diff options
author | tv <tv@krebsco.de> | 2017-07-14 00:17:58 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2017-07-14 00:21:02 +0200 |
commit | 58380c82848c3db0bd6c3d74904153f3464c2098 (patch) | |
tree | dcefa424c037ef13edba18967143b3290dc739cb /shared | |
parent | c213968c44befe32f115ec0122accebdabd89582 (diff) |
merge shared into krebs
Diffstat (limited to 'shared')
40 files changed, 0 insertions, 1234 deletions
diff --git a/shared/1systems/test-all-krebs-modules/config.nix b/shared/1systems/test-all-krebs-modules/config.nix deleted file mode 100644 index 7ebcf3b50..000000000 --- a/shared/1systems/test-all-krebs-modules/config.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, pkgs, lib, ... }: -let - en = { enable = true;}; -in { - imports = [ - <stockholm/shared> - ]; - krebs = { - enable = true; - build.user = config.krebs.users.shared; - build.host = config.krebs.hosts.test-all-krebs-modules; - Reaktor.test = {}; - apt-cacher-ng.enable = true; - backup.enable = true; - bepasty.enable = true; - # FIXME fast-tests / instantiate-test-all-modules fails at wolfbot - # http://wolf:8010/builders/fast-tests/builds/442 - #buildbot.master.enable = true; - buildbot.worker = { - enable = true; - username = "lol"; - password = "wut"; - }; - # XXX exim-retiolum and exim-smarthost are mutually exclusive - #exim-retiolum = { - # enable = true; - # primary_hostname = "test.r"; - #}; - exim-smarthost = { - enable = true; - primary_hostname = "test.r"; - system-aliases = [ { from = "dick"; to = "butt"; } ]; - }; - go.enable = true; - iptables = { - enable = true; - tables = {}; - }; - realwallpaper.enable = true; - tinc.retiolum.enable = true; - retiolum-bootstrap.enable = true; - tinc_graphs.enable = true; - urlwatch.enable = true; - fetchWallpaper = { - enable = true; - url ="localhost"; - }; - }; - # just get the system running - boot.loader.grub.devices = ["/dev/sda"]; - fileSystems."/" = { - device = "/dev/lol"; - }; -} diff --git a/shared/1systems/test-all-krebs-modules/source.nix b/shared/1systems/test-all-krebs-modules/source.nix deleted file mode 100644 index 58d72365f..000000000 --- a/shared/1systems/test-all-krebs-modules/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/shared/source.nix> { - name = "test-all-krebs-modules"; -} diff --git a/shared/1systems/test-arch/config.nix b/shared/1systems/test-arch/config.nix deleted file mode 100644 index 453483d48..000000000 --- a/shared/1systems/test-arch/config.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - <stockholm/shared> - { - boot.loader.grub = { - device = "/dev/sda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - ]; - - fileSystems."/" = { - device = "/dev/sda1"; - }; - } - { - networking.dhcpcd.allowInterfaces = [ - "enp*" - ]; - } - { - sound.enable = false; - } - ]; - - krebs.build.host = config.krebs.hosts.test-arch; -} diff --git a/shared/1systems/test-arch/source.nix b/shared/1systems/test-arch/source.nix deleted file mode 100644 index ca2305684..000000000 --- a/shared/1systems/test-arch/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/shared/source.nix> { - name = "test-arch"; -} diff --git a/shared/1systems/test-centos6/config.nix b/shared/1systems/test-centos6/config.nix deleted file mode 100644 index a81ff7c51..000000000 --- a/shared/1systems/test-centos6/config.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) head; - - ip = "168.235.148.52"; - gw = "168.235.148.1"; -in { - imports = [ - <stockholm/shared> - <stockholm/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix> - { - networking.interfaces.enp11s0.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = gw; - networking.nameservers = [ - "8.8.8.8" - ]; - } - { - sound.enable = false; - } - ]; - - krebs.build.host = config.krebs.hosts.test-centos6; -} diff --git a/shared/1systems/test-centos6/source.nix b/shared/1systems/test-centos6/source.nix deleted file mode 100644 index 0c7c78ec0..000000000 --- a/shared/1systems/test-centos6/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/shared/source.nix> { - name = "test-centos6"; -} diff --git a/shared/1systems/test-centos7/config.nix b/shared/1systems/test-centos7/config.nix deleted file mode 100644 index 58f99e87c..000000000 --- a/shared/1systems/test-centos7/config.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) head; - -in { - imports = [ - <stockholm/shared> - <stockholm/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix> - <stockholm/shared/2configs/temp/networking.nix> - <stockholm/shared/2configs/temp/dirs.nix> - ]; - - sound.enable = false; - krebs.build.host = config.krebs.hosts.test-centos7; -} diff --git a/shared/1systems/test-centos7/source.nix b/shared/1systems/test-centos7/source.nix deleted file mode 100644 index 5144477fe..000000000 --- a/shared/1systems/test-centos7/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/shared/source.nix> { - name = "test-centos7"; -} diff --git a/shared/1systems/test-failing/config.nix b/shared/1systems/test-failing/config.nix deleted file mode 100644 index fb6a58397..000000000 --- a/shared/1systems/test-failing/config.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - <stockholm/shared> - ]; - programs.ssh.startAgent = true; - programs.ssh.startAgent = false; -} diff --git a/shared/1systems/test-failing/source.nix b/shared/1systems/test-failing/source.nix deleted file mode 100644 index 3e17d0b52..000000000 --- a/shared/1systems/test-failing/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/shared/source.nix> { - name = "test-failing"; -} diff --git a/shared/1systems/test-minimal-deploy/config.nix b/shared/1systems/test-minimal-deploy/config.nix deleted file mode 100644 index eab703671..000000000 --- a/shared/1systems/test-minimal-deploy/config.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - imports = [ - <stockholm/shared> - ]; - krebs = { - enable = true; - build.user = config.krebs.users.shared; - build.host = config.krebs.hosts.test-all-krebs-modules; - }; - # just get the system to eval in nixos without errors - boot.loader.grub.devices = ["/dev/sda"]; - fileSystems."/" = { - device = "/dev/lol"; - }; -} diff --git a/shared/1systems/test-minimal-deploy/source.nix b/shared/1systems/test-minimal-deploy/source.nix deleted file mode 100644 index 2368cdd49..000000000 --- a/shared/1systems/test-minimal-deploy/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/shared/source.nix> { - name = "test-minimal-deploy"; -} diff --git a/shared/1systems/wolf/config.nix b/shared/1systems/wolf/config.nix deleted file mode 100644 index 636f8e822..000000000 --- a/shared/1systems/wolf/config.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ config, pkgs, ... }: -let - shack-ip = config.krebs.build.host.nets.shack.ip4.addr; -in -{ - imports = [ - <stockholm/shared> - <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - <stockholm/shared/2configs/collectd-base.nix> - <stockholm/shared/2configs/central-stats-client.nix> - <stockholm/shared/2configs/save-diskspace.nix> - - <stockholm/shared/2configs/cgit-mirror.nix> - <stockholm/shared/2configs/graphite.nix> - <stockholm/shared/2configs/repo-sync.nix> - <stockholm/shared/2configs/shared-buildbot.nix> - - <stockholm/shared/2configs/shack/worlddomination.nix> - <stockholm/shared/2configs/shack/drivedroid.nix> - # <stockholm/shared/2configs/shack/nix-cacher.nix> - <stockholm/shared/2configs/shack/mqtt_sub.nix> - <stockholm/shared/2configs/shack/muell_caller.nix> - <stockholm/shared/2configs/shack/radioactive.nix> - <stockholm/shared/2configs/shack/share.nix> - - ]; - # use your own binary cache, fallback use cache.nixos.org (which is used by - # apt-cacher-ng in first place) - - services.influxdb.enable = true; - - # local discovery in shackspace - nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; - krebs.tinc.retiolum.extraConfig = "TCPOnly = yes"; - services.grafana = { - enable = true; - addr = "0.0.0.0"; - users.allowSignUp = true; - users.allowOrgCreate = true; - users.autoAssignOrg = true; - auth.anonymous.enable = true; - security = import <secrets/grafana_security.nix>; - }; - - nix = { - # use the up to date prism cache - binaryCaches = [ - "http://cache.prism.r" - "https://cache.nixos.org/" - ]; - binaryCachePublicKeys = [ - "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" - "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" - ]; - }; - - networking = { - firewall.enable = false; - firewall.allowedTCPPorts = [ 8088 8086 8083 ]; - interfaces.enp0s3.ip4 = [{ - address = shack-ip; - prefixLength = 20; - }]; - - defaultGateway = "10.42.0.1"; - nameservers = [ "10.42.0.100" "10.42.0.200" ]; - }; - - ##################### - # uninteresting stuff - ##################### - krebs.build.host = config.krebs.hosts.wolf; - - boot.kernel.sysctl = { - # Enable IPv6 Privacy Extensions - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" - ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/vda"; - - fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; - - swapDevices = [ - { device = "/dev/disk/by-label/swap"; } - ]; - # fallout of ipv6calypse - networking.extraHosts = '' - hass.shack 10.42.2.191 - heidi.shack 10.42.2.135 - ''; - - users.extraUsers.root.openssh.authorizedKeys.keys = [ - config.krebs.users.ulrich.pubkey - ]; - - time.timeZone = "Europe/Berlin"; - sound.enable = false; -} diff --git a/shared/1systems/wolf/source.nix b/shared/1systems/wolf/source.nix deleted file mode 100644 index d2bc4952a..000000000 --- a/shared/1systems/wolf/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/shared/source.nix> { - name = "wolf"; -} diff --git a/shared/2configs/central-stats-client.nix b/shared/2configs/central-stats-client.nix deleted file mode 100644 index 0412eba9a..000000000 --- a/shared/2configs/central-stats-client.nix +++ /dev/null @@ -1,68 +0,0 @@ -{pkgs, config, ...}: -{ - services.collectd = { - enable = true; - autoLoadPlugin = true; - extraConfig = '' - Hostname ${config.krebs.build.host.name} - LoadPlugin load - LoadPlugin disk - LoadPlugin memory - LoadPlugin df - Interval 30.0 - - LoadPlugin interface - <Plugin "interface"> - Interface "*Link" - Interface "lo" - Interface "vboxnet*" - Interface "virbr*" - IgnoreSelected true - </Plugin> - - LoadPlugin df - <Plugin "df"> - MountPoint "/nix/store" - # MountPoint "/run*" - # MountPoint "/sys*" - # MountPoint "/dev" - # MountPoint "/dev/shm" - # MountPoint "/tmp" - FSType "tmpfs" - FSType "binfmt_misc" - FSType "debugfs" - FSType "mqueue" - FSType "hugetlbfs" - FSType "systemd-1" - FSType "cgroup" - FSType "securityfs" - FSType "ramfs" - FSType "proc" - FSType "devpts" - FSType "devtmpfs" - MountPoint "/var/lib/docker/devicemapper" - IgnoreSelected true - </Plugin> - - LoadPlugin cpu - <Plugin cpu> - ReportByCpu true - ReportByState true - ValuesPercentage true - </Plugin> - - LoadPlugin network - <Plugin "network"> - Server "stats.makefu.r" "25826" - </Plugin> - - LoadPlugin curl - <Plugin curl> - <Page "smarthome"> - URL "http://smarthome.shack/"; - MeasureResponseTime true - </Page> - </Plugin> - ''; - }; -} diff --git a/shared/2configs/cgit-mirror.nix b/shared/2configs/cgit-mirror.nix deleted file mode 100644 index c2326a5cc..000000000 --- a/shared/2configs/cgit-mirror.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - rules = with git; singleton { - user = [ wolf-repo-sync ]; - repo = [ stockholm-mirror ]; - perm = push ''refs/*'' [ non-fast-forward create delete merge ]; - }; - - stockholm-mirror = { - public = true; - name = "stockholm-mirror"; - cgit.desc = "mirror for all stockholm branches"; - hooks = { - post-receive = pkgs.git-hooks.irc-announce { - nick = config.networking.hostName; - verbose = false; - channel = "#retiolum"; - server = "ni.r"; - }; - }; - }; - - wolf-repo-sync = { - name = "wolf-repo-sync"; - mail = "spam@krebsco.de"; - # TODO put git-sync pubkey somewhere more appropriate - pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwuAZB3wtAvBJFYh+gWdyGaZU4mtqM2dFXmh2rORlbXeh02msu1uv07ck1VKkQ4LgvCBcBsAOeVa1NTz99eLqutwgcqMCytvRNUCibcoEWwHObsK53KhDJj+zotwlFhnPPeK9+EpOP4ngh/tprJikttos5BwBwe2K+lfiid3fmVPZcTTYa77nCwijimMvWEx6CEjq1wiXMUc4+qcEn8Swbwomz/EEQdNE2hgoC3iMW9RqduTFdIJWnjVi0KaxenX9CvQRGbVK5SSu2gwzN59D/okQOCP6+p1gL5r3QRHSLSSRiEHctVQTkpKOifrtLZGSr5zArEmLd/cOVyssHQPCX repo-sync@wolf''; - }; - -in { - krebs.users.wolf-repo-sync = wolf-repo-sync; - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "Shared Repos"; - root-desc = "keep on krebsing"; - }; - }; - inherit rules; - repos.stockholm-mirror = stockholm-mirror; - }; -} diff --git a/shared/2configs/collectd-base.nix b/shared/2configs/collectd-base.nix deleted file mode 100644 index 440f83fce..000000000 --- a/shared/2configs/collectd-base.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, lib, pkgs, ... }: - -# TODO: krebs.collectd.plugins -with import <stockholm/lib>; -let - connect-time-cfg = with pkgs; writeText "collectd-connect-time.conf" '' - LoadPlugin python - <Plugin python> - ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/" - Import "collectd_connect_time" - <Module collectd_connect_time> - target "localhost:22" "google.com" "google.de" "gum.r:22" "gum.krebsco.de" "heidi.shack:22" "10.42.0.1:22" "heise.de" "t-online.de" - interval 10 - </Module> - </Plugin> - ''; - graphite-cfg = pkgs.writeText "collectd-graphite.conf" '' - LoadPlugin write_graphite - <Plugin "write_graphite"> - <Carbon> - Host "heidi.shack" - Port "2003" - Prefix "retiolum." - EscapeCharacter "_" - StoreRates false - AlwaysAppendDS false - </Carbon> - </Plugin> - ''; -in { - imports = [ ]; - - nixpkgs.config.packageOverrides = pkgs: with pkgs; { - collectd = pkgs.collectd.override { python= pkgs.python; }; - }; - services.collectd = { - enable = true; - include = [ (toString connect-time-cfg) (toString graphite-cfg) ]; - }; - -} diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix deleted file mode 100644 index 2146f42e8..000000000 --- a/shared/2configs/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -{ - krebs.enable = true; - krebs.tinc.retiolum.enable = true; - - # TODO rename shared user to "krebs" - krebs.build.user = mkDefault config.krebs.users.shared; - - networking.hostName = config.krebs.build.host.name; - - nix.maxJobs = 1; - nix.trustedBinaryCaches = [ - "https://cache.nixos.org" - "http://cache.nixos.org" - "http://hydra.nixos.org" - ]; - nix.useSandbox = true; - - environment.systemPackages = with pkgs; [ - git - rxvt_unicode.terminfo - ]; - - programs.ssh.startAgent = false; - - services.openssh = { - enable = true; - hostKeys = [ - { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ]; - }; - services.cron.enable = false; - services.nscd.enable = false; - services.ntp.enable = false; - - users.mutableUsers = false; - users.extraUsers.root.openssh.authorizedKeys.keys = [ - # TODO - config.krebs.users.lass.pubkey - config.krebs.users.makefu.pubkey - # TODO HARDER: - config.krebs.users.makefu-omo.pubkey - config.krebs.users.tv.pubkey - ]; - - - # The NixOS release to be compatible with for stateful data such as databases. - system.stateVersion = "15.09"; - -} diff --git a/shared/2configs/graphite.nix b/shared/2configs/graphite.nix deleted file mode 100644 index 64222e43a..000000000 --- a/shared/2configs/graphite.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ config, lib, pkgs, ... }: - -# graphite-web on port 8080 -# carbon cache on port 2003 (tcp/udp) - -# TODO: krebs.graphite.minimal.enable -# TODO: configure firewall -with import <stockholm/lib>; -{ - imports = [ ]; - - services.graphite = { - api = { - enable = true; - listenAddress = "0.0.0.0"; - }; - carbon = { - enableCache = true; - # save disk usage by restricting to 1 bulk update per second - config = '' - [cache] - MAX_CACHE_SIZE = inf - MAX_UPDATES_PER_SECOND = 1 - MAX_CREATES_PER_MINUTE = 50 - MAX_UPDATES_PER_SECOND_ONSHUTDOWN = 9001 - - LOG_CACHE_HITS = False - LOG_CACHE_QUEUE_SORTS = False - LOG_UPDATES = False - LOG_LISTENER_CONNECTIONS = False - LOG_CREATES = True - ''; - storageAggregation = '' - ''; - storageSchemas = '' - [carbon] - pattern = ^carbon\. - retentions = 60:90d - - - [radiation_sensor] - pattern = ^sensors\.radiation\. - retentions = 1m:30d,5m:180d,10m:3y - - [motion_sensors] - pattern = ^sensors\.motion\. - retentions = 1s:1h,60s:30d,300s:1y - - [motion_sensors] - pattern = ^retiolum\. - retentions = 10s:1h,30s:30d,300s:1y - - [homeassistant] - pattern = ^homeassistant\. - retentions = 10s:24h,30s:30d,300s:1y,3600s:5y - - [ara] - pattern = ^ara\. - retentions = 60s:30d,300s:1y - - [openweathermap] - pattern = ^weather\.openweathermap - retentions = 30m:30d,1h:5y - - [stadtklima] - pattern = ^weather\.stadtklima-stuttgart - retentions = 15m:30d,30m:5y - - [sensebox] - pattern = ^weather\.sensebox - retentions = 1m:90d,30m:5y - - [elchos] - pattern = ^elchos\. - retentions = 10s:14d,1m:90d,10m:5y - - [icinga_default] - pattern = ^icinga - retentions = 10s:14d,5m:90d,10m:5y - - [icinga_internals] - pattern = ^icinga.*\.(max_check_attempts|reachable|current_attempt|execution_time|latency|state|state_type) - retentions = 5m:7d - - [default] - pattern = .* - retentions = 60s:30d,300s:1y - ''; - }; - }; - systemd.services.carbonCache.serviceConfig.Restart="always"; - systemd.services.graphiteApi.serviceConfig.Restart="always"; -} diff --git a/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix b/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix deleted file mode 100644 index b5ec722a0..000000000 --- a/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix +++ /dev/null @@ -1,47 +0,0 @@ -_: - -{ - boot.loader.grub = { - device = "/dev/sda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - ]; - - fileSystems."/" = { - device = "/dev/VolGroup/lv_root"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; - - swapDevices = [ - { device = "/dev/VolGroup/lv_swap"; } - ]; - - users.extraGroups = { - # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories - # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) - # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago - # Docs: man:tmpfiles.d(5) - # man:systemd-tmpfiles(8) - # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) - # Main PID: 19272 (code=exited, status=1/FAILURE) - # - # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. - # Mar 16 10:29:18 cd systemd-tm |