summaryrefslogtreecommitdiffstats
path: root/old
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2015-07-16 23:22:30 +0200
committertv <tv@krebsco.de>2015-07-16 23:22:30 +0200
commit6aadd262fc1ec1cb7159da9ee62bd35616ddc23d (patch)
tree57983c04bb49fe0375300861111a61cede545794 /old
parent546d86da1e3cab814372fc57c83e737617c7fed8 (diff)
Goodbye old world, and thanks for all the fish!
Diffstat (limited to 'old')
-rw-r--r--old/Makefile48
-rw-r--r--old/README.md32
-rwxr-xr-xold/bin/copy-secrets69
-rwxr-xr-xold/bin/genid11
-rwxr-xr-xold/bin/netmask-to-prefix12
-rwxr-xr-xold/bin/nixos-query4
-rwxr-xr-xold/bin/urlencode35
-rwxr-xr-xold/cac337
-rw-r--r--old/certs/zalora-ca.crt24
-rw-r--r--old/default.nix151
-rwxr-xr-xold/deploy15
-rwxr-xr-xold/infest-cac-CentOS-7-64bit.sh51
-rw-r--r--old/infest.d/cac-CentOS-7-64bit/finalize.sh66
-rw-r--r--old/infest.d/cac-CentOS-7-64bit/prepare.sh104
-rw-r--r--old/infest.d/nixos-install.sh8
-rw-r--r--old/lib/default.nix62
-rw-r--r--old/lib/git.nix181
-rw-r--r--old/lib/modules.nix21
-rw-r--r--old/modules/cd/default.nix91
-rw-r--r--old/modules/cd/networking.nix14
-rw-r--r--old/modules/cd/paths.nix12
-rw-r--r--old/modules/cd/users.nix53
-rw-r--r--old/modules/cloudkrebs/default.nix71
-rw-r--r--old/modules/cloudkrebs/networking.nix14
-rw-r--r--old/modules/cloudkrebs/retiolum.nix21
-rw-r--r--old/modules/common/krebs-keys.nix18
-rw-r--r--old/modules/common/krebs-repos.nix36
-rw-r--r--old/modules/common/nixpkgs.nix25
-rw-r--r--old/modules/common/sshkeys.nix26
-rw-r--r--old/modules/lass/base.nix129
-rw-r--r--old/modules/lass/binary-caches.nix13
-rw-r--r--old/modules/lass/bird.nix13
-rw-r--r--old/modules/lass/bitcoin.nix17
-rw-r--r--old/modules/lass/browsers.nix67
-rw-r--r--old/modules/lass/chromium-patched.nix48
-rw-r--r--old/modules/lass/desktop-base.nix65
-rw-r--r--old/modules/lass/elster.nix20
-rw-r--r--old/modules/lass/games.nix25
-rw-r--r--old/modules/lass/gitolite-base.nix173
-rw-r--r--old/modules/lass/iptables/config.nix119
-rw-r--r--old/modules/lass/iptables/default.nix11
-rw-r--r--old/modules/lass/iptables/options.nix44
-rw-r--r--old/modules/lass/ircd.nix88
-rw-r--r--old/modules/lass/pass.nix10
-rw-r--r--old/modules/lass/programs.nix24
-rw-r--r--old/modules/lass/sshkeys.nix11
-rw-r--r--old/modules/lass/steam.nix29
-rw-r--r--old/modules/lass/texlive.nix7
-rw-r--r--old/modules/lass/urxvt.nix40
-rw-r--r--old/modules/lass/urxvtd.nix55
-rw-r--r--old/modules/lass/vim.nix118
-rw-r--r--old/modules/lass/virtualbox.nix22
-rw-r--r--old/modules/lass/wine.nix23
-rw-r--r--old/modules/lass/xresources.nix57
-rw-r--r--old/modules/mkdir/default.nix86
-rw-r--r--old/modules/mkdir/networking.nix14
-rw-r--r--old/modules/mkdir/paths.nix12
-rw-r--r--old/modules/mkdir/users.nix19
-rw-r--r--old/modules/mors/default.nix294
-rw-r--r--old/modules/mors/git.nix130
-rw-r--r--old/modules/mors/paths.nix12
-rw-r--r--old/modules/mors/repos.nix87
-rw-r--r--old/modules/mors/retiolum.nix21
-rw-r--r--old/modules/mu/default.nix466
-rw-r--r--old/modules/mu/paths.nix12
-rw-r--r--old/modules/nomic/default.nix105
-rw-r--r--old/modules/nomic/hardware-configuration.nix49
-rw-r--r--old/modules/nomic/paths.nix12
-rw-r--r--old/modules/nomic/users.nix42
-rw-r--r--old/modules/rmdir/default.nix87
-rw-r--r--old/modules/rmdir/networking.nix15
-rw-r--r--old/modules/rmdir/paths.nix12
-rw-r--r--old/modules/rmdir/users.nix19
-rw-r--r--old/modules/tv/base-cac-CentOS-7-64bit.nix27
-rw-r--r--old/modules/tv/base.nix16
-rw-r--r--old/modules/tv/config/consul-client.nix9
-rw-r--r--old/modules/tv/config/consul-server.nix22
-rw-r--r--old/modules/tv/consul/default.nix121
-rw-r--r--old/modules/tv/ejabberd.nix867
-rw-r--r--old/modules/tv/environment.nix93
-rw-r--r--old/modules/tv/exim-retiolum.nix126
-rw-r--r--old/modules/tv/exim-smarthost.nix474
-rw-r--r--old/modules/tv/git/cgit.nix93
-rw-r--r--old/modules/tv/git/config.nix272
-rw-r--r--old/modules/tv/git/default.nix27
-rw-r--r--old/modules/tv/git/options.nix93
-rw-r--r--old/modules/tv/git/public.nix82
-rw-r--r--old/modules/tv/identity/default.nix71
-rw-r--r--old/modules/tv/iptables/config.nix93
-rw-r--r--old/modules/tv/iptables/default.nix11
-rw-r--r--old/modules/tv/iptables/options.nix29
-rw-r--r--old/modules/tv/nginx/config.nix49
-rw-r--r--old/modules/tv/nginx/default.nix11
-rw-r--r--old/modules/tv/nginx/options.nix21
-rw-r--r--old/modules/tv/retiolum/config.nix130
-rw-r--r--old/modules/tv/retiolum/default.nix11
-rw-r--r--old/modules/tv/retiolum/options.nix87
-rw-r--r--old/modules/tv/sanitize.nix12
-rw-r--r--old/modules/tv/smartd.nix17
-rw-r--r--old/modules/tv/synaptics.nix14
-rw-r--r--old/modules/tv/urlwatch/default.nix158
-rw-r--r--old/modules/tv/urxvt.nix24
-rw-r--r--old/modules/tv/users/default.nix67
-rw-r--r--old/modules/tv/xserver.nix40
-rw-r--r--old/modules/uriel/default.nix188
-rw-r--r--old/modules/uriel/git.nix130
-rw-r--r--old/modules/uriel/repos.nix78
-rw-r--r--old/modules/uriel/retiolum.nix31
-rw-r--r--old/modules/wu/default.nix464
-rw-r--r--old/modules/wu/hosts.nix22
-rw-r--r--old/modules/wu/paths.nix12
-rw-r--r--old/modules/wu/users.nix227
-rw-r--r--old/pubkeys/deploy_wu.ssh.pub1
-rw-r--r--old/pubkeys/lass.ssh.pub1
-rw-r--r--old/pubkeys/makefu.ssh.pub1
-rw-r--r--old/pubkeys/mv_vod.ssh.pub1
-rw-r--r--old/pubkeys/tv_wu.ssh.pub1
-rw-r--r--old/pubkeys/uriel.ssh.pub1
118 files changed, 0 insertions, 8659 deletions
diff --git a/old/Makefile b/old/Makefile
deleted file mode 100644
index bef7727..0000000
--- a/old/Makefile
+++ /dev/null
@@ -1,48 +0,0 @@
-all:;@exit 23
-
-tv-cluster := cd mkdir nomic rmdir wu
-deploy-cd:; ./deploy cd
-deploy-mkdir:; ./deploy mkdir
-deploy-nomic:; ./deploy nomic root@nomic-local
-deploy-rmdir:; ./deploy rmdir
-deploy-wu:; ./deploy wu root@localhost
-
-ifndef cluster
-cluster := $(LOGNAME)
-endif
-hosts := $($(cluster)-cluster)
-ifeq ($(hosts),)
-$(error bad cluster: $(cluster))
-else
-.ONESHELL:
-
-.PHONY: deploy $(addprefix deploy-,$(hosts))
-deploy:
- exec parallel \
- -j 0 \
- --no-notice \
- --rpl '{u} s/^.* deploy-(.*)/\1/' \
- --tagstring '{u}' \
- --line-buffer \
- $(MAKE) deploy-{} ::: $(hosts)
-
-.PHONY: rotate-consul-encrypt
-rotate-consul-encrypt:
- umask 0377
- mkencrypt() { dd status=none if=/dev/random bs=1 count=16 | base64; }
- json=$$(printf '{"encrypt":"%s"}\n' $$(mkencrypt))
- cmd='
- f=secrets/{}/rsync/etc/consul/encrypt.json
- rm -f "$$f"
- echo "$$json" > "$$f"
- '
- export json
- exec parallel \
- -j 0 \
- --no-notice \
- --rpl '{u} s/^.* deploy-(.*)/\1/' \
- --tagstring '{u}' \
- --line-buffer \
- --quote \
- sh -eufc "$$cmd" ::: $(hosts)
-endif
diff --git a/old/README.md b/old/README.md
deleted file mode 100644
index 8a72d2f..0000000
--- a/old/README.md
+++ /dev/null
@@ -1,32 +0,0 @@
-
-
-# Turn a Cloud at Cost CentOS-7-64bit server into NixOS
-
-1. Configure the system (`$systemname`) you'd like to install (see Configuration below).
-2. Create new server instance (either Custom or cloudpro) using "CentOS-7-64bit".
- Note the servername (something like c731445864-cloudpro-388922936).
-3. `cac_login=xxx cac_key=yyy ./infest-cac-CentOS-7-64bit.sh servername:$servername $systename`
-4. Enjoy. (`ssh root@$systename`)
-
-# Configuration
-
-Configure your system in modules/$systemname
-See modules/cd/default.nix as an example.
-
-Notice that modules/$systemname/networking will be autogenerated (but not committed).
-
-secrets/$systemname/nix/foo can be accessed as `<secrets/foo>` from within the configuration.
-
-You might want `secrets/$systemname/rsync/etc/tinc/retiolum/rsa_key.priv`.
-
-You might want `secrets/$systemname/nix/hashedPasswords.nix`, which looks like
-
-```nix
-_: { users.extraUsers.root.hashedPassword = "XXX"; }
-```
-
-`XXX` can be generated with e.g.
-
-```
-mkpasswd -m sha-512 -S $(openssl rand -base64 16 | tr -d '+=' | head -c 16)
-```
diff --git a/old/bin/copy-secrets b/old/bin/copy-secrets
deleted file mode 100755
index f404935..0000000
--- a/old/bin/copy-secrets
+++ /dev/null
@@ -1,69 +0,0 @@
-#! /bin/sh
-#
-# copy-secrets system_name target
-#
-set -euf
-
-system_name=$1
-target=$2
-
-nixos_config=$config_root/modules/$system_name
-secrets_nix=$secrets_root/$system_name/nix
-secrets_rsync=$secrets_root/$system_name/rsync
-
-if ! test -e "$secrets_rsync"; then
- exit # nothing to do
-fi
-
-# XXX this is ugly
-# Notice NIX_PATH used from host
-# Notice secrets required to evaluate configuration
-NIX_PATH=$NIX_PATH:nixos-config=$PWD/modules/$system_name
-NIX_PATH=$NIX_PATH:secrets=$PWD/secrets/$system_name/nix
-export NIX_PATH
-
-case $(nixos-query tv.retiolum.enable 2>/dev/null) in true)
- retiolum_secret=$(nixos-query tv.retiolum.privateKeyFile)
- retiolum_uid=$(nixos-query users.extraUsers.retiolum-tinc.uid)
-esac
-
-case $(nixos-query services.ejabberd-cd.enable 2>/dev/null) in true)
- ejabberd_secret=$(nixos-query services.ejabberd-cd.certFile)
- ejabberd_uid=$(nixos-query users.extraUsers.ejabberd.uid)
-esac
-
-case $(nixos-query tv.consul.enable 2>/dev/null) in true)
- consul_secret=$(nixos-query tv.consul.encrypt-file)
- consul_uid=$(nixos-query users.extraUsers.consul.uid)
-esac
-
-(set -x
- rsync \
- --rsync-path="mkdir -p \"$2\" && rsync" \
- -vzrlptD \
- "$secrets_rsync/" \
- "$target:/")
-
-ssh "$target" -T <<EOF
-set -euf
-
-retiolum_secret=${retiolum_secret-}
-retiolum_uid=${retiolum_uid-}
-ejabberd_secret=${ejabberd_secret-}
-ejabberd_uid=${ejabberd_uid-}
-consul_secret=${consul_secret-}
-consul_uid=${consul_uid-}
-
-if test -n "\$retiolum_secret"; then
- chown -v "\$retiolum_uid:0" "\$retiolum_secret"
-fi
-
-if test -n "\$ejabberd_secret"; then
- chown -v "\$ejabberd_uid:0" "\$ejabberd_secret"
-fi
-
-if test -n "\$consul_secret"; then
- chown -v "\$consul_uid:0" "\$consul_secret"
-fi
-
-EOF
diff --git a/old/bin/genid b/old/bin/genid
deleted file mode 100755
index 8e22407..0000000
--- a/old/bin/genid
+++ /dev/null
@@ -1,11 +0,0 @@
-#! /bin/sh
-# usage: genid NAME
-set -euf
-name=$1
-hash=$(printf %s "$name" | sha1sum | cut -d\ -f1 | tr a-f A-F)
-echo "
- min=2^16 # bigger than nobody and nogroup, see <nixos/modules/misc/ids.nix>
- max=2^32 # see 2^(8*sizeof(uid_t))
- ibase=16
- ($hash + min) % max
-" | bc
diff --git a/old/bin/netmask-to-prefix b/old/bin/netmask-to-prefix
deleted file mode 100755
index 1c4dbeb..0000000
--- a/old/bin/netmask-to-prefix
+++ /dev/null
@@ -1,12 +0,0 @@
-#! /bin/sh
-set -euf
-
-netmask=$1
-
-binaryNetmask=$(echo $1 | sed 's/^/obase=2;/;s/\./;/g' | bc | tr -d \\n)
-binaryPrefix=$(echo $binaryNetmask | sed -n 's/^\(1*\)0*$/\1/p')
-if ! echo $binaryPrefix | grep -q .; then
- echo $0: bad netmask: $netmask >&2
- exit 4
-fi
-printf %s $binaryPrefix | tr -d 0 | wc -c
diff --git a/old/bin/nixos-query b/old/bin/nixos-query
deleted file mode 100755
index 1111aea..0000000
--- a/old/bin/nixos-query
+++ /dev/null
@@ -1,4 +0,0 @@
-#! /bin/sh
-set -euf
-result=$(nix-instantiate -A config."$1" --eval --json '<nixos>')
-echo $result | jq -r .
diff --git a/old/bin/urlencode b/old/bin/urlencode
deleted file mode 100755
index 02ca030..0000000
--- a/old/bin/urlencode
+++ /dev/null
@@ -1,35 +0,0 @@
-#! /bin/sh
-set -euf
-exec sed '
- s/%/%25/g
- s/ /%20/g
- s/!/%21/g
- s/"/%22/g
- s/#/%23/g
- s/\$/%24/g
- s/\&/%26/g
- s/'\''/%27/g
- s/(/%28/g
- s/)/%29/g
- s/\*/%2a/g
- s/+/%2b/g
- s/,/%2c/g
- s/-/%2d/g
- s/\./%2e/g
- s/\//%2f/g
- s/:/%3a/g
- s/;/%3b/g
- s//%3e/g
- s/?/%3f/g
- s/@/%40/g
- s/\[/