Merge remote-tracking branch 'bobby/master'

10 files changed, 329 insertions, 0 deletions

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index ba1f425d9..65c1aa2ec 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -84,6 +84,7 @@ let
   imp = mkMerge [
     { krebs = import ./lass { inherit lib; }; }
     { krebs = import ./makefu { inherit lib; }; }
+    { krebs = import ./miefda { inherit lib; }; }
     { krebs = import ./mv { inherit lib; }; }
     { krebs = import ./shared { inherit lib; }; }
     { krebs = import ./tv { inherit lib; }; }
diff --git a/krebs/3modules/miefda/default.nix b/krebs/3modules/miefda/default.nix
new file mode 100644
index 000000000..8ecf898c5
--- /dev/null
+++ b/krebs/3modules/miefda/default.nix
@@ -0,0 +1,40 @@
+{ lib, ... }:
+
+with lib;
+
+{
+  hosts = addNames {
+    bobby = {
+      cores = 4;
+      dc = "miefda";
+      nets = {
+        retiolum = {
+          addrs4 = ["10.243.111.112"];
+          addrs6 = ["42:0:0:0:0:0:111:112"];
+          aliases = [
+            "bobby.retiolum"
+            "cgit.bobby.retiolum"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s
+            uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y
+            Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny
+            0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+
+            jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu
+            cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+      #ssh.privkey.path = <secrets/ssh.ed25519>;
+      #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro";
+    };
+  };
+  users = addNames {
+    miefda = {
+      mail = "miefda@miefda.de";
+      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVdNCks6mrItKHYIwgW3s+NINFhHqZtLPj3l6TJUWd93ZSuuI6P+Z/0m0G9Z4tWWaXWsOCnzMA2WOKcitBbLcaQxVypJfvmfoA5CVlh4/nf8NfvbMFkVIYPehxR7YoejfKOxPOCNC3248RiD8kqa4/5IF8qdqE+mRQUIZJXvN0jZZ+rGnYo5Z544O9JqsV+VjjOgK0Fchpxf/lC8dnBucIce7gUwi5npwsGQZgSDmRobBRFVDZag1abLFNZN2faI8uqzSlU6KRRapYV266Of7j3kmDokMan4szjP1EexmTWm+arwRiz9p0M5oKs6zofez0mOyF5ux02NB3XIhbJc8CfMjeA7PmSg4ZhghjlSjIOR+1mMIDiDVi6PNLw5atzvpyfYtpf5sWpdIpXCS0lyzIgasqW4gbAiWoFPv5A0mw0QI6UqlxQ8Pdm6R7P6yQxyknrxnvFGMQPiqgl21ssSNA9A+YRd4j0nATntzOeD1bxTZkyU4FtW++0hg3Ph6HiHLfPd9w70wPr7b0RITVnBcN2ZqIO+5NIqQYU801FCNXsTuBh0ueTsVTGJYySUGkmkHyH5spLYdr1Z5w+4W+HgbxPk40pyZJ18S0umL49igxR9NsniucFy1/jqqi0TiDIsHx6vsawFT1F2rq9ZtGaRcJL6Yfz0p+uZC5rc/nI+mMlQ== miefda@nixos";
+    };
+  };
+}
diff --git a/miefda/1systems/bobby.nix b/miefda/1systems/bobby.nix
new file mode 100644
index 000000000..d24595256
--- /dev/null
+++ b/miefda/1systems/bobby.nix
@@ -0,0 +1,102 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+
+      ../2configs/miefda.nix
+      ../2configs/tlp.nix
+      ../2configs/x220t.nix
+      ../2configs/hardware-configuration.nix
+      ../2configs/tinc-basic-retiolum.nix
+      ../2configs/git.nix
+    ];
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  # Define on which hard drive you want to install Grub.
+  boot.loader.grub.device = "/dev/sda";
+
+  networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # Select internationalisation properties.
+   i18n = {
+  #   consoleFont = "Lat2-Terminus16";
+     consoleKeyMap = "us";
+  #   defaultLocale = "en_US.UTF-8";
+   };
+
+  # Set your time zone.
+  time.timeZone = "Europe/Amsterdam";
+
+  # List packages installed in system profile. To search by name, run:
+  # $ nix-env -qaP | grep wget
+ environment.systemPackages = with pkgs; [
+     wget chromium 
+   ];
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+  services.xserver.layout = "us";
+  # services.xserver.xkbOptions = "eurosign:e";
+
+  # Enable the KDE Desktop Environment.
+  #services.xserver.displayManager.kdm.enable = true;
+   services.xserver.desktopManager = {
+       xfce.enable = true;
+       xterm.enable= false;
+   }; 
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+   users.extraUsers.miefda = {
+     isNormalUser = true;
+     initialPassword= "welcome";
+     uid = 1000;
+     extraGroups= [
+        "wheel" 
+     ];
+   };
+
+  # The NixOS release to be compatible with for stateful data such as databases.
+  system.stateVersion = "15.09";
+
+  
+  networking.hostName = config.krebs.build.host.name;
+
+  krebs = {
+    enable = true;
+    search-domain = "retiolum";
+    build = {
+      host = config.krebs.hosts.bobby;
+      user = config.krebs.users.miefda;
+      source = {
+        git.nixpkgs = {
+          url = https://github.com/Lassulus/nixpkgs;
+          rev = "363c8430f1efad8b03d5feae6b3a4f2fe7b29251";
+          target-path = "/var/src/nixpkgs";
+        };
+        dir.secrets = {
+          host = config.krebs.hosts.bobby;
+          path = "/home/miefda/secrets/${config.krebs.build.host.name}";
+        };
+        dir.stockholm = {
+          host = config.krebs.hosts.bobby;
+          path = "/home/miefda/gits/stockholm";
+        };
+      };
+    };
+  };
+}
diff --git a/miefda/2configs/git.nix b/miefda/2configs/git.nix
new file mode 100644
index 000000000..fec828f80
--- /dev/null
+++ b/miefda/2configs/git.nix
@@ -0,0 +1,87 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  out = {
+    krebs.git = {
+      enable = true;
+      root-title = "public repositories at ${config.krebs.build.host.name}";
+      root-desc = "keep calm and engage";
+      repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
+      rules = rules;
+    };
+
+    krebs.iptables.tables.filter.INPUT.rules = [
+      { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
+    ];
+  };
+
+  repos =
+    public-repos //
+    optionalAttrs config.krebs.build.host.secure restricted-repos;
+
+  rules = concatMap make-rules (attrValues repos);
+
+  public-repos = mapAttrs make-public-repo {
+    painload = {};
+    stockholm = {
+      desc = "take all the computers hostage, they'll love you!";
+    };
+    #wai-middleware-time = {};
+    #web-routes-wai-custom = {};
+    #go = {};
+    #newsbot-js = {};
+    #kimsufi-check = {};
+    #realwallpaper = {};
+  };
+
+  restricted-repos = mapAttrs make-restricted-repo (
+    {
+      brain = {
+        collaborators = with config.krebs.users; [ tv makefu ];
+      };
+    } //
+    import <secrets/repos.nix> { inherit config lib pkgs; }
+  );
+
+  make-public-repo = name: { desc ? null, ... }: {
+    inherit name desc;
+    public = true;
+    hooks = {
+      post-receive = pkgs.git-hooks.irc-announce {
+        # TODO make nick = config.krebs.build.host.name the default
+        nick = config.krebs.build.host.name;
+        channel = "#retiolum";
+        server = "cd.retiolum";
+        verbose = config.krebs.build.host.name == "bobby";
+      };
+    };
+  };
+
+  make-restricted-repo = name: { collaborators ? [], desc ? null, ... }: {
+    inherit name collaborators desc;
+    public = false;
+  };
+
+  make-rules =
+    with git // config.krebs.users;
+    repo:
+      singleton {
+        user = miefda;
+        repo = [ repo ];
+        perm = push "refs/*" [ non-fast-forward create delete merge ];
+      } ++
+      optional repo.public {
+        user = [ lass tv makefu uriel ];
+        repo = [ repo ];
+        perm = fetch;
+      } ++
+      optional (length (repo.collaborators or []) > 0) {
+        user = repo.collaborators;
+        repo = [ repo ];
+        perm = fetch;
+      };
+
+in out
diff --git a/miefda/2configs/hardware-configuration.nix b/miefda/2configs/hardware-configuration.nix
new file mode 100644
index 000000000..3eb1f43fe
--- /dev/null
+++ b/miefda/2configs/hardware-configuration.nix
@@ -0,0 +1,23 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "usb_storage" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/4db70ae3-1ff9-43d7-8fcc-83264761a0bb";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  nix.maxJobs = 4;
+}
diff --git a/miefda/2configs/miefda.nix b/miefda/2configs/miefda.nix
new file mode 100644
index 000000000..545987a68
--- /dev/null
+++ b/miefda/2configs/miefda.nix
@@ -0,0 +1,8 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+  
+  #networking.wicd.enable = true;
+
+}
diff --git a/miefda/2configs/tinc-basic-retiolum.nix b/miefda/2configs/tinc-basic-retiolum.nix
new file mode 100644
index 000000000..153b41d78
--- /dev/null
+++ b/miefda/2configs/tinc-basic-retiolum.nix
@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+  krebs.retiolum = {
+    enable = true;
+    hosts = ../../krebs/Zhosts;
+    connectTo = [
+      "gum"
+      "pigstarter"
+      "prism"
+      "ire"
+    ];
+  };
+}
diff --git a/miefda/2configs/tlp.nix b/miefda/2configs/tlp.nix
new file mode 100644
index 000000000..0e1bb0d6b
--- /dev/null
+++ b/miefda/2configs/tlp.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+  hardware.enableAllFirmware = true;
+  nixpkgs.config.allowUnfree = true;
+
+  hardware.cpu.intel.updateMicrocode = true;
+
+  zramSwap.enable = true;
+  zramSwap.numDevices = 2;
+
+  hardware.trackpoint = {
+    enable = true;
+    sensitivity = 220;
+    speed = 220;
+    emulateWheel = true;
+    };
+
+
+  services.tlp.enable = true;
+  services.tlp.extraConfig = ''
+  START_CHARGE_THRESH_BAT0=80
+  '';
+}
diff --git a/miefda/2configs/x220t.nix b/miefda/2configs/x220t.nix
new file mode 100644
index 000000000..bea84f796
--- /dev/null
+++ b/miefda/2configs/x220t.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+
+  services.xserver = {
+	xkbVariant = "altgr-intl";
+    videoDriver = "intel";
+   # vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
+    deviceSection = ''
+      Option "AccelMethod" "sna"
+    '';
+  };
+
+
+
+  services.xserver.displayManager.sessionCommands =''
+  xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1
+  xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2
+  xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5
+  # xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 8 200
+  '';
+
+  hardware.bluetooth.enable = true;
+
+
+}
diff --git a/miefda/5pkgs/default.nix b/miefda/5pkgs/default.nix
new file mode 100644
index 000000000..2eb33a153
--- /dev/null
+++ b/miefda/5pkgs/default.nix
@@ -0,0 +1 @@
+_:{}