summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2015-08-07 12:53:02 +0200
committermakefu <github@syntax-fehler.de>2015-08-07 12:53:02 +0200
commit4d460eb95f398797df4d502be496a79481bdd809 (patch)
treeac7254fb32131fbd5be971639d6077c08db8d081
parent91a112c24294154be3b812e2b52e1c651d336aff (diff)
refactor pnp
-rw-r--r--makefu/1systems/pnp.nix45
-rw-r--r--makefu/2configs/graphite-standalone.nix1
-rw-r--r--makefu/2configs/graphite-web.nix24
-rw-r--r--makefu/2configs/tinc-basic-retiolum.nix14
-rw-r--r--makefu/2configs/vm-single-partition.nix20
5 files changed, 44 insertions, 60 deletions
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index a8df522f2..bc4c679b7 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -11,6 +11,8 @@
../2configs/base.nix
../2configs/cgit-retiolum.nix
../2configs/graphite-standalone.nix
+ ../2configs/vm-single-partition.nix
+ ../2configs/tinc-basic-retiolum.nix
];
krebs.build.host = config.krebs.hosts.pnp;
krebs.build.user = config.krebs.users.makefu;
@@ -21,50 +23,21 @@
url = https://github.com/NixOS/nixpkgs;
rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
};
- secrets = {
- url = "/home/makefu/secrets/${config.krebs.build.host.name}";
- };
- stockholm = {
- url = toString ../..;
- };
};
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.device = "/dev/vda";
-
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ];
- boot.kernelModules = [ ];
- boot.extraModulePackages = [ ];
- hardware.enableAllFirmware = true;
- hardware.cpu.amd.updateMicrocode = true;
-
networking.firewall.allowedTCPPorts = [
# nginx runs on 80
- 80
# graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp
- 8080 2003
- ];
+ 80
+ 8080 2003
+ ];
networking.firewall.allowedUDPPorts = [ 2003 ];
+
networking.firewall.rejectPackets = true;
networking.firewall.allowPing = true;
- fileSystems."/" =
- { device = "/dev/disk/by-label/nixos";
- fsType = "ext4";
- };
- krebs.retiolum = {
- enable = true;
- hosts = ../../Zhosts;
- connectTo = [
- "gum"
- "pigstarter"
- "fastpoke"
- ];
- };
-
# $ nix-env -qaP | grep wget
- environment.systemPackages = with pkgs; [
- jq
- ];
+ environment.systemPackages = with pkgs; [
+ jq
+ ];
}
diff --git a/makefu/2configs/graphite-standalone.nix b/makefu/2configs/graphite-standalone.nix
index 50c623ab9..8b70c11c8 100644
--- a/makefu/2configs/graphite-standalone.nix
+++ b/makefu/2configs/graphite-standalone.nix
@@ -5,6 +5,7 @@
with lib;
{
imports = [ ];
+
services.graphite = {
web = {
enable = true;
diff --git a/makefu/2configs/graphite-web.nix b/makefu/2configs/graphite-web.nix
deleted file mode 100644
index daa1d49a3..000000000
--- a/makefu/2configs/graphite-web.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-{
- imports = [ ];
- services.graphite = {
- web = {
- enable = true;
- host = "0.0.0.0";
- };
- carbon = {
- enableCache = true;
- storageSchemas = ''
- [carbon]
- pattern = ^carbon\.
- retentions = 60:90d
-
- [default]
- pattern = .*
- retentions = 60s:30d,300s:1y
- '';
- };
- };
-}
diff --git a/makefu/2configs/tinc-basic-retiolum.nix b/makefu/2configs/tinc-basic-retiolum.nix
new file mode 100644
index 000000000..cb1991bd6
--- /dev/null
+++ b/makefu/2configs/tinc-basic-retiolum.nix
@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+ krebs.retiolum = {
+ enable = true;
+ hosts = ../../Zhosts;
+ connectTo = [
+ "gum"
+ "pigstarter"
+ "fastpoke"
+ ];
+ };
+}
diff --git a/makefu/2configs/vm-single-partition.nix b/makefu/2configs/vm-single-partition.nix
new file mode 100644
index 000000000..78a5e7175
--- /dev/null
+++ b/makefu/2configs/vm-single-partition.nix
@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+# vda1 ext4 (label nixos) -> only root partition
+with lib;
+{
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.device = "/dev/vda";
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-label/nixos";
+ fsType = "ext4";
+ };
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+ hardware.cpu.amd.updateMicrocode = true;
+
+
+}