From f6a4131daecd6e5c1a0727adbcac43ba8530ec13 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:13:46 +0100 Subject: tv exim-retiolum: init --- tv/1systems/nomic.nix | 7 +------ tv/1systems/wu.nix | 5 +---- tv/1systems/xu.nix | 8 +------- 3 files changed, 3 insertions(+), 17 deletions(-) (limited to 'tv/1systems') diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index 7bc7b70d..145e9b23 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -5,11 +5,9 @@ with lib; { krebs.build.host = config.krebs.hosts.nomic; - krebs.build.target = "root@nomic.gg23"; - imports = [ ../2configs/hw/AO753.nix - #../2configs/consul-server.nix + ../2configs/exim-retiolum.nix ../2configs/git.nix ../2configs/pulse.nix ../2configs/xserver @@ -24,9 +22,6 @@ with lib; ]; }; } - { - krebs.exim-retiolum.enable = true; - } { krebs.nginx = { enable = true; diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 3bdf8d37..47fdb209 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -7,7 +7,7 @@ with lib; imports = [ ../2configs/hw/w110er.nix - #../2configs/consul-client.nix + ../2configs/exim-retiolum.nix ../2configs/git.nix ../2configs/mail-client.nix ../2configs/pulse.nix @@ -134,9 +134,6 @@ with lib; ]; }; } - { - krebs.exim-retiolum.enable = true; - } { krebs.nginx = { enable = true; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index e6894b55..12c115eb 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -5,12 +5,9 @@ with lib; { krebs.build.host = config.krebs.hosts.xu; - krebs.build.source.git.nixpkgs.rev = - "7ae05edcdd14f6ace83ead9bf0d114e97c89a83a"; - imports = [ ../2configs/hw/x220.nix - #../2configs/consul-client.nix + ../2configs/exim-retiolum.nix ../2configs/git.nix ../2configs/mail-client.nix ../2configs/pulse.nix @@ -135,9 +132,6 @@ with lib; ]; }; } - { - krebs.exim-retiolum.enable = true; - } { krebs.nginx = { enable = true; -- cgit v1.2.3 From a7e1709a466cee24783e20b6219ef5112b00e8c9 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:18:07 +0100 Subject: tv nginx-public_html: init --- tv/1systems/nomic.nix | 11 +---------- tv/1systems/wu.nix | 11 +---------- tv/1systems/xu.nix | 11 +---------- 3 files changed, 3 insertions(+), 30 deletions(-) (limited to 'tv/1systems') diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index 145e9b23..64fe5a63 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -9,6 +9,7 @@ with lib; ../2configs/hw/AO753.nix ../2configs/exim-retiolum.nix ../2configs/git.nix + ../2configs/nginx-public_html.nix ../2configs/pulse.nix ../2configs/xserver { @@ -22,16 +23,6 @@ with lib; ]; }; } - { - krebs.nginx = { - enable = true; - servers.default.locations = [ - (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - '') - ]; - }; - } { krebs.retiolum = { enable = true; diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 47fdb209..6dd05121 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -10,6 +10,7 @@ with lib; ../2configs/exim-retiolum.nix ../2configs/git.nix ../2configs/mail-client.nix + ../2configs/nginx-public_html.nix ../2configs/pulse.nix ../2configs/xserver { @@ -134,16 +135,6 @@ with lib; ]; }; } - { - krebs.nginx = { - enable = true; - servers.default.locations = [ - (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - '') - ]; - }; - } { krebs.retiolum = { enable = true; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 12c115eb..40912958 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -10,6 +10,7 @@ with lib; ../2configs/exim-retiolum.nix ../2configs/git.nix ../2configs/mail-client.nix + ../2configs/nginx-public_html.nix ../2configs/pulse.nix ../2configs/xserver { @@ -132,16 +133,6 @@ with lib; ]; }; } - { - krebs.nginx = { - enable = true; - servers.default.locations = [ - (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - '') - ]; - }; - } { krebs.retiolum = { enable = true; -- cgit v1.2.3 From d6ded00d012d4fb2a2a0a824604b25dac35ee349 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:32:04 +0100 Subject: tv retiolum: init --- tv/1systems/cd.nix | 11 +---------- tv/1systems/nomic.nix | 10 +--------- tv/1systems/wu.nix | 10 +--------- tv/1systems/xu.nix | 11 +---------- 4 files changed, 4 insertions(+), 38 deletions(-) (limited to 'tv/1systems') diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index b69d7655..da44f507 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -17,6 +17,7 @@ with lib; #../2configs/consul-server.nix ../2configs/exim-smarthost.nix ../2configs/git.nix + ../2configs/retiolum.nix ../2configs/urlwatch.nix { imports = [ ../2configs/charybdis.nix ]; @@ -77,16 +78,6 @@ with lib; ''); }; } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "fastpoke" - "pigstarter" - "ire" - ]; - }; - } ]; networking.interfaces.enp2s1.ip4 = [ diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index 64fe5a63..b7e77e97 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -11,6 +11,7 @@ with lib; ../2configs/git.nix ../2configs/nginx-public_html.nix ../2configs/pulse.nix + ../2configs/retiolum.nix ../2configs/xserver { tv.iptables = { @@ -23,15 +24,6 @@ with lib; ]; }; } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "gum" - "pigstarter" - ]; - }; - } ]; boot.initrd.luks = { diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 6dd05121..f52bbc09 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -12,6 +12,7 @@ with lib; ../2configs/mail-client.nix ../2configs/nginx-public_html.nix ../2configs/pulse.nix + ../2configs/retiolum.nix ../2configs/xserver { environment.systemPackages = with pkgs; [ @@ -135,15 +136,6 @@ with lib; ]; }; } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "gum" - "pigstarter" - ]; - }; - } ]; boot.initrd.luks = { diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 40912958..54e16868 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -12,6 +12,7 @@ with lib; ../2configs/mail-client.nix ../2configs/nginx-public_html.nix ../2configs/pulse.nix + ../2configs/retiolum.nix ../2configs/xserver { environment.systemPackages = with pkgs; [ @@ -133,16 +134,6 @@ with lib; ]; }; } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "cd" - "gum" - "pigstarter" - ]; - }; - } ]; boot.initrd.luks = { -- cgit v1.2.3 From bb1dbae8187601cea2ddfbdcdc9baa456bc5b4ab Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:40:25 +0100 Subject: tv: open ssh port by default --- tv/1systems/cd.nix | 4 ---- tv/1systems/nomic.nix | 1 - tv/1systems/wu.nix | 1 - tv/1systems/xu.nix | 1 - 4 files changed, 7 deletions(-) (limited to 'tv/1systems') diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index da44f507..6db78ca8 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -41,7 +41,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "ssh" "tinc" "smtp" "xmpp-client" @@ -58,10 +57,7 @@ with lib; "cgit.cd.krebsco.de" "cgit.cd.viljetic.de" ]; - } - { # TODO make public_html also available to cd, cd.retiolum (AKA default) - tv.iptables.input-internet-accept-new-tcp = singleton "http"; krebs.nginx.servers.public_html = { server-names = singleton "cd.viljetic.de"; locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index b7e77e97..f176a5f2 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -17,7 +17,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "ssh" "http" "tinc" "smtp" diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index f52bbc09..16709052 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -129,7 +129,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "ssh" "http" "tinc" "smtp" diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 54e16868..c6f1a393 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -127,7 +127,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "ssh" "http" "tinc" "smtp" -- cgit v1.2.3 From b172630f894362dc32cb6af7d5c9d44902ec5752 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:44:19 +0100 Subject: tv retiolum: open tinc port --- tv/1systems/cd.nix | 1 - tv/1systems/nomic.nix | 1 - tv/1systems/wu.nix | 1 - tv/1systems/xu.nix | 1 - 4 files changed, 4 deletions(-) (limited to 'tv/1systems') diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 6db78ca8..783d23ca 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -41,7 +41,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "tinc" "smtp" "xmpp-client" "xmpp-server" diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index f176a5f2..6f2c4182 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -18,7 +18,6 @@ with lib; enable = true; input-internet-accept-new-tcp = [ "http" - "tinc" "smtp" ]; }; diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 16709052..7635f616 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -130,7 +130,6 @@ with lib; enable = true; input-internet-accept-new-tcp = [ "http" - "tinc" "smtp" ]; }; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index c6f1a393..91b761d2 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -128,7 +128,6 @@ with lib; enable = true; input-internet-accept-new-tcp = [ "http" - "tinc" "smtp" ]; }; -- cgit v1.2.3 From d85c70d1d669636fe2fcbb1179dca2c4aecb0802 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:46:33 +0100 Subject: tv nginx-public_html: open http port --- tv/1systems/nomic.nix | 1 - tv/1systems/wu.nix | 1 - tv/1systems/xu.nix | 1 - 3 files changed, 3 deletions(-) (limited to 'tv/1systems') diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index 6f2c4182..2b71a974 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -17,7 +17,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "http" "smtp" ]; }; diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 7635f616..a51e0e67 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -129,7 +129,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "http" "smtp" ]; }; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 91b761d2..847b5724 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -127,7 +127,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "http" "smtp" ]; }; -- cgit v1.2.3 From fe025213ea5c15012fd83f1064269a315a2d576a Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:50:00 +0100 Subject: tv exim-retiolum: open smtp port to retiolum --- tv/1systems/nomic.nix | 8 -------- tv/1systems/wu.nix | 8 -------- tv/1systems/xu.nix | 8 -------- 3 files changed, 24 deletions(-) (limited to 'tv/1systems') diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index 2b71a974..37ef204c 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -13,14 +13,6 @@ with lib; ../2configs/pulse.nix ../2configs/retiolum.nix ../2configs/xserver - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "smtp" - ]; - }; - } ]; boot.initrd.luks = { diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index a51e0e67..aef8ca76 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -125,14 +125,6 @@ with lib; unison ]; } - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "smtp" - ]; - }; - } ]; boot.initrd.luks = { diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 847b5724..31a8a3e9 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -123,14 +123,6 @@ with lib; unison ]; } - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "smtp" - ]; - }; - } ]; boot.initrd.luks = { -- cgit v1.2.3 From b58f37ce3833b7800c0a9ec83367dc888ea571b3 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:53:16 +0100 Subject: tv exim-smarthost: open smtp port --- tv/1systems/cd.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'tv/1systems') diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 783d23ca..1d945760 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -41,7 +41,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "smtp" "xmpp-client" "xmpp-server" ]; -- cgit v1.2.3 From 0c1a2d11b18c73ddc7fdb429e0d09dcffa3906f8 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:56:10 +0100 Subject: cd: redistribute iptable rules --- tv/1systems/cd.nix | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) (limited to 'tv/1systems') diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 1d945760..27e94aef 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -31,6 +31,10 @@ with lib; enable = true; hosts = [ "jabber.viljetic.de" ]; }; + tv.iptables.input-internet-accept-new-tcp = [ + "xmpp-client" + "xmpp-server" + ]; } { krebs.github-hosts-sync.enable = true; @@ -38,19 +42,6 @@ with lib; singleton config.krebs.github-hosts-sync.port; } { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "xmpp-client" - "xmpp-server" - ]; - input-retiolum-accept-new-tcp = [ - "http" - ]; - }; - } - { - tv.iptables.input-internet-accept-new-tcp = singleton "http"; krebs.nginx.servers.cgit.server-names = [ "cgit.cd.krebsco.de" "cgit.cd.viljetic.de" @@ -62,8 +53,6 @@ with lib; alias /home/$1/public_html$2; ''); }; - } - { krebs.nginx.servers.viljetic = { server-names = singleton "viljetic.de"; # TODO directly set root (instead via location) @@ -71,6 +60,7 @@ with lib; root ${pkgs.viljetic-pages}; ''); }; + tv.iptables.input-internet-accept-new-tcp = singleton "http"; } ]; -- cgit v1.2.3 From 28382e43e0df74a6b10bfcf23465d8415fa86460 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 19:51:01 +0100 Subject: tv: RIP consul --- tv/1systems/cd.nix | 1 - tv/1systems/mkdir.nix | 1 - tv/1systems/rmdir.nix | 1 - 3 files changed, 3 deletions(-) (limited to 'tv/1systems') diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 27e94aef..e42d5750 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -14,7 +14,6 @@ with lib; imports = [ ../2configs/hw/CAC-Developer-2.nix ../2configs/fs/CAC-CentOS-7-64bit.nix - #../2configs/consul-server.nix ../2configs/exim-smarthost.nix ../2configs/git.nix ../2configs/retiolum.nix diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix index 9d8a0bcf..79e5f73b 100644 --- a/tv/1systems/mkdir.nix +++ b/tv/1systems/mkdir.nix @@ -22,7 +22,6 @@ in imports = [ ../2configs/hw/CAC-Developer-1.nix ../2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/consul-server.nix ../2configs/exim-smarthost.nix ../2configs/git.nix { diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix index 1f1d975c..6fd79c59 100644 --- a/tv/1systems/rmdir.nix +++ b/tv/1systems/rmdir.nix @@ -23,7 +23,6 @@ in imports = [ ../2configs/hw/CAC-Developer-1.nix ../2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/consul-server.nix ../2configs/exim-smarthost.nix ../2configs/git.nix { -- cgit v1.2.3 From ba4bfed2715cb3973f9dbaa6f0a6010c59121a54 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 20:05:12 +0100 Subject: wu: selectively allowUnfree nvidia-x11 --- tv/1systems/wu.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv/1systems') diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index aef8ca76..2fa0e8ab 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -157,7 +157,7 @@ with lib; nixpkgs.config.chromium.enablePepperFlash = true; - nixpkgs.config.allowUnfree = true; + nixpkgs.config.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name; hardware.bumblebee.enable = true; hardware.bumblebee.group = "video"; hardware.enableAllFirmware = true; -- cgit v1.2.3 From 34dcaa692382072889e7e796461933ff129d5a13 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 20:06:15 +0100 Subject: xu: don't unconditionally allowUnfree --- tv/1systems/xu.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'tv/1systems') diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 31a8a3e9..8c4af2bd 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -155,7 +155,6 @@ with lib; nixpkgs.config.chromium.enablePepperFlash = true; - nixpkgs.config.allowUnfree = true; #hardware.bumblebee.enable = true; #hardware.bumblebee.group = "video"; hardware.enableAllFirmware = true; -- cgit v1.2.3 From 5bc7523bb54e960f5ac00492b16519b1bce21007 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 3 Feb 2016 19:39:00 +0100 Subject: cac-1.0.3 -> cac-api-1.1.0 --- tv/1systems/wu.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv/1systems') diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 2fa0e8ab..29e6de08 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -43,7 +43,7 @@ with lib; # tv bc bind # dig - cac + cac-api dic file get -- cgit v1.2.3 From b2303e081fb1ccc9a0b88f538736045fb2fba14f Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 5 Feb 2016 15:18:28 +0100 Subject: cd: use default upstream-nixpkgs --- tv/1systems/cd.nix | 5 ----- 1 file changed, 5 deletions(-) (limited to 'tv/1systems') diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index e42d5750..8297a56d 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -6,11 +6,6 @@ with lib; krebs.build.host = config.krebs.hosts.cd; krebs.build.target = "root@cd.internet"; - krebs.build.source.upstream-nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "b7ff030"; - }; - imports = [ ../2configs/hw/CAC-Developer-2.nix ../2configs/fs/CAC-CentOS-7-64bit.nix -- cgit v1.2.3