summaryrefslogtreecommitdiffstats
path: root/makefu/1systems/gum.nix
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2015-12-20 19:37:46 +0100
committertv <tv@krebsco.de>2015-12-20 19:37:46 +0100
commitc89907175546aa0c39bc6b2c4960f0ea6e6db8c9 (patch)
tree158bf1a5938fc37efc466b00b3f0906ac2a50d9f /makefu/1systems/gum.nix
parentc09bc6a29f21f1c6bd21575e385b8b3bc5c89b8a (diff)
parent5821d8438578db623a3e248c52fefa424fad0b51 (diff)
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/1systems/gum.nix')
-rw-r--r--makefu/1systems/gum.nix68
1 files changed, 57 insertions, 11 deletions
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 85cf4c533..417a020fa 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -9,24 +9,71 @@ in {
# TODO: copy this config or move to krebs
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
+ ../2configs/fs/simple-swap.nix
+ ../2configs/fs/single-partition-ext4.nix
# ../2configs/iodined.nix
-
- # Reaktor
- ../2configs/Reaktor/simpleExtend.nix
+ ../2configs/git/cgit-retiolum.nix
+ ../2configs/mattermost-docker.nix
+ ../2configs/nginx/euer.test.nix
];
+
+ nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
+
+ ###### stable
+ krebs.build.target = "root@gum.krebsco.de";
krebs.build.host = config.krebs.hosts.gum;
+ krebs.retiolum.extraConfig = ''
+ ListenAddress = ${external-ip} 53
+ ListenAddress = ${external-ip} 655
+ ListenAddress = ${external-ip} 21031
+ '';
- krebs.Reaktor.enable = true;
+ # Chat
+ environment.systemPackages = with pkgs;[
+ weechat
+ bepasty-client-cli
+ get
+ ];
+ services.bitlbee.enable = true;
- # prepare graphs
- krebs.nginx.enable = true;
+ # Hardware
+ boot.loader.grub.device = "/dev/sda";
+ boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ # Network
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
+ '';
+ boot.kernelParams = [ "ipv6.disable=1" ];
networking = {
- firewall.allowPing = true;
- firewall.allowedTCPPorts = [ 80 443 655 ];
- firewall.allowedUDPPorts = [ 655 ];
- interfaces.enp2s1.ip4 = [{
+ enableIPv6 = false;
+ firewall = {
+ allowPing = true;
+ logRefusedConnections = false;
+ allowedTCPPorts = [
+ # smtp
+ 25
+ # http
+ 80 443
+ # tinc
+ 655
+ # tinc-shack
+ 21032
+ # tinc-retiolum
+ 21031
+ ];
+ allowedUDPPorts = [
+ # tinc
+ 655 53
+ # tinc-retiolum
+ 21031
+ # tinc-shack
+ 21032
+ ];
+ };
+ interfaces.et0.ip4 = [{
address = external-ip;
prefixLength = 24;
}];
@@ -34,5 +81,4 @@ in {
nameservers = [ "8.8.8.8" ];
};
- # based on ../../tv/2configs/CAC-Developer-2.nix
}