summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/0tests/data/secrets/konsens.id_ed255190
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/2configs/buildbot-stockholm.nix2
-rw-r--r--krebs/2configs/repo-sync.nix164
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/konsens.nix80
-rw-r--r--krebs/3modules/lass/default.nix64
-rw-r--r--krebs/3modules/lass/ssh/android.rsa2
-rw-r--r--krebs/krops.nix2
-rw-r--r--krebs/nixpkgs.json7
-rwxr-xr-xkrebs/update-channel.sh9
-rw-r--r--lass/1systems/daedalus/config.nix3
-rw-r--r--lass/1systems/dishfire/config.nix63
-rw-r--r--lass/1systems/dishfire/physical.nix39
-rw-r--r--lass/1systems/dishfire/source.nix3
-rw-r--r--lass/1systems/helios/config.nix43
-rw-r--r--lass/1systems/prism/config.nix4
-rw-r--r--lass/2configs/exim-smarthost.nix2
18 files changed, 258 insertions, 231 deletions
diff --git a/krebs/0tests/data/secrets/konsens.id_ed25519 b/krebs/0tests/data/secrets/konsens.id_ed25519
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/krebs/0tests/data/secrets/konsens.id_ed25519
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 18b751a7e..0a848426c 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -15,6 +15,7 @@
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/reaktor-retiolum.nix>
<stockholm/krebs/2configs/reaktor-krebs.nix>
+ <stockholm/krebs/2configs/repo-sync.nix>
];
krebs.build.host = config.krebs.hosts.hotdog;
diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix
index 62a5f9ab5..1ed38f54f 100644
--- a/krebs/2configs/buildbot-stockholm.nix
+++ b/krebs/2configs/buildbot-stockholm.nix
@@ -24,7 +24,7 @@ in
testslave = "lasspass";
};
change_source.stockholm = ''
- stockholm_repo = 'http://cgit.prism.r/stockholm'
+ stockholm_repo = 'http://cgit.hotdog.r/stockholm'
cs.append(
changes.GitPoller(
stockholm_repo,
diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix
index 48da88a8d..813dc154b 100644
--- a/krebs/2configs/repo-sync.nix
+++ b/krebs/2configs/repo-sync.nix
@@ -3,78 +3,182 @@
with import <stockholm/lib>;
let
+ konsens-user = {
+ name = "konsens";
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKKozGNGBAzHnyj6xUlsjGxxknyChXvuyrddkWVVnz7";
+ };
mirror = "git@${config.networking.hostName}:";
- defineRepo = name: announce: let
+ defineRepo = {
+ name, desc, section
+ }:
+ let
repo = {
public = true;
name = mkDefault "${name}";
- cgit.desc = mkDefault "mirror for ${name}";
- cgit.section = mkDefault "mirror";
- hooks = mkIf announce (mkDefault {
+ cgit.desc = desc;
+ cgit.section = section;
+ hooks = mkDefault {
post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;
verbose = false;
channel = "#xxx";
server = "irc.r";
- branches = [ "master" ];
+ branches = [ "master" "newest" ];
};
- });
+ };
};
in {
- rules = with git; singleton {
- user = with config.krebs.users; [
- config.krebs.users."${config.networking.hostName}-repo-sync"
- ];
- repo = [ repo ];
- perm = push ''refs/*'' [ non-fast-forward create delete merge ];
- };
+ rules = with git; [
+ {
+ user = with config.krebs.users; [
+ config.krebs.users."${config.networking.hostName}-repo-sync"
+ jeschli
+ lass
+ makefu
+ tv
+ ];
+ repo = [ repo ];
+ perm = push ''refs/*'' [ non-fast-forward create delete merge ];
+ }
+ {
+ user = [
+ konsens-user
+ ];
+ repo = [ repo ];
+ perm = push ''refs/heads/master'' [ create merge ];
+ }
+ {
+ user = attrValues config.krebs.users;
+ repo = [ repo ];
+ perm = fetch;
+ }
+ ];
repos."${name}" = repo;
};
- sync-retiolum = name:
+ sync-retiolum = {
+ name,
+ desc ? "mirror for ${name}",
+ section ? "mirror"
+ }:
{
krebs.repo-sync.repos.${name} = {
branches = {
- makefu = {
- origin.url = "http://cgit.gum/${name}";
+ lassulus = {
+ origin.url = "http://cgit.lassul.us/${name}";
mirror.url = "${mirror}${name}";
};
- tv = {
- origin.url = "http://cgit.ni.r/${name}";
+ makefu = {
+ origin.url = "http://cgit.gum/${name}";
mirror.url = "${mirror}${name}";
};
nin = {
origin.url = "http://cgit.onondaga.r/${name}";
mirror.url = "${mirror}${name}";
};
- lassulus = {
- origin.url = "http://cgit.lassul.us/${name}";
+ tv = {
+ origin.url = "http://cgit.ni.r/${name}";
mirror.url = "${mirror}${name}";
};
};
latest = {
url = "${mirror}${name}";
- ref = "heads/master";
+ ref = "heads/newest";
};
};
- krebs.git = defineRepo name false;
+ krebs.git = defineRepo { inherit name desc section; };
+ };
+
+ sync-remote = {
+ name,
+ url,
+ desc ? "mirror for ${name}",
+ section ? "mirror"
+ }:
+ {
+ krebs.repo-sync.repos.${name} = {
+ branches = {
+ remote = {
+ origin.url = url;
+ mirror.url = "${mirror}${name}";
+ };
+ };
+ };
+ krebs.git = defineRepo { inherit name desc section; };
};
in {
+ krebs.git = {
+ enable = true;
+ cgit.settings = {
+ root-title = "krebs repos";
+ root-desc = "keep calm and engage";
+ };
+ };
krebs.repo-sync = {
enable = true;
};
- krebs.git = {
- enable = mkDefault true;
- cgit = {
- settings = {
- root-title = "Shared Repos";
- root-desc = "keep on krebsing";
- };
+ krebs.konsens = {
+ enable = true;
+ repos = {
+ krops = { branchesToCheck = [ "lassulus" "tv" ]; };
+ stockholm = {};
};
};
+ krebs.secret.files.konsens = {
+ path = "/var/lib/konsens/.ssh/id_ed25519";
+ owner = konsens-user;
+ source-path = "${<secrets/konsens.id_ed25519>}";
+ };
+
imports = [
- (sync-retiolum "stockholm")
+ (sync-retiolum { name = "the_playlist"; desc = "Good Music collection + tools"; section = "art"; })
+
+ (sync-retiolum { name = "stockholm"; desc = "take all computers hostage, they love it"; section = "configuration"; })
+
+ (sync-retiolum { name = "cholerab"; desc = "krebs thesauron & enterprise-patterns"; section = "documentation"; })
+
+ (sync-retiolum { name = "disko"; desc = "take a description of your disk layout and produce a format script"; section = "software"; })
+ (sync-retiolum { name = "news"; desc = "take a rss feed and a timeout and print it to stdout"; section = "software"; })
+ (sync-retiolum { name = "krops"; desc = "krebs ops"; section = "software"; })
+ (sync-retiolum { name = "go"; desc = "url shortener"; section = "software"; })
+ (sync-retiolum { name = "much"; desc = "curses email client"; section = "software"; })
+ (sync-retiolum { name = "newsbot-js"; desc = "irc rss/atom bot"; section = "software"; })
+ (sync-retiolum { name = "nix-writers"; desc = "high level writers for nix"; section = "software"; })
+
+ (sync-retiolum { name = "cac-api"; desc = "CloudAtCost API command line interface"; section = "miscellaneous"; })
+ (sync-retiolum { name = "dic"; desc = "dict.leo.org command line interface"; section = "miscellaneous"; })
+ (sync-retiolum { name = "get"; section = "miscellaneous"; })
+ (sync-retiolum { name = "hstool"; desc = "Haskell Development Environment ^_^"; section = "miscellaneous"; })
+ (sync-retiolum { name = "htgen"; desc = "toy HTTP server"; section = "miscellaneous"; })
+ (sync-retiolum { name = "kirk"; desc = "IRC tools"; section = "miscellaneous"; })
+ (sync-retiolum { name = "load-env"; section = "miscellaneous"; })
+ (sync-retiolum { name = "loldns"; desc = "toy DNS server"; section = "miscellaneous"; })
+ (sync-retiolum { name = "netcup"; desc = "netcup command line interface"; section = "miscellaneous"; })
+ (sync-retiolum { name = "populate"; desc = "source code installer"; section = "miscellaneous"; })
+ (sync-retiolum { name = "q"; section = "miscellaneous"; })
+ (sync-retiolum { name = "regfish"; section = "miscellaneous"; })
+ (sync-retiolum { name = "soundcloud"; desc = "SoundCloud command line interface"; section = "miscellaneous"; })
+
+ (sync-retiolum { name = "blessings"; section = "Haskell libraries"; })
+ (sync-retiolum { name = "mime"; section = "Haskell libraries"; })
+ (sync-retiolum { name = "quipper"; section = "Haskell libraries"; })
+ (sync-retiolum { name = "scanner"; section = "Haskell libraries"; })
+ (sync-retiolum { name = "wai-middleware-time"; section = "Haskell libraries"; })
+ (sync-retiolum { name = "web-routes-wai-custom"; section = "Haskell libraries"; })
+ (sync-retiolum { name = "xintmap"; section = "Haskell libraries"; })
+ (sync-retiolum { name = "xmonad-stockholm"; desc = "krebs xmonad modules"; section = "Haskell libraries"; })
+
+ (sync-remote { name = "array"; url = "https://github.com/makefu/array"; })
+ (sync-remote { name = "email-header"; url = "https://github.com/4z3/email-header"; })
+ (sync-remote { name = "mycube-flask"; url = "https://github.com/makefu/mycube-flask"; })
+ (sync-remote { name = "reaktor-titlebot"; url = "https://github.com/makefu/reaktor-titlebot"; })
+ (sync-remote { name = "repo-sync"; url = "https://github.com/makefu/repo-sync"; })
+ (sync-remote { name = "skytraq-datalogger"; url = "https://github.com/makefu/skytraq-datalogger"; })
+ (sync-remote { name = "realwallpaper"; url = "https://github.com/lassulus/realwallpaper"; })
+ (sync-remote { name = "painload"; url = "https://github.com/krebs/painload"; })
+ (sync-remote { name = "Reaktor"; url = "https://github.com/krebs/Reaktor"; })
+ (sync-remote { name = "nixos-wiki"; url = "https://github.com/Mic92/nixos-wiki.wiki.git"; })
];
}
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index afc96e9ee..833349769 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -26,6 +26,7 @@ let
./iana-etc.nix
./iptables.nix
./kapacitor.nix
+ ./konsens.nix
./monit.nix
./newsbot-js.nix
./nixpkgs.nix
diff --git a/krebs/3modules/konsens.nix b/krebs/3modules/konsens.nix
new file mode 100644
index 000000000..47316d5d6
--- /dev/null
+++ b/krebs/3modules/konsens.nix
@@ -0,0 +1,80 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+let
+ cfg = config.krebs.konsens;
+
+ out = {
+ options.krebs.konsens = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "git konsens finder";
+ repos = mkOption {
+ type = types.attrsOf (types.submodule ({ config, ...}: {
+ options = {
+ url = mkOption {
+ type = types.str;
+ default = "git@localhost:${config._module.args.name}";
+ };
+ branchesToCheck = mkOption {
+ type = types.listOf types.str;
+ default = [ "lassulus" "makefu" "tv" ];
+ };
+ target = mkOption {
+ type = types.str;
+ default = "master";
+ };
+ timerConfig = mkOption {
+ type = types.attrsOf types.str;
+ default = {
+ OnCalendar = "*:00,15,30,45";
+ };
+ };
+ };
+ }));
+ };
+ };
+
+ imp = {
+ users.users.konsens = rec {
+ name = "konsens";
+ uid = genid name;
+ home = "/var/lib/konsens";
+ createHome = true;
+ };
+
+ systemd.timers = mapAttrs' (name: repo:
+ nameValuePair "konsens-${name}" {
+ description = "konsens timer";
+ wantedBy = [ "timers.target" ];
+ timerConfig = repo.timerConfig;
+ }
+ ) cfg.repos;
+
+ systemd.services = mapAttrs' (name: repo:
+ nameValuePair "konsens-${name}" {
+ after = [ "network.target" "secret.service" ];
+ path = [ pkgs.git ];
+ restartIfChanged = false;
+ serviceConfig = {
+ Type = "simple";
+ PermissionsStartOnly = true;
+ ExecStart = pkgs.writeDash "konsens-${name}" ''
+ if ! test -e ${name}; then
+ git clone ${repo.url} ${name}
+ fi
+ cd ${name}
+ git fetch origin
+ git push origin $(git merge-base ${concatMapStringsSep " " (branch: "origin/${branch}") repo.branchesToCheck}):refs/heads/master
+ '';
+ WorkingDirectory = /var/lib/konsens;
+ User = "konsens";
+ };
+ }
+ ) cfg.repos;
+ };
+
+in out
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index c4a5bbb0d..7d9ef5075 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -11,39 +11,6 @@ with import <stockholm/lib>;
ci = true;
monitoring = true;
}) {
- dishfire = {
- cores = 4;
- nets = rec {
- internet = {
- ip4.addr = "144.76.172.188";
- aliases = [
- "dishfire.i"
- ];
- ssh.port = 45621;
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.133.99";
- ip6.addr = "42:0000:0000:0000:0000:0000:d15f:1233";
- aliases = [
- "dishfire.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs
- Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7
- uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK
- R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd
- vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U
- HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- tinc.port = 993;
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
- };
prism = rec {
cores = 4;
extraZones = {
@@ -441,7 +408,7 @@ with import <stockholm/lib>;
};
};
};
- borg = {
+ rock = {
monitoring = false;
ci = false;
external = true;
@@ -449,22 +416,21 @@ with import <stockholm/lib>;
retiolum = {
ip4.addr = "10.243.29.171";
ip6.addr = "42:4992:6a6d:700::2";
- aliases = [ "borg.r" ];
+ aliases = [ "rock.r" ];
tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0bHZApTM7Hl4qqNakSwq
- bt7zJoTVK9ePoC3Mue1VmJ1mCKMaxKdzlO31kPeHtkilAzgyIJdgikyKFlApGsQL
- aIuU9h55X7TbikoDD6ghbSrAe3Pgc+sJ3OZ7wO7Qb8CKgJvEbkk/u68YiJgyTjYD
- HNjIQzlsGdpoSke9vwC8qWanfgN7c2MMGtakqfXDjYjCgp7O43i+SMupkMSXIXMA
- 5XUFh/vVp6xgPxBofcw0uQIyZ5v4PPFjnGPm4rnMbFzbhubntHjDadwGd5Niyw4O
- zNNKNchTLfNiuNGqTZeYd0kJ5fNMKykhpSs+ou34MvexvpuyPlFuotnPXN/nOMml
- 3nwiqzthzPuBZRLswxT0WvlA8wlbeTOKJ0wTIR4dDuAF+euDtoNocVEN5PJNc7yN
- fmwAV6geESoJbZQMSCtAp1NioaBlRPp1pFfoM/GotHywuFrTIxyoIBiYhkpWyQvq
- WYw5j13IKqkL7jDchhoBmcardmh+AP5bL3uQ84BgaYNwFzHp04qIRrrdpF0eMaHB
- /8zaqsNLn4/zQJB5ffkelwoIqfvLPQeCMLzHGHgP5xUnWgmZZGiiDLvhuaMeNq4U
- EpCKoTL178sPOgNfHfd8mEqx0qKYuPrNQEdlpa5xOZqwx56pfYpGWY+KtF2FHLhS
- iO64GCJqCi1MKBYx/NhaxKMCAwEAAQ==
- -----END PUBLIC KEY-----
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM
+ DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7
+ HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh
+ mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf
+ Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M
+ Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD
+ 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4
+ fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv
+ 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav
+ ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q
+ cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
'';
};
};
diff --git a/krebs/3modules/lass/ssh/android.rsa b/krebs/3modules/lass/ssh/android.rsa
index f5190f45c..3d35b76e4 100644
--- a/krebs/3modules/lass/ssh/android.rsa
+++ b/krebs/3modules/lass/ssh/android.rsa
@@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGgImN/9D4yJBjYlkAvT3X45kzt4n8hmgsqPcdcHWNC7fofWG4fZe8NNrTLdKsK+xYxTstj49l8Vb3YDvw4fAyyyhms/eFRlD2BRqAISwc39EIeTC4g3PXNeUtUGdczXKxsJf5iWf4kxUrUOuZ3FeKxeYXDMSqzzk1oKalhWNl4PmgRc5FzjeRJ2WziilwFq7ntLswoeTBW3c53fbcp3XuPza3M1/sN3NHJx9ZMpWVfJhZ/CXr+nqpc25ZIr5HZVZbgDTyJQimlTF5JCfU0NiiBIh7ep7x4o93tARmilit7+mWUkkxk6ba+zG6nr+s+zyd85AFAYRioOEczbC6mI44UZUB11KkEzOon5JWSA8pK+DPqsqhFkwWYMHLXZp8zemdp9kushRZ6nuI9MzBwacngro1vAvDL6jrS5MR7zf7rMAo6wexovWoEowvZz629mjC3OAt9iOm4VJdvEmq+rHLfjjznVEY6llF7DUu2QNEazaXhxZH9V9N1gyubIE97SQVqmwDrf8BGC0Hq+hC4OOweqfo4XP0etbqAfDozZbqcqyE1m9Bj8DpjrSXka1PuJf5fgEtoxPadd2qdiHMfIx9sM+4uu2nI5aFvWO3OlJmhF80QzNdFzZWjsyvJ24C1/a2FAyzoab1Sg9ljstQThseTtvlXcX8jfFn0U3RbgXgCgOWad3Oy9vA0OCdsHut0nzv3UO+T5+wv2+lvE3QSSKOlmVtdKMhCFb+Rg+FliKxyd820h9yR3wDYmkurVkAxaj8Kx5MaY/7aypOi8fRAV2FSDtCKkuMyPv4xEtdPi/4lj55pRBEO8lJkeb+WurCzZ7ZeaPdrW1YIQtToPpiz3dXeRhkts6jq8247xIplzHh9Iu18gOrnZ+ygn70g19x842vvcfLQNAghDPS93msJdSe+EtulMCwNTjUaF9LyzhW9ptLG9NmwgbT5kGsFiRw3BFdyfcQVWVzDhuP3hPPx+hjiZtFfpIKpxV9MjO1xQ830Ngk3JpSphMZTQ432yfvu9yEsUWmAa8ax1jxJ361AiIp0U2xioJmdVd3E2sxkpOUYqE89IR9X6hS3fH38Gc5IL5+BnhuZvRgXuA+nrqdU4pMB3TIoC5oXlOMRXpxaS91YiO4ERx2t6WkBRCoaDuRWnLpewV6lhjwi1+4Emlrs2q1R0K64emZTv7O1MKwWRHOlBJD3HLyCCS763OzYW4mEQcfBAQtbm6sTooJ+D/zbmYgbnZt0z/nP9R/n25pzlSPpZ49fCiRV7QN6D9mksISTz8qIiCzNBn1F7DUewXqkrdPopl4npeNVcOyyo7P1lFFGde+jq/7REdzD+vno1h9+17WZbyzQtlOyipQYzb6l4QuXq/zejJrELJAQdN4yRQq5NJzIh0HXaPnPC083T791moBflyqiwPEIWsSMfILqSqL1jVVNgvV4fHnMixgH2zK9f0EyE3fG9PnuRribPR2DlESqpHZTcBixgh660EPKh0gCLYoWKgU= lass-android@XperiaXCompact
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPH4c2zQCaCmus4T9GvaY1lrgVR9CKV3Fx1vRn1K1XB u0_a194@android
diff --git a/krebs/krops.nix b/krebs/krops.nix
index 0e80aec0e..c334bc07d 100644
--- a/krebs/krops.nix
+++ b/krebs/krops.nix
@@ -12,7 +12,7 @@
krebs-source = {
nixpkgs.git = {
- ref = "d0c868ec17c2cb2ca845f33fbfe381e9c7e55516";
+ ref = (lib.importJSON ./nixpkgs.json).rev;
url = https://github.com/NixOS/nixpkgs;
};
stockholm.file = toString ../.;
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
new file mode 100644
index 000000000..a9a0f6634
--- /dev/null
+++ b/krebs/nixpkgs.json
@@ -0,0 +1,7 @@
+{
+ "url": "https://github.com/NixOS/nixpkgs-channels",
+ "rev": "a37638d46706610d12c9747614fd1b8f8d35ad48",
+ "date": "2018-08-30T21:03:26+02:00",
+ "sha256": "0rsdkk4z7pkqr2mw0pq7i6fkqs7gbi5kral3c8smm9bw104sn8v7",
+ "fetchSubmodules": true
+}
diff --git a/krebs/update-channel.sh b/krebs/update-channel.sh
new file mode 100755
index 000000000..47d3f29c4
--- /dev/null
+++ b/krebs/update-channel.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+dir=$(dirname $0)
+oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
+nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
+ --url https://github.com/NixOS/nixpkgs-channels \
+ --rev refs/heads/nixos-18.03' \
+> $dir/nixpkgs.json
+newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
+git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index eafc0d06c..305b3f70e 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -30,7 +30,8 @@ with import <stockholm/lib>;
};
environment.systemPackages = with pkgs; [
pavucontrol
- firefox
+ #firefox
+ chromium
hexchat
networkmanagerapplet
libreoffice
diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix
deleted file mode 100644
index 3d5f32180..000000000
--- a/lass/1systems/dishfire/config.nix
+++ /dev/null
@@ -1,63 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/git.nix>
- {
- networking.dhcpcd.allowInterfaces = [
- "enp*"
- "eth*"
- "ens*"
- ];
- }
- {
- sound.enable = false;
- }
- {
- environment.systemPackages = with pkgs; [
- mk_sql_pair
- ];
- }
- {
- imports = [
- <stockholm/lass/2configs/websites/fritz.nix>
- ];
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport https"; target = "ACCEPT"; }
- ];
- }
- {
- #TODO: abstract & move to own file
- krebs.exim-smarthost = {
- enable = true;
- relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
- config.krebs.hosts.mors
- config.krebs.hosts.uriel
- ];
- system-aliases = [
- { from = "mailer-daemon"; to = "postmaster"; }
- { from = "postmaster"; to = "root"; }
- { from = "nobody"; to = "root"; }
- { from = "hostmaster"; to = "root"; }
- { from = "usenet"; to = "root"; }
- { from = "news"; to = "root"; }
- { from = "webmaster"; to = "root"; }
- { from = "www"; to = "root"; }
- { from = "ftp"; to = "root"; }
- { from = "abuse"; to = "root"; }
- { from = "noc"; to = "root"; }
- { from = "security"; to = "root"; }
- { from = "root"; to = "lass"; }
- ];
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
- ];
- }
- ];
-
- krebs.build.host = config.krebs.hosts.dishfire;
-}
diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix
deleted file mode 100644
index 64e3904e0..000000000
--- a/lass/1systems/dishfire/physical.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- imports = [
- ./config.nix
- <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
- ];
-
- boot.loader.grub = {
- device = "/dev/vda";
- splashImage = null;
- };
-
- boot.initrd.availableKernelModules = [
- "ata_piix"
- "ehci_pci"
- "uhci_hcd"
- "virtio_pci"
- "virtio_blk"
- ];
-
- fileSystems."/" = {
- device = "/dev/mapper/pool-nix";
- fsType = "ext4";
- };
-
- fileSystems."/srv/http" = {
- device = "/dev/pool/srv_http";
- fsType = "ext4";
- };
-
- fileSystems."/boot" = {
- device = "/dev/vda1";
- fsType = "ext4";
- };
- fileSystems."/bku" = {
- device = "/dev/pool/bku";
- fsType = "ext4";
- };
-}
diff --git a/lass/1systems/dishfire/source.nix b/lass/1systems/dishfire/source.nix
deleted file mode 100644
index 2445af130..000000000
--- a/lass/1systems/dishfire/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/lass/source.nix> {
- name = "dishfire";
-}
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index 257e51ee3..68acf12b8 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -1,48 +1,7 @@
with import <stockholm/lib>;
-{ config, lib, pkgs, ... }:
-
+{ pkgs, ... }:
{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/baseX.nix>
- <stockholm/lass/2configs/browsers.nix>
- <stockholm/lass/2configs/mouse.nix>
- <stockholm/lass/2configs/pass.nix>
- {
- services.xserver.dpi = 200;
- fonts.fontconfig.dpi = 200;
- lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola";
- lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola";
- lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol";
- }
- ];
- krebs.build.host = config.krebs.hosts.helios;
-
environment.systemPackages = with pkgs; [
- ag
- vim
- git
- rsync
- hashPassword
- thunderbird
dpass
-
- # we want tensorflow! (with GPU acceleration)
- python3Packages.tensorflowWithCuda
];
-
- users.users = {
- root.openssh.authorizedKeys.keys = [
- config.krebs.users.lass-helios.pubkey
- ];
- };
-
- services.tlp.enable = true;
-
- services.printing.drivers = [ pkgs.postscript-lexmark ];
-
- services.logind.extraConfig = ''
- HandleLidSwitch=ignore
- '';
-
}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index b9fda2949..0f20d1c4e 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -287,6 +287,8 @@ with import <stockholm/lib>;
{
users.users.download.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe"
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse"
];
}
{
@@ -337,7 +339,7 @@ with import <stockholm/lib>;
{
# lass-android
allowedIPs = [ "10.244.1.2/32" ];
- publicKey = "63+ns9AGv6e6a8WgxiZNFEt1xQT0YKFlEHzRaYJWtmk=";
+ publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
}
];
};
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 30757964c..191e25831 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -85,6 +85,8 @@ with import <stockholm/lib>;
{ from = "qwertee@lassul.us"; to = lass.mail; }
{ from = "zazzle@lassul.us"; to = lass.mail; }
{ from = "hackbeach@lassul.us"; to = lass.mail; }
+ { from = "transferwise@lassul.us"; to = lass.mail; }
+ { from = "cis@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }