summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/cd/default.nix91
-rw-r--r--modules/cd/networking.nix14
-rw-r--r--modules/cd/paths.nix12
-rw-r--r--modules/cd/users.nix53
-rw-r--r--modules/cloudkrebs/default.nix69
-rw-r--r--modules/cloudkrebs/networking.nix14
-rw-r--r--modules/common/krebs-keys.nix18
-rw-r--r--modules/common/krebs-repos.nix36
-rw-r--r--modules/common/nixpkgs.nix25
-rw-r--r--modules/common/sshkeys.nix26
-rw-r--r--modules/lass/base.nix110
-rw-r--r--modules/lass/binary-caches.nix13
-rw-r--r--modules/lass/bird.nix13
-rw-r--r--modules/lass/bitcoin.nix17
-rw-r--r--modules/lass/browsers.nix67
-rw-r--r--modules/lass/chromium-patched.nix48
-rw-r--r--modules/lass/desktop-base.nix37
-rw-r--r--modules/lass/elster.nix20
-rw-r--r--modules/lass/games.nix25
-rw-r--r--modules/lass/gitolite-base.nix173
-rw-r--r--modules/lass/ircd.nix83
-rw-r--r--modules/lass/pass.nix10
-rw-r--r--modules/lass/programs.nix24
-rw-r--r--modules/lass/retiolum-cloudkrebs.nix21
-rw-r--r--modules/lass/retiolum-mors.nix21
-rw-r--r--modules/lass/retiolum-uriel.nix21
-rw-r--r--modules/lass/sshkeys.nix11
-rw-r--r--modules/lass/steam.nix29
-rw-r--r--modules/lass/texlive.nix7
-rw-r--r--modules/lass/urxvt.nix40
-rw-r--r--modules/lass/urxvtd.nix55
-rw-r--r--modules/lass/vim.nix116
-rw-r--r--modules/lass/virtualbox.nix22
-rw-r--r--modules/lass/wine.nix23
-rw-r--r--modules/lass/xresources.nix57
-rw-r--r--modules/lass/xserver-lass.nix43
-rw-r--r--modules/mkdir/default.nix86
-rw-r--r--modules/mkdir/networking.nix14
-rw-r--r--modules/mkdir/paths.nix12
-rw-r--r--modules/mkdir/users.nix19
-rw-r--r--modules/mors/default.nix283
-rw-r--r--modules/mors/git.nix71
-rw-r--r--modules/mors/repos.nix78
-rw-r--r--modules/mu/default.nix466
-rw-r--r--modules/mu/paths.nix12
-rw-r--r--modules/nomic/default.nix105
-rw-r--r--modules/nomic/hardware-configuration.nix49
-rw-r--r--modules/nomic/paths.nix12
-rw-r--r--modules/nomic/users.nix42
-rw-r--r--modules/rmdir/default.nix87
-rw-r--r--modules/rmdir/networking.nix15
-rw-r--r--modules/rmdir/paths.nix12
-rw-r--r--modules/rmdir/users.nix19
-rw-r--r--modules/tv/base-cac-CentOS-7-64bit.nix27
-rw-r--r--modules/tv/base.nix16
-rw-r--r--modules/tv/config/consul-client.nix9
-rw-r--r--modules/tv/config/consul-server.nix22
-rw-r--r--modules/tv/consul/default.nix121
-rw-r--r--modules/tv/ejabberd.nix867
-rw-r--r--modules/tv/environment.nix93
-rw-r--r--modules/tv/exim-retiolum.nix126
-rw-r--r--modules/tv/exim-smarthost.nix474
-rw-r--r--modules/tv/git/cgit.nix93
-rw-r--r--modules/tv/git/config.nix272
-rw-r--r--modules/tv/git/default.nix27
-rw-r--r--modules/tv/git/options.nix93
-rw-r--r--modules/tv/git/public.nix82
-rw-r--r--modules/tv/identity/default.nix71
-rw-r--r--modules/tv/iptables/config.nix93
-rw-r--r--modules/tv/iptables/default.nix11
-rw-r--r--modules/tv/iptables/options.nix29
-rw-r--r--modules/tv/nginx/config.nix49
-rw-r--r--modules/tv/nginx/default.nix11
-rw-r--r--modules/tv/nginx/options.nix21
-rw-r--r--modules/tv/retiolum/config.nix130
-rw-r--r--modules/tv/retiolum/default.nix11
-rw-r--r--modules/tv/retiolum/options.nix87
-rw-r--r--modules/tv/sanitize.nix12
-rw-r--r--modules/tv/smartd.nix17
-rw-r--r--modules/tv/synaptics.nix14
-rw-r--r--modules/tv/urlwatch/default.nix158
-rw-r--r--modules/tv/urxvt.nix24
-rw-r--r--modules/tv/users/default.nix67
-rw-r--r--modules/tv/xserver.nix40
-rw-r--r--modules/uriel/default.nix184
-rw-r--r--modules/uriel/repos.nix78
-rw-r--r--modules/wu/default.nix464
-rw-r--r--modules/wu/hosts.nix22
-rw-r--r--modules/wu/paths.nix12
-rw-r--r--modules/wu/users.nix227
90 files changed, 0 insertions, 7000 deletions
diff --git a/modules/cd/default.nix b/modules/cd/default.nix
deleted file mode 100644
index e3abd47ef..000000000
--- a/modules/cd/default.nix
+++ /dev/null
@@ -1,91 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- inherit (builtins) readFile;
-in
-
-{
- imports =
- [
- { users.extraUsers = import <secrets/extraUsers.nix>; }
- ./networking.nix
- ./users.nix
- ../tv/base.nix
- ../tv/base-cac-CentOS-7-64bit.nix
- ../tv/config/consul-server.nix
- ../tv/ejabberd.nix # XXX echtes modul
- ../tv/exim-smarthost.nix
- ../tv/git/public.nix
- ../tv/sanitize.nix
- {
- imports = [ ../tv/identity ];
- tv.identity = {
- enable = true;
- self = config.tv.identity.hosts.cd;
- };
- }
- {
- imports = [ ../tv/iptables ];
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "tinc"
- "smtp"
- "xmpp-client"
- "xmpp-server"
- ];
- input-retiolum-accept-new-tcp = [
- "http"
- ];
- };
- }
- {
- imports = [ ../tv/retiolum ];
- tv.retiolum = {
- enable = true;
- hosts = <retiolum-hosts>;
- connectTo = [
- "fastpoke"
- "pigstarter"
- "ire"
- ];
- };
- }
- ];
-
- # "Developer 2" plan has two vCPUs.
- nix.maxJobs = 2;
-
- environment.systemPackages = with pkgs; [
- git # required for ./deploy, clone_or_update
- htop
- iftop
- iotop
- iptables
- mutt # for mv
- nethogs
- rxvt_unicode.terminfo
- tcpdump
- ];
-
- services.ejabberd-cd = {
- enable = true;
- };
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
- services.openssh = {
- enable = true;
- hostKeys = [
- # XXX bits here make no science
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- permitRootLogin = "yes";
- };
-
- sound.enable = false;
-}
diff --git a/modules/cd/networking.nix b/modules/cd/networking.nix
deleted file mode 100644
index 215e20829..000000000
--- a/modules/cd/networking.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{...}:
-{
- networking.hostName = "cd";
- networking.interfaces.enp2s1.ip4 = [
- {
- address = "162.219.7.216";
- prefixLength = 24;
- }
- ];
- networking.defaultGateway = "162.219.7.1";
- networking.nameservers = [
- "8.8.8.8"
- ];
-}
diff --git a/modules/cd/paths.nix b/modules/cd/paths.nix
deleted file mode 100644
index f873912fb..000000000
--- a/modules/cd/paths.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- lib.file.url = ../../lib;
- modules.file.url = ../../modules;
- nixpkgs.git = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
- cache = ../../tmp/git-cache;
- };
- pubkeys.file.url = ../../pubkeys;
- retiolum-hosts.file.url = ../../hosts;
- secrets.file.url = ../../secrets/cd/nix;
-}
diff --git a/modules/cd/users.nix b/modules/cd/users.nix
deleted file mode 100644
index 656336d6c..000000000
--- a/modules/cd/users.nix
+++ /dev/null
@@ -1,53 +0,0 @@
-{ ... }:
-
-let
- inherit (builtins) readFile;
-in
-
-{
- users.extraGroups = {
-
- # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
- # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
- # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
- # Docs: man:tmpfiles.d(5)
- # man:systemd-tmpfiles(8)
- # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
- # Main PID: 19272 (code=exited, status=1/FAILURE)
- #
- # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
- # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
- # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
- # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
- # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
- # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
- # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
- # warning: error(s) occured while switching to the new configuration
- lock.gid = 10001;
-
- };
- users.extraUsers =
- {
- root = {
- openssh.authorizedKeys.keys = [
- (readFile <pubkeys/deploy_wu.ssh.pub>)
- (readFile <pubkeys/tv_wu.ssh.pub>)
- ];
- };
-
- mv = rec {
- name = "mv";
- uid = 1338;
- group = "users";
- home = "/home/${name}";
- createHome = true;
- useDefaultShell = true;
- openssh.authorizedKeys.keys = [
- (readFile <pubkeys/mv_vod.ssh.pub>)
- ];
- };
-
- };
-
- users.mutableUsers = false;
-}
diff --git a/modules/cloudkrebs/default.nix b/modules/cloudkrebs/default.nix
deleted file mode 100644
index 938447e0e..000000000
--- a/modules/cloudkrebs/default.nix
+++ /dev/null
@@ -1,69 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports = [
- ../tv/base-cac-CentOS-7-64bit.nix
- ../lass/retiolum-cloudkrebs.nix
- ./networking.nix
- ../../secrets/cloudkrebs-pw.nix
- ../lass/sshkeys.nix
- ../lass/base.nix
- ../common/nixpkgs.nix
- ];
-
- nixpkgs = {
- url = "https://github.com/Lassulus/nixpkgs";
- rev = "b42ecfb8c61e514bf7733b4ab0982d3e7e27dacb";
- };
-
- nix.maxJobs = 1;
-
- #activationScripts
- #split up and move into base
-
- #TODO move into modules
- users.extraUsers = {
- #main user
- root = {
- openssh.authorizedKeys.keys = [
- config.sshKeys.lass.pub
- ];
- };
- mainUser = {
- uid = 1337;
- name = "lass";
- #isNormalUser = true;
- group = "users";
- createHome = true;
- home = "/home/lass";
- useDefaultShell = true;
- isSystemUser = false;
- description = "lassulus";
- extraGroups = [ "wheel" ];
- openssh.authorizedKeys.keys = [
- config.sshKeys.lass.pub
- ];
- };
- };
-
- environment.systemPackages = with pkgs; [
- ];
-
- services.openssh = {
- enable = true;
- hostKeys = [
- # XXX bits here make no science
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- permitRootLogin = "yes";
- };
-
- networking.firewall = {
- enable = true;
-
- allowedTCPPorts = [
- 22
- ];
- };
-
-}
diff --git a/modules/cloudkrebs/networking.nix b/modules/cloudkrebs/networking.nix
deleted file mode 100644
index fc5007365..000000000
--- a/modules/cloudkrebs/networking.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{...}:
-{
- networking.hostName = "cloudkrebs";
- networking.interfaces.enp2s1.ip4 = [
- {
- address = "104.167.113.104";
- prefixLength = 24;
- }
- ];
- networking.defaultGateway = "104.167.113.1";
- networking.nameservers = [
- "8.8.8.8"
- ];
-}
diff --git a/modules/common/krebs-keys.nix b/modules/common/krebs-keys.nix
deleted file mode 100644
index 5e349338d..000000000
--- a/modules/common/krebs-keys.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-# alle public keys der krebsminister fuer R in krebs repos
-{ config, ... }:
-
-let
- inherit (builtins) readFile;
-in
-
-with import ../lass/sshkeys.nix {
- config.sshKeys.lass.pub = config.sshKeys.lass.pub;
- config.sshKeys.uriel.pub = config.sshKeys.uriel.pub;
- };
-{
- imports = [
- ./sshkeys.nix
- ];
-
- config.sshKeys.tv.pub = readFile <pubkeys/tv_wu.ssh.pub>;
-}
diff --git a/modules/common/krebs-repos.nix b/modules/common/krebs-repos.nix
deleted file mode 100644
index 86f373123..000000000
--- a/modules/common/krebs-repos.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{ lib, ... }:
-
-let
- inherit (lib) mkDefault;
-
- mkSecureRepo = name:
- { inherit name;
- value = {
- users = {
- lass = mkDefault "R";
- tv = mkDefault "R";
- makefu = mkDefault "R";
- };
- };
- };
-
- mkRepo = name:
- { inherit name;
- value = {
- users = {
- lass = mkDefault "R";
- tv = mkDefault "R";
- makefu = mkDefault "R";
- };
- };
- };
-
-in {
- services.gitolite.repos =
- (lib.listToAttrs (map mkSecureRepo [ "brain" ])) //
- (lib.listToAttrs (map mkRepo [
- "painload"
- "services"
- "hosts"
- ]));
-}
diff --git a/modules/common/nixpkgs.nix b/modules/common/nixpkgs.nix
deleted file mode 100644
index 486cf0207..000000000
--- a/modules/common/nixpkgs.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ lib, ... }:
-
-with lib;
-
-{
- options = {
- nixpkgs.url = mkOption {
- type = types.str;
- description = "URL of the nixpkgs repository.";
- };
- nixpkgs.rev = mkOption {
- type = types.str;
- default = "origin/master";
- description = "Revision of the remote repository.";
- };
- nixpkgs.dirty = mkOption {
- type = types.bool;
- default = false;
- description = ''
- If nixpkgs.url is a local path, then use that as it is.
- TODO this break if URL is not a local path.
- '';
- };
- };
-}
diff --git a/modules/common/sshkeys.nix b/modules/common/sshkeys.nix
deleted file mode 100644
index 5f1c60668..000000000
--- a/modules/common/sshkeys.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ lib, ... }:
-
-with lib;
-
-{
- options = {
- sshKeys = mkOption {
- type = types.attrsOf (types.submodule (
- { config, ... }:
- {
- options = {
- pub = mkOption {
- type = types.str;
- description = "Public part of the ssh key.";
- };
-
- priv = mkOption {
- type = types.str;
- description = "Private part of the ssh key.";
- };
- };
- }));
- description = "collection of ssh-keys";
- };
- };
-}
diff --git a/modules/lass/base.nix b/modules/lass/base.nix
deleted file mode 100644
index 3a8d879eb..000000000
--- a/modules/lass/base.nix
+++ /dev/null
@@ -1,110 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports = [
- ./sshkeys.nix
- ];
-
- nix.useChroot = true;
-
- users.mutableUsers = false;
-
- boot.tmpOnTmpfs = true;
- # see tmpfiles.d(5)
- systemd.tmpfiles.rules = [
- "d /tmp 1777 root root - -"
- ];
-
- # multiple-definition-problem when defining environment.variables.EDITOR
- environment.extraInit = ''
- EDITOR=vim
- PAGER=most
- '';
-
- environment.systemPackages = with pkgs; [
- git
- most
- rxvt_unicode.terminfo
-
- #network
- iptables
- ];
-