summaryrefslogtreecommitdiffstats
path: root/old/modules
diff options
context:
space:
mode:
Diffstat (limited to 'old/modules')
-rw-r--r--old/modules/cd/default.nix91
-rw-r--r--old/modules/cd/networking.nix14
-rw-r--r--old/modules/cd/paths.nix12
-rw-r--r--old/modules/cd/users.nix53
-rw-r--r--old/modules/cloudkrebs/default.nix69
-rw-r--r--old/modules/cloudkrebs/networking.nix14
-rw-r--r--old/modules/common/krebs-keys.nix18
-rw-r--r--old/modules/common/krebs-repos.nix36
-rw-r--r--old/modules/common/nixpkgs.nix25
-rw-r--r--old/modules/common/sshkeys.nix26
-rw-r--r--old/modules/lass/base.nix110
-rw-r--r--old/modules/lass/binary-caches.nix13
-rw-r--r--old/modules/lass/bird.nix13
-rw-r--r--old/modules/lass/bitcoin.nix17
-rw-r--r--old/modules/lass/browsers.nix67
-rw-r--r--old/modules/lass/chromium-patched.nix48
-rw-r--r--old/modules/lass/desktop-base.nix37
-rw-r--r--old/modules/lass/elster.nix20
-rw-r--r--old/modules/lass/games.nix25
-rw-r--r--old/modules/lass/gitolite-base.nix173
-rw-r--r--old/modules/lass/ircd.nix83
-rw-r--r--old/modules/lass/pass.nix10
-rw-r--r--old/modules/lass/programs.nix24
-rw-r--r--old/modules/lass/retiolum-cloudkrebs.nix21
-rw-r--r--old/modules/lass/retiolum-mors.nix21
-rw-r--r--old/modules/lass/retiolum-uriel.nix21
-rw-r--r--old/modules/lass/sshkeys.nix11
-rw-r--r--old/modules/lass/steam.nix29
-rw-r--r--old/modules/lass/texlive.nix7
-rw-r--r--old/modules/lass/urxvt.nix40
-rw-r--r--old/modules/lass/urxvtd.nix55
-rw-r--r--old/modules/lass/vim.nix116
-rw-r--r--old/modules/lass/virtualbox.nix22
-rw-r--r--old/modules/lass/wine.nix23
-rw-r--r--old/modules/lass/xresources.nix57
-rw-r--r--old/modules/lass/xserver-lass.nix43
-rw-r--r--old/modules/mkdir/default.nix86
-rw-r--r--old/modules/mkdir/networking.nix14
-rw-r--r--old/modules/mkdir/paths.nix12
-rw-r--r--old/modules/mkdir/users.nix19
-rw-r--r--old/modules/mors/default.nix283
-rw-r--r--old/modules/mors/git.nix71
-rw-r--r--old/modules/mors/repos.nix78
-rw-r--r--old/modules/mu/default.nix466
-rw-r--r--old/modules/mu/paths.nix12
-rw-r--r--old/modules/nomic/default.nix105
-rw-r--r--old/modules/nomic/hardware-configuration.nix49
-rw-r--r--old/modules/nomic/paths.nix12
-rw-r--r--old/modules/nomic/users.nix42
-rw-r--r--old/modules/rmdir/default.nix87
-rw-r--r--old/modules/rmdir/networking.nix15
-rw-r--r--old/modules/rmdir/paths.nix12
-rw-r--r--old/modules/rmdir/users.nix19
-rw-r--r--old/modules/tv/base-cac-CentOS-7-64bit.nix27
-rw-r--r--old/modules/tv/base.nix16
-rw-r--r--old/modules/tv/config/consul-client.nix9
-rw-r--r--old/modules/tv/config/consul-server.nix22
-rw-r--r--old/modules/tv/consul/default.nix121
-rw-r--r--old/modules/tv/ejabberd.nix867
-rw-r--r--old/modules/tv/environment.nix93
-rw-r--r--old/modules/tv/exim-retiolum.nix126
-rw-r--r--old/modules/tv/exim-smarthost.nix474
-rw-r--r--old/modules/tv/git/cgit.nix93
-rw-r--r--old/modules/tv/git/config.nix272
-rw-r--r--old/modules/tv/git/default.nix27
-rw-r--r--old/modules/tv/git/options.nix93
-rw-r--r--old/modules/tv/git/public.nix82
-rw-r--r--old/modules/tv/identity/default.nix71
-rw-r--r--old/modules/tv/iptables/config.nix93
-rw-r--r--old/modules/tv/iptables/default.nix11
-rw-r--r--old/modules/tv/iptables/options.nix29
-rw-r--r--old/modules/tv/nginx/config.nix49
-rw-r--r--old/modules/tv/nginx/default.nix11
-rw-r--r--old/modules/tv/nginx/options.nix21
-rw-r--r--old/modules/tv/retiolum/config.nix130
-rw-r--r--old/modules/tv/retiolum/default.nix11
-rw-r--r--old/modules/tv/retiolum/options.nix87
-rw-r--r--old/modules/tv/sanitize.nix12
-rw-r--r--old/modules/tv/smartd.nix17
-rw-r--r--old/modules/tv/synaptics.nix14
-rw-r--r--old/modules/tv/urlwatch/default.nix158
-rw-r--r--old/modules/tv/urxvt.nix24
-rw-r--r--old/modules/tv/users/default.nix67
-rw-r--r--old/modules/tv/xserver.nix40
-rw-r--r--old/modules/uriel/default.nix184
-rw-r--r--old/modules/uriel/repos.nix78
-rw-r--r--old/modules/wu/default.nix464
-rw-r--r--old/modules/wu/hosts.nix22
-rw-r--r--old/modules/wu/paths.nix12
-rw-r--r--old/modules/wu/users.nix227
90 files changed, 7000 insertions, 0 deletions
diff --git a/old/modules/cd/default.nix b/old/modules/cd/default.nix
new file mode 100644
index 0000000..e3abd47
--- /dev/null
+++ b/old/modules/cd/default.nix
@@ -0,0 +1,91 @@
+{ config, pkgs, ... }:
+
+let
+ inherit (builtins) readFile;
+in
+
+{
+ imports =
+ [
+ { users.extraUsers = import <secrets/extraUsers.nix>; }
+ ./networking.nix
+ ./users.nix
+ ../tv/base.nix
+ ../tv/base-cac-CentOS-7-64bit.nix
+ ../tv/config/consul-server.nix
+ ../tv/ejabberd.nix # XXX echtes modul
+ ../tv/exim-smarthost.nix
+ ../tv/git/public.nix
+ ../tv/sanitize.nix
+ {
+ imports = [ ../tv/identity ];
+ tv.identity = {
+ enable = true;
+ self = config.tv.identity.hosts.cd;
+ };
+ }
+ {
+ imports = [ ../tv/iptables ];
+ tv.iptables = {
+ enable = true;
+ input-internet-accept-new-tcp = [
+ "ssh"
+ "tinc"
+ "smtp"
+ "xmpp-client"
+ "xmpp-server"
+ ];
+ input-retiolum-accept-new-tcp = [
+ "http"
+ ];
+ };
+ }
+ {
+ imports = [ ../tv/retiolum ];
+ tv.retiolum = {
+ enable = true;
+ hosts = <retiolum-hosts>;
+ connectTo = [
+ "fastpoke"
+ "pigstarter"
+ "ire"
+ ];
+ };
+ }
+ ];
+
+ # "Developer 2" plan has two vCPUs.
+ nix.maxJobs = 2;
+
+ environment.systemPackages = with pkgs; [
+ git # required for ./deploy, clone_or_update
+ htop
+ iftop
+ iotop
+ iptables
+ mutt # for mv
+ nethogs
+ rxvt_unicode.terminfo
+ tcpdump
+ ];
+
+ services.ejabberd-cd = {
+ enable = true;
+ };
+
+ services.journald.extraConfig = ''
+ SystemMaxUse=1G
+ RuntimeMaxUse=128M
+ '';
+
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ # XXX bits here make no science
+ { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ permitRootLogin = "yes";
+ };
+
+ sound.enable = false;
+}
diff --git a/old/modules/cd/networking.nix b/old/modules/cd/networking.nix
new file mode 100644
index 0000000..215e208
--- /dev/null
+++ b/old/modules/cd/networking.nix
@@ -0,0 +1,14 @@
+{...}:
+{
+ networking.hostName = "cd";
+ networking.interfaces.enp2s1.ip4 = [
+ {
+ address = "162.219.7.216";
+ prefixLength = 24;
+ }
+ ];
+ networking.defaultGateway = "162.219.7.1";
+ networking.nameservers = [
+ "8.8.8.8"
+ ];
+}
diff --git a/old/modules/cd/paths.nix b/old/modules/cd/paths.nix
new file mode 100644
index 0000000..f873912
--- /dev/null
+++ b/old/modules/cd/paths.nix
@@ -0,0 +1,12 @@
+{
+ lib.file.url = ../../lib;
+ modules.file.url = ../../modules;
+ nixpkgs.git = {
+ url = https://github.com/NixOS/nixpkgs;
+ rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
+ cache = ../../tmp/git-cache;
+ };
+ pubkeys.file.url = ../../pubkeys;
+ retiolum-hosts.file.url = ../../hosts;
+ secrets.file.url = ../../secrets/cd/nix;
+}
diff --git a/old/modules/cd/users.nix b/old/modules/cd/users.nix
new file mode 100644
index 0000000..656336d
--- /dev/null
+++ b/old/modules/cd/users.nix
@@ -0,0 +1,53 @@
+{ ... }:
+
+let
+ inherit (builtins) readFile;
+in
+
+{
+ users.extraGroups = {
+
+ # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
+ # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
+ # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
+ # Docs: man:tmpfiles.d(5)
+ # man:systemd-tmpfiles(8)
+ # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
+ # Main PID: 19272 (code=exited, status=1/FAILURE)
+ #
+ # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
+ # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
+ # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
+ # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
+ # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
+ # warning: error(s) occured while switching to the new configuration
+ lock.gid = 10001;
+
+ };
+ users.extraUsers =
+ {
+ root = {
+ openssh.authorizedKeys.keys = [
+ (readFile <pubkeys/deploy_wu.ssh.pub>)
+ (readFile <pubkeys/tv_wu.ssh.pub>)
+ ];
+ };
+
+ mv = rec {
+ name = "mv";
+ uid = 1338;
+ group = "users";
+ home = "/home/${name}";
+ createHome = true;
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = [
+ (readFile <pubkeys/mv_vod.ssh.pub>)
+ ];
+ };
+
+ };
+
+ users.mutableUsers = false;
+}
diff --git a/old/modules/cloudkrebs/default.nix b/old/modules/cloudkrebs/default.nix
new file mode 100644
index 0000000..938447e
--- /dev/null
+++ b/old/modules/cloudkrebs/default.nix
@@ -0,0 +1,69 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ../tv/base-cac-CentOS-7-64bit.nix
+ ../lass/retiolum-cloudkrebs.nix
+ ./networking.nix
+ ../../secrets/cloudkrebs-pw.nix
+ ../lass/sshkeys.nix
+ ../lass/base.nix
+ ../common/nixpkgs.nix
+ ];
+
+ nixpkgs = {
+ url = "https://github.com/Lassulus/nixpkgs";
+ rev = "b42ecfb8c61e514bf7733b4ab0982d3e7e27dacb";
+ };
+
+ nix.maxJobs = 1;
+
+ #activationScripts
+ #split up and move into base
+
+ #TODO move into modules
+ users.extraUsers = {
+ #main user
+ root = {
+ openssh.authorizedKeys.keys = [
+ config.sshKeys.lass.pub
+ ];
+ };
+ mainUser = {
+ uid = 1337;
+ name = "lass";
+ #isNormalUser = true;
+ group = "users";
+ createHome = true;
+ home = "/home/lass";
+ useDefaultShell = true;
+ isSystemUser = false;
+ description = "lassulus";
+ extraGroups = [ "wheel" ];
+ openssh.authorizedKeys.keys = [
+ config.sshKeys.lass.pub
+ ];
+ };
+ };
+
+ environment.systemPackages = with pkgs; [
+ ];
+
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ # XXX bits here make no science
+ { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ permitRootLogin = "yes";
+ };
+
+ networking.firewall = {
+ enable = true;
+
+ allowedTCPPorts = [
+ 22
+ ];
+ };
+
+}
diff --git a/old/modules/cloudkrebs/networking.nix b/old/modules/cloudkrebs/networking.nix
new file mode 100644
index 0000000..fc50073
--- /dev/null
+++ b/old/modules/cloudkrebs/networking.nix
@@ -0,0 +1,14 @@
+{...}:
+{
+ networking.hostName = "cloudkrebs";
+ networking.interfaces.enp2s1.ip4 = [
+ {
+ address = "104.167.113.104";
+ prefixLength = 24;
+ }
+ ];
+ networking.defaultGateway = "104.167.113.1";
+ networking.nameservers = [
+ "8.8.8.8"
+ ];
+}
diff --git a/old/modules/common/krebs-keys.nix b/old/modules/common/krebs-keys.nix
new file mode 100644
index 0000000..5e34933
--- /dev/null
+++ b/old/modules/common/krebs-keys.nix
@@ -0,0 +1,18 @@
+# alle public keys der krebsminister fuer R in krebs repos
+{ config, ... }:
+
+let
+ inherit (builtins) readFile;
+in
+
+with import ../lass/sshkeys.nix {
+ config.sshKeys.lass.pub = config.sshKeys.lass.pub;
+ config.sshKeys.uriel.pub = config.sshKeys.uriel.pub;
+ };
+{
+ imports = [
+ ./sshkeys.nix
+ ];
+
+ config.sshKeys.tv.pub = readFile <pubkeys/tv_wu.ssh.pub>;
+}
diff --git a/old/modules/common/krebs-repos.nix b/old/modules/common/krebs-repos.nix
new file mode 100644
index 0000000..86f3731
--- /dev/null
+++ b/old/modules/common/krebs-repos.nix
@@ -0,0 +1,36 @@
+{ lib, ... }:
+
+let
+ inherit (lib) mkDefault;
+
+ mkSecureRepo = name:
+ { inherit name;
+ value = {
+ users = {
+ lass = mkDefault "R";
+ tv = mkDefault "R";
+ makefu = mkDefault "R";
+ };
+ };
+ };
+
+ mkRepo = name:
+ { inherit name;
+ value = {
+ users = {
+ lass = mkDefault "R";
+ tv = mkDefault "R";
+ makefu = mkDefault "R";
+ };
+ };
+ };
+
+in {
+ services.gitolite.repos =
+ (lib.listToAttrs (map mkSecureRepo [ "brain" ])) //
+ (lib.listToAttrs (map mkRepo [
+ "painload"
+ "services"
+ "hosts"
+ ]));
+}
diff --git a/old/modules/common/nixpkgs.nix b/old/modules/common/nixpkgs.nix
new file mode 100644
index 0000000..486cf02
--- /dev/null
+++ b/old/modules/common/nixpkgs.nix
@@ -0,0 +1,25 @@
+{ lib, ... }:
+
+with lib;
+
+{
+ options = {
+ nixpkgs.url = mkOption {
+ type = types.str;
+ description = "URL of the nixpkgs repository.";
+ };
+ nixpkgs.rev = mkOption {
+ type = types.str;
+ default = "origin/master";
+ description = "Revision of the remote repository.";
+ };
+ nixpkgs.dirty = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ If nixpkgs.url is a local path, then use that as it is.
+ TODO this break if URL is not a local path.
+ '';
+ };
+ };
+}
diff --git a/old/modules/common/sshkeys.nix b/old/modules/common/sshkeys.nix
new file mode 100644
index 0000000..5f1c606
--- /dev/null
+++ b/old/modules/common/sshkeys.nix
@@ -0,0 +1,26 @@
+{ lib, ... }:
+
+with lib;
+
+{
+ options = {
+ sshKeys = mkOption {
+ type = types.attrsOf (types.submodule (
+ { config, ... }:
+ {
+ options = {
+ pub = mkOption {
+ type = types.str;
+ description = "Public part of the ssh key.";
+ };
+
+ priv = mkOption {
+ type = types.str;
+ description = "Private part of the ssh key.";
+ };
+ };
+ }));
+ description = "collection of ssh-keys";
+ };
+ };
+}
diff --git a/old/modules/lass/base.nix b/old/modules/lass/base.nix
new file mode 100644
index 0000000..3a8d879
--- /dev/null
+++ b/old/modules/lass/base.nix
@@ -0,0 +1,110 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ./sshkeys.nix
+ ];
+
+ nix.useChroot = true;
+
+ users.mutableUsers = false;
+
+ boot.tmpOnTmpfs = true;
+ # see tmpfiles.d(5)
+ systemd.tmpfiles.rules = [
+ "d /tmp 1777 root root - -"
+ ];
+
+ # multiple-definition-problem when defining environment.variables.EDITOR
+ environment.extraInit = ''
+ EDITOR=vim
+ PAGER=most
+ '';
+
+ environment.systemPackages = with pkgs; [
+ git
+ most
+ rxvt_unicode.terminfo
+
+ #network
+ iptables
+ ];
+
+ programs.bash = {
+ enableCompletion = true;
+ interactiveShellInit = ''
+ HISTCONTROL='erasedups:ignorespace'
+ HISTSIZE=65536
+ HISTFILESIZE=$HISTSIZE
+
+ shopt -s checkhash
+ shopt -s histappend histreedit histverify
+ shopt -s no_empty_cmd_completion
+ complete -d cd
+
+ #fancy colors
+ if [ -e ~/LS_COLORS ]; then
+ eval $(dircolors ~/LS_COLORS)
+ fi
+
+ if [ -e /etc/nixos/dotfiles/link ]; then
+ /etc/nixos/dotfiles/link
+ fi
+ '';
+ promptInit = ''
+ if test $UID = 0; then
+ PS1='\[\033[1;31m\]\w\[\033[0m\] '
+ elif test $UID = 1337; then
+ PS1='\[\033[1;32m\]\w\[\033[0m\] '
+ else
+ PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
+ fi
+ if test -n "$SSH_CLIENT"; then
+ PS1='\[\033[35m\]\h'" $PS1"
+ fi
+ '';
+ };
+
+ services.gitolite = {
+ enable = true;
+ dataDir = "/home/gitolite";
+ adminPubkey = config.sshKeys.lass.pub;
+ };
+
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ # XXX bits here make no science
+ { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ };
+
+ services.journald.extraConfig = ''
+ SystemMaxU