From 827f1790803bda906ed71c56138cfdbf108ee730 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 7 Apr 2016 21:40:56 +0200 Subject: doppelbock: init --- tv/1systems/doppelbock.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 tv/1systems/doppelbock.nix (limited to 'tv') diff --git a/tv/1systems/doppelbock.nix b/tv/1systems/doppelbock.nix new file mode 100644 index 00000000..9a8d5b05 --- /dev/null +++ b/tv/1systems/doppelbock.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: +with config.krebs.lib; +{ + krebs.build.host = config.krebs.hosts.doppelbock; + + imports = [ + ../. + ../2configs/hw/CAC-Developer-2.nix + ../2configs/fs/CAC-CentOS-7-64bit.nix + ../2configs/retiolum.nix + ]; + + networking = { + interfaces.enp2s1.ip4 = singleton { + address = let + addr4 = "45.62.237.203"; + in assert config.krebs.build.host.nets.internet.addrs4 == [addr4]; addr4; + prefixLength = 24; + }; + defaultGateway = "45.62.237.1"; + nameservers = ["8.8.8.8"]; + }; +} -- cgit v1.2.3 From 46e818ebbc5446b4215ad9524089d9b2dc91cbd3 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 8 Apr 2016 03:53:34 +0200 Subject: retiolum: don't hardcode routing prefixes --- tv/1systems/doppelbock.nix | 4 ++-- tv/1systems/mkdir.nix | 11 +---------- tv/1systems/rmdir.nix | 7 +------ tv/2configs/exim-smarthost.nix | 2 +- tv/3modules/charybdis/config.nix | 9 +++------ 5 files changed, 8 insertions(+), 25 deletions(-) (limited to 'tv') diff --git a/tv/1systems/doppelbock.nix b/tv/1systems/doppelbock.nix index 9a8d5b05..ec85a777 100644 --- a/tv/1systems/doppelbock.nix +++ b/tv/1systems/doppelbock.nix @@ -13,8 +13,8 @@ with config.krebs.lib; networking = { interfaces.enp2s1.ip4 = singleton { address = let - addr4 = "45.62.237.203"; - in assert config.krebs.build.host.nets.internet.addrs4 == [addr4]; addr4; + addr = "45.62.237.203"; + in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr; prefixLength = 24; }; defaultGateway = "45.62.237.1"; diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix index 58a8fdcb..f46ed954 100644 --- a/tv/1systems/mkdir.nix +++ b/tv/1systems/mkdir.nix @@ -7,12 +7,7 @@ let getDefaultGateway = ip: concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); - - primary-addr4 = - builtins.elemAt config.krebs.build.host.nets.internet.addrs4 0; - - #secondary-addr4 = - # builtins.elemAt config.krebs.build.host.nets.internet.addrs4 1; + primary-addr4 = config.krebs.build.host.nets.internet.ip4.addr; in { @@ -55,10 +50,6 @@ in address = primary-addr4; prefixLength = 24; } - #{ - # address = secondary-addr4; - # prefixLength = 24; - #} ]; # TODO define gateway in krebs/3modules/default.nix diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix index c54caa64..25fae2c3 100644 --- a/tv/1systems/rmdir.nix +++ b/tv/1systems/rmdir.nix @@ -7,12 +7,7 @@ let getDefaultGateway = ip: concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); - - primary-addr4 = - builtins.elemAt config.krebs.build.host.nets.internet.addrs4 0; - - #secondary-addr4 = - # builtins.elemAt config.krebs.build.host.nets.internet.addrs4 1; + primary-addr4 = config.krebs.build.host.nets.internet.ip4.addr; in { diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 280d8572..8a90639b 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -13,7 +13,7 @@ with config.krebs.lib; "shackspace.de" "viljetic.de" ]; - relay_from_hosts = concatMap (host: host.nets.retiolum.addrs4) [ + relay_from_hosts = concatMap (host: host.nets.retiolum.ip4.addr) [ config.krebs.hosts.nomic config.krebs.hosts.wu config.krebs.hosts.xu diff --git a/tv/3modules/charybdis/config.nix b/tv/3modules/charybdis/config.nix index e4d754ff..1b160926 100644 --- a/tv/3modules/charybdis/config.nix +++ b/tv/3modules/charybdis/config.nix @@ -56,9 +56,9 @@ in toFile "charybdis.conf" '' /* On multi-homed hosts you may need the following. These define * the addresses we connect from to other servers. */ /* for IPv4 */ - vhost = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs4}; + vhost = ${toJSON config.krebs.build.host.nets.retiolum.ip4.addr}; /* for IPv6 */ - vhost6 = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs6}; + vhost6 = ${toJSON config.krebs.build.host.nets.retiolum.ip6.addr}; /* ssl_private_key: our ssl private key */ ssl_private_key = ${toJSON cfg.ssl_private_key.path}; @@ -160,10 +160,7 @@ in toFile "charybdis.conf" '' /* If you want to listen on a specific IP only, specify host. * host definitions apply only to the following port line. */ - # XXX This is stupid because only one host is allowed[?] - #host = ''${concatMapStringsSep ", " toJSON ( - # config.krebs.build.host.nets.retiolum.addrs - #)}; + #host = ${toJSON config.krebs.build.host.nets.retiolum.ip4.addr}; port = ${toString cfg.port}; sslport = ${toString cfg.sslport}; }; -- cgit v1.2.3 From 345efd36833fc0ada2805b46fd71bcc9642f4374 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 8 Apr 2016 05:06:22 +0200 Subject: tv.exim-smarthost: duh --- tv/2configs/exim-smarthost.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tv') diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 8a90639b..2b9ad77d 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -13,7 +13,7 @@ with config.krebs.lib; "shackspace.de" "viljetic.de" ]; - relay_from_hosts = concatMap (host: host.nets.retiolum.ip4.addr) [ + relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ config.krebs.hosts.nomic config.krebs.hosts.wu config.krebs.hosts.xu -- cgit v1.2.3 From 2b0c6616b66570d5648c5ebe3fdad6642510ede9 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 12 Apr 2016 17:13:29 +0200 Subject: doppelbock -> cd --- tv/1systems/cd.nix | 18 +++++++++--------- tv/1systems/doppelbock.nix | 23 ----------------------- 2 files changed, 9 insertions(+), 32 deletions(-) delete mode 100644 tv/1systems/doppelbock.nix (limited to 'tv') diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 687f1795..32d956b8 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -61,16 +61,16 @@ with config.krebs.lib; } ]; - networking.interfaces.enp2s1.ip4 = [ - { - address = "162.219.7.216"; + networking = { + interfaces.enp2s1.ip4 = singleton { + address = let + addr = "45.62.237.203"; + in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr; prefixLength = 24; - } - ]; - networking.defaultGateway = "162.219.7.1"; - networking.nameservers = [ - "8.8.8.8" - ]; + }; + defaultGateway = "45.62.237.1"; + nameservers = ["8.8.8.8"]; + }; environment.systemPackages = with pkgs; [ htop diff --git a/tv/1systems/doppelbock.nix b/tv/1systems/doppelbock.nix deleted file mode 100644 index ec85a777..00000000 --- a/tv/1systems/doppelbock.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, ... }: -with config.krebs.lib; -{ - krebs.build.host = config.krebs.hosts.doppelbock; - - imports = [ - ../. - ../2configs/hw/CAC-Developer-2.nix - ../2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/retiolum.nix - ]; - - networking = { - interfaces.enp2s1.ip4 = singleton { - address = let - addr = "45.62.237.203"; - in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr; - prefixLength = 24; - }; - defaultGateway = "45.62.237.1"; - nameservers = ["8.8.8.8"]; - }; -} -- cgit v1.2.3 From 066381dff01f51dd24a829d6cf9de9f6465534f3 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 17 Apr 2016 11:48:54 +0200 Subject: tv.git: irc-announce only at cd --- tv/2configs/git.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tv') diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index 4c1fba59..2e5fc301 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -71,13 +71,13 @@ let make-public-repo = name: { desc ? null, section ? null, ... }: { inherit name desc section; public = true; - hooks = { + hooks = optionalAttrs (config.krebs.build.host.name == "cd") { post-receive = pkgs.git-hooks.irc-announce { # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; channel = "#retiolum"; server = "cd.retiolum"; - verbose = config.krebs.build.host.name == "cd"; + verbose = true; }; }; }; -- cgit v1.2.3 From 6121befdb64cccf9ff9a562b42217289c43c67f4 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 26 Apr 2016 23:58:36 +0200 Subject: wu: disable tor --- tv/1systems/wu.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'tv') diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 27dd1252..cebd7c9e 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -183,7 +183,5 @@ with config.krebs.lib; KERNEL=="hpet", GROUP="audio" ''; - services.tor.client.enable = true; - services.tor.enable = true; services.virtualboxHost.enable = true; } -- cgit v1.2.3 From 92605d46b2d770b4724809fcb2267c1618ae0b59 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 27 Apr 2016 02:00:26 +0200 Subject: tv exim: drop krebs.setuid.sendmail --- tv/2configs/exim-retiolum.nix | 4 ---- tv/2configs/exim-smarthost.nix | 4 ---- 2 files changed, 8 deletions(-) (limited to 'tv') diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix index dbe83dcf..9197a3c3 100644 --- a/tv/2configs/exim-retiolum.nix +++ b/tv/2configs/exim-retiolum.nix @@ -4,9 +4,5 @@ with config.krebs.lib; { krebs.exim-retiolum.enable = true; - krebs.setuid.sendmail = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; - }; tv.iptables.input-retiolum-accept-new-tcp = singleton "smtp"; } diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 2b9ad77d..3616a8f5 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -43,9 +43,5 @@ with config.krebs.lib; { from = "mirko"; to = "mv"; } ]; }; - krebs.setuid.sendmail = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; - }; tv.iptables.input-internet-accept-new-tcp = singleton "smtp"; } -- cgit v1.2.3