diff options
42 files changed, 391 insertions, 290 deletions
diff --git a/default.nix b/default.nix index 472d7597d..ac748c286 100644 --- a/default.nix +++ b/default.nix @@ -32,7 +32,10 @@ let stockholm = { upath = lib.nspath current-user-name; base-module = { config, ... }: { - imports = map (f: f "3modules") [ kpath upath ]; + imports = builtins.filter builtins.pathExists (lib.concatLists [ + (map (f: f "2configs") [ upath ]) + (map (f: f "3modules") [ kpath upath ]) + ]); krebs.current.enable = true; krebs.current.host = config.krebs.hosts.${current-host-name}; diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 1205e192b..7f004cd81 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -29,10 +29,13 @@ let }; options.krebs.build.source.dir = mkOption { - type = types.attrsOf (types.submodule ({ config, ... }: { + type = let + default-host = config.krebs.current.host; + in types.attrsOf (types.submodule ({ config, ... }: { options = { host = mkOption { type = types.host; + default = default-host; }; path = mkOption { type = types.str; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index fd9d56ed2..b4e7f9254 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -15,6 +15,7 @@ let ./git.nix ./iptables.nix ./nginx.nix + ./per-user.nix ./Reaktor.nix ./retiolum-bootstrap.nix ./realwallpaper.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 2d33b9275..652527da2 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -164,6 +164,7 @@ with lib; dc = "makefu"; #dc = "cac"; extraZones = { "krebsco.de" = '' + euer IN A ${head nets.internet.addrs4} wiki.euer IN A ${head nets.internet.addrs4} wry IN A ${head nets.internet.addrs4} io IN NS wry.krebsco.de. @@ -191,6 +192,9 @@ with lib; "paste.retiolum" "wry.retiolum" "wiki.makefu.retiolum" + "wiki.wry.retiolum" + "blog.makefu.retiolum" + "blog.wry.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -210,13 +214,36 @@ with lib; }; }; }; + filepimp = rec { + cores = 1; + dc = "makefu"; #nas + + nets = { + retiolum = { + addrs4 = ["10.243.153.102"]; + addrs6 = ["42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"]; + aliases = [ + "filepimp.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY + BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3 + i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7 + 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS + u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa + OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; gum = rec { cores = 1; dc = "online.net"; #root-server extraZones = { "krebsco.de" = '' - euer IN A ${head nets.internet.addrs4} share.euer IN A ${head nets.internet.addrs4} gum IN A ${head nets.internet.addrs4} ''; diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix new file mode 100644 index 000000000..ee213deda --- /dev/null +++ b/krebs/3modules/per-user.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.krebs.per-user; + + out = { + options.krebs.per-user = api; + config = imp; + }; + + api = mkOption { + type = with types; attrsOf (submodule { + options = { + packages = mkOption { + type = listOf path; + default = []; + }; + }; + }); + default = {}; + }; + + imp = { + environment = { + etc = flip mapAttrs' cfg (name: { packages, ... }: { + name = "per-user/${name}"; + value.source = pkgs.symlinkJoin "per-user.${name}" packages; + }); + profiles = ["/etc/per-user/$LOGNAME"]; + }; + }; + +in out diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 4c295dffe..6fd1c4224 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -158,7 +158,8 @@ with lib; }; }; secure = true; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILn7C3LxAs9kUynENdRNgQs4qjrhNDfXzlHTpVJt6e09"; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic"; }; ok = { nets = { @@ -276,17 +277,26 @@ with lib; }; }; secure = true; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID554niVFWomJjuSuQoiCdMUYrCFPpPzQuaoXXYYDxlw"; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu"; }; }; - users = addNames { + users = addNames rec { mv = { mail = "mv@cd.retiolum"; - pubkey = readFile ../../Zpubkeys/mv_vod.ssh.pub; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod"; }; tv = { mail = "tv@wu.retiolum"; - pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu"; + }; + tv_nomic = { + inherit (tv) mail; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dYR/n4Yw8OsYmfR2rSUG7o10G6AqOlSJHuHSEmANbMkqjiWl1TnpORtt5bAktyAGI4vWf9vhNEnxuIqGXWSV+3yCd7yfBHR1m0Y9QSw6blQ0xc1venl3JU0kpEyJfUn8a9cdXlnRiS0MP1gcsN7Zk8cqBELJYJajkSEnsT4eVaU5/wdnyzUO1fk8D8tFBJbF/tsWDLJPu4P18rpxq4wZgA2qmyHoVDEVlrz2OYcziXT6gpG0JGnToteaNg9ok5QavEYFpp8P+k1AacrBjc1PAb4MaMX1nfkSyaZwSqLdH35XkNRgPhVVmqZ5PlG3VeNpPSwpdcKi8P3zH1xG9g6Usx1SAyvcoAyGHdOwmFuA2tc1HgYEiQ+OsPrHZHujBOOZsKTN9+IZHScCAe+UmUcK413WEZKPs8PeFjf1gQAoDXb55JpksxLAnC/SQOl4FhkctIAXxr12ALlyt9UFPzIoj/Nj2MpFzGSlf653fTFmnMbQ8+GICc4TUpqx5GELZhfQuprBTv/55a9zKvM4B8XT3Bn9olQzMQIXEjXb3WUVFDDNWeNydToorYn1wG3ZWQ+3f0IlqRicWO7Q9BRj1Lp5rcUCb+naJ48tGY6HFUZ1Kz/0x458GDFvUd8mCJjqqmeSkUEeZd0xet5tVFg/bYoSslEqPF6pz7V3ruJMSdYxnQ== tv@nomic #2"; + }; + tv_xu = { + inherit (tv) mail; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu"; }; }; } diff --git a/krebs/5pkgs/bepasty-client-cli/default.nix b/krebs/5pkgs/bepasty-client-cli/default.nix new file mode 100644 index 000000000..990f99af6 --- /dev/null +++ b/krebs/5pkgs/bepasty-client-cli/default.nix @@ -0,0 +1,22 @@ +{ lib, pkgs, pythonPackages, fetchurl, ... }: + +with pythonPackages; buildPythonPackage rec { + name = "bepasty-client-cli-${version}"; + version = "0.3.0"; + propagatedBuildInputs = [ + python_magic + click + requests2 + ]; + + src = fetchurl { + url = "https://pypi.python.org/packages/source/b/bepasty-client-cli/bepasty-client-cli-${version}.tar.gz"; + sha256 = "002kcplyfnmr5pn2ywdfilss0rmbm8wcdzz8hzp03ksy2zr4sdbw"; + }; + + meta = { + homepage = https://github.com/bepasty/bepasty-client-cli; + description = "CLI client for bepasty-server"; + license = lib.licenses.bsd2; + }; +} diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix new file mode 100644 index 000000000..fb318af83 --- /dev/null +++ b/krebs/5pkgs/krebspaste/default.nix @@ -0,0 +1,7 @@ +{ writeScriptBin, pkgs }: + +# TODO: use `wrapProgram --add-flags` instead? +writeScriptBin "krebspaste" '' + #! /bin/sh + exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@" +'' diff --git a/krebs/5pkgs/translate-shell/default.nix b/krebs/5pkgs/translate-shell/default.nix new file mode 100644 index 000000000..00ab226e5 --- /dev/null +++ b/krebs/5pkgs/translate-shell/default.nix @@ -0,0 +1,43 @@ +{stdenv, fetchurl,pkgs,... }: +let + s = + rec { + baseName="translate-shell"; + version="0.9.0.9"; + name="${baseName}-${version}"; + url=https://github.com/soimort/translate-shell/archive/v0.9.0.9.tar.gz; + sha256="1269j4yr9dr1d8c5kmysbzfplbgdg8apqnzs5w57d29sd7gz2i34"; + }; + searchpath = with pkgs; stdenv.lib.makeSearchPath "bin" [ + fribidi + gawk + bash + curl + less + ]; + buildInputs = [ + pkgs.makeWrapper + ]; +in +stdenv.mkDerivation { + inherit (s) name version; + inherit buildInputs; + src = fetchurl { + inherit (s) url sha256; + }; + # TODO: maybe mplayer + installPhase = '' + mkdir -p $out/bin + make PREFIX=$out install + wrapProgram $out/bin/trans --suffix PATH : "${searchpath}" + ''; + + meta = { + inherit (s) version; + description = ''translate using google api''; + license = stdenv.lib.licenses.free; + maintainers = [stdenv.lib.maintainers.makefu]; + platforms = stdenv.lib.platforms.linux ; + }; +} + diff --git a/krebs/Zhosts/gum b/krebs/Zhosts/gum index f1eaa4eab..d43bb0d08 100644 --- a/krebs/Zhosts/gum +++ b/krebs/Zhosts/gum @@ -2,7 +2,6 @@ Address= 195.154.108.70 Address= 195.154.108.70 53 Subnet = 10.243.0.211 Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2 -Aliases = paste -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY diff --git a/krebs/Zpubkeys/tv_wu.ssh.pub b/krebs/Zpubkeys/tv_wu.ssh.pub deleted file mode 100644 index b6e2634e8..000000000 --- a/krebs/Zpubkeys/tv_wu.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu diff --git a/krebs/default.nix b/krebs/default.nix index 31a7f7d04..bfd6175d9 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -84,6 +84,7 @@ let out = { cat<<EOF # put following into config.krebs.hosts.$system: + ssh.privkey.path = <secrets/ssh.$key_type>; ssh.pubkey = $(echo $pubkey | jq -R .); EOF ''; @@ -178,7 +179,7 @@ let out = { nix-path = lib.concatStringsSep ":" - (lib.mapAttrsToList (name: _: "${name}=/root/${name}") + (lib.mapAttrsToList (name: src: "${name}=${src.target-path}") (config.krebs.build.source.dir // config.krebs.build.source.git)); in '' diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix new file mode 100644 index 000000000..fb1a57552 --- /dev/null +++ b/makefu/1systems/filepimp.nix @@ -0,0 +1,38 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ../2configs/default.nix + ../2configs/fs/vm-single-partition.nix + ../2configs/fs/single-partition-ext4.nix + ../2configs/tinc-basic-retiolum.nix + ]; + krebs.build.host = config.krebs.hosts.filepimp; + + # AMD N54L + boot = { + loader.grub.device = "/dev/sda"; + + initrd.availableKernelModules = [ + "usb_storage" + "ahci" + "xhci_hcd" + "ata_piix" + "uhci_hcd" + "ehci_pci" + ]; + + kernelModules = [ ]; + extraModulePackages = [ ]; + }; + + hardware.enableAllFirmware = true; + hardware.cpu.amd.updateMicrocode = true; + + networking.firewall.allowPing = true; +} diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index c4fa064b3..85cf4c533 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -7,8 +7,6 @@ let in { imports = [ # TODO: copy this config or move to krebs - ../2configs/base.nix - ../2configs/base-sources.nix ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix # ../2configs/iodined.nix @@ -17,11 +15,7 @@ in { ../2configs/Reaktor/simpleExtend.nix ]; - krebs.build = { - user = config.krebs.users.makefu; - target = "root@gum.krebsco.de"; - host = config.krebs.hosts.gum; - }; + krebs.build.host = config.krebs.hosts.gum; krebs.Reaktor.enable = true; diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index 9c7be3b79..161bfa3e9 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -8,12 +8,12 @@ imports = [ # Include the results of the hardware scan. # Base - ../2configs/base.nix - ../2configs/base-sources.nix ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix # HW/FS + + # enables virtio kernel modules in initrd <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ../2configs/fs/vm-single-partition.nix @@ -43,8 +43,6 @@ }; krebs.build.host = config.krebs.hosts.pnp; - krebs.build.user = config.krebs.users.makefu; - krebs.build.target = "root@pnp"; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 97cf86a4e..8624cb2d1 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -6,12 +6,8 @@ { imports = [ # Include the results of the hardware scan. - ../2configs/base.nix ../2configs/main-laptop.nix #< base-gui - # configures sources - ../2configs/base-sources.nix - # Krebs ../2configs/tinc-basic-retiolum.nix #../2configs/disable_v6.nix @@ -23,7 +19,8 @@ ../2configs/exim-retiolum.nix ../2configs/mail-client.nix #../2configs/virtualization.nix - ../2configs/virtualization-virtualbox.nix + ../2configs/virtualization.nix + #../2configs/virtualization-virtualbox.nix ../2configs/wwan.nix # services @@ -34,16 +31,19 @@ ../2configs/hw/tp-x220.nix # mount points ../2configs/fs/sda-crypto-root-home.nix + # ../2configs/mediawiki.nix + #../2configs/wordpress.nix ]; - krebs.Reaktor.enable = true; - krebs.Reaktor.debug = true; - krebs.Reaktor.nickname = "makefu|r"; + #krebs.Reaktor.enable = true; + #krebs.Reaktor.nickname = "makefu|r"; krebs.build.host = config.krebs.hosts.pornocauster; - krebs.build.user = config.krebs.users.makefu; - krebs.build.target = "root@pornocauster"; - environment.systemPackages = with pkgs;[ get ]; + environment.systemPackages = with pkgs;[ + get + virtmanager + gnome3.dconf + ]; services.logind.extraConfig = "HandleLidSwitch=ignore"; # configure pulseAudio to provide a HDMI sink as well diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix index d98ff17c1..a069cc36f 100644 --- a/makefu/1systems/repunit.nix +++ b/makefu/1systems/repunit.nix @@ -8,26 +8,9 @@ imports = [ # Include the results of the hardware scan. <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - ../2configs/base.nix ../2configs/cgit-retiolum.nix ]; krebs.build.host = config.krebs.hosts.repunit; - krebs.build.user = config.krebs.users.makefu; - krebs.build.target = "root@repunit"; - - krebs.build.deps = { - nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - #url = https://github.com/makefu/nixpkgs; - rev = "13576925552b1d0751498fdda22e91a055a1ff6c"; - }; - secrets = { - url = "/home/makefu/secrets/${config.krebs.build.host.name}"; - }; - stockholm = { - url = toString ../..; - }; - }; boot.loader.grub.enable = true; boot.loader.grub.version = 2; diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index 3c2bb2eda..990db65d2 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -6,7 +6,6 @@ { imports = [ # Include the results of the hardware scan. - ../2configs/base.nix ../2configs/base-gui.nix ../2configs/tinc-basic-retiolum.nix ../2configs/fs/sda-crypto-root.nix @@ -21,19 +20,9 @@ ]; # not working in vm krebs.build.host = config.krebs.hosts.tsp; - krebs.build.user = config.krebs.users.makefu; - krebs.build.target = "root@tsp"; - networking.firewall.allowedTCPPorts = [ 25 ]; - krebs.build.deps = { - nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - #url = https://github.com/makefu/nixpkgs; - rev = "13576925552b1d0751498fdda22e91a055a1ff6c"; - }; - }; } diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index c90b84451..ba94972fb 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -8,8 +8,8 @@ let in { imports = [ # TODO: copy this config or move to krebs - ../../tv/2configs/CAC-CentOS-7-64bit.nix - ../2configs/base.nix + ../../tv/2configs/hw/CAC.nix + ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix ../2configs/unstable-sources.nix ../2configs/headless.nix ../2configs/tinc-basic-retiolum.nix @@ -23,15 +23,13 @@ in { # other nginx ../2configs/nginx/euer.wiki.nix + ../2configs/nginx/euer.blog.nix + # collectd ../2configs/collectd/collectd-base.nix ]; - krebs.build = { - user = config.krebs.users.makefu; - target = "root@wry"; - host = config.krebs.hosts.wry; - }; + krebs.build.host = config.krebs.hosts.wry; krebs.Reaktor.enable = true; @@ -59,6 +57,7 @@ in { }; }; }; + networking = { firewall.allowPing = true; firewall.allowedTCPPorts = [ 53 80 443 ]; @@ -71,5 +70,5 @@ in { nameservers = [ "8.8.8.8" ]; }; - + environment.systemPackages = [ pkgs.translate-shell ]; } diff --git a/makefu/2configs/base-sources.nix b/makefu/2configs/base-sources.nix deleted file mode 100644 index 65c6e8e76..000000000 --- a/makefu/2configs/base-sources.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - system.stateVersion = "15.09"; - krebs.build.source = { - git.nixpkgs = { - #url = https://github.com/NixOS/nixpkgs; - url = https://github.com/makefu/nixpkgs; - rev = "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picked iodine - }; - - dir.secrets = { - host = config.krebs.hosts.pornocauster; - path = "/home/makefu/secrets/${config.krebs.build.host.name}/"; - }; - dir.stockholm = { - host = config.krebs.hosts.pornocauster; - path = toString ../.. ; - }; - }; -} diff --git a/makefu/2configs/base.nix b/makefu/2configs/default.nix index 4e38c27f8..3d9174788 100644 --- a/makefu/2configs/base.nix +++ b/makefu/2configs/default.nix @@ -2,6 +2,8 @@ with lib; { + system.stateVersion = "15.09"; + imports = [ { users.extraUsers = @@ -10,10 +12,36 @@ with lib; } ./vim.nix ]; - krebs.enable = true; - krebs.search-domain = "retiolum"; + krebs = { + enable = true; + search-domain = "retiolum"; + build = { + target = mkDefault "root@${config.krebs.build.host.name}"; + user = config.krebs.users.makefu; + source = { + git.nixpkgs = { + #url = https://github.com/NixOS/nixpkgs; + url = mkDefault https://github.com/makefu/nixpkgs; + rev = mkDefault "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos |