summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-06-30 16:31:05 +0200
committertv <tv@krebsco.de>2016-06-30 16:31:05 +0200
commitd81b068113325fb7604089c3647c365a41804978 (patch)
tree4c43ad2142825ac7c0a7045e5c48a039b25f6786 /lass
parent1542f9bbee823025f703e6abf3836905cee416fd (diff)
parentf12578c66f8b7b829c0dec5255f358778c0d3366 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/cloudkrebs.nix1
-rw-r--r--lass/1systems/dishfire.nix31
-rw-r--r--lass/1systems/echelon.nix2
-rw-r--r--lass/1systems/mors.nix53
-rw-r--r--lass/1systems/prism.nix10
-rw-r--r--lass/1systems/shodan.nix40
-rw-r--r--lass/2configs/baseX.nix13
-rw-r--r--lass/2configs/binary-cache/client.nix9
-rw-r--r--lass/2configs/binary-cache/server.nix30
-rw-r--r--lass/2configs/binary-caches.nix13
-rw-r--r--lass/2configs/buildbot-standalone.nix100
-rw-r--r--lass/2configs/c-base.nix (renamed from lass/2configs/cbase.nix)0
-rw-r--r--lass/2configs/default.nix21
-rw-r--r--lass/2configs/downloading.nix1
-rw-r--r--lass/2configs/exim-smarthost.nix2
-rw-r--r--lass/2configs/fetchWallpaper.nix3
-rw-r--r--lass/2configs/gc.nix8
-rw-r--r--lass/2configs/git.nix13
-rw-r--r--lass/2configs/hw/tp-x220.nix54
-rw-r--r--lass/2configs/mail.nix7
-rw-r--r--lass/2configs/newsbot-js.nix3
-rw-r--r--lass/2configs/nixpkgs.nix8
-rw-r--r--lass/2configs/power-action.nix41
-rw-r--r--lass/2configs/pulse.nix96
-rw-r--r--lass/2configs/radio.nix25
-rw-r--r--lass/2configs/realwallpaper-server.nix32
-rw-r--r--lass/2configs/realwallpaper.nix29
-rw-r--r--lass/2configs/repo-sync.nix106
-rw-r--r--lass/2configs/tests/dummy-secrets/cbase.txt0
-rw-r--r--lass/2configs/tests/dummy-secrets/hashedPasswords.nix1
-rw-r--r--lass/2configs/tests/dummy-secrets/icecast-admin-pw1
-rw-r--r--lass/2configs/tests/dummy-secrets/icecast-source-pw1
-rw-r--r--lass/2configs/tests/dummy-secrets/lassul.us.dkim.priv3
-rw-r--r--lass/2configs/tests/dummy-secrets/mysql_rootPassword1
-rw-r--r--lass/2configs/tests/dummy-secrets/nix-serve.key1
-rw-r--r--lass/2configs/tests/dummy-secrets/repos.nix1
-rw-r--r--lass/2configs/tests/dummy-secrets/retiolum.rsa_key.priv4
-rw-r--r--lass/2configs/tests/dummy-secrets/ssh.id_ed255193
-rw-r--r--lass/2configs/tests/dummy-secrets/ssh.id_rsa3
-rw-r--r--lass/2configs/tests/dummy-secrets/transmission-pw1
-rw-r--r--lass/2configs/umts.nix62
-rw-r--r--lass/2configs/vim.nix463
-rw-r--r--lass/2configs/websites/domsen.nix105
-rw-r--r--lass/2configs/websites/fritz.nix39
-rw-r--r--lass/2configs/weechat.nix1
-rw-r--r--lass/2configs/wordpress.nix59
-rw-r--r--lass/2configs/xserver/Xresources.nix47
-rw-r--r--lass/2configs/zsh.nix8
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/power-action.nix93
-rw-r--r--lass/5pkgs/default.nix9
-rw-r--r--lass/5pkgs/q/default.nix185
-rw-r--r--lass/5pkgs/rs/default.nix6
-rw-r--r--lass/5pkgs/xmonad-lass.nix (renamed from lass/5pkgs/xmonad-lass/Main.hs)17
-rw-r--r--lass/5pkgs/xmonad-lass/.gitignore1
-rw-r--r--lass/5pkgs/xmonad-lass/Makefile6
-rw-r--r--lass/5pkgs/xmonad-lass/xmonad.cabal17
57 files changed, 1448 insertions, 442 deletions
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index a3cc9d7b3..5aa35f5a7 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -13,7 +13,6 @@ in {
../2configs/retiolum.nix
../2configs/git.nix
../2configs/realwallpaper.nix
- ../2configs/realwallpaper-server.nix
../2configs/privoxy-retiolum.nix
{
networking.interfaces.enp2s1.ip4 = [
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index b5e551952..ec9f53694 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -5,7 +5,7 @@
../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/default.nix
- ../2configs/exim-retiolum.nix
+ #../2configs/exim-retiolum.nix
../2configs/git.nix
{
boot.loader.grub = {
@@ -63,6 +63,35 @@
{ predicate = "-p tcp --dport https"; target = "ACCEPT"; }
];
}
+ {
+ #TODO: abstract & move to own file
+ krebs.exim-smarthost = {
+ enable = true;
+ relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
+ config.krebs.hosts.mors
+ config.krebs.hosts.uriel
+ config.krebs.hosts.helios
+ ];
+ system-aliases = [
+ { from = "mailer-daemon"; to = "postmaster"; }
+ { from = "postmaster"; to = "root"; }
+ { from = "nobody"; to = "root"; }
+ { from = "hostmaster"; to = "root"; }
+ { from = "usenet"; to = "root"; }
+ { from = "news"; to = "root"; }
+ { from = "webmaster"; to = "root"; }
+ { from = "www"; to = "root"; }
+ { from = "ftp"; to = "root"; }
+ { from = "abuse"; to = "root"; }
+ { from = "noc"; to = "root"; }
+ { from = "security"; to = "root"; }
+ { from = "root"; to = "lass"; }
+ ];
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.dishfire;
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
index 97734a7bd..8d944ed40 100644
--- a/lass/1systems/echelon.nix
+++ b/lass/1systems/echelon.nix
@@ -11,7 +11,7 @@ in {
../2configs/default.nix
../2configs/exim-retiolum.nix
../2configs/retiolum.nix
- ../2configs/realwallpaper-server.nix
+ ../2configs/realwallpaper.nix
../2configs/privoxy-retiolum.nix
../2configs/git.nix
#../2configs/redis.nix
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index a7a1fd253..f26f0ed5f 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -3,6 +3,7 @@
{
imports = [
../.
+ ../2configs/hw/tp-x220.nix
../2configs/baseX.nix
../2configs/exim-retiolum.nix
../2configs/programs.nix
@@ -14,22 +15,18 @@
../2configs/elster.nix
../2configs/steam.nix
../2configs/wine.nix
- #../2configs/texlive.nix
- ../2configs/binary-caches.nix
- #../2configs/ircd.nix
../2configs/chromium-patched.nix
../2configs/git.nix
- #../2configs/wordpress.nix
../2configs/bitlbee.nix
- #../2configs/firefoxPatched.nix
../2configs/skype.nix
../2configs/teamviewer.nix
../2configs/libvirt.nix
../2configs/fetchWallpaper.nix
- ../2configs/cbase.nix
+ ../2configs/c-base.nix
../2configs/mail.nix
../2configs/krebs-pass.nix
- #../2configs/buildbot-standalone.nix
+ ../2configs/umts.nix
+ ../2configs/repo-sync.nix
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
@@ -57,17 +54,10 @@
# package = pkgs.postgresql;
# };
#}
- {
- }
];
krebs.build.host = config.krebs.hosts.mors;
- networking.wireless.enable = true;
-
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
-
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
@@ -77,7 +67,6 @@
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
- kernelModules = [ "msr" ];
};
fileSystems = {
"/" = {
@@ -131,8 +120,8 @@
};
services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+ SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:85:c9", NAME="et0"
'';
#TODO activationScripts seem broken, fix them!
@@ -146,7 +135,7 @@
#Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp]
#echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control'
#Autosuspend for USB device Biometric Coprocessor
- echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
+ #echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
#Runtime PMs
echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
@@ -168,22 +157,6 @@
echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control'
'';
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
-
- services.xserver = {
- videoDriver = "intel";
- vaapiDrivers = [ pkgs.vaapiIntel ];
- deviceSection = ''
- Option "AccelMethod" "sna"
- BusID "PCI:0:2:0"
- '';
- };
-
environment.systemPackages = with pkgs; [
acronym
cac-api
@@ -214,15 +187,11 @@
};
};
- services.mongodb = {
- enable = true;
+ krebs.repo-sync.timerConfig = {
+ OnCalendar = "00:37";
};
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; }
- ];
- };
+ services.mongodb = {
+ enable = true;
};
}
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 6ed80ac39..5477a8b86 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -19,6 +19,8 @@ in {
../2configs/privoxy-retiolum.nix
../2configs/radio.nix
../2configs/buildbot-standalone.nix
+ ../2configs/repo-sync.nix
+ ../2configs/binary-cache/server.nix
{
imports = [
../2configs/git.nix
@@ -66,8 +68,6 @@ in {
}
{
- #boot.loader.gummiboot.enable = true;
- #boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = {
devices = [
"/dev/sda"
@@ -110,10 +110,6 @@ in {
{
sound.enable = false;
}
- #{
- # #workaround for server dying after 6-7h
- # boot.kernelPackages = pkgs.linuxPackages_4_2;
- #}
{
nixpkgs.config.allowUnfree = true;
}
@@ -202,7 +198,7 @@ in {
}
{
imports = [
- ../2configs/realwallpaper-server.nix
+ ../2configs/realwallpaper.nix
];
krebs.nginx.servers."lassul.us".locations = [
(lib.nameValuePair "/wallpaper.png" ''
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 6829428ff..96d64bda3 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -4,7 +4,9 @@ with builtins;
{
imports = [
../.
+ ../2configs/hw/tp-x220.nix
../2configs/baseX.nix
+ ../2configs/git.nix
../2configs/exim-retiolum.nix
../2configs/browsers.nix
../2configs/programs.nix
@@ -19,34 +21,10 @@ with builtins;
# };
# };
#}
- {
- #x220 config from mors
- #TODO: make x220 config file (or look in other user dir)
- hardware.trackpoint = {
- enable = true;
- sensitivity = 220;
- speed = 0;
- emulateWheel = true;
- };
-
- services.xserver = {
- videoDriver = "intel";
- vaapiDrivers = [ pkgs.vaapiIntel ];
- deviceSection = ''
- Option "AccelMethod" "sna"
- BusID "PCI:0:2:0"
- '';
- };
- }
];
krebs.build.host = config.krebs.hosts.shodan;
- networking.wireless.enable = true;
-
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
-
boot = {
loader.grub.enable = true;
loader.grub.version = 2;
@@ -56,7 +34,6 @@ with builtins;
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
- kernelModules = [ "msr" ];
};
fileSystems = {
"/" = {
@@ -67,10 +44,15 @@ with builtins;
"/boot" = {
device = "/dev/sda1";
};
+
+ "/home/lass" = {
+ device = "/dev/pool/home-lass";
+ fsType = "ext4";
+ };
};
- #services.udev.extraRules = ''
- # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
- # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
- #'';
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+ '';
}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 16f7502ac..6d26ff89a 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -8,7 +8,13 @@ in {
#./urxvt.nix
./xserver
./mpv.nix
+ #./pulse.nix
+ ./power-action.nix
];
+ hardware.pulseaudio = {
+ enable = true;
+ systemWide = true;
+ };
users.extraUsers.mainUser.extraGroups = [ "audio" ];
@@ -16,11 +22,6 @@ in {
virtualisation.libvirtd.enable = true;
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
-
programs.ssh.startAgent = false;
security.setuidPrograms = [ "slock" ];
@@ -32,6 +33,7 @@ in {
environment.systemPackages = with pkgs; [
+ acpi
dmenu
gitAndTools.qgit
lm_sensors
@@ -44,6 +46,7 @@ in {
sxiv
xclip
xorg.xbacklight
+ xorg.xhost
xsel
zathura
diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix
new file mode 100644
index 000000000..108ff7a1e
--- /dev/null
+++ b/lass/2configs/binary-cache/client.nix
@@ -0,0 +1,9 @@
+{ config, ... }:
+
+{
+ nix = {
+ binaryCaches = ["http://cache.prism.r"];
+ binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
+ };
+}
+
diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
new file mode 100644
index 000000000..22ec04307
--- /dev/null
+++ b/lass/2configs/binary-cache/server.nix
@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ...}:
+
+{
+ # generate private key with:
+ # nix-store --generate-binary-cache-key my-secret-key my-public-key
+ services.nix-serve = {
+ enable = true;
+ secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+ };
+
+ systemd.services.nix-serve = {
+ requires = ["secret.service"];
+ after = ["secret.service"];
+ };
+ krebs.secret.files.nix-serve-key = {
+ path = "/run/secret/nix-serve.key";
+ owner.name = "nix-serve";
+ source-path = toString <secrets> + "/nix-serve.key";
+ };
+ krebs.nginx = {
+ enable = true;
+ servers.nix-serve = {
+ server-names = [ "cache.prism.r" ];
+ locations = lib.singleton (lib.nameValuePair "/" ''
+ proxy_pass http://localhost:${toString config.services.nix-serve.port};
+ '');
+ };
+ };
+}
+
diff --git a/lass/2configs/binary-caches.nix b/lass/2configs/binary-caches.nix
deleted file mode 100644
index c2727520d..000000000
--- a/lass/2configs/binary-caches.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, ... }:
-
-{
- nix.sshServe.enable = true;
- nix.sshServe.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF9SBNKE3Pw/ALwTfzpzs+j6Rpaf0kUy6FiPMmgNNNt root@mors"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCZSq5oLrokkh3F+MOdK5/nzVIEDvqyvfzLMNWmzsYD root@uriel"
- ];
- nix.binaryCaches = [
- #"scp://nix-ssh@mors"
- #"scp://nix-ssh@uriel"
- ];
-}
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 604d0728d..04bdcf9d8 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -1,6 +1,14 @@
{ lib, config, pkgs, ... }:
-{
- krebs.buildbot.master = let
+
+with config.krebs.lib;
+
+let
+ sshWrapper = pkgs.writeDash "ssh-wrapper" ''
+ ${pkgs.openssh}/bin/ssh -i ${shell.escape config.lass.build-ssh-privkey.path} "$@"
+ '';
+
+in {
+ config.krebs.buildbot.master = let
stockholm-mirror-url = http://cgit.prism/stockholm ;
in {
slaves = {
@@ -25,20 +33,38 @@
sched.append(schedulers.SingleBranchScheduler(
## all branches
change_filter=util.ChangeFilter(branch_re=".*"),
- # treeStableTimer=10,
+ treeStableTimer=10,
name="fast-all-branches",
builderNames=["fast-tests"]))
'';
+ build-scheduler = ''
+ # build all hosts
+ sched.append(schedulers.SingleBranchScheduler(
+ change_filter=util.ChangeFilter(branch_re=".*"),
+ treeStableTimer=10,
+ name="prism-all-branches",
+ builderNames=["build-all"]))
+ '';
};
builder_pre = ''
# prepare grab_repo step for stockholm
grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
- env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"}
+ # TODO: get nixpkgs/stockholm paths from krebs
+ env_lass = {
+ "LOGNAME": "lass",
+ "NIX_REMOTE": "daemon",
+ "dummy_secrets": "true",
+ }
+ env_makefu = {
+ "LOGNAME": "makefu",
+ "NIX_REMOTE": "daemon",
+ "dummy_secrets": "true",
+ }
# prepare nix-shell
# the dependencies which are used by the test script
- deps = [ "gnumake", "jq","nix","rsync" ]
+ deps = [ "gnumake", "jq", "nix", "rsync", "proot" ]
# TODO: --pure , prepare ENV in nix-shell command:
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
nixshell = ["nix-shell",
@@ -51,16 +77,45 @@
factory.addStep(steps.ShellCommand(**kwargs))
'';
builder = {
+ build-all = ''
+ f = util.BuildFactory()
+ f.addStep(grab_repo)
+ for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
+ addShell(f,name="build-{}".format(i),env=env_lass,
+ command=nixshell + \
+ ["make \
+ test \
+ ssh=${sshWrapper} \
+ target=build@localhost:${config.users.users.build.home}/testbuild \
+ method=build \
+ system={}".format(i)])
+
+ for i in [ "pornocauster", "wry" ]:
+ addShell(f,name="build-{}".format(i),env=env_makefu,
+ command=nixshell + \
+ ["make \
+ test \
+ ssh=${sshWrapper} \
+ target=build@localhost:${config.users.users.build.home}/testbuild \
+ method=build \
+ system={}".format(i)])
+
+ bu.append(util.BuilderConfig(name="build-all",
+ slavenames=slavenames,
+ factory=f))
+
+ '';
+
fast-tests = ''
f = util.BuildFactory()
f.addStep(grab_repo)
for i in [ "prism", "mors", "echelon" ]:
- addShell(f,name="populate-{}".format(i),env=env,
+ addShell(f,name="populate-{}".format(i),env=env_lass,
command=nixshell + \
["{}( make system={} eval.config.krebs.build.populate \
| jq -er .)".format("!" if "failing" in i else "",i)])
- addShell(f,name="build-test-minimal",env=env,
+ addShell(f,name="build-test-minimal",env=env_lass,
command=nixshell + \
["nix-instantiate \
--show-trace --eval --strict --json \
@@ -86,17 +141,17 @@
};
};
- krebs.buildbot.slave = {
+ config.krebs.buildbot.slave = {
enable = true;
masterhost = "localhost";
username = "testslave";
password = "lasspass";
packages = with pkgs;[ git nix gnumake jq rsync ];
extraEnviron = {
- NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix";
+ NIX_PATH="nixpkgs=/var/src/nixpkgs";
};
};
- krebs.iptables = {
+ config.krebs.iptables = {
tables = {
filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8010"; target = "ACCEPT"; }
@@ -104,4 +159,29 @@