summaryrefslogtreecommitdiffstats
path: root/makefu/1systems
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2015-12-20 19:37:46 +0100
committertv <tv@krebsco.de>2015-12-20 19:37:46 +0100
commitc89907175546aa0c39bc6b2c4960f0ea6e6db8c9 (patch)
tree158bf1a5938fc37efc466b00b3f0906ac2a50d9f /makefu/1systems
parentc09bc6a29f21f1c6bd21575e385b8b3bc5c89b8a (diff)
parent5821d8438578db623a3e248c52fefa424fad0b51 (diff)
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/1systems')
-rw-r--r--makefu/1systems/filepimp.nix2
-rw-r--r--makefu/1systems/gum.nix68
-rw-r--r--makefu/1systems/omo.nix37
-rw-r--r--makefu/1systems/pornocauster.nix21
-rw-r--r--makefu/1systems/vbob.nix88
-rw-r--r--makefu/1systems/wry.nix17
6 files changed, 209 insertions, 24 deletions
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
index fb1a57552..66ea2ce90 100644
--- a/makefu/1systems/filepimp.nix
+++ b/makefu/1systems/filepimp.nix
@@ -7,8 +7,6 @@
{
imports =
[ # Include the results of the hardware scan.
- ../2configs/default.nix
- ../2configs/fs/vm-single-partition.nix
../2configs/fs/single-partition-ext4.nix
../2configs/tinc-basic-retiolum.nix
];
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 85cf4c533..417a020fa 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -9,24 +9,71 @@ in {
# TODO: copy this config or move to krebs
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
+ ../2configs/fs/simple-swap.nix
+ ../2configs/fs/single-partition-ext4.nix
# ../2configs/iodined.nix
-
- # Reaktor
- ../2configs/Reaktor/simpleExtend.nix
+ ../2configs/git/cgit-retiolum.nix
+ ../2configs/mattermost-docker.nix
+ ../2configs/nginx/euer.test.nix
];
+
+ nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
+
+ ###### stable
+ krebs.build.target = "root@gum.krebsco.de";
krebs.build.host = config.krebs.hosts.gum;
+ krebs.retiolum.extraConfig = ''
+ ListenAddress = ${external-ip} 53
+ ListenAddress = ${external-ip} 655
+ ListenAddress = ${external-ip} 21031
+ '';
- krebs.Reaktor.enable = true;
+ # Chat
+ environment.systemPackages = with pkgs;[
+ weechat
+ bepasty-client-cli
+ get
+ ];
+ services.bitlbee.enable = true;
- # prepare graphs
- krebs.nginx.enable = true;
+ # Hardware
+ boot.loader.grub.device = "/dev/sda";
+ boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ # Network
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
+ '';
+ boot.kernelParams = [ "ipv6.disable=1" ];
networking = {
- firewall.allowPing = true;
- firewall.allowedTCPPorts = [ 80 443 655 ];
- firewall.allowedUDPPorts = [ 655 ];
- interfaces.enp2s1.ip4 = [{
+ enableIPv6 = false;
+ firewall = {
+ allowPing = true;
+ logRefusedConnections = false;
+ allowedTCPPorts = [
+ # smtp
+ 25
+ # http
+ 80 443
+ # tinc
+ 655
+ # tinc-shack
+ 21032
+ # tinc-retiolum
+ 21031
+ ];
+ allowedUDPPorts = [
+ # tinc
+ 655 53
+ # tinc-retiolum
+ 21031
+ # tinc-shack
+ 21032
+ ];
+ };
+ interfaces.et0.ip4 = [{
address = external-ip;
prefixLength = 24;
}];
@@ -34,5 +81,4 @@ in {
nameservers = [ "8.8.8.8" ];
};
- # based on ../../tv/2configs/CAC-Developer-2.nix
}
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
new file mode 100644
index 000000000..6ae79398a
--- /dev/null
+++ b/makefu/1systems/omo.nix
@@ -0,0 +1,37 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+ imports =
+ [ # Include the results of the hardware scan.
+ ../2configs/fs/single-partition-ext4.nix
+ ../2configs/tinc-basic-retiolum.nix
+ ../2configs/exim-retiolum.nix
+ ];
+ krebs.build.host = config.krebs.hosts.omo;
+
+ # AMD E350
+ boot = {
+ loader.grub.device = "/dev/sda";
+
+ initrd.availableKernelModules = [
+ "usb_storage"
+ "ahci"
+ "xhci_hcd"
+ "ata_piix"
+ "uhci_hcd"
+ "ehci_pci"
+ ];
+
+ kernelModules = [ ];
+ extraModulePackages = [ ];
+ };
+
+ hardware.enableAllFirmware = true;
+ hardware.cpu.amd.updateMicrocode = true;
+
+ networking.firewall.allowPing = true;
+}
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 8624cb2d1..28b77d330 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -6,21 +6,21 @@
{
imports =
[ # Include the results of the hardware scan.
- ../2configs/main-laptop.nix #< base-gui
+ ../2configs/main-laptop.nix #< base-gui + zsh
# Krebs
../2configs/tinc-basic-retiolum.nix
#../2configs/disable_v6.nix
- # environment
- ../2configs/zsh-user.nix
# applications
+
../2configs/exim-retiolum.nix
../2configs/mail-client.nix
+ ../2configs/printer.nix
#../2configs/virtualization.nix
../2configs/virtualization.nix
- #../2configs/virtualization-virtualbox.nix
+ ../2configs/virtualization-virtualbox.nix
../2configs/wwan.nix
# services
@@ -34,15 +34,23 @@
# ../2configs/mediawiki.nix
#../2configs/wordpress.nix
];
+ nixpkgs.config.packageOverrides = pkgs: {
+ tinc = pkgs.tinc_pre;
+ buildbot = let
+ pkgs1509 = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
+ in pkgs1509.buildbot;
+ };
+ makefu.buildbot.master.enable = true;
+
#krebs.Reaktor.enable = true;
#krebs.Reaktor.nickname = "makefu|r";
-
- krebs.build.host = config.krebs.hosts.pornocauster;
+ # nix.binaryCaches = [ "http://acng.shack/nixos" "https://cache.nixos.org" ];
environment.systemPackages = with pkgs;[
get
virtmanager
gnome3.dconf
+ krebspaste
];
services.logind.extraConfig = "HandleLidSwitch=ignore";
@@ -54,4 +62,5 @@
25
];
+ krebs.build.host = config.krebs.hosts.pornocauster;
}
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
new file mode 100644
index 000000000..a24cefd0d
--- /dev/null
+++ b/makefu/1systems/vbob.nix
@@ -0,0 +1,88 @@
+#
+#
+#
+{ lib, config, pkgs, ... }:
+let
+ pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
+in {
+ krebs.build.host = config.krebs.hosts.vbob;
+ krebs.build.target = "root@10.10.10.220";
+ imports =
+ [ # Include the results of the hardware scan.
+ <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
+ ../2configs/main-laptop.nix #< base-gui
+
+ # environment
+
+ ];
+ nixpkgs.config.packageOverrides = pkgs: {
+ tinc = pkgs.tinc_pre;
+ buildbot = pkgs-unst.buildbot;
+ buildbot-slave = pkgs-unst.buildbot-slave;
+ };
+
+ makefu.buildbot.master = {
+ enable = true;
+ irc = {
+ enable = true;
+ server = "cd.retiolum";
+ channel = "retiolum";
+ allowForce = true;
+ };
+ };
+ makefu.buildbot.slave = {
+ enable = true;
+ masterhost = "localhost";
+ username = "testslave";
+ password = "krebspass";
+ packages = with pkgs;[ git nix ];
+ extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
+ };
+
+ krebs.build.source.git.nixpkgs = {
+ #url = https://github.com/nixos/nixpkgs;
+ # HTTP Everywhere
+ rev = "a3974e";
+ };
+ fileSystems."/nix" = {
+ device ="/dev/disk/by-label/nixstore";
+ fsType = "ext4";
+ };
+ #makefu.buildbot.master.enable = true;
+ # allow vbob to deploy self
+ users.extraUsers = {
+ root = {
+ openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
+ };
+ };
+ environment.systemPackages = with pkgs;[
+ buildbot
+ buildbot-slave
+ get
+ genid
+ ];
+
+ networking.firewall.allowedTCPPorts = [
+ 25
+ 80
+ 8010
+ ];
+
+ krebs.retiolum = {
+ enable = true;
+ extraConfig = "Proxy = http global.proxy.alcatel-lucent.com 8000";
+ hosts = ../../krebs/Zhosts;
+ connectTo = [
+ "gum"
+ ];
+ };
+
+ networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000";
+ fileSystems."/media/share" = {
+ fsType = "vboxsf";
+ device = "share";
+ options = "rw,uid=9001,gid=9001";
+ };
+
+}
+
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index ba94972fb..cd2b3f657 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -24,11 +24,11 @@ in {
# other nginx
../2configs/nginx/euer.wiki.nix
../2configs/nginx/euer.blog.nix
+ ../2configs/nginx/euer.test.nix
# collectd
../2configs/collectd/collectd-base.nix
];
-
krebs.build.host = config.krebs.hosts.wry;
krebs.Reaktor.enable = true;
@@ -59,9 +59,12 @@ in {
};
networking = {
- firewall.allowPing = true;
- firewall.allowedTCPPorts = [ 53 80 443 ];
- firewall.allowedUDPPorts = [ 655 ];
+ firewall = {
+ allowPing = true;
+ logRefusedConnections = false;
+ allowedTCPPorts = [ 53 80 443 ];
+ allowedUDPPorts = [ 655 ];
+ };
interfaces.enp2s1.ip4 = [{
address = external-ip;
prefixLength = 24;
@@ -70,5 +73,9 @@ in {
nameservers = [ "8.8.8.8" ];
};
- environment.systemPackages = [ pkgs.translate-shell ];
+ # small machine - do not forget to gc every day
+ nix.gc.automatic = true;
+ nix.gc.dates = "03:10";
+
+ environment.systemPackages = [ ];
}