summaryrefslogtreecommitdiffstats
path: root/1systems/tv
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2015-07-28 15:29:59 +0200
committerlassulus <lass@aidsballs.de>2015-07-28 15:29:59 +0200
commitb5d5b75d7d6dcc42f69418e6a454a64502fa6aee (patch)
tree3e3a83c1252e8600b580f858b55e05591212e05a /1systems/tv
parent6167afb8b5f5e06a51745b71a47b6b0339aa0e99 (diff)
parent03e03a7cbda232d1e8581231aefe632072665194 (diff)
Merge branch 'tv' into master
Diffstat (limited to '1systems/tv')
-rw-r--r--1systems/tv/cd.nix127
-rw-r--r--1systems/tv/mkdir.nix67
-rw-r--r--1systems/tv/nomic.nix100
-rw-r--r--1systems/tv/rmdir.nix68
-rw-r--r--1systems/tv/wu.nix432
5 files changed, 0 insertions, 794 deletions
diff --git a/1systems/tv/cd.nix b/1systems/tv/cd.nix
deleted file mode 100644
index 6913508b5..000000000
--- a/1systems/tv/cd.nix
+++ /dev/null
@@ -1,127 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
- Zpkgs = import ../../Zpkgs/tv { inherit pkgs; };
-in
-
-{
- krebs.build.host = config.krebs.hosts.cd;
-
- imports = [
- ../../2configs/tv/CAC-Developer-2.nix
- ../../2configs/tv/CAC-CentOS-7-64bit.nix
- ../../2configs/tv/base.nix
- ../../2configs/tv/consul-server.nix
- ../../2configs/tv/exim-smarthost.nix
- ../../2configs/tv/git.nix
- {
- imports = [ ../../2configs/tv/charybdis.nix ];
- tv.charybdis = {
- enable = true;
- sslCert = ../../Zcerts/charybdis_cd.crt.pem;
- };
- }
- {
- tv.ejabberd = {
- enable = true;
- hosts = [ "jabber.viljetic.de" ];
- };
- }
- {
- krebs.github-hosts-sync.enable = true;
- tv.iptables.input-internet-accept-new-tcp =
- singleton config.krebs.github-hosts-sync.port;
- }
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "tinc"
- "smtp"
- "xmpp-client"
- "xmpp-server"
- ];
- input-retiolum-accept-new-tcp = [
- "http"
- ];
- };
- }
- {
- tv.iptables.input-internet-accept-new-tcp = singleton "http";
- krebs.nginx.servers.cgit.server-names = singleton "cgit.cd.viljetic.de";
- }
- {
- # TODO make public_html also available to cd, cd.retiolum (AKA default)
- tv.iptables.input-internet-accept-new-tcp = singleton "http";
- krebs.nginx.servers.public_html = {
- server-names = singleton "cd.viljetic.de";
- locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
- alias /home/$1/public_html$2;
- '');
- };
- }
- {
- krebs.nginx.servers.viljetic = {
- server-names = singleton "viljetic.de";
- # TODO directly set root (instead via location)
- locations = singleton (nameValuePair "/" ''
- root ${Zpkgs.viljetic-pages};
- '');
- };
- }
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "fastpoke"
- "pigstarter"
- "ire"
- ];
- };
- }
- ];
-
- networking.interfaces.enp2s1.ip4 = [
- {
- address = "162.219.7.216";
- prefixLength = 24;
- }
- ];
- networking.defaultGateway = "162.219.7.1";
- networking.nameservers = [
- "8.8.8.8"
- ];
-
- environment.systemPackages = with pkgs; [
- git # required for ./deploy, clone_or_update
- htop
- iftop
- iotop
- iptables
- mutt # for mv
- nethogs
- rxvt_unicode.terminfo
- tcpdump
- ];
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
- users.extraUsers = {
- mv = {
- uid = 1338;
- group = "users";
- home = "/home/mv";
- createHome = true;
- useDefaultShell = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.mv.pubkey
- ];
- };
- };
-}
diff --git a/1systems/tv/mkdir.nix b/1systems/tv/mkdir.nix
deleted file mode 100644
index 7542ad0ce..000000000
--- a/1systems/tv/mkdir.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- krebs.build.host = config.krebs.hosts.mkdir;
-
- imports = [
- ../../2configs/tv/CAC-Developer-1.nix
- ../../2configs/tv/CAC-CentOS-7-64bit.nix
- ../../2configs/tv/base.nix
- ../../2configs/tv/consul-server.nix
- ../../2configs/tv/exim-smarthost.nix
- ../../2configs/tv/git.nix
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "tinc"
- "smtp"
- ];
- input-retiolum-accept-new-tcp = [
- "http"
- ];
- };
- }
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "cd"
- "fastpoke"
- "pigstarter"
- "ire"
- ];
- };
- }
- ];
-
- networking.interfaces.enp2s1.ip4 = [
- {
- address = "162.248.167.241"; # TODO
- prefixLength = 24;
- }
- ];
- networking.defaultGateway = "162.248.167.1";
- networking.nameservers = [
- "8.8.8.8"
- ];
-
- environment.systemPackages = with pkgs; [
- git # required for ./deploy, clone_or_update
- htop
- iftop
- iotop
- iptables
- nethogs
- rxvt_unicode.terminfo
- tcpdump
- ];
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-}
diff --git a/1systems/tv/nomic.nix b/1systems/tv/nomic.nix
deleted file mode 100644
index cd6e02596..000000000
--- a/1systems/tv/nomic.nix
+++ /dev/null
@@ -1,100 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- krebs.build.host = config.krebs.hosts.nomic;
-
- imports = [
- ../../2configs/tv/AO753.nix
- ../../2configs/tv/base.nix
- ../../2configs/tv/consul-server.nix
- ../../2configs/tv/exim-retiolum.nix
- ../../2configs/tv/git.nix
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "http"
- "tinc"
- "smtp"
- ];
- };
- }
- {
- krebs.nginx = {
- enable = true;
- servers.default.locations = [
- (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
- alias /home/$1/public_html$2;
- '')
- ];
- };
- }
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "gum"
- "pigstarter"
- ];
- };
- }
- ];
-
- boot.initrd.luks = {
- cryptoModules = [ "aes" "sha1" "xts" ];
- devices = [
- {
- name = "luks1";
- device = "/dev/disk/by-uuid/cac73902-1023-4906-8e95-3a8b245337d4";
- }
- ];
- };
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/de4780fc-0473-4708-81df-299b7383274c";
- fsType = "btrfs";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/be3a1d80-3157-4d7c-86cc-ef01b64eff5e";
- fsType = "ext4";
- };
-
- fileSystems."/home" =
- { device = "/dev/disk/by-uuid/9db9c8ff-51da-4cbd-9f0a-0cd3333bbaff";
- fsType = "btrfs";
- };
-
- swapDevices = [ ];
-
- nix = {
- buildCores = 2;
- maxJobs = 2;
- daemonIONiceLevel = 1;
- daemonNiceLevel = 1;
- };
-
- # TODO base
- boot.tmpOnTmpfs = true;
-
- environment.systemPackages = with pkgs; [
- (writeScriptBin "play" ''
- #! /bin/sh
- set -euf
- mpv() { exec ${mpv}/bin/mpv "$@"; }
- case $1 in
- deepmix) mpv http://deepmix.ru/deepmix128.pls;;
- groovesalad) mpv http://somafm.com/play/groovesalad;;
- ntslive) mpv http://listen2.ntslive.co.uk/listen.pls;;
- *)
- echo "$0: bad argument: $*" >&2
- exit 23
- esac
- '')
- rxvt_unicode.terminfo
- tmux
- ];
-}
diff --git a/1systems/tv/rmdir.nix b/1systems/tv/rmdir.nix
deleted file mode 100644
index 9233014ba..000000000
--- a/1systems/tv/rmdir.nix
+++ /dev/null
@@ -1,68 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
- krebs.build.host = config.krebs.hosts.rmdir;
-
- imports = [
- ../../2configs/tv/CAC-Developer-1.nix
- ../../2configs/tv/CAC-CentOS-7-64bit.nix
- ../../2configs/tv/base.nix
- ../../2configs/tv/consul-server.nix
- ../../2configs/tv/exim-smarthost.nix
- ../../2configs/tv/git.nix
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "tinc"
- "smtp"
- ];
- input-retiolum-accept-new-tcp = [
- "http"
- ];
- };
- }
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "cd"
- "mkdir"
- "fastpoke"
- "pigstarter"
- "ire"
- ];
- };
- }
- ];
-
- networking.interfaces.enp2s1.ip4 = [
- {
- address = "167.88.44.94";
- prefixLength = 24;
- }
- ];
- networking.defaultGateway = "167.88.44.1";
- networking.nameservers = [
- "8.8.8.8"
- ];
-
- environment.systemPackages = with pkgs; [
- git # required for ./deploy, clone_or_update
- htop
- iftop
- iotop
- iptables
- nethogs
- rxvt_unicode.terminfo
- tcpdump
- ];
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-}
diff --git a/1systems/tv/wu.nix b/1systems/tv/wu.nix
deleted file mode 100644
index 37264635b..000000000
--- a/1systems/tv/wu.nix
+++ /dev/null
@@ -1,432 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
- Zpkgs = import ../../Zpkgs/tv { inherit pkgs; };
-in
-
-{
- krebs.build.host = config.krebs.hosts.wu;
-
- imports = [
- ../../2configs/tv/w110er.nix
- ../../2configs/tv/base.nix
- ../../2configs/tv/consul-client.nix
- ../../2configs/tv/exim-retiolum.nix
- ../../2configs/tv/git.nix
- ../../2configs/tv/mail-client.nix
- ../../2configs/tv/xserver.nix
- ../../2configs/tv/synaptics.nix # TODO w110er if xserver is enabled
- ../../2configs/tv/urlwatch.nix
- {
- environment.systemPackages = with pkgs; [
-
- # stockholm
- git
- gnumake
- parallel
- Zpkgs.genid
- Zpkgs.hashPassword
- Zpkgs.lentil
-
- # root
- cryptsetup
- ntp # ntpate
-
- # tv
- bc
- bind # dig
- file
- gitAndTools.qgit
- gnupg21
- haskellPackages.hledger
- htop
- jq
- manpages
- mkpasswd
- mpv
- netcat
- nix-repl
- nmap
- p7zip
- pavucontrol
- posix_man_pages
- qrencode
- sxiv
- texLive
- tmux
- weechat
- zathura
- Zpkgs.dic
-
- #ack
- #apache-httpd
- #ascii
- #emacs
- #es
- #esniper
- #gcc
- #gptfdisk
- #graphviz
- #haskellPackages.cabal2nix
- #haskellPackages.ghc
- #haskellPackages.shake
- #hdparm
- #i7z
- #iftop
- #imagemagick
- #inotifyTools
- #iodine
- #iotop
- #lshw
- #lsof
- #minicom
- #mtools
- #ncmpc
- #neovim
- #nethogs
- #nix-prefetch-scripts #cvs bug
- #openssl
- #openswan
- #parted
- #perl
- #powertop
- #ppp
- #proot
- #pythonPackages.arandr
- #pythonPackages.youtube-dl
- #racket
- #rxvt_unicode-with-plugins
- #scrot
- #sec
- #silver-searcher
- #sloccount
- #smartmontools
- #socat
- #sshpass
- #strongswan
- #sysdig
- #sysstat
- #tcpdump
- #tlsdate
- #unetbootin
- #utillinuxCurses
- #wvdial
- #xdotool
- #xkill
- #xl2tpd
- #xsel
- ];
- }
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "ssh"
- "http"
- "tinc"
- "smtp"
- ];
- };
- }
- {
- krebs.nginx = {
- enable = true;
- servers.default.locations = [
- (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
- alias /home/$1/public_html$2;
- '')
- ];
- };
- }
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "gum"
- "pigstarter"
- ];
- };
- }
- {
- users.extraGroups = {
- tv-sub.gid = 1337;
- };
-
- users.extraUsers =
- mapAttrs (name: user: user // {
- inherit name;
- home = "/home/${name}";
- createHome = true;
- useDefaultShell = true;
- }) {
- ff = {
- uid = 13378001;
- group = "tv-sub";
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- cr = {
- uid = 13378002;
- group = "tv-sub";
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- vimb = {
- uid = 13378003;
- group = "tv-sub";
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- fa = {
- uid = 2300001;
- group = "tv-sub";
- };
-
- rl = {
- uid = 2300002;
- group = "tv-sub";
- };
-
- tief = {
- uid = 2300702;
- group = "tv-sub";
- };
-
- btc-bitcoind = {
- uid = 2301001;
- group = "tv-sub";
- };
-
- btc-electrum = {
- uid = 2301002;
- group = "tv-sub";
- };
-
- ltc-litecoind = {
- uid = 2301101;
- group = "tv-sub";
- };
-
- eth = {
- uid = 2302001;
- group = "tv-sub";
- };
-
- emse-hsdb = {
- uid = 4200101;
- group = "tv-sub";
- };
-
- wine = {
- uid = 13370400;
- group = "tv-sub";
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- # dwarffortress
- df = {
- uid = 13370401;
- group = "tv-sub";
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- # XXX visudo: Warning: Runas_Alias `FTL' referenced but not defined
- FTL = {
- uid = 13370402;
- #group = "tv-sub";
- extraGroups = [
- "audio"
- "video"
- "bumblebee"
- ];
- };
-
- freeciv = {
- uid = 13370403;
- group = "tv-sub";
- };
-
- xr = {
- uid = 13370061;
- group = "tv-sub";
- extraGroups = [
- "audio"
- "video"
- ];
- };
-
- "23" = {
- uid = 13370023;
- group = "tv-sub";
- };
-
- electrum = {
- uid = 13370102;
- group = "tv-sub";
- };
-
- Reaktor = {
- uid = 4230010;
- group = "tv-sub";
- };
-
- gitolite = {
- uid = 7700;
- };
-
- skype = {
- uid = 6660001;
- group = "tv-sub";
- extraGroups = [
- "audio"
- ];
- };
-
- onion = {
- uid = 6660010;
- group = "tv-sub";
- };
-
- zalora = {
- uid = 1000301;
- group = "tv-sub";
- extraGroups = [
- "audio"
- # TODO remove vboxusers when hardening is active
- "vboxusers"
- "video"
- ];
- };
- };
-
- security.sudo.extraConfig =
- let
- inherit (import ../../4lib/tv { inherit lib pkgs; })
- isSuffixOf;
-
- hasMaster = { group ? "", ... }:
- isSuffixOf "-sub" group;
-
- masterOf = user : removeSuffix "-sub" user.group;
- in
- concatStringsSep "\n"
- (map (u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL")
- (filter hasMaster (attrValues config.users.extraUsers)));
- }
- ];
-
- boot.initrd.luks = {
- cryptoModules = [ "aes" "sha512" "xts" ];
- devices = [
- { name = "home"; device = "/dev/vg840/enchome"; preLVM = false; }
- ];
- };
-
- fileSystems = {
- "/" = {
- device = "/dev/mapper/vg840-wuroot";
- fsType = "btrfs";
- options = "defaults,noatime,ssd,compress=lzo";
- };
- "/home" = {
- device = "/dev/mapper/home";
- options = "defaults,noatime,ssd,compress=lzo";
- };
- "/boot" = {
- device = "/dev/sda1";
- };
- "/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = "nosuid,nodev,noatime";
- };
- };
-
- nixpkgs.config.firefox.enableAdobeFlash = true;
- nixpkgs.config.chromium.enablePepperFlash = true;
-
- nixpkgs.config.allowUnfree = true;
- hardware.bumblebee.enable = true;
- hardware.bumblebee.group = "video";
- hardware.enableAllFirmware = true;
- hardware.opengl.driSupport32Bit = true;
- hardware.pulseaudio.enable = true;
-
- environment.systemPackages = with pkgs; [
- xlibs.fontschumachermisc
- slock
- ethtool
- #firefoxWrapper # with plugins
- #chromiumDevWrapper
- tinc
- iptables
- #jack2
- ];
-
- security.setuidPrograms = [
- "sendmail" # for cron
- "slock"
- ];
-
- services.printing.enable = true;
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
- # see tmpfiles.d(5)
- systemd.tmpfiles.rules = [
- "d /tmp 1777 root root - -" # does this work with mounted /tmp?
- ];
-
- virtualisation.libvirtd.enable = true;
-
- networking.extraHosts = ''
- 192.168.1.1 wrt.gg23 wrt
- 192.168.1.11 mors.gg23
- 192.168.1.12 uriel.gg23
- 192.168.1.23 raspi.gg23 raspi
- 192.168.1.37 wu.gg23
- 192.168.1.111 nomic.gg23
- 192.168.1.124 schnabeldrucker.gg23 schnabeldrucker
- '';
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0"
- SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0"
-
- # for jack
- KERNEL=="rtc0", GROUP="audio"
- KERNEL=="hpet", GROUP="audio"
- '';
-
- services.bitlbee.enable = true;
- services.tor.client.enable = true;
- services.tor.enable = true;
- services.virtualboxHost.enable = true;
-
- # TODO w110er if xserver is enabled
- services.xserver.vaapiDrivers = [ pkgs.vaapiIntel ];
-}