summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--default.nix5
-rw-r--r--krebs/3modules/build.nix5
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/makefu/default.nix29
-rw-r--r--krebs/3modules/per-user.nix35
-rw-r--r--krebs/3modules/tv/default.nix20
-rw-r--r--krebs/5pkgs/bepasty-client-cli/default.nix22
-rw-r--r--krebs/5pkgs/krebspaste/default.nix7
-rw-r--r--krebs/5pkgs/translate-shell/default.nix43
-rw-r--r--krebs/Zhosts/gum1
-rw-r--r--krebs/Zpubkeys/tv_wu.ssh.pub1
-rw-r--r--krebs/default.nix3
-rw-r--r--makefu/1systems/filepimp.nix38
-rw-r--r--makefu/1systems/gum.nix8
-rw-r--r--makefu/1systems/pnp.nix6
-rw-r--r--makefu/1systems/pornocauster.nix22
-rw-r--r--makefu/1systems/repunit.nix17
-rw-r--r--makefu/1systems/tsp.nix11
-rw-r--r--makefu/1systems/wry.nix15
-rw-r--r--makefu/2configs/base-sources.nix21
-rw-r--r--makefu/2configs/default.nix (renamed from makefu/2configs/base.nix)33
-rw-r--r--makefu/2configs/fs/cac-boot-partition.nix2
-rw-r--r--makefu/2configs/fs/sda-crypto-root.nix4
-rw-r--r--makefu/2configs/fs/single-partition-ext4.nix10
-rw-r--r--makefu/2configs/fs/vm-single-partition.nix15
-rw-r--r--makefu/2configs/headless.nix4
-rw-r--r--makefu/2configs/hw/tp-x2x0.nix2
-rw-r--r--makefu/2configs/nginx/euer.blog.nix34
-rw-r--r--makefu/2configs/nginx/euer.wiki.nix13
-rw-r--r--makefu/2configs/unstable-sources.nix16
-rw-r--r--shared/1systems/wolf.nix2
-rw-r--r--shared/2configs/collectd-base.nix4
-rw-r--r--tv/1systems/cd.nix3
-rw-r--r--tv/1systems/mkdir.nix17
-rw-r--r--tv/1systems/nomic.nix17
-rw-r--r--tv/1systems/rmdir.nix17
-rw-r--r--tv/1systems/wu.nix37
-rw-r--r--tv/1systems/xu.nix38
-rw-r--r--tv/2configs/default.nix (renamed from tv/2configs/base.nix)40
-rw-r--r--tv/2configs/vim.nix9
-rw-r--r--tv/2configs/xserver/default.nix14
-rw-r--r--tv/2configs/z.nix40
42 files changed, 391 insertions, 290 deletions
diff --git a/default.nix b/default.nix
index 472d7597d..ac748c286 100644
--- a/default.nix
+++ b/default.nix
@@ -32,7 +32,10 @@ let stockholm = {
upath = lib.nspath current-user-name;
base-module = { config, ... }: {
- imports = map (f: f "3modules") [ kpath upath ];
+ imports = builtins.filter builtins.pathExists (lib.concatLists [
+ (map (f: f "2configs") [ upath ])
+ (map (f: f "3modules") [ kpath upath ])
+ ]);
krebs.current.enable = true;
krebs.current.host = config.krebs.hosts.${current-host-name};
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
index 1205e192b..7f004cd81 100644
--- a/krebs/3modules/build.nix
+++ b/krebs/3modules/build.nix
@@ -29,10 +29,13 @@ let
};
options.krebs.build.source.dir = mkOption {
- type = types.attrsOf (types.submodule ({ config, ... }: {
+ type = let
+ default-host = config.krebs.current.host;
+ in types.attrsOf (types.submodule ({ config, ... }: {
options = {
host = mkOption {
type = types.host;
+ default = default-host;
};
path = mkOption {
type = types.str;
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index fd9d56ed2..b4e7f9254 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -15,6 +15,7 @@ let
./git.nix
./iptables.nix
./nginx.nix
+ ./per-user.nix
./Reaktor.nix
./retiolum-bootstrap.nix
./realwallpaper.nix
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 2d33b9275..652527da2 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -164,6 +164,7 @@ with lib;
dc = "makefu"; #dc = "cac";
extraZones = {
"krebsco.de" = ''
+ euer IN A ${head nets.internet.addrs4}
wiki.euer IN A ${head nets.internet.addrs4}
wry IN A ${head nets.internet.addrs4}
io IN NS wry.krebsco.de.
@@ -191,6 +192,9 @@ with lib;
"paste.retiolum"
"wry.retiolum"
"wiki.makefu.retiolum"
+ "wiki.wry.retiolum"
+ "blog.makefu.retiolum"
+ "blog.wry.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -210,13 +214,36 @@ with lib;
};
};
};
+ filepimp = rec {
+ cores = 1;
+ dc = "makefu"; #nas
+
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.153.102"];
+ addrs6 = ["42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"];
+ aliases = [
+ "filepimp.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
+ BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
+ i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
+ 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
+ u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
+ OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
gum = rec {
cores = 1;
dc = "online.net"; #root-server
extraZones = {
"krebsco.de" = ''
- euer IN A ${head nets.internet.addrs4}
share.euer IN A ${head nets.internet.addrs4}
gum IN A ${head nets.internet.addrs4}
'';
diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix
new file mode 100644
index 000000000..ee213deda
--- /dev/null
+++ b/krebs/3modules/per-user.nix
@@ -0,0 +1,35 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.krebs.per-user;
+
+ out = {
+ options.krebs.per-user = api;
+ config = imp;
+ };
+
+ api = mkOption {
+ type = with types; attrsOf (submodule {
+ options = {
+ packages = mkOption {
+ type = listOf path;
+ default = [];
+ };
+ };
+ });
+ default = {};
+ };
+
+ imp = {
+ environment = {
+ etc = flip mapAttrs' cfg (name: { packages, ... }: {
+ name = "per-user/${name}";
+ value.source = pkgs.symlinkJoin "per-user.${name}" packages;
+ });
+ profiles = ["/etc/per-user/$LOGNAME"];
+ };
+ };
+
+in out
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 4c295dffe..6fd1c4224 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -158,7 +158,8 @@ with lib;
};
};
secure = true;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILn7C3LxAs9kUynENdRNgQs4qjrhNDfXzlHTpVJt6e09";
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic";
};
ok = {
nets = {
@@ -276,17 +277,26 @@ with lib;
};
};
secure = true;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID554niVFWomJjuSuQoiCdMUYrCFPpPzQuaoXXYYDxlw";
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu";
};
};
- users = addNames {
+ users = addNames rec {
mv = {
mail = "mv@cd.retiolum";
- pubkey = readFile ../../Zpubkeys/mv_vod.ssh.pub;
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";
};
tv = {
mail = "tv@wu.retiolum";
- pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu";
+ };
+ tv_nomic = {
+ inherit (tv) mail;
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dYR/n4Yw8OsYmfR2rSUG7o10G6AqOlSJHuHSEmANbMkqjiWl1TnpORtt5bAktyAGI4vWf9vhNEnxuIqGXWSV+3yCd7yfBHR1m0Y9QSw6blQ0xc1venl3JU0kpEyJfUn8a9cdXlnRiS0MP1gcsN7Zk8cqBELJYJajkSEnsT4eVaU5/wdnyzUO1fk8D8tFBJbF/tsWDLJPu4P18rpxq4wZgA2qmyHoVDEVlrz2OYcziXT6gpG0JGnToteaNg9ok5QavEYFpp8P+k1AacrBjc1PAb4MaMX1nfkSyaZwSqLdH35XkNRgPhVVmqZ5PlG3VeNpPSwpdcKi8P3zH1xG9g6Usx1SAyvcoAyGHdOwmFuA2tc1HgYEiQ+OsPrHZHujBOOZsKTN9+IZHScCAe+UmUcK413WEZKPs8PeFjf1gQAoDXb55JpksxLAnC/SQOl4FhkctIAXxr12ALlyt9UFPzIoj/Nj2MpFzGSlf653fTFmnMbQ8+GICc4TUpqx5GELZhfQuprBTv/55a9zKvM4B8XT3Bn9olQzMQIXEjXb3WUVFDDNWeNydToorYn1wG3ZWQ+3f0IlqRicWO7Q9BRj1Lp5rcUCb+naJ48tGY6HFUZ1Kz/0x458GDFvUd8mCJjqqmeSkUEeZd0xet5tVFg/bYoSslEqPF6pz7V3ruJMSdYxnQ== tv@nomic #2";
+ };
+ tv_xu = {
+ inherit (tv) mail;
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu";
};
};
}
diff --git a/krebs/5pkgs/bepasty-client-cli/default.nix b/krebs/5pkgs/bepasty-client-cli/default.nix
new file mode 100644
index 000000000..990f99af6
--- /dev/null
+++ b/krebs/5pkgs/bepasty-client-cli/default.nix
@@ -0,0 +1,22 @@
+{ lib, pkgs, pythonPackages, fetchurl, ... }:
+
+with pythonPackages; buildPythonPackage rec {
+ name = "bepasty-client-cli-${version}";
+ version = "0.3.0";
+ propagatedBuildInputs = [
+ python_magic
+ click
+ requests2
+ ];
+
+ src = fetchurl {
+ url = "https://pypi.python.org/packages/source/b/bepasty-client-cli/bepasty-client-cli-${version}.tar.gz";
+ sha256 = "002kcplyfnmr5pn2ywdfilss0rmbm8wcdzz8hzp03ksy2zr4sdbw";
+ };
+
+ meta = {
+ homepage = https://github.com/bepasty/bepasty-client-cli;
+ description = "CLI client for bepasty-server";
+ license = lib.licenses.bsd2;
+ };
+}
diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix
new file mode 100644
index 000000000..fb318af83
--- /dev/null
+++ b/krebs/5pkgs/krebspaste/default.nix
@@ -0,0 +1,7 @@
+{ writeScriptBin, pkgs }:
+
+# TODO: use `wrapProgram --add-flags` instead?
+writeScriptBin "krebspaste" ''
+ #! /bin/sh
+ exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
+''
diff --git a/krebs/5pkgs/translate-shell/default.nix b/krebs/5pkgs/translate-shell/default.nix
new file mode 100644
index 000000000..00ab226e5
--- /dev/null
+++ b/krebs/5pkgs/translate-shell/default.nix
@@ -0,0 +1,43 @@
+{stdenv, fetchurl,pkgs,... }:
+let
+ s =
+ rec {
+ baseName="translate-shell";
+ version="0.9.0.9";
+ name="${baseName}-${version}";
+ url=https://github.com/soimort/translate-shell/archive/v0.9.0.9.tar.gz;
+ sha256="1269j4yr9dr1d8c5kmysbzfplbgdg8apqnzs5w57d29sd7gz2i34";
+ };
+ searchpath = with pkgs; stdenv.lib.makeSearchPath "bin" [
+ fribidi
+ gawk
+ bash
+ curl
+ less
+ ];
+ buildInputs = [
+ pkgs.makeWrapper
+ ];
+in
+stdenv.mkDerivation {
+ inherit (s) name version;
+ inherit buildInputs;
+ src = fetchurl {
+ inherit (s) url sha256;
+ };
+ # TODO: maybe mplayer
+ installPhase = ''
+ mkdir -p $out/bin
+ make PREFIX=$out install
+ wrapProgram $out/bin/trans --suffix PATH : "${searchpath}"
+ '';
+
+ meta = {
+ inherit (s) version;
+ description = ''translate using google api'';
+ license = stdenv.lib.licenses.free;
+ maintainers = [stdenv.lib.maintainers.makefu];
+ platforms = stdenv.lib.platforms.linux ;
+ };
+}
+
diff --git a/krebs/Zhosts/gum b/krebs/Zhosts/gum
index f1eaa4eab..d43bb0d08 100644
--- a/krebs/Zhosts/gum
+++ b/krebs/Zhosts/gum
@@ -2,7 +2,6 @@ Address= 195.154.108.70
Address= 195.154.108.70 53
Subnet = 10.243.0.211
Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
-Aliases = paste
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
diff --git a/krebs/Zpubkeys/tv_wu.ssh.pub b/krebs/Zpubkeys/tv_wu.ssh.pub
deleted file mode 100644
index b6e2634e8..000000000
--- a/krebs/Zpubkeys/tv_wu.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu
diff --git a/krebs/default.nix b/krebs/default.nix
index 31a7f7d04..bfd6175d9 100644
--- a/krebs/default.nix
+++ b/krebs/default.nix
@@ -84,6 +84,7 @@ let out = {
cat<<EOF
# put following into config.krebs.hosts.$system:
+ ssh.privkey.path = <secrets/ssh.$key_type>;
ssh.pubkey = $(echo $pubkey | jq -R .);
EOF
'';
@@ -178,7 +179,7 @@ let out = {
nix-path =
lib.concatStringsSep ":"
- (lib.mapAttrsToList (name: _: "${name}=/root/${name}")
+ (lib.mapAttrsToList (name: src: "${name}=${src.target-path}")
(config.krebs.build.source.dir //
config.krebs.build.source.git));
in ''
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
new file mode 100644
index 000000000..fb1a57552
--- /dev/null
+++ b/makefu/1systems/filepimp.nix
@@ -0,0 +1,38 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+ imports =
+ [ # Include the results of the hardware scan.
+ ../2configs/default.nix
+ ../2configs/fs/vm-single-partition.nix
+ ../2configs/fs/single-partition-ext4.nix
+ ../2configs/tinc-basic-retiolum.nix
+ ];
+ krebs.build.host = config.krebs.hosts.filepimp;
+
+ # AMD N54L
+ boot = {
+ loader.grub.device = "/dev/sda";
+
+ initrd.availableKernelModules = [
+ "usb_storage"
+ "ahci"
+ "xhci_hcd"
+ "ata_piix"
+ "uhci_hcd"
+ "ehci_pci"
+ ];
+
+ kernelModules = [ ];
+ extraModulePackages = [ ];
+ };
+
+ hardware.enableAllFirmware = true;
+ hardware.cpu.amd.updateMicrocode = true;
+
+ networking.firewall.allowPing = true;
+}
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index c4fa064b3..85cf4c533 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -7,8 +7,6 @@ let
in {
imports = [
# TODO: copy this config or move to krebs
- ../2configs/base.nix
- ../2configs/base-sources.nix
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
# ../2configs/iodined.nix
@@ -17,11 +15,7 @@ in {
../2configs/Reaktor/simpleExtend.nix
];
- krebs.build = {
- user = config.krebs.users.makefu;
- target = "root@gum.krebsco.de";
- host = config.krebs.hosts.gum;
- };
+ krebs.build.host = config.krebs.hosts.gum;
krebs.Reaktor.enable = true;
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index 9c7be3b79..161bfa3e9 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -8,12 +8,12 @@
imports =
[ # Include the results of the hardware scan.
# Base
- ../2configs/base.nix
- ../2configs/base-sources.nix
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
# HW/FS
+
+ # enables virtio kernel modules in initrd
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/fs/vm-single-partition.nix
@@ -43,8 +43,6 @@
};
krebs.build.host = config.krebs.hosts.pnp;
- krebs.build.user = config.krebs.users.makefu;
- krebs.build.target = "root@pnp";
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 97cf86a4e..8624cb2d1 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -6,12 +6,8 @@
{
imports =
[ # Include the results of the hardware scan.
- ../2configs/base.nix
../2configs/main-laptop.nix #< base-gui
- # configures sources
- ../2configs/base-sources.nix
-
# Krebs
../2configs/tinc-basic-retiolum.nix
#../2configs/disable_v6.nix
@@ -23,7 +19,8 @@
../2configs/exim-retiolum.nix
../2configs/mail-client.nix
#../2configs/virtualization.nix
- ../2configs/virtualization-virtualbox.nix
+ ../2configs/virtualization.nix
+ #../2configs/virtualization-virtualbox.nix
../2configs/wwan.nix
# services
@@ -34,16 +31,19 @@
../2configs/hw/tp-x220.nix
# mount points
../2configs/fs/sda-crypto-root-home.nix
+ # ../2configs/mediawiki.nix
+ #../2configs/wordpress.nix
];
- krebs.Reaktor.enable = true;
- krebs.Reaktor.debug = true;
- krebs.Reaktor.nickname = "makefu|r";
+ #krebs.Reaktor.enable = true;
+ #krebs.Reaktor.nickname = "makefu|r";
krebs.build.host = config.krebs.hosts.pornocauster;
- krebs.build.user = config.krebs.users.makefu;
- krebs.build.target = "root@pornocauster";
- environment.systemPackages = with pkgs;[ get ];
+ environment.systemPackages = with pkgs;[
+ get
+ virtmanager
+ gnome3.dconf
+ ];
services.logind.extraConfig = "HandleLidSwitch=ignore";
# configure pulseAudio to provide a HDMI sink as well
diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix
index d98ff17c1..a069cc36f 100644
--- a/makefu/1systems/repunit.nix
+++ b/makefu/1systems/repunit.nix
@@ -8,26 +8,9 @@
imports =
[ # Include the results of the hardware scan.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
- ../2configs/base.nix
../2configs/cgit-retiolum.nix
];
krebs.build.host = config.krebs.hosts.repunit;
- krebs.build.user = config.krebs.users.makefu;
- krebs.build.target = "root@repunit";
-
- krebs.build.deps = {
- nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- #url = https://github.com/makefu/nixpkgs;
- rev = "13576925552b1d0751498fdda22e91a055a1ff6c";
- };
- secrets = {
- url = "/home/makefu/secrets/${config.krebs.build.host.name}";
- };
- stockholm = {
- url = toString ../..;
- };
- };
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix
index 3c2bb2eda..990db65d2 100644
--- a/makefu/1systems/tsp.nix
+++ b/makefu/1systems/tsp.nix
@@ -6,7 +6,6 @@
{
imports =
[ # Include the results of the hardware scan.
- ../2configs/base.nix
../2configs/base-gui.nix
../2configs/tinc-basic-retiolum.nix
../2configs/fs/sda-crypto-root.nix
@@ -21,19 +20,9 @@
];
# not working in vm
krebs.build.host = config.krebs.hosts.tsp;
- krebs.build.user = config.krebs.users.makefu;
- krebs.build.target = "root@tsp";
-
networking.firewall.allowedTCPPorts = [
25
];
- krebs.build.deps = {
- nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- #url = https://github.com/makefu/nixpkgs;
- rev = "13576925552b1d0751498fdda22e91a055a1ff6c";
- };
- };
}
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index c90b84451..ba94972fb 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -8,8 +8,8 @@ let
in {
imports = [
# TODO: copy this config or move to krebs
- ../../tv/2configs/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
+ ../../tv/2configs/hw/CAC.nix
+ ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/unstable-sources.nix
../2configs/headless.nix
../2configs/tinc-basic-retiolum.nix
@@ -23,15 +23,13 @@ in {
# other nginx
../2configs/nginx/euer.wiki.nix
+ ../2configs/nginx/euer.blog.nix
+
# collectd
../2configs/collectd/collectd-base.nix
];
- krebs.build = {
- user = config.krebs.users.makefu;
- target = "root@wry";
- host = config.krebs.hosts.wry;
- };
+ krebs.build.host = config.krebs.hosts.wry;
krebs.Reaktor.enable = true;
@@ -59,6 +57,7 @@ in {
};
};
};
+
networking = {
firewall.allowPing = true;
firewall.allowedTCPPorts = [ 53 80 443 ];
@@ -71,5 +70,5 @@ in {
nameservers = [ "8.8.8.8" ];
};
-
+ environment.systemPackages = [ pkgs.translate-shell ];
}
diff --git a/makefu/2configs/base-sources.nix b/makefu/2configs/base-sources.nix
deleted file mode 100644
index 65c6e8e76..000000000
--- a/makefu/2configs/base-sources.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- system.stateVersion = "15.09";
- krebs.build.source = {
- git.nixpkgs = {
- #url = https://github.com/NixOS/nixpkgs;
- url = https://github.com/makefu/nixpkgs;
- rev = "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picked iodine
- };
-
- dir.secrets = {
- host = config.krebs.hosts.pornocauster;
- path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
- };
- dir.stockholm = {
- host = config.krebs.hosts.pornocauster;
- path = toString ../.. ;
- };
- };
-}
diff --git a/makefu/2configs/base.nix b/makefu/2configs/default.nix
index 4e38c27f8..3d9174788 100644
--- a/makefu/2configs/base.nix
+++ b/makefu/2configs/default.nix
@@ -2,6 +2,8 @@
with lib;
{
+ system.stateVersion = "15.09";
+
imports = [
{
users.extraUsers =
@@ -10,10 +12,36 @@ with lib;
}
./vim.nix
];
- krebs.enable = true;
- krebs.search-domain = "retiolum";
+ krebs = {
+ enable = true;
+ search-domain = "retiolum";
+ build = {
+ target = mkDefault "root@${config.krebs.build.host.name}";
+ user = config.krebs.users.makefu;
+ source = {
+ git.nixpkgs = {
+ #url = https://github.com/NixOS/nixpkgs;
+ url = mkDefault https://github.com/makefu/nixpkgs;
+ rev = mkDefault "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos