diff options
-rw-r--r-- | krebs/3modules/tv/default.nix | 21 | ||||
-rw-r--r-- | krebs/4lib/default.nix | 9 | ||||
-rw-r--r-- | krebs/4lib/infest/finalize.sh | 21 | ||||
-rw-r--r-- | krebs/4lib/infest/install-nix.sh | 7 | ||||
-rw-r--r-- | krebs/4lib/infest/prepare.sh | 51 | ||||
-rw-r--r-- | krebs/5pkgs/realwallpaper/default.nix (renamed from krebs/5pkgs/realwallpaper.nix) | 0 | ||||
-rw-r--r-- | lass/1systems/cloudkrebs.nix | 8 | ||||
-rw-r--r-- | lass/1systems/echelon.nix | 10 | ||||
-rw-r--r-- | lass/1systems/mors.nix | 7 | ||||
-rw-r--r-- | lass/2configs/base.nix | 3 | ||||
-rw-r--r-- | lass/2configs/bitlbee.nix | 3 | ||||
-rw-r--r-- | lass/2configs/ircd.nix | 18 | ||||
-rw-r--r-- | lass/2configs/os-templates/CAC-CentOS-7-64bit.nix | 47 | ||||
-rw-r--r-- | tv/1systems/cd.nix | 5 |
14 files changed, 166 insertions, 44 deletions
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 49204c74f..eb7a85707 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -11,19 +11,24 @@ with import ../../4lib { inherit lib; }; cores = 2; dc = "tv"; #dc = "cac"; extraZones = { + # TODO generate krebsco.de zone from nets and don't use extraZones at all "krebsco.de" = '' + krebsco.de. IN MX 5 mx23 mx23 IN A ${elemAt nets.internet.addrs4 0} cd IN A ${elemAt nets.internet.addrs4 0} - krebsco.de. IN MX 5 mx23''; + cgit IN A ${elemAt nets.internet.addrs4 0} + cgit.cd IN A ${elemAt nets.internet.addrs4 0} + ''; }; nets = rec { internet = { addrs4 = ["162.219.7.216"]; aliases = [ "cd.internet" + "cd.krebsco.de" + "cgit.cd.krebsco.de" "cd.viljetic.de" "cgit.cd.viljetic.de" - "cd.krebsco.de" ]; ssh.port = 11423; }; @@ -88,10 +93,20 @@ with import ../../4lib { inherit lib; }; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuShEqU0Cdm7KCaMD5x1D6mgj+cr7qoqbzFJDKoBbbw"; }; - ire = { + ire = rec { + extraZones = { + # TODO generate krebsco.de zone from nets and don't use extraZones at all + "krebsco.de" = '' + ire IN A ${elemAt nets.internet.addrs4 0} + ''; + }; nets = { internet = { addrs4 = ["198.147.22.115"]; + aliases = [ + "ire.internet" + "ire.krebsco.de" + ]; ssh.port = 11423; }; retiolum = { diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index 78f719988..f15514fe3 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -3,7 +3,14 @@ with builtins; with lib; -builtins // lib // rec { +let + maybe = import ./maybe.nix { inherit lib; }; +in + +builtins // +lib // +maybe // +rec { eq = x: y: x == y; diff --git a/krebs/4lib/infest/finalize.sh b/krebs/4lib/infest/finalize.sh index ced5a4d4d..0039960c5 100644 --- a/krebs/4lib/infest/finalize.sh +++ b/krebs/4lib/infest/finalize.sh @@ -1,21 +1,30 @@ #! /bin/sh set -eux { - umount /mnt/nix || [ $? -eq 32 ] - umount /mnt/boot || [ $? -eq 32 ] - umount /mnt/root || [ $? -eq 32 ] - umount /mnt || [ $? -eq 32 ] - umount /boot || [ $? -eq 32 ] + umount /mnt/nix + umount /mnt/root + umount /boot || : + umount /mnt/boot + umount /mnt + + coreutils_path=$(set +f; for i in /nix/store/*coreutils*/bin; do :; done; echo $i) + sed_path=$(set +f; for i in /nix/store/*gnused*/bin; do :; done; echo $i) + PATH="$coreutils_path:$sed_path" - PATH=$(set +f; for i in /nix/store/*coreutils*/bin; do :; done; echo $i) export PATH mkdir /oldshit + #fix bug where grub install cant find the /nix/store because its under a bind mount + if test -e /boot/grub/grub.cfg; then + sed -i 's,//store,/nix/store,g' /boot/grub/grub.cfg + fi; + mv /bin /oldshit/ mv /newshit/bin / # TODO ensure /boot is empty + # skip boot rmdir /newshit/boot # skip /dev diff --git a/krebs/4lib/infest/install-nix.sh b/krebs/4lib/infest/install-nix.sh index 88c8c3e1e..af1a8bd16 100644 --- a/krebs/4lib/infest/install-nix.sh +++ b/krebs/4lib/infest/install-nix.sh @@ -19,16 +19,9 @@ install_nix() {( ) nix_src_dir=$(basename $nix_url .tar.bz2) tar jxf $nix_src_dir.tar.bz2 - mkdir -v -m 0755 -p /nix $nix_src_dir/install fi - #TODO: make this general or move to prepare - if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/nix type xfs'; then - mkdir -p /mnt/nix - mount --bind /nix /mnt/nix - fi - . /root/.nix-profile/etc/profile.d/nix.sh for i in \ diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index 07c00c3a5..9fbd5be86 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -5,10 +5,14 @@ prepare() {( if test -e /etc/os-release; then . /etc/os-release case $ID in + arch) + prepare_arch "$@" + exit + ;; centos) case $VERSION_ID in 7) - prepare_centos7 "$@" + prepare_centos "$@" exit ;; esac @@ -19,17 +23,28 @@ prepare() {( exit -1 )} -prepare_centos7() { +prepare_arch() { + type bzip2 2>/dev/null || pacman -S --noconfirm bzip2 + type git 2>/dev/null || pacman -S --noconfirm git + type rsync 2>/dev/null || pacman -S --noconfirm rsync + prepare_common +} + +prepare_centos() { type bzip2 2>/dev/null || yum install -y bzip2 type git 2>/dev/null || yum install -y git type rsync 2>/dev/null || yum install -y rsync + prepare_common +} + +prepare_common() { + if ! getent group nixbld >/dev/null; then groupadd -g 30000 -r nixbld fi for i in `seq 1 10`; do if ! getent passwd nixbld$i 2>/dev/null; then useradd \ - -c "CentOS Nix build user $i" \ -d /var/empty \ -g 30000 \ -G 30000 \ @@ -38,7 +53,6 @@ prepare_centos7() { -s /sbin/nologin \ -u $(expr 30000 + $i) \ nixbld$i - rm -f /var/spool/mail/nixbld$i fi done @@ -46,29 +60,46 @@ prepare_centos7() { # mount install directory # - if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt type xfs'; then + if ! mount | grep -Fq ' on /mnt type '; then mkdir -p /newshit mount --bind /newshit /mnt fi - if ! mount | grep -Fq '/dev/sda1 on /mnt/boot type xfs'; then + if ! mount | grep -Fq ' on /mnt/boot type '; then mkdir -p /mnt/boot - mount /dev/sda1 /mnt/boot - fi - mount | grep 'on /mnt\>' >&2 + if mount | grep -Fq ' on /boot type '; then + bootdev=$(mount | grep " on /boot type " | sed 's/ .*//') + mount $bootdev /mnt/boot + else + mount --bind /boot/ /mnt/boot + fi + + fi # # prepare install directory # + rootpart=$(mount | grep " on / type" | sed 's/ .*//') + mkdir -p /mnt/etc/nixos mkdir -m 0555 -p /mnt/var/empty - if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/root type xfs'; then + if ! mount | grep -Fq "$rootpart on /mnt/root type "; then mkdir -p /mnt/root mount --bind /root /mnt/root fi + + # + # prepare nix store path + # + + mkdir -v -m 0755 -p /nix + if ! mount | grep -Fq "$rootpart on /mnt/nix type "; then + mkdir -p /mnt/nix + mount --bind /nix /mnt/nix + fi } prepare "$@" diff --git a/krebs/5pkgs/realwallpaper.nix b/krebs/5pkgs/realwallpaper/default.nix index 4fea977ec..4fea977ec 100644 --- a/krebs/5pkgs/realwallpaper.nix +++ b/krebs/5pkgs/realwallpaper/default.nix diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index 0aca2146d..17915e087 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -5,11 +5,9 @@ let inherit (lib) head; ip = (head config.krebs.build.host.nets.internet.addrs4); - r_ip = (head config.krebs.build.host.nets.retiolum.addrs4); in { imports = [ - ../../tv/2configs/CAC-Developer-2.nix - ../../tv/2configs/CAC-CentOS-7-64bit.nix + ../2configs/os-templates/CAC-CentOS-7-64bit.nix ../2configs/base.nix ../2configs/retiolum.nix ../2configs/fastpoke-pages.nix @@ -28,6 +26,10 @@ in { ]; } + { + nix.maxJobs = 1; + sound.enable = false; + } ]; krebs.build = { diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index 1320e0782..feaf77ef6 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -4,11 +4,10 @@ let inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; inherit (lib) head; - ip = (head config.krebs.hosts.echelon.nets.internet.addrs4); + ip = (head config.krebs.build.host.nets.internet.addrs4); in { imports = [ - ../../tv/2configs/CAC-Developer-2.nix - ../../tv/2configs/CAC-CentOS-7-64bit.nix + ../2configs/os-templates/CAC-CentOS-7-64bit.nix ../2configs/base.nix ../2configs/retiolum.nix ../2configs/realwallpaper-server.nix @@ -17,6 +16,7 @@ in { ../2configs/redis.nix ../2configs/go.nix ../2configs/ircd.nix + ../2configs/newsbot-js.nix { networking.interfaces.enp2s1.ip4 = [ { @@ -30,6 +30,10 @@ in { ]; } + { + nix.maxJobs = 1; + sound.enable = false; + } ]; krebs.build = { diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index c0c33828b..7076c8b14 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -23,7 +23,6 @@ ../2configs/wordpress.nix ../2configs/bitlbee.nix ../2configs/firefoxPatched.nix - ../2configs/realwallpaper.nix ../2configs/skype.nix ]; @@ -179,6 +178,7 @@ sshpass get genid + teamspeak_client ]; #TODO: fix this shit @@ -210,4 +210,9 @@ ]; }; }; + #touchpad config + services.xserver.synaptics = { + enable = true; + tapButtons = false; + }; } diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 43c4f4e34..f313054d9 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -6,6 +6,7 @@ with lib; ../2configs/vim.nix ../2configs/zsh.nix ../2configs/mc.nix + ../2configs/retiolum.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) @@ -44,7 +45,7 @@ with lib; build.source = { git.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "e916273209560b302ab231606babf5ce1c481f08"; + rev = "b9270a2e8ac3d2cf4c95075a9529528aa1d859da"; }; }; }; diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix index 3a0080402..fa14c7fea 100644 --- a/lass/2configs/bitlbee.nix +++ b/lass/2configs/bitlbee.nix @@ -8,8 +8,9 @@ in { ../3modules/bitlbee.nix ]; - config.lass.bitlbee = { + lass.bitlbee = { enable = true; bitlbeePkg = lpkgs.bitlbee; + portNumber = 6666; }; } diff --git a/lass/2configs/ircd.nix b/lass/2configs/ircd.nix index e48bbfd3e..4d2c134b6 100644 --- a/lass/2configs/ircd.nix +++ b/lass/2configs/ircd.nix @@ -46,24 +46,28 @@ class "users" { ping_time = 2 minutes; - number_per_ident = 200; - number_per_ip = 200; - number_per_ip_global = 500; + number_per_ident = 10; + number_per_ip = 2048; + number_per_ip_global = 4096; cidr_ipv4_bitlen = 24; cidr_ipv6_bitlen = 64; - number_per_cidr = 9000; - max_number = 10000; - sendq = 400 kbytes; + number_per_cidr = 65536; + max_number = 3000; + sendq = 1 megabyte; }; exempt { ip = "127.0.0.1"; }; + exempt { + ip = "10.243.0.0/16"; + }; + auth { user = "*@*"; class = "users"; - flags = exceed_limit; + flags = kline_exempt, exceed_limit, flood_exempt; }; channel { diff --git a/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix b/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix new file mode 100644 index 000000000..168d1d97b --- /dev/null +++ b/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix @@ -0,0 +1,47 @@ +_: + +{ + boot.loader.grub = { + device = "/dev/sda"; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + + fileSystems."/" = { + device = "/dev/centos/root"; + fsType = "xfs"; + }; + + fileSystems."/boot" = { + device = "/dev/sda1"; + fsType = "xfs"; + }; + + swapDevices = [ + { device = "/dev/centos/swap"; } + ]; + + users.extraGroups = { + # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories + # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) + # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago + # Docs: man:tmpfiles.d(5) + # man:systemd-tmpfiles(8) + # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) + # Main PID: 19272 (code=exited, status=1/FAILURE) + # + # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE + # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. + # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. + # warning: error(s) occured while switching to the new configuration + lock.gid = 10001; + }; +} diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 4f196095b..12e52cd11 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -66,7 +66,10 @@ with lib; } { tv.iptables.input-internet-accept-new-tcp = singleton "http"; - krebs.nginx.servers.cgit.server-names = singleton "cgit.cd.viljetic.de"; + krebs.nginx.servers.cgit.server-names = [ + "cgit.cd.krebsco.de" + "cgit.cd.viljetic.de" + ]; } { # TODO make public_html also available to cd, cd.retiolum (AKA default) |