diff options
author | tv <tv@shackspace.de> | 2015-08-13 17:09:56 +0200 |
---|---|---|
committer | tv <tv@shackspace.de> | 2015-08-13 17:09:56 +0200 |
commit | a33f90358d0f57025daddb0ae41d65707fb34cf3 (patch) | |
tree | 7f91c889c45fd8995af98d91b0670fb0e90b1d53 /makefu/1systems | |
parent | 9f92ba455c4b13f4d960bae65cd577c9aad30dc4 (diff) | |
parent | 4366ffd6c5d401e3719a588f5ac98365aef8bd89 (diff) |
Merge remote-tracking branch 'pnp/master'
Diffstat (limited to 'makefu/1systems')
-rw-r--r-- | makefu/1systems/pnp.nix | 48 | ||||
-rw-r--r-- | makefu/1systems/tsp.nix | 84 |
2 files changed, 22 insertions, 110 deletions
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index 549658983..6693dc066 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -10,6 +10,9 @@ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ../2configs/base.nix ../2configs/cgit-retiolum.nix + ../2configs/graphite-standalone.nix + ../2configs/vm-single-partition.nix + ../2configs/tinc-basic-retiolum.nix ]; krebs.build.host = config.krebs.hosts.pnp; krebs.build.user = config.krebs.users.makefu; @@ -20,45 +23,14 @@ url = https://github.com/NixOS/nixpkgs; rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; }; - secrets = { - url = "/home/makefu/secrets/${config.krebs.build.host.name}"; - }; - stockholm = { - url = toString ../..; - }; }; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/vda"; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - hardware.enableAllFirmware = true; - hardware.cpu.amd.updateMicrocode = true; + networking.firewall.allowedTCPPorts = [ + # nginx runs on 80 + # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp + 80 + 8080 2003 + ]; + networking.firewall.allowedUDPPorts = [ 2003 ]; -# networking.firewall is enabled by default - networking.firewall.allowedTCPPorts = [ 80 ]; - networking.firewall.rejectPackets = true; - networking.firewall.allowPing = true; - - fileSystems."/" = - { device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; - krebs.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "gum" - "pigstarter" - "fastpoke" - ]; - }; - -# $ nix-env -qaP | grep wget - environment.systemPackages = with pkgs; [ - jq - ]; } diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index 3de2d300c..f19dbfea6 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -1,7 +1,6 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - +# +# +# { config, pkgs, ... }: { @@ -9,82 +8,23 @@ [ # Include the results of the hardware scan. ../2configs/base.nix ../2configs/base-gui.nix + ../2configs/tinc-basic-retiolum.nix + ../2configs/sda-crypto-root.nix + # hardware specifics are in here + ../2configs/tp-x200.nix ]; - services.xserver = { - videoDriver = "intel"; - }; + # not working in vm krebs.build.host = config.krebs.hosts.tsp; krebs.build.user = config.krebs.users.makefu; krebs.build.target = "root@tsp"; krebs.build.deps = { nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; - }; - # TODO generalize in base.nix - secrets = { - url = "/home/makefu/secrets/${config.krebs.build.host.name}"; - }; - # TODO generalize in base.nix - stockholm = { - url = toString ../..; - }; - }; - - krebs.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "gum" - "pigstarter" - "fastpoke" - ]; - }; - - boot = { - #x200 specifics - kernelModules = [ "tp_smapi" "msr" ]; - extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; - - loader.grub.enable =true; - loader.grub.version =2; - loader.grub.device = "/dev/sda"; - - # crypto boot - # TODO: use UUID - initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}]; - initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - }; - fileSystems = { - "/" = { - device = "/dev/mapper/luksroot"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/disk/by-label/nixboot"; - fsType = "ext4"; + #url = https://github.com/NixOS/nixpkgs; + # rev=$(curl https://nixos.org/channels/nixos-unstable/git-revision -L) + url = https://github.com/makefu/nixpkgs; + rev = "8b8b65da24f13f9317504e8bcba476f9161613fe"; }; }; - # hardware specifics - networking.wireless.enable = true; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - # TODO: generalize to numCPU + 1 - nix.maxJobs = 3; - - - networking.firewall.rejectPackets = true; - networking.firewall.allowPing = true; - - - # $ nix-env -qaP | grep wget - environment.systemPackages = with pkgs; [ - vim - jq - ]; } |