diff options
Diffstat (limited to 'makefu')
16 files changed, 176 insertions, 20 deletions
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index bbb99390d..98f3ecd22 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -7,26 +7,38 @@ { imports = [ # Include the results of the hardware scan. - <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + # Base ../2configs/base.nix - ../2configs/cgit-retiolum.nix - # ../2configs/graphite-standalone.nix - ../2configs/vm-single-partition.nix ../2configs/tinc-basic-retiolum.nix + # HW/FS + <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + ../2configs/fs/vm-single-partition.nix + + # Services + ../2configs/git/cgit-retiolum.nix + + ## Reaktor + ## \/ are only plugins, must enable Reaktor explicitly + ../2configs/Reaktor/stockholmLentil.nix + ../2configs/Reaktor/simpleExtend.nix + ../2configs/exim-retiolum.nix ../2configs/urlwatch.nix + + # ../2configs/graphite-standalone.nix ]; + krebs.Reaktor.enable = true; + krebs.build.host = config.krebs.hosts.pnp; krebs.build.user = config.krebs.users.makefu; krebs.build.target = "root@pnp"; - krebs.Reaktor.enable = true; krebs.build.deps = { nixpkgs = { url = https://github.com/NixOS/nixpkgs; - rev = "13576925552b1d0751498fdda22e91a055a1ff6c"; + rev = "03921972268934d900cc32dad253ff383926771c"; }; }; diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 1e2c31257..4dcfe4eca 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -13,9 +13,7 @@ ../2configs/tinc-basic-retiolum.nix #../2configs/disable_v6.nix - #../2configs/sda-crypto-root.nix - ../2configs/sda-crypto-root-home.nix - + # environment ../2configs/zsh-user.nix # applications @@ -23,16 +21,22 @@ ../2configs/virtualization.nix ../2configs/wwan.nix - ../2configs/Reaktor/simpleExtend.nix + # services + ../2configs/git/brain-retiolum.nix + # ../2configs/Reaktor/simpleExtend.nix # hardware specifics are in here - ../2configs/tp-x220.nix + ../2configs/hw/tp-x220.nix + # mount points + ../2configs/fs/sda-crypto-root-home.nix ]; krebs.build.host = config.krebs.hosts.pornocauster; krebs.build.user = config.krebs.users.makefu; krebs.build.target = "root@pornocauster"; + #krebs.Reaktor.nickname = "makefu|r"; + networking.firewall.allowedTCPPorts = [ 25 ]; @@ -41,7 +45,7 @@ nixpkgs = { url = https://github.com/NixOS/nixpkgs; #url = https://github.com/makefu/nixpkgs; - rev = "13576925552b1d0751498fdda22e91a055a1ff6c"; + rev = "03921972268934d900cc32dad253ff383926771c"; }; }; } diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index 67db22460..3c2bb2eda 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -9,9 +9,9 @@ ../2configs/base.nix ../2configs/base-gui.nix ../2configs/tinc-basic-retiolum.nix - ../2configs/sda-crypto-root.nix + ../2configs/fs/sda-crypto-root.nix # hardware specifics are in here - ../2configs/tp-x200.nix #< imports tp-x2x0.nix + ../2configs/hw/tp-x200.nix #< imports tp-x2x0.nix ../2configs/disable_v6.nix ../2configs/rad1o.nix diff --git a/makefu/2configs/Reaktor/random-issue.sh b/makefu/2configs/Reaktor/random-issue.sh new file mode 100644 index 000000000..5c47c6156 --- /dev/null +++ b/makefu/2configs/Reaktor/random-issue.sh @@ -0,0 +1,20 @@ +#! /bin/sh +set -eu +# requires env: +# $state_dir +# $origin + +# in PATH: git,lentil,coreutils +subdir=`echo "$1" | tr -dc "[:alnum:]"` +name=`echo "$origin" | tr -dc "[:alnum:]"` +track="$state_dir/$name-checkout" +(if test -e "$track" ;then + cd "$track" + git fetch origin master + git reset --hard origin/master +else + git clone "$origin" "$track" +fi) >&2 + +cd "$track" +lentil "${subdir:-.}" -f csv | sed 1d | shuf | head -1 diff --git a/makefu/2configs/Reaktor/simpleExtend.nix b/makefu/2configs/Reaktor/simpleExtend.nix index 3b55ca412..95175a4e0 100644 --- a/makefu/2configs/Reaktor/simpleExtend.nix +++ b/makefu/2configs/Reaktor/simpleExtend.nix @@ -8,8 +8,6 @@ let echo "$PRETTY_NAME" ''; in { - krebs.Reaktor.enable = true; - krebs.Reaktor.nickname = "test-reaktor"; krebs.Reaktor.extraConfig = '' public_commands.insert(0,{ 'capname' : "nixos-version", diff --git a/makefu/2configs/Reaktor/stockholmLentil.nix b/makefu/2configs/Reaktor/stockholmLentil.nix new file mode 100644 index 000000000..147fb5a7a --- /dev/null +++ b/makefu/2configs/Reaktor/stockholmLentil.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, ... }: + +with pkgs; +let + random-issue = pkgs.writeScript "random-issue" (builtins.readFile ./random-issue.sh); + random-issue-path = lib.makeSearchPath "bin" (with pkgs; [ + coreutils + git + gnused + lentil]); +in { + # TODO: make origin a variable, <- module is generic enough to handle different origins, not only stockholm + krebs.Reaktor.extraConfig = '' + public_commands.insert(0,{ + 'capname' : "stockholm-issue", + 'pattern' : indirect_pattern.format("stockholm-issue"), + 'argv' : ["${random-issue}"], + 'env' : { 'state_dir': workdir, + 'PATH':'${random-issue-path}', + 'origin':'http://cgit.pnp/stockholm' } }) + ''; +} diff --git a/makefu/2configs/fs/cac-boot-partition.nix b/makefu/2configs/fs/cac-boot-partition.nix new file mode 100644 index 000000000..fdf4b89d8 --- /dev/null +++ b/makefu/2configs/fs/cac-boot-partition.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +# vda1 ext4 (label nixos) -> only root partition +with lib; +{ + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "ext4"; + }; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + hardware.cpu.amd.updateMicrocode = true; + +} diff --git a/makefu/2configs/sda-crypto-root-home.nix b/makefu/2configs/fs/sda-crypto-root-home.nix index 3821c7504..3821c7504 100644 --- a/makefu/2configs/sda-crypto-root-home.nix +++ b/makefu/2configs/fs/sda-crypto-root-home.nix diff --git a/makefu/2configs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix index 54db87547..54db87547 100644 --- a/makefu/2configs/sda-crypto-root.nix +++ b/makefu/2configs/fs/sda-crypto-root.nix diff --git a/makefu/2configs/vm-single-partition.nix b/makefu/2configs/fs/vm-single-partition.nix index 78a5e7175..78a5e7175 100644 --- a/makefu/2configs/vm-single-partition.nix +++ b/makefu/2configs/fs/vm-single-partition.nix diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix new file mode 100644 index 000000000..0ab64773f --- /dev/null +++ b/makefu/2configs/git/brain-retiolum.nix @@ -0,0 +1,77 @@ +{ config, lib, pkgs, ... }: +# TODO: remove tv lib :) +with import ../../../tv/4lib { inherit lib pkgs; }; +let + + repos = priv-repos // krebs-repos ; + rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos); + + krebs-repos = mapAttrs make-krebs-repo { + brain = { + desc = "braiiiins"; + }; + }; + + priv-repos = mapAttrs make-priv-repo { + autosync = { }; + }; + + # TODO move users to separate module + make-priv-repo = name: { desc ? null, ... }: { + inherit name desc; + public = false; + }; + + make-krebs-repo = with git; name: { desc ? null, ... }: { + inherit name desc; + public = false; + hooks = { + post-receive = git.irc-announce { + nick = config.networking.hostName; + channel = "#retiolum"; + # TODO remove the hardcoded hostname + server = "cd.retiolum"; + }; + }; + }; + + set-owners = with git;repo: user: + singleton { + inherit user; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + }; + + set-ro-access = with git; repo: user: + optional repo.public { + inherit user; + repo = [ repo ]; + perm = fetch; + }; + + # TODO: get the list of all krebsministers + krebsminister = with config.krebs.users; [ lass tv ]; + all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ]; + + priv-rules = repo: set-owners repo all-makefu; + + krebs-rules = repo: + set-owners repo all-makefu ++ set-ro-access repo krebsminister; + +in { + imports = [{ + krebs.users.makefu-omo = { + name = "makefu-omo" ; + pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub; + }; + krebs.users.makefu-tsp = { + name = "makefu-tsp" ; + pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub; + }; + }]; + krebs.git = { + enable = true; + cgit = false; + inherit repos rules; + }; +} diff --git a/makefu/2configs/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index a40dabb3f..40b51e601 100644 --- a/makefu/2configs/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: # TODO: remove tv lib :) -with import ../../tv/4lib { inherit lib pkgs; }; +with import ../../../tv/4lib { inherit lib pkgs; }; let repos = priv-repos // krebs-repos ; @@ -63,11 +63,11 @@ in { imports = [{ krebs.users.makefu-omo = { name = "makefu-omo" ; - pubkey= with builtins; readFile ../../krebs/Zpubkeys/makefu_omo.ssh.pub; + pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub; }; krebs.users.makefu-tsp = { name = "makefu-tsp" ; - pubkey= with builtins; readFile ../../krebs/Zpubkeys/makefu_tsp.ssh.pub; + pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub; }; }]; krebs.git = { diff --git a/makefu/2configs/tp-x200.nix b/makefu/2configs/hw/tp-x200.nix index ed46875d8..ed46875d8 100644 --- a/makefu/2configs/tp-x200.nix +++ b/makefu/2configs/hw/tp-x200.nix diff --git a/makefu/2configs/tp-x220.nix b/makefu/2configs/hw/tp-x220.nix index f03922150..f03922150 100644 --- a/makefu/2configs/tp-x220.nix +++ b/makefu/2configs/hw/tp-x220.nix diff --git a/makefu/2configs/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index aa2fc2050..aa2fc2050 100644 --- a/makefu/2configs/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 015f472f7..417808425 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with import ../../krebs/4lib { inherit lib; }; +with lib; let cfg = config.krebs; |