summaryrefslogtreecommitdiffstats
path: root/mv
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2018-09-10 17:32:31 +0200
committermakefu <github@syntax-fehler.de>2018-09-10 17:32:31 +0200
commit859f98583788a9324be0e8c52d36a6bb812273fe (patch)
tree81e1ce4bd2a4185221761165023434f8737fff06 /mv
parentb2a3bd38ea70307c8b136eba42de7cc882afd441 (diff)
parentf6e69c6ecb25fc96655ec1749747d9ccb7880365 (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'mv')
-rw-r--r--mv/1systems/stro/config.nix155
-rw-r--r--mv/1systems/stro/source.nix3
-rw-r--r--mv/dummy_secrets/default.nix8
-rw-r--r--mv/dummy_secrets/ssh.ed255193
-rw-r--r--mv/source.nix30
5 files changed, 0 insertions, 199 deletions
diff --git a/mv/1systems/stro/config.nix b/mv/1systems/stro/config.nix
deleted file mode 100644
index 941b3f69e..000000000
--- a/mv/1systems/stro/config.nix
+++ /dev/null
@@ -1,155 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-{
- krebs = {
- enable = true;
- build = {
- user = config.krebs.users.mv;
- host = config.krebs.hosts.stro;
- };
- };
-
- imports = [
- <secrets>
- <stockholm/krebs>
- <stockholm/tv/2configs/bash>
- <stockholm/tv/2configs/exim-retiolum.nix>
- <stockholm/tv/2configs/hw/x220.nix>
- <stockholm/tv/2configs/im.nix>
- <stockholm/tv/2configs/mail-client.nix>
- <stockholm/tv/2configs/nginx/public_html.nix>
- <stockholm/tv/2configs/retiolum.nix>
- <stockholm/tv/2configs/ssh.nix>
- <stockholm/tv/2configs/sshd.nix>
- <stockholm/tv/2configs/vim.nix>
- <stockholm/tv/2configs/xdg.nix>
- <stockholm/tv/2configs/xserver>
- <stockholm/tv/3modules>
- ];
-
- boot.kernel.sysctl = {
- # Enable IPv6 Privacy Extensions
- "net.ipv6.conf.all.use_tempaddr" = 2;
- "net.ipv6.conf.default.use_tempaddr" = 2;
- };
-
- boot.initrd.luks = {
- cryptoModules = [ "aes" "sha512" "xts" ];
- devices = [
- {
- name = "luks1";
- device = "/dev/disk/by-id/ata-TOSHIBA-TR150_467B50JXK8WU-part2";
- }
- ];
- };
-
- environment = {
- profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
- shellAliases = mkForce {
- gp = "${pkgs.pari}/bin/gp -q";
- df = "df -h";
- du = "du -h";
- ls = "ls -h --color=auto --group-directories-first";
- dmesg = "dmesg -L --reltime";
- view = "vim -R";
-
- reload = "systemctl reload";
- restart = "systemctl restart";
- start = "systemctl start";
- status = "systemctl status";
- stop = "systemctl stop";
- };
- systemPackages = with pkgs; [
- dic
- htop
- p7zip
- q
-
- pavucontrol
- rxvt_unicode.terminfo
-
- # stockholm
- git
- gnumake
- populate
- ];
- variables = {
- NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
- };
- };
-
- fileSystems = {
- "/boot" = {
- device = "/dev/disk/by-id/ata-TOSHIBA-TR150_467B50JXK8WU-part1";
- };
- "/" = {
- device = "/dev/mapper/vg1-root";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- "/home" = {
- device = "/dev/mapper/vg1-home";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- "/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = ["nosuid" "nodev" "noatime"];
- };
- };
-
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
-
- networking.hostName = config.krebs.build.host.name;
-
- nix = {
- binaryCaches = ["https://cache.nixos.org"];
- requireSignedBinaryCaches = true;
- # TODO check if both are required:
- sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ];
- useSandbox = true;
- };
-
- nixpkgs.config.packageOverrides = import <stockholm/tv/5pkgs> pkgs;
-
- users = {
- defaultUserShell = "/run/current-system/sw/bin/bash";
- mutableUsers = false;
- users = {
- mv = {
- inherit (config.krebs.users.mv) home uid;
- isNormalUser = true;
- };
- };
- };
-
- security.sudo.extraConfig = ''
- Defaults env_keep+="SSH_CLIENT"
- Defaults mailto="${config.krebs.users.mv.mail}"
- Defaults !lecture
- '';
-
- services.cron.enable = false;
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
- services.nscd.enable = false;
- services.ntp.enable = false;
- services.timesyncd.enable = true;
-
- time.timeZone = "Europe/Berlin";
-
- tv.iptables = {
- enable = true;
- accept-echo-request = "internet";
- };
-
- system.stateVersion = "16.03";
-}
diff --git a/mv/1systems/stro/source.nix b/mv/1systems/stro/source.nix
deleted file mode 100644
index 888d616c8..000000000
--- a/mv/1systems/stro/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/mv/source.nix> {
- name = "stro";
-}
diff --git a/mv/dummy_secrets/default.nix b/mv/dummy_secrets/default.nix
deleted file mode 100644
index 84a5e1186..000000000
--- a/mv/dummy_secrets/default.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ config, ... }:
-{
- users.users.root = {
- openssh.authorizedKeys.keys = [
- config.krebs.users.mv.pubkey
- ];
- };
-}
diff --git a/mv/dummy_secrets/ssh.ed25519 b/mv/dummy_secrets/ssh.ed25519
deleted file mode 100644
index a7d2adab4..000000000
--- a/mv/dummy_secrets/ssh.ed25519
+++ /dev/null
@@ -1,3 +0,0 @@
------BEGIN OPENSSH PRIVATE KEY-----
-dummy
------END OPENSSH PRIVATE KEY-----
diff --git a/mv/source.nix b/mv/source.nix
deleted file mode 100644
index 29dfe9723..000000000
--- a/mv/source.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-with import <stockholm/lib>;
-host@{ name, override ? {} }: let
- builder = if getEnv "dummy_secrets" == "true"
- then "buildbot"
- else "mv";
- _file = <stockholm> + "/mv/1systems/${name}/source.nix";
- pkgs = import <nixpkgs> {
- overlays = map import [
- <stockholm/krebs/5pkgs>
- <stockholm/submodules/nix-writers/pkgs>
- ];
- };
-in
- evalSource (toString _file) [
- {
- nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix";
- nixpkgs.git = {
- # nixos-17.09
- ref = mkDefault "0653b73bf61f3a23d28c38ab7e9c69a318d433de";
- url = https://github.com/NixOS/nixpkgs;
- };
- secrets.file = getAttr builder {
- buildbot = toString <stockholm/mv/dummy_secrets>;
- mv = "/home/mv/secrets/${name}";
- };
- stockholm.file = toString <stockholm>;
- stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
- }
- override
- ]