From 557eefd36b446d73437c933c8ff895b910674aba Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 10 Nov 2015 12:58:32 +0100 Subject: gum: prepare, add target --- makefu/1systems/gum.nix | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 85cf4c533..a028145ce 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -9,24 +9,23 @@ in { # TODO: copy this config or move to krebs ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix + ../2configs/fs/single-partition-ext4.nix # ../2configs/iodined.nix - # Reaktor - ../2configs/Reaktor/simpleExtend.nix ]; - + boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.splashImage = null; + boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ]; + boot.kernelModules = [ "kvm-intel" ]; + krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; - krebs.Reaktor.enable = true; - - # prepare graphs - krebs.nginx.enable = true; - + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" + ''; networking = { firewall.allowPing = true; - firewall.allowedTCPPorts = [ 80 443 655 ]; - firewall.allowedUDPPorts = [ 655 ]; - interfaces.enp2s1.ip4 = [{ + interfaces.et0.ip4 = [{ address = external-ip; prefixLength = 24; }]; @@ -34,5 +33,4 @@ in { nameservers = [ "8.8.8.8" ]; }; - # based on ../../tv/2configs/CAC-Developer-2.nix } -- cgit v1.2.3 From b394c79051fbcf6cf072f2b9af75819d37cd2426 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 10 Nov 2015 18:53:31 +0100 Subject: m 1 gum:update firewall --- makefu/1systems/gum.nix | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index a028145ce..3a010220e 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -13,18 +13,36 @@ in { # ../2configs/iodined.nix ]; + + krebs.build.target = "root@gum.krebsco.de"; + krebs.build.host = config.krebs.hosts.gum; + + # Hardware boot.loader.grub.device = "/dev/sda"; - boot.loader.grub.splashImage = null; boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ]; boot.kernelModules = [ "kvm-intel" ]; - krebs.build.target = "root@gum.krebsco.de"; - krebs.build.host = config.krebs.hosts.gum; + + # Network services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" ''; networking = { - firewall.allowPing = true; + firewall = { + allowPing = true; + allowedTCPPorts = [ + # smtp + 25 + # http + 80 443 + # tinc + 655 + ]; + allowedUDPPorts = [ + # tinc + 655 53 + ]; + }; interfaces.et0.ip4 = [{ address = external-ip; prefixLength = 24; -- cgit v1.2.3 From cdc77bf0bc39f9c815ad5bedd47ac3a372c00315 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 10 Nov 2015 19:36:46 +0100 Subject: m 1 gum: add chat tools --- makefu/1systems/gum.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'makefu') diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 3a010220e..8dd347b4f 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -17,6 +17,12 @@ in { krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; + # Chat + environment.systemPackages = with pkgs;[ + weechat + ]; + services.bitlbee.enable = true; + # Hardware boot.loader.grub.device = "/dev/sda"; boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ]; -- cgit v1.2.3 From 525dff002e7fe360b0c9803f1004ad2c8749c319 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 13 Nov 2015 12:24:29 +0100 Subject: m 1 gum: disable ipv6, open up fw --- makefu/1systems/gum.nix | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 8dd347b4f..63db7a71c 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -16,7 +16,6 @@ in { krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; - # Chat environment.systemPackages = with pkgs;[ weechat @@ -33,21 +32,24 @@ in { services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" ''; + boot.kernelParams = [ "ipv6.disable=1" ]; networking = { - firewall = { - allowPing = true; - allowedTCPPorts = [ - # smtp - 25 - # http - 80 443 - # tinc - 655 - ]; - allowedUDPPorts = [ - # tinc - 655 53 - ]; + enableIPv6 = false; + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ + # smtp + 25 + # http + 80 443 + # tinc + 655 + ]; + allowedUDPPorts = [ + # tinc + 655 53 + ]; }; interfaces.et0.ip4 = [{ address = external-ip; -- cgit v1.2.3 From e0ae8c1a3fe333de8a14b04b4a7e2dd01163b727 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 13 Nov 2015 12:25:18 +0100 Subject: m 1 {gum,wry}: disable dropped packet logging --- makefu/1systems/wry.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index ba94972fb..cd39b4b9f 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -59,9 +59,12 @@ in { }; networking = { - firewall.allowPing = true; - firewall.allowedTCPPorts = [ 53 80 443 ]; - firewall.allowedUDPPorts = [ 655 ]; + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ 53 80 443 ]; + allowedUDPPorts = [ 655 ]; + }; interfaces.enp2s1.ip4 = [{ address = external-ip; prefixLength = 24; -- cgit v1.2.3 From 78660ea002d5912eb8d06da1895cc6e34bd5e6eb Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 14 Nov 2015 01:48:49 +0100 Subject: m 1 filepimp: remove legacy imports --- makefu/1systems/filepimp.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix index fb1a57552..66ea2ce90 100644 --- a/makefu/1systems/filepimp.nix +++ b/makefu/1systems/filepimp.nix @@ -7,8 +7,6 @@ { imports = [ # Include the results of the hardware scan. - ../2configs/default.nix - ../2configs/fs/vm-single-partition.nix ../2configs/fs/single-partition-ext4.nix ../2configs/tinc-basic-retiolum.nix ]; -- cgit v1.2.3 From 2b9d7bdda10689e8bd8f7ed39830fd274c02457b Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 14 Nov 2015 01:49:31 +0100 Subject: m 1 gum: add swap to server config --- makefu/1systems/gum.nix | 1 + makefu/2configs/fs/simple-swap.nix | 11 +++++++++++ 2 files changed, 12 insertions(+) create mode 100644 makefu/2configs/fs/simple-swap.nix (limited to 'makefu') diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 8dd347b4f..44ab8c6f8 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -9,6 +9,7 @@ in { # TODO: copy this config or move to krebs ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix + ../2configs/fs/simple-swap.nix ../2configs/fs/single-partition-ext4.nix # ../2configs/iodined.nix diff --git a/makefu/2configs/fs/simple-swap.nix b/makefu/2configs/fs/simple-swap.nix new file mode 100644 index 000000000..8c161b287 --- /dev/null +++ b/makefu/2configs/fs/simple-swap.nix @@ -0,0 +1,11 @@ +_: +{ + # do not swap that often + boot.kernel.sysctl = { + "vm.swappiness" = 25; + }; + + swapDevices = [ + { device = "/dev/disk/by-label/swap"; } + ]; +} -- cgit v1.2.3 From 79b890670100d08c3640fffade2caf3eced192d8 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 14 Nov 2015 01:50:24 +0100 Subject: m 2 vbox: up version number --- makefu/2configs/main-laptop.nix | 2 +- makefu/2configs/virtualization-virtualbox.nix | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index 294ee7510..dfc8c1c07 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -12,7 +12,7 @@ with lib; firefox chromium keepassx - + ntfs3g virtmanager at_spi2_core # dep for virtmanager? ]; diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix index 610b63732..aaabcd50e 100644 --- a/makefu/2configs/virtualization-virtualbox.nix +++ b/makefu/2configs/virtualization-virtualbox.nix @@ -2,11 +2,11 @@ let mainUser = config.krebs.build.user; - version = "5.0.4"; - rev = "102546"; + version = "5.0.6"; + rev = "103037"; vboxguestpkg = pkgs.fetchurl { url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack"; - sha256 = "1ykwpjvfgj11iwhx70bh2hbxhyy3hg6rnqzl4qac7xzg8xw8wqg4"; + sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf"; }; in { #inherit vboxguestpkg; -- cgit v1.2.3 From b69dcc6086c16ae996575bb00a1f55a14c26b63e Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 13:54:55 +0100 Subject: m 1 gum: add ssh repo --- makefu/1systems/gum.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index d8b7ed5f9..63ad18339 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -12,6 +12,7 @@ in { ../2configs/fs/simple-swap.nix ../2configs/fs/single-partition-ext4.nix # ../2configs/iodined.nix + ../2configs/git/cgit-retiolum.nix ]; -- cgit v1.2.3 From 4fec1920fb8fb9392c7a5c363a8392230eb64de8 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 13:55:30 +0100 Subject: m 2 git: fix library and irc hooks --- makefu/2configs/git/brain-retiolum.nix | 4 +-- makefu/2configs/git/cgit-retiolum.nix | 46 +++++++++++++++++++++++----------- 2 files changed, 33 insertions(+), 17 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix index 793373859..066d50a28 100644 --- a/makefu/2configs/git/brain-retiolum.nix +++ b/makefu/2configs/git/brain-retiolum.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: # TODO: remove tv lib :) -with import ../../../tv/4lib { inherit lib pkgs; }; +with lib; let repos = priv-repos // krebs-repos ; @@ -26,7 +26,7 @@ let inherit name desc; public = false; hooks = { - post-receive = git.irc-announce { + post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; channel = "#retiolum"; # TODO remove the hardcoded hostname diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 189dd66c8..748cd6427 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -1,10 +1,12 @@ { config, lib, pkgs, ... }: # TODO: remove tv lib :) -with import ../../../tv/4lib { inherit lib pkgs; }; +with lib; let - repos = priv-repos // krebs-repos ; - rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos); + repos = priv-repos // krebs-repos // connector-repos ; + rules = concatMap krebs-rules (attrValues krebs-repos) + ++ concatMap priv-rules (attrValues priv-repos) + ++ concatMap connector-rules (attrValues connector-repos); krebs-repos = mapAttrs make-krebs-repo { stockholm = { @@ -19,6 +21,10 @@ let autosync = { }; }; + connector-repos = mapAttrs make-priv-repo { + autosync = { }; + }; + # TODO move users to separate module make-priv-repo = name: { desc ? null, ... }: { @@ -40,29 +46,34 @@ let }; }; - set-owners = with git;repo: user: - singleton { - inherit user; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - }; - set-ro-access = with git; repo: user: - optional repo.public { - inherit user; - repo = [ repo ]; - perm = fetch; - }; # TODO: get the list of all krebsministers krebsminister = with config.krebs.users; [ lass tv uriel ]; all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ]; + exco = with config.krebs.users; [ exco ]; priv-rules = repo: set-owners repo all-makefu; + connector-rules = repo: set-owners repo (all-makefu ++ exco); + krebs-rules = repo: set-owners repo all-makefu ++ set-ro-access repo krebsminister; + set-ro-access = with git; repo: user: + optional repo.public { + inherit user; + repo = [ repo ]; + perm = fetch; + }; + + set-owners = with git;repo: user: + singleton { + inherit user; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + }; + in { imports = [{ krebs.users.makefu-omo = { @@ -73,6 +84,11 @@ in { name = "makefu-tsp" ; pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub; }; + + krebs.users.exco = { + name = "exco" ; + pubkey= with builtins; readFile ../../../krebs/Zpubkeys/exco.ssh.pub; + }; }]; krebs.git = { enable = true; -- cgit v1.2.3 From b2ac9b092a36c3196469099c73c64c8ca6626be0 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 17 Nov 2015 22:16:55 +0100 Subject: makefu: fix cgit for wry, add gc to wry --- makefu/1systems/wry.nix | 8 ++++++-- makefu/2configs/git/cgit-retiolum.nix | 23 ++++++++++++----------- 2 files changed, 18 insertions(+), 13 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index cd39b4b9f..cd2b3f657 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -24,11 +24,11 @@ in { # other nginx ../2configs/nginx/euer.wiki.nix ../2configs/nginx/euer.blog.nix + ../2configs/nginx/euer.test.nix # collectd ../2configs/collectd/collectd-base.nix ]; - krebs.build.host = config.krebs.hosts.wry; krebs.Reaktor.enable = true; @@ -73,5 +73,9 @@ in { nameservers = [ "8.8.8.8" ]; }; - environment.systemPackages = [ pkgs.translate-shell ]; + # small machine - do not forget to gc every day + nix.gc.automatic = true; + nix.gc.dates = "03:10"; + + environment.systemPackages = [ ]; } diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 748cd6427..e12827697 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -22,7 +22,7 @@ let }; connector-repos = mapAttrs make-priv-repo { - autosync = { }; + connector = { }; }; @@ -36,7 +36,7 @@ let inherit name desc; public = true; hooks = { - post-receive = git.irc-announce { + post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; verbose = config.krebs.build.host.name == "pnp"; channel = "#retiolum"; @@ -51,11 +51,11 @@ let # TODO: get the list of all krebsministers krebsminister = with config.krebs.users; [ lass tv uriel ]; all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ]; - exco = with config.krebs.users; [ exco ]; + all-exco = with config.krebs.users; [ exco ]; priv-rules = repo: set-owners repo all-makefu; - connector-rules = repo: set-owners repo (all-makefu ++ exco); + connector-rules = repo: set-owners repo all-makefu ++ set-owners repo all-exco; krebs-rules = repo: set-owners repo all-makefu ++ set-ro-access repo krebsminister; @@ -76,18 +76,19 @@ let in { imports = [{ - krebs.users.makefu-omo = { + krebs.users = { + makefu-omo = { name = "makefu-omo" ; pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub; - }; - krebs.users.makefu-tsp = { + }; + makefu-tsp = { name = "makefu-tsp" ; pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub; - }; - - krebs.users.exco = { - name = "exco" ; + }; + exco = { + name = "exco"; pubkey= with builtins; readFile ../../../krebs/Zpubkeys/exco.ssh.pub; + }; }; }]; krebs.git = { -- cgit v1.2.3 From c7bb244bdf40cbcac76c23cda58e745021fa7247 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 27 Nov 2015 23:10:44 +0100 Subject: m 1 gum: provides mattermost via docker container --- makefu/1systems/gum.nix | 9 +++++-- makefu/2configs/mattermost-docker.nix | 47 +++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 makefu/2configs/mattermost-docker.nix (limited to 'makefu') diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 63ad18339..46bf3a970 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -13,14 +13,20 @@ in { ../2configs/fs/single-partition-ext4.nix # ../2configs/iodined.nix ../2configs/git/cgit-retiolum.nix - + ../2configs/mattermost-docker.nix ]; + + + ###### stable krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; + + # Chat environment.systemPackages = with pkgs;[ weechat + get ]; services.bitlbee.enable = true; @@ -30,7 +36,6 @@ in { boot.kernelModules = [ "kvm-intel" ]; # Network - services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" ''; diff --git a/makefu/2configs/mattermost-docker.nix b/makefu/2configs/mattermost-docker.nix new file mode 100644 index 000000000..20a93dff1 --- /dev/null +++ b/makefu/2configs/mattermost-docker.nix @@ -0,0 +1,47 @@ +{config, lib, ...}: + +with lib; +let + sec = toString ; + ssl_cert = "${sec}/wildcard.krebsco.de.crt"; + ssl_key = "${sec}/wildcard.krebsco.de.key"; +in { + # mattermost docker config and deployment guide: git.euer.krebsco.de + virtualisation.docker.enable = true; + users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "docker" ]; + krebs.nginx = { + enable = true; + servers.mattermost = { + listen = [ "80" "443 ssl" ]; + server-names = [ "mattermost.euer.krebsco.de" ]; + extraConfig = '' + gzip on; + gzip_buffers 4 32k; + gzip_types text/plain application/x-javascript text/css; + ssl_certificate ${ssl_cert}; + ssl_certificate_key ${ssl_key}; + default_type text/plain; + + if ($scheme = http){ + return 301 https://$server_name$request_uri; + } + + client_max_body_size 4G; + keepalive_timeout 10; + + ''; + locations = [ + (nameValuePair "/" '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_redirect off; + proxy_pass http://localhost:8065/; + '') + ]; + }; + }; +} -- cgit v1.2.3 From 61d9ec179b3d1a55602a1ae188e70c84e5721107 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 Dec 2015 20:36:09 +0100 Subject: m 2 git: add mattermost --- makefu/2configs/git/cgit-retiolum.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'makefu') diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index e12827697..304d39fcd 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -15,6 +15,7 @@ let tinc_graphs = { desc = "Tinc Advanced Graph Generation"; }; + cac = { }; }; priv-repos = mapAttrs make-priv-repo { @@ -23,6 +24,9 @@ let connector-repos = mapAttrs make-priv-repo { connector = { }; + mattermost = { + desc = "Mattermost Docker files"; + }; }; -- cgit v1.2.3 From ada1aa277ce40df309e7440905e94a0b11d6e163 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 Dec 2015 20:36:42 +0100 Subject: m 2 default: do not restart ssh agent --- makefu/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 3d9174788..760c70789 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -65,6 +65,7 @@ with lib; time.timeZone = "Europe/Berlin"; #nix.maxJobs = 1; + programs.ssh.startAgent = false; services.openssh.enable = true; nix.useChroot = true; -- cgit v1.2.3 From b5ffb88ba3a77d4f399d7a2815e2c61d53545f5d Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 Dec 2015 20:37:04 +0100 Subject: m 2 base-gui: add TODO --- makefu/2configs/base-gui.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'makefu') diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 7b7f85f13..16a5386ca 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -10,6 +10,17 @@ # # if this is not enough, check out main-laptop.nix +## TODO: .Xdefaults: +# URxvt*termName: rxvt +# URxvt.scrollBar : false +# URxvt*scrollBar_right: false +# URxvt*borderLess: false +# URxvt.foreground: white +# URxvt.background: black +# URxvt.urgentOnBell: true +# URxvt.visualBell: false +# URxvt.font : xft:Terminus + with lib; let mainUser = config.krebs.build.user.name; -- cgit v1.2.3 From 0b76b1081eb89aabd07225380659d79c881ab9f9 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 Dec 2015 20:39:01 +0100 Subject: m 1 gum: add bepasty --- makefu/1systems/gum.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 63ad18339..9de07266e 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -21,6 +21,7 @@ in { # Chat environment.systemPackages = with pkgs;[ weechat + bepasty-client-cli ]; services.bitlbee.enable = true; -- cgit v1.2.3 From a2461b2a8216ee49ca260d54fb91596ecf5cd45d Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 4 Dec 2015 22:42:44 +0100 Subject: m 1 pornocauster: add printing,virtualbox --- makefu/1systems/pornocauster.nix | 4 +++- makefu/2configs/printer.nix | 10 ++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 makefu/2configs/printer.nix (limited to 'makefu') diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 8624cb2d1..1a51618c1 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -16,11 +16,13 @@ ../2configs/zsh-user.nix # applications + ../2configs/exim-retiolum.nix ../2configs/mail-client.nix + ../2configs/printer.nix #../2configs/virtualization.nix ../2configs/virtualization.nix - #../2configs/virtualization-virtualbox.nix + ../2configs/virtualization-virtualbox.nix ../2configs/wwan.nix # services diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix new file mode 100644 index 000000000..35ad54bd9 --- /dev/null +++ b/makefu/2configs/printer.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: + +{ + services.printing = { + enable = true; + drivers = [ + pkgs.samsungUnifiedLinuxDriver + ]; + }; +} -- cgit v1.2.3 From 273d9c6c9c9d2419dc3f3d773b4ce8d2fa4601b4 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 4 Dec 2015 22:43:35 +0100 Subject: m 1 pornocauster: use tinc_pre --- makefu/1systems/pornocauster.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'makefu') diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 1a51618c1..977289470 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -36,6 +36,7 @@ # ../2configs/mediawiki.nix #../2configs/wordpress.nix ]; + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; #krebs.Reaktor.enable = true; #krebs.Reaktor.nickname = "makefu|r"; @@ -45,6 +46,7 @@ get virtmanager gnome3.dconf + krebspaste ]; services.logind.extraConfig = "HandleLidSwitch=ignore"; -- cgit v1.2.3 From d83489feb1005dae7161909fcd0bf81a37e1ca41 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 8 Dec 2015 18:05:46 +0100 Subject: m 2 Reaktor: init of sed-plugin --- makefu/2configs/Reaktor/sed-plugin.py | 43 +++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 makefu/2configs/Reaktor/sed-plugin.py (limited to 'makefu') diff --git a/makefu/2configs/Reaktor/sed-plugin.py b/makefu/2configs/Reaktor/sed-plugin.py new file mode 100644 index 000000000..6d6e1f8b8 --- /dev/null +++ b/makefu/2configs/Reaktor/sed-plugin.py @@ -0,0 +1,43 @@ +#!/usr/bin/env python3 + +# Usage: +# _from=krebs statedir=. python sed-plugin.py 'dick butt' +# _from=krebs statedir=. python sed-plugin.py 's/t/l/g' +## dick bull +import shelve +from os import environ +from os.path import join +from sys import argv +d = shelve.open(join(environ['statedir'],'sed-plugin.shelve'),writeback=True) +import re + +def is_regex(line): + # TODO: match s/di\/ck/butt/ but not s/di/ck/butt/ + myre = re.compile(r'^s/((?:\\/|[^/])+)/((?:\\/|[^/])*)/([ig]*)$') + return myre.match(line) + +line = argv[1] +m = is_regex(line) + +if m: + f,t,flagstr = m.groups() + f = f.replace('\/','/') + t = t.replace('\/','/') + flags = 0 + count = 1 + if flagstr: + if 'i' in flagstr: + flags = re.IGNORECASE + if 'g' in flagstr: + count = 0 + last = d.get(environ['_from'],None) + if last: + print(f,t,last) + print(re.sub(f,t,last,count=count,flags=flags)) + else: + print("no last message") +else: + print("setting line") + d[environ['_from']] = line + +d.close() -- cgit v1.2.3 From 869a278aa8bdaf981222a4e72a4cfc3fbb740f95 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 8 Dec 2015 18:26:08 +0100 Subject: m 2 Reaktor: use sed-plugin --- makefu/2configs/Reaktor/sed-plugin.py | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/Reaktor/sed-plugin.py b/makefu/2configs/Reaktor/sed-plugin.py index 6d6e1f8b8..677a1a44f 100644 --- a/makefu/2configs/Reaktor/sed-plugin.py +++ b/makefu/2configs/Reaktor/sed-plugin.py @@ -21,8 +21,8 @@ m = is_regex(line) if m: f,t,flagstr = m.groups() - f = f.replace('\/','/') - t = t.replace('\/','/') + fn = f.replace('\/','/') + tn = t.replace('\/','/') flags = 0 count = 1 if flagstr: @@ -30,10 +30,20 @@ if m: flags = re.IGNORECASE if 'g' in flagstr: count = 0 + else: + flagstr = '' last = d.get(environ['_from'],None) if last: - print(f,t,last) - print(re.sub(f,t,last,count=count,flags=flags)) + print(fn,tn,last) + #print(re.sub(fn,tn,last,count=count,flags=flags)) + from subprocess import Popen,PIPE + p = Popen(['sed','s/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE ) + so,_ = p.communicate(last+"\n") + if p.returncode: + print("something went wrong when trying to process your regex") + print(so) + + else: print("no last message") else: -- cgit v1.2.3 From ee4546c9a4de6886f370f7ef59f327ef5f2251b1 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 8 Dec 2015 19:38:19 +0100 Subject: m 2 Reaktor: finish sed-plugin --- makefu/2configs/Reaktor/sed-plugin.nix | 18 ++++++++++++++++++ makefu/2configs/Reaktor/sed-plugin.py | 24 ++++++++++++------------ 2 files changed, 30 insertions(+), 12 deletions(-) create mode 100644 makefu/2configs/Reaktor/sed-plugin.nix (limited to 'makefu') diff --git a/makefu/2configs/Reaktor/sed-plugin.nix b/makefu/2configs/Reaktor/sed-plugin.nix new file mode 100644 index 000000000..1ec977116 --- /dev/null +++ b/makefu/2configs/Reaktor/sed-plugin.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: + +with pkgs; +let + script = ./sed-plugin.py; +in { + #TODO: this will eat up the last regex, fix Reaktor + krebs.Reaktor.extraConfig = '' + public_commands.append({ + 'capname' : "shack-correct", + # only support s///gi + 'pattern' : '^(?P.*)$$', + 'argv' : ["${pkgs.python3}/bin/python3","${script}"], + 'env' : { 'state_dir' : workdir, + 'PATH':'${lib.makeSearchPath "bin" [pkgs.gnused]}' }}) + ''; +} + diff --git a/makefu/2configs/Reaktor/sed-plugin.py b/makefu/2configs/Reaktor/sed-plugin.py index 677a1a44f..8103c9585 100644 --- a/makefu/2configs/Reaktor/sed-plugin.py +++ b/makefu/2configs/Reaktor/sed-plugin.py @@ -1,18 +1,18 @@ #!/usr/bin/env python3 # Usage: -# _from=krebs statedir=. python sed-plugin.py 'dick butt' -# _from=krebs statedir=. python sed-plugin.py 's/t/l/g' +# _from=krebs state_dir=. python sed-plugin.py 'dick butt' +# _from=krebs state_dir=. python sed-plugin.py 's/t/l/g' ## dick bull import shelve from os import environ from os.path import join from sys import argv -d = shelve.open(join(environ['statedir'],'sed-plugin.shelve'),writeback=True) +d = shelve.open(join(environ['state_dir'],'sed-plugin.shelve'),writeback=True) +usr = environ['_from'] import re def is_regex(line): - # TODO: match s/di\/ck/butt/ but not s/di/ck/butt/ myre = re.compile(r'^s/((?:\\/|[^/])+)/((?:\\/|[^/])*)/([ig]*)$') return myre.match(line) @@ -32,22 +32,22 @@ if m: count = 0 else: flagstr = '' - last = d.get(environ['_from'],None) + last = d.get(usr,None) if last: - print(fn,tn,last) #print(re.sub(fn,tn,last,count=count,flags=flags)) from subprocess import Popen,PIPE p = Popen(['sed','s/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE ) - so,_ = p.communicate(last+"\n") + so,se = p.communicate(bytes("{}\n".format(last),"UTF-8")) if p.returncode: - print("something went wrong when trying to process your regex") - print(so) - + print("something went wrong when trying to process your regex: {}".format(se.decode())) + ret = so.decode() + print("\x1b[1m{}\x1b[0m meinte: {}".format(usr,ret.strip())) + if ret: + d[usr] = ret else: print("no last message") else: - print("setting line") - d[environ['_from']] = line + d[usr] = line d.close() -- cgit v1.2.3 From 6a07012a2f2ab8673c464256bd46efedf95366c3 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 13 Dec 2015 13:52:15 +0100 Subject: m 2 fetchWallpaper: default enabled for mainlaptop --- makefu/2configs/fetchWallpaper.nix | 24 ++++++++++++++++++++++++ makefu/2configs/main-laptop.nix | 5 ++++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 makefu/2configs/fetchWallpaper.nix (limited to 'makefu') diff --git a/makefu/2configs/fetchWallpaper.nix b/makefu/2configs/fetchWallpaper.nix new file mode 100644 index 000000000..b071a128d --- /dev/null +++ b/makefu/2configs/fetchWallpaper.nix @@ -0,0 +1,24 @@ +{ config, pkgs, ... }: + +let + # check if laptop runs on umts + weaksauce-internet = with pkgs;writeScript "weaksauce-internet" '' + #! /bin/sh + if ${iproute}/bin/ip addr show dev ppp0 2>/dev/null \ + | ${gnugrep}/bin/grep -q inet;then + exit 1 + fi + ''; + +in { + krebs.fetchWallpaper = { + enable = true; + display = ":0"; + predicate = weaksauce-internet; + timerConfig = { + OnCalendar = "*:0/30"; + }; + url = "http://echelon/wallpaper.png"; + }; +} + diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index dfc8c1c07..00a3e73ca 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -6,7 +6,10 @@ with lib; { - imports = [ ./base-gui.nix ]; + imports = [ + ./base-gui.nix + ./fetchWallpaper.nix + ]; environment.systemPackages = with pkgs;[ vlc firefox -- cgit v1.2.3 From 4578f701ba01bfdf0745a8c73461070f0f7d2f0e Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 13 Dec 2015 14:26:33 +0100 Subject: m 5 awesomecfg: beautiful was loaded too late resulted in missing icons, colors for border. i just discovered this today, 2 months after i wrote the config hahah :D --- makefu/5pkgs/awesomecfg/full.cfg | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) (limited to 'makefu') diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index b3f94e655..15711a5d5 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -12,6 +12,8 @@ local beautiful = require("beautiful") local naughty = require("naughty") local menubar = require("menubar") + + -- {{{ Error handling -- Check if awesome encountered an error during startup and fell back to -- another config (This code will only ever execute for the fallback config) @@ -90,6 +92,20 @@ vicious.register(batwidget, vicious.widgets.bat, "$2%", 61, "BAT0") -- -- beautiful.init("/nix/store/qbx8r72yzaxpz41zq00902zwajl31b5h-awesome-3.5.6/share/awesome/themes/default/theme.lua") +function find_default_theme() + -- find the default lua theme in the package path + for path in package.path:gmatch('([^;]+);') do + if path:match('awesome.*share') then + theme_path = path:match('^([^?]*)') .. '../themes/default/theme.lua' + if awful.util.file_readable(theme_path) then return theme_path end + end + end +end + +beautiful.init(find_default_theme()) +client.connect_signal("focus", function(c) c.border_color = beautiful.border_focus end) +client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end) + -- This is used later as the default terminal and editor to run. terminal = "urxvt" editor = os.getenv("EDITOR") or "vim" @@ -494,21 +510,9 @@ local os = { date = os.date, time = os.time } + -- }}} -function find_default_theme() - -- find the default lua theme in the package path - for path in package.path:gmatch('([^;]+);') do - if path:match('awesome.*share') then - theme_path = path:match('^([^?]*)') .. '../themes/default/theme.lua' - if awful.util.file_readable(theme_path) then return theme_path end - end - end -end - -beautiful.init(find_default_theme()) -client.connect_signal("focus", function(c) c.border_color = beautiful.border_focus end) -client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end) -- }}} -- cgit v1.2.3 From 809ffa435c4ba759a6cfd7fdffc976499d470d82 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 13 Dec 2015 14:35:30 +0100 Subject: m 2 default: use timesyncd instead of ntpd --- makefu/2configs/default.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 760c70789..519635281 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -80,7 +80,14 @@ with lib; "d /tmp 1777 root root - -" ]; - environment.variables.EDITOR = mkForce "vim"; + environment.variables = { + NIX_PATH = with config.krebs.build.source; with dir; with git; + mkForce (concatStringsSep ":" [ + "nixpkgs=${nixpkgs.target-path}" + "${nixpkgs.target-path}" + ]); + EDITOR = mkForce "vim"; + }; environment.systemPackages = with pkgs; [ jq @@ -124,6 +131,14 @@ with lib; services.cron.enable = false; services.nscd.enable = false; + services.ntp.enable = false; + services.timesyncd.enable = true; + services.ntp.servers = [ + "pool.ntp.org" + "time.windows.com" + "time.apple.com" + "time.nist.gov" + ]; security.setuidPrograms = [ "sendmail" ]; services.journald.extraConfig = '' -- cgit v1.2.3 From c3bd222b9f8c4b7d08a447760ae5ae28b90f217e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:17:21 +0100 Subject: m 2 tinc: add ire as potential supernode --- makefu/2configs/tinc-basic-retiolum.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/2configs/tinc-basic-retiolum.nix b/makefu/2configs/tinc-basic-retiolum.nix index fd6d1683d..2abf4f188 100644 --- a/makefu/2configs/tinc-basic-retiolum.nix +++ b/makefu/2configs/tinc-basic-retiolum.nix @@ -9,6 +9,7 @@ with lib; "gum" "pigstarter" "fastpoke" + "ire" ]; }; } -- cgit v1.2.3 From 72238439c5c8010323030112b9b041f5d6fd27e3 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:18:34 +0100 Subject: m 1 gum: add extra ports to gum retiolum --- makefu/1systems/gum.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 75607aa46..417a020fa 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -14,14 +14,20 @@ in { # ../2configs/iodined.nix ../2configs/git/cgit-retiolum.nix ../2configs/mattermost-docker.nix + ../2configs/nginx/euer.test.nix ]; + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; ###### stable krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; - + krebs.retiolum.extraConfig = '' + ListenAddress = ${external-ip} 53 + ListenAddress = ${external-ip} 655 + ListenAddress = ${external-ip} 21031 + ''; # Chat environment.systemPackages = with pkgs;[ @@ -53,10 +59,18 @@ in { 80 443 # tinc 655 + # tinc-shack + 21032 + # tinc-retiolum + 21031 ]; allowedUDPPorts = [ # tinc 655 53 + # tinc-retiolum + 21031 + # tinc-shack + 21032 ]; }; interfaces.et0.ip4 = [{ -- cgit v1.2.3 From 83208910bbedc70018c5a7f0e4b18baed418f9cf Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:32:20 +0100 Subject: m 2 git: add vbob pubkey --- makefu/2configs/git/cgit-retiolum.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 304d39fcd..5143ca5aa 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -24,6 +24,7 @@ let connector-repos = mapAttrs make-priv-repo { connector = { }; + minikrebs = { }; mattermost = { desc = "Mattermost Docker files"; }; @@ -54,7 +55,7 @@ let # TODO: get the list of all krebsministers krebsminister = with config.krebs.users; [ lass tv uriel ]; - all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ]; + all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob ]; all-exco = with config.krebs.users; [ exco ]; priv-rules = repo: set-owners repo all-makefu; @@ -85,6 +86,10 @@ in { name = "makefu-omo" ; pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub; }; + makefu-vbob = { + name = "makefu-vbob" ; + pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_vbob.ssh.pub; + }; makefu-tsp = { name = "makefu-tsp" ; pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub; -- cgit v1.2.3 From 83924b9b6c84d7238fd0abb173a2c1dcbfe11ece Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:33:06 +0100 Subject: m 1 vbob:init --- makefu/1systems/vbob.nix | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 makefu/1systems/vbob.nix (limited to 'makefu') diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix new file mode 100644 index 000000000..4d8e8ced1 --- /dev/null +++ b/makefu/1systems/vbob.nix @@ -0,0 +1,44 @@ +# +# +# +{ config, pkgs, ... }: + +{ + krebs.build.host = config.krebs.hosts.vbob; + krebs.build.target = "root@10.10.10.220"; + imports = + [ # Include the results of the hardware scan. + + ../2configs/main-laptop.nix #< base-gui + + # environment + ../2configs/zsh-user.nix + ../2configs/virtualization.nix + ]; + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + environment.systemPackages = with pkgs;[ + get + ]; + + networking.firewall.allowedTCPPorts = [ + 25 + 80 + ]; + + krebs.retiolum = { + enable = true; + extraConfig = "Proxy = http global.proxy.alcatel-lucent.com 8000"; + hosts = ../../krebs/Zhosts; + connectTo = [ + "gum" + ]; + + }; + networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000"; + fileSystems."/media/share" = { + fsType = "vboxsf"; + device = "share"; + options = "rw,uid=9001,gid=9001"; + }; + +} -- cgit v1.2.3 From 9900811f941abf5e31f3c7b616e3fa27f88ffb35 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 14:36:36 +0100 Subject: m 2 git: use gum as primary git host --- makefu/2configs/git/cgit-retiolum.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 5143ca5aa..68fd976d6 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -43,7 +43,7 @@ let hooks = { post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; - verbose = config.krebs.build.host.name == "pnp"; + verbose = config.krebs.build.host.name == "gum"; channel = "#retiolum"; # TODO remove the hardcoded hostname server = "cd.retiolum"; -- cgit v1.2.3 From 9bc0c474ace8e1bcccb5301a1726ed75a6241bff Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 17:12:51 +0100 Subject: m 2 Reaktor: add full profile --- makefu/2configs/Reaktor/full.nix | 18 ++++++++++++++++++ makefu/2configs/git/cgit-retiolum.nix | 20 -------------------- 2 files changed, 18 insertions(+), 20 deletions(-) create mode 100644 makefu/2configs/Reaktor/full.nix (limited to 'makefu') diff --git a/makefu/2configs/Reaktor/full.nix b/makefu/2configs/Reaktor/full.nix new file mode 100644 index 000000000..50620890f --- /dev/null +++ b/makefu/2configs/Reaktor/full.nix @@ -0,0 +1,18 @@ +_: +{ + # implementation of the complete Reaktor bot + imports = [ + #./stockholmLentil.nix + ./simpleExtend.nix + ./random-emoji.nix + ./titlebot.nix + ./shack-correct.nix + ./sed-plugin.nix + ]; + krebs.Reaktor.nickname = "Reaktor|bot"; + krebs.Reaktor.enable = true; + + krebs.Reaktor.extraEnviron = { + REAKTOR_CHANNELS = "#krebs,#binaergewitter,#shackspace"; + }; +} diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 68fd976d6..35bb169cf 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -80,26 +80,6 @@ let }; in { - imports = [{ - krebs.users = { - makefu-omo = { - name = "makefu-omo" ; - pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub; - }; - makefu-vbob = { - name = "makefu-vbob" ; - pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_vbob.ssh.pub; - }; - makefu-tsp = { - name = "makefu-tsp" ; - pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub; - }; - exco = { - name = "exco"; - pubkey= with builtins; readFile ../../../krebs/Zpubkeys/exco.ssh.pub; - }; - }; - }]; krebs.git = { enable = true; root-title = "public repositories"; -- cgit v1.2.3 From 0449569b3d966f9d81107034def5adf5e6bf3cad Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 17:56:50 +0100 Subject: m 1 vbob: allow to deploy self --- makefu/1systems/vbob.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 4d8e8ced1..b121a730a 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -1,7 +1,7 @@ # # # -{ config, pkgs, ... }: +{ lib, config, pkgs, ... }: { krebs.build.host = config.krebs.hosts.vbob; @@ -12,13 +12,21 @@ ../2configs/main-laptop.nix #< base-gui # environment + ../2configs/zsh-user.nix ../2configs/virtualization.nix ]; + + # allow vbob to deploy self + users.extraUsers = { + root = { + openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; + }; + }; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; environment.systemPackages = with pkgs;[ get - ]; + ]; networking.firewall.allowedTCPPorts = [ 25 -- cgit v1.2.3 From 55ad05879b8ba97e369bfd72810028dd4622e356 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 19:36:06 +0100 Subject: s 1 wolf: initial preparation of ci packaging --- makefu/2configs/nginx/euer.test.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 makefu/2configs/nginx/euer.test.nix (limited to 'makefu') diff --git a/makefu/2configs/nginx/euer.test.nix b/makefu/2configs/nginx/euer.test.nix new file mode 100644 index 000000000..ffdc0bc60 --- /dev/null +++ b/makefu/2configs/nginx/euer.test.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + hostname = config.krebs.build.host.name; + user = config.services.nginx.user; + group = config.services.nginx.group; + external-ip = head config.krebs.build.host.nets.internet.addrs4; + internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; +in { + krebs.nginx = { + enable = mkDefault true; + servers = { + euer-share = { + listen = [ ]; + server-names = [ "share.euer.krebsco.de" ]; + locations = singleton (nameValuePair "/" '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://localhost:8000/; + ''); + }; + }; + }; +} -- cgit v1.2.3 From d4792eb7231acf5bf66409adb4e777433998678b Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Dec 2015 15:33:34 +0100 Subject: prepare zshrc, makes ~/.zshrc obsolete --- makefu/2configs/zsh-user.nix | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 3089b706a..266ce256a 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -5,6 +5,36 @@ let mainUser = config.krebs.build.user.name; in { - programs.zsh.enable = true; users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh"; + programs.zsh= { + enable = true; + interactiveShellInit = '' + HISTSIZE=900001 + HISTFILESIZE=$HISTSIZE + SAVEHIST=$HISTSIZE + + setopt HIST_IGNORE_ALL_DUPS + setopt HIST_IGNORE_SPACE + setopt HIST_FIND_NO_DUPS + bindkey -e + # shift-tab + bindkey '^[[Z' reverse-menu-complete + + autoload -U compinit && compinit + zstyle ':completion:*' menu select + ''; + + promptInit = '' + RPROMPT="" + autoload colors && colors + case $UID in + 0) PROMPT="%{$fg[red]%}%~%{$reset_color%} " ;; + 9001) PROMPT="%{$fg[green]%}%~%{$reset_color%} " ;; + *) PROMPT="%{$fg[yellow]%}%n %{$fg[green]%}%~%{$reset_color%} " ;; + esac + if test -n "$SSH_CLIENT"; then + PROMPT="%{$fg[magenta]%}%m $PROMPT" + fi + ''; + }; } -- cgit v1.2.3 From 3371d54618aa017be77e2494c1cf82331152f3b7 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Dec 2015 18:43:40 +0100 Subject: m 3 buildbot: master init --- makefu/3modules/buildbot/master.nix | 179 ++++++++++++++++++++++++++++++++++++ 1 file changed, 179 insertions(+) create mode 100644 makefu/3modules/buildbot/master.nix (limited to 'makefu') diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix new file mode 100644 index 000000000..310b8460d --- /dev/null +++ b/makefu/3modules/buildbot/master.nix @@ -0,0 +1,179 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + buildbot = pkgs.buildbot; + buildbot-master-config = pkgs.writeText "buildbot-master.cfg" '' + # -*- python -*- + from buildbot.plugins import * + + c = BuildmasterConfig = {} + + c['slaves'] = [] + # TODO: template potential buildslaves + # TODO: set password? + for i in [ 'testslave' ]: + c['slaves'].append(buildslave.BuildSlave(i, "krebspass")) + + c['protocols'] = {'pb': {'port': 9989}} + + ####### Build Inputs + stockholm_repo = 'http://cgit.gum/stockholm' + c['change_source'] = [] + c['change_source'].append(changes.GitPoller( + stockholm_repo, + workdir='stockholm-poller', branch='master', + project='stockholm', + pollinterval=300)) + + ####### Build Scheduler + # TODO: configure scheduler + important_files = util.ChangeFilter( + project_re="^((krebs|share)/.*|Makefile|default.nix)", + branch='master') + c['schedulers'] = [] + c['schedulers'].append(schedulers.SingleBranchScheduler( + name="all-important-files", + change_filter=important_files, + # 3 minutes stable tree + treeStableTimer=3*60, + builderNames=["runtests"])) + c['schedulers'].append(schedulers.ForceScheduler( + name="force", + builderNames=["runtests"])) + ###### The actual build + factory = util.BuildFactory() + factory.addStep(steps.Git(repourl=stockholm_repo, mode='incremental')) + + deps = [ "gnumake", "jq" ] + factory.addStep(steps.ShellCommand(command=["nix-shell", "-p" ] + deps )) + factory.addStep(steps.ShellCommand(env={"LOGNAME": "shared"}, + command=["make", "get=krebs.deploy", + "system=test-centos7"])) + + # TODO: different Builders? + c['builders'] = [] + c['builders'].append( + util.BuilderConfig(name="runtests", + # TODO: only some slaves being used in builder? + slavenames=c['slaves'], + factory=factory)) + + ####### Status of Builds + c['status'] = [] + + from buildbot.status import html + from buildbot.status.web import authz, auth + # TODO: configure if http is wanted + authz_cfg=authz.Authz( + # TODO: configure user/pw + auth=auth.BasicAuth([("krebs","bob")]), + gracefulShutdown = False, + forceBuild = 'auth', + forceAllBuilds = 'auth', + pingBuilder = False, + stopBuild = False, + stopAllBuilds = False, + cancelPendingBuild = False, + ) + # TODO: configure nginx + c['status'].append(html.WebStatus(http_port=8010, authz=authz_cfg)) + + from buildbot.status import words + # TODO: configure IRC Bot + irc = words.IRC("irc.freenode.net", "krebsbuild", + channels=["krebs"], + notify_events={ + 'sucess': 1, + 'failure': 1, + 'exception': 1, + 'successToFailure': 1, + 'failureToSuccess': 1, + },allowForce=True) + c['status'].append(irc) + + ####### PROJECT IDENTITY + c['title'] = "Stockholm" + c['titleURL'] = "http://krebsco.de" + + c['buildbotURL'] = "http://buildbot.krebsco.de/" + + ####### DB URL + c['db'] = { + 'db_url' : "sqlite:///state.sqlite", + } + ${cfg.extraConfig} + ''; + + cfg = config.makefu.buildbot.master; + + api = { + enable = mkEnableOption "Buildbot Master"; + + workDir = mkOption { + default = "/var/lib/buildbot/master"; + type = types.str; + description = '' + Path to build bot master directory. + Will be created on startup. + ''; + }; + + extraConfig = mkOption { + default = ""; + type = types.lines; + description = '' + extra config appended to the generated master.cfg + ''; + }; + }; + + imp = { + + users.extraUsers.buildbotMaster = { + uid = 672626386; #genid buildbotMaster + description = "Buildbot Master"; + home = cfg.workDir; + createHome = false; + }; + + users.extraGroups.buildbotMaster = { + gid = 672626386; + }; + + systemd.services.buildbotMaster = { + description = "Buildbot Master"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + PermissionsStartOnly = true; + # TODO: maybe also prepare buildbot.tac? + ExecStartPre = pkgs.writeScript "buildbot-master-init" '' + #!/bin/sh + set -efux + workdir=${lib.shell.escape cfg.workDir} + if [ ! -e $workdir ];then + mkdir -p $workdir + ${buildbot}/bin/buildbot create-master -r -l 10 -f $workdir + chown buildbotMaster:buildbotMaster $workdir + fi + # always override the master.cfg + cp ${toString buildbot-master-config} "$workdir/master.cfg" + # sanity + ${buildbot}/bin/buildbot checkconfig $workdir + # upgrade + ${buildbot}/bin/buildbot upgrade-master $workdir + ''; + ExecStart = "${buildbot}/bin/buildbot ${lib.shell.escape cfg.workDir}"; + PrivateTmp = "true"; + User = "buildbotMaster"; + Restart = "always"; + RestartSec = "10"; + }; + }; + }; +in +{ + options.makefu.buildbot.master = api; + config = mkIf cfg.enable imp; +} -- cgit v1.2.3 From cf5a1ba6bcf657396bc6b8c2fbc32143d27849d0 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Dec 2015 21:18:29 +0100 Subject: m 1 pornocauster: use latest buildbot for stable build --- makefu/1systems/pornocauster.nix | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 977289470..6f176b7fa 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -36,11 +36,17 @@ # ../2configs/mediawiki.nix #../2configs/wordpress.nix ]; - nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + buildbot = let + pkgs1509 = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; + in pkgs1509.buildbot; + }; + makefu.buildbot.master.enable = true; + #krebs.Reaktor.enable = true; #krebs.Reaktor.nickname = "makefu|r"; - - krebs.build.host = config.krebs.hosts.pornocauster; + # nix.binaryCaches = [ "http://acng.shack/nixos" "https://cache.nixos.org" ]; environment.systemPackages = with pkgs;[ get @@ -58,4 +64,5 @@ 25 ]; + krebs.build.host = config.krebs.hosts.pornocauster; } -- cgit v1.2.3 From a907f926c120f10945c47cdaba7405fe08cfd9ee Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Dec 2015 22:25:46 +0100 Subject: m 3 buildbot: first working commit for buildbot master --- makefu/3modules/buildbot/master.nix | 37 +++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 14 deletions(-) (limited to 'makefu') diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix index 310b8460d..d8e917a21 100644 --- a/makefu/3modules/buildbot/master.nix +++ b/makefu/3modules/buildbot/master.nix @@ -12,7 +12,8 @@ let c['slaves'] = [] # TODO: template potential buildslaves # TODO: set password? - for i in [ 'testslave' ]: + slavenames= [ 'testslave' ] + for i in slavenames: c['slaves'].append(buildslave.BuildSlave(i, "krebspass")) c['protocols'] = {'pb': {'port': 9989}} @@ -56,7 +57,7 @@ let c['builders'].append( util.BuilderConfig(name="runtests", # TODO: only some slaves being used in builder? - slavenames=c['slaves'], + slavenames=slavenames, factory=factory)) ####### Status of Builds @@ -84,7 +85,7 @@ let irc = words.IRC("irc.freenode.net", "krebsbuild", channels=["krebs"], notify_events={ - 'sucess': 1, + 'success': 1, 'failure': 1, 'exception': 1, 'successToFailure': 1, @@ -145,26 +146,34 @@ let description = "Buildbot Master"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - serviceConfig = { + serviceConfig = let + workdir="${lib.shell.escape cfg.workDir}"; + in { + pidfile="${workdir}/twistd.pid"; PermissionsStartOnly = true; + Type = "forking"; + PIDFile = "${workdir}/twistd.pid"; # TODO: maybe also prepare buildbot.tac? ExecStartPre = pkgs.writeScript "buildbot-master-init" '' #!/bin/sh set -efux - workdir=${lib.shell.escape cfg.workDir} - if [ ! -e $workdir ];then - mkdir -p $workdir - ${buildbot}/bin/buildbot create-master -r -l 10 -f $workdir - chown buildbotMaster:buildbotMaster $workdir + if [ ! -e ${workdir} ];then + mkdir -p ${workdir} + ${buildbot}/bin/buildbot create-master -r -l 10 -f ${workdir} fi # always override the master.cfg - cp ${toString buildbot-master-config} "$workdir/master.cfg" + cp ${buildbot-master-config} ${workdir}/master.cfg # sanity - ${buildbot}/bin/buildbot checkconfig $workdir - # upgrade - ${buildbot}/bin/buildbot upgrade-master $workdir + ${buildbot}/bin/buildbot checkconfig ${workdir} + + # TODO: maybe upgrade? + # ${buildbot}/bin/buildbot upgrade-master ${workdir} + + chown buildbotMaster:buildbotMaster -R ${workdir} ''; - ExecStart = "${buildbot}/bin/buildbot ${lib.shell.escape cfg.workDir}"; + ExecStart = "${buildbot}/bin/buildbot start ${workdir}"; + ExecStop = "${buildbot}/bin/buildbot stop ${workdir}"; + ExecReload = "${buildbot}/bin/buildbot reconfig ${workdir}"; PrivateTmp = "true"; User = "buildbotMaster"; Restart = "always"; -- cgit v1.2.3 From c95085d875ac72152dcfbaceb35364203f97db7d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 10:42:20 +0100 Subject: m 3 buildbot: add to imports --- makefu/3modules/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index a8a1f69d0..4b2b36e64 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -2,6 +2,7 @@ _: { imports = [ + ./buildbot/master.nix ]; } -- cgit v1.2.3 From 09f4611f38ecaf471a54c09fc3fa9350ffe3f0b9 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 10:42:40 +0100 Subject: m 2 default: add aliases, pythonstartup env --- makefu/2configs/default.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'makefu') diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 519635281..c0d7685e3 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -104,6 +104,8 @@ with lib; HISTSIZE=900001 HISTFILESIZE=$HISTSIZE + PYTHONSTARTUP="~/.pythonrc"; + shopt -s checkhash shopt -s histappend histreedit histverify shopt -s no_empty_cmd_completion @@ -123,6 +125,9 @@ with lib; environment.shellAliases = { lsl = "ls -lAtr"; + psg = "ps -ef | grep"; + nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml"; + grep = "grep --color=auto"; }; nixpkgs.config.packageOverrides = pkgs: { -- cgit v1.2.3 From c20d38e11ecf38dda8931769a04cdcdf96f88c3f Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 11:40:18 +0100 Subject: m 2 base-gui: write xdefaults, obsoletes ~/.Xdefaults --- makefu/2configs/base-gui.nix | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'makefu') diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 16a5386ca..1d6750284 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -73,4 +73,33 @@ in enable = true; # systemWide = true; }; + services.xserver.displayManager.sessionCommands = let + xdefaultsfile = pkgs.writeText "Xdefaults" '' + cat |derp < Date: Wed, 16 Dec 2015 11:40:48 +0100 Subject: m 2 zsh-user: load gpg-agent, obsoletes oh-my-zsh ssh plugin --- makefu/2configs/zsh-user.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'makefu') diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 266ce256a..1b1762418 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -22,6 +22,16 @@ in autoload -U compinit && compinit zstyle ':completion:*' menu select + + # load gpg-agent + envfile="$HOME/.gnupg/gpg-agent.env" + if [ -e "$envfile" ] && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then + eval "$(cat "$envfile")" + else + eval "$(${pkgs.gnupg}/bin/gpg-agent --daemon --enable-ssh-support --write-env-file "$envfile")" + fi + export GPG_AGENT_INFO + export SSH_AUTH_SOCK ''; promptInit = '' -- cgit v1.2.3 From 27746f9a3dffe6adde137d300e498249843174d9 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 11:43:56 +0100 Subject: m 2 wwan: add alias for umts when wwan is loaded --- makefu/2configs/wwan.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'makefu') diff --git a/m