diff options
98 files changed, 2424 insertions, 670 deletions
diff --git a/.gitignore b/.gitignore index 1ce082113..e1c6ef949 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /.graveyard +/TODO diff --git a/.rsync-filter b/.rsync-filter index 364a79864..67ec05fc3 100644 --- a/.rsync-filter +++ b/.rsync-filter @@ -1,3 +1,4 @@ - /.git - /.graveyard +- /TODO P /.version-suffix diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 2ad22f49c..7f49f9485 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -12,6 +12,7 @@ <stockholm/krebs/2configs/buildbot-all.nix> <stockholm/krebs/2configs/gitlab-runner-shackspace.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> + <stockholm/krebs/2configs/ircd.nix> ]; krebs.build.host = config.krebs.hosts.hotdog; diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 978bd18e0..d2664ef84 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -27,6 +27,11 @@ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + + kernelModules = [ "kvm-intel" ]; + extraModprobeConfig = '' + options thinkpad_acpi fan_control=1 + ''; }; fileSystems = { @@ -65,7 +70,10 @@ ''; environment.systemPackages = [ pkgs.zsh ]; - boot.kernelModules = [ "kvm-intel" ]; + + system.activationScripts."disengage fancontrol" = '' + echo level disengaged > /proc/acpi/ibm/fan + ''; users.users.joerg = { openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ]; isNormalUser = true; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 91aabb716..21ae20ea0 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -1,6 +1,7 @@ { config, pkgs, ... }: let shack-ip = config.krebs.build.host.nets.shack.ip4.addr; + influx-host = "127.0.0.1"; in { imports = [ @@ -23,6 +24,58 @@ in <stockholm/krebs/2configs/shack/muell_caller.nix> <stockholm/krebs/2configs/shack/radioactive.nix> <stockholm/krebs/2configs/shack/share.nix> + { + systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate + #systemd.services.telegraf.environment = { + # "MIBDIRS" : ""; # extra mibs like ADSL + #}; + services.telegraf = { + enable = true; + extraConfig = { + inputs = { + snmp = { + agents = [ "10.0.1.3:161" ]; + version = 2; + community = "shack"; + name = "snmp"; + field = [ + { + name = "hostname"; + oid = "RFC1213-MIB::sysName.0"; + is_tag = true; + } + { + name = "load-percent"; #cisco + oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.9"; + } + { + name = "uptime"; + oid = "DISMAN-EVENT-MIB::sysUpTimeInstance"; + } + ]; + table = [{ + name = "snmp"; + inherit_tags = [ "hostname" ]; + oid = "IF-MIB::ifXTable"; + field = [{ + name = "ifName"; + oid = "IF-MIB::ifName"; + is_tag = true; + }]; + }]; + }; + }; + outputs = { + influxdb = { + urls = [ "http://${influx-host}:8086" ]; + database = "telegraf"; + write_consistency = "any"; + timeout = "5s"; + }; + }; + }; + }; + } ]; # use your own binary cache, fallback use cache.nixos.org (which is used by @@ -86,6 +139,9 @@ in boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; + # without it `/nix/store` is not added grub paths + boot.loader.grub.copyKernels = true; + fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; swapDevices = [ @@ -100,6 +156,7 @@ in users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.ulrich.pubkey config.krebs.users.makefu-omo.pubkey + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup ]; time.timeZone = "Europe/Berlin"; diff --git a/krebs/2configs/binary-cache/prism.nix b/krebs/2configs/binary-cache/prism.nix index 4813eeb0f..46b386e14 100644 --- a/krebs/2configs/binary-cache/prism.nix +++ b/krebs/2configs/binary-cache/prism.nix @@ -7,6 +7,7 @@ ]; binaryCachePublicKeys = [ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + "cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI=" ]; }; } diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index c85bac0d4..44743b87d 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -8,6 +8,8 @@ with import <stockholm/lib>; hardware.cpu.intel.updateMicrocode = true; + hardware.opengl.enable = true; + services.tlp.enable = true; boot = { diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index b0b0b2f62..84b7d9c0e 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -15,8 +15,8 @@ let post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; verbose = false; - channel = "#retiolum"; - server = "ni.r"; + channel = "#xxx"; + server = "irc.r"; branches = [ "master" ]; }; }); diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix index a39d0cc02..19768cb2e 100644 --- a/krebs/2configs/shack/muell_caller.nix +++ b/krebs/2configs/shack/muell_caller.nix @@ -6,8 +6,8 @@ let name = "muell_caller-2017-06-01"; src = pkgs.fetchgit { url = "https://github.com/shackspace/muell_caller/"; - rev = "bbd4009"; - sha256 = "1bfnfl2vdh0p5wzyz5p48qh04vvsg2445avg86fzhzragx25fqv0"; + rev = "ee4e499"; + sha256 = "0q1v07q633sbqg4wkgf0zya2bnqrikpyjhzp05iwn2vcs8rvsi3k"; }; buildInputs = [ (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix index 5a3a788c2..8f8440eb7 100644 --- a/krebs/3modules/announce-activation.nix +++ b/krebs/3modules/announce-activation.nix @@ -35,7 +35,7 @@ in { irc = { # TODO rename channel to target? channel = mkOption { - default = "#retiolum"; + default = "#xxx"; type = types.str; # TODO types.irc-channel }; nick = mkOption { @@ -47,7 +47,7 @@ in { type = types.int; }; server = mkOption { - default = "ni.r"; + default = "irc.r"; type = types.hostname; }; }; diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index dab87792e..adbc1ebe1 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -133,8 +133,8 @@ in irc = { enable = true; nick = "build|${hostname}"; - server = "ni.r"; - channels = [ "retiolum" "noise" ]; + server = "irc.r"; + channels = [ "xxx" "noise" ]; allowForce = true; }; extraConfig = '' diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 42df3f053..48cf7971b 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -24,6 +24,7 @@ let ./go.nix ./hidden-ssh.nix ./htgen.nix + ./iana-etc.nix ./iptables.nix ./kapacitor.nix ./monit.nix diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix new file mode 100644 index 000000000..f6d47f27e --- /dev/null +++ b/krebs/3modules/iana-etc.nix @@ -0,0 +1,55 @@ +with import <stockholm/lib>; |