From 2a0cd63387049350f6de73f609a32a0bf4e49253 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 29 Dec 2015 20:21:06 +0100 Subject: l 2 baseX: add pkgs.dmenu --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 0596682d..ede1c7b7 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -31,6 +31,7 @@ in { environment.systemPackages = with pkgs; [ + dmenu gitAndTools.qgit mpv much -- cgit v1.2.3 From 35902b25e35b75f64a8ac01a6b5d0baea2d4154e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 30 Dec 2015 02:04:43 +0100 Subject: l 2 base: checkout nixpkgs to /var/src/ --- lass/2configs/base.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 66e12b26..4685e171 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -51,6 +51,7 @@ with lib; git.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119"; + target-path = "/var/src/nixpkgs"; }; dir.secrets = { host = config.krebs.hosts.mors; -- cgit v1.2.3 From 83555272fdcb6ab5ce968b08a90199c8aaeb460b Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 30 Dec 2015 02:05:14 +0100 Subject: l 2: add buildbot-standalone --- lass/2configs/buildbot-standalone.nix | 78 +++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 lass/2configs/buildbot-standalone.nix diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix new file mode 100644 index 00000000..4d02fb97 --- /dev/null +++ b/lass/2configs/buildbot-standalone.nix @@ -0,0 +1,78 @@ +{ lib, config, pkgs, ... }: +{ + #networking.firewall.allowedTCPPorts = [ 8010 9989 ]; + krebs.buildbot.master = { + slaves = { + testslave = "lasspass"; + }; + change_source.stockholm = '' + stockholm_repo = 'http://cgit.mors/stockholm' + cs.append(changes.GitPoller( + stockholm_repo, + workdir='stockholm-poller', branch='master', + project='stockholm', + pollinterval=120)) + ''; + scheduler = { + force-scheduler = '' + sched.append(schedulers.ForceScheduler( + name="force", + builderNames=["fast-tests"])) + ''; + fast-tests-scheduler = '' + # test the master real quick + sched.append(schedulers.SingleBranchScheduler( + change_filter=util.ChangeFilter(branch="master"), + name="fast-master-test", + builderNames=["fast-tests"])) + ''; + }; + builder_pre = '' + # prepare grab_repo step for stockholm + grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') + + env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"} + + # prepare nix-shell + # the dependencies which are used by the test script + deps = [ "gnumake", "jq","nix","rsync" ] + # TODO: --pure , prepare ENV in nix-shell command: + # SSL_CERT_FILE,LOGNAME,NIX_REMOTE + nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ] + + # prepare addShell function + def addShell(factory,**kwargs): + factory.addStep(steps.ShellCommand(**kwargs)) + ''; + builder = { + fast-tests = '' + f = util.BuildFactory() + f.addStep(grab_repo) + addShell(f,name="mors-eval",env=env, + command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"]) + + bu.append(util.BuilderConfig(name="fast-tests", + slavenames=slavenames, + factory=f)) + ''; + }; + enable = true; + web.enable = true; + irc = { + enable = true; + nick = "lass-buildbot"; + server = "cd.retiolum"; + channels = [ "retiolum" ]; + allowForce = true; + }; + }; + + krebs.buildbot.slave = { + enable = true; + masterhost = "localhost"; + username = "testslave"; + password = "lasspass"; + packages = with pkgs;[ git nix ]; + extraEnviron = { NIX_PATH="nixpkgs=${toString }"; }; + }; +} -- cgit v1.2.3 From f16742895c26b0f3df71ca8503afc5f4cb97a9ae Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 30 Dec 2015 17:14:31 +0100 Subject: l: add new host dishfire --- krebs/3modules/lass/default.nix | 32 ++++++++++++++++++++++++++++++ krebs/Zhosts/dishfire | 12 ++++++++++++ lass/1systems/dishfire.nix | 43 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+) create mode 100644 krebs/Zhosts/dishfire create mode 100644 lass/1systems/dishfire.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 26b0947b..592ed475 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -4,6 +4,38 @@ with lib; { hosts = addNames { + dishfire = { + cores = 4; + dc = "lass"; #dc = "cac"; + nets = rec { + internet = { + addrs4 = ["144.76.172.188"]; + aliases = [ + "dishfire.internet" + ]; + }; + retiolum = { + via = internet; + addrs4 = ["10.243.133.99"]; + addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"]; + aliases = [ + "dishfire.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs + Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7 + uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK + R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd + vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U + HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + #ssh.privkey.path = ; + #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK"; + }; echelon = { cores = 2; dc = "lass"; #dc = "cac"; diff --git a/krebs/Zhosts/dishfire b/krebs/Zhosts/dishfire new file mode 100644 index 00000000..c4cf68b6 --- /dev/null +++ b/krebs/Zhosts/dishfire @@ -0,0 +1,12 @@ +Address = 144.76.172.188 +Subnet = 10.243.133.99 +Subnet = 42:0000:0000:0000:0000:0000:d15f:1233 + +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs +Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7 +uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK +R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd +vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U +HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix new file mode 100644 index 00000000..a1288d57 --- /dev/null +++ b/lass/1systems/dishfire.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + + ../2configs/base.nix + { + boot.loader.grub = { + device = "/dev/vda"; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "ehci_pci" + "uhci_hcd" + "virtio_pci" + "virtio_blk" + ]; + + fileSystems."/" = { + device = "/dev/mapper/pool-nix"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + } + { + networking.dhcpcd.allowInterfaces = [ + "enp*" + "eth*" + ]; + } + { + sound.enable = false; + } + ]; + + krebs.build.host = config.krebs.hosts.dishfire; +} -- cgit v1.2.3 From eba696c5d2d8e25f1cd4a00007c3c1521fcc6e6f Mon Sep 17 00:00:00 2001 From: miefda Date: Wed, 30 Dec 2015 18:15:11 +0100 Subject: miefda: init with bobby --- krebs/3modules/default.nix | 1 + krebs/3modules/miefda/default.nix | 40 +++++++++++ krebs/Zhosts/bobby | 10 +++ miefda/1systems/bobby.nix | 102 +++++++++++++++++++++++++++++ miefda/2configs/git.nix | 87 ++++++++++++++++++++++++ miefda/2configs/hardware-configuration.nix | 23 +++++++ miefda/2configs/miefda.nix | 8 +++ miefda/2configs/tinc-basic-retiolum.nix | 15 +++++ miefda/2configs/tlp.nix | 25 +++++++ miefda/2configs/x220t.nix | 27 ++++++++ miefda/5pkgs/default.nix | 1 + 11 files changed, 339 insertions(+) create mode 100644 krebs/3modules/miefda/default.nix create mode 100644 krebs/Zhosts/bobby create mode 100644 miefda/1systems/bobby.nix create mode 100644 miefda/2configs/git.nix create mode 100644 miefda/2configs/hardware-configuration.nix create mode 100644 miefda/2configs/miefda.nix create mode 100644 miefda/2configs/tinc-basic-retiolum.nix create mode 100644 miefda/2configs/tlp.nix create mode 100644 miefda/2configs/x220t.nix create mode 100644 miefda/5pkgs/default.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 740ba67b..dddb2df5 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -81,6 +81,7 @@ let imp = mkMerge [ { krebs = import ./lass { inherit lib; }; } { krebs = import ./makefu { inherit lib; }; } + { krebs = import ./miefda { inherit lib; }; } { krebs = import ./mv { inherit lib; }; } { krebs = import ./shared { inherit lib; }; } { krebs = import ./tv { inherit lib; }; } diff --git a/krebs/3modules/miefda/default.nix b/krebs/3modules/miefda/default.nix new file mode 100644 index 00000000..8ecf898c --- /dev/null +++ b/krebs/3modules/miefda/default.nix @@ -0,0 +1,40 @@ +{ lib, ... }: + +with lib; + +{ + hosts = addNames { + bobby = { + cores = 4; + dc = "miefda"; + nets = { + retiolum = { + addrs4 = ["10.243.111.112"]; + addrs6 = ["42:0:0:0:0:0:111:112"]; + aliases = [ + "bobby.retiolum" + "cgit.bobby.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s + uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y + Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny + 0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+ + jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu + cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + #ssh.privkey.path = ; + #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro"; + }; + }; + users = addNames { + miefda = { + mail = "miefda@miefda.de"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVdNCks6mrItKHYIwgW3s+NINFhHqZtLPj3l6TJUWd93ZSuuI6P+Z/0m0G9Z4tWWaXWsOCnzMA2WOKcitBbLcaQxVypJfvmfoA5CVlh4/nf8NfvbMFkVIYPehxR7YoejfKOxPOCNC3248RiD8kqa4/5IF8qdqE+mRQUIZJXvN0jZZ+rGnYo5Z544O9JqsV+VjjOgK0Fchpxf/lC8dnBucIce7gUwi5npwsGQZgSDmRobBRFVDZag1abLFNZN2faI8uqzSlU6KRRapYV266Of7j3kmDokMan4szjP1EexmTWm+arwRiz9p0M5oKs6zofez0mOyF5ux02NB3XIhbJc8CfMjeA7PmSg4ZhghjlSjIOR+1mMIDiDVi6PNLw5atzvpyfYtpf5sWpdIpXCS0lyzIgasqW4gbAiWoFPv5A0mw0QI6UqlxQ8Pdm6R7P6yQxyknrxnvFGMQPiqgl21ssSNA9A+YRd4j0nATntzOeD1bxTZkyU4FtW++0hg3Ph6HiHLfPd9w70wPr7b0RITVnBcN2ZqIO+5NIqQYU801FCNXsTuBh0ueTsVTGJYySUGkmkHyH5spLYdr1Z5w+4W+HgbxPk40pyZJ18S0umL49igxR9NsniucFy1/jqqi0TiDIsHx6vsawFT1F2rq9ZtGaRcJL6Yfz0p+uZC5rc/nI+mMlQ== miefda@nixos"; + }; + }; +} diff --git a/krebs/Zhosts/bobby b/krebs/Zhosts/bobby new file mode 100644 index 00000000..ee111e69 --- /dev/null +++ b/krebs/Zhosts/bobby @@ -0,0 +1,10 @@ +Subnet = 10.243.111.112/32 +Subnet = 42:0:0:0:0:0:111:112/128 +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s +uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y +Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny +0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+ +jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu +cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/miefda/1systems/bobby.nix b/miefda/1systems/bobby.nix new file mode 100644 index 00000000..d2459525 --- /dev/null +++ b/miefda/1systems/bobby.nix @@ -0,0 +1,102 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + + ../2configs/miefda.nix + ../2configs/tlp.nix + ../2configs/x220t.nix + ../2configs/hardware-configuration.nix + ../2configs/tinc-basic-retiolum.nix + ../2configs/git.nix + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; + + networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Select internationalisation properties. + i18n = { + # consoleFont = "Lat2-Terminus16"; + consoleKeyMap = "us"; + # defaultLocale = "en_US.UTF-8"; + }; + + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # List packages installed in system profile. To search by name, run: + # $ nix-env -qaP | grep wget + environment.systemPackages = with pkgs; [ + wget chromium + ]; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e"; + + # Enable the KDE Desktop Environment. + #services.xserver.displayManager.kdm.enable = true; + services.xserver.desktopManager = { + xfce.enable = true; + xterm.enable= false; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.extraUsers.miefda = { + isNormalUser = true; + initialPassword= "welcome"; + uid = 1000; + extraGroups= [ + "wheel" + ]; + }; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "15.09"; + + + networking.hostName = config.krebs.build.host.name; + + krebs = { + enable = true; + search-domain = "retiolum"; + build = { + host = config.krebs.hosts.bobby; + user = config.krebs.users.miefda; + source = { + git.nixpkgs = { + url = https://github.com/Lassulus/nixpkgs; + rev = "363c8430f1efad8b03d5feae6b3a4f2fe7b29251"; + target-path = "/var/src/nixpkgs"; + }; + dir.secrets = { + host = config.krebs.hosts.bobby; + path = "/home/miefda/secrets/${config.krebs.build.host.name}"; + }; + dir.stockholm = { + host = config.krebs.hosts.bobby; + path = "/home/miefda/gits/stockholm"; + }; + }; + }; + }; +} diff --git a/miefda/2configs/git.nix b/miefda/2configs/git.nix new file mode 100644 index 00000000..84bb5039 --- /dev/null +++ b/miefda/2configs/git.nix @@ -0,0 +1,87 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + out = { + krebs.git = { + enable = true; + root-title = "public repositories at ${config.krebs.build.host.name}"; + root-desc = "keep calm and engage"; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + rules = rules; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + + repos = + public-repos // + optionalAttrs config.krebs.build.host.secure restricted-repos; + + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo { + painload = {}; + stockholm = { + desc = "take all the computers hostage, they'll love you!"; + }; + #wai-middleware-time = {}; + #web-routes-wai-custom = {}; + #go = {}; + #newsbot-js = {}; + #kimsufi-check = {}; + #realwallpaper = {}; + }; + + restricted-repos = mapAttrs make-restricted-repo ( + { + brain = { + collaborators = with config.krebs.users; [ tv makefu ]; + }; + } // + import { inherit config lib pkgs; } + ); + + make-public-repo = name: { desc ? null, ... }: { + inherit name desc; + public = true; + hooks = { + post-receive = pkgs.git-hooks.irc-announce { + # TODO make nick = config.krebs.build.host.name the default + nick = config.krebs.build.host.name; + channel = "#retiolum"; + server = "cd.retiolum"; + verbose = config.krebs.build.host.name == "prism"; + }; + }; + }; + + make-restricted-repo = name: { collaborators ? [], desc ? null, ... }: { + inherit name collaborators desc; + public = false; + }; + + make-rules = + with git // config.krebs.users; + repo: + singleton { + user = miefda; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = [ lass tv makefu uriel ]; + repo = [ repo ]; + perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; + }; + +in out diff --git a/miefda/2configs/hardware-configuration.nix b/miefda/2configs/hardware-configuration.nix new file mode 100644 index 00000000..3eb1f43f --- /dev/null +++ b/miefda/2configs/hardware-configuration.nix @@ -0,0 +1,23 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "usb_storage" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/4db70ae3-1ff9-43d7-8fcc-83264761a0bb"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + nix.maxJobs = 4; +} diff --git a/miefda/2configs/miefda.nix b/miefda/2configs/miefda.nix new file mode 100644 index 00000000..545987a6 --- /dev/null +++ b/miefda/2configs/miefda.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + + #networking.wicd.enable = true; + +} diff --git a/miefda/2configs/tinc-basic-retiolum.nix b/miefda/2configs/tinc-basic-retiolum.nix new file mode 100644 index 00000000..153b41d7 --- /dev/null +++ b/miefda/2configs/tinc-basic-retiolum.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + krebs.retiolum = { + enable = true; + hosts = ../../krebs/Zhosts; + connectTo = [ + "gum" + "pigstarter" + "prism" + "ire" + ]; + }; +} diff --git a/miefda/2configs/tlp.nix b/miefda/2configs/tlp.nix new file mode 100644 index 00000000..0e1bb0d6 --- /dev/null +++ b/miefda/2configs/tlp.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + hardware.cpu.intel.updateMicrocode = true; + + zramSwap.enable = true; + zramSwap.numDevices = 2; + + hardware.trackpoint = { + enable = true; + sensitivity = 220; + speed = 220; + emulateWheel = true; + }; + + + services.tlp.enable = true; + services.tlp.extraConfig = '' + START_CHARGE_THRESH_BAT0=80 + ''; +} diff --git a/miefda/2configs/x220t.nix b/miefda/2configs/x220t.nix new file mode 100644 index 00000000..bea84f79 --- /dev/null +++ b/miefda/2configs/x220t.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + + services.xserver = { + xkbVariant = "altgr-intl"; + videoDriver = "intel"; + # vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; + deviceSection = '' + Option "AccelMethod" "sna" + ''; + }; + + + + services.xserver.displayManager.sessionCommands ='' + xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1 + xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2 + xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5 + # xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 8 200 + ''; + + hardware.bluetooth.enable = true; + + +} diff --git a/miefda/5pkgs/default.nix b/miefda/5pkgs/default.nix new file mode 100644 index 00000000..2eb33a15 --- /dev/null +++ b/miefda/5pkgs/default.nix @@ -0,0 +1 @@ +_:{} -- cgit v1.2.3 From b96fd072e1ac5e5b6b5b3e92c678dc4bb4cb7e1f Mon Sep 17 00:00:00 2001 From: miefda Date: Wed, 30 Dec 2015 18:17:38 +0100 Subject: mi 2 git: bobby now verbose --- miefda/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/miefda/2configs/git.nix b/miefda/2configs/git.nix index 84bb5039..fec828f8 100644 --- a/miefda/2configs/git.nix +++ b/miefda/2configs/git.nix @@ -55,7 +55,7 @@ let nick = config.krebs.build.host.name; channel = "#retiolum"; server = "cd.retiolum"; - verbose = config.krebs.build.host.name == "prism"; + verbose = config.krebs.build.host.name == "bobby"; }; }; }; -- cgit v1.2.3 From 93a652d1e816d9ecdcf9af5e413cd180c54a5981 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 17 Jan 2016 13:08:38 +0100 Subject: l 1 uriel: activate skype --- lass/1systems/uriel.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index 1b008cbf..d53e783d 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -13,6 +13,7 @@ with builtins; ../2configs/retiolum.nix ../2configs/bitlbee.nix ../2configs/weechat.nix + ../2configs/skype.nix { users.extraUsers = { root = { -- cgit v1.2.3 From 4ce4b0053fde81608a8f2e3ecb2888a71203801b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 17 Jan 2016 13:09:10 +0100 Subject: l 2 base: nixpkgs rev 93d8671 -> d0e3cca --- lass/2configs/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 4685e171..eca3becd 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -50,7 +50,7 @@ with lib; source = { git.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119"; + rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; target-path = "/var/src/nixpkgs"; }; dir.secrets = { -- cgit v1.2.3 From c6cec0234b5543d23e2b8afe9b2340395de8184c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 17 Jan 2016 13:10:14 +0100 Subject: l 2 base: CVE-2016-0778 workaround --- lass/2configs/base.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index eca3becd..ab7cda7d 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -177,4 +177,10 @@ with lib; noipv4ll ''; + #CVE-2016-0777 and CVE-2016-0778 workaround + #https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt + programs.ssh.extraConfig = '' + UseRoaming no + ''; + } -- cgit v1.2.3 From 688db8b46d0d6c697ed8970a018a94dd9cfb41fe Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 17 Jan 2016 13:11:10 +0100 Subject: l 2 git: add miefda to allowed users --- lass/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 16ecaefe..10e54074 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -74,7 +74,7 @@ let perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ optional repo.public { - user = [ tv makefu uriel ]; + user = [ tv makefu miefda uriel ]; repo = [ repo ]; perm = fetch; } ++ -- cgit v1.2.3 From 63910263ccaf2f18bd83ed6e5d49301601ba53e1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 17 Jan 2016 13:12:17 +0100 Subject: l 1 mors: activate buildbot --- lass/1systems/mors.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 61f57f1f..effaa576 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -25,6 +25,7 @@ ../2configs/teamviewer.nix ../2configs/libvirt.nix ../2configs/fetchWallpaper.nix + ../2configs/buildbot-standalone.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ -- cgit v1.2.3 From 186d5cc95a7430136da3107734409511c64d7080 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Jan 2016 19:59:53 +0100 Subject: l 2 bitcoin: add sudo config --- lass/2configs/bitcoin.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix index d3bccbf5..2f4cd571 100644 --- a/lass/2configs/bitcoin.nix +++ b/lass/2configs/bitcoin.nix @@ -1,6 +1,8 @@ { config, pkgs, ... }: -{ +let + mainUser = config.users.extraUsers.mainUser; +in { environment.systemPackages = with pkgs; [ electrum ]; @@ -14,4 +16,7 @@ createHome = true; }; }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL + ''; } -- cgit v1.2.3 From 873d00042bf825b1efb856a33d55d23a3ad22649 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 15:41:18 +0100 Subject: k 3 l: remove dead hosts --- krebs/3modules/lass/default.nix | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 592ed475..3926b48b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -228,22 +228,6 @@ with lib; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD"; }; - schnabel-ap = { - nets = { - gg23 = { - addrs4 = ["10.23.1.20"]; - aliases = ["schnabel-ap.gg23"]; - }; - }; - }; - Reichsfunk-ap = { - nets = { - gg23 = { - addrs4 = ["10.23.1.10"]; - aliases = ["Reichsfunk-ap.gg23"]; - }; - }; - }; }; users = addNames { -- cgit v1.2.3 From 8b5523b7f4efb462f4865e0032541d691d176e64 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 15:44:01 +0100 Subject: k 3 l: declare pubkeys inline --- krebs/3modules/lass/default.nix | 6 +++--- krebs/Zpubkeys/lass.ssh.pub | 1 - krebs/Zpubkeys/uriel.ssh.pub | 1 - 3 files changed, 3 insertions(+), 5 deletions(-) delete mode 100644 krebs/Zpubkeys/lass.ssh.pub delete mode 100644 krebs/Zpubkeys/uriel.ssh.pub diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3926b48b..b99ebf01 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -232,11 +232,11 @@ with lib; }; users = addNames { lass = { - pubkey = readFile ../../Zpubkeys/lass.ssh.pub; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors"; mail = "lass@mors.retiolum"; }; - uriel = { - pubkey = readFile ../../Zpubkeys/uriel.ssh.pub; + lass_uriel = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel"; mail = "lass@uriel.retiolum"; }; }; diff --git a/krebs/Zpubkeys/lass.ssh.pub b/krebs/Zpubkeys/lass.ssh.pub deleted file mode 100644 index 172fd2dd..00000000 --- a/krebs/Zpubkeys/lass.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors diff --git a/krebs/Zpubkeys/uriel.ssh.pub b/krebs/Zpubkeys/uriel.ssh.pub deleted file mode 100644 index 015b5783..00000000 --- a/krebs/Zpubkeys/uriel.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel -- cgit v1.2.3 From 314d0bd691d81386e1ff5c99faa04f035694ebb2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 15:45:30 +0100 Subject: l 1 mors: remove redundant retiolum import --- lass/1systems/mors.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index effaa576..86a34a63 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -17,7 +17,6 @@ #../2configs/ircd.nix ../2configs/chromium-patched.nix ../2configs/git.nix - ../2configs/retiolum.nix #../2configs/wordpress.nix ../2configs/bitlbee.nix ../2configs/firefoxPatched.nix -- cgit v1.2.3 From e3806dfa40d61eb70b543ba34758b1c8a4d11aef Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 15:54:43 +0100 Subject: l 2: give helios & uriel more access --- lass/2configs/base.nix | 5 +++-- lass/2configs/git.nix | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index ab7cda7d..5505da67 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -17,7 +17,8 @@ with lib; root = { openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey - config.krebs.users.uriel.pubkey + config.krebs.users.lass_uriel.pubkey + config.krebs.users.lass_helios.pubkey ]; }; mainUser = { @@ -31,7 +32,7 @@ with lib; ]; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey - config.krebs.users.uriel.pubkey + config.krebs.users.lass_uriel.pubkey ]; }; }; diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 10e54074..2d8ee95d 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -69,12 +69,12 @@ let with git // config.krebs.users; repo: singleton { - user = lass; + user = [ lass lass_helios lass_uriel ]; repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ optional repo.public { - user = [ tv makefu miefda uriel ]; + user = [ tv makefu miefda ]; repo = [ repo ]; perm = fetch; } ++ -- cgit v1.2.3 From 55b99a6c056b28be7601d7f56fab5a08a181ea29 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 15:55:41 +0100 Subject: l: add helios as new system --- krebs/3modules/lass/default.nix | 31 ++++++++++++++++++ krebs/Zhosts/helios | 10 ++++++ lass/1systems/helios.nix | 72 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 113 insertions(+) create mode 100644 krebs/Zhosts/helios create mode 100644 lass/1systems/helios.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index b99ebf01..49ff50e8 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -228,6 +228,33 @@ with lib; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD"; }; + helios = { + cores = 2; + dc = "lass"; + nets = { + retiolum = { + addrs4 = ["10.243.0.3"]; + addrs6 = ["42:0:0:0:0:0:0:7105"]; + aliases = [ + "helios.retiolum" + "cgit.helios.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA9SItL2mhQpTl95gjSWRstrDajUnI5YbrVCuaDKfw9gRwMyPNiO/y + Xwv/w4Ri8NCJZLZGkj2vG3X0EfJFBEPTJPTCbF9fP7PqqVs38BD41txLp+NrFxEq + 5fmFk65/eg8ujrNQoOSUGmky/BKqQhWjvxdAWuwjN933wJCcNCxyaUwljHLYEK/I + oIJX+spnFmPwmhW9hsOj8K06eHixT13+0W48GG/ZNcV3x5vWxcKUvZ4Qtzz2iMNB + hud5kae7xMUfFAzCeKF/zsjuyt2d/xQg1WgR8MXGNgYhNJFSXz94r/bivNO6H4vP + Pfjndnh8cD46ADo8woS1nQ19WId+sMbipwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7"; + }; }; users = addNames { @@ -239,5 +266,9 @@ with lib; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel"; mail = "lass@uriel.retiolum"; }; + lass_helios = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios"; + mail = "lass@helios.retiolum"; + }; }; } diff --git a/krebs/Zhosts/helios b/krebs/Zhosts/helios new file mode 100644 index 00000000..b34b7f18 --- /dev/null +++ b/krebs/Zhosts/helios @@ -0,0 +1,10 @@ +Subnet = 42:0:0:0:0:0:0:7105/128 +Subnet = 10.243.0.3/32 +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA9SItL2mhQpTl95gjSWRstrDajUnI5YbrVCuaDKfw9gRwMyPNiO/y +Xwv/w4Ri8NCJZLZGkj2vG3X0EfJFBEPTJPTCbF9fP7PqqVs38BD41txLp+NrFxEq +5fmFk65/eg8ujrNQoOSUGmky/BKqQhWjvxdAWuwjN933wJCcNCxyaUwljHLYEK/I +oIJX+spnFmPwmhW9hsOj8K06eHixT13+0W48GG/ZNcV3x5vWxcKUvZ4Qtzz2iMNB +hud5kae7xMUfFAzCeKF/zsjuyt2d/xQg1WgR8MXGNgYhNJFSXz94r/bivNO6H4vP +Pfjndnh8cD46ADo8woS1nQ19WId+sMbipwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix new file mode 100644 index 00000000..93b24c79 --- /dev/null +++ b/lass/1systems/helios.nix @@ -0,0 +1,72 @@ +{ config, pkgs, ... }: + +with builtins; +{ + imports = [ + ../2configs/baseX.nix + ../2configs/browsers.nix + ../2configs/programs.nix + #{ + # users.extraUsers = { + # root = { + # openssh.authorizedKeys.keys = map readFile [ + # ../../krebs/Zpubkeys/uriel.ssh.pub + # ]; + # }; + # }; + #} + ]; + + krebs.build.host = config.krebs.hosts.helios; + + networking.wireless.enable = true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + #kernelModules = [ "kvm-intel" "msr" ]; + kernelModules = [ "msr" ]; + }; + fileSystems = { + "/" = { + device = "/dev/pool/nix"; + fsType = "ext4"; + }; + + "/boot" = { + device = "/dev/sda1"; + }; + }; + + #services.udev.extraRules = '' + # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" + # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" + #''; + + services.xserver = { + videoDriver = "intel"; + vaapiDrivers = [ pkgs.vaapiIntel ]; + deviceSection = '' + Option "AccelMethod" "sna" + BusID "PCI:0:2:0" + ''; + }; + + services.xserver.synaptics = { + enable = true; + twoFingerScroll = true; + accelFactor = "0.035"; + additionalOptions = '' + Option "FingerHigh" "60" + Option "FingerLow" "60" + ''; + }; +} -- cgit v1.2.3 From 87c8d7830fb09d9e956308396018d5a00509cbf3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 15:56:24 +0100 Subject: l 1 mors: update nginx tests --- lass/1systems/mors.nix | 91 ++++++++++++++++++++++++++++++-------------------- 1 file changed, 55 insertions(+), 36 deletions(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 86a34a63..d0aae6db 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -32,51 +32,70 @@ ]; } { - #wordpress-test - #imports = singleton (sitesGenerators.createWordpress "testserver.de"); + #static-nginx-test imports = [ - ../3modules/wordpress_nginx.nix + ../3modules/static_nginx.nix ]; - lass.wordpress."testserver.de" = { - multiSite = { - "1" = "testserver.de"; - "2" = "bla.testserver.de"; + lass.staticPage."testserver.de" = { + #sslEnable = true; + #certificate = "${toString }/testserver.de/server.cert"; + #certificate_key = "${toString }/testserver.de/server.pem"; + ssl = { + enable = true; + certificate = "${toString }/testserver.de/server.cert"; + certificate_key = "${toString }/testserver.de/server.pem"; }; }; - - services.mysql = { - enable = true; - package = pkgs.mariadb; - rootPassword = "/mysql_rootPassword"; - }; networking.extraHosts = '' 10.243.0.2 testserver.de ''; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } - ]; } - { - #owncloud-test - #imports = singleton (sitesGenerators.createWordpress "testserver.de"); - imports = [ - ../3modules/owncloud_nginx.nix - ]; - lass.owncloud."owncloud-test.de" = { - }; + #{ + # #wordpress-test + # #imports = singleton (sitesGenerators.createWordpress "testserver.de"); + # imports = [ + # ../3modules/wordpress_nginx.nix + # ]; + # lass.wordpress."testserver.de" = { + # multiSite = { + # "1" = "testserver.de"; + # "2" = "bla.testserver.de"; + # }; + # }; - #services.mysql = { - # enable = true; - # package = pkgs.mariadb; - # rootPassword = "/mysql_rootPassword"; - #}; - networking.extraHosts = '' - 10.243.0.2 owncloud-test.de - ''; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } - ]; - } + # services.mysql = { + # enable = true; + # package = pkgs.mariadb; + # rootPassword = "/mysql_rootPassword"; + # }; + # networking.extraHosts = '' + # 10.243.0.2 testserver.de + # ''; + # krebs.iptables.tables.filter.INPUT.rules = [ + # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } + # ]; + #} + #{ + # #owncloud-test + # #imports = singleton (sitesGenerators.createWordpress "testserver.de"); + # imports = [ + # ../3modules/owncloud_nginx.nix + # ]; + # lass.owncloud."owncloud-test.de" = { + # }; + + # #services.mysql = { + # # enable = true; + # # package = pkgs.mariadb; + # # rootPassword = "/mysql_rootPassword"; + # #}; + # networking.extraHosts = '' + # 10.243.0.2 owncloud-test.de + # ''; + # krebs.iptables.tables.filter.INPUT.rules = [ + # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } + # ]; + #} ]; krebs.build.host = config.krebs.hosts.mors; -- cgit v1.2.3 From 8efbd093537de1e419b0c193b6aa2a262ae1f4c3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 15:57:54 +0100 Subject: l 2 buildbot-sta..: change name to buildbot-lass --- lass/2configs/buildbot-standalone.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 4d02fb97..8c71553f 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -60,7 +60,7 @@ web.enable = true; irc = { enable = true; - nick = "lass-buildbot"; + nick = "buildbot-lass"; server = "cd.retiolum"; channels = [ "retiolum" ]; allowForce = true; -- cgit v1.2.3 From cebb19ca9e412cd355638d0fbf028eba3b721bfa Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 15:58:35 +0100 Subject: l 2 websites wohnprojekt: add laura user --- lass/2configs/websites/wohnprojekt-rhh.de.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix index cd31450c..ac784d4c 100644 --- a/lass/2configs/websites/wohnprojekt-rhh.de.nix +++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix @@ -8,5 +8,11 @@ lass.staticPage = { "wohnprojekt-rhh.de" = {}; }; + + users.users.laura = { + home = "/srv/http/wohnprojekt-rhh.de"; + createHome = true; + useDefaultShell = true; + }; } -- cgit v1.2.3 From 77eaa656683dbe84bd66c4e7bc84670d836ed379 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 15:58:53 +0100 Subject: l 2 newsbot-js: disable truther feed --- lass/2configs/newsbot-js.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index 74d09b7f..4482c4e9 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -161,7 +161,7 @@ let torrentfreak|http://feeds.feedburner.com/Torrentfreak|#news torr_news|http://feed.torrentfreak.com/Torrentfreak/|#news travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#news - truther|http://truthernews.wordpress.com/feed/|#news + #truther|http://truthernews.wordpress.com/feed/|#news un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#news un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#news un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#news -- cgit v1.2.3 From 7d6d0a46643f66b18aa9480df6bb88391924f262 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 16:01:48 +0100 Subject: l 2 xserver: copy default.nix from tv --- lass/2configs/xserver/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 04d14c7c..d351fcf1 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -44,7 +44,7 @@ let "slock" ]; - systemd.services.display-manager = mkForce {}; + systemd.services.display-manager.enable = false; services.xserver.enable = true; @@ -93,9 +93,10 @@ let xmonad-start = pkgs.writeScriptBin "xmonad" '' #! ${pkgs.bash}/bin/bash set -efu - export PATH; PATH=${makeSearchPath "bin" ([ + export PATH; PATH=${makeSearchPath "bin" [ + pkgs.alsaUtils pkgs.rxvt_unicode - ] ++ config.environment.systemPackages)}:/var/setuid-wrappers + ]}:/var/setuid-wrappers settle() {( # Use PATH for a clean journal command=''${1##*/} -- cgit v1.2.3 From 45343b1e14a3fd2f581465d3e78adac372918a0c Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 16:03:03 +0100 Subject: l 3 *_nginx: allow configuration of ssl --- lass/3modules/owncloud_nginx.nix | 29 +++++++++++++++++++++++--- lass/3modules/static_nginx.nix | 44 ++++++++++++++++++++++++++++++++++++++- lass/3modules/wordpress_nginx.nix | 29 +++++++++++++++++++++++++- 3 files changed, 97 insertions(+), 5 deletions(-) diff --git a/lass/3modules/owncloud_nginx.nix b/lass/3modules/owncloud_nginx.nix index 0cb11846..79c9de1d 100644 --- a/lass/3modules/owncloud_nginx.nix +++ b/lass/3modules/owncloud_nginx.nix @@ -46,8 +46,22 @@ let type = str; }; ssl = mkOption { - type = bool; - default = false; + type = with types; submodule ({ + options = { + enable = mkEnableOption "ssl"; + certificate = mkOption { + type = str; + }; + certificate_key = mkOption { + type = str; + }; + ciphers = mkOption { + type = str; + default = "AES128+EECDH:AES128+EDH"; + }; + }; + }); + default = {}; }; }; })); @@ -58,7 +72,7 @@ let group = config.services.nginx.group; imp = { - krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: { + krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: { server-names = [ "${domain}" "www.${domain}" @@ -102,7 +116,16 @@ let error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; + ${if ssl.enable then '' + ssl_certificate ${ssl.certificate}; + ssl_certificate_key ${ssl.certificate_key}; + '' else ""} ''; + listen = (if ssl.enable then + [ "80" "443 ssl" ] + else + "80" + ); }); services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: '' listen = ${folder}/phpfpm.pool diff --git a/lass/3modules/static_nginx.nix b/lass/3modules/static_nginx.nix index cc2641af..fd5cfdfd 100644 --- a/lass/3modules/static_nginx.nix +++ b/lass/3modules/static_nginx.nix @@ -21,6 +21,35 @@ let type = str; default = "/srv/http/${config.domain}"; }; + #sslEnable = mkEnableOption "ssl"; + #certificate = mkOption { + # type = str; + #}; + #certificate_key = mkOption { + # type = str; + #}; + #ciphers = mkOption { + # type = str; + # default = "AES128+EECDH:AES128+EDH"; + #}; + ssl = mkOption { + type = with types; submodule ({ + options = { + enable = mkEnableOption "ssl"; + certificate = mkOption { + type = str; + }; + certificate_key = mkOption { + type = str; + }; + ciphers = mkOption { + type = str; + default = "AES128+EECDH:AES128+EDH"; + }; + }; + }); + default = {}; + }; }; })); default = {}; @@ -29,8 +58,10 @@ let user = config.services.nginx.user; group = config.services.nginx.group; + external-ip = head config.krebs.build.host.nets.internet.addrs4; + imp = { - krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: { + krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: { server-names = [ "${domain}" "www.${domain}" @@ -43,6 +74,17 @@ let deny all; '') ]; + + listen = (if ssl.enable then + [ "80" "443 ssl" ] + else + "80" + ); + extraConfig = (if ssl.enable then '' + ssl_certificate ${ssl.certificate}; + ssl_certificate_key ${ssl.certificate_key}; + '' else ""); + }); }; diff --git a/lass/3modules/wordpress_nginx.nix b/lass/3modules/wordpress_nginx.nix index 974aacd8..bfed9e7c 100644 --- a/lass/3modules/wordpress_nginx.nix +++ b/lass/3modules/wordpress_nginx.nix @@ -53,6 +53,23 @@ let "1" = "test.testsite.de"; }; }; + ssl = mkOption { + type = with types; submodule ({ + options = { + enable = mkEnableOption "ssl"; + certificate = mkOption { + type = str; + }; + certificate_key = mkOption { + type = str; + }; + ciphers = mkOption { + type = str; + default = "AES128+EECDH:AES128+EDH"; + }; + }; + }); + }; }; })); default = {}; @@ -68,7 +85,7 @@ let # } #''; - krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, multiSite, ... }: { + krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, multiSite, ssl, ... }: { server-names = [ "${domain}" "www.${domain}" @@ -114,7 +131,17 @@ let error_log /tmp/nginx_err.log; error_page 404 /404.html; error_page 500 502 503 504 /50x.html; + ${if ssl.enable then '' + ssl_certificate ${ssl.certificate}; + ssl_certificate_key ${ssl.certificate_key}; + '' else ""} + ''; + listen = (if ssl.enable then + [ "80" "443 ssl" ] + else + "80" + ); }); services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: '' listen = ${folder}/phpfpm.pool -- cgit v1.2.3 From 8beca9b31177183bfec031c6d0a947a1c99fc497 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 16:04:05 +0100 Subject: l: add fritz websites to dishfire --- lass/1systems/dishfire.nix | 1 + lass/2configs/websites/fritz.nix | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 lass/2configs/websites/fritz.nix diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index a1288d57..0e650bfa 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -4,6 +4,7 @@ imports = [ ../2configs/base.nix + ../2configs/websites/fritz.nix { boot.loader.grub = { device = "/dev/vda"; diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix new file mode 100644 index 00000000..073f3de1 --- /dev/null +++ b/lass/2configs/websites/fritz.nix @@ -0,0 +1,33 @@ +{ config, pkgs, ... }: + +{ + + imports = [ + ../../3modules/static_nginx.nix + ../../3modules/owncloud_nginx.nix + ../../3modules/wordpress_nginx.nix + ]; + + lass.staticPage = { + "biostase.de" = {}; + "gs-maubach.de" = {}; + "spielwaren-kern.de" = {}; + "societyofsimtech.de" = {}; + "ttf-kleinaspach.de" = {}; + "edsn.de" = {}; + "eab.berkeley.edu" = {}; + "habsys.de" = {}; + }; + + #lass.owncloud = { + # "o.ubikmedia.de" = { + # instanceid = "oc8n8ddbftgh"; + # }; + #}; + + #services.mysql = { + # enable = true; + # package = pkgs.mariadb; + # rootPassword = toString (); + #}; +} -- cgit v1.2.3 From 04d14aac7670e37c633565fad8e15e46b74b0eb6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 16:10:02 +0100 Subject: l 1 helios: import git.nix --- lass/1systems/helios.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 93b24c79..67e3738e 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -6,6 +6,7 @@ with builtins; ../2configs/baseX.nix ../2configs/browsers.nix ../2configs/programs.nix + ../2configs/git.nix #{ # users.extraUsers = { # root = { -- cgit v1.2.3 From 0cd9c450f0ddcd41f95608f20d193fbf6b062c2f Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 16:18:17 +0100 Subject: k 3 l: add ssh host key for dishfire --- krebs/3modules/lass/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 49ff50e8..9f22018a 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -33,8 +33,8 @@ with lib; ''; }; }; - #ssh.privkey.path = ; - #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK"; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy"; }; echelon = { cores = 2; -- cgit v1.2.3 From 138bdc6bf6a18a59cf47d2d2db7c4e7640f50641 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 16:18:36 +0100 Subject: l 1 dishfire: import git.nix --- lass/1systems/dishfire.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index 0e650bfa..cc9836df 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -4,6 +4,7 @@ imports = [ ../2configs/base.nix + ../2configs/git.nix ../2configs/websites/fritz.nix { boot.loader.grub = { -- cgit v1.2.3 From 0939b8b37601fbbd509f88f95f7cab30b906a383 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 11:54:00 +0100 Subject: make deploy: properly print ssh target --- Makefile | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 95862905..886a26f8 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,3 @@ -.ONESHELL: -.SHELLFLAGS := -eufc - ifndef system $(error unbound variable: system) endif @@ -22,7 +19,7 @@ execute = $(call evaluate,-A config.krebs.build.$(1) --json) | jq -r . | sh # usage: make deploy system=foo [target_host=bar] deploy: $(call execute,populate) - ssh "$$target_user@$$target_host" nixos-rebuild switch -I "$$target_path" + @set -x; ssh "$$target_user@$$target_host" nixos-rebuild switch -I "$$target_path" # usage: make LOGNAME=shared system=wolf eval.config.krebs.build.host.name eval eval.:;@$(call evaluate) @@ -33,7 +30,7 @@ eval.%:;@$(call evaluate,-A $*) #install: ssh = ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null #install:;@set -x # $(ssh) "$$target_user@$$target_host" \ -# env target_path=/var/src \ +# env target_path="$target_path" \ # sh -s prepare < krebs/4lib/infest/prepare.sh # make -s populate target_path=/mnt"$$target_path" # $(ssh) "$$target_user@$$target_host" \ -- cgit v1.2.3 From 8682f49ed7ba2687f65e8d11f1b943777896a228 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 11:57:47 +0100 Subject: Makefile execute: don't try to run failed evaluations :D --- Makefile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 886a26f8..e61d16b7 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,10 @@ evaluate = \ --show-trace \ $(1) -execute = $(call evaluate,-A config.krebs.build.$(1) --json) | jq -r . | sh +execute = \ + result=$$($(call evaluate,-A config.krebs.build.$(1) --json)) && \ + script=$$(echo "$$result" | jq -r .) && \ + echo "$$script" | sh # usage: make deploy system=foo [target_host=bar] deploy: -- cgit v1.2.3 From d739448ab940da4ed5bdf9be5398f6b93b854412 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 12:46:09 +0100 Subject: krebs.build.populate: cleanup (less) harder --- krebs/3modules/build.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 00142acd..0da5dd38 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -74,7 +74,7 @@ let unset tmpdir trap ' - rm "$tmpdir"/* + rm -f "$tmpdir"/* rmdir "$tmpdir" trap - EXIT INT QUIT ' EXIT INT QUIT -- cgit v1.2.3 From cb264dfb9119de4fb6d081171473e4276cdbb9d5 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 5 Feb 2016 15:11:22 +0100 Subject: urlwatch: 2.0 -> 2.1 --- krebs/5pkgs/urlwatch/default.nix | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/krebs/5pkgs/urlwatch/default.nix b/krebs/5pkgs/urlwatch/default.nix index d9b59531..780ad24f 100644 --- a/krebs/5pkgs/urlwatch/default.nix +++ b/krebs/5pkgs/urlwatch/default.nix @@ -1,29 +1,18 @@ { stdenv, fetchurl, python3Packages }: python3Packages.buildPythonPackage rec { - name = "urlwatch-2.0"; + name = "urlwatch-2.1"; src = fetchurl { url = "https://thp.io/2008/urlwatch/${name}.tar.gz"; - sha256 = "0j38qzw4jxw41vnnpi6j851hqpv8d6p1cbni6cv8r2vqf5307s3b"; + sha256 = "0xn435cml9wjwk39117p1diqmvw3jbmv9ccr7230iaf7z59vf9v6"; }; propagatedBuildInputs = with python3Packages; [ - pyyaml keyring - (python3Packages.buildPythonPackage rec { - name = "minidb-2.0.1"; - src = fetchurl { - url = "https://thp.io/2010/minidb/${name}.tar.gz"; - sha256 = "1x958zr9jc26vaqij451qb9m2l7apcpz34ir9fwfjg4fwv24z2dy"; - }; - meta = { - description = "A simple SQLite3-based store for Python objects"; - homepage = https://thp.io/2010/minidb/; - license = stdenv.lib.licenses.isc; - maintainers = [ stdenv.lib.maintainers.tv ]; - }; - }) + minidb + pyyaml + requests2 ]; postFixup = '' @@ -36,4 +25,4 @@ python3Packages.buildPythonPackage rec { license = stdenv.lib.licenses.bsd3; maintainers = [ stdenv.lib.maintainers.tv ]; }; -}# +} -- cgit v1.2.3 From b2303e081fb1ccc9a0b88f538736045fb2fba14f Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 5 Feb 2016 15:18:28 +0100 Subject: cd: use default upstream-nixpkgs --- tv/1systems/cd.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index e42d5750..8297a56d 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -6,11 +6,6 @@ with lib; krebs.build.host = config.krebs.hosts.cd; krebs.build.target = "root@cd.internet"; - krebs.build.source.upstream-nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "b7ff030"; - }; - imports = [ ../2configs/hw/CAC-Developer-2.nix ../2configs/fs/CAC-CentOS-7-64bit.nix -- cgit v1.2.3 From 23c7c10f5a5ed83dca001d7382e5b89981277f8c Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 15:11:30 +0100 Subject: krebs.retiolum.hosts: change type to attrsOf host --- krebs/3modules/retiolum.nix | 46 +++++++++++++++++----------------- krebs/4lib/types.nix | 16 ++++++------ krebs/Zhosts/Styx | 10 -------- krebs/Zhosts/ThinkArmageddon | 9 ------- krebs/Zhosts/TriBot | 11 -------- krebs/Zhosts/ach | 11 -------- krebs/Zhosts/air | 11 -------- krebs/Zhosts/alarmpi | 11 -------- krebs/Zhosts/albi10 | 11 -------- krebs/Zhosts/albi7 | 10 -------- krebs/Zhosts/almoehi | 11 -------- krebs/Zhosts/alphalabs | 10 -------- krebs/Zhosts/apfull | 11 -------- krebs/Zhosts/bitchctl | 11 -------- krebs/Zhosts/bitchextend | 11 -------- krebs/Zhosts/bitchtop | 11 -------- krebs/Zhosts/bobby | 11 -------- krebs/Zhosts/box | 10 -------- krebs/Zhosts/bridge | 12 --------- krebs/Zhosts/c2ft | 10 -------- krebs/Zhosts/c2fthome | 10 -------- krebs/Zhosts/casino | 11 -------- krebs/Zhosts/cat1 | 11 -------- krebs/Zhosts/cband | 11 -------- krebs/Zhosts/cd | 17 ------------- krebs/Zhosts/cloudkrebs | 12 --------- krebs/Zhosts/darth | 12 --------- krebs/Zhosts/dei | 11 -------- krebs/Zhosts/destroy | 11 -------- krebs/Zhosts/devstar | 11 -------- krebs/Zhosts/echelon | 12 --------- krebs/Zhosts/eigenserv | 11 -------- krebs/Zhosts/elvis | 12 --------- krebs/Zhosts/eulerwalk | 11 -------- krebs/Zhosts/exile | 9 ------- krebs/Zhosts/exitium_mobilis | 10 -------- krebs/Zhosts/falk | 11 -------- krebs/Zhosts/fastpoke | 12 --------- krebs/Zhosts/filebitch | 11 -------- krebs/Zhosts/filepimp | 11 -------- krebs/Zhosts/flap | 12 --------- krebs/Zhosts/foobar | 11 -------- krebs/Zhosts/fuerkrebs | 10 -------- krebs/Zhosts/gum | 15 ----------- krebs/Zhosts/heidi | 11 -------- krebs/Zhosts/horisa | 12 --------- krebs/Zhosts/horreum_magnus | 15 ----------- krebs/Zhosts/incept | 13 ---------- krebs/Zhosts/ire | 12 --------- krebs/Zhosts/ire2 | 9 ------- krebs/Zhosts/irkel | 12 --------- krebs/Zhosts/juhulian | 11 -------- krebs/Zhosts/k2 | 28 --------------------- krebs/Zhosts/kabinett | 11 -------- krebs/Zhosts/kaepsele | 11 -------- krebs/Zhosts/kalle | 11 -------- krebs/Zhosts/karthus | 10 -------- krebs/Zhosts/kebsco | 11 -------- krebs/Zhosts/khackplug | 11 -------- krebs/Zhosts/kheurop | 12 --------- krebs/Zhosts/kiosk | 12 --------- krebs/Zhosts/krebsplug | 10 -------- krebs/Zhosts/kvasir | 11 -------- krebs/Zhosts/laqueus | 11 -------- krebs/Zhosts/linuxatom | 11 -------- krebs/Zhosts/luminos | 11 -------- krebs/Zhosts/machine | 11 -------- krebs/Zhosts/makalu | 11 -------- krebs/Zhosts/mako | 11 -------- krebs/Zhosts/miefda0 | 10 -------- krebs/Zhosts/minikrebs | 10 -------- krebs/Zhosts/mkdir | 11 -------- krebs/Zhosts/monitor