summaryrefslogtreecommitdiffstats
path: root/shared/2configs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2017-07-14 00:17:58 +0200
committertv <tv@krebsco.de>2017-07-14 00:21:02 +0200
commit58380c82848c3db0bd6c3d74904153f3464c2098 (patch)
treedcefa424c037ef13edba18967143b3290dc739cb /shared/2configs
parentc213968c44befe32f115ec0122accebdabd89582 (diff)
merge shared into krebs
Diffstat (limited to 'shared/2configs')
-rw-r--r--shared/2configs/central-stats-client.nix68
-rw-r--r--shared/2configs/cgit-mirror.nix45
-rw-r--r--shared/2configs/collectd-base.nix41
-rw-r--r--shared/2configs/default.nix52
-rw-r--r--shared/2configs/graphite.nix93
-rw-r--r--shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix47
-rw-r--r--shared/2configs/os-templates/CAC-CentOS-7-64bit.nix47
-rw-r--r--shared/2configs/repo-sync.nix31
-rw-r--r--shared/2configs/save-diskspace.nix11
-rw-r--r--shared/2configs/shack/bincache.nix6
-rw-r--r--shared/2configs/shack/drivedroid.nix49
-rw-r--r--shared/2configs/shack/mqtt_sub.nix34
-rw-r--r--shared/2configs/shack/muell_caller.nix41
-rw-r--r--shared/2configs/shack/nix-cacher.nix31
-rw-r--r--shared/2configs/shack/radioactive.nix35
-rw-r--r--shared/2configs/shack/share.nix38
-rw-r--r--shared/2configs/shack/worlddomination.nix67
-rw-r--r--shared/2configs/shared-buildbot.nix178
-rw-r--r--shared/2configs/temp/dirs.nix1
-rw-r--r--shared/2configs/temp/networking.nix1
20 files changed, 0 insertions, 916 deletions
diff --git a/shared/2configs/central-stats-client.nix b/shared/2configs/central-stats-client.nix
deleted file mode 100644
index 0412eba9..00000000
--- a/shared/2configs/central-stats-client.nix
+++ /dev/null
@@ -1,68 +0,0 @@
-{pkgs, config, ...}:
-{
- services.collectd = {
- enable = true;
- autoLoadPlugin = true;
- extraConfig = ''
- Hostname ${config.krebs.build.host.name}
- LoadPlugin load
- LoadPlugin disk
- LoadPlugin memory
- LoadPlugin df
- Interval 30.0
-
- LoadPlugin interface
- <Plugin "interface">
- Interface "*Link"
- Interface "lo"
- Interface "vboxnet*"
- Interface "virbr*"
- IgnoreSelected true
- </Plugin>
-
- LoadPlugin df
- <Plugin "df">
- MountPoint "/nix/store"
- # MountPoint "/run*"
- # MountPoint "/sys*"
- # MountPoint "/dev"
- # MountPoint "/dev/shm"
- # MountPoint "/tmp"
- FSType "tmpfs"
- FSType "binfmt_misc"
- FSType "debugfs"
- FSType "mqueue"
- FSType "hugetlbfs"
- FSType "systemd-1"
- FSType "cgroup"
- FSType "securityfs"
- FSType "ramfs"
- FSType "proc"
- FSType "devpts"
- FSType "devtmpfs"
- MountPoint "/var/lib/docker/devicemapper"
- IgnoreSelected true
- </Plugin>
-
- LoadPlugin cpu
- <Plugin cpu>
- ReportByCpu true
- ReportByState true
- ValuesPercentage true
- </Plugin>
-
- LoadPlugin network
- <Plugin "network">
- Server "stats.makefu.r" "25826"
- </Plugin>
-
- LoadPlugin curl
- <Plugin curl>
- <Page "smarthome">
- URL "http://smarthome.shack/";
- MeasureResponseTime true
- </Page>
- </Plugin>
- '';
- };
-}
diff --git a/shared/2configs/cgit-mirror.nix b/shared/2configs/cgit-mirror.nix
deleted file mode 100644
index c2326a5c..00000000
--- a/shared/2configs/cgit-mirror.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- rules = with git; singleton {
- user = [ wolf-repo-sync ];
- repo = [ stockholm-mirror ];
- perm = push ''refs/*'' [ non-fast-forward create delete merge ];
- };
-
- stockholm-mirror = {
- public = true;
- name = "stockholm-mirror";
- cgit.desc = "mirror for all stockholm branches";
- hooks = {
- post-receive = pkgs.git-hooks.irc-announce {
- nick = config.networking.hostName;
- verbose = false;
- channel = "#retiolum";
- server = "ni.r";
- };
- };
- };
-
- wolf-repo-sync = {
- name = "wolf-repo-sync";
- mail = "spam@krebsco.de";
- # TODO put git-sync pubkey somewhere more appropriate
- pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwuAZB3wtAvBJFYh+gWdyGaZU4mtqM2dFXmh2rORlbXeh02msu1uv07ck1VKkQ4LgvCBcBsAOeVa1NTz99eLqutwgcqMCytvRNUCibcoEWwHObsK53KhDJj+zotwlFhnPPeK9+EpOP4ngh/tprJikttos5BwBwe2K+lfiid3fmVPZcTTYa77nCwijimMvWEx6CEjq1wiXMUc4+qcEn8Swbwomz/EEQdNE2hgoC3iMW9RqduTFdIJWnjVi0KaxenX9CvQRGbVK5SSu2gwzN59D/okQOCP6+p1gL5r3QRHSLSSRiEHctVQTkpKOifrtLZGSr5zArEmLd/cOVyssHQPCX repo-sync@wolf'';
- };
-
-in {
- krebs.users.wolf-repo-sync = wolf-repo-sync;
- krebs.git = {
- enable = true;
- cgit = {
- settings = {
- root-title = "Shared Repos";
- root-desc = "keep on krebsing";
- };
- };
- inherit rules;
- repos.stockholm-mirror = stockholm-mirror;
- };
-}
diff --git a/shared/2configs/collectd-base.nix b/shared/2configs/collectd-base.nix
deleted file mode 100644
index 440f83fc..00000000
--- a/shared/2configs/collectd-base.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-# TODO: krebs.collectd.plugins
-with import <stockholm/lib>;
-let
- connect-time-cfg = with pkgs; writeText "collectd-connect-time.conf" ''
- LoadPlugin python
- <Plugin python>
- ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/"
- Import "collectd_connect_time"
- <Module collectd_connect_time>
- target "localhost:22" "google.com" "google.de" "gum.r:22" "gum.krebsco.de" "heidi.shack:22" "10.42.0.1:22" "heise.de" "t-online.de"
- interval 10
- </Module>
- </Plugin>
- '';
- graphite-cfg = pkgs.writeText "collectd-graphite.conf" ''
- LoadPlugin write_graphite
- <Plugin "write_graphite">
- <Carbon>
- Host "heidi.shack"
- Port "2003"
- Prefix "retiolum."
- EscapeCharacter "_"
- StoreRates false
- AlwaysAppendDS false
- </Carbon>
- </Plugin>
- '';
-in {
- imports = [ ];
-
- nixpkgs.config.packageOverrides = pkgs: with pkgs; {
- collectd = pkgs.collectd.override { python= pkgs.python; };
- };
- services.collectd = {
- enable = true;
- include = [ (toString connect-time-cfg) (toString graphite-cfg) ];
- };
-
-}
diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix
deleted file mode 100644
index 2146f42e..00000000
--- a/shared/2configs/default.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-{
- krebs.enable = true;
- krebs.tinc.retiolum.enable = true;
-
- # TODO rename shared user to "krebs"
- krebs.build.user = mkDefault config.krebs.users.shared;
-
- networking.hostName = config.krebs.build.host.name;
-
- nix.maxJobs = 1;
- nix.trustedBinaryCaches = [
- "https://cache.nixos.org"
- "http://cache.nixos.org"
- "http://hydra.nixos.org"
- ];
- nix.useSandbox = true;
-
- environment.systemPackages = with pkgs; [
- git
- rxvt_unicode.terminfo
- ];
-
- programs.ssh.startAgent = false;
-
- services.openssh = {
- enable = true;
- hostKeys = [
- { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
- services.cron.enable = false;
- services.nscd.enable = false;
- services.ntp.enable = false;
-
- users.mutableUsers = false;
- users.extraUsers.root.openssh.authorizedKeys.keys = [
- # TODO
- config.krebs.users.lass.pubkey
- config.krebs.users.makefu.pubkey
- # TODO HARDER:
- config.krebs.users.makefu-omo.pubkey
- config.krebs.users.tv.pubkey
- ];
-
-
- # The NixOS release to be compatible with for stateful data such as databases.
- system.stateVersion = "15.09";
-
-}
diff --git a/shared/2configs/graphite.nix b/shared/2configs/graphite.nix
deleted file mode 100644
index 64222e43..00000000
--- a/shared/2configs/graphite.nix
+++ /dev/null
@@ -1,93 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-# graphite-web on port 8080
-# carbon cache on port 2003 (tcp/udp)
-
-# TODO: krebs.graphite.minimal.enable
-# TODO: configure firewall
-with import <stockholm/lib>;
-{
- imports = [ ];
-
- services.graphite = {
- api = {
- enable = true;
- listenAddress = "0.0.0.0";
- };
- carbon = {
- enableCache = true;
- # save disk usage by restricting to 1 bulk update per second
- config = ''
- [cache]
- MAX_CACHE_SIZE = inf
- MAX_UPDATES_PER_SECOND = 1
- MAX_CREATES_PER_MINUTE = 50
- MAX_UPDATES_PER_SECOND_ONSHUTDOWN = 9001
-
- LOG_CACHE_HITS = False
- LOG_CACHE_QUEUE_SORTS = False
- LOG_UPDATES = False
- LOG_LISTENER_CONNECTIONS = False
- LOG_CREATES = True
- '';
- storageAggregation = ''
- '';
- storageSchemas = ''
- [carbon]
- pattern = ^carbon\.
- retentions = 60:90d
-
-
- [radiation_sensor]
- pattern = ^sensors\.radiation\.
- retentions = 1m:30d,5m:180d,10m:3y
-
- [motion_sensors]
- pattern = ^sensors\.motion\.
- retentions = 1s:1h,60s:30d,300s:1y
-
- [motion_sensors]
- pattern = ^retiolum\.
- retentions = 10s:1h,30s:30d,300s:1y
-
- [homeassistant]
- pattern = ^homeassistant\.
- retentions = 10s:24h,30s:30d,300s:1y,3600s:5y
-
- [ara]
- pattern = ^ara\.
- retentions = 60s:30d,300s:1y
-
- [openweathermap]
- pattern = ^weather\.openweathermap
- retentions = 30m:30d,1h:5y
-
- [stadtklima]
- pattern = ^weather\.stadtklima-stuttgart
- retentions = 15m:30d,30m:5y
-
- [sensebox]
- pattern = ^weather\.sensebox
- retentions = 1m:90d,30m:5y
-
- [elchos]
- pattern = ^elchos\.
- retentions = 10s:14d,1m:90d,10m:5y
-
- [icinga_default]
- pattern = ^icinga
- retentions = 10s:14d,5m:90d,10m:5y
-
- [icinga_internals]
- pattern = ^icinga.*\.(max_check_attempts|reachable|current_attempt|execution_time|latency|state|state_type)
- retentions = 5m:7d
-
- [default]
- pattern = .*
- retentions = 60s:30d,300s:1y
- '';
- };
- };
- systemd.services.carbonCache.serviceConfig.Restart="always";
- systemd.services.graphiteApi.serviceConfig.Restart="always";
-}
diff --git a/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix b/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix
deleted file mode 100644
index b5ec722a..00000000
--- a/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-_:
-
-{
- boot.loader.grub = {
- device = "/dev/sda";
- splashImage = null;
- };
-
- boot.initrd.availableKernelModules = [
- "ata_piix"
- "vmw_pvscsi"
- ];
-
- fileSystems."/" = {
- device = "/dev/VolGroup/lv_root";
- fsType = "ext4";
- };
-
- fileSystems."/boot" = {
- device = "/dev/sda1";
- fsType = "ext4";
- };
-
- swapDevices = [
- { device = "/dev/VolGroup/lv_swap"; }
- ];
-
- users.extraGroups = {
- # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
- # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
- # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
- # Docs: man:tmpfiles.d(5)
- # man:systemd-tmpfiles(8)
- # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
- # Main PID: 19272 (code=exited, status=1/FAILURE)
- #
- # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
- # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
- # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
- # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
- # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
- # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
- # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
- # warning: error(s) occured while switching to the new configuration
- lock.gid = 10001;
- };
-}
diff --git a/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix b/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix
deleted file mode 100644
index 168d1d97..00000000
--- a/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-_:
-
-{
- boot.loader.grub = {
- device = "/dev/sda";
- splashImage = null;
- };
-
- boot.initrd.availableKernelModules = [
- "ata_piix"
- "vmw_pvscsi"
- ];
-
- fileSystems."/" = {
- device = "/dev/centos/root";
- fsType = "xfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/sda1";
- fsType = "xfs";
- };
-
- swapDevices = [
- { device = "/dev/centos/swap"; }
- ];
-
- users.extraGroups = {
- # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
- # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
- # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
- # Docs: man:tmpfiles.d(5)
- # man:systemd-tmpfiles(8)
- # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
- # Main PID: 19272 (code=exited, status=1/FAILURE)
- #
- # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
- # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
- # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
- # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
- # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
- # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
- # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
- # warning: error(s) occured while switching to the new configuration
- lock.gid = 10001;
- };
-}
diff --git a/shared/2configs/repo-sync.nix b/shared/2configs/repo-sync.nix
deleted file mode 100644
index 637a26e3..00000000
--- a/shared/2configs/repo-sync.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-{
- krebs.repo-sync = let
- # TODO addMirrorURL function
- mirror = "git@wolf:stockholm-mirror";
- in {
- enable = true;
- repos.stockholm = {
- branches = {
- makefu = {
- origin.url = http://cgit.gum/stockholm ;
- mirror.url = mirror;
- };
- tv = {
- origin.url = http://cgit.ni.r/stockholm;
- mirror.url = mirror;
- };
- lassulus = {
- origin.url = http://cgit.prism/stockholm ;
- mirror.url = mirror;
- };
- };
- latest = {
- url = mirror;
- ref = "heads/master";
- };
- };
- };
-}
diff --git a/shared/2configs/save-diskspace.nix b/shared/2configs/save-diskspace.nix
deleted file mode 100644
index ab074c75..00000000
--- a/shared/2configs/save-diskspace.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{lib, ... }:
-# TODO: do not check out nixpkgs master but fetch revision from github
-{
- environment.noXlibs = true;
- nix.gc.automatic = true;
- nix.gc.dates = lib.mkDefault "03:10";
- programs.info.enable = false;
- programs.man.enable = false;
- services.journald.extraConfig = "SystemMaxUse=50M";
- services.nixosManual.enable = false;
-}
diff --git a/shared/2configs/shack/bincache.nix b/shared/2configs/shack/bincache.nix
deleted file mode 100644
index 9cd7fae2..00000000
--- a/shared/2configs/shack/bincache.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{...}:
-{
- nix.binaryCaches = [
- "http://wolf.shack:3142/nixos"
- ];
-}
diff --git a/shared/2configs/shack/drivedroid.nix b/shared/2configs/shack/drivedroid.nix
deleted file mode 100644
index 12e4a39c..00000000
--- a/shared/2configs/shack/drivedroid.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-let
- root = "/var/srv/drivedroid";
-in
-{
- environment.systemPackages = [ pkgs.drivedroid-gen-repo ];
-
- services.nginx = {
- enable = mkDefault true;
- virtualHosts.shack-drivedroid = {
- serverAliases = [
- "drivedroid.shack"
- ];
- # TODO: prepare this somehow
- locations."/".extraConfig = ''
- root ${root};
- index main.json;
- '';
- };
- };
-
- systemd.services.drivedroid-gen-repo = {
- description = "generates drivedroid repo file";
- path = [
- pkgs.coreutils
- pkgs.drivedroid-gen-repo
- pkgs.inotify-tools
- ];
- wantedBy = [ "multi-user.target" ];
-
- serviceConfig = {
- Type = "simple";
- Restart = "always";
- ExecStartPre = pkgs.writeDash "prepare-drivedroid-gen-repo" ''
- mkdir -p ${root}/repos
- '';
- ExecStart = pkgs.writeDash "start-drivedroid-gen-repo" ''
- set -efu
- cd ${root}
- while sleep 60; do
- if inotifywait -r .; then
- drivedroid-gen-repo repos > main.json
- fi
- done
- '';
- };
- };
-}
diff --git a/shared/2configs/shack/mqtt_sub.nix b/shared/2configs/shack/mqtt_sub.nix
deleted file mode 100644
index a8427dde..00000000
--- a/shared/2configs/shack/mqtt_sub.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- pkg = pkgs.stdenv.mkDerivation {
- name = "mqtt2graphite-2017-05-29";
- src = pkgs.fetchgit {
- url = "https://github.com/shackspace/mqtt2graphite/";
- rev = "117179d";
- sha256 = "1334jbbzlqizyp7zcn4hdswhhrnkj1p4p435n5nph82lzffrsi44";
- };
- buildInputs = [
- (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [
- docopt
- paho-mqtt
- ]))
- ];
- installPhase = ''
- install -m755 -D sub.py $out/bin/sub
- install -m755 -D sub2.py $out/bin/sub-new
- '';
- };
-in {
- systemd.services.mqtt_sub = {
- description = "subscribe to mqtt, send to graphite";
- # after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ];
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- User = "nobody";
- ExecStart = "${pkg}/bin/sub-new";
- PrivateTmp = true;
- };
- };
-}
diff --git a/shared/2configs/shack/muell_caller.nix b/shared/2configs/shack/muell_caller.nix
deleted file mode 100644
index 2d8d78e3..00000000
--- a/shared/2configs/shack/muell_caller.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- pkg = pkgs.stdenv.mkDerivation {
- name = "muell_caller-2017-06-01";
- src = pkgs.fetchgit {
- url = "https://github.com/shackspace/muell_caller/";
- rev = "bbd4009";
- sha256 = "1bfnfl2vdh0p5wzyz5p48qh04vvsg2445avg86fzhzragx25fqv0";
- };
- buildInputs = [
- (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
- docopt
- requests2
- paramiko
- python
- ]))
- ];
- installPhase = ''
- install -m755 -D call.py $out/bin/call-muell
- '';
- };
- cfg = "${toString <secrets>}/tell.json";
-in {
- systemd.services.call_muell = {
- description = "call muell";
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- User = "nobody"; # TODO separate user
- ExecStartPre = pkgs.writeDash "call-muell-pre" ''
- cp ${cfg} /tmp/tell.json
- chown nobody /tmp/tell.json
- '';
- ExecStart = "${pkg}/bin/call-muell --cfg /tmp/tell.json --mode mpd loop 60";
- Restart = "always";
- PrivateTmp = true;
- PermissionsStartOnly = true;
- };
- };
-}
diff --git a/shared/2configs/shack/nix-cacher.nix b/shared/2configs/shack/nix-cacher.nix
deleted file mode 100644
index 8feeca9a..00000000
--- a/shared/2configs/shack/nix-cacher.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-let
- cfg = config.krebs.apt-cacher-ng;
-in
-{
- imports = [
- ./bincache.nix
- ];
- krebs.apt-cacher-ng = {
- enable = true;
- port = 3142;
- bindAddress = "localhost";
- cacheExpiration = 30;
- };
-
- services.nginx = {
- enable = mkDefault true;
- virtualHosts.shack-nix-cacher = {
- serverAliases = [
- "acng.shack"
- ];
- locations."/".extraConfig = ''
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_pass http://localhost:${toString cfg.port}/;
- '';
- };
- };
-}
diff --git a/shared/2configs/shack/radioactive.nix b/shared/2configs/shack/radioactive.nix
deleted file mode 100644
index 378b5405..00000000
--- a/shared/2configs/shack/radioactive.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- pkg = pkgs.stdenv.mkDerivation {
- name = "radioactive-2017-06-01";
- src = pkgs.fetchgit {
- url = "https://github.com/makefu/nagios-radioactiveathome-plugins/";
- rev = "955f614";
- sha256 = "0ql6npl3n6shvij0ly6a52yjmf7dc31c5x29y927k9lvp8ygin20";
- };
- buildInputs = [
- (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
- docopt
- requests2
- python
- ]))
- ];
- installPhase = ''
- install -m755 -D add_many_points.py $out/bin/radioactive-add-many
- '';
- };
-in {
- systemd.services.radioactive = {
- description = "radioactive";
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- User = "nobody"; # TODO separate user
- ExecStart = "${pkg}/bin/radioactive-add-many loop 60";
- Restart = "always";
- PrivateTmp = true;
- PermissionsStartOnly = true;
- };
- };
-}
diff --git a/shared/2configs/shack/share.nix b/shared/2configs/shack/share.nix
deleted file mode 100644
index 247b9ee7..00000000
--- a/shared/2configs/shack/share.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{config, ... }:{
- users.users.smbguest = {
- name = "smbguest";
- uid = config.ids.uids.smbguest;
- group = "share";
- description = "smb guest user";
- home = "/home/share";
- createHome = true;
- };
-
- networking.firewall.allowedTCPPorts = [
- 139 445 # samba
- ];
-
- networking.firewall.allowedUDPPorts = [
- 137 138
- ];
- services.samba = {
- enable = true;
- shares = {
- share-home = {
- path = "/home/share/";
- "read only" = "no";
- browseable = "yes";
- "guest ok" = "yes";
- };
- };
- extraConfig = ''
- guest account = smbguest
- map to guest = bad user
- # disable printing
- load printers = no
- printing = bsd
- printcap name = /dev/null
- disable spoolss = yes
- '';
- };
-}
diff --git a/shared/2configs/shack/worlddomination.nix b/shared/2configs/shack/worlddomination.nix
deleted file mode 100644
index d0f9f5fa..00000000
--- a/shared/2configs/shack/worlddomination.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-let
- pythonPackages = pkgs.python3Packages;
- # https://github.com/chrysn/aiocoap
- aiocoap = pythonPackages.buildPythonPackage {
- name = "aiocoap-0.3";
- src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; };
- propagatedBuildInputs = [ ];
- doCheck = false; # 2 errors, dunnolol
- meta = with pkgs.stdenv.lib; {
- homepage = "";
- license = licenses.mit;
- description = "Python CoAP library";
- };
- };
- LinkHeader = pythonPackages.buildPythonPackage {
- name = "LinkHeader-0.4.3";
- src = pkgs.fetchurl { url = "https://pypi.python.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; };
- propagatedBuildInputs = [ ];
- meta = with pkgs.stdenv.lib; {
- homepage = "";
- license = licenses.bsdOriginal;
- description = "Parse and format link headers according to RFC 5988 \"Web Linking\"";
- };
- };
- pkg = pkgs.stdenv.mkDerivation {
- name = "worlddomination-2017-06-10";
- src = pkgs.fetchgit {
- url = "https://github.com/shackspace/worlddomination/";
- rev = "72fc9b5";
- sha256 = "05h500rswzypcxy4i22qc1vkc8izbzfqa9m86xg289hjxh133xyf";
- };
- buildInputs = [
- (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
- docopt
- LinkHeader
- aiocoap
- requests2
- paramiko
- python
- ]))
- ];
- installPhase = ''
- install -m755 -D backend/push_led.py $out/bin/push-led
- install -m755 -D backend/loop_single.py $out/bin/loop-single
- # copy the provided file to the package
- install -m755 -D backend/wd.lst $out/${wdpath}
- '';
- };
- wdpath = "/usr/worlddomination/wd.lst";
- esphost = "10.42.24.7"; # esp8266
- timeout = 10; # minutes
-in {
- systemd.services.worlddomination = {
- description = "run worlddomination";
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- User = "nobody"; # TODO separate user
- ExecStart = "${pkg}/bin/push-led ${esphost} ${pkg}/${wdpath} loop ${toString timeout}";
- Restart = "always";
- PrivateTmp = true;
- PermissionsStartOnly = true;
- };
- };
-}
diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix
deleted file mode 100644
index 1d6883af..00000000
--- a/shared/2configs/shared-buildbot.nix
+++ /dev/null
@@ -1,178 +0,0 @@
-{ lib, config, pkgs, ... }:
-# The buildbot config is self-contained and currently provides a way
-# to test "shared" configuration (infrastructure to be used by every krebsminister).
-
-# You can add your own test, test steps as required. Deploy the config on a
-# shared host like wolf and everything should be fine.
-
-# TODO for all users schedule a build for fast tests
-{
- # due to the fact that we actually build stuff on the box via the daemon,
- # /nix/store should be cleaned up automatically as well
- services.nginx.virtualHosts.build = {
- serverAliases = [ "build.wolf.r" ];
- locations."/".extraConfig = ''
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_pass http://localhost:${toString config.krebs.buildbot.master.web.port};
- '';
- };
-
- nix.gc.automatic = true;
- nix.gc.dates = "05:23";
- networking.firewall.allowedTCPPorts = [ 8010 9989 ];
- krebs.buildbot.master = let
- stockholm-mirror-url = http://cgit.wolf.r/stockholm-mirror ;
- in {
- secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ];
- workers = {
- testworker = "krebspass";
- };
- change_source.stockholm = ''
- stockholm_repo = '${stockholm-mirror-url}'
- cs.append(changes.GitPoller(
- stockholm_repo,
- workdir='stockholm-poller', branches=True,
- project='stockholm',
- pollinterval=60))
- '';
- scheduler = {
- force-scheduler = ''
- sched.append(schedulers.ForceScheduler(
- name="force",
- builderNames=[
- # "full-tests",
- "fast-tests",
- "build-local"
- ]))
- '';
- fast-tests-scheduler = ''
- # test everything real quick
- sched.append(schedulers.AnyBranchScheduler(
- treeStableTimer=10,
- name="fast-all-branches",
- builderNames=["fast-tests"]))
- '';
- test-cac-infest-master = ''
- # files everyone depends on or are part of the share branch
- def shared_files(change):
- r =re.compile("^((krebs|shared)/.*|Makefile|default.nix)")
- for file in change.files:
- if r.match(file):
- return True
- return False
-
- sched.append(schedulers.SingleBranchScheduler(
- change_filter=util.ChangeFilter(branch="master"),
- fileIsImportant=shared_files,
- treeStableTimer=60*60, # master was stable for the last hour
- name="full-master",
- builderNames=[
- # "full-tests",
- "build-local"
- ]))
- '';
- };
- builder_pre = ''
- # prepare grab_repo step for stockholm
- grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
-
- env = {
- "LOGNAME": "shared",
- "NIX_REMOTE": "daemon",
- "dummy_secrets": "true",
- }
-
- # prepare nix-shell
- # the dependencies which are used by the test script
- deps = [ "gnumake", "jq", "nix",
- "(import <stockholm>).pkgs.populate",
- "(import <stockholm>).pkgs.test.infest-cac-centos7" ]
- # TODO: --p