From 952c03b3742cc1a979e4a1c148d083f1334cfe65 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Oct 2015 20:02:29 +0200 Subject: krebs 5 retiolum-bootstrap: init new_install.sh package --- krebs/5pkgs/retiolum-bootstrap/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 krebs/5pkgs/retiolum-bootstrap/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/retiolum-bootstrap/default.nix b/krebs/5pkgs/retiolum-bootstrap/default.nix new file mode 100644 index 00000000..d3bcc05d --- /dev/null +++ b/krebs/5pkgs/retiolum-bootstrap/default.nix @@ -0,0 +1,6 @@ +{ fetchurl }: + +fetchurl { + url = https://raw.githubusercontent.com/krebscode/painload/master/retiolum/scripts/tinc_setup/new_install.sh; + sha256 = "03kmil8q2xm3rdm2jxyah7vww84pw6w01d0c3siid9zpn2j7la9s"; +} -- cgit v1.2.3 From 5a1808617aa121b8fc66389d8e92e387bb25a64c Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Oct 2015 21:49:08 +0200 Subject: krebs 5 retiolum-bootstrap: packing to be used by nginx --- krebs/5pkgs/retiolum-bootstrap/default.nix | 31 ++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/retiolum-bootstrap/default.nix b/krebs/5pkgs/retiolum-bootstrap/default.nix index d3bcc05d..331b1cb7 100644 --- a/krebs/5pkgs/retiolum-bootstrap/default.nix +++ b/krebs/5pkgs/retiolum-bootstrap/default.nix @@ -1,6 +1,29 @@ -{ fetchurl }: +{ stdenv,lib,fetchurl, ... }: +with lib; +stdenv.mkDerivation rec { + name = "retiolum-bootstrap"; + version = "4.2.3"; -fetchurl { - url = https://raw.githubusercontent.com/krebscode/painload/master/retiolum/scripts/tinc_setup/new_install.sh; - sha256 = "03kmil8q2xm3rdm2jxyah7vww84pw6w01d0c3siid9zpn2j7la9s"; + + src = fetchurl { + url = https://raw.githubusercontent.com/krebscode/painload/master/retiolum/scripts/tinc_setup/new_install.sh; + sha256 = "03kmil8q2xm3rdm2jxyah7vww84pw6w01d0c3siid9zpn2j7la9s"; + }; + + phases = [ + "installPhase" + ]; + + installPhase = '' + mkdir -p "$out" + cp -a ${src} $out/retiolum.sh + ''; + + meta = { + description = "Retiolum boostrap scripts"; + url = https://github.com/krebscode/painload; + license = licenses.wtfpl; + platforms = platforms.unix; + maintainers = with maintainers; [ makefu ]; + }; } -- cgit v1.2.3 From 754ea55ab89cdeffaac7b4b66ca792558fed9237 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Oct 2015 21:50:08 +0200 Subject: krebs 3 retiolum-bootstrap: init module --- krebs/3modules/default.nix | 1 + krebs/3modules/retiolum-bootstrap.nix | 60 +++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 krebs/3modules/retiolum-bootstrap.nix (limited to 'krebs') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index ff0cc834..756245c0 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -14,6 +14,7 @@ let ./iptables.nix ./nginx.nix ./Reaktor.nix + ./retiolum-bootstrap.nix ./realwallpaper.nix ./retiolum.nix ./urlwatch.nix diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix new file mode 100644 index 00000000..5cce4c2a --- /dev/null +++ b/krebs/3modules/retiolum-bootstrap.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.krebs.retiolum-bootstrap; + + out = { + options.krebs.retiolum-bootstrap = api; + config = mkIf cfg.enable imp ; + }; + + api = { + enable = mkEnableOption "retiolum boot strap for tinc.krebsco.de"; + hostname = mkOption { + type = types.str; + description = "hostname which serves tinc boot"; + default = "tinc.krebsco.de" ; + }; + ssl_certificate_key = mkOption { + type = types.str; + description = "Certificate key to use for ssl"; + default = "/root/secrets/tinc.krebsco.de.key"; + }; + ssl_certificate = mkOption { + type = types.str; + description = "Certificate file to use for ssl"; + default = "/root/secrets/tinc.krebsco.de.crt" ; + }; + # in use: + # + # + }; + + imp = { + # TODO: assert krebs nginx + + krebs.nginx.servers = { + retiolum-boot-redir = { + server-names = singleton cfg.hostname; + extraConfig = '' + return 301 https://$server_name$request_uri; + ''; + locations = []; + }; + retiolum-boot-ssl = { + server-names = singleton cfg.hostname; + listen = "443 ssl"; + extraConfig = '' + ssl_certificate ${cfg.ssl_certificate}; + ssl_certificate_key ${cfg.ssl_certificate_key}; + root ${pkgs.retiolum-bootstrap}; + try_files $uri $uri/retiolum.sh; + ''; + locations = []; + }; + }; + }; + +in +out -- cgit v1.2.3 From 858034cc615469c6e4b7e48711f6fb026f16ffb4 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Oct 2015 21:51:20 +0200 Subject: m 1 wry: host is the new provider for tinc.krebsco.de --- krebs/3modules/makefu/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 4628b2ac..659e7145 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -130,7 +130,6 @@ with import ../../4lib { inherit lib; }; io IN NS pigstarter.krebsco.de. pigstarter IN A ${head nets.internet.addrs4} gold IN A ${head nets.internet.addrs4} - tinc IN A ${head nets.internet.addrs4} boot IN A ${head nets.internet.addrs4}''; }; nets = { @@ -167,6 +166,7 @@ with import ../../4lib { inherit lib; }; "krebsco.de" = '' wry IN A ${head nets.internet.addrs4} graphs IN A ${head nets.internet.addrs4} + tinc IN A ${head nets.internet.addrs4} ''; }; nets = rec { -- cgit v1.2.3 From 8d3ebfc096c10e9d498ca0bed934ad9e35e6c022 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Oct 2015 21:57:05 +0200 Subject: krebs 3 retiolum-bootstrap: fix assert todo --- krebs/3modules/retiolum-bootstrap.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix index 5cce4c2a..eed11642 100644 --- a/krebs/3modules/retiolum-bootstrap.nix +++ b/krebs/3modules/retiolum-bootstrap.nix @@ -32,9 +32,7 @@ let }; imp = { - # TODO: assert krebs nginx - - krebs.nginx.servers = { + krebs.nginx.servers = assert config.krebs.nginx.enable; { retiolum-boot-redir = { server-names = singleton cfg.hostname; extraConfig = '' -- cgit v1.2.3 From ded0821d9bf7c85e2197cb7811d5f95987ded02e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Oct 2015 23:46:10 +0200 Subject: m 1,2 : wry serves as iodine entry point --- krebs/3modules/makefu/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 659e7145..acc5d7dd 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -127,7 +127,6 @@ with import ../../4lib { inherit lib; }; "krebsco.de" = '' IN MX 10 mx42 euer IN MX 1 aspmx.l.google.com. - io IN NS pigstarter.krebsco.de. pigstarter IN A ${head nets.internet.addrs4} gold IN A ${head nets.internet.addrs4} boot IN A ${head nets.internet.addrs4}''; @@ -165,6 +164,7 @@ with import ../../4lib { inherit lib; }; extraZones = { "krebsco.de" = '' wry IN A ${head nets.internet.addrs4} + io IN NS wry.krebsco.de. graphs IN A ${head nets.internet.addrs4} tinc IN A ${head nets.internet.addrs4} ''; -- cgit v1.2.3