summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lass@blue.r>2018-06-28 00:12:11 +0200
committerlassulus <lass@blue.r>2018-06-28 00:12:11 +0200
commit370c2b511e1293e6112814c88ab8b93cac14ae2a (patch)
tree207dbd0f0d84809a56d676fcb15ff6f8205a643d
parentdac47a8abdedda4863b56cb83941e9e16929669b (diff)
parent4d07a747298fca730ba42f29e3f054be390dbab6 (diff)
Merge remote-tracking branch 'prism/makefu'
-rw-r--r--krebs/1systems/onebutton/config.nix30
-rw-r--r--krebs/1systems/onebutton/source.nix2
-rw-r--r--krebs/3modules/makefu/default.nix32
-rw-r--r--makefu/1systems/gum/config.nix53
-rw-r--r--makefu/1systems/gum/hardware-config.nix46
-rw-r--r--makefu/1systems/kexec/config.nix25
-rw-r--r--makefu/1systems/kexec/source.nix3
-rw-r--r--makefu/1systems/nextgum/config.nix247
-rw-r--r--makefu/1systems/nextgum/hardware-config.nix80
-rw-r--r--makefu/1systems/nextgum/source.nix5
-rw-r--r--makefu/1systems/nextgum/transfer-config.nix7
-rw-r--r--makefu/source.nix4
12 files changed, 494 insertions, 40 deletions
diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix
index dca00a206..b87aef5a3 100644
--- a/krebs/1systems/onebutton/config.nix
+++ b/krebs/1systems/onebutton/config.nix
@@ -16,6 +16,36 @@
services.nixosManual.enable = false;
services.journald.extraConfig = "SystemMaxUse=50M";
}
+ {
+ systemd.services.mpc-booter = let
+ mpc = "${pkgs.mpc_cli}/bin/mpc -h mpd.shack -p 6600";
+ url = "http://lassul.us:8000/radio.ogg";
+ say = pkgs.writeDash "say" ''
+ tmpfile=$(${pkgs.coreutils}/bin/mktemp)
+ echo "$@" > $tmpfile
+ ${pkgs.curl}/bin/curl -i -H "content-type: text/plain" -X POST -d "@$tmpfile" gobbelz.shack/say/
+ rm "$tmpfile"
+ '';
+ in {
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network-online.target" ];
+ serviceConfig = {
+ RemainAfterExit = "yes";
+ Type = "oneshot";
+ ExecStart = pkgs.writeDash "mpc-boot" ''
+ until ${mpc} stats;do
+ echo "waiting for mpd.shack to appear"
+ sleep 1
+ done
+ ${say} "Willkommen im Shack wertes Mitglied"
+
+ ${say} "Lassulus Super Radio wurde gestartet"
+ ${mpc} add ${url}
+ ${mpc} play
+ '';
+ };
+ };
+ }
];
krebs.build.host = config.krebs.hosts.onebutton;
# NixOS wants to enable GRUB by default
diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix
index 8f25881c9..6842bfaab 100644
--- a/krebs/1systems/onebutton/source.nix
+++ b/krebs/1systems/onebutton/source.nix
@@ -4,7 +4,7 @@ let
nixpkgs = pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs-channels";
- rev = "6c064e6b"; # only binary cache for unstable arm6
+ rev = "nixos-unstable"; # only binary cache for unstable arm6
sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd";
};
in import <stockholm/krebs/source.nix> {
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index d7a750c6e..c5404f96d 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -520,6 +520,38 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr";
};
+ nextgum = rec {
+ ci = true;
+ cores = 8;
+ nets = rec {
+ internet = {
+ ip4.addr = "144.76.26.247";
+ ip6.addr = "2a01:4f8:191:12f6::2";
+ aliases = [
+ "nextgum.i"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ ip4.addr = "10.243.0.213";
+ ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3";
+ aliases = [
+ "nextgum.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAucCebFmS96WorD+Br4UQudmAhMlLpacErjwA/u2argBTT2nGHTR8
+ aN4e0xf3IYLA+iogLIW/JuQfKLe8evEK21iZ3jleW8N7mbCulhasi/0lqWlirrpO
+ npJAiSNF1m7ijoylkEKxtmehze+8ojprUT2hx1ImMlHMWGxvs+TmBbZBMgxAGMJh
+ 6cMMDJQi+4d9XrJQ3+XUVK3MkviLA91oIAXsLdFptL6b12siUaz4StQXDJUHemBF
+ 3ZwlO+W2Es69ifEhmV6NaDDRcSRdChGbHTz1OU8wYaFNaxWla/iprQQ+jEUldpcN
+ VC18QGYRUAgZ0PCIpKurjWNehJFB3zXt+wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
+ };
gum = rec {
ci = true;
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 9b6d9d571..998ecd0fb 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -2,28 +2,13 @@
with import <stockholm/lib>;
let
- # hw-specific
- external-mac = "2a:c5:6e:d2:fc:7f";
- main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
- external-gw = "185.194.140.1";
- # single partition, label "nixos"
- # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
-
-
- # static
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
- external-ip6 = config.krebs.build.host.nets.internet.ip6.addr;
- external-gw6 = "fe80::1";
- external-netmask = 22;
- external-netmask6 = 64;
- internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
- ext-if = "et0"; # gets renamed on the fly
+ ext-if = config.makefu.server.primary-itf;
in {
imports = [
<stockholm/makefu>
- <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+ ./hardware-config.nix
<stockholm/makefu/2configs/headless.nix>
- <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
# <stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
@@ -49,6 +34,7 @@ in {
# <stockholm/makefu/2configs/sabnzbd.nix>
<stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/mosh.nix>
+ # <stockholm/makefu/2configs/retroshare.nix>
# network
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
@@ -90,6 +76,15 @@ in {
<stockholm/makefu/2configs/syncthing.nix>
# <stockholm/makefu/2configs/opentracker.nix>
+ <stockholm/makefu/2configs/hub.nix>
+ { # ncdc
+ environment.systemPackages = [ pkgs.ncdc ];
+ networking.firewall = {
+ allowedUDPPorts = [ 51411 ];
+ allowedTCPPorts = [ 51411 ];
+ };
+ }
+
<stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/logging/client.nix>
@@ -187,7 +182,6 @@ in {
];
};
- makefu.server.primary-itf = ext-if;
# access
users.users = {
@@ -200,6 +194,7 @@ in {
weechat
bepasty-client-cli
get
+ tmux
];
services.bitlbee = {
enable = true;
@@ -207,15 +202,8 @@ in {
};
# Hardware
- boot.loader.grub.device = main-disk;
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
- boot.kernelModules = [ "kvm-intel" ];
# Network
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
- '';
- boot.kernelParams = [ ];
networking = {
firewall = {
allowPing = true;
@@ -249,19 +237,8 @@ in {
21032
];
};
- interfaces."${ext-if}" = {
- ip4 = [{
- address = external-ip;
- prefixLength = external-netmask;
- }];
- ip6 = [{
- address = external-ip6;
- prefixLength = external-netmask6;
- }];
- };
- defaultGateway6 = external-gw6;
- defaultGateway = external-gw;
nameservers = [ "8.8.8.8" ];
};
-
+ users.users.makefu.extraGroups = [ "download" "nginx" ];
+ boot.tmpOnTmpfs = true;
}
diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix
new file mode 100644
index 000000000..a40709169
--- /dev/null
+++ b/makefu/1systems/gum/hardware-config.nix
@@ -0,0 +1,46 @@
+{ config, ... }:
+let
+ external-mac = "2a:c5:6e:d2:fc:7f";
+ main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
+ external-gw = "185.194.140.1";
+ # single partition, label "nixos"
+ # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
+
+
+ # static
+ external-ip = config.krebs.build.host.nets.internet.ip4.addr;
+ external-ip6 = config.krebs.build.host.nets.internet.ip6.addr;
+ external-gw6 = "fe80::1";
+ external-netmask = 22;
+ external-netmask6 = 64;
+ internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+ ext-if = "et0"; # gets renamed on the fly
+in {
+ imports = [
+ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+ <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
+ ];
+
+ makefu.server.primary-itf = ext-if;
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
+ '';
+ networking = {
+ interfaces."${ext-if}" = {
+ ipv4.addresses = [{
+ address = external-ip;
+ prefixLength = external-netmask;
+ }];
+ ipv6.addresses = [{
+ address = external-ip6;
+ prefixLength = external-netmask6;
+ }];
+ };
+ defaultGateway6 = external-gw6;
+ defaultGateway = external-gw;
+ };
+ boot.kernelParams = [ ];
+ boot.loader.grub.device = main-disk;
+ boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
+ boot.kernelModules = [ "kvm-intel" ];
+}
diff --git a/makefu/1systems/kexec/config.nix b/makefu/1systems/kexec/config.nix
new file mode 100644
index 000000000..5bf19f978
--- /dev/null
+++ b/makefu/1systems/kexec/config.nix
@@ -0,0 +1,25 @@
+{ config, pkgs, lib, ... }:
+
+with import <stockholm/lib>;
+{
+ imports = [
+ <stockholm/makefu>
+ # <stockholm/makefu/2configs/tools/core.nix>
+ <nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix>
+ <clever_kexec/kexec/kexec.nix>
+ ];
+ # cd ~/stockholm ; nix-build '<nixpkgs/nixos>' -A config.system.build.kexec_tarball -j 4 -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso
+
+ krebs.build.host = config.krebs.hosts.iso;
+ krebs.hidden-ssh.enable = true;
+ environment.extraInit = ''
+ EDITOR=vim
+ '';
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ };
+ systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
+}
diff --git a/makefu/1systems/kexec/source.nix b/makefu/1systems/kexec/source.nix
new file mode 100644
index 000000000..e200dbfd2
--- /dev/null
+++ b/makefu/1systems/kexec/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/makefu/source.nix> {
+ name="iso";
+}
diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix
new file mode 100644
index 000000000..a23ccf7b2
--- /dev/null
+++ b/makefu/1systems/nextgum/config.nix
@@ -0,0 +1,247 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ external-ip = config.krebs.build.host.nets.internet.ip4.addr;
+ ext-if = config.makefu.server.primary-itf;
+in {
+ imports = [
+ <stockholm/makefu>
+ ./hardware-config.nix
+ ./transfer-config.nix
+ <stockholm/makefu/2configs/headless.nix>
+ # <stockholm/makefu/2configs/smart-monitor.nix>
+
+ # Security
+ <stockholm/makefu/2configs/sshd-totp.nix>
+
+ # Tools
+ <stockholm/makefu/2configs/tools/core.nix>
+ <stockholm/makefu/2configs/tools/dev.nix>
+ <stockholm/makefu/2configs/tools/sec.nix>
+ <stockholm/makefu/2configs/vim.nix>
+ <stockholm/makefu/2configs/zsh-user.nix>
+ <stockholm/makefu/2configs/mosh.nix>
+
+ <stockholm/makefu/2configs/git/cgit-retiolum.nix>
+ <stockholm/makefu/2configs/backup.nix>
+ <stockholm/makefu/2configs/exim-retiolum.nix>
+ <stockholm/makefu/2configs/tinc/retiolum.nix>
+ # services
+ <stockholm/makefu/2configs/sabnzbd.nix>
+
+ # sharing
+ <stockholm/makefu/2configs/share/gum.nix>
+ <stockholm/makefu/2configs/torrent.nix>
+ #<stockholm/makefu/2configs/retroshare.nix>
+ ## <stockholm/makefu/2configs/ipfs.nix>
+ #<stockholm/makefu/2configs/syncthing.nix>
+ { # ncdc
+ environment.systemPackages = [ pkgs.ncdc ];
+ networking.firewall = {
+ allowedUDPPorts = [ 51411 ];
+ allowedTCPPorts = [ 51411 ];
+ };
+ }
+ # <stockholm/makefu/2configs/opentracker.nix>
+
+ ## network
+ <stockholm/makefu/2configs/vpn/openvpn-server.nix>
+ # <stockholm/makefu/2configs/vpn/vpnws/server.nix>
+ <stockholm/makefu/2configs/dnscrypt/server.nix>
+ <stockholm/makefu/2configs/iodined.nix>
+
+ ## buildbot
+ #<stockholm/makefu/2configs/remote-build/slave.nix>
+
+ # Removed until move: no extra mails
+ # <stockholm/makefu/2configs/urlwatch>
+ # Removed until move: avoid double-update of domain
+ # <stockholm/makefu/2configs/hub.nix>
+ # Removed until move: avoid letsencrypt ban
+ ### Web
+ #<stockholm/makefu/2configs/nginx/share-download.nix>
+ #<stockholm/makefu/2configs/nginx/euer.test.nix>
+ #<stockholm/makefu/2configs/nginx/euer.mon.nix>
+ #<stockholm/makefu/2configs/nginx/euer.wiki.nix>
+ #<stockholm/makefu/2configs/nginx/euer.blog.nix>
+ ## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
+ #<stockholm/makefu/2configs/nginx/public_html.nix>
+ #<stockholm/makefu/2configs/nginx/update.connector.one.nix>
+ #<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
+
+ #<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
+ #<stockholm/makefu/2configs/deployment/graphs.nix>
+ #<stockholm/makefu/2configs/deployment/owncloud.nix>
+ #<stockholm/makefu/2configs/deployment/boot-euer.nix>
+ #<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
+
+ {
+ services.taskserver.enable = true;
+ services.taskserver.fqdn = config.krebs.build.host.name;
+ services.taskserver.listenHost = "::";
+ services.taskserver.organisations.home.users = [ "makefu" ];
+ networking.firewall.extraCommands = ''
+ iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
+ ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
+ '';
+ }
+
+
+ <stockholm/makefu/2configs/stats/client.nix>
+ # <stockholm/makefu/2configs/logging/client.nix>
+
+ ## Temporary:
+ # <stockholm/makefu/2configs/temp/rst-issue.nix>
+ <stockholm/makefu/2configs/virtualisation/docker.nix>
+
+ #{
+ # services.dockerRegistry.enable = true;
+ # networking.firewall.allowedTCPPorts = [ 8443 ];
+
+ # services.nginx.virtualHosts."euer.krebsco.de" = {
+ # forceSSL = true;
+ # enableACME = true;
+ # extraConfig = ''
+ # client_max_body_size 1000M;
+ # '';
+ # locations."/".proxyPass = "http://localhost:5000";
+ # };
+ #}
+ { # wireguard server
+
+ # opkg install wireguard luci-proto-wireguard
+
+ # TODO: networking.nat
+
+ # boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+ # conf.all.proxy_arp =1
+ networking.firewall = {
+ allowedUDPPorts = [ 51820 ];
+ extraCommands = ''
+ iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
+ '';
+ };
+
+ networking.wireguard.interfaces.wg0 = {
+ ips = [ "10.244.0.1/24" ];
+ listenPort = 51820;
+ privateKeyFile = (toString <secrets>) + "/wireguard.key";
+ allowedIPsAsRoutes = true;
+ peers = [
+ {
+ # x
+ allowedIPs = [ "10.244.0.2/32" ];
+ publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
+ }
+ {
+ # vbob
+ allowedIPs = [ "10.244.0.3/32" ];
+ publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
+ }
+ {
+ # x-test
+ allowedIPs = [ "10.244.0.4/32" ];
+ publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
+ }
+ {
+ # work-router
+ allowedIPs = [ "10.244.0.5/32" ];
+ publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
+ }
+ {
+ # workr
+ allowedIPs = [ "10.244.0.6/32" ];
+ publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
+ }
+ ];
+ };
+ }
+ { # iperf3
+ networking.firewall.allowedUDPPorts = [ 5201 ];
+ networking.firewall.allowedTCPPorts = [ 5201 ];
+ }
+
+ ];
+ makefu.dl-dir = "/var/download";
+
+ services.openssh.hostKeys = [
+ { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
+ { path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
+ ###### stable
+ services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
+ krebs.build.host = config.krebs.hosts.gum;
+
+ krebs.tinc.retiolum = {
+ extraConfig = ''
+ ListenAddress = ${external-ip} 53
+ ListenAddress = ${external-ip} 655
+ ListenAddress = ${external-ip} 21031
+ '';
+ connectTo = [
+ "muhbaasu" "tahoe" "flap" "wry"
+ "ni"
+ "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
+ ];
+ };
+
+
+ # access
+ users.users = {
+ root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
+ makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ];
+ };
+
+ # Chat
+ environment.systemPackages = with pkgs;[
+ weechat
+ bepasty-client-cli
+ get
+ tmux
+ ];
+ services.bitlbee = {
+ enable = true;
+ libpurple_plugins = [ pkgs.telegram-purple ];
+ };
+
+ # Hardware
+
+ # Network
+ networking = {
+ firewall = {
+ allowPing = true;
+ logRefusedConnections = false;
+ allowedTCPPorts = [
+ # smtp
+ 25
+ # http
+ 80 443
+ # httptunnel
+ 8080 8443
+ # tinc
+ 655
+ # tinc-shack
+ 21032
+ # tinc-retiolum
+ 21031
+ # taskserver
+ 53589
+ # temp vnc
+ 18001
+ # temp reverseshell
+ 31337
+ ];
+ allowedUDPPorts = [
+ # tinc
+ 655 53
+ # tinc-retiolum
+ 21031
+ # tinc-shack
+ 21032
+ ];
+ };
+ nameservers = [ "8.8.8.8" ];
+ };
+ users.users.makefu.extraGroups = [ "download" "nginx" ];
+ boot.tmpOnTmpfs = true;
+}
diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix
new file mode 100644
index 000000000..36fea6544
--- /dev/null
+++ b/makefu/1systems/nextgum/hardware-config.nix
@@ -0,0 +1,80 @@
+{ config, ... }:
+let
+ external-mac = "50:46:5d:9f:63:6b";
+ main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
+ sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
+ external-gw = "144.76.26.225";
+ # single partition, label "nixos"
+ # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
+
+
+ # static
+ external-ip = "144.76.26.247";
+ external-ip6 = "2a01:4f8:191:12f6::2";
+ external-gw6 = "fe80::1";
+ external-netmask = 27;
+ external-netmask6 = 64;
+ internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+ ext-if = "et0"; # gets renamed on the fly
+in {
+ imports = [
+ ];
+ makefu.server.primary-itf = ext-if;
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
+ '';
+ networking = {
+ interfaces."${ext-if}" = {
+ ipv4.addresses = [{
+ address = external-ip;
+ prefixLength = external-netmask;
+ }];
+ ipv6.addresses = [{
+ address = external-ip6;
+ prefixLength = external-netmask6;
+ }];
+ };
+ defaultGateway6 = external-gw6;
+ defaultGateway = external-gw;
+ };
+ boot.kernelParams = [ ];
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.devices = [ main-disk ];
+ boot.initrd.availableKernelModules = [
+ "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
+ "xhci_pci" "ehci_pci" "ahci" "sd_mod"
+ ];
+ boot.kernelModules = [ "kvm-intel" ];
+ hardware.enableRedistributableFirmware = true;
+ fileSystems."/" = {
+ device = "/dev/mapper/nixos-root";
+ fsType = "ext4";
+ };
+ fileSystems."/boot" = {
+ device = "/dev/sda2";
+ fsType = "vfat";
+ };
+ # parted -s -a optimal "$disk" \
+ # mklabel gpt \
+ # mkpart no-fs 0 1024KiB \
+ # set 1 bios_grub on \
+ # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
+ # mkpart primary 1025MiB 100%
+ # parted -s -a optimal "/dev/sdb" \
+ # mklabel gpt \
+ # mkpart primary 1M 100%
+
+ #mkfs.vfat /dev/sda2
+ #pvcreate /dev/sda3
+ #pvcreate /dev/sdb1
+ #vgcreate nixos /dev/sda3 /dev/sdb1
+ #lvcreate -L 120G -n root nixos
+ #mkfs.ext4 /dev/mapper/nixos-root
+ #mount /dev/mapper/nixos-root /mnt
+ #mkdir /mnt/boot
+ #mount /dev/sda2 /mnt/boot
+ #mkdir -p /mnt/var/src
+ #touch /mnt/var/src/.populate
+
+}
diff --git a/makefu/1systems/nextgum/source.nix b/makefu/1systems/nextgum/source.nix
new file mode 100644
index 000000000..413889c47
--- /dev/null
+++ b/makefu/1systems/nextgum/source.nix
@@ -0,0 +1,5 @@
+import <stockholm/makefu/source.nix> {
+ name="nextgum";
+ torrent = true;
+ clever_kexec = true;
+}
diff --git a/makefu/1systems/nextgum/transfer-config.nix b/makefu/1systems/nextgum/transfer-config.nix
new file mode 100644
index 000000000..92df60195
--- /dev/null
+++ b/makefu/1systems/nextgum/transfer-config.nix
@@ -0,0 +1,7 @@
+{ config, lib, ... }:
+# configuration which is only required for the time of the transfer
+{
+ krebs.tinc.retiolum.connectTo = [ "gum" ];
+ krebs.build.host = lib.mkForce config.krebs.hosts.nextgum;
+}
+
diff --git a/makefu/source.nix b/makefu/source.nix
index ecc4dddf0..c1e291b8a 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -24,9 +24,11 @@ let
];
};
# TODO: automate updating of this ref + cherry-picks
- ref = "60b6ab055ad"; # nixos-18.03 @ 2018-05-31
+ ref = "ef4c5fbf5c2"; # nixos-18.03 @ 2018-05-31
# + do_sqlite3 ruby: 55a952be5b5
# + exfat-nofuse bump: ee6a5296a35
+ # + uhub/sqlite: 5dd7610401747
+ # + forecastio: f27584df02337
in
evalSource (toString _file) [