diff options
| author | makefu <github@syntax-fehler.de> | 2015-11-10 19:01:43 +0100 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2015-11-10 19:01:43 +0100 |
| commit | 5ac356be526cc43105421194f6939ed11b4beaa6 (patch) | |
| tree | b16f6430f62e1ced7e2c49133a8c43a8fd7a6f48 | |
| parent | c9032105eb4abe2eecbeeb31df7b62ed082bb6fc (diff) | |
| parent | b394c79051fbcf6cf072f2b9af75819d37cd2426 (diff) | |
Merge branch 'master' of pnp:stockholm
| -rw-r--r-- | krebs/4lib/infest/prepare.sh | 1 | ||||
| -rw-r--r-- | krebs/default.nix | 1 | ||||
| -rw-r--r-- | makefu/1systems/gum.nix | 36 |
3 files changed, 28 insertions, 10 deletions
diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index 182a068e..0bfc4938 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -66,6 +66,7 @@ prepare_debian() { type bzip2 2>/dev/null || apt-get install bzip2 type git 2>/dev/null || apt-get install git type rsync 2>/dev/null || apt-get install rsync + type curl 2>/dev/null || apt-get install curl prepare_common } diff --git a/krebs/default.nix b/krebs/default.nix index bfd6175d..ad020542 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -11,6 +11,7 @@ let out = { inherit infest; inherit init; inherit nixos-install; + inherit populate; }; deploy = diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 85cf4c53..3a010220 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -9,24 +9,41 @@ in { # TODO: copy this config or move to krebs ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix + ../2configs/fs/single-partition-ext4.nix # ../2configs/iodined.nix - # Reaktor - ../2configs/Reaktor/simpleExtend.nix ]; + krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; - krebs.Reaktor.enable = true; + # Hardware + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ]; + boot.kernelModules = [ "kvm-intel" ]; - # prepare graphs - krebs.nginx.enable = true; + # Network + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" + ''; networking = { - firewall.allowPing = true; - firewall.allowedTCPPorts = [ 80 443 655 ]; - firewall.allowedUDPPorts = [ 655 ]; - interfaces.enp2s1.ip4 = [{ + firewall = { + allowPing = true; + allowedTCPPorts = [ + # smtp + 25 + # http + 80 443 + # tinc + 655 + ]; + allowedUDPPorts = [ + # tinc + 655 53 + ]; + }; + interfaces.et0.ip4 = [{ address = external-ip; prefixLength = 24; }]; @@ -34,5 +51,4 @@ in { nameservers = [ "8.8.8.8" ]; }; - # based on ../../tv/2configs/CAC-Developer-2.nix } |