diff options
author | lassulus <lass@aidsballs.de> | 2015-07-28 15:29:59 +0200 |
---|---|---|
committer | lassulus <lass@aidsballs.de> | 2015-07-28 15:29:59 +0200 |
commit | b5d5b75d7d6dcc42f69418e6a454a64502fa6aee (patch) | |
tree | 3e3a83c1252e8600b580f858b55e05591212e05a /1systems/tv | |
parent | 6167afb8b5f5e06a51745b71a47b6b0339aa0e99 (diff) | |
parent | 03e03a7cbda232d1e8581231aefe632072665194 (diff) |
Merge branch 'tv' into master
Diffstat (limited to '1systems/tv')
-rw-r--r-- | 1systems/tv/cd.nix | 127 | ||||
-rw-r--r-- | 1systems/tv/mkdir.nix | 67 | ||||
-rw-r--r-- | 1systems/tv/nomic.nix | 100 | ||||
-rw-r--r-- | 1systems/tv/rmdir.nix | 68 | ||||
-rw-r--r-- | 1systems/tv/wu.nix | 432 |
5 files changed, 0 insertions, 794 deletions
diff --git a/1systems/tv/cd.nix b/1systems/tv/cd.nix deleted file mode 100644 index 6913508b5..000000000 --- a/1systems/tv/cd.nix +++ /dev/null @@ -1,127 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - Zpkgs = import ../../Zpkgs/tv { inherit pkgs; }; -in - -{ - krebs.build.host = config.krebs.hosts.cd; - - imports = [ - ../../2configs/tv/CAC-Developer-2.nix - ../../2configs/tv/CAC-CentOS-7-64bit.nix - ../../2configs/tv/base.nix - ../../2configs/tv/consul-server.nix - ../../2configs/tv/exim-smarthost.nix - ../../2configs/tv/git.nix - { - imports = [ ../../2configs/tv/charybdis.nix ]; - tv.charybdis = { - enable = true; - sslCert = ../../Zcerts/charybdis_cd.crt.pem; - }; - } - { - tv.ejabberd = { - enable = true; - hosts = [ "jabber.viljetic.de" ]; - }; - } - { - krebs.github-hosts-sync.enable = true; - tv.iptables.input-internet-accept-new-tcp = - singleton config.krebs.github-hosts-sync.port; - } - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "ssh" - "tinc" - "smtp" - "xmpp-client" - "xmpp-server" - ]; - input-retiolum-accept-new-tcp = [ - "http" - ]; - }; - } - { - tv.iptables.input-internet-accept-new-tcp = singleton "http"; - krebs.nginx.servers.cgit.server-names = singleton "cgit.cd.viljetic.de"; - } - { - # TODO make public_html also available to cd, cd.retiolum (AKA default) - tv.iptables.input-internet-accept-new-tcp = singleton "http"; - krebs.nginx.servers.public_html = { - server-names = singleton "cd.viljetic.de"; - locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - ''); - }; - } - { - krebs.nginx.servers.viljetic = { - server-names = singleton "viljetic.de"; - # TODO directly set root (instead via location) - locations = singleton (nameValuePair "/" '' - root ${Zpkgs.viljetic-pages}; - ''); - }; - } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "fastpoke" - "pigstarter" - "ire" - ]; - }; - } - ]; - - networking.interfaces.enp2s1.ip4 = [ - { - address = "162.219.7.216"; - prefixLength = 24; - } - ]; - networking.defaultGateway = "162.219.7.1"; - networking.nameservers = [ - "8.8.8.8" - ]; - - environment.systemPackages = with pkgs; [ - git # required for ./deploy, clone_or_update - htop - iftop - iotop - iptables - mutt # for mv - nethogs - rxvt_unicode.terminfo - tcpdump - ]; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - users.extraUsers = { - mv = { - uid = 1338; - group = "users"; - home = "/home/mv"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.mv.pubkey - ]; - }; - }; -} diff --git a/1systems/tv/mkdir.nix b/1systems/tv/mkdir.nix deleted file mode 100644 index 7542ad0ce..000000000 --- a/1systems/tv/mkdir.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -{ - krebs.build.host = config.krebs.hosts.mkdir; - - imports = [ - ../../2configs/tv/CAC-Developer-1.nix - ../../2configs/tv/CAC-CentOS-7-64bit.nix - ../../2configs/tv/base.nix - ../../2configs/tv/consul-server.nix - ../../2configs/tv/exim-smarthost.nix - ../../2configs/tv/git.nix - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "ssh" - "tinc" - "smtp" - ]; - input-retiolum-accept-new-tcp = [ - "http" - ]; - }; - } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "cd" - "fastpoke" - "pigstarter" - "ire" - ]; - }; - } - ]; - - networking.interfaces.enp2s1.ip4 = [ - { - address = "162.248.167.241"; # TODO - prefixLength = 24; - } - ]; - networking.defaultGateway = "162.248.167.1"; - networking.nameservers = [ - "8.8.8.8" - ]; - - environment.systemPackages = with pkgs; [ - git # required for ./deploy, clone_or_update - htop - iftop - iotop - iptables - nethogs - rxvt_unicode.terminfo - tcpdump - ]; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; -} diff --git a/1systems/tv/nomic.nix b/1systems/tv/nomic.nix deleted file mode 100644 index cd6e02596..000000000 --- a/1systems/tv/nomic.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -{ - krebs.build.host = config.krebs.hosts.nomic; - - imports = [ - ../../2configs/tv/AO753.nix - ../../2configs/tv/base.nix - ../../2configs/tv/consul-server.nix - ../../2configs/tv/exim-retiolum.nix - ../../2configs/tv/git.nix - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "ssh" - "http" - "tinc" - "smtp" - ]; - }; - } - { - krebs.nginx = { - enable = true; - servers.default.locations = [ - (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - '') - ]; - }; - } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "gum" - "pigstarter" - ]; - }; - } - ]; - - boot.initrd.luks = { - cryptoModules = [ "aes" "sha1" "xts" ]; - devices = [ - { - name = "luks1"; - device = "/dev/disk/by-uuid/cac73902-1023-4906-8e95-3a8b245337d4"; - } - ]; - }; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/de4780fc-0473-4708-81df-299b7383274c"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/be3a1d80-3157-4d7c-86cc-ef01b64eff5e"; - fsType = "ext4"; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/9db9c8ff-51da-4cbd-9f0a-0cd3333bbaff"; - fsType = "btrfs"; - }; - - swapDevices = [ ]; - - nix = { - buildCores = 2; - maxJobs = 2; - daemonIONiceLevel = 1; - daemonNiceLevel = 1; - }; - - # TODO base - boot.tmpOnTmpfs = true; - - environment.systemPackages = with pkgs; [ - (writeScriptBin "play" '' - #! /bin/sh - set -euf - mpv() { exec ${mpv}/bin/mpv "$@"; } - case $1 in - deepmix) mpv http://deepmix.ru/deepmix128.pls;; - groovesalad) mpv http://somafm.com/play/groovesalad;; - ntslive) mpv http://listen2.ntslive.co.uk/listen.pls;; - *) - echo "$0: bad argument: $*" >&2 - exit 23 - esac - '') - rxvt_unicode.terminfo - tmux - ]; -} diff --git a/1systems/tv/rmdir.nix b/1systems/tv/rmdir.nix deleted file mode 100644 index 9233014ba..000000000 --- a/1systems/tv/rmdir.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -{ - krebs.build.host = config.krebs.hosts.rmdir; - - imports = [ - ../../2configs/tv/CAC-Developer-1.nix - ../../2configs/tv/CAC-CentOS-7-64bit.nix - ../../2configs/tv/base.nix - ../../2configs/tv/consul-server.nix - ../../2configs/tv/exim-smarthost.nix - ../../2configs/tv/git.nix - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "ssh" - "tinc" - "smtp" - ]; - input-retiolum-accept-new-tcp = [ - "http" - ]; - }; - } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "cd" - "mkdir" - "fastpoke" - "pigstarter" - "ire" - ]; - }; - } - ]; - - networking.interfaces.enp2s1.ip4 = [ - { - address = "167.88.44.94"; - prefixLength = 24; - } - ]; - networking.defaultGateway = "167.88.44.1"; - networking.nameservers = [ - "8.8.8.8" - ]; - - environment.systemPackages = with pkgs; [ - git # required for ./deploy, clone_or_update - htop - iftop - iotop - iptables - nethogs - rxvt_unicode.terminfo - tcpdump - ]; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; -} diff --git a/1systems/tv/wu.nix b/1systems/tv/wu.nix deleted file mode 100644 index 37264635b..000000000 --- a/1systems/tv/wu.nix +++ /dev/null @@ -1,432 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - Zpkgs = import ../../Zpkgs/tv { inherit pkgs; }; -in - -{ - krebs.build.host = config.krebs.hosts.wu; - - imports = [ - ../../2configs/tv/w110er.nix - ../../2configs/tv/base.nix - ../../2configs/tv/consul-client.nix - ../../2configs/tv/exim-retiolum.nix - ../../2configs/tv/git.nix - ../../2configs/tv/mail-client.nix - ../../2configs/tv/xserver.nix - ../../2configs/tv/synaptics.nix # TODO w110er if xserver is enabled - ../../2configs/tv/urlwatch.nix - { - environment.systemPackages = with pkgs; [ - - # stockholm - git - gnumake - parallel - Zpkgs.genid - Zpkgs.hashPassword - Zpkgs.lentil - - # root - cryptsetup - ntp # ntpate - - # tv - bc - bind # dig - file - gitAndTools.qgit - gnupg21 - haskellPackages.hledger - htop - jq - manpages - mkpasswd - mpv - netcat - nix-repl - nmap - p7zip - pavucontrol - posix_man_pages - qrencode - sxiv - texLive - tmux - weechat - zathura - Zpkgs.dic - - #ack - #apache-httpd - #ascii - #emacs - #es - #esniper - #gcc - #gptfdisk - #graphviz - #haskellPackages.cabal2nix - #haskellPackages.ghc - #haskellPackages.shake - #hdparm - #i7z - #iftop - #imagemagick - #inotifyTools - #iodine - #iotop - #lshw - #lsof - #minicom - #mtools - #ncmpc - #neovim - #nethogs - #nix-prefetch-scripts #cvs bug - #openssl - #openswan - #parted - #perl - #powertop - #ppp - #proot - #pythonPackages.arandr - #pythonPackages.youtube-dl - #racket - #rxvt_unicode-with-plugins - #scrot - #sec - #silver-searcher - #sloccount - #smartmontools - #socat - #sshpass - #strongswan - #sysdig - #sysstat - #tcpdump - #tlsdate - #unetbootin - #utillinuxCurses - #wvdial - #xdotool - #xkill - #xl2tpd - #xsel - ]; - } - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "ssh" - "http" - "tinc" - "smtp" - ]; - }; - } - { - krebs.nginx = { - enable = true; - servers.default.locations = [ - (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - '') - ]; - }; - } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "gum" - "pigstarter" - ]; - }; - } - { - users.extraGroups = { - tv-sub.gid = 1337; - }; - - users.extraUsers = - mapAttrs (name: user: user // { - inherit name; - home = "/home/${name}"; - createHome = true; - useDefaultShell = true; - }) { - ff = { - uid = 13378001; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - ]; - }; - - cr = { - uid = 13378002; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - vimb = { - uid = 13378003; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - fa = { - uid = 2300001; - group = "tv-sub"; - }; - - rl = { - uid = 2300002; - group = "tv-sub"; - }; - - tief = { - uid = 2300702; - group = "tv-sub"; - }; - - btc-bitcoind = { - uid = 2301001; - group = "tv-sub"; - }; - - btc-electrum = { - uid = 2301002; - group = "tv-sub"; - }; - - ltc-litecoind = { - uid = 2301101; - group = "tv-sub"; - }; - - eth = { - uid = 2302001; - group = "tv-sub"; - }; - - emse-hsdb = { - uid = 4200101; - group = "tv-sub"; - }; - - wine = { - uid = 13370400; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - # dwarffortress - df = { - uid = 13370401; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - # XXX visudo: Warning: Runas_Alias `FTL' referenced but not defined - FTL = { - uid = 13370402; - #group = "tv-sub"; - extraGroups = [ - "audio" - "video" - "bumblebee" - ]; - }; - - freeciv = { - uid = 13370403; - group = "tv-sub"; - }; - - xr = { - uid = 13370061; - group = "tv-sub"; - extraGroups = [ - "audio" - "video" - ]; - }; - - "23" = { - uid = 13370023; - group = "tv-sub"; - }; - - electrum = { - uid = 13370102; - group = "tv-sub"; - }; - - Reaktor = { - uid = 4230010; - group = "tv-sub"; - }; - - gitolite = { - uid = 7700; - }; - - skype = { - uid = 6660001; - group = "tv-sub"; - extraGroups = [ - "audio" - ]; - }; - - onion = { - uid = 6660010; - group = "tv-sub"; - }; - - zalora = { - uid = 1000301; - group = "tv-sub"; - extraGroups = [ - "audio" - # TODO remove vboxusers when hardening is active - "vboxusers" - "video" - ]; - }; - }; - - security.sudo.extraConfig = - let - inherit (import ../../4lib/tv { inherit lib pkgs; }) - isSuffixOf; - - hasMaster = { group ? "", ... }: - isSuffixOf "-sub" group; - - masterOf = user : removeSuffix "-sub" user.group; - in - concatStringsSep "\n" - (map (u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL") - (filter hasMaster (attrValues config.users.extraUsers))); - } - ]; - - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "xts" ]; - devices = [ - { name = "home"; device = "/dev/vg840/enchome"; preLVM = false; } - ]; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/vg840-wuroot"; - fsType = "btrfs"; - options = "defaults,noatime,ssd,compress=lzo"; - }; - "/home" = { - device = "/dev/mapper/home"; - options = "defaults,noatime,ssd,compress=lzo"; - }; - "/boot" = { - device = "/dev/sda1"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = "nosuid,nodev,noatime"; - }; - }; - - nixpkgs.config.firefox.enableAdobeFlash = true; - nixpkgs.config.chromium.enablePepperFlash = true; - - nixpkgs.config.allowUnfree = true; - hardware.bumblebee.enable = true; - hardware.bumblebee.group = "video"; - hardware.enableAllFirmware = true; - hardware.opengl.driSupport32Bit = true; - hardware.pulseaudio.enable = true; - - environment.systemPackages = with pkgs; [ - xlibs.fontschumachermisc - slock - ethtool - #firefoxWrapper # with plugins - #chromiumDevWrapper - tinc - iptables - #jack2 - ]; - - security.setuidPrograms = [ - "sendmail" # for cron - "slock" - ]; - - services.printing.enable = true; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - - # see tmpfiles.d(5) - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" # does this work with mounted /tmp? - ]; - - virtualisation.libvirtd.enable = true; - - networking.extraHosts = '' - 192.168.1.1 wrt.gg23 wrt - 192.168.1.11 mors.gg23 - 192.168.1.12 uriel.gg23 - 192.168.1.23 raspi.gg23 raspi - 192.168.1.37 wu.gg23 - 192.168.1.111 nomic.gg23 - 192.168.1.124 schnabeldrucker.gg23 schnabeldrucker - ''; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0" - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0" - - # for jack - KERNEL=="rtc0", GROUP="audio" - KERNEL=="hpet", GROUP="audio" - ''; - - services.bitlbee.enable = true; - services.tor.client.enable = true; - services.tor.enable = true; - services.virtualboxHost.enable = true; - - # TODO w110er if xserver is enabled - services.xserver.vaapiDrivers = [ pkgs.vaapiIntel ]; -} |