diff options
42 files changed, 734 insertions, 61 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 438836f5..b4e7f925 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -108,8 +108,8 @@ let # Implements environment.etc."zones/<zone-name>" environment.etc = let - stripEmptyLines = s: concatStringsSep "\n" - (remove "\n" (remove "" (splitString "\n" s))); + stripEmptyLines = s: (concatStringsSep "\n" + (remove "\n" (remove "" (splitString "\n" s)))) + "\n"; all-zones = foldAttrs (sum: current: sum + "\n" +current ) "" ([cfg.zone-head-config] ++ combined-hosts); combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts ); diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 498282b0..0be16625 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -33,7 +33,7 @@ let in { hosts = addNames { echelon = { - cores = 4; + cores = 2; dc = "lass"; #dc = "cac"; nets = rec { internet = { @@ -66,6 +66,39 @@ in { ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK"; }; + prism = { + cores = 4; + dc = "lass"; #dc = "cac"; + nets = rec { + internet = { + addrs4 = ["213.239.205.240"]; + aliases = [ + "prism.internet" + ]; + }; + retiolum = { + via = internet; + addrs4 = ["10.243.0.103"]; + addrs6 = ["42:0000:0000:0000:0000:0000:0000:15ab"]; + aliases = [ + "prism.retiolum" + "cgit.prism.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl + kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl + JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I + AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5 + jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j + anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKVjJrM7fHfHpvZXEA3hmX4JliHl6h6Q8AGOPcu+9fF"; + }; fastpoke = { dc = "lass"; nets = rec { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index d328033c..652527da 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -164,6 +164,8 @@ with lib; dc = "makefu"; #dc = "cac"; extraZones = { "krebsco.de" = '' + euer IN A ${head nets.internet.addrs4} + wiki.euer IN A ${head nets.internet.addrs4} wry IN A ${head nets.internet.addrs4} io IN NS wry.krebsco.de. graphs IN A ${head nets.internet.addrs4} @@ -185,9 +187,14 @@ with lib; addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"]; aliases = [ "graphs.wry.retiolum" + "graphs.retiolum" "paste.wry.retiolum" "paste.retiolum" "wry.retiolum" + "wiki.makefu.retiolum" + "wiki.wry.retiolum" + "blog.makefu.retiolum" + "blog.wry.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -207,14 +214,37 @@ with lib; }; }; }; + filepimp = rec { + cores = 1; + dc = "makefu"; #nas + + nets = { + retiolum = { + addrs4 = ["10.243.153.102"]; + addrs6 = ["42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"]; + aliases = [ + "filepimp.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY + BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3 + i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7 + 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS + u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa + OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; gum = rec { cores = 1; dc = "online.net"; #root-server extraZones = { "krebsco.de" = '' - omo IN A ${head nets.internet.addrs4} - euer IN A ${head nets.internet.addrs4} + share.euer IN A ${head nets.internet.addrs4} gum IN A ${head nets.internet.addrs4} ''; }; diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index a6c62835..e415d20a 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -95,8 +95,12 @@ let ExecStartPre = pkgs.writeScript "tinc_graphs-init" '' #!/bin/sh + mkdir -p "${internal_dir}" "${external_dir}" if ! test -e "${cfg.workingDir}/internal/index.html"; then - cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/" "${internal_dir}" + cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}" + fi + if ! test -e "${cfg.workingDir}/external/index.html"; then + cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}" fi ''; @@ -118,7 +122,6 @@ let users.extraUsers.tinc_graphs = { uid = 3925439960; #genid tinc_graphs home = "/var/spool/tinc_graphs"; - createHome = true; }; krebs.nginx.servers = mkIf cfg.nginx.enable { diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 80d9f5e9..206bc569 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -56,6 +56,13 @@ let https://nixos.org/channels/nixos-unstable/git-revision ]; }; + verbose = mkOption { + type = types.bool; + default = false; + description = '' + verbose output of urlwatch + ''; + }; }; urlsFile = toFile "urls" (concatStringsSep "\n" cfg.urls); @@ -106,7 +113,7 @@ let cd /tmp - urlwatch -e --urls="$urlsFile" > changes 2>&1 || : + urlwatch -e ${optionalString cfg.verbose "-v"} --urls="$urlsFile" > changes || : if test -s changes; then date=$(date -R) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index 94c9b0fb..182a068e 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -11,12 +11,28 @@ prepare() {( ;; centos) case $VERSION_ID in + 6) + prepare_centos "$@" + exit + ;; 7) prepare_centos "$@" exit ;; esac ;; + debian) + case $VERSION_ID in + 7) + prepare_debian "$@" + exit + ;; + 8) + prepare_debian "$@" + exit + ;; + esac + ;; esac elif test -e /etc/centos-release; then case $(cat /etc/centos-release) in @@ -31,6 +47,7 @@ prepare() {( )} prepare_arch() { + pacman -Sy type bzip2 2>/dev/null || pacman -S --noconfirm bzip2 type git 2>/dev/null || pacman -S --noconfirm git type rsync 2>/dev/null || pacman -S --noconfirm rsync @@ -44,6 +61,14 @@ prepare_centos() { prepare_common } +prepare_debian() { + apt-get update + type bzip2 2>/dev/null || apt-get install bzip2 + type git 2>/dev/null || apt-get install git + type rsync 2>/dev/null || apt-get install rsync + prepare_common +} + prepare_common() { if ! getent group nixbld >/dev/null; then diff --git a/krebs/5pkgs/bepasty-client-cli/default.nix b/krebs/5pkgs/bepasty-client-cli/default.nix new file mode 100644 index 00000000..990f99af --- /dev/null +++ b/krebs/5pkgs/bepasty-client-cli/default.nix @@ -0,0 +1,22 @@ +{ lib, pkgs, pythonPackages, fetchurl, ... }: + +with pythonPackages; buildPythonPackage rec { + name = "bepasty-client-cli-${version}"; + version = "0.3.0"; + propagatedBuildInputs = [ + python_magic + click + requests2 + ]; + + src = fetchurl { + url = "https://pypi.python.org/packages/source/b/bepasty-client-cli/bepasty-client-cli-${version}.tar.gz"; + sha256 = "002kcplyfnmr5pn2ywdfilss0rmbm8wcdzz8hzp03ksy2zr4sdbw"; + }; + + meta = { + homepage = https://github.com/bepasty/bepasty-client-cli; + description = "CLI client for bepasty-server"; + license = lib.licenses.bsd2; + }; +} diff --git a/krebs/5pkgs/collectd-connect-time/default.nix b/krebs/5pkgs/collectd-connect-time/default.nix new file mode 100644 index 00000000..52538802 --- /dev/null +++ b/krebs/5pkgs/collectd-connect-time/default.nix @@ -0,0 +1,15 @@ +{lib, pkgs, pythonPackages, fetchurl, ... }: + +pythonPackages.buildPythonPackage rec { + name = "collectd-connect-time-${version}"; + version = "0.3.0"; + src = fetchurl { + url = "https://pypi.python.org/packages/source/c/collectd-connect-time/collectd-connect-time-${version}.tar.gz"; + sha256 = "0vvrf9py9bwc8hk3scxwg4x2j8jlp2qva0mv4q8d9m4b4mk99c95"; + }; + meta = { + homepage = https://pypi.python.org/pypi/collectd-connect-time/; + description = "TCP Connection time plugin for collectd"; + license = lib.licenses.wtfpl; + }; +} diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix new file mode 100644 index 00000000..fb318af8 --- /dev/null +++ b/krebs/5pkgs/krebspaste/default.nix @@ -0,0 +1,7 @@ +{ writeScriptBin, pkgs }: + +# TODO: use `wrapProgram --add-flags` instead? +writeScriptBin "krebspaste" '' + #! /bin/sh + exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@" +'' diff --git a/makefu/5pkgs/tinc_graphs/default.nix b/krebs/5pkgs/tinc_graphs/default.nix index 62a787d3..e5f1e40e 100644 --- a/makefu/5pkgs/tinc_graphs/default.nix +++ b/krebs/5pkgs/tinc_graphs/default.nix @@ -2,14 +2,14 @@ python3Packages.buildPythonPackage rec { name = "tinc_graphs-${version}"; - version = "0.3.6"; + version = "0.3.9"; propagatedBuildInputs = with pkgs;[ python3Packages.pygeoip ## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat ]; src = fetchurl { url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz"; - sha256 = "0ghdx9aaipmppvc2b6cgks4nxw6zsb0fhjrmnisbx7rz0vjvzc74"; + sha256 = "0hjmkiclvyjb3707285x4b8mk5aqjcvh383hvkad1h7p1n61qrfx"; }; preFixup = with pkgs;'' wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin" diff --git a/krebs/5pkgs/translate-shell/default.nix b/krebs/5pkgs/translate-shell/default.nix new file mode 100644 index 00000000..00ab226e --- /dev/null +++ b/krebs/5pkgs/translate-shell/default.nix @@ -0,0 +1,43 @@ +{stdenv, fetchurl,pkgs,... }: +let + s = + rec { + baseName="translate-shell"; + version="0.9.0.9"; + name="${baseName}-${version}"; + url=https://github.com/soimort/translate-shell/archive/v0.9.0.9.tar.gz; + sha256="1269j4yr9dr1d8c5kmysbzfplbgdg8apqnzs5w57d29sd7gz2i34"; + }; + searchpath = with pkgs; stdenv.lib.makeSearchPath "bin" [ + fribidi + gawk + bash + curl + less + ]; + buildInputs = [ + pkgs.makeWrapper + ]; +in +stdenv.mkDerivation { + inherit (s) name version; + inherit buildInputs; + src = fetchurl { + inherit (s) url sha256; + }; + # TODO: maybe mplayer + installPhase = '' + mkdir -p $out/bin + make PREFIX=$out install + wrapProgram $out/bin/trans --suffix PATH : "${searchpath}" + ''; + + meta = { + inherit (s) version; + description = ''translate using google api''; + license = stdenv.lib.licenses.free; + maintainers = [stdenv.lib.maintainers.makefu]; + platforms = stdenv.lib.platforms.linux ; + }; +} + diff --git a/krebs/Zhosts/gum b/krebs/Zhosts/gum index f1eaa4ea..d43bb0d0 100644 --- a/krebs/Zhosts/gum +++ b/krebs/Zhosts/gum @@ -2,7 +2,6 @@ Address= 195.154.108.70 Address= 195.154.108.70 53 Subnet = 10.243.0.211 Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2 -Aliases = paste -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY diff --git a/krebs/Zhosts/prism b/krebs/Zhosts/prism new file mode 100644 index 00000000..4c875631 --- /dev/null +++ b/krebs/Zhosts/prism @@ -0,0 +1,12 @@ +Address = 213.239.205.240 +Subnet = 10.243.0.103 +Subnet = 42:0000:0000:0000:0000:0000:0000:15ab + +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl +kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl +JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I +AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5 +jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j +anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index 94c793b0..dc0ca027 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -47,6 +47,23 @@ in { { predicate = "-i retiolum -p udp --dport 53"; target = "ACCEPT"; } ]; } + { + users.extraUsers = { + satan = { + name = "satan"; + uid = 1338; + home = "/home/satan"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com" + ]; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.echelon; diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix new file mode 100644 index 00000000..570cdfb7 --- /dev/null +++ b/lass/1systems/prism.nix @@ -0,0 +1,88 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) head; + + ip = (head config.krebs.build.host.nets.internet.addrs4); +in { + imports = [ + ../2configs/base.nix + ../2configs/downloading.nix + { + users.extraGroups = { + # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories + # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) + # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago + # Docs: man:tmpfiles.d(5) + # man:systemd-tmpfiles(8) + # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) + # Main PID: 19272 (code=exited, status=1/FAILURE) + # + # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE + # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. + # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. + # warning: error(s) occured while switching to the new configuration + lock.gid = 10001; + }; + } + { + networking.interfaces.et0.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = "213.239.205.225"; + networking.nameservers = [ + "8.8.8.8" + ]; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" + ''; + + } + { + #boot.loader.gummiboot.enable = true; + #boot.loader.efi.canTouchEfiVariables = true; + boot.loader.grub = { + devices = [ + "/dev/sda" + "/dev/sdb" + ]; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + + fileSystems."/" = { + device = "/dev/pool/nix"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36"; + }; + + fileSystems."/var/download" = { + device = "/dev/pool/download"; + }; + + } + { + sound.enable = false; + } + { + #workaround for server dying after 6-7h + boot.kernelPackages = pkgs.linuxPackages_4_2; + } + ]; + + krebs.build.host = config.krebs.hosts.prism; +} diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 6fa9c5b2..057af7bc 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -27,8 +27,6 @@ with lib; createHome = true; useDefaultShell = true; extraGroups = [ - "audio" - "wheel" ]; openssh.authorizedKeys.keys = map readFile [ ../../krebs/Zpubkeys/lass.ssh.pub @@ -50,7 +48,7 @@ with lib; source = { git.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "33bdc011f5360288cd10b9fda90da2950442b2ab"; + rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80"; }; dir.secrets = { host = config.krebs.hosts.mors; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1f5c3de5..3be3676a 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -8,6 +8,8 @@ in { ./urxvt.nix ]; + users.extraUsers.mainUser.extraGroups = [ "audio" ]; + time.timeZone = "Europe/Berlin"; virtualisation.libvirtd.enable = true; diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 5052da5c..553a3a55 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -1,5 +1,6 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: +with lib; { imports = [ ../3modules/folderPerms.nix @@ -10,9 +11,13 @@ name = "download"; home = "/var/download"; createHome = true; + useDefaultShell = true; extraGroups = [ "download" ]; + openssh.authorizedKeys.keys = map readFile [ + ../../krebs/Zpubkeys/lass.ssh.pub + ]; }; transmission = { @@ -43,6 +48,7 @@ rpc-username = "download"; #add rpc-password in secrets rpc-password = "test123"; + peer-port = 51413; }; }; @@ -50,6 +56,8 @@ enable = true; tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } + { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } ]; }; diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 2164b2e3..7e8fc03c 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -33,6 +33,8 @@ let web-routes-wai-custom = {}; go = {}; newsbot-js = {}; + kimsufi-check = {}; + realwallpaper = {}; }; restricted-repos = mapAttrs make-restricted-repo ( diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 7f0bcc5e..d26a2f4c 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -16,7 +16,7 @@ enable = true; hosts = ../../krebs/Zhosts; connectTo = [ - "fastpoke" + "prism" "cloudkrebs" "echelon" "pigstarter" diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix new file mode 100644 index 00000000..fabecec8 --- /dev/null +++ b/makefu/1systems/filepimp.nix @@ -0,0 +1,41 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ../2configs/base.nix + ../2configs/fs/vm-single-partition.nix + ../2configs/fs/single-partition-ext4.nix + ../2configs/tinc-basic-retiolum.nix + ../2configs/base-sources.nix + ]; + krebs.build.host = config.krebs.hosts.filepimp; + krebs.build.user = config.krebs.users.makefu; + krebs.build.target = "root@filepimp"; + + # AMD N54L + boot = { + loader.grub.device = "/dev/sda"; + + initrd.availableKernelModules = [ + "usb_storage" + "ahci" + "xhci_hcd" + "ata_piix" + "uhci_hcd" + "ehci_pci" + ]; + + kernelModules = [ ]; + extraModulePackages = [ ]; + }; + + hardware.enableAllFirmware = true; + hardware.cpu.amd.updateMicrocode = true; + + networking.firewall.allowPing = true; +} diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix new file mode 100644 index 00000000..c4fa064b --- /dev/null +++ b/makefu/1systems/gum.nix @@ -0,0 +1,44 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + external-ip = head config.krebs.build.host.nets.internet.addrs4; + internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; +in { + imports = [ + # TODO: copy this config or move to krebs |