diff options
| -rw-r--r-- | krebs/3modules/backup.nix | 3 | ||||
| -rw-r--r-- | krebs/3modules/git.nix | 41 | ||||
| -rw-r--r-- | krebs/3modules/lass/default.nix | 32 | ||||
| -rw-r--r-- | krebs/3modules/lass/ssh/icarus.rsa | 1 | ||||
| -rw-r--r-- | lass/1systems/helios.nix | 1 | ||||
| -rw-r--r-- | lass/1systems/icarus.nix | 59 | ||||
| -rw-r--r-- | lass/1systems/mors.nix | 18 | ||||
| -rw-r--r-- | lass/1systems/prism.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/buildbot-standalone.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/default.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/git.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/power-action.nix | 4 | ||||
| -rw-r--r-- | lass/2configs/weechat.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/zsh.nix | 1 | ||||
| -rw-r--r-- | tv/1systems/xu-qemu0.nix | 28 | ||||
| -rw-r--r-- | tv/2configs/binary-cache/default.nix | 10 | ||||
| -rw-r--r-- | tv/2configs/default.nix | 2 | ||||
| -rw-r--r-- | tv/2configs/nginx/default.nix | 23 | ||||
| -rw-r--r-- | tv/2configs/nginx/public_html.nix | 16 | ||||
| -rw-r--r-- | tv/2configs/xu-qemu0.nix | 250 | ||||
| -rw-r--r-- | tv/5pkgs/netcup/default.nix | 4 |
21 files changed, 171 insertions, 329 deletions
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 96b283002..bfb0ab591 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -137,6 +137,9 @@ let echo >&2 "update snapshot current; $rsync_dst <- $rsync_src" ''; }} + # In `dst-rsync`'s `mkdir m 0700 -p` above, we care only about permission + # of the deepest directory: + # shellcheck disable=SC2174 ${local.rsync} >&2 \ -aAXF --delete \ --rsh=${shell.escape ssh} \ diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 20907a3ed..164831846 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -400,29 +400,24 @@ let chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root} ''; - krebs.nginx = { - enable = true; - servers.cgit = { - server-names = [ - "cgit.${config.networking.hostName}" - "cgit.${config.networking.hostName}.r" - "cgit.${config.networking.hostName}.retiolum" - ]; - locations = [ - (nameValuePair "/" '' - include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; - '') - (nameValuePair "/static/" '' - root ${pkgs.cgit}/cgit; - rewrite ^/static(/.*)$ $1 break; - '') - ]; - }; + services.nginx.virtualHosts.cgit = { + serverAliases = [ + "cgit.${config.networking.hostName}" + "cgit.${config.networking.hostName}.r" + "cgit.${config.networking.hostName}.retiolum" + ]; + locations."/".extraConfig = '' + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + ''; + locations."/static/".extraConfig = '' + root ${pkgs.cgit}/cgit; + rewrite ^/static(/.*)$ $1 break; + ''; }; }; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 5af1e37cd..2d1819dee 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -202,6 +202,7 @@ with import <stockholm/lib>; "mors.retiolum" "mors.r" "cgit.mors.retiolum" + "cgit.mors.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -273,6 +274,33 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C"; }; + icarus = { + cores = 2; + nets = rec { + retiolum = { + ip4.addr = "10.243.133.114"; + ip6.addr = "42:0000:0000:0000:0000:0000:d15f:1214"; + aliases = [ + "icarus.retiolum" + "icarus.r" + "cgit.icarus.retiolum" + "cgit.icarus.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAydCY+IWzF8DocCNzPiUM+xccbiDTWS/+r2le812+O4r+sUojXuzr + Q4CeN+pi2SZHEOiRm3jO8sOkGlv4I1WGs/nOu5Beb4/8wFH6wbm4cqXTqH/qFwCK + 7+9Bke8TUaoDj9E4ol9eyOx6u8Cto3ZRAUi6m1ilrfs1szFGS5ZX7mxI73uhki6t + k6Zb5sa9G8WLcLPIN7tk3Nd0kofd/smwxSN0mXoTgbAf1DZ3Fnkgox/M5VnwpPW7 + zLzbWNFyLIgDGbQ5vZBlJW7c4O0KrMlftvEQ80GeZXaKNt6UK7LSAQ4Njn+8sXTt + gl0Dx29bSPU3L8udj0Vu6ul7CiQ5bZzUCQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj"; + }; }; users = { @@ -294,6 +322,10 @@ with import <stockholm/lib>; pubkey = builtins.readFile ./ssh/shodan.rsa; pgp.pubkeys.default = builtins.readFile ./pgp/shodan.pgp; }; + lass-icarus = { + mail = "lass@icarus.retiolum"; + pubkey = builtins.readFile ./ssh/icarus.rsa; + }; fritz = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; }; diff --git a/krebs/3modules/lass/ssh/icarus.rsa b/krebs/3modules/lass/ssh/icarus.rsa new file mode 100644 index 000000000..da99fcfdf --- /dev/null +++ b/krebs/3modules/lass/ssh/icarus.rsa @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz97C5WVGXgKZ3I7FMvL4TyUv+0rsrSOGI7jj5uQaaHx0SSR0V4tnZtv2hXYrfnkaPHwu2PYUeeUdMBHfbZS6l2dmaXRI9f2WG7182G3IUskMktpi84DMyh0kwK2pWmHoS+Kwo//q+lu4WXIRy4X5wVMVpPT1Oc7boDtqJt4rK8uZkuVmVzGi+5SFaBxspCsdZsX/uDWOeC4/U2l+2Pd4YYl8UdmgN3bJceKTwqKIcbK7AL91My0jrnRSU6XLuED0hcVKzjkjc6bcj1R+Mlch9cflsMQV8TfT6p7VGGvUOtVwhG1+CjraHfilzFn76wINClsQXF/ncKrGabTEWO3zTi12ukAzL2/B0IB0q61tror9uYqeI74WgLjwhnuF98hUL7hnqgV3KB1ytpt6yzXqf1Uz784z9dh0n9r0fLTkeTDbJ4uOz1XzpmAMRwuo0o7/Op7rRBLHohu2Tp6AV8sISKJN5hDGe0wD6861pH9ZrRBiUux6uylzfWp2qrZmERnk0brBl+oDQNhKs3Z0CZmLG4DZWMc5pxpQ5751/8bb6nEorg2ulDZ/h+G3myC+9Zbc/owb/HHOGOBMEpyYYYMvYAfchu50e4xtHd+wMqzFxzjfcM7u6dTdyDEXi6+TFXKBEZyvaAhW2J27HKj4iK6Td2GyK59myPG6OtCnIbw9BPw== lass@icarus diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 4472816e3..298c9083d 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -30,6 +30,7 @@ with import <stockholm/lib>; networking.wireless.enable = true; hardware.pulseaudio = { enable = true; + systemWide = true; }; users.users.ferret = { uid = genid "ferret"; diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus.nix new file mode 100644 index 000000000..9a6654648 --- /dev/null +++ b/lass/1systems/icarus.nix @@ -0,0 +1,59 @@ +{ config, pkgs, ... }: + +with import <stockholm/lib>; +{ + imports = [ + ../. + ../2configs/retiolum.nix + ../2configs/hw/tp-x220.nix + ../2configs/baseX.nix + ../2configs/git.nix + ../2configs/exim-retiolum.nix + ../2configs/browsers.nix + ../2configs/programs.nix + ../2configs/fetchWallpaper.nix + ../2configs/backups.nix + #{ + # users.extraUsers = { + # root = { + # openssh.authorizedKeys.keys = map readFile [ + # ../../krebs/Zpubkeys/uriel.ssh.pub + # ]; + # }; + # }; + #} + ]; + + krebs.build.host = config.krebs.hosts.icarus; + + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + #kernelModules = [ "kvm-intel" "msr" ]; + }; + fileSystems = { + "/" = { + device = "/dev/pool/nix"; + fsType = "btrfs"; + }; + + "/boot" = { + device = "/dev/sda1"; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + ''; +} diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 594f342db..4553cc15b 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -68,11 +68,19 @@ with import <stockholm/lib>; { krebs.nginx = { enable = true; - servers.default.locations = [ - (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - '') - ]; + servers.default = { + server-names = [ + "localhost" + "${config.krebs.build.host.name}" + "${config.krebs.build.host.name}.r" + "${config.krebs.build.host.name}.retiolum" + ]; + locations = [ + (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' + alias /home/$1/public_html$2; + '') + ]; + }; }; } { diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 269f94526..6c11a2f62 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -230,6 +230,7 @@ in { } { virtualisation.libvirtd.enable = true; + users.users.mainUser.extraGroups = [ "libvirtd" ]; } ]; diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 72cd66420..7057d0c3d 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -102,7 +102,7 @@ in { ] ) - for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: + for i in [ "mors", "uriel", "shodan", "helios", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]: addShell(f,name="build-{}".format(i),env=env_lass, command=nixshell + \ ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 21a2ec038..900dd36b3 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -32,6 +32,7 @@ with import <stockholm/lib>; createHome = true; useDefaultShell = true; extraGroups = [ + "audio" "fuse" ]; openssh.authorizedKeys.keys = [ diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 57950e1b7..ded0922b8 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -75,7 +75,7 @@ let with git // config.krebs.users; repo: singleton { - user = [ lass lass-uriel ]; + user = [ lass lass-shodan ]; repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix index c83dc80dc..f22bf451a 100644 --- a/lass/2configs/power-action.nix +++ b/lass/2configs/power-action.nix @@ -14,8 +14,8 @@ in { krebs.power-action = { enable = true; plans.low-battery = { - upperLimit = 30; - lowerLimit = 25; + upperLimit = 10; + lowerLimit = 15; charging = false; action = pkgs.writeDash "warn-low-battery" '' ${speak "power level low"} diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index ae07b9a2e..1e5f2d177 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -16,6 +16,7 @@ in { openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey config.krebs.users.lass-shodan.pubkey + config.krebs.users.lass-icarus.pubkey ]; }; diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index aa159be07..442a1d4d9 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -118,4 +118,5 @@ fi ''; }; + users.users.${config.krebs.build.user.name}.shell = "/run/current-system/sw/bin/zsh"; } diff --git a/tv/1systems/xu-qemu0.nix b/tv/1systems/xu-qemu0.nix deleted file mode 100644 index 8945c1907..000000000 --- a/tv/1systems/xu-qemu0.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - krebs.hosts.xu-qemu0 = { - cores = 1; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - # cannot define ssh.pubkey without at least one addr or alias - #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFe51rD0ZqlMXNi/YpapnRzvdzCjI0icmxfCyBLSKG04"; - }; - krebs.build.host = config.krebs.hosts.xu-qemu0; - - imports = [ - ../. - <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - ]; - - boot.loader.grub.device = "/dev/sda"; - - fileSystems = { - "/boot" = { - device = "/dev/sda1"; - }; - "/" = { - device = "/dev/sda2"; - fsType = "btrfs"; - }; - }; -} diff --git a/tv/2configs/binary-cache/default.nix b/tv/2configs/binary-cache/default.nix index 5902f1895..39c944b1a 100644 --- a/tv/2configs/binary-cache/default.nix +++ b/tv/2configs/binary-cache/default.nix @@ -19,15 +19,15 @@ source-path = toString <secrets> + "/nix-serve.key"; }; - krebs.nginx = { + services.nginx = { enable = true; - servers.nix-serve = { - server-names = [ + virtualHosts.nix-serve = { + serverAliases = [ "cache.${config.krebs.build.host.name}.gg23" ]; - locations = singleton (nameValuePair "/" '' + locations."/".extraConfig = '' proxy_pass http://localhost:${toString config.services.nix-serve.port}; - ''); + ''; }; }; } diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index ea97b1957..dc26a6c6f 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import <stockholm/lib>; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "81428dd022c26764e9066d381ece90b1e88bd0d2"; + ref = "5d03aab044970e72a9c6cb07dab734c9c2a391e4"; }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; diff --git a/tv/2configs/nginx/default.nix b/tv/2configs/nginx/default.nix index 39995c052..b0acb9435 100644 --- a/tv/2configs/nginx/default.nix +++ b/tv/2configs/nginx/default.nix @@ -3,15 +3,26 @@ with import <stockholm/lib>; { - krebs.nginx = { - servers.default.locations = [ - (nameValuePair "= /etc/os-release" '' + services.nginx = { + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + + virtualHosts._http = { + default = true; + extraConfig = '' + return 404; + ''; + }; + + virtualHosts.default = { + locations."= /etc/os-release".extraConfig = '' default_type text/plain; alias /etc/os-release; - '') - ]; + ''; + }; }; - tv.iptables = optionalAttrs config.krebs.nginx.enable { + tv.iptables = { input-retiolum-accept-tcp = singleton "http"; }; } diff --git a/tv/2configs/nginx/public_html.nix b/tv/2configs/nginx/public_html.nix index e0bbb8d57..9744da1e8 100644 --- a/tv/2configs/nginx/public_html.nix +++ b/tv/2configs/nginx/public_html.nix @@ -3,13 +3,19 @@ with import <stockholm/lib>; { - krebs.nginx = { + services.nginx = { enable = true; - servers.default.locations = [ - (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' + virtualHosts.default = { + serverAliases = [ + "localhost" + "${config.krebs.build.host.name}" + "${config.krebs.build.host.name}.r" + "${config.krebs.build.host.name}.retiolum" + ]; + locations."~ ^/~(.+?)(/.*)?\$".extraConfig = '' alias /home/$1/public_html$2; - '') - ]; + ''; + }; }; tv.iptables.input-internet-accept-tcp = singleton "http"; } diff --git a/tv/2configs/xu-qemu0.nix b/tv/2configs/xu-qemu0.nix deleted file mode 100644 index 355a36650..000000000 --- a/tv/2configs/xu-qemu0.nix +++ /dev/null @@ -1,250 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - # XXX cannot use config.build.host.name here because infinite recursion when - # defining krebs.hosts.${host-name}.nets.retiolum.aliases below. - host-name = "xu"; -in - -# usage: -# echo set_password vnc correcthorze | xu-qemu0-monitor -# -# vncdo -s xu:1 type 'curl init.xu.r' key shift-\\ type sh key return -# -# http://vnc.xu/vnc_auto.html?port=5701&host=xu&password=correcthorze -# -# make [install] system=xu-qemu0 target_host=10.56.0.101 - -with import <stockholm/lib>; - -{ - networking.dhcpcd.denyInterfaces = [ "qemubr0" ]; - - tv.iptables.extra = { - nat.POSTROUTING = ["-j MASQUERADE"]; - filter.FORWARD = [ - "-m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT" - "-i qemubr0 -s 10.56.0.1/24 -m conntrack --ctstate NEW -j ACCEPT" - ]; - filter.INPUT = [ - "-i qemubr0 -p udp -m udp --dport bootps -j ACCEPT" - "-i qemubr0 -p udp -m udp --dport domain -j ACCEPT" - ]; - }; - - systemd.network.enable = true; - systemd.services.systemd-networkd-wait-online.enable = false; - - services.resolved.enable = mkForce false; - - boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - - systemd.network.networks.qemubr0 = { - matchConfig.Name = "qemubr0"; - address = ["10.56.0.1/24"]; - routes = [{ - routeConfig = { - Gateway = "*"; - Destination = "10.56.0.0"; - }; - }]; - }; - systemd.network.netdevs.qemubr0 = { - netdevConfig = { - Name = "qemubr0"; - Kind = "bridge"; - }; - }; - - users.groups.qemu-users.gid = genid "qemu-users"; - - environment.etc."qemu/bridge.conf".text = '' - allow qemubr0 - ''; - - krebs.per-user.tv.packages = [ - ]; - - users.users.xu-qemu0 = { - createHome = true; - group = "qemu-users"; - home = "/home/xu-qemu0"; - uid = genid "xu-qemu0"; - }; - - systemd.services.xu-qemu0 = let - in { - after = [ "network.target" "systemd-resolved.service" ]; - serviceConfig = { - User = "xu-qemu0"; - SyslogIdentifier = "xu-qemu0"; - ExecStart = pkgs.writeDash "xu-qemu0" '' - set -efu - ${pkgs.coreutils}/bin/mkdir -p "$HOME/tmp" - img=$HOME/tmp/xu-qemu0.raw - if ! test -e "$img"; then - ${pkgs.kvm}/bin/qemu-img create "$img" 10G - fi - exec ${pkgs.kvm}/bin/qemu-kvm \ - -monitor unix:$HOME/tmp/xu-qemu0-monitor.sock,server,nowait \ - -boot order=cd \ - -cdrom ${pkgs.fetchurl { - url = https://nixos.org/releases/nixos/15.09/nixos-15.09.1012.9fe0c23/nixos-minimal-15.09.1012.9fe0c23-x86_64-linux.iso; - sha256 = "18bc9wrsrjnhj9rya75xliqkl99gxbsk4dmwqivhvwfzb5qb5yp9"; - }} \ - -m 1024 \ - -netdev bridge,br=qemubr0,id=hn0,helper=/var/setuid-wrappers/qemu-bridge-helper \ - -net nic,netdev=hn0,id=nic1,macaddr=52:54:00:12:34:56 \ - -drive file="$img",format=raw \ - -display vnc=:1,websocket=5701,password,lossy \ - -name xu-qemu0 \ - ''; - }; - }; - - krebs.setuid.xu-qemu0-monitor = { - filename = pkgs.writeDash "xu-qemu0-monitor" '' - exec ${pkgs.socat}/bin/socat \ - stdio \ - UNIX-CONNECT:${config.users.users.xu-qemu0.home}/tmp/xu-qemu0-monitor.sock \ - ''; - owner = "xu-qemu0"; - group = "tv"; - }; - - krebs.setuid.qemu-bridge-helper = { - filename = "${pkgs.qemu}/libexec/qemu-bridge-helper"; - group = "qemu-users"; - }; - - users.users.qemu-dnsmasq.uid = genid "qemu-dnsmasq"; - - # TODO need custom etc/dbus-1/system.d/dnsmasq.conf for different BusName - services.dbus.packages = [ pkgs.dnsmasq ]; - - systemd.services.qemu-dnsmasq = let - # bind-interfaces - conf = pkgs.writeText "qemu-dnsmasq.conf" '' - listen-address=10.56.0.1 - interface=qemubr0 - dhcp-range=10.56.0.200,10.56.0.250 - dhcp-no-override - dhcp-leasefile=/tmp/qemu-dnsmasq.leases - domain=${host-name}.local - dhcp-host=52:54:00:12:34:56,xu-qemu0,10.56.0.101,1440m - ''; - in { - after = [ "network.target" "systemd-resolved.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "dbus"; - BusName = "uk.org.thekelleys.dnsmasq"; - # -1 --enable-dbus[=uk.org.thekelleys.dnsmasq] - SyslogIdentifier = "qemu-dnsmasq"; - ExecStart = "${pkgs.dnsmasq}/bin/dnsmasq -1k -u qemu-dnsmasq -C ${conf}"; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - PrivateTmp = "true"; - }; - restartTriggers = [ config.environment.etc.hosts.source ]; - }; - - - krebs.nginx.servers.init = { - server-names = [ - "init.${host-name}" - "init.${host-name}.r" - "init.${host-name}.retiolum" - ]; - extraConfig = '' - index init.txt; - root ${pkgs.writeTextFile { - name = "init-pages"; - text = '' - #! /bin/sh - set -efu - - dev=/dev/sda - pttype=dos # gpt - - case $pttype in - dos) - if ! test "$(blkid -o value -s PTTYPE "$dev")" = dos; then - parted -s "$dev" mklabel msdos - fi - if ! test "$(blkid -o value -s PARTLABEL "$dev"1)" = primary; then - parted -s "$dev" mkpart primary ext4 1MiB 513MiB - parted -s "$dev" set 1 boot on - fi - ;; - gpt) - if ! test "$(blkid -o value -s PTTYPE "$dev")" = gpt; then - parted -s "$dev" mklabel gpt - fi - if ! test "$(blkid -o value -s PARTLABEL "$dev"1)" = ESP; then - parted -s "$dev" mkpart ESP fat32 1MiB 513MiB - parted -s "$dev" set 1 boot on - fi - ;; - *) - echo "Error: bad pttype: $pttype" >&2 - exit -1 - esac - - if ! test "$(blkid -o value -s PARTLABEL "$dev"2)" = primary; then - parted -s "$dev" mkpart primary btrfs 513MiB 100% - fi - if ! test "$(blkid -o value -s TYPE "$dev"1)" = vfat; then - mkfs.vfat "$dev"1 - fi - if ! test "$(blkid -o value -s TYPE "$dev"2)" = btrfs; then - mkfs.btrfs "$dev"2 - fi - - parted "$dev" print - - if ! test "$(lsblk -n -o MOUNTPOINT "$dev"2)" = /mnt; then - mount "$dev"2 /mnt - fi - if ! test "$(lsblk -n -o MOUNTPOINT "$dev"1)" = /mnt/boot; then - mkdir -m 0000 -p /mnt/boot - mount "$dev"1 /mnt/boot - fi - - lsblk "$dev" - - key=${shell.escape config.krebs.users.tv-xu.pubkey} - - if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then - mkdir -p /root/.ssh - echo "$key" > /root/.ssh/authorized_keys - fi - systemctl start sshd - ip route - echo READY. - ''; - destination = "/init.txt"; - }}; - ''; - }; - - - krebs.hosts.${host-name}.nets.retiolum.aliases = [ - "init.${host-name}.r" - "init.${host-name}.retiolum" - "vnc.${host-name}.r" - "vnc.${host-name}.retiolum" - ]; - - krebs.nginx.servers.noVNC = { - server-names = [ - "vnc.${host-name}" - "vnc.${host-name}.r" - "vnc.${host-name}.retiolum" - ]; - #rewrite ^([^.]*)$ /vnc_auto.html?host=localhost&port=5701; - locations = singleton (nameValuePair "/" '' - index vnc.html; - root ${pkgs.noVNC}; - ''); - }; -} diff --git a/tv/5pkgs/netcup/default.nix b/tv/5pkgs/netcup/default.nix index 6d2ec6896..d1f46299d 100644 --- a/tv/5pkgs/netcup/default.nix +++ b/tv/5pkgs/netcup/default.nix @@ -17,8 +17,8 @@ stdenv.mkDerivation { name = "netcup-1.0.0"; src = fetchgit { url = "http://cgit.ni.krebsco.de/netcup"; - rev = "tags/v1.0.0"; - sha256 = "0m6mk16pblvnapxykxdccvphslbv1gjfziyr86bnqin1xb1g99bq"; + rev = "refs/tags/v1.0.0"; + sha256 = "1rn7bncfhjw0bqjbvj38m7lks4nyf5qcvkj9dg0zr99ba6dylzx5"; }; phases = [ "unpackPhase" "patchPhase" "installPhase" ]; patchPhase = '' |