summaryrefslogtreecommitdiffstats
path: root/tv/systems
diff options
context:
space:
mode:
Diffstat (limited to 'tv/systems')
-rw-r--r--tv/systems/cd.nix143
-rw-r--r--tv/systems/mkdir.nix83
-rw-r--r--tv/systems/nomic.nix116
-rw-r--r--tv/systems/rmdir.nix84
-rw-r--r--tv/systems/wu.nix409
5 files changed, 0 insertions, 835 deletions
diff --git a/tv/systems/cd.nix b/tv/systems/cd.nix
deleted file mode 100644
index 037248c..0000000
--- a/tv/systems/cd.nix
+++ /dev/null
@@ -1,143 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
- tvpkgs = import ../pkgs { inherit pkgs; };
-in
-
-{
- krebs.build.host = config.krebs.hosts.cd;
- krebs.build.user = config.krebs.users.tv;
-
- krebs.build.target = "root@cd.internet";
-
- krebs.build.deps = {
- nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
- };
- secrets = {
- url = "/home/tv/secrets/${config.krebs.build.host.name}";
- };
- stockholm = {
- url = toString ../..;
- };
- };
-
- imports = [
- ../configs/CAC-Developer-2.nix
- ../configs/CAC-CentOS-7-64bit.nix
- ../configs/base.nix
- ../configs/consul-server.nix
- ../configs/exim-smarthost.nix
- ../configs/git.nix
- {
- imports = [ ../configs/charybdis.nix ];
- tv.charybdis = {
- enable = true;
- sslCert = ../../Zcerts/charybdis_cd.crt.pem;
- };
- }
- {
- tv.ejabberd = {
- enable = true;
- hosts = [ "jabber.viljetic.de" ];
- };
- }
- {
- krebs.github-hosts-sync.enable = true;
- tv.iptables.input-internet-accept-new-tcp =
- singleton config.krebs.github-hosts-sync.port;
- }
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "tinc"
- "smtp"
- "xmpp-client"
- "xmpp-server"
- ];
- input-retiolum-accept-new-tcp = [
- "http"
- ];
- };
- }
- {
- tv.iptables.input-internet-accept-new-tcp = singleton "http";
- krebs.nginx.servers.cgit.server-names = singleton "cgit.cd.viljetic.de";
- }
- {
- # TODO make public_html also available to cd, cd.retiolum (AKA default)
- tv.iptables.input-internet-accept-new-tcp = singleton "http";
- krebs.nginx.servers.public_html = {
- server-names = singleton "cd.viljetic.de";
- locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
- alias /home/$1/public_html$2;
- '');
- };
- }
- {
- krebs.nginx.servers.viljetic = {
- server-names = singleton "viljetic.de";
- # TODO directly set root (instead via location)
- locations = singleton (nameValuePair "/" ''
- root ${tvpkgs.viljetic-pages};
- '');
- };
- }
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "fastpoke"
- "pigstarter"
- "ire"
- ];
- };
- }
- ];
-
- networking.interfaces.enp2s1.ip4 = [
- {
- address = "162.219.7.216";
- prefixLength = 24;
- }
- ];
- networking.defaultGateway = "162.219.7.1";
- networking.nameservers = [
- "8.8.8.8"
- ];
-
- environment.systemPackages = with pkgs; [
- git # required for ./deploy, clone_or_update
- htop
- iftop
- iotop
- iptables
- mutt # for mv
- nethogs
- rxvt_unicode.terminfo
- tcpdump
- ];
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
- users.extraUsers = {
- mv = {
- uid = 1338;
- group = "users";
- home = "/home/mv";
- createHome = true;
- useDefaultShell = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.mv.pubkey
- ];
- };
- };
-}
diff --git a/tv/systems/mkdir.nix b/tv/systems/mkdir.nix
deleted file mode 100644
index f601ec8..0000000
--- a/tv/systems/mkdir.nix
+++ /dev/null
@@ -1,83 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- krebs.build.host = config.krebs.hosts.mkdir;
- krebs.build.user = config.krebs.users.tv;
-
- krebs.build.target = "root@mkdir.internet";
-
- krebs.build.deps = {
- nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "9d5508d85c33b8fb22d79dde6176792eac2c2696";
- };
- secrets = {
- url = "/home/tv/secrets/${config.krebs.build.host.name}";
- };
- stockholm = {
- url = toString ../..;
- };
- };
-
- imports = [
- ../configs/CAC-Developer-1.nix
- ../configs/CAC-CentOS-7-64bit.nix
- ../configs/base.nix
- ../configs/consul-server.nix
- ../configs/exim-smarthost.nix
- ../configs/git.nix
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "tinc"
- "smtp"
- ];
- input-retiolum-accept-new-tcp = [
- "http"
- ];
- };
- }
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "cd"
- "fastpoke"
- "pigstarter"
- "ire"
- ];
- };
- }
- ];
-
- networking.interfaces.enp2s1.ip4 = [
- {
- address = "162.248.167.241"; # TODO
- prefixLength = 24;
- }
- ];
- networking.defaultGateway = "162.248.167.1";
- networking.nameservers = [
- "8.8.8.8"
- ];
-
- environment.systemPackages = with pkgs; [
- git # required for ./deploy, clone_or_update
- htop
- iftop
- iotop
- iptables
- nethogs
- rxvt_unicode.terminfo
- tcpdump
- ];
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-}
diff --git a/tv/systems/nomic.nix b/tv/systems/nomic.nix
deleted file mode 100644
index c96fe38..0000000
--- a/tv/systems/nomic.nix
+++ /dev/null
@@ -1,116 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- krebs.build.host = config.krebs.hosts.nomic;
- krebs.build.user = config.krebs.users.tv;
-
- krebs.build.target = "root@nomic.gg23";
-
- krebs.build.deps = {
- nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "9d5508d85c33b8fb22d79dde6176792eac2c2696";
- };
- secrets = {
- url = "/home/tv/secrets/${config.krebs.build.host.name}";
- };
- stockholm = {
- url = toString ../..;
- };
- };
-
- imports = [
- ../configs/AO753.nix
- ../configs/base.nix
- ../configs/consul-server.nix
- ../configs/exim-retiolum.nix
- ../configs/git.nix
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "http"
- "tinc"
- "smtp"
- ];
- };
- }
- {
- krebs.nginx = {
- enable = true;
- servers.default.locations = [
- (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
- alias /home/$1/public_html$2;
- '')
- ];
- };
- }
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "gum"
- "pigstarter"
- ];
- };
- }
- ];
-
- boot.initrd.luks = {
- cryptoModules = [ "aes" "sha1" "xts" ];
- devices = [
- {
- name = "luks1";
- device = "/dev/disk/by-uuid/cac73902-1023-4906-8e95-3a8b245337d4";
- }
- ];
- };
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/de4780fc-0473-4708-81df-299b7383274c";
- fsType = "btrfs";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/be3a1d80-3157-4d7c-86cc-ef01b64eff5e";
- fsType = "ext4";
- };
-
- fileSystems."/home" =
- { device = "/dev/disk/by-uuid/9db9c8ff-51da-4cbd-9f0a-0cd3333bbaff";
- fsType = "btrfs";
- };
-
- swapDevices = [ ];
-
- nix = {
- buildCores = 2;
- maxJobs = 2;
- daemonIONiceLevel = 1;
- daemonNiceLevel = 1;
- };
-
- # TODO base
- boot.tmpOnTmpfs = true;
-
- environment.systemPackages = with pkgs; [
- (writeScriptBin "play" ''
- #! /bin/sh
- set -euf
- mpv() { exec ${mpv}/bin/mpv "$@"; }
- case $1 in
- deepmix) mpv http://deepmix.ru/deepmix128.pls;;
- groovesalad) mpv http://somafm.com/play/groovesalad;;
- ntslive) mpv http://listen2.ntslive.co.uk/listen.pls;;
- *)
- echo "$0: bad argument: $*" >&2
- exit 23
- esac
- '')
- rxvt_unicode.terminfo
- tmux
- ];
-}
diff --git a/tv/systems/rmdir.nix b/tv/systems/rmdir.nix
deleted file mode 100644
index fa91516..0000000
--- a/tv/systems/rmdir.nix
+++ /dev/null
@@ -1,84 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- krebs.build.host = config.krebs.hosts.rmdir;
- krebs.build.user = config.krebs.users.tv;
-
- krebs.build.target = "root@rmdir.internet";
-
- krebs.build.deps = {
- nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
- };
- secrets = {
- url = "/home/tv/secrets/${config.krebs.build.host.name}";
- };
- stockholm = {
- url = toString ../..;
- };
- };
-
- imports = [
- ../configs/CAC-Developer-1.nix
- ../configs/CAC-CentOS-7-64bit.nix
- ../configs/base.nix
- ../configs/consul-server.nix
- ../configs/exim-smarthost.nix
- ../configs/git.nix
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "tinc"
- "smtp"
- ];
- input-retiolum-accept-new-tcp = [
- "http"
- ];
- };
- }
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "cd"
- "mkdir"
- "fastpoke"
- "pigstarter"
- "ire"
- ];
- };
- }
- ];
-
- networking.interfaces.enp2s1.ip4 = [
- {
- address = "167.88.44.94";
- prefixLength = 24;
- }
- ];
- networking.defaultGateway = "167.88.44.1";
- networking.nameservers = [
- "8.8.8.8"
- ];
-
- environment.systemPackages = with pkgs; [
- git # required for ./deploy, clone_or_update
- htop
- iftop
- iotop
- iptables
- nethogs
- rxvt_unicode.terminfo
- tcpdump
- ];
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-}
diff --git a/tv/systems/wu.nix b/tv/systems/wu.nix
deleted file mode 100644
index 7c52d94..0000000
--- a/tv/systems/wu.nix
+++ /dev/null
@@ -1,409 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
- tvpkgs = import ../pkgs { inherit pkgs; };
-in
-
-{
- krebs.build.host = config.krebs.hosts.wu;
- krebs.build.user = config.krebs.users.tv;
-
- krebs.build.target = "root@wu";
-
- krebs.build.deps = {
- nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "9d5508d85c33b8fb22d79dde6176792eac2c2696";
- };
- secrets = {
- url = "/home/tv/secrets/${config.krebs.build.host.name}";
- };
- stockholm = {
- url = toString ../..;
- };
- };
-
- imports = [
- ../configs/w110er.nix
- ../configs/base.nix
- ../configs/consul-client.nix
- ../configs/exim-retiolum.nix
- ../configs/git.nix
- ../configs/mail-client.nix
- ../configs/xserver.nix
- ../configs/synaptics.nix # TODO w110er if xserver is enabled
- ../configs/urlwatch.nix
- {
- environment.systemPackages = with pkgs; [
-
- # stockholm
- git
- gnumake
- parallel
- tvpkgs.genid
- tvpkgs.hashPassword
- tvpkgs.lentil
- (pkgs.writeScriptBin "ff" ''
- #! ${pkgs.bash}/bin/bash
- exec sudo -u ff -i <<EOF
- exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@")
- EOF
- '')
- (pkgs.writeScriptBin "im" ''
- #! ${pkgs.bash}/bin/bash
- export PATH=${makeSearchPath "bin" (with pkgs; [
- tmux
- gnugrep
- weechat
- ])}
- if tmux list-sessions -F\#S | grep -q '^im''$'; then
- exec tmux attach -t im
- else
- exec tmux new -s im weechat
- fi
- '')
-
- # root
- cryptsetup
- ntp # ntpate
-
- # tv
- bc
- bind # dig
- file
- gitAndTools.qgit
- gnupg21
- haskellPackages.hledger
- htop
- jq
- manpages
- mkpasswd
- mpv
- netcat
- nix-repl
- nmap
- p7zip
- pavucontrol
- posix_man_pages
- qrencode
- sxiv
- texLive
- tmux
- tvpkgs.dic
- zathura
-
- #ack
- #apache-httpd
- #ascii
- #emacs
- #es
- #esniper
- #gcc
- #gptfdisk
- #graphviz
- #haskellPackages.cabal2nix
- #haskellPackages.ghc
- #haskellPackages.shake
- #hdparm
- #i7z
- #iftop
- #imagemagick
- #inotifyTools
- #iodine
- #iotop
- #lshw
- #lsof
- #minicom
- #mtools
- #ncmpc
- #neovim
- #nethogs
- #nix-prefetch-scripts #cvs bug
- #openssl
- #openswan
- #parted
- #perl
- #powertop
- #ppp
- #proot
- #pythonPackages.arandr
- #pythonPackages.youtube-dl
- #racket
- #rxvt_unicode-with-plugins
- #scrot
- #sec
- #silver-searcher
- #sloccount
- #smartmontools
- #socat
- #sshpass
- #strongswan
- #sysdig
- #sysstat
- #tcpdump
- #tlsdate
- #unetbootin
- #utillinuxCurses
- #wvdial
- #xdotool
- #xkill
- #xl2tpd
- #xsel
- ];
- }
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "http"
- "tinc"
- "smtp"
- ];
- };
- }
- {
- krebs.nginx = {
- enable = true;
- servers.default.locations = [
- (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
- alias /home/$1/public_html$2;
- '')
- ];
- };
- }
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "gum"
- "pigstarter"
- ];
- };
- }
- {
- users.extraGroups = {
- tv.gid = 1337;
- slaves.gid = 3799582008; # genid slaves
- };
-
- users.extraUsers =
- mapAttrs (name: user@{ extraGroups ? [], ... }: user // {
- inherit name;
- home = "/home/${name}";
- createHome = true;
- useDefaultShell = true;
- group = "tv";
- extraGroups = ["slaves"] ++ extraGroups;
- }) {
- ff = {
- uid = 13378001;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- cr = {
- uid = 13378002;
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- fa = {
- uid = 2300001;
- };
-
- rl = {
- uid = 2300002;
- };
-
- tief = {
- uid = 2300702;
- };
-
- btc-bitcoind = {
- uid = 2301001;
- };
-
- btc-electrum = {
- uid = 2301002;
- };
-
- ltc-litecoind = {
- uid = 2301101;
- };
-
- eth = {
- uid = 2302001;
- };
-
- emse-hsdb = {
- uid = 4200101;
- };
-
- wine = {
- uid = 13370400;
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- df = {
- uid = 13370401;
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- xr = {
- uid = 13370061;
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- "23" = {
- uid = 13370023;
- };
-
- electrum = {
- uid = 13370102;
- };
-
- skype = {
- uid = 6660001;
- extraGroups = [
- "audio"
- ];
- };
-
- onion = {
- uid = 6660010;
- };
-
- zalora = {
- uid = 1000301;
- extraGroups = [
- "audio"
- # TODO remove vboxusers when hardening is active
- "vboxusers"
- "video"
- ];
- };
- };
-
- security.sudo.extraConfig =
- let
- isSlave = u: elem "slaves" u.extraGroups;
- masterOf = u: u.group;
- slaves = filterAttrs (_: isSlave) config.users.extraUsers;
- toSudoers = u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL";
- in
- concatMapStringsSep "\n" toSudoers (attrValues slaves);
- }
- ];
-
- boot.initrd.luks = {
- cryptoModules = [ "aes" "sha512" "xts" ];
- devices = [
- { name = "home"; device = "/dev/vg840/enchome"; preLVM = false; }
- ];
- };
-
- fileSystems = {
- "/" = {
- device = "/dev/mapper/vg840-wuroot";
- fsType = "btrfs";
- options = "defaults,noatime,ssd,compress=lzo";
- };
- "/home" = {
- device = "/dev/mapper/home";
- options = "defaults,noatime,ssd,compress=lzo";
- };
- "/boot" = {
- device = "/dev/sda1";
- };
- "/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = "nosuid,nodev,noatime";
- };
- };
-
- nixpkgs.config.chromium.enablePepperFlash = true;
-
- nixpkgs.config.allowUnfree = true;
- hardware.bumblebee.enable = true;
- hardware.bumblebee.group = "video";
- hardware.enableAllFirmware = true;
- hardware.opengl.driSupport32Bit = true;
- hardware.pulseaudio.enable = true;
-
- environment.systemPackages = with pkgs; [
- xlibs.fontschumachermisc
- slock
- ethtool
- #firefoxWrapper # with plugins
- #chromiumDevWrapper
- tinc
- iptables
- #jack2
- ];
-
- security.setuidPrograms = [
- "sendmail" # for cron
- "slock"
- ];
-
- services.printing.enable = true;
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
- # see tmpfiles.d(5)
- systemd.tmpfiles.rules = [
- "d /tmp 1777 root root - -" # does this work with mounted /tmp?
- ];
-
- virtualisation.libvirtd.enable = true;
-
- networking.extraHosts = ''
- 192.168.1.1 wrt.gg23 wrt
- 192.168.1.11 mors.gg23
- 192.168.1.12 uriel.gg23
- 192.168.1.23 raspi.gg23 raspi
- 192.168.1.37 wu.gg23
- 192.168.1.111 nomic.gg23
- 192.168.1.124 schnabeldrucker.gg23 schnabeldrucker
- '';
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0"
- SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0"
-
- # for jack
- KERNEL=="rtc0", GROUP="audio"
- KERNEL=="hpet", GROUP="audio"
- '';
-
- services.bitlbee.enable = true;
- services.tor.client.enable = true;
- services.tor.enable = true;
- services.virtualboxHost.enable = true;
-
- # TODO w110er if xserver is enabled
- services.xserver.vaapiDrivers = [ pkgs.vaapiIntel ];
-}