summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2015-11-21 14:25:02 +0100
committerlassulus <lass@aidsballs.de>2015-11-21 14:25:02 +0100
commitf531e7e62573d59b3a92cbac1bc224ec1ab5f3cc (patch)
tree49582b817265fd7b6dfc8a524a84af7ed12ba28f /makefu
parenta0202683177b022e3f2b67cd5929baccb868a26e (diff)
parenta8d007868342517c235963a8ab13cff7c0e5d59e (diff)
Merge remote-tracking branch 'pnp/master'
Diffstat (limited to 'makefu')
-rw-r--r--makefu/1systems/filepimp.nix2
-rw-r--r--makefu/1systems/gum.nix34
-rw-r--r--makefu/1systems/wry.nix17
-rw-r--r--makefu/2configs/fs/simple-swap.nix11
-rw-r--r--makefu/2configs/git/brain-retiolum.nix4
-rw-r--r--makefu/2configs/git/cgit-retiolum.nix55
-rw-r--r--makefu/2configs/main-laptop.nix2
-rw-r--r--makefu/2configs/virtualization-virtualbox.nix6
8 files changed, 84 insertions, 47 deletions
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
index fb1a57552..66ea2ce90 100644
--- a/makefu/1systems/filepimp.nix
+++ b/makefu/1systems/filepimp.nix
@@ -7,8 +7,6 @@
{
imports =
[ # Include the results of the hardware scan.
- ../2configs/default.nix
- ../2configs/fs/vm-single-partition.nix
../2configs/fs/single-partition-ext4.nix
../2configs/tinc-basic-retiolum.nix
];
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 8dd347b4f..63ad18339 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -9,14 +9,15 @@ in {
# TODO: copy this config or move to krebs
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
+ ../2configs/fs/simple-swap.nix
../2configs/fs/single-partition-ext4.nix
# ../2configs/iodined.nix
+ ../2configs/git/cgit-retiolum.nix
];
krebs.build.target = "root@gum.krebsco.de";
krebs.build.host = config.krebs.hosts.gum;
-
# Chat
environment.systemPackages = with pkgs;[
weechat
@@ -33,21 +34,24 @@ in {
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
'';
+ boot.kernelParams = [ "ipv6.disable=1" ];
networking = {
- firewall = {
- allowPing = true;
- allowedTCPPorts = [
- # smtp
- 25
- # http
- 80 443
- # tinc
- 655
- ];
- allowedUDPPorts = [
- # tinc
- 655 53
- ];
+ enableIPv6 = false;
+ firewall = {
+ allowPing = true;
+ logRefusedConnections = false;
+ allowedTCPPorts = [
+ # smtp
+ 25
+ # http
+ 80 443
+ # tinc
+ 655
+ ];
+ allowedUDPPorts = [
+ # tinc
+ 655 53
+ ];
};
interfaces.et0.ip4 = [{
address = external-ip;
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index ba94972fb..cd2b3f657 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -24,11 +24,11 @@ in {
# other nginx
../2configs/nginx/euer.wiki.nix
../2configs/nginx/euer.blog.nix
+ ../2configs/nginx/euer.test.nix
# collectd
../2configs/collectd/collectd-base.nix
];
-
krebs.build.host = config.krebs.hosts.wry;
krebs.Reaktor.enable = true;
@@ -59,9 +59,12 @@ in {
};
networking = {
- firewall.allowPing = true;
- firewall.allowedTCPPorts = [ 53 80 443 ];
- firewall.allowedUDPPorts = [ 655 ];
+ firewall = {
+ allowPing = true;
+ logRefusedConnections = false;
+ allowedTCPPorts = [ 53 80 443 ];
+ allowedUDPPorts = [ 655 ];
+ };
interfaces.enp2s1.ip4 = [{
address = external-ip;
prefixLength = 24;
@@ -70,5 +73,9 @@ in {
nameservers = [ "8.8.8.8" ];
};
- environment.systemPackages = [ pkgs.translate-shell ];
+ # small machine - do not forget to gc every day
+ nix.gc.automatic = true;
+ nix.gc.dates = "03:10";
+
+ environment.systemPackages = [ ];
}
diff --git a/makefu/2configs/fs/simple-swap.nix b/makefu/2configs/fs/simple-swap.nix
new file mode 100644
index 000000000..8c161b287
--- /dev/null
+++ b/makefu/2configs/fs/simple-swap.nix
@@ -0,0 +1,11 @@
+_:
+{
+ # do not swap that often
+ boot.kernel.sysctl = {
+ "vm.swappiness" = 25;
+ };
+
+ swapDevices = [
+ { device = "/dev/disk/by-label/swap"; }
+ ];
+}
diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix
index 793373859..066d50a28 100644
--- a/makefu/2configs/git/brain-retiolum.nix
+++ b/makefu/2configs/git/brain-retiolum.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
# TODO: remove tv lib :)
-with import ../../../tv/4lib { inherit lib pkgs; };
+with lib;
let
repos = priv-repos // krebs-repos ;
@@ -26,7 +26,7 @@ let
inherit name desc;
public = false;
hooks = {
- post-receive = git.irc-announce {
+ post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;
channel = "#retiolum";
# TODO remove the hardcoded hostname
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 189dd66c8..e12827697 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -1,10 +1,12 @@
{ config, lib, pkgs, ... }:
# TODO: remove tv lib :)
-with import ../../../tv/4lib { inherit lib pkgs; };
+with lib;
let
- repos = priv-repos // krebs-repos ;
- rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos);
+ repos = priv-repos // krebs-repos // connector-repos ;
+ rules = concatMap krebs-rules (attrValues krebs-repos)
+ ++ concatMap priv-rules (attrValues priv-repos)
+ ++ concatMap connector-rules (attrValues connector-repos);
krebs-repos = mapAttrs make-krebs-repo {
stockholm = {
@@ -19,6 +21,10 @@ let
autosync = { };
};
+ connector-repos = mapAttrs make-priv-repo {
+ connector = { };
+ };
+
# TODO move users to separate module
make-priv-repo = name: { desc ? null, ... }: {
@@ -30,7 +36,7 @@ let
inherit name desc;
public = true;
hooks = {
- post-receive = git.irc-announce {
+ post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;
verbose = config.krebs.build.host.name == "pnp";
channel = "#retiolum";
@@ -40,38 +46,49 @@ let
};
};
- set-owners = with git;repo: user:
- singleton {
- inherit user;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- };
- set-ro-access = with git; repo: user:
- optional repo.public {
- inherit user;
- repo = [ repo ];
- perm = fetch;
- };
# TODO: get the list of all krebsministers
krebsminister = with config.krebs.users; [ lass tv uriel ];
all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ];
+ all-exco = with config.krebs.users; [ exco ];
priv-rules = repo: set-owners repo all-makefu;
+ connector-rules = repo: set-owners repo all-makefu ++ set-owners repo all-exco;
+
krebs-rules = repo:
set-owners repo all-makefu ++ set-ro-access repo krebsminister;
+ set-ro-access = with git; repo: user:
+ optional repo.public {
+ inherit user;
+ repo = [ repo ];
+ perm = fetch;
+ };
+
+ set-owners = with git;repo: user:
+ singleton {
+ inherit user;
+ repo = [ repo ];
+ perm = push "refs/*" [ non-fast-forward create delete merge ];
+ };
+
in {
imports = [{
- krebs.users.makefu-omo = {
+ krebs.users = {
+ makefu-omo = {
name = "makefu-omo" ;
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub;
- };
- krebs.users.makefu-tsp = {
+ };
+ makefu-tsp = {
name = "makefu-tsp" ;
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;
+ };
+ exco = {
+ name = "exco";
+ pubkey= with builtins; readFile ../../../krebs/Zpubkeys/exco.ssh.pub;
+ };
};
}];
krebs.git = {
diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix
index 294ee7510..dfc8c1c07 100644
--- a/makefu/2configs/main-laptop.nix
+++ b/makefu/2configs/main-laptop.nix
@@ -12,7 +12,7 @@ with lib;
firefox
chromium
keepassx
-
+ ntfs3g
virtmanager
at_spi2_core # dep for virtmanager?
];
diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix
index 610b63732..aaabcd50e 100644
--- a/makefu/2configs/virtualization-virtualbox.nix
+++ b/makefu/2configs/virtualization-virtualbox.nix
@@ -2,11 +2,11 @@
let
mainUser = config.krebs.build.user;
- version = "5.0.4";
- rev = "102546";
+ version = "5.0.6";
+ rev = "103037";
vboxguestpkg = pkgs.fetchurl {
url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
- sha256 = "1ykwpjvfgj11iwhx70bh2hbxhyy3hg6rnqzl4qac7xzg8xw8wqg4";
+ sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf";
};
in {
#inherit vboxguestpkg;