summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-02-08 03:23:28 +0100
committertv <tv@krebsco.de>2016-02-08 03:35:29 +0100
commit8e93530796982db49ddeb06201d2f5bb57d51ccc (patch)
tree0c2982f48ca668cc034f4c10485c6a5b0e841d81 /lass/2configs
parent7a9f130c1230faf9662000dbd9ba8f06170bf254 (diff)
parent5856d240888e89dbed141087c9580026f52dff59 (diff)
Merge remote-tracking branch 'cloudkrebs/master'
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/base.nix37
-rw-r--r--lass/2configs/baseX.nix1
-rw-r--r--lass/2configs/bitcoin.nix7
-rw-r--r--lass/2configs/browsers.nix2
-rw-r--r--lass/2configs/buildbot-standalone.nix78
-rw-r--r--lass/2configs/git.nix4
-rw-r--r--lass/2configs/newsbot-js.nix2
-rw-r--r--lass/2configs/websites/fritz.nix33
-rw-r--r--lass/2configs/websites/wohnprojekt-rhh.de.nix6
-rw-r--r--lass/2configs/xserver/default.nix8
10 files changed, 155 insertions, 23 deletions
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 66e12b262..4c73fc0ce 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -17,7 +17,8 @@ with lib;
root = {
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
- config.krebs.users.uriel.pubkey
+ config.krebs.users.lass-uriel.pubkey
+ config.krebs.users.lass-helios.pubkey
];
};
mainUser = {
@@ -31,7 +32,7 @@ with lib;
];
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
- config.krebs.users.uriel.pubkey
+ config.krebs.users.lass-uriel.pubkey
];
};
};
@@ -47,20 +48,21 @@ with lib;
exim-retiolum.enable = true;
build = {
user = config.krebs.users.lass;
- source = {
- git.nixpkgs = {
+ source = mapAttrs (_: mkDefault) ({
+ nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix";
+ nixpkgs = symlink:stockholm/nixpkgs;
+ secrets = "/home/lass/secrets/${config.krebs.build.host.name}";
+ #secrets-common = "/home/lass/secrets/common";
+ stockholm = "/home/lass/stockholm";
+ stockholm-user = "symlink:stockholm/lass";
+ upstream-nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
- rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119";
+ rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
+ dev = "/home/lass/src/nixpkgs";
};
- dir.secrets = {
- host = config.krebs.hosts.mors;
- path = "/home/lass/secrets/${config.krebs.build.host.name}";
- };
- dir.stockholm = {
- host = config.krebs.hosts.mors;
- path = "/home/lass/stockholm";
- };
- };
+ } // optionalAttrs config.krebs.build.host.secure {
+ #secrets-master = "/home/lass/secrets/master";
+ });
};
};
@@ -89,6 +91,7 @@ with lib;
git
jq
parallel
+ proot
#style
most
@@ -176,4 +179,10 @@ with lib;
noipv4ll
'';
+ #CVE-2016-0777 and CVE-2016-0778 workaround
+ #https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
+ programs.ssh.extraConfig = ''
+ UseRoaming no
+ '';
+
}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 0596682df..ede1c7b7b 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -31,6 +31,7 @@ in {
environment.systemPackages = with pkgs; [
+ dmenu
gitAndTools.qgit
mpv
much
diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix
index d3bccbf5c..2f4cd5710 100644
--- a/lass/2configs/bitcoin.nix
+++ b/lass/2configs/bitcoin.nix
@@ -1,6 +1,8 @@
{ config, pkgs, ... }:
-{
+let
+ mainUser = config.users.extraUsers.mainUser;
+in {
environment.systemPackages = with pkgs; [
electrum
];
@@ -14,4 +16,7 @@
createHome = true;
};
};
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL
+ '';
}
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index d36801863..61016fed0 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -54,8 +54,6 @@ in {
];
imports = [
- ../3modules/per-user.nix
- ] ++ [
( createFirefoxUser "ff" [ "audio" ] [ ] )
( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
( createChromiumUser "fb" [ ] [ pkgs.chromium ] )
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
new file mode 100644
index 000000000..8c71553fe
--- /dev/null
+++ b/lass/2configs/buildbot-standalone.nix
@@ -0,0 +1,78 @@
+{ lib, config, pkgs, ... }:
+{
+ #networking.firewall.allowedTCPPorts = [ 8010 9989 ];
+ krebs.buildbot.master = {
+ slaves = {
+ testslave = "lasspass";
+ };
+ change_source.stockholm = ''
+ stockholm_repo = 'http://cgit.mors/stockholm'
+ cs.append(changes.GitPoller(
+ stockholm_repo,
+ workdir='stockholm-poller', branch='master',
+ project='stockholm',
+ pollinterval=120))
+ '';
+ scheduler = {
+ force-scheduler = ''
+ sched.append(schedulers.ForceScheduler(
+ name="force",
+ builderNames=["fast-tests"]))
+ '';
+ fast-tests-scheduler = ''
+ # test the master real quick
+ sched.append(schedulers.SingleBranchScheduler(
+ change_filter=util.ChangeFilter(branch="master"),
+ name="fast-master-test",
+ builderNames=["fast-tests"]))
+ '';
+ };
+ builder_pre = ''
+ # prepare grab_repo step for stockholm
+ grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
+
+ env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"}
+
+ # prepare nix-shell
+ # the dependencies which are used by the test script
+ deps = [ "gnumake", "jq","nix","rsync" ]
+ # TODO: --pure , prepare ENV in nix-shell command:
+ # SSL_CERT_FILE,LOGNAME,NIX_REMOTE
+ nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ]
+
+ # prepare addShell function
+ def addShell(factory,**kwargs):
+ factory.addStep(steps.ShellCommand(**kwargs))
+ '';
+ builder = {
+ fast-tests = ''
+ f = util.BuildFactory()
+ f.addStep(grab_repo)
+ addShell(f,name="mors-eval",env=env,
+ command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"])
+
+ bu.append(util.BuilderConfig(name="fast-tests",
+ slavenames=slavenames,
+ factory=f))
+ '';
+ };
+ enable = true;
+ web.enable = true;
+ irc = {
+ enable = true;
+ nick = "buildbot-lass";
+ server = "cd.retiolum";
+ channels = [ "retiolum" ];
+ allowForce = true;
+ };
+ };
+
+ krebs.buildbot.slave = {
+ enable = true;
+ masterhost = "localhost";
+ username = "testslave";
+ password = "lasspass";
+ packages = with pkgs;[ git nix ];
+ extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
+ };
+}
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 16ecaefec..ac6aae44f 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -69,12 +69,12 @@ let
with git // config.krebs.users;
repo:
singleton {
- user = lass;
+ user = [ lass lass-helios lass-uriel ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
optional repo.public {
- user = [ tv makefu uriel ];
+ user = [ tv makefu miefda ];
repo = [ repo ];
perm = fetch;
} ++
diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix
index 74d09b7fa..4482c4e9d 100644
--- a/lass/2configs/newsbot-js.nix
+++ b/lass/2configs/newsbot-js.nix
@@ -161,7 +161,7 @@ let
torrentfreak|http://feeds.feedburner.com/Torrentfreak|#news
torr_news|http://feed.torrentfreak.com/Torrentfreak/|#news
travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#news
- truther|http://truthernews.wordpress.com/feed/|#news
+ #truther|http://truthernews.wordpress.com/feed/|#news
un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#news
un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#news
un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#news
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
new file mode 100644
index 000000000..073f3de14
--- /dev/null
+++ b/lass/2configs/websites/fritz.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+
+{
+
+ imports = [
+ ../../3modules/static_nginx.nix
+ ../../3modules/owncloud_nginx.nix
+ ../../3modules/wordpress_nginx.nix
+ ];
+
+ lass.staticPage = {
+ "biostase.de" = {};
+ "gs-maubach.de" = {};
+ "spielwaren-kern.de" = {};
+ "societyofsimtech.de" = {};
+ "ttf-kleinaspach.de" = {};
+ "edsn.de" = {};
+ "eab.berkeley.edu" = {};
+ "habsys.de" = {};
+ };
+
+ #lass.owncloud = {
+ # "o.ubikmedia.de" = {
+ # instanceid = "oc8n8ddbftgh";
+ # };
+ #};
+
+ #services.mysql = {
+ # enable = true;
+ # package = pkgs.mariadb;
+ # rootPassword = toString (<secrets/mysql_rootPassword>);
+ #};
+}
diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix
index cd31450c5..ac784d4c7 100644
--- a/lass/2configs/websites/wohnprojekt-rhh.de.nix
+++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix
@@ -8,5 +8,11 @@
lass.staticPage = {
"wohnprojekt-rhh.de" = {};
};
+
+ users.users.laura = {
+ home = "/srv/http/wohnprojekt-rhh.de";
+ createHome = true;
+ useDefaultShell = true;
+ };
}
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index 04d14c7ce..c407bb59e 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -44,7 +44,7 @@ let
"slock"
];
- systemd.services.display-manager = mkForce {};
+ systemd.services.display-manager.enable = false;
services.xserver.enable = true;
@@ -93,9 +93,11 @@ let
xmonad-start = pkgs.writeScriptBin "xmonad" ''
#! ${pkgs.bash}/bin/bash
set -efu
- export PATH; PATH=${makeSearchPath "bin" ([
+ export PATH; PATH=${makeSearchPath "bin" [
+ pkgs.alsaUtils
+ pkgs.pulseaudioLight
pkgs.rxvt_unicode
- ] ++ config.environment.systemPackages)}:/var/setuid-wrappers
+ ]}:/var/setuid-wrappers
settle() {(
# Use PATH for a clean journal
command=''${1##*/}