diff options
-rw-r--r-- | krebs/1systems/hotdog/config.nix | 5 | ||||
-rw-r--r-- | krebs/1systems/puyak/config.nix | 1 | ||||
-rw-r--r-- | krebs/1systems/wolf/config.nix | 3 | ||||
-rw-r--r-- | krebs/2configs/binary-cache/prism.nix | 12 | ||||
-rw-r--r-- | krebs/2configs/buildbot-all.nix | 7 | ||||
-rw-r--r-- | krebs/2configs/buildbot-krebs.nix | 13 | ||||
-rw-r--r-- | krebs/3modules/ci.nix | 15 | ||||
-rw-r--r-- | krebs/3modules/lass/default.nix | 26 | ||||
-rw-r--r-- | krebs/3modules/tv/default.nix | 48 | ||||
-rw-r--r-- | krebs/5pkgs/default.nix | 5 | ||||
-rw-r--r-- | krebs/source.nix | 2 | ||||
-rw-r--r-- | lass/1systems/iso.nix | 1 | ||||
-rw-r--r-- | lass/1systems/skynet/config.nix | 59 | ||||
-rw-r--r-- | lass/1systems/skynet/source.nix | 4 | ||||
-rw-r--r-- | lass/2configs/exim-smarthost.nix | 3 | ||||
-rw-r--r-- | lass/2configs/mail.nix | 9 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 8 | ||||
-rw-r--r-- | lass/source.nix | 2 | ||||
-rw-r--r-- | tv/1systems/cd/config.nix | 17 |
19 files changed, 165 insertions, 75 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index c056b4eaf..3eb7b9aa1 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -16,4 +16,9 @@ boot.isContainer = true; networking.useDHCP = false; + krebs.repo-sync.repos.stockholm.timerConfig = { + OnBootSec = "5min"; + OnUnitInactiveSec = "2min"; + RandomizedDelaySec = "2min"; + }; } diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index a1df11901..deede4493 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -9,6 +9,7 @@ <stockholm/krebs/2configs/buildbot-krebs.nix> <stockholm/krebs/2configs/stats/puyak-client.nix> + <stockholm/krebs/2configs/binary-cache/prism.nix> ]; krebs.build.host = config.krebs.hosts.puyak; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index a0113fce8..ec9c78db5 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -13,6 +13,7 @@ in <stockholm/krebs/2configs/graphite.nix> <stockholm/krebs/2configs/buildbot-krebs.nix> + <stockholm/krebs/2configs/binary-cache/prism.nix> <stockholm/krebs/2configs/shack/worlddomination.nix> <stockholm/krebs/2configs/shack/drivedroid.nix> @@ -44,11 +45,9 @@ in nix = { # use the up to date prism cache binaryCaches = [ - "http://cache.prism.r" "https://cache.nixos.org/" ]; binaryCachePublicKeys = [ - "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]; }; diff --git a/krebs/2configs/binary-cache/prism.nix b/krebs/2configs/binary-cache/prism.nix new file mode 100644 index 000000000..4813eeb0f --- /dev/null +++ b/krebs/2configs/binary-cache/prism.nix @@ -0,0 +1,12 @@ +{ config, ... }: + +{ + nix = { + binaryCaches = [ + "http://cache.prism.r" + ]; + binaryCachePublicKeys = [ + "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + ]; + }; +} diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix index fe982c870..acd806d6e 100644 --- a/krebs/2configs/buildbot-all.nix +++ b/krebs/2configs/buildbot-all.nix @@ -1,8 +1,13 @@ { lib, config, pkgs, ... }: { imports = [ - <stockholm/krebs/2configs/buildbot-krebs.nix> + <stockholm/krebs/2configs/repo-sync.nix> ]; + + networking.firewall.allowedTCPPorts = [ 80 8010 9989 ]; + krebs.ci.enable = true; + krebs.ci.treeStableTimer = 1; + krebs.ci.users.krebs.all = true; krebs.ci.users.lass.all = true; krebs.ci.users.makefu.all = true; krebs.ci.users.nin.all = true; diff --git a/krebs/2configs/buildbot-krebs.nix b/krebs/2configs/buildbot-krebs.nix index 7f243b506..40ca3c66d 100644 --- a/krebs/2configs/buildbot-krebs.nix +++ b/krebs/2configs/buildbot-krebs.nix @@ -6,13 +6,8 @@ networking.firewall.allowedTCPPorts = [ 80 8010 9989 ]; krebs.ci.enable = true; - krebs.ci.users.krebs ={ - all = true; - hosts = [ - "test-arch" - "test-centos6" - "test-centos7" - "test-all-krebs-modules" - ]; - }; + krebs.ci.treeStableTimer = 120; + krebs.ci.users.krebs.hosts = [ + config.networking.hostName + ]; } diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 6e4db6edd..71e7d4aeb 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -8,12 +8,17 @@ in { options.krebs.ci = { enable = mkEnableOption "krebs continous integration"; + treeStableTimer = mkOption { + type = types.int; + default = 10; + description = "how long to wait until we test changes (in minutes)"; + }; users = mkOption { type = with types; attrsOf (submodule { options = { all = mkOption { type = bool; - default = true; + default = false; }; hosts = mkOption { type = listOf str; @@ -48,9 +53,6 @@ in }; }; - nix.gc.automatic = true; - nix.gc.dates = "05:23"; - krebs.buildbot.master = { slaves = { testslave = "lasspass"; @@ -72,7 +74,7 @@ in sched.append( schedulers.SingleBranchScheduler( change_filter=util.ChangeFilter(branch_re=".*"), - treeStableTimer=10, + treeStableTimer=${toString cfg.treeStableTimer}*60, name="build-all-branches", builderNames=[ "build-hosts" @@ -122,7 +124,8 @@ in "--force-populate", "--target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user), ]) - ] + ], + timeout=90001 ) ${let diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index f0722e9ba..27009981b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -301,6 +301,32 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g"; }; + skynet = { + cores = 2; + nets = rec { + retiolum = { + ip4.addr = "10.243.133.116"; + ip6.addr = "42:0:0:0:0:0:0:1101"; + aliases = [ + "skynet.r" + "cgit.skynet.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEArNpBoTs7MoaZq2edGJLYUjmoLa5ZtXhOFBHjS1KtQ3hMtWkcqpYX + Ic457utOSGxTE+90yXXez2DD9llJMMyd+O06lHJ7CxtbJGBNr3jwoUZVCdBuuo5B + p9XfhXU9l9fUsbc1+a/cDjPBhQv8Uqmc6tOX+52H1aqZsa4W50c9Dv5vjsHgxCB0 + yiUd2MrKptCQTdmMM9Mf0XWKPPOuwpHpxaomlrpUz07LisFVGGHCflOvj5PAy8Da + NC+AfNgR/76yfuYWcv4NPo9acjD9AIftS2c0tD3szyHBCGaYK/atKzIoBbFbOtMb + mwG3B0X3UdphkqGDGsvT+66Kcv2jnKwL0wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t"; + }; iso = { cores = 1; managed = false; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 6e5f522dc..60827d589 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -9,6 +9,7 @@ with import <stockholm/lib>; hosts = mapAttrs (_: setAttr "owner" config.krebs.users.tv) { alnus = { cores = 2; + managed = true; nets = { retiolum = { ip4.addr = "10.243.21.1"; @@ -31,47 +32,6 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_rsa>; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; }; - caxi = { - cores = 2; - extraZones = { - "krebsco.de" = '' - caxi 60 IN A ${config.krebs.hosts.caxi.nets.internet.ip4.addr} - ''; - }; - nets = { - internet = { - ip4 = { - addr = "104.233.124.70"; - prefix = "104.233.124.0/24"; - }; - aliases = [ - "caxi.i" - "caxi.krebsco.de" - ]; - ssh.port = 11423; - }; - retiolum = { - via = config.krebs.hosts.caxi.nets.internet; - ip4.addr = "10.243.113.226"; - ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af6"; - aliases = [ - "caxi.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAxNh1xhvCFzjUOmBq+F6NjUdntKh/7qo7LrsXjPVn92r1hGTVHJO1 - E+XP5dabZ/mFWySY8GvG7XlZ27wsjkvHEyb16IhOqYrnaONf9LifAWQ3qBlHtp1T - eZeP6wcXLhR/pOPy0pT6EABmDHbOzErjYv4pdrXHuxlM10Ljtpp3mClNeXY9eby+ - HekEE8LY8/zWqJ90lMaxPhLh1VqEvTVTnem5e1F8HDzNvRWa0kWUYG33zPQMyKgR - BCvp1DR7Y2LwDmGKnhzBm4JTcP+fcs+z/eGie/CEIgFM0BFJaTBAYZOtUlhBSe0y - UYE2W9CJkPN2Uepf53nPnshjKC64fgTr7wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdJ4xGi+qn4IfMZJ3Kv7AGZGbhlR+GrkD87z2tcyRZy"; - }; cd = { cores = 2; extraZones = { @@ -80,6 +40,7 @@ with import <stockholm/lib>; cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} ''; }; + managed = true; nets = { internet = { ip4.addr = "45.62.237.203"; @@ -182,6 +143,7 @@ with import <stockholm/lib>; }; mu = { cores = 2; + managed = true; nets = { retiolum = { ip4.addr = "10.243.20.1"; @@ -251,6 +213,7 @@ with import <stockholm/lib>; }; nomic = { cores = 2; + managed = true; nets = { gg23 = { ip4.addr = "10.23.1.110"; @@ -306,6 +269,7 @@ with import <stockholm/lib>; }; wu = { cores = 4; + managed = true; nets = { gg23 = { ip4.addr = "10.23.1.37"; @@ -343,6 +307,7 @@ with import <stockholm/lib>; pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s="; }; cores = 4; + managed = true; nets = { gg23 = { ip4.addr = "10.23.1.38"; @@ -377,6 +342,7 @@ with import <stockholm/lib>; }; zu = { cores = 4; + managed = true; nets = { gg23 = { ip4.addr = "10.23.1.39"; diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 39e89a4b6..af4cbb3ba 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -15,11 +15,6 @@ foldl' mergeAttrs {} { ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {}; - buildbot-full = self.callPackage ./simple/buildbot { - plugins = with self.buildbot-plugins; [ www console-view waterfall-view ]; - }; - buildbot-worker = self.callPackage ./simple/buildbot/worker.nix {}; - # https://github.com/proot-me/PRoot/issues/106 proot = self.writeDashBin "proot" '' export PROOT_NO_SECCOMP=1 diff --git a/krebs/source.nix b/krebs/source.nix index 1995d2b36..db30e1e35 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString <stockholm>; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "72c9ed78d0b1d9d5f531805ddf5bf06bfd447614"; # nixos-17.03 @ 2017-06-17 + ref = "0590ecbe9e6b9a076065be29370701da758c61f1"; # nixos-17.03 @ 2017-07-30 }; } diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index 4431a702c..0b048a2b1 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -88,6 +88,7 @@ with import <stockholm/lib>; aria2 #neat utils + hashPassword krebspaste pciutils pop diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix new file mode 100644 index 000000000..a48df02b9 --- /dev/null +++ b/lass/1systems/skynet/config.nix @@ -0,0 +1,59 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/hw/x220.nix> + <stockholm/lass/2configs/boot/stock-x220.nix> + + <stockholm/lass/2configs/retiolum.nix> + #<stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + <stockholm/lass/2configs/backups.nix> + { + # discordius config + services.xserver.enable = true; + users.users.discordius = { + uid = genid "discordius"; + home = "/home/discordius"; + group = "users"; + createHome = true; + extraGroups = [ + "audio" + "networkmanager" + ]; + useDefaultShell = true; + }; + networking.networkmanager.enable = true; + networking.wireless.enable = mkForce false; + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + environment.systemPackages = with pkgs; [ + pavucontrol + firefox + hexchat + networkmanagerapplet + ]; + services.xserver.desktopManager.gnome3 = { + enable = true; + }; + } + ]; + + krebs.build.host = config.krebs.hosts.daedalus; + + #fileSystems = { + # "/bku" = { + # device = "/dev/mapper/pool-bku"; + # fsType = "btrfs"; + # options = ["defaults" "noatime" "ssd" "compress=lzo"]; + # }; + #}; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0" + ''; +} diff --git a/lass/1systems/skynet/source.nix b/lass/1systems/skynet/source.nix new file mode 100644 index 000000000..2aa627f5c --- /dev/null +++ b/lass/1systems/skynet/source.nix @@ -0,0 +1,4 @@ +import <stockholm/lass/source.nix> { + name = "skynet"; + secure = true; +} diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index fe3aa20bf..a43dfa215 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -36,6 +36,9 @@ with import <stockholm/lib>; { from = "shack@lassul.us"; to = lass.mail; } { from = "nix@lassul.us"; to = lass.mail; } { from = "c-base@lassul.us"; to = lass.mail; } + { from = "paypal@lassul.us"; to = lass.mail; } + { from = "patreon@lassul.us"; to = lass.mail; } + { from = "steam@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 9f5e3d523..fe82fea59 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -65,8 +65,15 @@ let ''} %r |" virtual-mailboxes \ - "INBOX" "notmuch://?query=tag:inbox and NOT tag:killed"\ + "INBOX" "notmuch://?query=tag:inbox \ + and NOT tag:killed \ + and NOT to:shackspace \ + and NOT to:c-base \ + and NOT to:nix-devel"\ "Unread" "notmuch://?query=tag:unread"\ + "shack" "notmuch://?query=to:shackspace"\ + "c-base" "notmuch://?query=to:c-base"\ + "nix" "notmuch://?query=to:nix-devel"\ "TODO" "notmuch://?query=tag:TODO"\ "Starred" "notmuch://?query=tag:*"\ "Archive" "notmuch://?query=tag:archive"\ diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 3e1ad6638..b0e5375c7 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -125,6 +125,7 @@ in { { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; } { from = "dma@ubikmedia.de"; to = "domsen"; } { from = "dma@ubikmedia.eu"; to = "domsen"; } + { from = "bruno@apanowicz.de"; to = "bruno"; } { from = "mail@jla-trading.com"; to = "jla-trading"; } { from = "jms@ubikmedia.eu"; to = "jms"; } { from = "ms@ubikmedia.eu"; to = "ms"; } @@ -151,6 +152,13 @@ in { createHome = true; }; + users.users.bruno = { + uid = genid_signed "bruno"; + home = "/home/bruno"; + useDefaultShell = true; + createHome = true; + }; + users.users.jla-trading = { uid = genid_signed "jla-trading"; home = "/home/jla-trading"; diff --git a/lass/source.nix b/lass/source.nix index 63adbd95c..1d64e3059 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -19,6 +19,6 @@ in # 87a4615 & 334ac4f # + acme permissions for groups # fd7a8f1 - ref = "d486531"; + ref = "a732dcf"; }; } diff --git a/tv/1systems/cd/config.nix b/tv/1systems/cd/config.nix index f78bcafeb..341a62e45 100644 --- a/tv/1systems/cd/config.nix +++ b/tv/1systems/cd/config.nix @@ -1,8 +1,9 @@ -{ config, lib, pkgs, ... }: - with import <stockholm/lib>; +{ config, pkgs, ... }: let + + bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1"; -{ +in { krebs.build.host = config.krebs.hosts.cd; imports = [ @@ -13,14 +14,14 @@ with import <stockholm/lib>; <stockholm/tv/2configs/retiolum.nix> ]; - networking = { + networking = let + address = config.krebs.build.host.nets.internet.ip4.addr; + in { + defaultGateway = bestGuessGateway address; interfaces.enp2s1.ip4 = singleton { - address = let - addr = "45.62.237.203"; - in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr; + inherit address; prefixLength = 24; }; - defaultGateway = "45.62.237.1"; nameservers = ["8.8.8.8"]; }; |