diff options
| -rw-r--r-- | 0make/makefu/pnp.makefile | 4 | ||||
| -rw-r--r-- | 1systems/makefu/pnp.nix | 47 | ||||
| -rw-r--r-- | 2configs/makefu/base.nix | 99 | ||||
| -rw-r--r-- | 2configs/makefu/cgit-retiolum.nix | 69 | ||||
| -rw-r--r-- | 3modules/makefu/default.nix | 19 | ||||
| -rw-r--r-- | Zpubkeys/makefu_omo.ssh.pub | 1 |
6 files changed, 1 insertions, 238 deletions
diff --git a/0make/makefu/pnp.makefile b/0make/makefu/pnp.makefile deleted file mode 100644 index a18efe0..0000000 --- a/0make/makefu/pnp.makefile +++ /dev/null @@ -1,4 +0,0 @@ -deploy_host := root@pnp -nixpkgs_url := https://github.com/nixos/nixpkgs -nixpkgs_rev := 4c01e6d91993b6de128795f4fbdd25f6227fb870 -secrets_dir := /home/makefu/secrets/pnp diff --git a/1systems/makefu/pnp.nix b/1systems/makefu/pnp.nix deleted file mode 100644 index 1019c4d..0000000 --- a/1systems/makefu/pnp.nix +++ /dev/null @@ -1,47 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - ../../2configs/makefu/base.nix - ../../2configs/makefu/cgit-retiolum.nix - ]; - krebs.build.host = config.krebs.hosts.pnp; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/vda"; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - hardware.enableAllFirmware = true; - hardware.cpu.amd.updateMicrocode = true; - -# networking.firewall is enabled by default - networking.firewall.allowedTCPPorts = [ 80 ]; - - fileSystems."/" = - { device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; - krebs.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "gum" - "pigstarter" - "fastpoke" - ]; - }; - -# $ nix-env -qaP | grep wget - environment.systemPackages = with pkgs; [ - jq - ]; -} diff --git a/2configs/makefu/base.nix b/2configs/makefu/base.nix deleted file mode 100644 index b052b13..0000000 --- a/2configs/makefu/base.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -{ - imports = [ ]; - krebs.enable = true; - krebs.search-domain = "retiolum"; - - networking.hostName = config.krebs.build.host.name; - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; - }; - makefu = { - uid = 9001; - group = "users"; - home = "/home/makefu"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "wheel" - ]; - openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; - }; - }; - - services.openssh.enable = true; - nix.useChroot = true; - - users.mutableUsers = true; - - boot.tmpOnTmpfs = true; - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; - - environment.extraInit = '' - EDITOR=vim - ''; - - environment.systemPackages = with pkgs; [ - git - vim - gnumake - rxvt_unicode.terminfo - ]; - - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - ''; - - promptInit = '' - case $UID in - 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;; - 9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;; - *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;; - esac - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - fi - ''; - }; - - environment.shellAliases = { - lsl = "ls -lAtr"; - }; - - nixpkgs.config.packageOverrides = pkgs: { - nano = pkgs.runCommand "empty" {} "mkdir -p $out"; - }; - - services.cron.enable = false; - services.nscd.enable = false; - - security.setuidPrograms = [ "sendmail" ]; - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - # Enable IPv6 Privacy Extensions - boot.kernel.sysctl = { - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; - }; - - i18n = { - consoleKeyMap = "us"; - defaultLocale = "en_US.UTF-8"; - }; -} diff --git a/2configs/makefu/cgit-retiolum.nix b/2configs/makefu/cgit-retiolum.nix deleted file mode 100644 index d0351a9..0000000 --- a/2configs/makefu/cgit-retiolum.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ config, lib, pkgs, ... }: -# TODO: remove tv lib :) -with import ../../4lib/tv { inherit lib pkgs; }; -let - - repos = priv-repos // krebs-repos ; - rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos); - - krebs-repos = mapAttrs make-krebs-repo { - stockholm = { - desc = "take all the computers hostage, they'll love you!"; - }; - }; - - priv-repos = mapAttrs make-priv-repo { - autosync = { }; - }; - - - # TODO move users to separate module - make-priv-repo = name: { desc ? null, ... }: { - inherit name desc; - public = false; - }; - - make-krebs-repo = with git; name: { desc ? null, ... }: { - inherit name desc; - public = true; - hooks = { - post-receive = git.irc-announce { - nick = config.networking.hostName; - channel = "#retiolum"; - server = "cd.retiolum"; - }; - }; - }; - - set-owners = with git; repo: user: - singleton { - inherit user; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - }; - - set-ro-access = with git; repo: user: - optional repo.public { - inherit user; - repo = [ repo ]; - perm = fetch; - }; - - # TODO: get the list of all krebsministers - krebsminister = with config.krebs.users; [ lass tv uriel ]; - - priv-rules = with config.krebs.users; repo: - set-owners repo [ makefu ]; - - krebs-rules = with config.krebs.users; repo: - set-owners repo [ makefu ] ++ set-ro-access repo krebsminister ; - -in { - imports = [ ../../3modules/krebs/git.nix ]; - krebs.git = { - enable = true; - root-title = "public repositories "; - root-desc = "keep on krebsing"; - inherit repos rules; - }; -} diff --git a/3modules/makefu/default.nix b/3modules/makefu/default.nix deleted file mode 100644 index 45ca8c3..0000000 --- a/3modules/makefu/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, ... }: - -with import ../../4lib/krebs { inherit lib; }; -let - cfg = config.krebs; - - out = { - imports = [ - ]; - options.krebs = api; - config = mkIf cfg.enable imp; - }; - - api = { }; - - imp = { }; - -in -out diff --git a/Zpubkeys/makefu_omo.ssh.pub b/Zpubkeys/makefu_omo.ssh.pub new file mode 100644 index 0000000..5567040 --- /dev/null +++ b/Zpubkeys/makefu_omo.ssh.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch |