diff options
author | lassulus <lass@blue.r> | 2018-06-28 00:12:11 +0200 |
---|---|---|
committer | lassulus <lass@blue.r> | 2018-06-28 00:12:11 +0200 |
commit | 370c2b511e1293e6112814c88ab8b93cac14ae2a (patch) | |
tree | 207dbd0f0d84809a56d676fcb15ff6f8205a643d | |
parent | dac47a8abdedda4863b56cb83941e9e16929669b (diff) | |
parent | 4d07a747298fca730ba42f29e3f054be390dbab6 (diff) |
Merge remote-tracking branch 'prism/makefu'
-rw-r--r-- | krebs/1systems/onebutton/config.nix | 30 | ||||
-rw-r--r-- | krebs/1systems/onebutton/source.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/makefu/default.nix | 32 | ||||
-rw-r--r-- | makefu/1systems/gum/config.nix | 53 | ||||
-rw-r--r-- | makefu/1systems/gum/hardware-config.nix | 46 | ||||
-rw-r--r-- | makefu/1systems/kexec/config.nix | 25 | ||||
-rw-r--r-- | makefu/1systems/kexec/source.nix | 3 | ||||
-rw-r--r-- | makefu/1systems/nextgum/config.nix | 247 | ||||
-rw-r--r-- | makefu/1systems/nextgum/hardware-config.nix | 80 | ||||
-rw-r--r-- | makefu/1systems/nextgum/source.nix | 5 | ||||
-rw-r--r-- | makefu/1systems/nextgum/transfer-config.nix | 7 | ||||
-rw-r--r-- | makefu/source.nix | 4 |
12 files changed, 494 insertions, 40 deletions
diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix index dca00a206..b87aef5a3 100644 --- a/krebs/1systems/onebutton/config.nix +++ b/krebs/1systems/onebutton/config.nix @@ -16,6 +16,36 @@ services.nixosManual.enable = false; services.journald.extraConfig = "SystemMaxUse=50M"; } + { + systemd.services.mpc-booter = let + mpc = "${pkgs.mpc_cli}/bin/mpc -h mpd.shack -p 6600"; + url = "http://lassul.us:8000/radio.ogg"; + say = pkgs.writeDash "say" '' + tmpfile=$(${pkgs.coreutils}/bin/mktemp) + echo "$@" > $tmpfile + ${pkgs.curl}/bin/curl -i -H "content-type: text/plain" -X POST -d "@$tmpfile" gobbelz.shack/say/ + rm "$tmpfile" + ''; + in { + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + serviceConfig = { + RemainAfterExit = "yes"; + Type = "oneshot"; + ExecStart = pkgs.writeDash "mpc-boot" '' + until ${mpc} stats;do + echo "waiting for mpd.shack to appear" + sleep 1 + done + ${say} "Willkommen im Shack wertes Mitglied" + + ${say} "Lassulus Super Radio wurde gestartet" + ${mpc} add ${url} + ${mpc} play + ''; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.onebutton; # NixOS wants to enable GRUB by default diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix index 8f25881c9..6842bfaab 100644 --- a/krebs/1systems/onebutton/source.nix +++ b/krebs/1systems/onebutton/source.nix @@ -4,7 +4,7 @@ let nixpkgs = pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; - rev = "6c064e6b"; # only binary cache for unstable arm6 + rev = "nixos-unstable"; # only binary cache for unstable arm6 sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; }; in import <stockholm/krebs/source.nix> { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index d7a750c6e..c5404f96d 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -520,6 +520,38 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr"; }; + nextgum = rec { + ci = true; + cores = 8; + nets = rec { + internet = { + ip4.addr = "144.76.26.247"; + ip6.addr = "2a01:4f8:191:12f6::2"; + aliases = [ + "nextgum.i" + ]; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.0.213"; + ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3"; + aliases = [ + "nextgum.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAucCebFmS96WorD+Br4UQudmAhMlLpacErjwA/u2argBTT2nGHTR8 + aN4e0xf3IYLA+iogLIW/JuQfKLe8evEK21iZ3jleW8N7mbCulhasi/0lqWlirrpO + npJAiSNF1m7ijoylkEKxtmehze+8ojprUT2hx1ImMlHMWGxvs+TmBbZBMgxAGMJh + 6cMMDJQi+4d9XrJQ3+XUVK3MkviLA91oIAXsLdFptL6b12siUaz4StQXDJUHemBF + 3ZwlO+W2Es69ifEhmV6NaDDRcSRdChGbHTz1OU8wYaFNaxWla/iprQQ+jEUldpcN + VC18QGYRUAgZ0PCIpKurjWNehJFB3zXt+wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; + }; gum = rec { ci = true; diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 9b6d9d571..998ecd0fb 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -2,28 +2,13 @@ with import <stockholm/lib>; let - # hw-specific - external-mac = "2a:c5:6e:d2:fc:7f"; - main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; - external-gw = "185.194.140.1"; - # single partition, label "nixos" - # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate - - - # static external-ip = config.krebs.build.host.nets.internet.ip4.addr; - external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; - external-gw6 = "fe80::1"; - external-netmask = 22; - external-netmask6 = 64; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - ext-if = "et0"; # gets renamed on the fly + ext-if = config.makefu.server.primary-itf; in { imports = [ <stockholm/makefu> - <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + ./hardware-config.nix <stockholm/makefu/2configs/headless.nix> - <stockholm/makefu/2configs/fs/single-partition-ext4.nix> # <stockholm/makefu/2configs/smart-monitor.nix> <stockholm/makefu/2configs/git/cgit-retiolum.nix> @@ -49,6 +34,7 @@ in { # <stockholm/makefu/2configs/sabnzbd.nix> <stockholm/makefu/2configs/torrent.nix> <stockholm/makefu/2configs/mosh.nix> + # <stockholm/makefu/2configs/retroshare.nix> # network <stockholm/makefu/2configs/vpn/openvpn-server.nix> @@ -90,6 +76,15 @@ in { <stockholm/makefu/2configs/syncthing.nix> # <stockholm/makefu/2configs/opentracker.nix> + <stockholm/makefu/2configs/hub.nix> + { # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; + } + <stockholm/makefu/2configs/stats/client.nix> # <stockholm/makefu/2configs/logging/client.nix> @@ -187,7 +182,6 @@ in { ]; }; - makefu.server.primary-itf = ext-if; # access users.users = { @@ -200,6 +194,7 @@ in { weechat bepasty-client-cli get + tmux ]; services.bitlbee = { enable = true; @@ -207,15 +202,8 @@ in { }; # Hardware - boot.loader.grub.device = main-disk; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; # Network - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" - ''; - boot.kernelParams = [ ]; networking = { firewall = { allowPing = true; @@ -249,19 +237,8 @@ in { 21032 ]; }; - interfaces."${ext-if}" = { - ip4 = [{ - address = external-ip; - prefixLength = external-netmask; - }]; - ip6 = [{ - address = external-ip6; - prefixLength = external-netmask6; - }]; - }; - defaultGateway6 = external-gw6; - defaultGateway = external-gw; nameservers = [ "8.8.8.8" ]; }; - + users.users.makefu.extraGroups = [ "download" "nginx" ]; + boot.tmpOnTmpfs = true; } diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix new file mode 100644 index 000000000..a40709169 --- /dev/null +++ b/makefu/1systems/gum/hardware-config.nix @@ -0,0 +1,46 @@ +{ config, ... }: +let + external-mac = "2a:c5:6e:d2:fc:7f"; + main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; + external-gw = "185.194.140.1"; + # single partition, label "nixos" + # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate + + + # static + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; + external-gw6 = "fe80::1"; + external-netmask = 22; + external-netmask6 = 64; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + ext-if = "et0"; # gets renamed on the fly +in { + imports = [ + <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + <stockholm/makefu/2configs/fs/single-partition-ext4.nix> + ]; + + makefu.server.primary-itf = ext-if; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" + ''; + networking = { + interfaces."${ext-if}" = { + ipv4.addresses = [{ + address = external-ip; + prefixLength = external-netmask; + }]; + ipv6.addresses = [{ + address = external-ip6; + prefixLength = external-netmask6; + }]; + }; + defaultGateway6 = external-gw6; + defaultGateway = external-gw; + }; + boot.kernelParams = [ ]; + boot.loader.grub.device = main-disk; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; +} diff --git a/makefu/1systems/kexec/config.nix b/makefu/1systems/kexec/config.nix new file mode 100644 index 000000000..5bf19f978 --- /dev/null +++ b/makefu/1systems/kexec/config.nix @@ -0,0 +1,25 @@ +{ config, pkgs, lib, ... }: + +with import <stockholm/lib>; +{ + imports = [ + <stockholm/makefu> + # <stockholm/makefu/2configs/tools/core.nix> + <nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix> + <clever_kexec/kexec/kexec.nix> + ]; + # cd ~/stockholm ; nix-build '<nixpkgs/nixos>' -A config.system.build.kexec_tarball -j 4 -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso + + krebs.build.host = config.krebs.hosts.iso; + krebs.hidden-ssh.enable = true; + environment.extraInit = '' + EDITOR=vim + ''; + services.openssh = { + enable = true; + hostKeys = [ + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; +} diff --git a/makefu/1systems/kexec/source.nix b/makefu/1systems/kexec/source.nix new file mode 100644 index 000000000..e200dbfd2 --- /dev/null +++ b/makefu/1systems/kexec/source.nix @@ -0,0 +1,3 @@ +import <stockholm/makefu/source.nix> { + name="iso"; +} diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix new file mode 100644 index 000000000..a23ccf7b2 --- /dev/null +++ b/makefu/1systems/nextgum/config.nix @@ -0,0 +1,247 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + ext-if = config.makefu.server.primary-itf; +in { + imports = [ + <stockholm/makefu> + ./hardware-config.nix + ./transfer-config.nix + <stockholm/makefu/2configs/headless.nix> + # <stockholm/makefu/2configs/smart-monitor.nix> + + # Security + <stockholm/makefu/2configs/sshd-totp.nix> + + # Tools + <stockholm/makefu/2configs/tools/core.nix> + <stockholm/makefu/2configs/tools/dev.nix> + <stockholm/makefu/2configs/tools/sec.nix> + <stockholm/makefu/2configs/vim.nix> + <stockholm/makefu/2configs/zsh-user.nix> + <stockholm/makefu/2configs/mosh.nix> + + <stockholm/makefu/2configs/git/cgit-retiolum.nix> + <stockholm/makefu/2configs/backup.nix> + <stockholm/makefu/2configs/exim-retiolum.nix> + <stockholm/makefu/2configs/tinc/retiolum.nix> + # services + <stockholm/makefu/2configs/sabnzbd.nix> + + # sharing + <stockholm/makefu/2configs/share/gum.nix> + <stockholm/makefu/2configs/torrent.nix> + #<stockholm/makefu/2configs/retroshare.nix> + ## <stockholm/makefu/2configs/ipfs.nix> + #<stockholm/makefu/2configs/syncthing.nix> + { # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; + } + # <stockholm/makefu/2configs/opentracker.nix> + + ## network + <stockholm/makefu/2configs/vpn/openvpn-server.nix> + # <stockholm/makefu/2configs/vpn/vpnws/server.nix> + <stockholm/makefu/2configs/dnscrypt/server.nix> + <stockholm/makefu/2configs/iodined.nix> + + ## buildbot + #<stockholm/makefu/2configs/remote-build/slave.nix> + + # Removed until move: no extra mails + # <stockholm/makefu/2configs/urlwatch> + # Removed until move: avoid double-update of domain + # <stockholm/makefu/2configs/hub.nix> + # Removed until move: avoid letsencrypt ban + ### Web + #<stockholm/makefu/2configs/nginx/share-download.nix> + #<stockholm/makefu/2configs/nginx/euer.test.nix> + #<stockholm/makefu/2configs/nginx/euer.mon.nix> + #<stockholm/makefu/2configs/nginx/euer.wiki.nix> + #<stockholm/makefu/2configs/nginx/euer.blog.nix> + ## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix> + #<stockholm/makefu/2configs/nginx/public_html.nix> + #<stockholm/makefu/2configs/nginx/update.connector.one.nix> + #<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix> + + #<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> + #<stockholm/makefu/2configs/deployment/graphs.nix> + #<stockholm/makefu/2configs/deployment/owncloud.nix> + #<stockholm/makefu/2configs/deployment/boot-euer.nix> + #<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix> + + { + services.taskserver.enable = true; + services.taskserver.fqdn = config.krebs.build.host.name; + services.taskserver.listenHost = "::"; + services.taskserver.organisations.home.users = [ "makefu" ]; + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ''; + } + + + <stockholm/makefu/2configs/stats/client.nix> + # <stockholm/makefu/2configs/logging/client.nix> + + ## Temporary: + # <stockholm/makefu/2configs/temp/rst-issue.nix> + <stockholm/makefu/2configs/virtualisation/docker.nix> + + #{ + # services.dockerRegistry.enable = true; + # networking.firewall.allowedTCPPorts = [ 8443 ]; + + # services.nginx.virtualHosts."euer.krebsco.de" = { + # forceSSL = true; + # enableACME = true; + # extraConfig = '' + # client_max_body_size 1000M; + # ''; + # locations."/".proxyPass = "http://localhost:5000"; + # }; + #} + { # wireguard server + + # opkg install wireguard luci-proto-wireguard + + # TODO: networking.nat + + # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + # conf.all.proxy_arp =1 + networking.firewall = { + allowedUDPPorts = [ 51820 ]; + extraCommands = '' + iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE + ''; + }; + + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.1/24" ]; + listenPort = 51820; + privateKeyFile = (toString <secrets>) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [ + { + # x + allowedIPs = [ "10.244.0.2/32" ]; + publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + } + { + # vbob + allowedIPs = [ "10.244.0.3/32" ]; + publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; + } + { + # x-test + allowedIPs = [ "10.244.0.4/32" ]; + publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; + } + { + # work-router + allowedIPs = [ "10.244.0.5/32" ]; + publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; + } + { + # workr + allowedIPs = [ "10.244.0.6/32" ]; + publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; + } + ]; + }; + } + { # iperf3 + networking.firewall.allowedUDPPorts = [ 5201 ]; + networking.firewall.allowedTCPPorts = [ 5201 ]; + } + + ]; + makefu.dl-dir = "/var/download"; + + services.openssh.hostKeys = [ + { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; } + { path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ]; + ###### stable + services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; + krebs.build.host = config.krebs.hosts.gum; + + krebs.tinc.retiolum = { + extraConfig = '' + ListenAddress = ${external-ip} 53 + ListenAddress = ${external-ip} 655 + ListenAddress = ${external-ip} 21031 + ''; + connectTo = [ + "muhbaasu" "tahoe" "flap" "wry" + "ni" + "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs" + ]; + }; + + + # access + users.users = { + root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ]; + makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ]; + }; + + # Chat + environment.systemPackages = with pkgs;[ + weechat + bepasty-client-cli + get + tmux + ]; + services.bitlbee = { + enable = true; + libpurple_plugins = [ pkgs.telegram-purple ]; + }; + + # Hardware + + # Network + networking = { + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ + # smtp + 25 + # http + 80 443 + # httptunnel + 8080 8443 + # tinc + 655 + # tinc-shack + 21032 + # tinc-retiolum + 21031 + # taskserver + 53589 + # temp vnc + 18001 + # temp reverseshell + 31337 + ]; + allowedUDPPorts = [ + # tinc + 655 53 + # tinc-retiolum + 21031 + # tinc-shack + 21032 + ]; + }; + nameservers = [ "8.8.8.8" ]; + }; + users.users.makefu.extraGroups = [ "download" "nginx" ]; + boot.tmpOnTmpfs = true; +} diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix new file mode 100644 index 000000000..36fea6544 --- /dev/null +++ b/makefu/1systems/nextgum/hardware-config.nix @@ -0,0 +1,80 @@ +{ config, ... }: +let + external-mac = "50:46:5d:9f:63:6b"; + main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS"; + sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS"; + external-gw = "144.76.26.225"; + # single partition, label "nixos" + # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate + + + # static + external-ip = "144.76.26.247"; + external-ip6 = "2a01:4f8:191:12f6::2"; + external-gw6 = "fe80::1"; + external-netmask = 27; + external-netmask6 = 64; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + ext-if = "et0"; # gets renamed on the fly +in { + imports = [ + ]; + makefu.server.primary-itf = ext-if; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" + ''; + networking = { + interfaces."${ext-if}" = { + ipv4.addresses = [{ + address = external-ip; + prefixLength = external-netmask; + }]; + ipv6.addresses = [{ + address = external-ip6; + prefixLength = external-netmask6; + }]; + }; + defaultGateway6 = external-gw6; + defaultGateway = external-gw; + }; + boot.kernelParams = [ ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.devices = [ main-disk ]; + boot.initrd.availableKernelModules = [ + "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" + "xhci_pci" "ehci_pci" "ahci" "sd_mod" + ]; + boot.kernelModules = [ "kvm-intel" ]; + hardware.enableRedistributableFirmware = true; + fileSystems."/" = { + device = "/dev/mapper/nixos-root"; + fsType = "ext4"; + }; + fileSystems."/boot" = { + device = "/dev/sda2"; + fsType = "vfat"; + }; + # parted -s -a optimal "$disk" \ + # mklabel gpt \ + # mkpart no-fs 0 1024KiB \ + # set 1 bios_grub on \ + # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \ + # mkpart primary 1025MiB 100% + # parted -s -a optimal "/dev/sdb" \ + # mklabel gpt \ + # mkpart primary 1M 100% + + #mkfs.vfat /dev/sda2 + #pvcreate /dev/sda3 + #pvcreate /dev/sdb1 + #vgcreate nixos /dev/sda3 /dev/sdb1 + #lvcreate -L 120G -n root nixos + #mkfs.ext4 /dev/mapper/nixos-root + #mount /dev/mapper/nixos-root /mnt + #mkdir /mnt/boot + #mount /dev/sda2 /mnt/boot + #mkdir -p /mnt/var/src + #touch /mnt/var/src/.populate + +} diff --git a/makefu/1systems/nextgum/source.nix b/makefu/1systems/nextgum/source.nix new file mode 100644 index 000000000..413889c47 --- /dev/null +++ b/makefu/1systems/nextgum/source.nix @@ -0,0 +1,5 @@ +import <stockholm/makefu/source.nix> { + name="nextgum"; + torrent = true; + clever_kexec = true; +} diff --git a/makefu/1systems/nextgum/transfer-config.nix b/makefu/1systems/nextgum/transfer-config.nix new file mode 100644 index 000000000..92df60195 --- /dev/null +++ b/makefu/1systems/nextgum/transfer-config.nix @@ -0,0 +1,7 @@ +{ config, lib, ... }: +# configuration which is only required for the time of the transfer +{ + krebs.tinc.retiolum.connectTo = [ "gum" ]; + krebs.build.host = lib.mkForce config.krebs.hosts.nextgum; +} + diff --git a/makefu/source.nix b/makefu/source.nix index ecc4dddf0..c1e291b8a 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -24,9 +24,11 @@ let ]; }; # TODO: automate updating of this ref + cherry-picks - ref = "60b6ab055ad"; # nixos-18.03 @ 2018-05-31 + ref = "ef4c5fbf5c2"; # nixos-18.03 @ 2018-05-31 # + do_sqlite3 ruby: 55a952be5b5 # + exfat-nofuse bump: ee6a5296a35 + # + uhub/sqlite: 5dd7610401747 + # + forecastio: f27584df02337 in evalSource (toString _file) [ |