summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zhosts/tsp16
-rw-r--r--krebs/3modules/default.nix30
-rw-r--r--makefu/1systems/tsp.nix90
-rw-r--r--makefu/2configs/base-gui.nix23
4 files changed, 158 insertions, 1 deletions
diff --git a/Zhosts/tsp b/Zhosts/tsp
new file mode 100644
index 000000000..6c2b450d8
--- /dev/null
+++ b/Zhosts/tsp
@@ -0,0 +1,16 @@
+Subnet = 10.243.0.211
+Subnet = 42:f9f1:0000:0000:0000:0000:0000:0002
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
+HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
+mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
+n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
+R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
+Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
+aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
+ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
+KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
+XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
+teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 668d66ccf..e677ba5ea 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -55,7 +55,7 @@ let
--exclude .git \
--exclude .graveyard \
--exclude old \
- --rsync-path="mkdir -p \"$dst\" && rsync" \
+ --rsync-path="mkdir -p \"$2\" && rsync" \
--usermap=\*:0 \
--groupmap=\*:0 \
--delete-excluded \
@@ -306,6 +306,34 @@ let
};
};
};
+ tsp = {
+ cores = 4;
+ dc = "makefu"; #x200
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.0.211"];
+ addrs6 = ["42:f9f1:0000:0000:0000:0000:0000:0002"];
+ aliases = [
+ "tsp.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
+ HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
+ mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
+ n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
+ R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
+ Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
+ aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
+ ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
+ KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
+ XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
+ teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
};
users = addNames {
makefu = {
diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix
new file mode 100644
index 000000000..3de2d300c
--- /dev/null
+++ b/makefu/1systems/tsp.nix
@@ -0,0 +1,90 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+ imports =
+ [ # Include the results of the hardware scan.
+ ../2configs/base.nix
+ ../2configs/base-gui.nix
+ ];
+ services.xserver = {
+ videoDriver = "intel";
+ };
+ krebs.build.host = config.krebs.hosts.tsp;
+ krebs.build.user = config.krebs.users.makefu;
+ krebs.build.target = "root@tsp";
+
+ krebs.build.deps = {
+ nixpkgs = {
+ url = https://github.com/NixOS/nixpkgs;
+ rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
+ };
+ # TODO generalize in base.nix
+ secrets = {
+ url = "/home/makefu/secrets/${config.krebs.build.host.name}";
+ };
+ # TODO generalize in base.nix
+ stockholm = {
+ url = toString ../..;
+ };
+ };
+
+ krebs.retiolum = {
+ enable = true;
+ hosts = ../../Zhosts;
+ connectTo = [
+ "gum"
+ "pigstarter"
+ "fastpoke"
+ ];
+ };
+
+ boot = {
+ #x200 specifics
+ kernelModules = [ "tp_smapi" "msr" ];
+ extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
+
+ loader.grub.enable =true;
+ loader.grub.version =2;
+ loader.grub.device = "/dev/sda";
+
+ # crypto boot
+ # TODO: use UUID
+ initrd.luks.devices = [ { name = "luksroot"; device= "/dev/sda2";}];
+ initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/luksroot";
+ fsType = "ext4";
+ };
+ "/boot" = {
+ device = "/dev/disk/by-label/nixboot";
+ fsType = "ext4";
+ };
+ };
+
+ # hardware specifics
+ networking.wireless.enable = true;
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+
+ # TODO: generalize to numCPU + 1
+ nix.maxJobs = 3;
+
+
+ networking.firewall.rejectPackets = true;
+ networking.firewall.allowPing = true;
+
+
+ # $ nix-env -qaP | grep wget
+ environment.systemPackages = with pkgs; [
+ vim
+ jq
+ ];
+}
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
new file mode 100644
index 000000000..5f977251f
--- /dev/null
+++ b/makefu/2configs/base-gui.nix
@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+ imports = [ ];
+ services.xserver.enable = true;
+ services.xserver.layout = "us";
+
+# use awesome, direct boot into
+ services.xserver.displayManager.auto.enable =true;
+ services.xserver.displayManager.auto.user =config.krebs.users.makefu;
+ services.xserver.windowManager.awesome.enable = true;
+
+ security.setuidPrograms = [ "slock" ];
+
+# use pulseaudio
+ environment.systemPackages = [ pkgs.slock ];
+ hardware.pulseaudio = {
+ enable = true;
+ systemWide = true;
+ };
+
+}