diff options
author | tv <tv@krebsco.de> | 2016-02-08 03:23:28 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2016-02-08 03:35:29 +0100 |
commit | 8e93530796982db49ddeb06201d2f5bb57d51ccc (patch) | |
tree | 0c2982f48ca668cc034f4c10485c6a5b0e841d81 /lass/2configs | |
parent | 7a9f130c1230faf9662000dbd9ba8f06170bf254 (diff) | |
parent | 5856d240888e89dbed141087c9580026f52dff59 (diff) |
Merge remote-tracking branch 'cloudkrebs/master'
Diffstat (limited to 'lass/2configs')
-rw-r--r-- | lass/2configs/base.nix | 37 | ||||
-rw-r--r-- | lass/2configs/baseX.nix | 1 | ||||
-rw-r--r-- | lass/2configs/bitcoin.nix | 7 | ||||
-rw-r--r-- | lass/2configs/browsers.nix | 2 | ||||
-rw-r--r-- | lass/2configs/buildbot-standalone.nix | 78 | ||||
-rw-r--r-- | lass/2configs/git.nix | 4 | ||||
-rw-r--r-- | lass/2configs/newsbot-js.nix | 2 | ||||
-rw-r--r-- | lass/2configs/websites/fritz.nix | 33 | ||||
-rw-r--r-- | lass/2configs/websites/wohnprojekt-rhh.de.nix | 6 | ||||
-rw-r--r-- | lass/2configs/xserver/default.nix | 8 |
10 files changed, 155 insertions, 23 deletions
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 66e12b262..4c73fc0ce 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -17,7 +17,8 @@ with lib; root = { openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey - config.krebs.users.uriel.pubkey + config.krebs.users.lass-uriel.pubkey + config.krebs.users.lass-helios.pubkey ]; }; mainUser = { @@ -31,7 +32,7 @@ with lib; ]; openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey - config.krebs.users.uriel.pubkey + config.krebs.users.lass-uriel.pubkey ]; }; }; @@ -47,20 +48,21 @@ with lib; exim-retiolum.enable = true; build = { user = config.krebs.users.lass; - source = { - git.nixpkgs = { + source = mapAttrs (_: mkDefault) ({ + nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix"; + nixpkgs = symlink:stockholm/nixpkgs; + secrets = "/home/lass/secrets/${config.krebs.build.host.name}"; + #secrets-common = "/home/lass/secrets/common"; + stockholm = "/home/lass/stockholm"; + stockholm-user = "symlink:stockholm/lass"; + upstream-nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119"; + rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; + dev = "/home/lass/src/nixpkgs"; }; - dir.secrets = { - host = config.krebs.hosts.mors; - path = "/home/lass/secrets/${config.krebs.build.host.name}"; - }; - dir.stockholm = { - host = config.krebs.hosts.mors; - path = "/home/lass/stockholm"; - }; - }; + } // optionalAttrs config.krebs.build.host.secure { + #secrets-master = "/home/lass/secrets/master"; + }); }; }; @@ -89,6 +91,7 @@ with lib; git jq parallel + proot #style most @@ -176,4 +179,10 @@ with lib; noipv4ll ''; + #CVE-2016-0777 and CVE-2016-0778 workaround + #https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt + programs.ssh.extraConfig = '' + UseRoaming no + ''; + } diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 0596682df..ede1c7b7b 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -31,6 +31,7 @@ in { environment.systemPackages = with pkgs; [ + dmenu gitAndTools.qgit mpv much diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix index d3bccbf5c..2f4cd5710 100644 --- a/lass/2configs/bitcoin.nix +++ b/lass/2configs/bitcoin.nix @@ -1,6 +1,8 @@ { config, pkgs, ... }: -{ +let + mainUser = config.users.extraUsers.mainUser; +in { environment.systemPackages = with pkgs; [ electrum ]; @@ -14,4 +16,7 @@ createHome = true; }; }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL + ''; } diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index d36801863..61016fed0 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -54,8 +54,6 @@ in { ]; imports = [ - ../3modules/per-user.nix - ] ++ [ ( createFirefoxUser "ff" [ "audio" ] [ ] ) ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] ) ( createChromiumUser "fb" [ ] [ pkgs.chromium ] ) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix new file mode 100644 index 000000000..8c71553fe --- /dev/null +++ b/lass/2configs/buildbot-standalone.nix @@ -0,0 +1,78 @@ +{ lib, config, pkgs, ... }: +{ + #networking.firewall.allowedTCPPorts = [ 8010 9989 ]; + krebs.buildbot.master = { + slaves = { + testslave = "lasspass"; + }; + change_source.stockholm = '' + stockholm_repo = 'http://cgit.mors/stockholm' + cs.append(changes.GitPoller( + stockholm_repo, + workdir='stockholm-poller', branch='master', + project='stockholm', + pollinterval=120)) + ''; + scheduler = { + force-scheduler = '' + sched.append(schedulers.ForceScheduler( + name="force", + builderNames=["fast-tests"])) + ''; + fast-tests-scheduler = '' + # test the master real quick + sched.append(schedulers.SingleBranchScheduler( + change_filter=util.ChangeFilter(branch="master"), + name="fast-master-test", + builderNames=["fast-tests"])) + ''; + }; + builder_pre = '' + # prepare grab_repo step for stockholm + grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') + + env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"} + + # prepare nix-shell + # the dependencies which are used by the test script + deps = [ "gnumake", "jq","nix","rsync" ] + # TODO: --pure , prepare ENV in nix-shell command: + # SSL_CERT_FILE,LOGNAME,NIX_REMOTE + nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ] + + # prepare addShell function + def addShell(factory,**kwargs): + factory.addStep(steps.ShellCommand(**kwargs)) + ''; + builder = { + fast-tests = '' + f = util.BuildFactory() + f.addStep(grab_repo) + addShell(f,name="mors-eval",env=env, + command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"]) + + bu.append(util.BuilderConfig(name="fast-tests", + slavenames=slavenames, + factory=f)) + ''; + }; + enable = true; + web.enable = true; + irc = { + enable = true; + nick = "buildbot-lass"; + server = "cd.retiolum"; + channels = [ "retiolum" ]; + allowForce = true; + }; + }; + + krebs.buildbot.slave = { + enable = true; + masterhost = "localhost"; + username = "testslave"; + password = "lasspass"; + packages = with pkgs;[ git nix ]; + extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; }; + }; +} diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 16ecaefec..ac6aae44f 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -69,12 +69,12 @@ let with git // config.krebs.users; repo: singleton { - user = lass; + user = [ lass lass-helios lass-uriel ]; repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ optional repo.public { - user = [ tv makefu uriel ]; + user = [ tv makefu miefda ]; repo = [ repo ]; perm = fetch; } ++ diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index 74d09b7fa..4482c4e9d 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -161,7 +161,7 @@ let torrentfreak|http://feeds.feedburner.com/Torrentfreak|#news torr_news|http://feed.torrentfreak.com/Torrentfreak/|#news travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#news - truther|http://truthernews.wordpress.com/feed/|#news + #truther|http://truthernews.wordpress.com/feed/|#news un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#news un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#news un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#news diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix new file mode 100644 index 000000000..073f3de14 --- /dev/null +++ b/lass/2configs/websites/fritz.nix @@ -0,0 +1,33 @@ +{ config, pkgs, ... }: + +{ + + imports = [ + ../../3modules/static_nginx.nix + ../../3modules/owncloud_nginx.nix + ../../3modules/wordpress_nginx.nix + ]; + + lass.staticPage = { + "biostase.de" = {}; + "gs-maubach.de" = {}; + "spielwaren-kern.de" = {}; + "societyofsimtech.de" = {}; + "ttf-kleinaspach.de" = {}; + "edsn.de" = {}; + "eab.berkeley.edu" = {}; + "habsys.de" = {}; + }; + + #lass.owncloud = { + # "o.ubikmedia.de" = { + # instanceid = "oc8n8ddbftgh"; + # }; + #}; + + #services.mysql = { + # enable = true; + # package = pkgs.mariadb; + # rootPassword = toString (<secrets/mysql_rootPassword>); + #}; +} diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix index cd31450c5..ac784d4c7 100644 --- a/lass/2configs/websites/wohnprojekt-rhh.de.nix +++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix @@ -8,5 +8,11 @@ lass.staticPage = { "wohnprojekt-rhh.de" = {}; }; + + users.users.laura = { + home = "/srv/http/wohnprojekt-rhh.de"; + createHome = true; + useDefaultShell = true; + }; } diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 04d14c7ce..c407bb59e 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -44,7 +44,7 @@ let "slock" ]; - systemd.services.display-manager = mkForce {}; + systemd.services.display-manager.enable = false; services.xserver.enable = true; @@ -93,9 +93,11 @@ let xmonad-start = pkgs.writeScriptBin "xmonad" '' #! ${pkgs.bash}/bin/bash set -efu - export PATH; PATH=${makeSearchPath "bin" ([ + export PATH; PATH=${makeSearchPath "bin" [ + pkgs.alsaUtils + pkgs.pulseaudioLight pkgs.rxvt_unicode - ] ++ config.environment.systemPackages)}:/var/setuid-wrappers + ]}:/var/setuid-wrappers settle() {( # Use PATH for a clean journal command=''${1##*/} |