summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2015-08-13 22:36:07 +0200
committerlassulus <lass@aidsballs.de>2015-08-13 22:36:07 +0200
commitcc1baf4d385e45b8c9f0509c04e8883f48ade6ae (patch)
tree9eb6a04cdb91414d662409e7f8b3b2e396f92895
parentdbd69c4e956bc1c88b379c273a5ea5b4ceea8813 (diff)
parentdb4b55527d527158bd4e7f93128668e646f2cf1f (diff)
Merge branch 'tv' into newmaster
-rw-r--r--Makefile4
-rw-r--r--Zpubkeys/makefu_tsp.ssh.pub1
-rw-r--r--krebs/3modules/default.nix147
-rw-r--r--krebs/3modules/exim-retiolum.nix (renamed from tv/2configs/exim-retiolum.nix)43
-rw-r--r--krebs/4lib/types.nix7
-rw-r--r--krebs/5pkgs/cac.nix38
-rw-r--r--krebs/5pkgs/default.nix1
-rw-r--r--makefu/1systems/pnp.nix48
-rw-r--r--makefu/1systems/tsp.nix37
-rw-r--r--makefu/2configs/base-gui.nix57
-rw-r--r--makefu/2configs/base.nix30
-rw-r--r--makefu/2configs/cgit-retiolum.nix10
-rw-r--r--makefu/2configs/graphite-standalone.nix34
-rw-r--r--makefu/2configs/sda-crypto-root.nix27
-rw-r--r--makefu/2configs/tinc-basic-retiolum.nix14
-rw-r--r--makefu/2configs/tp-x200.nix28
-rw-r--r--makefu/2configs/vim.nix119
-rw-r--r--makefu/2configs/vm-single-partition.nix20
-rw-r--r--tv/1systems/nomic.nix4
-rw-r--r--tv/1systems/wu.nix5
-rw-r--r--tv/2configs/git.nix3
21 files changed, 609 insertions, 68 deletions
diff --git a/Makefile b/Makefile
index ca828fd2b..54656e9e1 100644
--- a/Makefile
+++ b/Makefile
@@ -25,7 +25,7 @@ deploy:;@
eval:
@
ifeq ($(filter),json)
- extraArgs=--json
+ extraArgs='--json --strict'
filter() { jq -r .; }
else
filter() { cat; }
@@ -33,8 +33,6 @@ endif
NIX_PATH=stockholm=$$PWD:$$NIX_PATH \
nix-instantiate \
$${extraArgs-} \
- $${json+--json} \
- $${json+--strict} \
--eval \
-A "$$get" \
'<stockholm>' \
diff --git a/Zpubkeys/makefu_tsp.ssh.pub b/Zpubkeys/makefu_tsp.ssh.pub
new file mode 100644
index 000000000..9a9c9b6f8
--- /dev/null
+++ b/Zpubkeys/makefu_tsp.ssh.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 668d66ccf..9ad9c9f91 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -6,6 +6,7 @@ let
out = {
imports = [
+ ./exim-retiolum.nix
./github-hosts-sync.nix
./git.nix
./nginx.nix
@@ -55,7 +56,7 @@ let
--exclude .git \
--exclude .graveyard \
--exclude old \
- --rsync-path="mkdir -p \"$dst\" && rsync" \
+ --rsync-path="mkdir -p \"$2\" && rsync" \
--usermap=\*:0 \
--groupmap=\*:0 \
--delete-excluded \
@@ -164,7 +165,7 @@ let
{ krebs = tv-imp; }
{
krebs.dns.providers = {
- de.krebsco = "ovh";
+ de.krebsco = "zones";
internet = "hosts";
retiolum = "hosts";
};
@@ -183,7 +184,42 @@ let
) host.nets
) cfg.hosts
));
- }
+
+ # krebs.hosts.bob = rec {
+ # addrs4 = "10.0.0.1";
+ # extraZones = {
+ # # extraZones
+ # "krebsco.de" = ''
+ # krebsco.de. IN MX 10 mx1
+ # mx1 IN A ${addrs4}
+ # '';
+ # "dickbutt.de" = ''
+ # dickbutt.de. IN NS ns
+ # ns IN A ${addrs4}
+ # ''
+ # }
+ # }
+ # krebs.hosts.khan = rec {
+ # addrs4 = "10.0.0.2";
+ # extraZones = {
+ # "krebsco.de" = ''
+ # khan.krebsco.de IN A ${addrs4}
+ # };
+ # }
+ #
+ # =>
+ # "zone/krebsco.de".text = ''
+ # krebsco.de. IN MX 10 mx1
+ # mx1 IN A 10.0.0.1
+ # khan.krebsco.de IN A 10.0.0.2
+ # '';
+
+
+ environment.etc = mapAttrs'
+ (name: value:
+ nameValuePair (("zones/" + name)) ({ text=value;}))
+ cfg.hosts.pigstarter.extraZones;
+ }
];
lass-imp = {
@@ -306,10 +342,106 @@ let
};
};
};
+ tsp = {
+ cores = 2;
+ dc = "makefu"; #x200
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.0.212"];
+ addrs6 = ["42:f9f1:0000:0000:0000:0000:0000:0002"];
+ aliases = [
+ "tsp.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
+ HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
+ mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
+ n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
+ R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
+ Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
+ aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
+ ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
+ KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
+ XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
+ teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ pornocauster = {
+ cores = 2;
+ dc = "makefu"; #x220
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.0.91"];
+ addrs6 = ["42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"];
+ aliases = [
+ "pornocauster.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
+ HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
+ mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
+ n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
+ R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
+ Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
+ aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
+ ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
+ KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
+ XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
+ teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ pigstarter = rec {
+ cores = 1;
+ dc = "frontrange"; #vps
+
+ extraZones = {
+ "de.krebsco" = ''
+ pigstarter.krebsco.de IN A ${elemAt nets.internet.addrs4 0}
+ krebsco.de. IN NS io
+ io IN A ${elemAt nets.internet.addrs4 0}
+ krebsco.de. IN MX 10 mx42
+ mx42 IN A ${elemAt nets.internet.addrs4 0}
+ '';
+ };
+ nets = {
+ internet = {
+ addrs4 = ["192.40.56.122"];
+ addrs6 = ["2604:2880::841f:72c"];
+ aliases = [
+ "pigstarter.internet"
+ ];
+ };
+ retiolum = {
+ addrs4 = ["10.243.0.153"];
+ addrs6 = ["42:9143:b4c0:f981:6030:7aa2:8bc5:4110"];
+ aliases = [
+ "pigstarter.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA/efJuJRLUIZROe3QE8WYTD/zyNGRh9I2/yw+5It9HSNVDMIOV1FZ
+ 9PaspsC+YQSBUQRN8SJ95G4RM6TIn/+ei7LiUYsf1Ik+uEOpP5EPthXqvdJEeswv
+ 3QFwbpBeOMNdvmGvQLeR1uJKVyf39iep1wWGOSO1sLtUA+skUuN38QKc1BPASzFG
+ 4ATM6rd2Tkt8+9hCeoePJdLr3pXat9BBuQIxImgx7m5EP02SH1ndb2wttQeAi9cE
+ DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv
+ sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
};
users = addNames {
makefu = {
- mail = "root@euer.krebsco.de";
+ mail = "root@tsp.retiolum";
pubkey = readFile ../../Zpubkeys/makefu_arch.ssh.pub;
};
};
@@ -323,6 +455,13 @@ let
cd = {
cores = 2;
dc = "tv"; #dc = "cac";
+ extraZones = {
+ "de.krebsco" = ''
+ mx23 IN A ${elemAt nets.internet.addrs4 0}
+ cd IN A ${elemAt nets.internet.addrs4 0}
+ krebsco.de. IN MX 5 mx23
+ '';
+ };
nets = rec {
internet = {
addrs4 = ["162.219.7.216"];
diff --git a/tv/2configs/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix
index 851a0c625..e1315d8c8 100644
--- a/tv/2configs/exim-retiolum.nix
+++ b/krebs/3modules/exim-retiolum.nix
@@ -1,15 +1,27 @@
-{ config, pkgs, ... }:
-
-{
- services.exim =
- # This configuration makes only sense for retiolum-enabled hosts.
- # TODO modular configuration
- assert config.krebs.retiolum.enable;
- let
- # TODO get the hostname from config.krebs.retiolum.
- retiolumHostname = "${config.networking.hostName}.retiolum";
- in
- { enable = true;
+{ config, pkgs, lib, ... }:
+
+with builtins;
+with lib;
+let
+ cfg = config.krebs.exim-retiolum;
+
+ out = {
+ options.krebs.exim-retiolum = api;
+ config =
+ mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "krebs.exim-retiolum";
+ };
+
+ imp = {
+ services.exim =
+ # This configuration makes only sense for retiolum-enabled hosts.
+ # TODO modular configuration
+ assert config.krebs.retiolum.enable;
+ {
+ enable = true;
config = ''
primary_hostname = ${retiolumHostname}
domainlist local_domains = @ : localhost
@@ -123,4 +135,9 @@
begin authenticators
'';
};
-}
+ };
+
+ # TODO get the hostname from somewhere else.
+ retiolumHostname = "${config.networking.hostName}.retiolum";
+in
+out
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index 92410dd58..f767d20fe 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -20,6 +20,13 @@ types // rec {
type = attrsOf net;
apply = x: assert hasAttr "retiolum" x; x;
};
+
+ extraZones = mkOption {
+ default = {};
+ # TODO: string is either MX, NS, A or AAAA
+ type = with types; attrsOf string;
+ };
+
secure = mkOption {
type = bool;
default = false;
diff --git a/krebs/5pkgs/cac.nix b/krebs/5pkgs/cac.nix
new file mode 100644
index 000000000..eff523048
--- /dev/null
+++ b/krebs/5pkgs/cac.nix
@@ -0,0 +1,38 @@
+{ stdenv, fetchgit, coreutils, curl, gnused, jq, ncurses, sshpass, ... }:
+
+stdenv.mkDerivation {
+ name = "cac";
+
+ src = fetchgit {
+ url = http://cgit.cd.retiolum/cac;
+ rev = "f4589158572ab35969b9bccf801ea07e115705e1";
+ sha256 = "9d761cd1d7ff68507392cbfd6c3f6000ddff9cc540293da2b3c4ee902321fb27";
+ };
+
+ phases = [
+ "unpackPhase"
+ "installPhase"
+ ];
+
+ installPhase =
+ let
+ path = stdenv.lib.makeSearchPath "bin" [
+ coreutils
+ curl
+ gnused
+ jq
+ ncurses
+ sshpass
+ ];
+ in
+ ''
+ mkdir -p $out/bin
+
+ sed \
+ 's,^\( true) \)\(cac "$@";;\)$,\1 PATH=${path}${PATH+:$PATH} \2,' \
+ < ./cac \
+ > $out/bin/cac
+
+ chmod +x $out/bin/cac
+ '';
+}
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index 231fda797..5de84f66c 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -6,6 +6,7 @@ in
pkgs //
{
+ cac = callPackage ./cac.nix {};
dic = callPackage ./dic.nix {};
genid = callPackage ./genid.nix {};
github-hosts-sync = callPackage ./github-hosts-sync.nix {};
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index 549658983..6693dc066 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -10,6 +10,9 @@
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/base.nix
../2configs/cgit-retiolum.nix
+ ../2configs/graphite-standalone.nix
+ ../2configs/vm-single-partition.nix
+ ../2configs/tinc-basic-retiolum.nix
];
krebs.build.host = config.krebs.hosts.pnp;
krebs.build.user = config.krebs.users.makefu;
@@ -20,45 +23,14 @@
url = https://github.com/NixOS/nixpkgs;
rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
};
- secrets = {
- url = "/home/makefu/secrets/${config.krebs.build.host.name}";
- };
- stockholm = {
- url = toString ../..;
- };
};
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.device = "/dev/vda";
-
- boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ];
- boot.kernelModules = [ ];
- boot.extraModulePackages = [ ];
- hardware.enableAllFirmware = true;
- hardware.cpu.amd.updateMicrocode = true;
+ networking.firewall.allowedTCPPorts = [
+ # nginx runs on 80
+ # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp
+ 80
+ 8080 2003
+ ];
+ networking.firewall.allowedUDPPorts = [ 2003 ];
-# networking.firewall is enabled by default
- networking.firewall.allowedTCPPorts = [ 80 ];
- networking.firewall.rejectPackets = true;
- networking.firewall.allowPing = true;
-
- fileSystems."/" =
- { device = "/dev/disk/by-label/nixos";
- fsType = "ext4";
- };
- krebs.retiolum = {
- enable = true;
- hosts = ../../Zhosts;
- connectTo = [
- "gum"
- "pigstarter"
- "fastpoke"
- ];
- };
-
-# $ nix-env -qaP | grep wget
- environment.systemPackages = with pkgs; [
- jq
- ];
}
diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix
new file mode 100644
index 000000000..6e93df51e
--- /dev/null
+++ b/makefu/1systems/tsp.nix
@@ -0,0 +1,37 @@
+#
+#
+#
+{ config, pkgs, ... }:
+
+{
+ imports =
+ [ # Include the results of the hardware scan.
+ ../2configs/base.nix
+ ../2configs/base-gui.nix
+ ../2configs/tinc-basic-retiolum.nix
+ ../2configs/sda-crypto-root.nix
+ # hardware specifics are in here
+ ../2configs/tp-x200.nix
+ ];
+ # not working in vm
+ krebs.build.host = config.krebs.hosts.tsp;
+ krebs.build.user = config.krebs.users.makefu;
+ krebs.build.target = "root@tsp";
+
+ krebs.exim-retiolum.enable = true;
+ networking.firewall.allowedTCPPorts = [
+ # nginx runs on 80
+ # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp
+ 25
+ ];
+
+ krebs.build.deps = {
+ nixpkgs = {
+ #url = https://github.com/NixOS/nixpkgs;
+ # rev=$(curl https://nixos.org/channels/nixos-unstable/git-revision -L)
+ url = https://github.com/makefu/nixpkgs;
+ rev = "8b8b65da24f13f9317504e8bcba476f9161613fe";
+ };
+ };
+
+}
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
new file mode 100644
index 000000000..4e5558a1f
--- /dev/null
+++ b/makefu/2configs/base-gui.nix
@@ -0,0 +1,57 @@
+{ config, lib, pkgs, ... }:
+##
+# of course this name is a lie - it prepares a GUI environment close to my
+# current configuration.
+#
+# autologin with mainUser into awesome
+##
+#
+with lib;
+let
+ mainUser = config.krebs.build.user.name;
+in
+{
+ imports = [ ];
+ services.xserver = {
+ enable = true;
+ layout = "us";
+ xkbVariant = "altgr-intl";
+ xkbOptions = "ctrl:nocaps";
+
+ windowManager = {
+ awesome.enable = true;
+ awesome.luaModules = [ pkgs.luaPackages.vicious ];
+ default = "awesome";
+ };
+
+ displayManager.auto.enable = true;
+ displayManager.auto.user = mainUser;
+ desktopManager.xterm.enable = false;
+ };
+
+## FONTS
+# TODO: somewhere else?
+
+ i18n.consoleFont = "Lat2-Terminus16";
+
+ fonts = {
+ enableCoreFonts = true;
+ enableFontDir = true;
+ enableGhostscriptFonts = false;
+ fonts = [ pkgs.terminus_font ];
+ };
+
+ environment.systemPackages = with pkgs;[
+ xlockmore
+ rxvt_unicode-with-plugins
+ vlc
+ firefox
+ chromium
+ ];
+ # TODO: use mainUser
+ users.extraUsers.makefu.extraGroups = [ "audio" ];
+ hardware.pulseaudio = {
+ enable = true;
+ # systemWide = true;
+ };
+}
diff --git a/makefu/2configs/base.nix b/makefu/2configs/base.nix
index 8dfb2ef27..906c74f7d 100644
--- a/makefu/2configs/base.nix
+++ b/makefu/2configs/base.nix
@@ -2,11 +2,18 @@
with lib;
{
- imports = [ ];
+ imports = [
+ {
+ users.extraUsers =
+ mapAttrs (_: h: { hashedPassword = h; })
+ (import /root/src/secrets/hashedPasswords.nix);
+ }
+ ./vim.nix
+ ];
krebs.enable = true;
krebs.search-domain = "retiolum";
- networking.hostName = config.krebs.build.host.name;
+
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
@@ -24,12 +31,29 @@ with lib;
};
};
+ networking.hostName = config.krebs.build.host.name;
+ nix.maxJobs = config.krebs.build.host.cores + 1;
+ #nix.maxJobs = 1;
+
+ krebs.build.deps = {
+ secrets = {
+ url = "/home/makefu/secrets/${config.krebs.build.host.name}";
+ };
+ stockholm = {
+ url = toString ../..;
+ };
+ };
+
services.openssh.enable = true;
nix.useChroot = true;
- users.mutableUsers = true;
+ users.mutableUsers = false;
boot.tmpOnTmpfs = true;
+
+ networking.firewall.rejectPackets = true;
+ networking.firewall.allowPing = true;
+
systemd.tmpfiles.rules = [
"d /tmp 1777 root root - -"
];
diff --git a/makefu/2configs/cgit-retiolum.nix b/makefu/2configs/cgit-retiolum.nix
index 7dfb181c5..d352f5792 100644
--- a/makefu/2configs/cgit-retiolum.nix
+++ b/makefu/2configs/cgit-retiolum.nix
@@ -52,11 +52,7 @@ let
# TODO: get the list of all krebsministers
krebsminister = with config.krebs.users; [ lass tv uriel ];
-
- #all-makefu = with config.krebs.users; [ makefu ];
-
-
- all-makefu = with config.krebs.users; [ makefu makefu-omo ];
+ all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ];
priv-rules = repo: set-owners repo all-makefu;
@@ -69,6 +65,10 @@ in {
name = "makefu-omo" ;
pubkey= with builtins; readFile ../../Zpubkeys/makefu_omo.ssh.pub;
};
+ krebs.users.makefu-tsp = {
+ name = "makefu-tsp" ;
+ pubkey= with builtins; readFile ../../Zpubkeys/makefu_tsp.ssh.pub;
+ };
}];
krebs.git = {
enable = true;
diff --git a/makefu/2configs/graphite-standalone.nix b/makefu/2configs/graphite-standalone.nix
new file mode 100644
index 000000000..8b70c11c8
--- /dev/null
+++ b/makefu/2configs/graphite-standalone.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+# graphite-web on port 8080
+# carbon cache on port 2003 (tcp/udp)
+with lib;
+{
+ imports = [ ];
+
+ services.graphite = {
+ web = {
+ enable = true;
+ host = "0.0.0.0";
+ };
+ carbon = {
+ enableCache = true;
+ # save disk usage by restricting to 1 bulk update per second
+ config = ''
+ [cache]
+ MAX_CACHE_SIZE = inf
+ MAX_UPDATES_PER_SECOND = 1
+ MAX_CREATES_PER_MINUTE = 50
+ '';
+ storageSchemas = ''
+ [carbon]
+ pattern = ^carbon\.
+ retentions = 60:90d
+
+ [default]
+ pattern = .*
+ retentions = 60s:30d,300s:1y
+ '';
+ };
+ };
+}
diff --git a/makefu/2configs/sda-crypto-root.nix b/makefu/2configs/sda-crypto-root.nix
new file mode 100644
index 000000000..0d979a0b8
--- /dev/null
+++ b/makefu/2configs/sda-crypto-root.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+# sda: bootloader grub2
+# sda1: boot ext4 (label nixboot)
+# sda2: cryptoluks -> ext4
+with lib;
+{
+ boot = {
+ loader.grub.enable =true;
+ loader.grub.version =2;
+ loader.grub.device = "/dev/sda";
+
+ initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}];
+ initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/luksroot";
+ fsType = "ext4";
+ };
+ "/boot" = {
+ device = "/dev/disk/by-label/nixboot";
+ fsType = "ext4";
+ };
+ };
+}
diff --git a/makefu/2configs/tinc-basic-retiolum.nix b/makefu/2configs/tinc-basic-retiolum.nix
new file mode 100644
index 000000000..cb1991bd6
--- /dev/null
+++ b/makefu/2configs/tinc-basic-retiolum.nix
@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+ krebs.retiolum = {
+ enable = true;
+ hosts = ../../Zhosts;
+ connectTo = [
+ "gum"
+ "pigstarter"
+ "fastpoke"
+ ];
+ };
+}
diff --git a/makefu/2configs/tp-x200.nix b/makefu/2configs/tp-x200.nix
new file mode 100644
index 000000000..25a2537e8
--- /dev/null
+++ b/makefu/2configs/tp-x200.nix
@@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+ #services.xserver = {
+ # videoDriver = "intel";
+ #};
+
+ boot = {
+ kernelModules = [ "tp_smapi" "msr" ];
+ extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
+
+ };
+
+ networking.wireless.enable = true;
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+
+ hardware.trackpoint.enable = true;
+ hardware.trackpoint.sensitivity = 255;
+ hardware.trackpoint.speed = 255;
+ services.xserver.displayManager.sessionCommands = ''
+ xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 1
+ xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 2
+ xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 200
+ '';
+}
diff --git a/makefu/2configs/vim.nix b/makefu/2configs/vim.nix
new file mode 100644
index 000000000..b71d95148
--- /dev/null
+++ b/makefu/2configs/vim.nix
@@ -0,0 +1,119 @@
+{ config, pkgs, ... }:
+
+let
+ customPlugins.vim-better-whitespace = pkgs.vimUtils.buildVimPlugin {
+ name = "vim-better-whitespace";
+ src = pkgs.fetchFromGitHub {
+ owner = "ntpeters";
+ repo = "vim-better-whitespace";
+ rev = "984c8da518799a6bfb8214e1acdcfd10f5f1eed7";
+ sha256 = "10l01a8xaivz6n01x6hzfx7gd0igd0wcf9ril0sllqzbq7yx2bbk";
+ };
+ };
+
+in {
+
+ environment.systemPackages = [
+ pkgs.python27Full # required for youcompleteme
+ (pkgs.vim_configurable.customize {
+ name = "vim";
+
+ vimrcConfig.customRC = ''
+ set nocompatible
+ syntax on
+
+ filetype off
+ filetype plugin indent on
+
+ colorscheme darkblue
+ set background=dark
+
+ set number
+ set relativenumber
+ set mouse=a
+ set ignorecase
+ set incsearch
+ set wildignore=*.o,*.obj,*.bak,*.exe,*.os
+ set textwidth=79
+ set shiftwidth=2
+ set expandtab
+ set softtabstop=2
+ set shiftround
+ set smarttab
+ set tabstop=2
+ set et
+ set autoindent
+ set backspace=indent,eol,start
+
+
+ inoremap <F1> <ESC>
+ nnoremap <F1> <ESC>
+ vnoremap <F1> <ESC>
+
+ nnoremap <F5> :UndotreeToggle<CR>
+ set undodir =~/.vim/undo
+ set undofile
+ "maximum number of changes that can be undone
+ set undolevels=1000000
+ "maximum number lines to save for undo on a buffer reload
+ set undoreload=10000000
+
+ nnoremap <F2> :set invpaste paste?<CR>
+ set pastetoggle=<F2>
+ set showmode
+
+ set showmatch
+ set matchtime=3
+ set hlsearch
+
+ autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red
+
+
+ " save on focus lost
+ au FocusLost * :wa
+
+ autocmd BufRead *.json set filetype=json
+ au BufNewFile,BufRead *.mustache set syntax=mustache
+
+ cnoremap SudoWrite w !sudo tee > /dev/null %
+
+ " create Backup/tmp/undo dirs
+ set backupdir=~/.vim/backup
+ set directory=~/.vim/tmp
+
+ function! InitBackupDir()
+ let l:parent = $HOME . '/.vim/'
+ let l:backup = l:parent . 'backup/'
+ let l:tmpdir = l:parent . 'tmp/'
+ let l:undodir= l:parent . 'undo/'
+
+
+ if !isdirectory(l:parent)
+ call mkdir(l:parent)
+ endif
+ if !isdirectory(l:backup)
+ call mkdir(l:backup)
+ endif
+ if !isdirectory(l:tmpdir)
+ call mkdir(l:tmpdir)
+ endif
+ if !isdirectory(l:undodir)
+ call mkdir(l:undodir)
+ endif
+ endfunction
+ call InitBackupDir()
+
+
+ '';
+
+ vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
+ vimrcConfig.vam.pluginDictionaries = [
+ { names = [ "undotree"
+ "YouCompleteMe"
+ "vim-better-whitespace" ]; }
+ { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
+ ];
+
+ })
+ ];
+}
diff --git a/makefu/2configs/vm-single-partition.nix b/makefu/2configs/vm-single-partition.nix
new file mode 100644
index 000000000..78a5e7175
--- /dev/null
+++ b/makefu/2configs/vm-single-partition.nix
@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+# vda1 ext4 (label nixos) -> only root partition
+with lib;
+{
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.device = "/dev/vda";
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-label/nixos";
+ fsType = "ext4";
+ };
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+ hardware.cpu.amd.updateMicrocode = true;
+
+
+}