summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/tv/default.nix21
-rw-r--r--krebs/4lib/default.nix9
-rw-r--r--krebs/4lib/infest/finalize.sh21
-rw-r--r--krebs/4lib/infest/install-nix.sh7
-rw-r--r--krebs/4lib/infest/prepare.sh51
-rw-r--r--krebs/5pkgs/realwallpaper/default.nix (renamed from krebs/5pkgs/realwallpaper.nix)0
-rw-r--r--lass/1systems/cloudkrebs.nix8
-rw-r--r--lass/1systems/echelon.nix10
-rw-r--r--lass/1systems/mors.nix7
-rw-r--r--lass/2configs/base.nix3
-rw-r--r--lass/2configs/bitlbee.nix3
-rw-r--r--lass/2configs/ircd.nix18
-rw-r--r--lass/2configs/os-templates/CAC-CentOS-7-64bit.nix47
-rw-r--r--tv/1systems/cd.nix5
14 files changed, 166 insertions, 44 deletions
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 49204c74f..eb7a85707 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -11,19 +11,24 @@ with import ../../4lib { inherit lib; };
cores = 2;
dc = "tv"; #dc = "cac";
extraZones = {
+ # TODO generate krebsco.de zone from nets and don't use extraZones at all
"krebsco.de" = ''
+ krebsco.de. IN MX 5 mx23
mx23 IN A ${elemAt nets.internet.addrs4 0}
cd IN A ${elemAt nets.internet.addrs4 0}
- krebsco.de. IN MX 5 mx23'';
+ cgit IN A ${elemAt nets.internet.addrs4 0}
+ cgit.cd IN A ${elemAt nets.internet.addrs4 0}
+ '';
};
nets = rec {
internet = {
addrs4 = ["162.219.7.216"];
aliases = [
"cd.internet"
+ "cd.krebsco.de"
+ "cgit.cd.krebsco.de"
"cd.viljetic.de"
"cgit.cd.viljetic.de"
- "cd.krebsco.de"
];
ssh.port = 11423;
};
@@ -88,10 +93,20 @@ with import ../../4lib { inherit lib; };
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuShEqU0Cdm7KCaMD5x1D6mgj+cr7qoqbzFJDKoBbbw";
};
- ire = {
+ ire = rec {
+ extraZones = {
+ # TODO generate krebsco.de zone from nets and don't use extraZones at all
+ "krebsco.de" = ''
+ ire IN A ${elemAt nets.internet.addrs4 0}
+ '';
+ };
nets = {
internet = {
addrs4 = ["198.147.22.115"];
+ aliases = [
+ "ire.internet"
+ "ire.krebsco.de"
+ ];
ssh.port = 11423;
};
retiolum = {
diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix
index 78f719988..f15514fe3 100644
--- a/krebs/4lib/default.nix
+++ b/krebs/4lib/default.nix
@@ -3,7 +3,14 @@
with builtins;
with lib;
-builtins // lib // rec {
+let
+ maybe = import ./maybe.nix { inherit lib; };
+in
+
+builtins //
+lib //
+maybe //
+rec {
eq = x: y: x == y;
diff --git a/krebs/4lib/infest/finalize.sh b/krebs/4lib/infest/finalize.sh
index ced5a4d4d..0039960c5 100644
--- a/krebs/4lib/infest/finalize.sh
+++ b/krebs/4lib/infest/finalize.sh
@@ -1,21 +1,30 @@
#! /bin/sh
set -eux
{
- umount /mnt/nix || [ $? -eq 32 ]
- umount /mnt/boot || [ $? -eq 32 ]
- umount /mnt/root || [ $? -eq 32 ]
- umount /mnt || [ $? -eq 32 ]
- umount /boot || [ $? -eq 32 ]
+ umount /mnt/nix
+ umount /mnt/root
+ umount /boot || :
+ umount /mnt/boot
+ umount /mnt
+
+ coreutils_path=$(set +f; for i in /nix/store/*coreutils*/bin; do :; done; echo $i)
+ sed_path=$(set +f; for i in /nix/store/*gnused*/bin; do :; done; echo $i)
+ PATH="$coreutils_path:$sed_path"
- PATH=$(set +f; for i in /nix/store/*coreutils*/bin; do :; done; echo $i)
export PATH
mkdir /oldshit
+ #fix bug where grub install cant find the /nix/store because its under a bind mount
+ if test -e /boot/grub/grub.cfg; then
+ sed -i 's,//store,/nix/store,g' /boot/grub/grub.cfg
+ fi;
+
mv /bin /oldshit/
mv /newshit/bin /
# TODO ensure /boot is empty
+ # skip boot
rmdir /newshit/boot
# skip /dev
diff --git a/krebs/4lib/infest/install-nix.sh b/krebs/4lib/infest/install-nix.sh
index 88c8c3e1e..af1a8bd16 100644
--- a/krebs/4lib/infest/install-nix.sh
+++ b/krebs/4lib/infest/install-nix.sh
@@ -19,16 +19,9 @@ install_nix() {(
)
nix_src_dir=$(basename $nix_url .tar.bz2)
tar jxf $nix_src_dir.tar.bz2
- mkdir -v -m 0755 -p /nix
$nix_src_dir/install
fi
- #TODO: make this general or move to prepare
- if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/nix type xfs'; then
- mkdir -p /mnt/nix
- mount --bind /nix /mnt/nix
- fi
-
. /root/.nix-profile/etc/profile.d/nix.sh
for i in \
diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh
index 07c00c3a5..9fbd5be86 100644
--- a/krebs/4lib/infest/prepare.sh
+++ b/krebs/4lib/infest/prepare.sh
@@ -5,10 +5,14 @@ prepare() {(
if test -e /etc/os-release; then
. /etc/os-release
case $ID in
+ arch)
+ prepare_arch "$@"
+ exit
+ ;;
centos)
case $VERSION_ID in
7)
- prepare_centos7 "$@"
+ prepare_centos "$@"
exit
;;
esac
@@ -19,17 +23,28 @@ prepare() {(
exit -1
)}
-prepare_centos7() {
+prepare_arch() {
+ type bzip2 2>/dev/null || pacman -S --noconfirm bzip2
+ type git 2>/dev/null || pacman -S --noconfirm git
+ type rsync 2>/dev/null || pacman -S --noconfirm rsync
+ prepare_common
+}
+
+prepare_centos() {
type bzip2 2>/dev/null || yum install -y bzip2
type git 2>/dev/null || yum install -y git
type rsync 2>/dev/null || yum install -y rsync
+ prepare_common
+}
+
+prepare_common() {
+
if ! getent group nixbld >/dev/null; then
groupadd -g 30000 -r nixbld
fi
for i in `seq 1 10`; do
if ! getent passwd nixbld$i 2>/dev/null; then
useradd \
- -c "CentOS Nix build user $i" \
-d /var/empty \
-g 30000 \
-G 30000 \
@@ -38,7 +53,6 @@ prepare_centos7() {
-s /sbin/nologin \
-u $(expr 30000 + $i) \
nixbld$i
- rm -f /var/spool/mail/nixbld$i
fi
done
@@ -46,29 +60,46 @@ prepare_centos7() {
# mount install directory
#
- if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt type xfs'; then
+ if ! mount | grep -Fq ' on /mnt type '; then
mkdir -p /newshit
mount --bind /newshit /mnt
fi
- if ! mount | grep -Fq '/dev/sda1 on /mnt/boot type xfs'; then
+ if ! mount | grep -Fq ' on /mnt/boot type '; then
mkdir -p /mnt/boot
- mount /dev/sda1 /mnt/boot
- fi
- mount | grep 'on /mnt\>' >&2
+ if mount | grep -Fq ' on /boot type '; then
+ bootdev=$(mount | grep " on /boot type " | sed 's/ .*//')
+ mount $bootdev /mnt/boot
+ else
+ mount --bind /boot/ /mnt/boot
+ fi
+
+ fi
#
# prepare install directory
#
+ rootpart=$(mount | grep " on / type" | sed 's/ .*//')
+
mkdir -p /mnt/etc/nixos
mkdir -m 0555 -p /mnt/var/empty
- if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/root type xfs'; then
+ if ! mount | grep -Fq "$rootpart on /mnt/root type "; then
mkdir -p /mnt/root
mount --bind /root /mnt/root
fi
+
+ #
+ # prepare nix store path
+ #
+
+ mkdir -v -m 0755 -p /nix
+ if ! mount | grep -Fq "$rootpart on /mnt/nix type "; then
+ mkdir -p /mnt/nix
+ mount --bind /nix /mnt/nix
+ fi
}
prepare "$@"
diff --git a/krebs/5pkgs/realwallpaper.nix b/krebs/5pkgs/realwallpaper/default.nix
index 4fea977ec..4fea977ec 100644
--- a/krebs/5pkgs/realwallpaper.nix
+++ b/krebs/5pkgs/realwallpaper/default.nix
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index 0aca2146d..17915e087 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -5,11 +5,9 @@ let
inherit (lib) head;
ip = (head config.krebs.build.host.nets.internet.addrs4);
- r_ip = (head config.krebs.build.host.nets.retiolum.addrs4);
in {
imports = [
- ../../tv/2configs/CAC-Developer-2.nix
- ../../tv/2configs/CAC-CentOS-7-64bit.nix
+ ../2configs/os-templates/CAC-CentOS-7-64bit.nix
../2configs/base.nix
../2configs/retiolum.nix
../2configs/fastpoke-pages.nix
@@ -28,6 +26,10 @@ in {
];
}
+ {
+ nix.maxJobs = 1;
+ sound.enable = false;
+ }
];
krebs.build = {
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
index 1320e0782..feaf77ef6 100644
--- a/lass/1systems/echelon.nix
+++ b/lass/1systems/echelon.nix
@@ -4,11 +4,10 @@ let
inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
inherit (lib) head;
- ip = (head config.krebs.hosts.echelon.nets.internet.addrs4);
+ ip = (head config.krebs.build.host.nets.internet.addrs4);
in {
imports = [
- ../../tv/2configs/CAC-Developer-2.nix
- ../../tv/2configs/CAC-CentOS-7-64bit.nix
+ ../2configs/os-templates/CAC-CentOS-7-64bit.nix
../2configs/base.nix
../2configs/retiolum.nix
../2configs/realwallpaper-server.nix
@@ -17,6 +16,7 @@ in {
../2configs/redis.nix
../2configs/go.nix
../2configs/ircd.nix
+ ../2configs/newsbot-js.nix
{
networking.interfaces.enp2s1.ip4 = [
{
@@ -30,6 +30,10 @@ in {
];
}
+ {
+ nix.maxJobs = 1;
+ sound.enable = false;
+ }
];
krebs.build = {
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index c0c33828b..7076c8b14 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -23,7 +23,6 @@
../2configs/wordpress.nix
../2configs/bitlbee.nix
../2configs/firefoxPatched.nix
- ../2configs/realwallpaper.nix
../2configs/skype.nix
];
@@ -179,6 +178,7 @@
sshpass
get
genid
+ teamspeak_client
];
#TODO: fix this shit
@@ -210,4 +210,9 @@
];
};
};
+ #touchpad config
+ services.xserver.synaptics = {
+ enable = true;
+ tapButtons = false;
+ };
}
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 43c4f4e34..f313054d9 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -6,6 +6,7 @@ with lib;
../2configs/vim.nix
../2configs/zsh.nix
../2configs/mc.nix
+ ../2configs/retiolum.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
@@ -44,7 +45,7 @@ with lib;
build.source = {
git.nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
- rev = "e916273209560b302ab231606babf5ce1c481f08";
+ rev = "b9270a2e8ac3d2cf4c95075a9529528aa1d859da";
};
};
};
diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix
index 3a0080402..fa14c7fea 100644
--- a/lass/2configs/bitlbee.nix
+++ b/lass/2configs/bitlbee.nix
@@ -8,8 +8,9 @@ in {
../3modules/bitlbee.nix
];
- config.lass.bitlbee = {
+ lass.bitlbee = {
enable = true;
bitlbeePkg = lpkgs.bitlbee;
+ portNumber = 6666;
};
}
diff --git a/lass/2configs/ircd.nix b/lass/2configs/ircd.nix
index e48bbfd3e..4d2c134b6 100644
--- a/lass/2configs/ircd.nix
+++ b/lass/2configs/ircd.nix
@@ -46,24 +46,28 @@
class "users" {
ping_time = 2 minutes;
- number_per_ident = 200;
- number_per_ip = 200;
- number_per_ip_global = 500;
+ number_per_ident = 10;
+ number_per_ip = 2048;
+ number_per_ip_global = 4096;
cidr_ipv4_bitlen = 24;
cidr_ipv6_bitlen = 64;
- number_per_cidr = 9000;
- max_number = 10000;
- sendq = 400 kbytes;
+ number_per_cidr = 65536;
+ max_number = 3000;
+ sendq = 1 megabyte;
};
exempt {
ip = "127.0.0.1";
};
+ exempt {
+ ip = "10.243.0.0/16";
+ };
+
auth {
user = "*@*";
class = "users";
- flags = exceed_limit;
+ flags = kline_exempt, exceed_limit, flood_exempt;
};
channel {
diff --git a/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix b/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix
new file mode 100644
index 000000000..168d1d97b
--- /dev/null
+++ b/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix
@@ -0,0 +1,47 @@
+_:
+
+{
+ boot.loader.grub = {
+ device = "/dev/sda";
+ splashImage = null;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "vmw_pvscsi"
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/centos/root";
+ fsType = "xfs";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/sda1";
+ fsType = "xfs";
+ };
+
+ swapDevices = [
+ { device = "/dev/centos/swap"; }
+ ];
+
+ users.extraGroups = {
+ # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
+ # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
+ # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
+ # Docs: man:tmpfiles.d(5)
+ # man:systemd-tmpfiles(8)
+ # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
+ # Main PID: 19272 (code=exited, status=1/FAILURE)
+ #
+ # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
+ # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
+ # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
+ # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
+ # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
+ # warning: error(s) occured while switching to the new configuration
+ lock.gid = 10001;
+ };
+}
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 4f196095b..12e52cd11 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -66,7 +66,10 @@ with lib;
}
{
tv.iptables.input-internet-accept-new-tcp = singleton "http";
- krebs.nginx.servers.cgit.server-names = singleton "cgit.cd.viljetic.de";
+ krebs.nginx.servers.cgit.server-names = [
+ "cgit.cd.krebsco.de"
+ "cgit.cd.viljetic.de"
+ ];
}
{
# TODO make public_html also available to cd, cd.retiolum (AKA default)