diff options
| -rw-r--r-- | krebs/3modules/exim-retiolum.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 13 | ||||
| -rw-r--r-- | krebs/3modules/retiolum.nix | 336 | ||||
| -rw-r--r-- | krebs/3modules/tinc_graphs.nix | 2 | ||||
| -rw-r--r-- | krebs/5pkgs/fortclientsslvpn/default.nix | 5 | ||||
| -rw-r--r-- | lass/2configs/retiolum.nix | 2 | ||||
| -rw-r--r-- | makefu/1systems/darth.nix | 2 | ||||
| -rw-r--r-- | makefu/1systems/filepimp.nix | 2 | ||||
| -rw-r--r-- | makefu/1systems/gum.nix | 4 | ||||
| -rw-r--r-- | makefu/1systems/omo.nix | 2 | ||||
| -rw-r--r-- | makefu/1systems/pnp.nix | 5 | ||||
| -rw-r--r-- | makefu/1systems/pornocauster.nix | 10 | ||||
| -rw-r--r-- | makefu/1systems/repunit.nix | 9 | ||||
| -rw-r--r-- | makefu/1systems/shoney.nix | 2 | ||||
| -rw-r--r-- | makefu/1systems/tsp.nix | 2 | ||||
| -rw-r--r-- | makefu/1systems/vbob.nix | 19 | ||||
| -rw-r--r-- | makefu/1systems/wry.nix | 3 | ||||
| -rw-r--r-- | shared/1systems/test-all-krebs-modules.nix | 2 | ||||
| -rw-r--r-- | shared/1systems/wolf.nix | 4 | ||||
| -rw-r--r-- | shared/2configs/base.nix | 2 | ||||
| -rw-r--r-- | tv/2configs/retiolum.nix | 2 |
21 files changed, 224 insertions, 206 deletions
diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index d6b7ab753..a18f1c979 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -37,7 +37,7 @@ let config = # This configuration makes only sense for retiolum-enabled hosts. # TODO modular configuration - assert config.krebs.retiolum.enable; + assert config.krebs.tinc.retiolum.enable; '' keep_environment = diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index d5537cf56..52db3de85 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -259,8 +259,13 @@ with config.krebs.lib; }; filepimp = rec { cores = 1; - nets = { + lan = { + ip4.addr = "192.168.1.12"; + aliases = [ + "filepimp.lan" + ]; + }; retiolum = { ip4.addr = "10.243.153.102"; ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"; @@ -286,6 +291,12 @@ with config.krebs.lib; cores = 2; nets = { + lan = { + ip4.addr = "192.168.1.11"; + aliases = [ + "omo.lan" + ]; + }; retiolum = { ip4.addr = "10.243.0.89"; ip6.addr = "42:f9f0::10"; diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 22991f093..0bd815211 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -1,175 +1,185 @@ { config, pkgs, lib, ... }: with config.krebs.lib; let - cfg = config.krebs.retiolum; - out = { - options.krebs.retiolum = api; - config = lib.mkIf cfg.enable imp; + options.krebs.tinc = api; + config = imp; }; - api = { - enable = mkEnableOption "krebs.retiolum"; - - host = mkOption { - type = types.host; - default = config.krebs.build.host; - }; - - netname = mkOption { - type = types.enum (attrNames cfg.host.nets); - default = "retiolum"; - description = '' - The tinc network name. - It is used to name the TUN device and to generate the default value for - <literal>config.krebs.retiolum.hosts</literal>. - ''; - }; - - extraConfig = mkOption { - type = types.str; - default = ""; - description = '' - Extra Configuration to be appended to tinc.conf - ''; - }; - - tincPackage = mkOption { - type = types.package; - default = pkgs.tinc; - description = "Tincd package to use."; - }; - - hosts = mkOption { - type = with types; attrsOf host; - default = - filterAttrs (_: h: hasAttr cfg.netname h.nets) config.krebs.hosts; - description = '' - Hosts to generate <literal>config.krebs.retiolum.hostsPackage</literal>. - Note that these hosts must have a network named - <literal>config.krebs.retiolum.netname</literal>. - ''; - }; - - hostsPackage = mkOption { - type = types.package; - default = pkgs.stdenv.mkDerivation { - name = "${cfg.netname}-tinc-hosts"; - phases = [ "installPhase" ]; - installPhase = '' - mkdir $out - ${concatStrings (mapAttrsToList (_: host: '' - echo ${shell.escape host.nets.${cfg.netname}.tinc.config} \ - > $out/${shell.escape host.name} - '') cfg.hosts)} - ''; - }; - description = '' - Package of tinc host configuration files. By default, a package will - be generated from <literal>config.krebs.retiolum.hosts</literal>. This - option's main purpose is to expose the generated hosts package to other - modules, like <literal>config.krebs.tinc_graphs</literal>. But it can - also be used to provide a custom hosts directory. - ''; - example = literalExample '' - (pkgs.stdenv.mkDerivation { - name = "my-tinc-hosts"; - src = /home/tv/my-tinc-hosts; - installPhase = "cp -R . $out"; - }) - ''; - }; - - iproutePackage = mkOption { - type = types.package; - default = pkgs.iproute; - description = "Iproute2 package to use."; - }; - - privkey = mkOption { - type = types.secret-file; - default = { - path = "${cfg.user.home}/tinc.rsa_key.priv"; - owner = cfg.user; - source-path = toString <secrets> + "/${cfg.netname}.rsa_key.priv"; - }; - }; - - connectTo = mkOption { - type = types.listOf types.str; - default = [ "fastpoke" "cd" "prism" "gum" ]; - description = '' - The list of hosts in the network which the client will try to connect - to. These hosts should have an 'Address' configured which points to a - routeable IPv4 or IPv6 address. - - In stockholm this can be done by configuring: - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.addrs4 = - [ "${external-ip} ${external-port}" ] - ''; - }; - - user = mkOption { - type = types.user; - default = { - name = cfg.netname; - home = "/var/lib/${cfg.user.name}"; + api = mkOption { + default = {}; + description = '' + define a tinc network + ''; + type = with types; attrsOf (submodule (tinc: { + options = { + + enable = mkEnableOption "krebs.tinc.${tinc.config._module.args.name}" // { default = true; }; + + host = mkOption { + type = types.host; + default = config.krebs.build.host; + }; + + netname = mkOption { + type = types.enum (attrNames tinc.config.host.nets); + default = tinc.config._module.args.name; + description = '' + The tinc network name. + It is used to name the TUN device and to generate the default value for + <literal>config.krebs.tinc.retiolum.hosts</literal>. + ''; + }; + + extraConfig = mkOption { + type = types.str; + default = ""; + description = '' + Extra Configuration to be appended to tinc.conf + ''; + }; + + tincPackage = mkOption { + type = types.package; + default = pkgs.tinc; + description = "Tincd package to use."; + }; + + hosts = mkOption { + type = with types; attrsOf host; + default = + filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts; + description = '' + Hosts to generate <literal>config.krebs.tinc.retiolum.hostsPackage</literal>. + Note that these hosts must have a network named + <literal>config.krebs.tinc.retiolum.netname</literal>. + ''; + }; + + hostsPackage = mkOption { + type = types.package; + default = pkgs.stdenv.mkDerivation { + name = "${tinc.config.netname}-tinc-hosts"; + phases = [ "installPhase" ]; + installPhase = '' + mkdir $out + ${concatStrings (lib.mapAttrsToList (_: host: '' + echo ${shell.escape host.nets."${tinc.config.netname}".tinc.config} \ + > $out/${shell.escape host.name} + '') tinc.config.hosts)} + ''; + }; + description = '' + Package of tinc host configuration files. By default, a package will + be generated from <literal>config.krebs.${tinc.config.netname}.hosts</literal>. This + option's main purpose is to expose the generated hosts package to other + modules, like <literal>config.krebs.tinc_graphs</literal>. But it can + also be used to provide a custom hosts directory. + ''; + example = literalExample '' + (pkgs.stdenv.mkDerivation { + name = "my-tinc-hosts"; + src = /home/tv/my-tinc-hosts; + installPhase = "cp -R . $out"; + }) + ''; + }; + + iproutePackage = mkOption { + type = types.package; + default = pkgs.iproute; + description = "Iproute2 package to use."; + }; + + privkey = mkOption { + type = types.secret-file; + default = { + path = "${tinc.config.user.home}/tinc.rsa_key.priv"; + owner = tinc.config.user; + source-path = toString <secrets> + "/${tinc.config.netname}.rsa_key.priv"; + }; + }; + + connectTo = mkOption { + type = types.listOf types.str; + default = [ "fastpoke" "cd" "prism" "gum" ]; + description = '' + The list of hosts in the network which the client will try to connect + to. These hosts should have an 'Address' configured which points to a + routeable IPv4 or IPv6 address. + + In stockholm this can be done by configuring: + krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.addrs4 = + [ "${external-ip} ${external-port}" ] + ''; + }; + + user = mkOption { + type = types.user; + default = { + name = tinc.config.netname; + home = "/var/lib/${tinc.config.user.name}"; + }; + }; }; - }; + })); }; imp = { - krebs.secret.files."${cfg.netname}.rsa_key.priv" = cfg.privkey; - - environment.systemPackages = [ tinc iproute ]; - - systemd.services.${cfg.netname} = { - description = "Tinc daemon for Retiolum"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - requires = [ "secret.service" ]; - path = [ tinc iproute ]; - serviceConfig = rec { - Restart = "always"; - ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid"; - SyslogIdentifier = cfg.netname; - }; - }; - - users.users.${cfg.user.name} = { - inherit (cfg.user) home name uid; - createHome = true; - }; + # TODO `environment.systemPackages = [ cfg.tincPackage cfg.iproutePackage ]` for each network, + # avoid conflicts in environment if the packages differ + + krebs.secret.files = mapAttrs' (netname: cfg: + nameValuePair "${netname}.rsa_key.priv" cfg.privkey ) config.krebs.tinc; + users.users = mapAttrs' (netname: cfg: + nameValuePair "${netname}" { + inherit (cfg.user) home name uid; + createHome = true; + } + ) config.krebs.tinc; + + systemd.services = mapAttrs (netname: cfg: + let + net = cfg.host.nets.${netname}; + tinc = cfg.tincPackage; + iproute = cfg.iproutePackage; + + confDir = let + namePathPair = name: path: { inherit name path; }; + in pkgs.linkFarm "${netname}-etc-tinc" (mapAttrsToList namePathPair { + "hosts" = cfg.hostsPackage; + "tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" '' + Name = ${cfg.host.name} + Interface = ${netname} + ${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)} + PrivateKeyFile = ${cfg.privkey.path} + ${cfg.extraConfig} + ''; + "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' + ${iproute}/sbin/ip link set ${netname} up + ${optionalString (net.ip4 != null) /* sh */ '' + ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname} + ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname} + ''} + ${optionalString (net.ip6 != null) /* sh */ '' + ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} + ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} + ''} + ''; + } + ); + in { + description = "Tinc daemon for ${netname}"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + requires = [ "secret.service" ]; + path = [ tinc iproute ]; + serviceConfig = rec { + Restart = "always"; + ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid"; + SyslogIdentifier = netname; + }; + } + ) config.krebs.tinc; }; - - net = cfg.host.nets.${cfg.netname}; - - tinc = cfg.tincPackage; - - iproute = cfg.iproutePackage; - - confDir = let - namePathPair = name: path: { inherit name path; }; - in pkgs.linkFarm "${cfg.netname}-etc-tinc" (mapAttrsToList namePathPair { - "hosts" = cfg.hostsPackage; - "tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" '' - Name = ${cfg.host.name} - Interface = ${cfg.netname} - ${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)} - PrivateKeyFile = ${cfg.privkey.path} - ${cfg.extraConfig} - ''; - "tinc-up" = pkgs.writeDash "${cfg.netname}-tinc-up" '' - ${iproute}/sbin/ip link set ${cfg.netname} up - ${optionalString (net.ip4 != null) /* sh */ '' - ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${cfg.netname} - ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${cfg.netname} - ''} - ${optionalString (net.ip6 != null) /* sh */ '' - ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${cfg.netname} - ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${cfg.netname} - ''} - ''; - }); - in out diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 0f1bae090..d783ba03b 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -23,7 +23,7 @@ let hostsPath = mkOption { type = types.str; description = "Path to Hosts directory"; - default = "${config.krebs.retiolum.hostsPackage}"; + default = "${config.krebs.tinc.retiolum.hostsPackage}"; }; network = mkOption { diff --git a/krebs/5pkgs/fortclientsslvpn/default.nix b/krebs/5pkgs/fortclientsslvpn/default.nix index 11d567408..07420c4d3 100644 --- a/krebs/5pkgs/fortclientsslvpn/default.nix +++ b/krebs/5pkgs/fortclientsslvpn/default.nix @@ -5,9 +5,10 @@ stdenv.mkDerivation rec { # forticlient will be copied into /tmp before execution. this is necessary as # the software demands $base to be writeable + # TODO: chroot and create the following files instead of copying files manually # mkdir /etc/ppp ; touch /etc/ppp/options - ## i still have not found which tool uses tail ... i tried redirecting it in forticlientsslvpn and subproc # ln -s /run/current-system/sw/bin/tail /usr/bin/tail + # ln -s /run/current-system/sw/bin/pppd /usr/sbin/pppd src = fetchurl { # archive.org mirror: @@ -62,7 +63,7 @@ stdenv.mkDerivation rec { cp -r 64bit/. "$out/opt/fortinet" wrapProgram $out/opt/fortinet/forticlientsslvpn \ --set LD_PRELOAD "${libredirect}/lib/libredirect.so" \ - --set NIX_REDIRECTS /usr/sbin/ip=${iproute}/bin/ip:/usr/sbin/ppp=${ppp}/bin/ppp + --set NIX_REDIRECTS /usr/bin/tail=${coreutils}/bin/tail:/usr/sbin/ip=${iproute}/bin/ip:/usr/sbin/pppd=${ppp}/bin/pppd mkdir -p "$out/bin/" diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 89e0f217a..eba40532d 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -12,7 +12,7 @@ }; }; - krebs.retiolum = { + krebs.tinc.retiolum = { enable = true; connectTo = [ "prism" diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index 87029a693..c63dcb492 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -17,6 +17,7 @@ in { ../2configs/exim-retiolum.nix ../2configs/virtualization.nix + ../2configs/tinc/retiolum.nix ../2configs/temp-share-samba.nix ]; services.samba.shares = { @@ -39,7 +40,6 @@ in { }; #networking.firewall.enable = false; - krebs.retiolum.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; hardware.enableAllFirmware = true; diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix index 593f77378..c6966c99c 100644 --- a/makefu/1systems/filepimp.nix +++ b/makefu/1systems/filepimp.nix @@ -22,8 +22,8 @@ in { ../. ../2configs/fs/single-partition-ext4.nix ../2configs/smart-monitor.nix + ../2configs/tinc/retiolum.nix ]; - krebs.retiolum.enable = true; krebs.build.host = config.krebs.hosts.filepimp; # AMD N54L boot = { diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 17b2b5093..a4e2d1760 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -19,6 +19,7 @@ in { ../2configs/deployment/mycube.connector.one.nix ../2configs/exim-retiolum.nix + ../2configs/tinc/retiolum.nix ../2configs/urlwatch.nix ]; @@ -27,8 +28,7 @@ in { ###### stable krebs.build.host = config.krebs.hosts.gum; - krebs.retiolum = { - enable = true; + krebs.tinc.retiolum = { extraConfig = '' ListenAddress = ${external-ip} 53 ListenAddress = ${external-ip} 655 diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 8c24e0ff5..e11abd40d 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -47,12 +47,12 @@ in { #../2configs/graphite-standalone.nix #../2configs/share-user-sftp.nix ../2configs/omo-share.nix + ../2configs/tinc/retiolum.nix ## as long as pyload is not in nixpkgs: # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload ]; - krebs.retiolum.enable = true; networking.firewall.trustedInterfaces = [ primaryInterface ]; # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net # tcp:80 - nginx for sharing files diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index 4b8d39c89..a460a87e7 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -15,11 +15,12 @@ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ../2configs/fs/vm-single-partition.nix + ../2configs/tinc/retiolum.nix + # config.system.build.vm - <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> + (toString <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>) ]; - krebs.retiolum.enable = true; virtualisation.graphics = false; # also export secrets, see Usage above fileSystems = pkgs.lib.mkVMOverride { diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 2ab030916..b683e5630 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -38,8 +38,9 @@ #../2configs/wordpress.nix ../2configs/nginx/public_html.nix + ../2configs/tinc/retiolum.nix # temporary modules - # ../2configs/temp/share-samba.nix + ../2configs/temp/share-samba.nix # ../2configs/temp/elkstack.nix # ../2configs/temp/sabnzbd.nix ]; @@ -69,10 +70,9 @@ krebs.build.host = config.krebs.hosts.pornocauster; krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11"; - krebs.retiolum = { - enable = true; - connectTo = [ "omo" "gum" "prism" ]; - }; + + krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ]; + networking.extraHosts = '' 192.168.1.11 omo.local ''; diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix index bf6ff9fb6..7102b8f81 100644 --- a/makefu/1systems/repunit.nix +++ b/makefu/1systems/repunit.nix @@ -10,6 +10,7 @@ ../. <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ../2configs/git/cgit-retiolum.nix + ../2configs/tinc/retiolum.nix ]; krebs.build.host = config.krebs.hosts.repunit; @@ -31,14 +32,6 @@ { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; - krebs.retiolum = { - enable = true; - connectTo = [ - "gum" - "pigstarter" - "fastpoke" - ]; - }; # $ nix-env -qaP | grep wget environment.systemPackages = with pkgs; [ diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index 3a3ac9c7c..0e6ae6e17 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -13,6 +13,7 @@ in { ../2configs/save-diskspace.nix ../2configs/hw/CAC.nix ../2configs/fs/CAC-CentOS-7-64bit.nix + ../2configs/tinc/retiolum.nix ]; @@ -21,7 +22,6 @@ in { krebs = { enable = true; - retiolum.enable = true; build.host = config.krebs.hosts.shoney; nginx.enable = true; tinc_graphs = { diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index 302ba6f99..9809abf4c 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -17,9 +17,9 @@ ../2configs/zsh-user.nix ../2configs/exim-retiolum.nix + ../2configs/tinc/retiolum.nix ]; # not working in vm - krebs.retiolum.enable = true; krebs.build.host = config.krebs.hosts.tsp; networking.firewall.allowedTCPPorts = [ diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 3fcb173ce..129a06021 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -8,9 +8,10 @@ (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>) (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>) ../2configs/main-laptop.nix #< base-gui - # (toString <secrets>)/extra-hosts.nix + <secrets/extra-hosts.nix> # environment + ../2configs/tinc/retiolum.nix ]; # workaround for https://github.com/NixOS/nixpkgs/issues/16641 @@ -28,8 +29,15 @@ openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; }; }; + + environment.shellAliases = { + forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn"; + }; + # TODO: for forticleintsslpn + # ln -s /r/current-system/sw/bin/pppd /usr/sbin/pppd + # ln -s /r/current-system/sw/bin/tail /usr/bin/tail environment.systemPackages = with pkgs;[ - fortclientsslvpn + fortclientsslvpn ppp xclip get logstash docker @@ -45,13 +53,6 @@ 8010 ]; - krebs.retiolum = { - enable = true; - connectTo = [ - "omo" - "gum" - ]; - }; virtualisation.docker.enable = false; fileSystems."/media/share" = { diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 5788cb654..3764ab4b5 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -25,8 +25,9 @@ in { # collectd ../2configs/collectd/collectd-base.nix + + ../2configs/tinc/retiolum.nix ]; - krebs.retiolum.enable = true; krebs.build.host = config.krebs.hosts.wry; diff --git a/shared/1systems/test-all-krebs-modules.nix b/shared/1systems/test-all-krebs-modules.nix index 2034071f0..60d5f3252 100644 --- a/shared/1systems/test-all-krebs-modules.nix +++ b/shared/1systems/test-all-krebs-modules.nix @@ -38,7 +38,7 @@ in { }; nginx.enable = true; realwallpaper.enable = true; - retiolum.enable = true; + tinc.retiolum.enable = true; retiolum-bootstrap.enable = true; tinc_graphs.enable = true; urlwatch.enable = true; diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 180510066..3818cf2c5 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -15,14 +15,14 @@ in ../2configs/shared-buildbot.nix ../2configs/cgit-mirror.nix ../2configs/repo-sync.nix - # ../2configs/graphite.nix + ../2configs/graphite.nix ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) # local discovery in shackspace nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; - krebs.retiolum.extraConfig = "TCPOnly = yes"; + krebs.tinc.retiolum.extraConfig = "TCPOnly = yes"; services.grafana = { enable = true; addr = "0.0.0.0"; diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix index a92a0df35..5aa5897d7 100644 --- a/shared/2configs/base.nix +++ b/shared/2configs/base.nix @@ -3,7 +3,7 @@ with config.krebs.lib; { krebs.enable = true; - krebs.retiolum.enable = true; + krebs.tinc.retiolum.enable = true; # TODO rename shared user to "krebs" krebs.build.user = mkDefault config.krebs.users.shared; diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix index f79454157..7179be570 100644 --- a/tv/2configs/retiolum.nix +++ b/tv/2configs/retiolum.nix @@ -3,7 +3,7 @@ with config.krebs.lib; { - krebs.retiolum = { + krebs.tinc.retiolum = { enable = true; connectTo = filter (ne config.krebs.build.host.name) [ "gum" |