets.internet) ip4; - in { - interfaces.enp2s1.ip4 = singleton { - address = ip4.addr; - prefixLength = fromJSON (head (match ".*/([0-9]+)" ip4.prefix)); - }; - defaultGateway = head (match "([^/]*)\.0/[0-9]+" ip4.prefix) + ".1"; - nameservers = ["8.8.8.8"]; - }; -} diff --git a/tv/1systems/caxi/config.nix b/tv/1systems/caxi/config.nix new file mode 100644 index 00000000..b136d1ad --- /dev/null +++ b/tv/1systems/caxi/config.nix @@ -0,0 +1,25 @@ +{ config, ... }: + +with import ; + +{ + krebs.build.host = config.krebs.hosts.caxi; + + imports = [ + + + + + ]; + + networking = let + inherit (config.krebs.build.host.nets.internet) ip4; + in { + interfaces.enp2s1.ip4 = singleton { + address = ip4.addr; + prefixLength = fromJSON (head (match ".*/([0-9]+)" ip4.prefix)); + }; + defaultGateway = head (match "([^/]*)\.0/[0-9]+" ip4.prefix) + ".1"; + nameservers = ["8.8.8.8"]; + }; +} diff --git a/tv/1systems/caxi/source.nix b/tv/1systems/caxi/source.nix new file mode 100644 index 00000000..bc875b76 --- /dev/null +++ b/tv/1systems/caxi/source.nix @@ -0,0 +1,3 @@ +import { + name = "caxi"; +} diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix deleted file mode 100644 index 9f2cec57..00000000 --- a/tv/1systems/cd.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -{ - krebs.build.host = config.krebs.hosts.cd; - - imports = [ - ../. - ../2configs/hw/CAC-Developer-2.nix - ../2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/exim-smarthost.nix - ../2configs/retiolum.nix - ]; - - networking = { - interfaces.enp2s1.ip4 = singleton { - address = let - addr = "45.62.237.203"; - in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr; - prefixLength = 24; - }; - defaultGateway = "45.62.237.1"; - nameservers = ["8.8.8.8"]; - }; - - environment.systemPackages = with pkgs; [ - iftop - iotop - iptables - nethogs - tcpdump - ]; -} diff --git a/tv/1systems/cd/config.nix b/tv/1systems/cd/config.nix new file mode 100644 index 00000000..f78bcafe --- /dev/null +++ b/tv/1systems/cd/config.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +with import ; + +{ + krebs.build.host = config.krebs.hosts.cd; + + imports = [ + + + + + + ]; + + networking = { + interfaces.enp2s1.ip4 = singleton { + address = let + addr = "45.62.237.203"; + in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr; + prefixLength = 24; + }; + defaultGateway = "45.62.237.1"; + nameservers = ["8.8.8.8"]; + }; + + environment.systemPackages = with pkgs; [ + iftop + iotop + iptables + nethogs + tcpdump + ]; +} diff --git a/tv/1systems/cd/source.nix b/tv/1systems/cd/source.nix new file mode 100644 index 00000000..019e8bc2 --- /dev/null +++ b/tv/1systems/cd/source.nix @@ -0,0 +1,3 @@ +import { + name = "cd"; +} diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix deleted file mode 100644 index 3f3b2c2f..00000000 --- a/tv/1systems/mu.nix +++ /dev/null @@ -1,160 +0,0 @@ -{ config, pkgs, ... }: - -with import ; - -{ - imports = [ - ../../krebs - ../2configs - ../3modules - ../2configs/exim-retiolum.nix - ../2configs/retiolum.nix - ]; - - krebs.build.host = config.krebs.hosts.mu; - krebs.build.user = mkForce config.krebs.users.vv; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0" - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0" - - # for jack - KERNEL=="rtc0", GROUP="audio" - KERNEL=="hpet", GROUP="audio" - ''; - - - # hardware configuration - boot.initrd.luks.devices = [ - { name = "vgmu1"; device = "/dev/sda2"; } - ]; - boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ]; - boot.initrd.availableKernelModules = [ "ahci" ]; - boot.kernelModules = [ "fbcon" "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - boot.extraModprobeConfig = '' - options kvm_intel nested=1 - ''; - - fileSystems = { - "/" = { - device = "/dev/vgmu1/nixroot"; - fsType = "ext4"; - options = [ "defaults" "noatime" ]; - }; - "/home" = { - device = "/dev/vgmu1/home"; - options = [ "defaults" "noatime" ]; - }; - "/boot" = { - device = "/dev/sda1"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = [ "nosuid" "nodev" "noatime" ]; - }; - }; - - swapDevices =[ ]; - - nixpkgs.config.allowUnfree = true; - hardware.opengl.driSupport32Bit = true; - - hardware.pulseaudio.enable = true; - - hardware.enableAllFirmware = true; - - boot.loader.gummiboot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.networkmanager.enable = true; - - environment.systemPackages = with pkgs; [ - slock - tinc_pre - iptables - vim - gimp - xsane - firefoxWrapper - chromium - skype - libreoffice - pidgin-with-plugins - pidginotr - - #foomatic_filters - #gutenprint - #cups_pdf_filter - #ghostscript - ]; - - - i18n.defaultLocale = "de_DE.UTF-8"; - - programs.ssh.startAgent = false; - - security.wrappers = { - sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron - slock.source = "${pkgs.slock}/bin/slock"; - }; - - security.pam.loginLimits = [ - # for jack - { domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; } - { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; } - ]; - - fonts.fonts = [ - pkgs.xlibs.fontschumachermisc - ]; - - # Enable CUPS to print documents. - services.printing = { - enable = true; - #drivers = [ - # #pkgs.foomatic_filters - # #pkgs.gutenprint - # #pkgs.cups_pdf_filter - # #pkgs.ghostscript - #]; - #cupsdConf = '' - # LogLevel debug2 - #''; - }; - - services.xserver.enable = true; - services.xserver.layout = "de"; - services.xserver.xkbOptions = "eurosign:e"; - - # TODO this is host specific - services.xserver.synaptics = { - enable = true; - twoFingerScroll = true; - }; - - services.xserver.desktopManager.plasma5 = { - enable = true; - }; - services.xserver.displayManager.auto = { - enable = true; - user = "vv"; - }; - - users.users.vv = { - inherit (config.krebs.users.vv) home uid; - isNormalUser = true; - extraGroups = [ - "audio" - "video" - "networkmanager" - ]; - }; - - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; -} diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix new file mode 100644 index 00000000..239f333b --- /dev/null +++ b/tv/1systems/mu/config.nix @@ -0,0 +1,160 @@ +{ config, pkgs, ... }: + +with import ; + +{ + imports = [ + + + + + + ]; + + krebs.build.host = config.krebs.hosts.mu; + krebs.build.user = mkForce config.krebs.users.vv; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0" + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0" + + # for jack + KERNEL=="rtc0", GROUP="audio" + KERNEL=="hpet", GROUP="audio" + ''; + + + # hardware configuration + boot.initrd.luks.devices = [ + { name = "vgmu1"; device = "/dev/sda2"; } + ]; + boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ]; + boot.initrd.availableKernelModules = [ "ahci" ]; + boot.kernelModules = [ "fbcon" "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + boot.extraModprobeConfig = '' + options kvm_intel nested=1 + ''; + + fileSystems = { + "/" = { + device = "/dev/vgmu1/nixroot"; + fsType = "ext4"; + options = [ "defaults" "noatime" ]; + }; + "/home" = { + device = "/dev/vgmu1/home"; + options = [ "defaults" "noatime" ]; + }; + "/boot" = { + device = "/dev/sda1"; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = [ "nosuid" "nodev" "noatime" ]; + }; + }; + + swapDevices =[ ]; + + nixpkgs.config.allowUnfree = true; + hardware.opengl.driSupport32Bit = true; + + hardware.pulseaudio.enable = true; + + hardware.enableAllFirmware = true; + + boot.loader.gummiboot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.networkmanager.enable = true; + + environment.systemPackages = with pkgs; [ + slock + tinc_pre + iptables + vim + gimp + xsane + firefoxWrapper + chromium + skype + libreoffice + pidgin-with-plugins + pidginotr + + #foomatic_filters + #gutenprint + #cups_pdf_filter + #ghostscript + ]; + + + i18n.defaultLocale = "de_DE.UTF-8"; + + programs.ssh.startAgent = false; + + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + slock.source = "${pkgs.slock}/bin/slock"; + }; + + security.pam.loginLimits = [ + # for jack + { domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; } + { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; } + ]; + + fonts.fonts = [ + pkgs.xlibs.fontschumachermisc + ]; + + # Enable CUPS to print documents. + services.printing = { + enable = true; + #drivers = [ + # #pkgs.foomatic_filters + # #pkgs.gutenprint + # #pkgs.cups_pdf_filter + # #pkgs.ghostscript + #]; + #cupsdConf = '' + # LogLevel debug2 + #''; + }; + + services.xserver.enable = true; + services.xserver.layout = "de"; + services.xserver.xkbOptions = "eurosign:e"; + + # TODO this is host specific + services.xserver.synaptics = { + enable = true; + twoFingerScroll = true; + }; + + services.xserver.desktopManager.plasma5 = { + enable = true; + }; + services.xserver.displayManager.auto = { + enable = true; + user = "vv"; + }; + + users.users.vv = { + inherit (config.krebs.users.vv) home uid; + isNormalUser = true; + extraGroups = [ + "audio" + "video" + "networkmanager" + ]; + }; + + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" # does this work with mounted /tmp? + ]; +} diff --git a/tv/1systems/mu/source.nix b/tv/1systems/mu/source.nix new file mode 100644 index 00000000..7e148cf3 --- /dev/null +++ b/tv/1systems/mu/source.nix @@ -0,0 +1,3 @@ +import { + name = "mu"; +} diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix deleted file mode 100644 index 9b950225..00000000 --- a/tv/1systems/nomic.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -{ - krebs.build.host = config.krebs.hosts.nomic; - - imports = [ - ../. - ../2configs/hw/x220.nix - ../2configs/exim-retiolum.nix - ../2configs/gitrepos.nix - ../2configs/im.nix - ../2configs/mail-client.nix - ../2configs/nginx/public_html.nix - ../2configs/pulse.nix - ../2configs/retiolum.nix - ../2configs/xserver - ]; - - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "xts" ]; - devices = [ - { name = "luks1"; device = "/dev/sda2"; } - ]; - }; - - # Don't use UEFI because current disk was partitioned/formatted for AO753. - # TODO remove following bool.loader section after repartitioning/reformatting - boot.loader = { - grub = { - device = "/dev/sda"; - splashImage = null; - }; - systemd-boot.enable = mkForce false; - }; - - fileSystems."/" = - { device = "/dev/mapper/nomic1-root"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = - { device = "/dev/sda1"; - fsType = "ext4"; - }; - - fileSystems."/home" = - { device = "/dev/mapper/nomic1-home"; - fsType = "btrfs"; - }; - - swapDevices = [ ]; - - # TODO base - boot.tmpOnTmpfs = true; - - environment.systemPackages = with pkgs; [ - (writeDashBin "play" '' - set -euf - mpv() { exec ${mpv}/bin/mpv "$@"; } - case $1 in - deepmix) mpv http://deepmix.ru/deepmix128.pls;; - groovesalad) mpv http://somafm.com/play/groovesalad;; - ntslive) mpv http://listen2.ntslive.co.uk/listen.pls;; - *) - echo "$0: bad argument: $*" >&2 - exit 23 - esac - '') - gnupg - tmux - ]; -} diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix new file mode 100644 index 00000000..d0144986 --- /dev/null +++ b/tv/1systems/nomic/config.nix @@ -0,0 +1,74 @@ +{ config, lib, pkgs, ... }: + +with import ; + +{ + krebs.build.host = config.krebs.hosts.nomic; + + imports = [ + + + + + + + + + + + ]; + + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "xts" ]; + devices = [ + { name = "luks1"; device = "/dev/sda2"; } + ]; + }; + + # Don't use UEFI because current disk was partitioned/formatted for AO753. + # TODO remove following bool.loader section after repartitioning/reformatting + boot.loader = { + grub = { + device = "/dev/sda"; + splashImage = null; + }; + systemd-boot.enable = mkForce false; + }; + + fileSystems."/" = + { device = "/dev/mapper/nomic1-root"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = + { device = "/dev/sda1"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/mapper/nomic1-home"; + fsType = "btrfs"; + }; + + swapDevices = [ ]; + + # TODO base + boot.tmpOnTmpfs = true; + + environment.systemPackages = with pkgs; [ + (writeDashBin "play" '' + set -euf + mpv() { exec ${mpv}/bin/mpv "$@"; } + case $1 in + deepmix) mpv http://deepmix.ru/deepmix128.pls;; + groovesalad) mpv http://somafm.com/play/groovesalad;; + ntslive) mpv http://listen2.ntslive.co.uk/listen.pls;; + *) + echo "$0: bad argument: $*" >&2 + exit 23 + esac + '') + gnupg + tmux + ]; +} diff --git a/tv/1systems/nomic/source.nix b/tv/1systems/nomic/source.nix new file mode 100644 index 00000000..f173b65a --- /dev/null +++ b/tv/1systems/nomic/source.nix @@ -0,0 +1,4 @@ +import { + name = "nomic"; + secure = true; +} diff --git a/tv/1systems/test/source.nix b/tv/1systems/test/source.nix new file mode 100644 index 00000000..f756b858 --- /dev/null +++ b/tv/1systems/test/source.nix @@ -0,0 +1,3 @@ +import { + name = "test"; +} diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix deleted file mode 100644 index 4b3bf853..00000000 --- a/tv/1systems/wu.nix +++ /dev/null @@ -1,174 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -{ - krebs.build.host = config.krebs.hosts.wu; - - imports = [ - ../. - ../2configs/hw/w110er.nix - ../2configs/exim-retiolum.nix - ../2configs/gitrepos.nix - ../2configs/im.nix - ../2configs/mail-client.nix - ../2configs/man.nix - ../2configs/nginx/public_html.nix - ../2configs/pulse.nix - ../2configs/retiolum.nix - ../2configs/xserver - { - environment.systemPackages = with pkgs; [ - # root - cryptsetup - - # tv - bc - bind # dig - cac-api - dic - file - get - gnupg1compat - haskellPackages.hledger - jq - mkpasswd - netcat - nix-repl - nmap - p7zip - push - qrencode - tmux - - #ack - #apache-httpd - #ascii - #emacs - #es - #esniper - #gcc - #gptfdisk - #graphviz - #haskellPackages.cabal2nix - #haskellPackages.ghc - #haskellPackages.shake - #hdparm - #i7z - #iftop - #imagemagick - #inotifyTools - #iodine - #iotop - #lshw - #lsof - #minicom - #mtools - #ncmpc - #neovim - #nethogs - #nix-prefetch-scripts #cvs bug - #openssl - #openswan - #parted - #perl - #powertop - #ppp - #proot - #pythonPackages.arandr - #pythonPackages.youtube-dl - #racket - #rxvt_unicode-with-plugins - #scrot - #sec - #silver-searcher - #sloccount - #smartmontools - #socat - #sshpass - #strongswan - #sysdig - #sysstat - #tcpdump - #tlsdate - #unetbootin - #utillinuxCurses - #wvdial - #xdotool - #xkill - #xl2tpd - #xsel - - unison - ]; - } - ]; - - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "xts" ]; - devices = [ - { name = "wuca"; device = "/dev/sda2"; } - ]; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/wuvga-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/bku" = { - device = "/dev/mapper/wuvga-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/home" = { - device = "/dev/mapper/wuvga-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/boot" = { - device = "/dev/sda1"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - krebs.nixpkgs.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name; - hardware.bumblebee.enable = true; - hardware.bumblebee.group = "video"; - hardware.enableAllFirmware = true; - hardware.opengl.driSupport32Bit = true; - - environment.systemPackages = with pkgs; [ - ethtool - tinc_pre - iptables - #jack2 - ]; - - security.wrappers = { - sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron - }; - - services.printing.enable = true; - - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0" - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0" - - # for jack - KERNEL=="rtc0", GROUP="audio" - KERNEL=="hpet", GROUP="audio" - ''; - - virtualisation.virtualbox.host.enable = true; -} diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix new file mode 100644 index 00000000..5b2542ac --- /dev/null +++ b/tv/1systems/wu/config.nix @@ -0,0 +1,174 @@ +{ config, lib, pkgs, ... }: + +with import ; + +{ + krebs.build.host = config.krebs.hosts.wu; + + imports = [ + + + + + + + + + + + + { + environment.systemPackages = with pkgs; [ + # root + cryptsetup + + # tv + bc + bind # dig + cac-api + dic + file + get + gnupg1compat + haskellPackages.hledger + jq + mkpasswd + netcat + nix-repl + nmap + p7zip + push + qrencode + tmux + + #ack + #apache-httpd + #ascii + #emacs + #es + #esniper + #gcc + #gptfdisk + #graphviz + #haskellPackages.cabal2nix + #haskellPackages.ghc + #haskellPackages.shake + #hdparm + #i7z + #iftop + #imagemagick + #inotifyTools + #iodine + #iotop + #lshw + #lsof + #minicom + #mtools + #ncmpc + #neovim + #nethogs + #nix-prefetch-scripts #cvs bug + #openssl + #openswan + #parted + #perl + #powertop + #ppp + #proot + #pythonPackages.arandr + #pythonPackages.youtube-dl + #racket + #rxvt_unicode-with-plugins + #scrot + #sec + #silver-searcher + #sloccount + #smartmontools + #socat + #sshpass + #strongswan + #sysdig + #sysstat + #tcpdump + #tlsdate + #unetbootin + #utillinuxCurses + #wvdial + #xdotool + #xkill + #xl2tpd + #xsel + + unison + ]; + } + ]; + + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "xts" ]; + devices = [ + { name = "wuca"; device = "/dev/sda2"; } + ]; + }; + + fileSystems = { + "/" = { + device = "/dev/mapper/wuvga-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/bku" = { + device = "/dev/mapper/wuvga-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/home" = { + device = "/dev/mapper/wuvga-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/boot" = { + device = "/dev/sda1"; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + krebs.nixpkgs.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name; + hardware.bumblebee.enable = true; + hardware.bumblebee.group = "video"; + hardware.enableAllFirmware = true; + hardware.opengl.driSupport32Bit = true; + + environment.systemPackages = with pkgs; [ + ethtool + tinc_pre + iptables + #jack2 + ]; + + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; + + services.printing.enable = true; + + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" # does this work with mounted /tmp? + ]; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0" + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0" + + # for jack + KERNEL=="rtc0", GROUP="audio" + KERNEL=="hpet", GROUP="audio" + ''; + + virtualisation.virtualbox.host.enable = true; +} diff --git a/tv/1systems/wu/source.nix b/tv/1systems/wu/source.nix new file mode 100644 index 00000000..2e9cdeb8 --- /dev/null +++ b/tv/1systems/wu/source.nix @@ -0,0 +1,4 @@ +import { + name = "wu"; + secure = true; +} diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix deleted file mode 100644 index d82f45ac..00000000 --- a/tv/1systems/xu.nix +++ /dev/null @@ -1,174 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -{ - krebs.build.host = config.krebs.hosts.xu; - - imports = [ - ../. - ../2configs/hw/x220.nix - ../2configs/exim-retiolum.nix - ../2configs/gitconfig.nix - ../2configs/gitrepos.nix - ../2configs/mail-client.nix - ../2configs/man.nix - ../2configs/nginx/public_html.nix - ../2configs/pulse.nix - ../2configs/retiolum.nix - ../2configs/binary-cache - ../2configs/xserver - { - environment.systemPackages = with pkgs; [ - - - # root - cryptsetup - - # tv - bc - bind # dig - brain - cac-api - dic - file - gnupg1compat - haskellPackages.hledger - jq - krebszones - mkpasswd - netcat - netcup - nix-repl - nmap - p7zip - pass - q - qrencode - texlive.combined.scheme-full - tmux - - #ack - #apache-httpd - #ascii - #emacs - #es - #esniper - #gcc - #gptfdisk - #graphviz - #haskellPackages.cabal2nix - #haskellPackages.ghc - #haskellPackages.shake - #hdparm - #i7z - #iftop - #imagemagick - #inotifyTools - #iodine - #iotop - #lshw - #lsof - #minicom - #mtools - #ncmpc - #nethogs - #nix-prefetch-scripts #cvs bug - #openssl - #openswan - #parted - #perl - #powertop - #ppp - #proot - #pythonPackages.arandr - #pythonPackages.youtube-dl - #racket - #rxvt_unicode-with-plugins - #scrot - #sec - #silver-searcher - #sloccount - #smartmontools - #socat - #sshpass - #strongswan - #sysdig - #sysstat - #tcpdump - #tlsdate - #unetbootin - #utillinuxCurses - #wvdial - #xdotool - #xkill - #xl2tpd - #xsel - - unison - ]; - } - ]; - - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "xts" ]; - devices = [ - { name = "xuca"; device = "/dev/sda2"; } - ]; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/xuvga-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/bku" = { - device = "/dev/mapper/xuvga-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/home" = { - device = "/dev/mapper/xuvga-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/boot" = { - device = "/dev/sda1"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - environment.systemPackages = with pkgs; [ - ethtool - tinc_pre - iptables - #jack2 - - gptfdisk - ]; - - security.wrappers = { - sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron - }; - - services.printing.enable = true; - - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; - - #services.bitlbee.enable = true; - #services.tor.client.enable = true; - #services.tor.enable = true; - #services.virtualboxHost.enable = true; - - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "15.09"; -} diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix new file mode 100644 index 00000000..2bffdddb --- /dev/null +++ b/tv/1systems/xu/config.nix @@ -0,0 +1,174 @@ +{ config, lib, pkgs, ... }: + +with import ; + +{ + krebs.build.host = config.krebs.hosts.xu; + + imports = [ + + + + + + + + + + + + + { + environment.systemPackages = with pkgs; [ + + + # root + cryptsetup + + # tv + bc + bind # dig + brain + cac-api + dic + file + gnupg1compat + haskellPackages.hledger + jq + krebszones + mkpasswd + netcat + netcup + nix-repl + nmap + p7zip + pass + q + qrencode + texlive.combined.scheme-full + tmux + + #ack + #apache-httpd + #ascii + #emacs + #es + #esniper + #gcc + #gptfdisk + #graphviz + #haskellPackages.cabal2nix + #haskellPackages.ghc + #haskellPackages.shake + #hdparm + #i7z + #iftop + #imagemagick + #inotifyTools + #iodine + #iotop + #lshw + #lsof + #minicom + #mtools + #ncmpc + #nethogs + #nix-prefetch-scripts #cvs bug + #openssl + #openswan + #parted + #perl + #powertop + #ppp + #proot + #pythonPackages.arandr + #pythonPackages.youtube-dl + #racket + #rxvt_unicode-with-plugins + #scrot + #sec + #silver-searcher + #sloccount + #smartmontools + #socat + #sshpass + #strongswan + #sysdig + #sysstat + #tcpdump + #tlsdate + #unetbootin + #utillinuxCurses + #wvdial + #xdotool + #xkill + #xl2tpd + #xsel + + unison + ]; + } + ]; + + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "xts" ]; + devices = [ + { name = "xuca"; device = "/dev/sda2"; } + ]; + }; + + fileSystems = { + "/" = { + device = "/dev/mapper/xuvga-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/bku" = { + device = "/dev/mapper/xuvga-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/home" = { + device = "/dev/mapper/xuvga-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/boot" = { + device = "/dev/sda1"; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + environment.systemPackages = with pkgs; [ + ethtool + tinc_pre + iptables + #jack2 + + gptfdisk + ]; + + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; + + services.printing.enable = true; + + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" # does this work with mounted /tmp? + ]; + + #services.bitlbee.enable = true; + #services.tor.client.enable = true; + #services.tor.enable = true; + #services.virtualboxHost.enable = true; + + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "15.09"; +} diff --git a/tv/1systems/xu/source.nix b/tv/1systems/xu/source.nix new file mode 100644 index 00000000..46e1aee9 --- /dev/null +++ b/tv/1systems/xu/source.nix @@ -0,0 +1,4 @@ +import { + name = "xu"; + secure = true; +} diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix deleted file mode 100644 index 4fae3ca7..00000000 --- a/tv/1systems/zu.nix +++ /dev/null @@ -1,170 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -{ - krebs.build.host = config.krebs.hosts.zu; - - imports = [ - { - options.tv.test.sercret-file = mkOption { - type = types.secret-file; - default = {}; - }; - } - ../. - ../2configs/hw/x220.nix - ../2configs/exim-retiolum.nix - ../2configs/gitrepos.nix - ../2configs/mail-client.nix - ../2configs/man.nix - ../2configs/nginx/public_html.nix - ../2configs/pulse.nix - ../2configs/retiolum.nix - ../2configs/xserver - { - environment.systemPackages = with pkgs; [ - - # root - cryptsetup - - # tv - bc - bind # dig - cac-api - dic - file - gnupg1compat - haskellPackages.hledger - jq - mkpasswd - netcat - nix-repl - nmap - p7zip - pass - q - qrencode - # XXX fails at systemd.services.dbus.unitConfig - #texlive - tmux - - #ack - #apache-httpd - #ascii - #emacs - #es - #esniper - #gcc - #gptfdisk - #graphviz - #haskellPackages.cabal2nix - #haskellPackages.ghc - #haskellPackages.shake - #hdparm - #i7z - #iftop - #imagemagick - #inotifyTools - #iodine - #iotop - #lshw - #lsof - #minicom - #mtools - #ncmpc - #nethogs - #nix-prefetch-scripts #cvs bug - #openssl - #openswan - #parted - #perl - #powertop - #ppp - #proot - #pythonPackages.arandr - #pythonPackages.youtube-dl - #racket - #rxvt_unicode-with-plugins - #scrot - #sec - #silver-searcher - #sloccount - #smartmontools - #socat - #sshpass - #strongswan - #sysdig - #sysstat - #tcpdump - #tlsdate - #unetbootin - #utillinuxCurses - #wvdial - #xdotool - #xkill - #xl2tpd - #xsel - - unison - ]; - } - ]; - - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "xts" ]; - devices = [ - { name = "zuca"; device = "/dev/sda2"; } - ]; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/zuvga-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/home" = { - device = "/dev/mapper/zuvga-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/boot" = { - device = "/dev/sda1"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - environment.systemPackages = with pkgs; [ - ethtool - tinc_pre - iptables - #jack2 - - gptfdisk - ]; - - security.wrappers = { - sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron - }; - - services.printing.enable = true; - - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; - - #services.bitlbee.enable = true; - #services.tor.client.enable = true; - #services.tor.enable = true; - #services.virtualboxHost.enable = true; - - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "15.09"; -} diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix new file mode 100644 index 00000000..d2aab8c5 --- /dev/null +++ b/tv/1systems/zu/config.nix @@ -0,0 +1,170 @@ +{ config, lib, pkgs, ... }: + +with import ; + +{ + krebs.build.host = config.krebs.hosts.zu; + + imports = [ + { + options.tv.test.sercret-file = mkOption { + type = types.secret-file; + default = {}; + }; + } + + + + + + + + + + + { + environment.systemPackages = with pkgs; [ + + # root + cryptsetup + + # tv + bc + bind # dig + cac-api + dic + file + gnupg1compat + haskellPackages.hledger + jq + mkpasswd + netcat + nix-repl + nmap + p7zip + pass + q + qrencode + # XXX fails at systemd.services.dbus.unitConfig + #texlive + tmux + + #ack + #apache-httpd + #ascii + #emacs + #es + #esniper + #gcc + #gptfdisk + #graphviz + #haskellPackages.cabal2nix + #haskellPackages.ghc + #haskellPackages.shake + #hdparm + #i7z + #iftop + #imagemagick + #inotifyTools + #iodine + #iotop + #lshw + #lsof + #minicom + #mtools + #ncmpc + #nethogs + #nix-prefetch-scripts #cvs bug + #openssl + #openswan + #parted + #perl + #powertop + #ppp + #proot + #pythonPackages.arandr + #pythonPackages.youtube-dl + #racket + #rxvt_unicode-with-plugins + #scrot + #sec + #silver-searcher + #sloccount + #smartmontools + #socat + #sshpass + #strongswan + #sysdig + #sysstat + #tcpdump + #tlsdate + #unetbootin + #utillinuxCurses + #wvdial + #xdotool + #xkill + #xl2tpd + #xsel + + unison + ]; + } + ]; + + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "xts" ]; + devices = [ + { name = "zuca"; device = "/dev/sda2"; } + ]; + }; + + fileSystems = { + "/" = { + device = "/dev/mapper/zuvga-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/home" = { + device = "/dev/mapper/zuvga-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/boot" = { + device = "/dev/sda1"; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + environment.systemPackages = with pkgs; [ + ethtool + tinc_pre + iptables + #jack2 + + gptfdisk + ]; + + security.wrappers = { + sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron + }; + + services.printing.enable = true; + + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" # does this work with mounted /tmp? + ]; + + #services.bitlbee.enable = true; + #services.tor.client.enable = true; + #services.tor.enable = true; + #services.virtualboxHost.enable = true; + + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "15.09"; +} diff --git a/tv/1systems/zu/source.nix b/tv/1systems/zu/source.nix new file mode 100644 index 00000000..7a5c4f52 --- /dev/null +++ b/tv/1systems/zu/source.nix @@ -0,0 +1,4 @@ +import { + name = "zu"; + secure = true; +} diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 3d95d6de..07496fd1 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -6,23 +6,7 @@ with import ; in { krebs.enable = true; - krebs.build = { - user = config.krebs.users.tv; - source = let inherit (config.krebs.build) host; in { - nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix"; - secrets.file = getAttr builder { - buildbot = toString ; - tv = "/home/tv/secrets/${host.name}"; - }; - secrets-common.file = "/home/tv/secrets/common"; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "057f89b9344e5341796046f25ae4f269be6d4529"; # nixos-17.03 - }; - } // optionalAttrs host.secure { - secrets-master.file = "/home/tv/secrets/master"; - }; - }; + krebs.build.user = config.krebs.users.tv; networking.hostName = config.krebs.build.host.name; diff --git a/tv/source.nix b/tv/source.nix new file mode 100644 index 00000000..7306cd95 --- /dev/null +++ b/tv/source.nix @@ -0,0 +1,22 @@ +with import ; +host@{ name, secure ? false }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "tv"; + _file = + "/tv/1systems/${name}/source.nix"; +in + evalSource (toString _file) { + nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix"; + secrets.file = getAttr builder { + buildbot = toString ; + tv = "/home/tv/secrets/${name}"; + }; + stockholm.file = toString ; + secrets-common.file = "/home/tv/secrets/common"; + nixpkgs.git = { + url = https://github.com/NixOS/nixpkgs; + ref = "1b57bf274ae5c76e91b2b264d8aa8bfcecb72102"; # nixos-17.03 + }; + } // optionalAttrs secure { + secrets-master.file = "/home/tv/secrets/master"; + } -- cgit v1.2.3