From 8170b281964688b542fb151054c5d86d819008b3 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 28 Jul 2015 20:40:25 +0200 Subject: tv: reintroduce directory numbers --- tv/1systems/cd.nix | 143 ++++++++++++++++++ tv/1systems/mkdir.nix | 83 ++++++++++ tv/1systems/nomic.nix | 116 ++++++++++++++ tv/1systems/rmdir.nix | 84 +++++++++++ tv/1systems/wu.nix | 409 ++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 835 insertions(+) create mode 100644 tv/1systems/cd.nix create mode 100644 tv/1systems/mkdir.nix create mode 100644 tv/1systems/nomic.nix create mode 100644 tv/1systems/rmdir.nix create mode 100644 tv/1systems/wu.nix (limited to 'tv/1systems') diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix new file mode 100644 index 000000000..54292eb83 --- /dev/null +++ b/tv/1systems/cd.nix @@ -0,0 +1,143 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + tvpkgs = import ../5pkgs { inherit pkgs; }; +in + +{ + krebs.build.host = config.krebs.hosts.cd; + krebs.build.user = config.krebs.users.tv; + + krebs.build.target = "root@cd.internet"; + + krebs.build.deps = { + nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; + }; + secrets = { + url = "/home/tv/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; + + imports = [ + ../2configs/CAC-Developer-2.nix + ../2configs/CAC-CentOS-7-64bit.nix + ../2configs/base.nix + ../2configs/consul-server.nix + ../2configs/exim-smarthost.nix + ../2configs/git.nix + { + imports = [ ../2configs/charybdis.nix ]; + tv.charybdis = { + enable = true; + sslCert = ../../Zcerts/charybdis_cd.crt.pem; + }; + } + { + tv.ejabberd = { + enable = true; + hosts = [ "jabber.viljetic.de" ]; + }; + } + { + krebs.github-hosts-sync.enable = true; + tv.iptables.input-internet-accept-new-tcp = + singleton config.krebs.github-hosts-sync.port; + } + { + tv.iptables = { + enable = true; + input-internet-accept-new-tcp = [ + "ssh" + "tinc" + "smtp" + "xmpp-client" + "xmpp-server" + ]; + input-retiolum-accept-new-tcp = [ + "http" + ]; + }; + } + { + tv.iptables.input-internet-accept-new-tcp = singleton "http"; + krebs.nginx.servers.cgit.server-names = singleton "cgit.cd.viljetic.de"; + } + { + # TODO make public_html also available to cd, cd.retiolum (AKA default) + tv.iptables.input-internet-accept-new-tcp = singleton "http"; + krebs.nginx.servers.public_html = { + server-names = singleton "cd.viljetic.de"; + locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' + alias /home/$1/public_html$2; + ''); + }; + } + { + krebs.nginx.servers.viljetic = { + server-names = singleton "viljetic.de"; + # TODO directly set root (instead via location) + locations = singleton (nameValuePair "/" '' + root ${tvpkgs.viljetic-pages}; + ''); + }; + } + { + krebs.retiolum = { + enable = true; + connectTo = [ + "fastpoke" + "pigstarter" + "ire" + ]; + }; + } + ]; + + networking.interfaces.enp2s1.ip4 = [ + { + address = "162.219.7.216"; + prefixLength = 24; + } + ]; + networking.defaultGateway = "162.219.7.1"; + networking.nameservers = [ + "8.8.8.8" + ]; + + environment.systemPackages = with pkgs; [ + git # required for ./deploy, clone_or_update + htop + iftop + iotop + iptables + mutt # for mv + nethogs + rxvt_unicode.terminfo + tcpdump + ]; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + + users.extraUsers = { + mv = { + uid = 1338; + group = "users"; + home = "/home/mv"; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.mv.pubkey + ]; + }; + }; +} diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix new file mode 100644 index 000000000..cd3d3b5c4 --- /dev/null +++ b/tv/1systems/mkdir.nix @@ -0,0 +1,83 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + krebs.build.host = config.krebs.hosts.mkdir; + krebs.build.user = config.krebs.users.tv; + + krebs.build.target = "root@mkdir.internet"; + + krebs.build.deps = { + nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + rev = "9d5508d85c33b8fb22d79dde6176792eac2c2696"; + }; + secrets = { + url = "/home/tv/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; + + imports = [ + ../2configs/CAC-Developer-1.nix + ../2configs/CAC-CentOS-7-64bit.nix + ../2configs/base.nix + ../2configs/consul-server.nix + ../2configs/exim-smarthost.nix + ../2configs/git.nix + { + tv.iptables = { + enable = true; + input-internet-accept-new-tcp = [ + "ssh" + "tinc" + "smtp" + ]; + input-retiolum-accept-new-tcp = [ + "http" + ]; + }; + } + { + krebs.retiolum = { + enable = true; + connectTo = [ + "cd" + "fastpoke" + "pigstarter" + "ire" + ]; + }; + } + ]; + + networking.interfaces.enp2s1.ip4 = [ + { + address = "162.248.167.241"; # TODO + prefixLength = 24; + } + ]; + networking.defaultGateway = "162.248.167.1"; + networking.nameservers = [ + "8.8.8.8" + ]; + + environment.systemPackages = with pkgs; [ + git # required for ./deploy, clone_or_update + htop + iftop + iotop + iptables + nethogs + rxvt_unicode.terminfo + tcpdump + ]; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; +} diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix new file mode 100644 index 000000000..b9a10cb4f --- /dev/null +++ b/tv/1systems/nomic.nix @@ -0,0 +1,116 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + krebs.build.host = config.krebs.hosts.nomic; + krebs.build.user = config.krebs.users.tv; + + krebs.build.target = "root@nomic.gg23"; + + krebs.build.deps = { + nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + rev = "9d5508d85c33b8fb22d79dde6176792eac2c2696"; + }; + secrets = { + url = "/home/tv/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; + + imports = [ + ../2configs/AO753.nix + ../2configs/base.nix + ../2configs/consul-server.nix + ../2configs/exim-retiolum.nix + ../2configs/git.nix + { + tv.iptables = { + enable = true; + input-internet-accept-new-tcp = [ + "ssh" + "http" + "tinc" + "smtp" + ]; + }; + } + { + krebs.nginx = { + enable = true; + servers.default.locations = [ + (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' + alias /home/$1/public_html$2; + '') + ]; + }; + } + { + krebs.retiolum = { + enable = true; + connectTo = [ + "gum" + "pigstarter" + ]; + }; + } + ]; + + boot.initrd.luks = { + cryptoModules = [ "aes" "sha1" "xts" ]; + devices = [ + { + name = "luks1"; + device = "/dev/disk/by-uuid/cac73902-1023-4906-8e95-3a8b245337d4"; + } + ]; + }; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/de4780fc-0473-4708-81df-299b7383274c"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/be3a1d80-3157-4d7c-86cc-ef01b64eff5e"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/9db9c8ff-51da-4cbd-9f0a-0cd3333bbaff"; + fsType = "btrfs"; + }; + + swapDevices = [ ]; + + nix = { + buildCores = 2; + maxJobs = 2; + daemonIONiceLevel = 1; + daemonNiceLevel = 1; + }; + + # TODO base + boot.tmpOnTmpfs = true; + + environment.systemPackages = with pkgs; [ + (writeScriptBin "play" '' + #! /bin/sh + set -euf + mpv() { exec ${mpv}/bin/mpv "$@"; } + case $1 in + deepmix) mpv http://deepmix.ru/deepmix128.pls;; + groovesalad) mpv http://somafm.com/play/groovesalad;; + ntslive) mpv http://listen2.ntslive.co.uk/listen.pls;; + *) + echo "$0: bad argument: $*" >&2 + exit 23 + esac + '') + rxvt_unicode.terminfo + tmux + ]; +} diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix new file mode 100644 index 000000000..c8ac43e4c --- /dev/null +++ b/tv/1systems/rmdir.nix @@ -0,0 +1,84 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + krebs.build.host = config.krebs.hosts.rmdir; + krebs.build.user = config.krebs.users.tv; + + krebs.build.target = "root@rmdir.internet"; + + krebs.build.deps = { + nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; + }; + secrets = { + url = "/home/tv/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; + + imports = [ + ../2configs/CAC-Developer-1.nix + ../2configs/CAC-CentOS-7-64bit.nix + ../2configs/base.nix + ../2configs/consul-server.nix + ../2configs/exim-smarthost.nix + ../2configs/git.nix + { + tv.iptables = { + enable = true; + input-internet-accept-new-tcp = [ + "ssh" + "tinc" + "smtp" + ]; + input-retiolum-accept-new-tcp = [ + "http" + ]; + }; + } + { + krebs.retiolum = { + enable = true; + connectTo = [ + "cd" + "mkdir" + "fastpoke" + "pigstarter" + "ire" + ]; + }; + } + ]; + + networking.interfaces.enp2s1.ip4 = [ + { + address = "167.88.44.94"; + prefixLength = 24; + } + ]; + networking.defaultGateway = "167.88.44.1"; + networking.nameservers = [ + "8.8.8.8" + ]; + + environment.systemPackages = with pkgs; [ + git # required for ./deploy, clone_or_update + htop + iftop + iotop + iptables + nethogs + rxvt_unicode.terminfo + tcpdump + ]; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; +} diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix new file mode 100644 index 000000000..27691ec56 --- /dev/null +++ b/tv/1systems/wu.nix @@ -0,0 +1,409 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + tvpkgs = import ../5pkgs { inherit pkgs; }; +in + +{ + krebs.build.host = config.krebs.hosts.wu; + krebs.build.user = config.krebs.users.tv; + + krebs.build.target = "root@wu"; + + krebs.build.deps = { + nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + rev = "9d5508d85c33b8fb22d79dde6176792eac2c2696"; + }; + secrets = { + url = "/home/tv/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; + + imports = [ + ../2configs/w110er.nix + ../2configs/base.nix + ../2configs/consul-client.nix + ../2configs/exim-retiolum.nix + ../2configs/git.nix + ../2configs/mail-client.nix + ../2configs/xserver.nix + ../2configs/synaptics.nix # TODO w110er if xserver is enabled + ../2configs/urlwatch.nix + { + environment.systemPackages = with pkgs; [ + + # stockholm + git + gnumake + parallel + tvpkgs.genid + tvpkgs.hashPassword + tvpkgs.lentil + (pkgs.writeScriptBin "ff" '' + #! ${pkgs.bash}/bin/bash + exec sudo -u ff -i <