summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2015-12-14 15:05:36 +0100
committerlassulus <lass@aidsballs.de>2015-12-14 15:05:36 +0100
commitd94784efbecbd437ec6268bb9bfca57a8088d6e8 (patch)
tree7806084d08adc5ffec4c3372fa9145a8d9df415e
parent9c1207a52825da2f7d9c55304f864d68055cedb8 (diff)
parent6f150af8acf2195188518bf53d0330da7a4bb8f8 (diff)
Merge remote-tracking branch 'gum/master'
-rw-r--r--krebs/3modules/makefu/default.nix25
-rw-r--r--krebs/3modules/retiolum.nix9
-rw-r--r--krebs/Zhosts/gum2
-rw-r--r--krebs/Zhosts/vbob9
-rw-r--r--krebs/Zpubkeys/makefu_vbob.ssh.pub1
-rw-r--r--makefu/1systems/gum.nix16
-rw-r--r--makefu/1systems/vbob.nix44
-rw-r--r--makefu/2configs/default.nix17
-rw-r--r--makefu/2configs/git/cgit-retiolum.nix9
-rw-r--r--makefu/2configs/tinc-basic-retiolum.nix1
10 files changed, 129 insertions, 4 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 037abbdfd..82a5635d2 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -84,6 +84,31 @@ with lib;
};
};
};
+
+ vbob = {
+ cores = 2;
+ dc = "makefu"; #vm local
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.1.91"];
+ addrs6 = ["42:0b2c:d90e:e717:03dd:9ac1:0000:a400"];
+ aliases = [
+ "vbob.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
+ 4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
+ AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
+ hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
+ Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
+ AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
+ -----END RSA PUBLIC KEY-----
+
+ '';
+ };
+ };
+ };
flap = rec {
cores = 1;
dc = "cac"; #vps
diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix
index 633642537..28ac67306 100644
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
@@ -50,6 +50,14 @@ let
'';
};
+ extraConfig = mkOption {
+ type = types.str;
+ default = "";
+ description = ''
+ Extra Configuration to be appended to tinc.conf
+ '';
+ };
+
tincPackage = mkOption {
type = types.package;
default = pkgs.tinc;
@@ -203,6 +211,7 @@ let
Interface = ${cfg.network}
${concatStrings (map (c : "ConnectTo = " + c + "\n") cfg.connectTo)}
PrivateKeyFile = /tmp/retiolum-rsa_key.priv
+ ${cfg.extraConfig}
EOF
# source: krebscode/painload/retiolum/scripts/tinc_setup/tinc-up
diff --git a/krebs/Zhosts/gum b/krebs/Zhosts/gum
index d43bb0d08..7a1a305d6 100644
--- a/krebs/Zhosts/gum
+++ b/krebs/Zhosts/gum
@@ -1,5 +1,7 @@
Address= 195.154.108.70
Address= 195.154.108.70 53
+Address= 195.154.108.70 21031
+
Subnet = 10.243.0.211
Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
diff --git a/krebs/Zhosts/vbob b/krebs/Zhosts/vbob
new file mode 100644
index 000000000..b233a46b0
--- /dev/null
+++ b/krebs/Zhosts/vbob
@@ -0,0 +1,9 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
+4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
+AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
+hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
+Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
+AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
+-----END RSA PUBLIC KEY-----
+Subnet = 10.243.1.91/32
diff --git a/krebs/Zpubkeys/makefu_vbob.ssh.pub b/krebs/Zpubkeys/makefu_vbob.ssh.pub
new file mode 100644
index 000000000..e5063aeb5
--- /dev/null
+++ b/krebs/Zpubkeys/makefu_vbob.ssh.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@nixos
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 75607aa46..417a020fa 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -14,14 +14,20 @@ in {
# ../2configs/iodined.nix
../2configs/git/cgit-retiolum.nix
../2configs/mattermost-docker.nix
+ ../2configs/nginx/euer.test.nix
];
+ nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
###### stable
krebs.build.target = "root@gum.krebsco.de";
krebs.build.host = config.krebs.hosts.gum;
-
+ krebs.retiolum.extraConfig = ''
+ ListenAddress = ${external-ip} 53
+ ListenAddress = ${external-ip} 655
+ ListenAddress = ${external-ip} 21031
+ '';
# Chat
environment.systemPackages = with pkgs;[
@@ -53,10 +59,18 @@ in {
80 443
# tinc
655
+ # tinc-shack
+ 21032
+ # tinc-retiolum
+ 21031
];
allowedUDPPorts = [
# tinc
655 53
+ # tinc-retiolum
+ 21031
+ # tinc-shack
+ 21032
];
};
interfaces.et0.ip4 = [{
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
new file mode 100644
index 000000000..4d8e8ced1
--- /dev/null
+++ b/makefu/1systems/vbob.nix
@@ -0,0 +1,44 @@
+#
+#
+#
+{ config, pkgs, ... }:
+
+{
+ krebs.build.host = config.krebs.hosts.vbob;
+ krebs.build.target = "root@10.10.10.220";
+ imports =
+ [ # Include the results of the hardware scan.
+ <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
+ ../2configs/main-laptop.nix #< base-gui
+
+ # environment
+ ../2configs/zsh-user.nix
+ ../2configs/virtualization.nix
+ ];
+ nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
+ environment.systemPackages = with pkgs;[
+ get
+ ];
+
+ networking.firewall.allowedTCPPorts = [
+ 25
+ 80
+ ];
+
+ krebs.retiolum = {
+ enable = true;
+ extraConfig = "Proxy = http global.proxy.alcatel-lucent.com 8000";
+ hosts = ../../krebs/Zhosts;
+ connectTo = [
+ "gum"
+ ];
+
+ };
+ networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000";
+ fileSystems."/media/share" = {
+ fsType = "vboxsf";
+ device = "share";
+ options = "rw,uid=9001,gid=9001";
+ };
+
+}
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 760c70789..519635281 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -80,7 +80,14 @@ with lib;
"d /tmp 1777 root root - -"
];
- environment.variables.EDITOR = mkForce "vim";
+ environment.variables = {
+ NIX_PATH = with config.krebs.build.source; with dir; with git;
+ mkForce (concatStringsSep ":" [
+ "nixpkgs=${nixpkgs.target-path}"
+ "${nixpkgs.target-path}"
+ ]);
+ EDITOR = mkForce "vim";
+ };
environment.systemPackages = with pkgs; [
jq
@@ -124,6 +131,14 @@ with lib;
services.cron.enable = false;
services.nscd.enable = false;
+ services.ntp.enable = false;
+ services.timesyncd.enable = true;
+ services.ntp.servers = [
+ "pool.ntp.org"
+ "time.windows.com"
+ "time.apple.com"
+ "time.nist.gov"
+ ];
security.setuidPrograms = [ "sendmail" ];
services.journald.extraConfig = ''
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 304d39fcd..68fd976d6 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -24,6 +24,7 @@ let
connector-repos = mapAttrs make-priv-repo {
connector = { };
+ minikrebs = { };
mattermost = {
desc = "Mattermost Docker files";
};
@@ -42,7 +43,7 @@ let
hooks = {
post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;
- verbose = config.krebs.build.host.name == "pnp";
+ verbose = config.krebs.build.host.name == "gum";
channel = "#retiolum";
# TODO remove the hardcoded hostname
server = "cd.retiolum";
@@ -54,7 +55,7 @@ let
# TODO: get the list of all krebsministers
krebsminister = with config.krebs.users; [ lass tv uriel ];
- all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ];
+ all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob ];
all-exco = with config.krebs.users; [ exco ];
priv-rules = repo: set-owners repo all-makefu;
@@ -85,6 +86,10 @@ in {
name = "makefu-omo" ;
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub;
};
+ makefu-vbob = {
+ name = "makefu-vbob" ;
+ pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_vbob.ssh.pub;
+ };
makefu-tsp = {
name = "makefu-tsp" ;
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;
diff --git a/makefu/2configs/tinc-basic-retiolum.nix b/makefu/2configs/tinc-basic-retiolum.nix
index fd6d1683d..2abf4f188 100644
--- a/makefu/2configs/tinc-basic-retiolum.nix
+++ b/makefu/2configs/tinc-basic-retiolum.nix
@@ -9,6 +9,7 @@ with lib;
"gum"
"pigstarter"
"fastpoke"
+ "ire"
];
};
}