diff options
author | tv <tv@krebsco.de> | 2017-07-14 00:17:58 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2017-07-14 00:21:02 +0200 |
commit | 58380c82848c3db0bd6c3d74904153f3464c2098 (patch) | |
tree | dcefa424c037ef13edba18967143b3290dc739cb /krebs/1systems | |
parent | c213968c44befe32f115ec0122accebdabd89582 (diff) |
merge shared into krebs
Diffstat (limited to 'krebs/1systems')
-rw-r--r-- | krebs/1systems/test-all-krebs-modules/config.nix | 55 | ||||
-rw-r--r-- | krebs/1systems/test-all-krebs-modules/source.nix | 3 | ||||
-rw-r--r-- | krebs/1systems/test-arch/config.nix | 33 | ||||
-rw-r--r-- | krebs/1systems/test-arch/source.nix | 3 | ||||
-rw-r--r-- | krebs/1systems/test-centos6/config.nix | 31 | ||||
-rw-r--r-- | krebs/1systems/test-centos6/source.nix | 3 | ||||
-rw-r--r-- | krebs/1systems/test-centos7/config.nix | 17 | ||||
-rw-r--r-- | krebs/1systems/test-centos7/source.nix | 3 | ||||
-rw-r--r-- | krebs/1systems/test-failing/config.nix | 10 | ||||
-rw-r--r-- | krebs/1systems/test-failing/source.nix | 3 | ||||
-rw-r--r-- | krebs/1systems/test-minimal-deploy/config.nix | 17 | ||||
-rw-r--r-- | krebs/1systems/test-minimal-deploy/source.nix | 3 | ||||
-rw-r--r-- | krebs/1systems/wolf/config.nix | 108 | ||||
-rw-r--r-- | krebs/1systems/wolf/source.nix | 3 |
14 files changed, 292 insertions, 0 deletions
diff --git a/krebs/1systems/test-all-krebs-modules/config.nix b/krebs/1systems/test-all-krebs-modules/config.nix new file mode 100644 index 000000000..c0c14b71f --- /dev/null +++ b/krebs/1systems/test-all-krebs-modules/config.nix @@ -0,0 +1,55 @@ +{ config, pkgs, lib, ... }: +let + en = { enable = true;}; +in { + imports = [ + <stockholm/krebs> + <stockholm/krebs/2configs> + ]; + krebs = { + enable = true; + build.user = config.krebs.users.krebs; + build.host = config.krebs.hosts.test-all-krebs-modules; + Reaktor.test = {}; + apt-cacher-ng.enable = true; + backup.enable = true; + bepasty.enable = true; + # FIXME fast-tests / instantiate-test-all-modules fails at wolfbot + # http://wolf:8010/builders/fast-tests/builds/442 + #buildbot.master.enable = true; + buildbot.worker = { + enable = true; + username = "lol"; + password = "wut"; + }; + # XXX exim-retiolum and exim-smarthost are mutually exclusive + #exim-retiolum = { + # enable = true; + # primary_hostname = "test.r"; + #}; + exim-smarthost = { + enable = true; + primary_hostname = "test.r"; + system-aliases = [ { from = "dick"; to = "butt"; } ]; + }; + go.enable = true; + iptables = { + enable = true; + tables = {}; + }; + realwallpaper.enable = true; + tinc.retiolum.enable = true; + retiolum-bootstrap.enable = true; + tinc_graphs.enable = true; + urlwatch.enable = true; + fetchWallpaper = { + enable = true; + url ="localhost"; + }; + }; + # just get the system running + boot.loader.grub.devices = ["/dev/sda"]; + fileSystems."/" = { + device = "/dev/lol"; + }; +} diff --git a/krebs/1systems/test-all-krebs-modules/source.nix b/krebs/1systems/test-all-krebs-modules/source.nix new file mode 100644 index 000000000..66fdaa773 --- /dev/null +++ b/krebs/1systems/test-all-krebs-modules/source.nix @@ -0,0 +1,3 @@ +import <stockholm/krebs/source.nix> { + name = "test-all-krebs-modules"; +} diff --git a/krebs/1systems/test-arch/config.nix b/krebs/1systems/test-arch/config.nix new file mode 100644 index 000000000..b5a4234e7 --- /dev/null +++ b/krebs/1systems/test-arch/config.nix @@ -0,0 +1,33 @@ +{ config, pkgs, ... }: + +{ + imports = [ + <stockholm/krebs> + <stockholm/krebs/2configs> + { + boot.loader.grub = { + device = "/dev/sda"; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + + fileSystems."/" = { + device = "/dev/sda1"; + }; + } + { + networking.dhcpcd.allowInterfaces = [ + "enp*" + ]; + } + { + sound.enable = false; + } + ]; + + krebs.build.host = config.krebs.hosts.test-arch; +} diff --git a/krebs/1systems/test-arch/source.nix b/krebs/1systems/test-arch/source.nix new file mode 100644 index 000000000..bff9d4325 --- /dev/null +++ b/krebs/1systems/test-arch/source.nix @@ -0,0 +1,3 @@ +import <stockholm/krebs/source.nix> { + name = "test-arch"; +} diff --git a/krebs/1systems/test-centos6/config.nix b/krebs/1systems/test-centos6/config.nix new file mode 100644 index 000000000..968f8b8f0 --- /dev/null +++ b/krebs/1systems/test-centos6/config.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) head; + + ip = "168.235.148.52"; + gw = "168.235.148.1"; +in { + imports = [ + <stockholm/krebs> + <stockholm/krebs/2configs> + <stockholm/krebs/2configs/os-templates/CAC-CentOS-6.5-64bit.nix> + { + networking.interfaces.enp11s0.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = gw; + networking.nameservers = [ + "8.8.8.8" + ]; + } + { + sound.enable = false; + } + ]; + + krebs.build.host = config.krebs.hosts.test-centos6; +} diff --git a/krebs/1systems/test-centos6/source.nix b/krebs/1systems/test-centos6/source.nix new file mode 100644 index 000000000..3693bbb29 --- /dev/null +++ b/krebs/1systems/test-centos6/source.nix @@ -0,0 +1,3 @@ +import <stockholm/krebs/source.nix> { + name = "test-centos6"; +} diff --git a/krebs/1systems/test-centos7/config.nix b/krebs/1systems/test-centos7/config.nix new file mode 100644 index 000000000..732bc4f17 --- /dev/null +++ b/krebs/1systems/test-centos7/config.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) head; + +in { + imports = [ + <stockholm/krebs> + <stockholm/krebs/2configs> + <stockholm/krebs/2configs/os-templates/CAC-CentOS-7-64bit.nix> + <stockholm/krebs/2configs/temp/networking.nix> + <stockholm/krebs/2configs/temp/dirs.nix> + ]; + + sound.enable = false; + krebs.build.host = config.krebs.hosts.test-centos7; +} diff --git a/krebs/1systems/test-centos7/source.nix b/krebs/1systems/test-centos7/source.nix new file mode 100644 index 000000000..44230f08d --- /dev/null +++ b/krebs/1systems/test-centos7/source.nix @@ -0,0 +1,3 @@ +import <stockholm/krebs/source.nix> { + name = "test-centos7"; +} diff --git a/krebs/1systems/test-failing/config.nix b/krebs/1systems/test-failing/config.nix new file mode 100644 index 000000000..0dc8e6bf8 --- /dev/null +++ b/krebs/1systems/test-failing/config.nix @@ -0,0 +1,10 @@ +{ config, pkgs, ... }: + +{ + imports = [ + <stockholm/krebs> + <stockholm/krebs/2configs> + ]; + programs.ssh.startAgent = true; + programs.ssh.startAgent = false; +} diff --git a/krebs/1systems/test-failing/source.nix b/krebs/1systems/test-failing/source.nix new file mode 100644 index 000000000..60b77a0a0 --- /dev/null +++ b/krebs/1systems/test-failing/source.nix @@ -0,0 +1,3 @@ +import <stockholm/krebs/source.nix> { + name = "test-failing"; +} diff --git a/krebs/1systems/test-minimal-deploy/config.nix b/krebs/1systems/test-minimal-deploy/config.nix new file mode 100644 index 000000000..9974b4f7c --- /dev/null +++ b/krebs/1systems/test-minimal-deploy/config.nix @@ -0,0 +1,17 @@ +{ config, pkgs, lib, ... }: +{ + imports = [ + <stockholm/krebs> + <stockholm/krebs/2configs> + ]; + krebs = { + enable = true; + build.user = config.krebs.users.krebs; + build.host = config.krebs.hosts.test-all-krebs-modules; + }; + # just get the system to eval in nixos without errors + boot.loader.grub.devices = ["/dev/sda"]; + fileSystems."/" = { + device = "/dev/lol"; + }; +} diff --git a/krebs/1systems/test-minimal-deploy/source.nix b/krebs/1systems/test-minimal-deploy/source.nix new file mode 100644 index 000000000..032ab12bb --- /dev/null +++ b/krebs/1systems/test-minimal-deploy/source.nix @@ -0,0 +1,3 @@ +import <stockholm/krebs/source.nix> { + name = "test-minimal-deploy"; +} diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix new file mode 100644 index 000000000..b8cc1b4a1 --- /dev/null +++ b/krebs/1systems/wolf/config.nix @@ -0,0 +1,108 @@ +{ config, pkgs, ... }: +let + shack-ip = config.krebs.build.host.nets.shack.ip4.addr; +in +{ + imports = [ + <stockholm/krebs> + <stockholm/krebs/2configs> + <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + <stockholm/krebs/2configs/collectd-base.nix> + <stockholm/krebs/2configs/central-stats-client.nix> + <stockholm/krebs/2configs/save-diskspace.nix> + + <stockholm/krebs/2configs/cgit-mirror.nix> + <stockholm/krebs/2configs/graphite.nix> + <stockholm/krebs/2configs/repo-sync.nix> + <stockholm/krebs/2configs/shared-buildbot.nix> + + <stockholm/krebs/2configs/shack/worlddomination.nix> + <stockholm/krebs/2configs/shack/drivedroid.nix> + # <stockholm/krebs/2configs/shack/nix-cacher.nix> + <stockholm/krebs/2configs/shack/mqtt_sub.nix> + <stockholm/krebs/2configs/shack/muell_caller.nix> + <stockholm/krebs/2configs/shack/radioactive.nix> + <stockholm/krebs/2configs/shack/share.nix> + + ]; + # use your own binary cache, fallback use cache.nixos.org (which is used by + # apt-cacher-ng in first place) + + services.influxdb.enable = true; + + # local discovery in shackspace + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + krebs.tinc.retiolum.extraConfig = "TCPOnly = yes"; + services.grafana = { + enable = true; + addr = "0.0.0.0"; + users.allowSignUp = true; + users.allowOrgCreate = true; + users.autoAssignOrg = true; + auth.anonymous.enable = true; + security = import <secrets/grafana_security.nix>; + }; + + nix = { + # use the up to date prism cache + binaryCaches = [ + "http://cache.prism.r" + "https://cache.nixos.org/" + ]; + binaryCachePublicKeys = [ + "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" + ]; + }; + + networking = { + firewall.enable = false; + firewall.allowedTCPPorts = [ 8088 8086 8083 ]; + interfaces.enp0s3.ip4 = [{ + address = shack-ip; + prefixLength = 20; + }]; + + defaultGateway = "10.42.0.1"; + nameservers = [ "10.42.0.100" "10.42.0.200" ]; + }; + + ##################### + # uninteresting stuff + ##################### + krebs.build.host = config.krebs.hosts.wolf; + + boot.kernel.sysctl = { + # Enable IPv6 Privacy Extensions + "net.ipv6.conf.all.use_tempaddr" = 2; + "net.ipv6.conf.default.use_tempaddr" = 2; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" + ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; + + fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; + + swapDevices = [ + { device = "/dev/disk/by-label/swap"; } + ]; + # fallout of ipv6calypse + networking.extraHosts = '' + hass.shack 10.42.2.191 + heidi.shack 10.42.2.135 + ''; + + users.extraUsers.root.openssh.authorizedKeys.keys = [ + config.krebs.users.ulrich.pubkey + ]; + + time.timeZone = "Europe/Berlin"; + sound.enable = false; +} diff --git a/krebs/1systems/wolf/source.nix b/krebs/1systems/wolf/source.nix new file mode 100644 index 000000000..c292bfa62 --- /dev/null +++ b/krebs/1systems/wolf/source.nix @@ -0,0 +1,3 @@ +import <stockholm/krebs/source.nix> { + name = "wolf"; +} |