diff options
author | tv <tv@krebsco.de> | 2015-12-20 19:37:46 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2015-12-20 19:37:46 +0100 |
commit | c89907175546aa0c39bc6b2c4960f0ea6e6db8c9 (patch) | |
tree | 158bf1a5938fc37efc466b00b3f0906ac2a50d9f /makefu/1systems | |
parent | c09bc6a29f21f1c6bd21575e385b8b3bc5c89b8a (diff) | |
parent | 5821d8438578db623a3e248c52fefa424fad0b51 (diff) |
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/1systems')
-rw-r--r-- | makefu/1systems/filepimp.nix | 2 | ||||
-rw-r--r-- | makefu/1systems/gum.nix | 68 | ||||
-rw-r--r-- | makefu/1systems/omo.nix | 37 | ||||
-rw-r--r-- | makefu/1systems/pornocauster.nix | 21 | ||||
-rw-r--r-- | makefu/1systems/vbob.nix | 88 | ||||
-rw-r--r-- | makefu/1systems/wry.nix | 17 |
6 files changed, 209 insertions, 24 deletions
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix index fb1a57552..66ea2ce90 100644 --- a/makefu/1systems/filepimp.nix +++ b/makefu/1systems/filepimp.nix @@ -7,8 +7,6 @@ { imports = [ # Include the results of the hardware scan. - ../2configs/default.nix - ../2configs/fs/vm-single-partition.nix ../2configs/fs/single-partition-ext4.nix ../2configs/tinc-basic-retiolum.nix ]; diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 85cf4c533..417a020fa 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -9,24 +9,71 @@ in { # TODO: copy this config or move to krebs ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix + ../2configs/fs/simple-swap.nix + ../2configs/fs/single-partition-ext4.nix # ../2configs/iodined.nix - - # Reaktor - ../2configs/Reaktor/simpleExtend.nix + ../2configs/git/cgit-retiolum.nix + ../2configs/mattermost-docker.nix + ../2configs/nginx/euer.test.nix ]; + + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + + ###### stable + krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; + krebs.retiolum.extraConfig = '' + ListenAddress = ${external-ip} 53 + ListenAddress = ${external-ip} 655 + ListenAddress = ${external-ip} 21031 + ''; - krebs.Reaktor.enable = true; + # Chat + environment.systemPackages = with pkgs;[ + weechat + bepasty-client-cli + get + ]; + services.bitlbee.enable = true; - # prepare graphs - krebs.nginx.enable = true; + # Hardware + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ]; + boot.kernelModules = [ "kvm-intel" ]; + # Network + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" + ''; + boot.kernelParams = [ "ipv6.disable=1" ]; networking = { - firewall.allowPing = true; - firewall.allowedTCPPorts = [ 80 443 655 ]; - firewall.allowedUDPPorts = [ 655 ]; - interfaces.enp2s1.ip4 = [{ + enableIPv6 = false; + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ + # smtp + 25 + # http + 80 443 + # tinc + 655 + # tinc-shack + 21032 + # tinc-retiolum + 21031 + ]; + allowedUDPPorts = [ + # tinc + 655 53 + # tinc-retiolum + 21031 + # tinc-shack + 21032 + ]; + }; + interfaces.et0.ip4 = [{ address = external-ip; prefixLength = 24; }]; @@ -34,5 +81,4 @@ in { nameservers = [ "8.8.8.8" ]; }; - # based on ../../tv/2configs/CAC-Developer-2.nix } diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix new file mode 100644 index 000000000..6ae79398a --- /dev/null +++ b/makefu/1systems/omo.nix @@ -0,0 +1,37 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ../2configs/fs/single-partition-ext4.nix + ../2configs/tinc-basic-retiolum.nix + ../2configs/exim-retiolum.nix + ]; + krebs.build.host = config.krebs.hosts.omo; + + # AMD E350 + boot = { + loader.grub.device = "/dev/sda"; + + initrd.availableKernelModules = [ + "usb_storage" + "ahci" + "xhci_hcd" + "ata_piix" + "uhci_hcd" + "ehci_pci" + ]; + + kernelModules = [ ]; + extraModulePackages = [ ]; + }; + + hardware.enableAllFirmware = true; + hardware.cpu.amd.updateMicrocode = true; + + networking.firewall.allowPing = true; +} diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 8624cb2d1..28b77d330 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -6,21 +6,21 @@ { imports = [ # Include the results of the hardware scan. - ../2configs/main-laptop.nix #< base-gui + ../2configs/main-laptop.nix #< base-gui + zsh # Krebs ../2configs/tinc-basic-retiolum.nix #../2configs/disable_v6.nix - # environment - ../2configs/zsh-user.nix # applications + ../2configs/exim-retiolum.nix ../2configs/mail-client.nix + ../2configs/printer.nix #../2configs/virtualization.nix ../2configs/virtualization.nix - #../2configs/virtualization-virtualbox.nix + ../2configs/virtualization-virtualbox.nix ../2configs/wwan.nix # services @@ -34,15 +34,23 @@ # ../2configs/mediawiki.nix #../2configs/wordpress.nix ]; + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + buildbot = let + pkgs1509 = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; + in pkgs1509.buildbot; + }; + makefu.buildbot.master.enable = true; + #krebs.Reaktor.enable = true; #krebs.Reaktor.nickname = "makefu|r"; - - krebs.build.host = config.krebs.hosts.pornocauster; + # nix.binaryCaches = [ "http://acng.shack/nixos" "https://cache.nixos.org" ]; environment.systemPackages = with pkgs;[ get virtmanager gnome3.dconf + krebspaste ]; services.logind.extraConfig = "HandleLidSwitch=ignore"; @@ -54,4 +62,5 @@ 25 ]; + krebs.build.host = config.krebs.hosts.pornocauster; } diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix new file mode 100644 index 000000000..a24cefd0d --- /dev/null +++ b/makefu/1systems/vbob.nix @@ -0,0 +1,88 @@ +# +# +# +{ lib, config, pkgs, ... }: +let + pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; +in { + krebs.build.host = config.krebs.hosts.vbob; + krebs.build.target = "root@10.10.10.220"; + imports = + [ # Include the results of the hardware scan. + <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix> + ../2configs/main-laptop.nix #< base-gui + + # environment + + ]; + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + buildbot = pkgs-unst.buildbot; + buildbot-slave = pkgs-unst.buildbot-slave; + }; + + makefu.buildbot.master = { + enable = true; + irc = { + enable = true; + server = "cd.retiolum"; + channel = "retiolum"; + allowForce = true; + }; + }; + makefu.buildbot.slave = { + enable = true; + masterhost = "localhost"; + username = "testslave"; + password = "krebspass"; + packages = with pkgs;[ git nix ]; + extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; }; + }; + + krebs.build.source.git.nixpkgs = { + #url = https://github.com/nixos/nixpkgs; + # HTTP Everywhere + rev = "a3974e"; + }; + fileSystems."/nix" = { + device ="/dev/disk/by-label/nixstore"; + fsType = "ext4"; + }; + #makefu.buildbot.master.enable = true; + # allow vbob to deploy self + users.extraUsers = { + root = { + openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; + }; + }; + environment.systemPackages = with pkgs;[ + buildbot + buildbot-slave + get + genid + ]; + + networking.firewall.allowedTCPPorts = [ + 25 + 80 + 8010 + ]; + + krebs.retiolum = { + enable = true; + extraConfig = "Proxy = http global.proxy.alcatel-lucent.com 8000"; + hosts = ../../krebs/Zhosts; + connectTo = [ + "gum" + ]; + }; + + networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000"; + fileSystems."/media/share" = { + fsType = "vboxsf"; + device = "share"; + options = "rw,uid=9001,gid=9001"; + }; + +} + diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index ba94972fb..cd2b3f657 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -24,11 +24,11 @@ in { # other nginx ../2configs/nginx/euer.wiki.nix ../2configs/nginx/euer.blog.nix + ../2configs/nginx/euer.test.nix # collectd ../2configs/collectd/collectd-base.nix ]; - krebs.build.host = config.krebs.hosts.wry; krebs.Reaktor.enable = true; @@ -59,9 +59,12 @@ in { }; networking = { - firewall.allowPing = true; - firewall.allowedTCPPorts = [ 53 80 443 ]; - firewall.allowedUDPPorts = [ 655 ]; + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ 53 80 443 ]; + allowedUDPPorts = [ 655 ]; + }; interfaces.enp2s1.ip4 = [{ address = external-ip; prefixLength = 24; @@ -70,5 +73,9 @@ in { nameservers = [ "8.8.8.8" ]; }; - environment.systemPackages = [ pkgs.translate-shell ]; + # small machine - do not forget to gc every day + nix.gc.automatic = true; + nix.gc.dates = "03:10"; + + environment.systemPackages = [ ]; } |