diff options
| author | lassulus <lass@aidsballs.de> | 2015-08-17 14:42:50 +0200 |
|---|---|---|
| committer | lassulus <lass@aidsballs.de> | 2015-08-17 14:42:50 +0200 |
| commit | 4c39f3c1e54180214c55cf4d3fbfe63449a761b5 (patch) | |
| tree | 3281ff5928b1062181f37c55a002e3ff4cf143b1 | |
| parent | ca4f1e08d54b39623f716e4ff0a49aaa74acb206 (diff) | |
| parent | d5ffbf54cbef182d9e2865d75cb94b0713191149 (diff) | |
Merge branch 'makefu'
| -rw-r--r-- | krebs/3modules/default.nix | 165 | ||||
| -rw-r--r-- | makefu/2configs/disable_v6.nix | 4 | ||||
| -rw-r--r-- | makefu/2configs/sda-crypto-root.nix | 4 | ||||
| -rw-r--r-- | makefu/2configs/tp-x200.nix | 3 |
4 files changed, 126 insertions, 50 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a0d4f0157..f143e64b8 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -158,6 +158,27 @@ let type = types.hostname; default = "retiolum"; }; + zone-head-config = mkOption { + type = with types; attrsOf str; + description = '' + The zone configuration head which is being used to create the + zone files. The string for each key is pre-pended to the zone file. + ''; + # TODO: configure the default somewhere else, + # maybe use krebs.dns.providers + default = { + + # github.io -> 192.30.252.154 + "krebsco.de" = '' + $TTL 86400 + @ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400) + IN NS ns19.ovh.net. + IN NS dns19.ovh.net. + IN A 192.30.252.154 + IN A 192.30.252.153 + ''; + }; + }; }; imp = mkMerge [ @@ -181,46 +202,18 @@ let longs = providers.hosts; shorts = map (removeSuffix ".${cfg.search-domain}") longs; in - map (addr: "${addr} ${aliases}") net.addrs + map (addr: "${addr} ${aliases}") net.addrs ) host.nets ) cfg.hosts )); - # krebs.hosts.bob = rec { - # addrs4 = "10.0.0.1"; - # extraZones = { - # # extraZones - # "krebsco.de" = '' - # krebsco.de. IN MX 10 mx1 - # mx1 IN A ${addrs4} - # ''; - # "dickbutt.de" = '' - # dickbutt.de. IN NS ns - # ns IN A ${addrs4} - # '' - # } - # } - # krebs.hosts.khan = rec { - # addrs4 = "10.0.0.2"; - # extraZones = { - # "krebsco.de" = '' - # khan.krebsco.de IN A ${addrs4} - # }; - # } - # - # => - # "zone/krebsco.de".text = '' - # krebsco.de. IN MX 10 mx1 - # mx1 IN A 10.0.0.1 - # khan.krebsco.de IN A 10.0.0.2 - # ''; - - - environment.etc = mapAttrs' - (name: value: - nameValuePair (("zones/" + name)) ({ text=value;})) - cfg.hosts.pigstarter.extraZones; - } + # Implements environment.etc."zones/<zone-name>" + environment.etc = let + all-zones = foldAttrs (sum: current: sum + "\n" +current ) "" + ([cfg.zone-head-config] ++ combined-hosts) ; + combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts ); + in lib.mapAttrs' (name: value: nameValuePair (("zones/" + name)) ({ text=value; })) all-zones; + } ]; lass-imp = { @@ -346,7 +339,7 @@ let }; }; tsp = { - cores = 2; + cores = 1; dc = "makefu"; #x200 nets = { retiolum = { @@ -401,18 +394,57 @@ let }; }; }; + flap = rec { + cores = 1; + dc = "cac"; #vps + + extraZones = { + "krebsco.de" = '' + mediengewitter IN A ${elemAt nets.internet.addrs4 0} + flap IN A ${elemAt nets.internet.addrs4 0}''; + }; + nets = { + internet = { + addrs4 = ["162.248.11.162"]; + aliases = [ + "flap.internet" + ]; + }; + retiolum = { + addrs4 = ["10.243.211.172"]; + addrs6 = ["42:472a:3d01:bbe4:4425:567e:592b:065d"]; + aliases = [ + "flap.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy + 2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM + 8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn + 3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL + hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr + Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; pigstarter = rec { cores = 1; dc = "frontrange"; #vps extraZones = { - "de.krebsco" = '' - pigstarter.krebsco.de IN A ${elemAt nets.internet.addrs4 0} - krebsco.de. IN NS io - io IN A ${elemAt nets.internet.addrs4 0} - krebsco.de. IN MX 10 mx42 - mx42 IN A ${elemAt nets.internet.addrs4 0} - ''; + "krebsco.de" = '' + IN MX 10 mx42 + euer IN MX 1 aspmx.l.google.com. + io IN NS pigstarter.krebsco.de. + pigstarter IN A ${elemAt nets.internet.addrs4 0} + conf IN A ${elemAt nets.internet.addrs4 0} + gold IN A ${elemAt nets.internet.addrs4 0} + graph IN A ${elemAt nets.internet.addrs4 0} + tinc IN A ${elemAt nets.internet.addrs4 0} + boot IN A ${elemAt nets.internet.addrs4 0} + mx42 IN A ${elemAt nets.internet.addrs4 0}''; }; nets = { internet = { @@ -441,10 +473,46 @@ let }; }; }; + gum = rec { + cores = 1; + dc = "online.net"; #root-server + + extraZones = { + "krebsco.de" = '' + omo IN A ${elemAt nets.internet.addrs4 0} + gum IN A ${elemAt nets.internet.addrs4 0} + paste IN A ${elemAt nets.internet.addrs4 0}''; + }; + nets = { + internet = { + addrs4 = ["195.154.108.70"]; + aliases = [ + "gum.internet" + ]; + }; + retiolum = { + addrs4 = ["10.243.0.211"]; + addrs6 = ["42:f9f0:0000:0000:0000:0000:0000:70d2"]; + aliases = [ + "gum.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY + BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3 + i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7 + 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS + u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa + OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = addNames { makefu = { - mail = "root@tsp.retiolum"; + mail = "makefu@tsp.retiolum"; pubkey = readFile ../../Zpubkeys/makefu_arch.ssh.pub; }; }; @@ -455,15 +523,14 @@ let de.viljetic = "regfish"; }; hosts = addNames { - cd = { + cd = rec { cores = 2; dc = "tv"; #dc = "cac"; extraZones = { - "de.krebsco" = '' + "krebsco.de" = '' mx23 IN A ${elemAt nets.internet.addrs4 0} cd IN A ${elemAt nets.internet.addrs4 0} - krebsco.de. IN MX 5 mx23 - ''; + krebsco.de. IN MX 5 mx23''; }; nets = rec { internet = { diff --git a/makefu/2configs/disable_v6.nix b/makefu/2configs/disable_v6.nix new file mode 100644 index 000000000..37db172ef --- /dev/null +++ b/makefu/2configs/disable_v6.nix @@ -0,0 +1,4 @@ +{ + networking.enableIPv6 = false; + boot.kernelParams = [ "ipv6.disable=1" ]; +} diff --git a/makefu/2configs/sda-crypto-root.nix b/makefu/2configs/sda-crypto-root.nix index 0d979a0b8..54db87547 100644 --- a/makefu/2configs/sda-crypto-root.nix +++ b/makefu/2configs/sda-crypto-root.nix @@ -10,7 +10,7 @@ with lib; loader.grub.version =2; loader.grub.device = "/dev/sda"; - initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}]; + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; }; @@ -18,10 +18,12 @@ with lib; "/" = { device = "/dev/mapper/luksroot"; fsType = "ext4"; + options="defaults,discard"; }; "/boot" = { device = "/dev/disk/by-label/nixboot"; fsType = "ext4"; + options="defaults,discard"; }; }; } diff --git a/makefu/2configs/tp-x200.nix b/makefu/2configs/tp-x200.nix index 8d41d6806..2bbc75c20 100644 --- a/makefu/2configs/tp-x200.nix +++ b/makefu/2configs/tp-x200.nix @@ -17,6 +17,9 @@ with lib; hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; + zramSwap.enable = true; + zramSwap.numDevices = 2; + hardware.trackpoint.enable = true; hardware.trackpoint.sensitivity = 255; hardware.trackpoint.speed = 255; |