summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/1systems/hotdog/config.nix5
-rw-r--r--krebs/1systems/puyak/config.nix1
-rw-r--r--krebs/1systems/wolf/config.nix3
-rw-r--r--krebs/2configs/binary-cache/prism.nix12
-rw-r--r--krebs/2configs/buildbot-all.nix7
-rw-r--r--krebs/2configs/buildbot-krebs.nix13
-rw-r--r--krebs/3modules/ci.nix15
-rw-r--r--krebs/3modules/lass/default.nix26
-rw-r--r--krebs/3modules/tv/default.nix48
-rw-r--r--krebs/5pkgs/default.nix5
-rw-r--r--krebs/source.nix2
-rw-r--r--lass/1systems/iso.nix1
-rw-r--r--lass/1systems/skynet/config.nix59
-rw-r--r--lass/1systems/skynet/source.nix4
-rw-r--r--lass/2configs/exim-smarthost.nix3
-rw-r--r--lass/2configs/mail.nix9
-rw-r--r--lass/2configs/websites/domsen.nix8
-rw-r--r--lass/source.nix2
-rw-r--r--tv/1systems/cd/config.nix17
19 files changed, 165 insertions, 75 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index c056b4eaf..3eb7b9aa1 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -16,4 +16,9 @@
boot.isContainer = true;
networking.useDHCP = false;
+ krebs.repo-sync.repos.stockholm.timerConfig = {
+ OnBootSec = "5min";
+ OnUnitInactiveSec = "2min";
+ RandomizedDelaySec = "2min";
+ };
}
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index a1df11901..deede4493 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -9,6 +9,7 @@
<stockholm/krebs/2configs/buildbot-krebs.nix>
<stockholm/krebs/2configs/stats/puyak-client.nix>
+ <stockholm/krebs/2configs/binary-cache/prism.nix>
];
krebs.build.host = config.krebs.hosts.puyak;
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index a0113fce8..ec9c78db5 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -13,6 +13,7 @@ in
<stockholm/krebs/2configs/graphite.nix>
<stockholm/krebs/2configs/buildbot-krebs.nix>
+ <stockholm/krebs/2configs/binary-cache/prism.nix>
<stockholm/krebs/2configs/shack/worlddomination.nix>
<stockholm/krebs/2configs/shack/drivedroid.nix>
@@ -44,11 +45,9 @@ in
nix = {
# use the up to date prism cache
binaryCaches = [
- "http://cache.prism.r"
"https://cache.nixos.org/"
];
binaryCachePublicKeys = [
- "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
];
};
diff --git a/krebs/2configs/binary-cache/prism.nix b/krebs/2configs/binary-cache/prism.nix
new file mode 100644
index 000000000..4813eeb0f
--- /dev/null
+++ b/krebs/2configs/binary-cache/prism.nix
@@ -0,0 +1,12 @@
+{ config, ... }:
+
+{
+ nix = {
+ binaryCaches = [
+ "http://cache.prism.r"
+ ];
+ binaryCachePublicKeys = [
+ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+ ];
+ };
+}
diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix
index fe982c870..acd806d6e 100644
--- a/krebs/2configs/buildbot-all.nix
+++ b/krebs/2configs/buildbot-all.nix
@@ -1,8 +1,13 @@
{ lib, config, pkgs, ... }:
{
imports = [
- <stockholm/krebs/2configs/buildbot-krebs.nix>
+ <stockholm/krebs/2configs/repo-sync.nix>
];
+
+ networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
+ krebs.ci.enable = true;
+ krebs.ci.treeStableTimer = 1;
+ krebs.ci.users.krebs.all = true;
krebs.ci.users.lass.all = true;
krebs.ci.users.makefu.all = true;
krebs.ci.users.nin.all = true;
diff --git a/krebs/2configs/buildbot-krebs.nix b/krebs/2configs/buildbot-krebs.nix
index 7f243b506..40ca3c66d 100644
--- a/krebs/2configs/buildbot-krebs.nix
+++ b/krebs/2configs/buildbot-krebs.nix
@@ -6,13 +6,8 @@
networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
krebs.ci.enable = true;
- krebs.ci.users.krebs ={
- all = true;
- hosts = [
- "test-arch"
- "test-centos6"
- "test-centos7"
- "test-all-krebs-modules"
- ];
- };
+ krebs.ci.treeStableTimer = 120;
+ krebs.ci.users.krebs.hosts = [
+ config.networking.hostName
+ ];
}
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index 6e4db6edd..71e7d4aeb 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -8,12 +8,17 @@ in
{
options.krebs.ci = {
enable = mkEnableOption "krebs continous integration";
+ treeStableTimer = mkOption {
+ type = types.int;
+ default = 10;
+ description = "how long to wait until we test changes (in minutes)";
+ };
users = mkOption {
type = with types; attrsOf (submodule {
options = {
all = mkOption {
type = bool;
- default = true;
+ default = false;
};
hosts = mkOption {
type = listOf str;
@@ -48,9 +53,6 @@ in
};
};
- nix.gc.automatic = true;
- nix.gc.dates = "05:23";
-
krebs.buildbot.master = {
slaves = {
testslave = "lasspass";
@@ -72,7 +74,7 @@ in
sched.append(
schedulers.SingleBranchScheduler(
change_filter=util.ChangeFilter(branch_re=".*"),
- treeStableTimer=10,
+ treeStableTimer=${toString cfg.treeStableTimer}*60,
name="build-all-branches",
builderNames=[
"build-hosts"
@@ -122,7 +124,8 @@ in
"--force-populate",
"--target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user),
])
- ]
+ ],
+ timeout=90001
)
${let
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index f0722e9ba..27009981b 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -301,6 +301,32 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g";
};
+ skynet = {
+ cores = 2;
+ nets = rec {
+ retiolum = {
+ ip4.addr = "10.243.133.116";
+ ip6.addr = "42:0:0:0:0:0:0:1101";
+ aliases = [
+ "skynet.r"
+ "cgit.skynet.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEArNpBoTs7MoaZq2edGJLYUjmoLa5ZtXhOFBHjS1KtQ3hMtWkcqpYX
+ Ic457utOSGxTE+90yXXez2DD9llJMMyd+O06lHJ7CxtbJGBNr3jwoUZVCdBuuo5B
+ p9XfhXU9l9fUsbc1+a/cDjPBhQv8Uqmc6tOX+52H1aqZsa4W50c9Dv5vjsHgxCB0
+ yiUd2MrKptCQTdmMM9Mf0XWKPPOuwpHpxaomlrpUz07LisFVGGHCflOvj5PAy8Da
+ NC+AfNgR/76yfuYWcv4NPo9acjD9AIftS2c0tD3szyHBCGaYK/atKzIoBbFbOtMb
+ mwG3B0X3UdphkqGDGsvT+66Kcv2jnKwL0wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t";
+ };
iso = {
cores = 1;
managed = false;
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 6e5f522dc..60827d589 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -9,6 +9,7 @@ with import <stockholm/lib>;
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.tv) {
alnus = {
cores = 2;
+ managed = true;
nets = {
retiolum = {
ip4.addr = "10.243.21.1";
@@ -31,47 +32,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_rsa>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q==";
};
- caxi = {
- cores = 2;
- extraZones = {
- "krebsco.de" = ''
- caxi 60 IN A ${config.krebs.hosts.caxi.nets.internet.ip4.addr}
- '';
- };
- nets = {
- internet = {
- ip4 = {
- addr = "104.233.124.70";
- prefix = "104.233.124.0/24";
- };
- aliases = [
- "caxi.i"
- "caxi.krebsco.de"
- ];
- ssh.port = 11423;
- };
- retiolum = {
- via = config.krebs.hosts.caxi.nets.internet;
- ip4.addr = "10.243.113.226";
- ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af6";
- aliases = [
- "caxi.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAxNh1xhvCFzjUOmBq+F6NjUdntKh/7qo7LrsXjPVn92r1hGTVHJO1
- E+XP5dabZ/mFWySY8GvG7XlZ27wsjkvHEyb16IhOqYrnaONf9LifAWQ3qBlHtp1T
- eZeP6wcXLhR/pOPy0pT6EABmDHbOzErjYv4pdrXHuxlM10Ljtpp3mClNeXY9eby+
- HekEE8LY8/zWqJ90lMaxPhLh1VqEvTVTnem5e1F8HDzNvRWa0kWUYG33zPQMyKgR
- BCvp1DR7Y2LwDmGKnhzBm4JTcP+fcs+z/eGie/CEIgFM0BFJaTBAYZOtUlhBSe0y
- UYE2W9CJkPN2Uepf53nPnshjKC64fgTr7wIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdJ4xGi+qn4IfMZJ3Kv7AGZGbhlR+GrkD87z2tcyRZy";
- };
cd = {
cores = 2;
extraZones = {
@@ -80,6 +40,7 @@ with import <stockholm/lib>;
cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
'';
};
+ managed = true;
nets = {
internet = {
ip4.addr = "45.62.237.203";
@@ -182,6 +143,7 @@ with import <stockholm/lib>;
};
mu = {
cores = 2;
+ managed = true;
nets = {
retiolum = {
ip4.addr = "10.243.20.1";
@@ -251,6 +213,7 @@ with import <stockholm/lib>;
};
nomic = {
cores = 2;
+ managed = true;
nets = {
gg23 = {
ip4.addr = "10.23.1.110";
@@ -306,6 +269,7 @@ with import <stockholm/lib>;
};
wu = {
cores = 4;
+ managed = true;
nets = {
gg23 = {
ip4.addr = "10.23.1.37";
@@ -343,6 +307,7 @@ with import <stockholm/lib>;
pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s=";
};
cores = 4;
+ managed = true;
nets = {
gg23 = {
ip4.addr = "10.23.1.38";
@@ -377,6 +342,7 @@ with import <stockholm/lib>;
};
zu = {
cores = 4;
+ managed = true;
nets = {
gg23 = {
ip4.addr = "10.23.1.39";
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index 39e89a4b6..af4cbb3ba 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -15,11 +15,6 @@ foldl' mergeAttrs {}
{
ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {};
- buildbot-full = self.callPackage ./simple/buildbot {
- plugins = with self.buildbot-plugins; [ www console-view waterfall-view ];
- };
- buildbot-worker = self.callPackage ./simple/buildbot/worker.nix {};
-
# https://github.com/proot-me/PRoot/issues/106
proot = self.writeDashBin "proot" ''
export PROOT_NO_SECCOMP=1
diff --git a/krebs/source.nix b/krebs/source.nix
index 1995d2b36..db30e1e35 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -14,6 +14,6 @@ in
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "72c9ed78d0b1d9d5f531805ddf5bf06bfd447614"; # nixos-17.03 @ 2017-06-17
+ ref = "0590ecbe9e6b9a076065be29370701da758c61f1"; # nixos-17.03 @ 2017-07-30
};
}
diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix
index 4431a702c..0b048a2b1 100644
--- a/lass/1systems/iso.nix
+++ b/lass/1systems/iso.nix
@@ -88,6 +88,7 @@ with import <stockholm/lib>;
aria2
#neat utils
+ hashPassword
krebspaste
pciutils
pop
diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
new file mode 100644
index 000000000..a48df02b9
--- /dev/null
+++ b/lass/1systems/skynet/config.nix
@@ -0,0 +1,59 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ imports = [
+ <stockholm/lass>
+ <stockholm/lass/2configs/hw/x220.nix>
+ <stockholm/lass/2configs/boot/stock-x220.nix>
+
+ <stockholm/lass/2configs/retiolum.nix>
+ #<stockholm/lass/2configs/exim-retiolum.nix>
+ <stockholm/lass/2configs/fetchWallpaper.nix>
+ <stockholm/lass/2configs/backups.nix>
+ {
+ # discordius config
+ services.xserver.enable = true;
+ users.users.discordius = {
+ uid = genid "discordius";
+ home = "/home/discordius";
+ group = "users";
+ createHome = true;
+ extraGroups = [
+ "audio"
+ "networkmanager"
+ ];
+ useDefaultShell = true;
+ };
+ networking.networkmanager.enable = true;
+ networking.wireless.enable = mkForce false;
+ hardware.pulseaudio = {
+ enable = true;
+ systemWide = true;
+ };
+ environment.systemPackages = with pkgs; [
+ pavucontrol
+ firefox
+ hexchat
+ networkmanagerapplet
+ ];
+ services.xserver.desktopManager.gnome3 = {
+ enable = true;
+ };
+ }
+ ];
+
+ krebs.build.host = config.krebs.hosts.daedalus;
+
+ #fileSystems = {
+ # "/bku" = {
+ # device = "/dev/mapper/pool-bku";
+ # fsType = "btrfs";
+ # options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ # };
+ #};
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0"
+ '';
+}
diff --git a/lass/1systems/skynet/source.nix b/lass/1systems/skynet/source.nix
new file mode 100644
index 000000000..2aa627f5c
--- /dev/null
+++ b/lass/1systems/skynet/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/lass/source.nix> {
+ name = "skynet";
+ secure = true;
+}
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index fe3aa20bf..a43dfa215 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -36,6 +36,9 @@ with import <stockholm/lib>;
{ from = "shack@lassul.us"; to = lass.mail; }
{ from = "nix@lassul.us"; to = lass.mail; }
{ from = "c-base@lassul.us"; to = lass.mail; }
+ { from = "paypal@lassul.us"; to = lass.mail; }
+ { from = "patreon@lassul.us"; to = lass.mail; }
+ { from = "steam@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index 9f5e3d523..fe82fea59 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -65,8 +65,15 @@ let
''} %r |"
virtual-mailboxes \
- "INBOX" "notmuch://?query=tag:inbox and NOT tag:killed"\
+ "INBOX" "notmuch://?query=tag:inbox \
+ and NOT tag:killed \
+ and NOT to:shackspace \
+ and NOT to:c-base \
+ and NOT to:nix-devel"\
"Unread" "notmuch://?query=tag:unread"\
+ "shack" "notmuch://?query=to:shackspace"\
+ "c-base" "notmuch://?query=to:c-base"\
+ "nix" "notmuch://?query=to:nix-devel"\
"TODO" "notmuch://?query=tag:TODO"\
"Starred" "notmuch://?query=tag:*"\
"Archive" "notmuch://?query=tag:archive"\
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 3e1ad6638..b0e5375c7 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -125,6 +125,7 @@ in {
{ from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
{ from = "dma@ubikmedia.de"; to = "domsen"; }
{ from = "dma@ubikmedia.eu"; to = "domsen"; }
+ { from = "bruno@apanowicz.de"; to = "bruno"; }
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
{ from = "jms@ubikmedia.eu"; to = "jms"; }
{ from = "ms@ubikmedia.eu"; to = "ms"; }
@@ -151,6 +152,13 @@ in {
createHome = true;
};
+ users.users.bruno = {
+ uid = genid_signed "bruno";
+ home = "/home/bruno";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
users.users.jla-trading = {
uid = genid_signed "jla-trading";
home = "/home/jla-trading";
diff --git a/lass/source.nix b/lass/source.nix
index 63adbd95c..1d64e3059 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -19,6 +19,6 @@ in
# 87a4615 & 334ac4f
# + acme permissions for groups
# fd7a8f1
- ref = "d486531";
+ ref = "a732dcf";
};
}
diff --git a/tv/1systems/cd/config.nix b/tv/1systems/cd/config.nix
index f78bcafeb..341a62e45 100644
--- a/tv/1systems/cd/config.nix
+++ b/tv/1systems/cd/config.nix
@@ -1,8 +1,9 @@
-{ config, lib, pkgs, ... }:
-
with import <stockholm/lib>;
+{ config, pkgs, ... }: let
+
+ bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1";
-{
+in {
krebs.build.host = config.krebs.hosts.cd;
imports = [
@@ -13,14 +14,14 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/retiolum.nix>
];
- networking = {
+ networking = let
+ address = config.krebs.build.host.nets.internet.ip4.addr;
+ in {
+ defaultGateway = bestGuessGateway address;
interfaces.enp2s1.ip4 = singleton {
- address = let
- addr = "45.62.237.203";
- in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr;
+ inherit address;
prefixLength = 24;
};
- defaultGateway = "45.62.237.1";
nameservers = ["8.8.8.8"];
};