3 files changed, 70 insertions, 9 deletions

diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 95d09282..93ca8f64 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -2,23 +2,32 @@
 
 with import <stockholm/lib>;
 let
+  external-mac = "3a:66:48:8e:82:b2";
   external-ip = config.krebs.build.host.nets.internet.ip4.addr;
+  external-gw = "188.68.40.1";
+  external-netmask = 22;
   internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+  main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
 in {
   imports = [
       ../.
+       <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
       ../2configs/headless.nix
-      ../2configs/fs/simple-swap.nix
       ../2configs/fs/single-partition-ext4.nix
       ../2configs/smart-monitor.nix
       ../2configs/git/cgit-retiolum.nix
       ../2configs/backup.nix
       # ../2configs/mattermost-docker.nix
-      ../2configs/disable_v6.nix
+      # ../2configs/disable_v6.nix
       ../2configs/exim-retiolum.nix
       ../2configs/tinc/retiolum.nix
       ../2configs/urlwatch.nix
 
+      # Tools
+      ../2configs/tools/core.nix
+      ../2configs/tools/dev.nix
+      ../2configs/tools/sec.nix
+
       # services
       ../2configs/gum-share.nix
       ../2configs/sabnzbd.nix
@@ -46,7 +55,7 @@ in {
       # ../2configs/logging/central-logging-client.nix
 
   ];
-  services.smartd.devices = [ { device = "/dev/sda";} ];
+  services.smartd.devices = [ { device = main-disk;} ];
   makefu.dl-dir = "/var/download";
 
 
@@ -83,16 +92,15 @@ in {
     get
   ];
   services.bitlbee.enable = true;
-  systemd.services.bitlbee.environment.BITLBEE_DEBUG="1";
 
   # Hardware
-  boot.loader.grub.device = "/dev/sda";
-  boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ];
+  boot.loader.grub.device = main-disk;
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
   boot.kernelModules = [ "kvm-intel" ];
 
   # Network
   services.udev.extraRules = ''
-    SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
+    SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="et0"
   '';
   boot.kernelParams = [ ];
   networking = {
@@ -124,9 +132,9 @@ in {
     };
     interfaces.et0.ip4 = [{
       address = external-ip;
-      prefixLength = 24;
+      prefixLength = external-netmask;
     }];
-    defaultGateway = "195.154.108.1";
+    defaultGateway = external-gw;
     nameservers = [ "8.8.8.8" ];
   };
 
diff --git a/makefu/1systems/iso.nix b/makefu/1systems/iso.nix
new file mode 100644
index 00000000..ee1046f7
--- /dev/null
+++ b/makefu/1systems/iso.nix
@@ -0,0 +1,50 @@
+{ config, pkgs, lib, ... }:
+
+with import <stockholm/lib>;
+{
+  imports = [
+    ../.
+    <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
+    <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
+    ../2configs/tools/core.nix
+  ];
+  # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
+  # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
+  krebs.build.host = config.krebs.hosts.iso;
+  krebs.hidden-ssh.enable = true;
+  environment.systemPackages = with pkgs; [
+    aria2
+    ddrescue
+  ];
+  environment.extraInit = ''
+    EDITOR=vim
+  '';
+  # iso-specific
+  boot.kernelParams = [ "copytoram" ];
+  services.openssh = {
+    enable = true;
+    hostKeys = [
+      { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+    ];
+  };
+  # enable ssh in the iso boot process
+  systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
+  # hack `tee` behavior
+  nixpkgs.config.packageOverrides = super: {
+    irc-announce = super.callPackage <stockholm/krebs/5pkgs/irc-announce> {
+      pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [
+        pkgs.coreutils
+        (pkgs.writeDashBin "tee" ''
+          if test "$1" = /dev/stderr; then
+            while read -r line; do
+              echo "$line"
+              echo "$line" >&2
+            done
+          else
+            ${super.coreutils}/bin/tee "$@"
+          fi
+        '')
+      ];};
+    };
+  };
+}
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index ff34ee84..91785a07 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -55,7 +55,10 @@ in {
       ../2configs/logging/central-stats-server.nix
       # ../2configs/logging/central-logging-server.nix
       ../2configs/logging/central-stats-client.nix
+
+      # services
       ../2configs/syncthing.nix
+      ../2configs/mqtt.nix
       # ../2configs/logging/central-logging-client.nix
 
       # ../2configs/torrent.nix