diff options
Diffstat (limited to 'modules')
90 files changed, 0 insertions, 7000 deletions
diff --git a/modules/cd/default.nix b/modules/cd/default.nix deleted file mode 100644 index e3abd47ef..000000000 --- a/modules/cd/default.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ config, pkgs, ... }: - -let - inherit (builtins) readFile; -in - -{ - imports = - [ - { users.extraUsers = import <secrets/extraUsers.nix>; } - ./networking.nix - ./users.nix - ../tv/base.nix - ../tv/base-cac-CentOS-7-64bit.nix - ../tv/config/consul-server.nix - ../tv/ejabberd.nix # XXX echtes modul - ../tv/exim-smarthost.nix - ../tv/git/public.nix - ../tv/sanitize.nix - { - imports = [ ../tv/identity ]; - tv.identity = { - enable = true; - self = config.tv.identity.hosts.cd; - }; - } - { - imports = [ ../tv/iptables ]; - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "ssh" - "tinc" - "smtp" - "xmpp-client" - "xmpp-server" - ]; - input-retiolum-accept-new-tcp = [ - "http" - ]; - }; - } - { - imports = [ ../tv/retiolum ]; - tv.retiolum = { - enable = true; - hosts = <retiolum-hosts>; - connectTo = [ - "fastpoke" - "pigstarter" - "ire" - ]; - }; - } - ]; - - # "Developer 2" plan has two vCPUs. - nix.maxJobs = 2; - - environment.systemPackages = with pkgs; [ - git # required for ./deploy, clone_or_update - htop - iftop - iotop - iptables - mutt # for mv - nethogs - rxvt_unicode.terminfo - tcpdump - ]; - - services.ejabberd-cd = { - enable = true; - }; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - permitRootLogin = "yes"; - }; - - sound.enable = false; -} diff --git a/modules/cd/networking.nix b/modules/cd/networking.nix deleted file mode 100644 index 215e20829..000000000 --- a/modules/cd/networking.nix +++ /dev/null @@ -1,14 +0,0 @@ -{...}: -{ - networking.hostName = "cd"; - networking.interfaces.enp2s1.ip4 = [ - { - address = "162.219.7.216"; - prefixLength = 24; - } - ]; - networking.defaultGateway = "162.219.7.1"; - networking.nameservers = [ - "8.8.8.8" - ]; -} diff --git a/modules/cd/paths.nix b/modules/cd/paths.nix deleted file mode 100644 index f873912fb..000000000 --- a/modules/cd/paths.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - lib.file.url = ../../lib; - modules.file.url = ../../modules; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; - cache = ../../tmp/git-cache; - }; - pubkeys.file.url = ../../pubkeys; - retiolum-hosts.file.url = ../../hosts; - secrets.file.url = ../../secrets/cd/nix; -} diff --git a/modules/cd/users.nix b/modules/cd/users.nix deleted file mode 100644 index 656336d6c..000000000 --- a/modules/cd/users.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ ... }: - -let - inherit (builtins) readFile; -in - -{ - users.extraGroups = { - - # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories - # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) - # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago - # Docs: man:tmpfiles.d(5) - # man:systemd-tmpfiles(8) - # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) - # Main PID: 19272 (code=exited, status=1/FAILURE) - # - # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE - # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. - # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. - # warning: error(s) occured while switching to the new configuration - lock.gid = 10001; - - }; - users.extraUsers = - { - root = { - openssh.authorizedKeys.keys = [ - (readFile <pubkeys/deploy_wu.ssh.pub>) - (readFile <pubkeys/tv_wu.ssh.pub>) - ]; - }; - - mv = rec { - name = "mv"; - uid = 1338; - group = "users"; - home = "/home/${name}"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - (readFile <pubkeys/mv_vod.ssh.pub>) - ]; - }; - - }; - - users.mutableUsers = false; -} diff --git a/modules/cloudkrebs/default.nix b/modules/cloudkrebs/default.nix deleted file mode 100644 index 938447e0e..000000000 --- a/modules/cloudkrebs/default.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ../tv/base-cac-CentOS-7-64bit.nix - ../lass/retiolum-cloudkrebs.nix - ./networking.nix - ../../secrets/cloudkrebs-pw.nix - ../lass/sshkeys.nix - ../lass/base.nix - ../common/nixpkgs.nix - ]; - - nixpkgs = { - url = "https://github.com/Lassulus/nixpkgs"; - rev = "b42ecfb8c61e514bf7733b4ab0982d3e7e27dacb"; - }; - - nix.maxJobs = 1; - - #activationScripts - #split up and move into base - - #TODO move into modules - users.extraUsers = { - #main user - root = { - openssh.authorizedKeys.keys = [ - config.sshKeys.lass.pub - ]; - }; - mainUser = { - uid = 1337; - name = "lass"; - #isNormalUser = true; - group = "users"; - createHome = true; - home = "/home/lass"; - useDefaultShell = true; - isSystemUser = false; - description = "lassulus"; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - config.sshKeys.lass.pub - ]; - }; - }; - - environment.systemPackages = with pkgs; [ - ]; - - services.openssh = { - enable = true; - hostKeys = [ - # XXX bits here make no science - { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - permitRootLogin = "yes"; - }; - - networking.firewall = { - enable = true; - - allowedTCPPorts = [ - 22 - ]; - }; - -} diff --git a/modules/cloudkrebs/networking.nix b/modules/cloudkrebs/networking.nix deleted file mode 100644 index fc5007365..000000000 --- a/modules/cloudkrebs/networking.nix +++ /dev/null @@ -1,14 +0,0 @@ -{...}: -{ - networking.hostName = "cloudkrebs"; - networking.interfaces.enp2s1.ip4 = [ - { - address = "104.167.113.104"; - prefixLength = 24; - } - ]; - networking.defaultGateway = "104.167.113.1"; - networking.nameservers = [ - "8.8.8.8" - ]; -} diff --git a/modules/common/krebs-keys.nix b/modules/common/krebs-keys.nix deleted file mode 100644 index 5e349338d..000000000 --- a/modules/common/krebs-keys.nix +++ /dev/null @@ -1,18 +0,0 @@ -# alle public keys der krebsminister fuer R in krebs repos -{ config, ... }: - -let - inherit (builtins) readFile; -in - -with import ../lass/sshkeys.nix { - config.sshKeys.lass.pub = config.sshKeys.lass.pub; - config.sshKeys.uriel.pub = config.sshKeys.uriel.pub; - }; -{ - imports = [ - ./sshkeys.nix - ]; - - config.sshKeys.tv.pub = readFile <pubkeys/tv_wu.ssh.pub>; -} diff --git a/modules/common/krebs-repos.nix b/modules/common/krebs-repos.nix deleted file mode 100644 index 86f373123..000000000 --- a/modules/common/krebs-repos.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ lib, ... }: - -let - inherit (lib) mkDefault; - - mkSecureRepo = name: - { inherit name; - value = { - users = { - lass = mkDefault "R"; - tv = mkDefault "R"; - makefu = mkDefault "R"; - }; - }; - }; - - mkRepo = name: - { inherit name; - value = { - users = { - lass = mkDefault "R"; - tv = mkDefault "R"; - makefu = mkDefault "R"; - }; - }; - }; - -in { - services.gitolite.repos = - (lib.listToAttrs (map mkSecureRepo [ "brain" ])) // - (lib.listToAttrs (map mkRepo [ - "painload" - "services" - "hosts" - ])); -} diff --git a/modules/common/nixpkgs.nix b/modules/common/nixpkgs.nix deleted file mode 100644 index 486cf0207..000000000 --- a/modules/common/nixpkgs.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib, ... }: - -with lib; - -{ - options = { - nixpkgs.url = mkOption { - type = types.str; - description = "URL of the nixpkgs repository."; - }; - nixpkgs.rev = mkOption { - type = types.str; - default = "origin/master"; - description = "Revision of the remote repository."; - }; - nixpkgs.dirty = mkOption { - type = types.bool; - default = false; - description = '' - If nixpkgs.url is a local path, then use that as it is. - TODO this break if URL is not a local path. - ''; - }; - }; -} diff --git a/modules/common/sshkeys.nix b/modules/common/sshkeys.nix deleted file mode 100644 index 5f1c60668..000000000 --- a/modules/common/sshkeys.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, ... }: - -with lib; - -{ - options = { - sshKeys = mkOption { - type = types.attrsOf (types.submodule ( - { config, ... }: - { - options = { - pub = mkOption { - type = types.str; - description = "Public part of the ssh key."; - }; - - priv = mkOption { - type = types.str; - description = "Private part of the ssh key."; - }; - }; - })); - description = "collection of ssh-keys"; - }; - }; -} diff --git a/modules/lass/base.nix b/modules/lass/base.nix deleted file mode 100644 index 3a8d879eb..000000000 --- a/modules/lass/base.nix +++ /dev/null @@ -1,110 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ./sshkeys.nix - ]; - - nix.useChroot = true; - - users.mutableUsers = false; - - boot.tmpOnTmpfs = true; - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; - - # multiple-definition-problem when defining environment.variables.EDITOR - environment.extraInit = '' - EDITOR=vim - PAGER=most - ''; - - environment.systemPackages = with pkgs; [ - git - most - rxvt_unicode.terminfo - - #network - iptables - ]; - |