summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--0make/lass/cloudkrebs.makefile4
-rw-r--r--2configs/lass/git-repos.nix140
-rw-r--r--2configs/lass/mors/retiolum.nix21
-rw-r--r--default.nix2
-rw-r--r--krebs/3modules/default.nix (renamed from 3modules/krebs/default.nix)83
-rw-r--r--krebs/3modules/git.nix (renamed from 3modules/krebs/git.nix)6
-rw-r--r--krebs/3modules/github-hosts-sync.nix (renamed from 3modules/krebs/github-hosts-sync.nix)6
-rw-r--r--krebs/3modules/nginx.nix (renamed from 3modules/krebs/nginx.nix)0
-rw-r--r--krebs/3modules/retiolum.nix (renamed from 3modules/krebs/retiolum.nix)0
-rw-r--r--krebs/3modules/urlwatch.nix (renamed from 3modules/krebs/urlwatch.nix)0
-rw-r--r--krebs/4lib/default.nix (renamed from 4lib/krebs/default.nix)0
-rw-r--r--krebs/4lib/dns.nix (renamed from 4lib/krebs/dns.nix)0
-rw-r--r--krebs/4lib/listset.nix (renamed from 4lib/krebs/listset.nix)0
-rw-r--r--krebs/4lib/tree.nix (renamed from 4lib/krebs/tree.nix)0
-rw-r--r--krebs/4lib/types.nix (renamed from 4lib/krebs/types.nix)0
-rw-r--r--krebs/5pkgs/default.nix (renamed from Zpkgs/krebs/default.nix)0
-rw-r--r--krebs/5pkgs/dic.nix (renamed from Zpkgs/krebs/dic.nix)0
-rw-r--r--krebs/5pkgs/genid.nix (renamed from Zpkgs/krebs/genid.nix)0
-rw-r--r--krebs/5pkgs/github-hosts-sync.nix (renamed from Zpkgs/krebs/github-hosts-sync.nix)0
-rw-r--r--krebs/5pkgs/github-known_hosts.nix (renamed from Zpkgs/krebs/github-known_hosts.nix)0
-rw-r--r--krebs/5pkgs/hashPassword.nix (renamed from Zpkgs/krebs/hashPassword.nix)0
-rw-r--r--lass/1systems/cloudkrebs.nix46
-rw-r--r--lass/1systems/mors.nix (renamed from 1systems/lass/mors.nix)94
-rw-r--r--lass/1systems/uriel.nix (renamed from 1systems/lass/uriel.nix)69
-rw-r--r--lass/2configs/base.nix (renamed from 2configs/lass/base.nix)77
-rw-r--r--lass/2configs/binary-caches.nix (renamed from 2configs/lass/binary-caches.nix)0
-rw-r--r--lass/2configs/bird.nix (renamed from 2configs/lass/bird.nix)0
-rw-r--r--lass/2configs/bitcoin.nix (renamed from 2configs/lass/bitcoin.nix)0
-rw-r--r--lass/2configs/browsers.nix (renamed from 2configs/lass/browsers.nix)0
-rw-r--r--lass/2configs/chromium-patched.nix (renamed from 2configs/lass/chromium-patched.nix)0
-rw-r--r--lass/2configs/desktop-base.nix (renamed from 2configs/lass/desktop-base.nix)6
-rw-r--r--lass/2configs/elster.nix (renamed from 2configs/lass/elster.nix)0
-rw-r--r--lass/2configs/fastpoke-pages.nix97
-rw-r--r--lass/2configs/games.nix (renamed from 2configs/lass/games.nix)0
-rw-r--r--lass/2configs/gitolite-base.nix (renamed from 2configs/lass/gitolite-base.nix)0
-rw-r--r--lass/2configs/identity.nix50
-rw-r--r--lass/2configs/ircd.nix (renamed from 2configs/lass/ircd.nix)0
-rw-r--r--lass/2configs/mors/repos.nix (renamed from 2configs/lass/mors/repos.nix)0
-rw-r--r--lass/2configs/new-repos.nix77
-rw-r--r--lass/2configs/pass.nix (renamed from 2configs/lass/pass.nix)0
-rw-r--r--lass/2configs/programs.nix (renamed from 2configs/lass/programs.nix)0
-rw-r--r--lass/2configs/retiolum.nix28
-rw-r--r--lass/2configs/sshkeys.nix (renamed from 2configs/lass/sshkeys.nix)2
-rw-r--r--lass/2configs/steam.nix (renamed from 2configs/lass/steam.nix)0
-rw-r--r--lass/2configs/texlive.nix (renamed from 2configs/lass/texlive.nix)0
-rw-r--r--lass/2configs/urxvt.nix (renamed from 2configs/lass/urxvt.nix)4
-rw-r--r--lass/2configs/vim.nix (renamed from 2configs/lass/vim.nix)0
-rw-r--r--lass/2configs/virtualbox.nix (renamed from 2configs/lass/virtualbox.nix)0
-rw-r--r--lass/2configs/wine.nix (renamed from 2configs/lass/wine.nix)0
-rw-r--r--lass/3modules/default.nix8
-rw-r--r--lass/3modules/iptables.nix (renamed from 3modules/lass/iptables.nix)2
-rw-r--r--lass/3modules/sshkeys.nix (renamed from 3modules/lass/sshkeys.nix)0
-rw-r--r--lass/3modules/urxvtd.nix (renamed from 3modules/lass/urxvtd.nix)0
-rw-r--r--lass/3modules/xresources.nix (renamed from 3modules/lass/xresources.nix)2
-rw-r--r--tv/4lib/default.nix2
-rw-r--r--tv/5pkgs/default.nix4
56 files changed, 520 insertions, 310 deletions
diff --git a/0make/lass/cloudkrebs.makefile b/0make/lass/cloudkrebs.makefile
new file mode 100644
index 000000000..baf7660b4
--- /dev/null
+++ b/0make/lass/cloudkrebs.makefile
@@ -0,0 +1,4 @@
+deploy_host := root@cloudkrebs
+nixpkgs_url := https://github.com/Lassulus/nixpkgs
+nixpkgs_rev := 1879a011925c561f0a7fd4043da0768bbff41d0b
+secrets_dir := /home/lass/secrets/cloudkrebs
diff --git a/2configs/lass/git-repos.nix b/2configs/lass/git-repos.nix
deleted file mode 100644
index c0c305b85..000000000
--- a/2configs/lass/git-repos.nix
+++ /dev/null
@@ -1,140 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- inherit (builtins) map readFile;
- inherit (lib) concatMap listToAttrs;
- # TODO lib should already include our stuff
- inherit (import ../../4lib/tv { inherit lib pkgs; }) addNames git;
-
- x-repos = [
- (krebs-private "brain")
-
- (public "painload")
- (public "shitment")
- (public "wai-middleware-time")
- (public "web-routes-wai-custom")
-
- (secret "pass")
-
- (tv-lass "emse-drywall")
- (tv-lass "emse-hsdb")
- ];
-
- users = addNames {
- tv = { pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub; };
- lass = { pubkey = readFile ../../Zpubkeys/lass.ssh.pub; };
- uriel = { pubkey = readFile ../../Zpubkeys/uriel.ssh.pub; };
- makefu = { pubkey = readFile ../../Zpubkeys/makefu.ssh.pub; };
- };
-
- repos = listToAttrs (map ({ repo, ... }: { name = repo.name; value = repo; }) x-repos);
-
- rules = concatMap ({ rules, ... }: rules) x-repos;
-
- krebs-private = repo-name:
- rec {
- repo = {
- name = repo-name;
- hooks = {
- post-receive = git.irc-announce {
- nick = config.networking.hostName; # TODO make this the default
- channel = "#retiolum";
- server = "ire.retiolum";
- };
- };
- };
- rules = with git; with users; [
- { user = lass;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- }
- { user = [ tv makefu uriel ];
- repo = [ repo ];
- perm = fetch;
- }
- ];
- };
-
- public = repo-name:
- rec {
- repo = {
- name = repo-name;
- hooks = {
- post-receive = git.irc-announce {
- nick = config.networking.hostName; # TODO make this the default
- channel = "#retiolum";
- server = "ire.retiolum";
- };
- };
- public = true;
- };
- rules = with git; with users; [
- { user = lass;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- }
- { user = [ tv makefu uriel ];
- repo = [ repo ];
- perm = fetch;
- }
- ];
- };
-
- secret = repo-name:
- rec {
- repo = {
- name = repo-name;
- hooks = {};
- };
- rules = with git; with users; [
- { user = lass;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- }
- { user = [ uriel ];
- repo = [ repo ];
- perm = fetch;
- }
- ];
- };
-
- tv-lass = repo-name:
- rec {
- repo = {
- name = repo-name;
- hooks = {};
- };
- rules = with git; with users; [
- { user = lass;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- }
- { user = [ tv ];
- repo = [ repo ];
- perm = fetch;
- }
- ];
- };
-
-in
-
-{
- imports = [
- ../../3modules/tv/git.nix
- ../../3modules/lass/iptables.nix
- ];
-
- tv.git = {
- enable = true;
- inherit repos rules users;
- };
-
- lass.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
- ];
- };
- };
-
-}
diff --git a/2configs/lass/mors/retiolum.nix b/2configs/lass/mors/retiolum.nix
deleted file mode 100644
index 1148bee9c..000000000
--- a/2configs/lass/mors/retiolum.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, pkgs, ... }:
-
-{
- imports = [
- ../tv/retiolum
- ];
-
- tv.retiolum = {
- enable = true;
- hosts = <retiolum-hosts>;
- privateKeyFile = "/etc/nixos/secrets/mors.retiolum.rsa_key.priv";
- connectTo = [
- "fastpoke"
- "gum"
- "ire"
- ];
- };
-
- networking.firewall.allowedTCPPorts = [ 655 ];
- networking.firewall.allowedUDPPorts = [ 655 ];
-}
diff --git a/default.nix b/default.nix
index 0ee1c3d05..59a76f81b 100644
--- a/default.nix
+++ b/default.nix
@@ -7,7 +7,7 @@ let
modules = map (p: ./. + "/${p}") [
"${user-name}/1systems/${system-name}.nix"
"${user-name}/3modules"
- "3modules/krebs"
+ "krebs/3modules"
];
};
diff --git a/3modules/krebs/default.nix b/krebs/3modules/default.nix
index 9e25df0bf..668d66ccf 100644
--- a/3modules/krebs/default.nix
+++ b/krebs/3modules/default.nix
@@ -1,6 +1,6 @@
{ config, lib, ... }:
-with import ../../4lib/krebs { inherit lib; };
+with import ../4lib { inherit lib; };
let
cfg = config.krebs;
@@ -188,6 +188,87 @@ let
lass-imp = {
hosts = addNames {
+ cloudkrebs = {
+ cores = 1;
+ dc = "lass"; #dc = "cac";
+ nets = rec {
+ internet = {
+ addrs4 = ["104.167.113.104"];
+ aliases = [
+ "cloudkrebs.internet"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.206.102"];
+ addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f762"];
+ aliases = [
+ "cloudkrebs.retiolum"
+ "cgit.cloudkrebs.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAttUygCu7G6lIA9y+9rfTpLKIy2UgNDglUVoKZYLs8JPjtAtQVbtA
+ OcWwwPc8ijLQvwJWa8e/shqSzSIrtOe+HJbRGdXLdBLtOuLKpz+ZFHcS+95RS5aF
+ QTehg+QY7pvhbrrwKX936tkMR568suTQG6C8qNC/5jWYO/wIxFMhnQ2iRRKQOq1v
+ 3aGGPC16KeXKVioY9KoV98S3n1rZW1JK07CIsZU4qb5txtLlW6FplJ7UmhVku1WC
+ sgOOj9yi6Zk1t8R2Pwv9gxa3Hc270voj5U+I2hgLV/LjheE8yhQgYHEA4vXerPdO
+ TGSATlSmMtE2NYGrKsLM7pKn286aSpXinwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ uriel = {
+ cores = 1;
+ dc = "lass";
+ nets = rec {
+ retiolum = {
+ addrs4 = ["10.243.81.176"];
+ addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"];
+ aliases = [
+ "uriel.retiolum"
+ "cgit.uriel.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAzw0pvoEmqeqiZrzSOPH0IT99gr1rrvMZbvabXoU4MAiVgGoGrkmR
+ duJkk8Fj12ftMc+Of1gnwDkFhRcfAKOeH1RSc4CTircWVq99WyecTwEZoaR/goQb
+ MND022kIBoG6NQNxv1Y5I1B/h7hfloMFEPym9oFtOAXoGhBY2vVl4g64NNz+RLME
+ m1RipLXKANAh6LRNPGPQCUYX4TVY2ZJVxM3CM1XdomUAdOYXJmWFyUg9NcIKaacx
+ uRrmuy7J9yFBcihZX5Y7NV361kINrpRmZYxJRf9cr0hb5EkJJ7bMIKQMEFQ5RnYo
+ u7MPGKD7aNHa6hLLCeIfJ5u0igVmSLh3pwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ mors = {
+ cores = 2;
+ dc = "lass";
+ nets = rec {
+ retiolum = {
+ addrs4 = ["10.243.0.2"];
+ addrs6 = ["42:0:0:0:0:0:0:dea7"];
+ aliases = [
+ "mors.retiolum"
+ "cgit.mors.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAsj1PCibKOfF68gmFQ+wwyfhUWpqKqpznrJX1dZ+daae7l7nBHvsE
+ H0QwkiMmk3aZy1beq3quM6gX13aT+/wMfWnLyuvT11T5C9JEf/IS91STpM2BRN+R
+ +P/DhbuDcW4UsdEe6uwQDGEJbXRN5ZA7GI0bmcYcwHJ9SQmW5v7P9Z3oZ+09hMD+
+ 1cZ3HkPN7weSdMLMPpUpmzCsI92cXGW0xRC4iBEt1ZeBwjkLCRsBFBGcUMuKWwVa
+ 9sovca0q3DUar+kikEKVrVy26rZUlGuBLobMetDGioSawWkRSxVlfZvTHjAK5JzU
+ O6y6hj0yQ1sp6W2JjU8ntDHf63aM71dB9QIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ };
+
};
users = addNames {
lass = {
diff --git a/3modules/krebs/git.nix b/krebs/3modules/git.nix
index 604645189..64b7820b2 100644
--- a/3modules/krebs/git.nix
+++ b/krebs/3modules/git.nix
@@ -6,15 +6,11 @@
# TODO when authorized_keys changes, then restart ssh
# (or kill already connected users somehow)
-with import ../../4lib/krebs { inherit lib; };
+with import ../4lib { inherit lib; };
let
cfg = config.krebs.git;
out = {
- # TODO don't import krebs.nginx here
- imports = [
- ../../3modules/krebs/nginx.nix
- ];
options.krebs.git = api;
config = mkIf cfg.enable (mkMerge [
(mkIf cfg.cgit cgit-imp)
diff --git a/3modules/krebs/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix
index c3b56ef94..0274b9d15 100644
--- a/3modules/krebs/github-hosts-sync.nix
+++ b/krebs/3modules/github-hosts-sync.nix
@@ -61,9 +61,9 @@ let
${cfg.ssh-identity-file} \
"$ssh_identity_file_target"
- ln -snf ${Zpkgs.github-known_hosts} ${cfg.dataDir}/.ssh/known_hosts
+ ln -snf ${kpkgs.github-known_hosts} ${cfg.dataDir}/.ssh/known_hosts
'';
- ExecStart = "${Zpkgs.github-hosts-sync}/bin/github-hosts-sync";
+ ExecStart = "${kpkgs.github-hosts-sync}/bin/github-hosts-sync";
};
};
@@ -78,6 +78,6 @@ let
uid = 3220554646; # genid github-hosts-sync
};
- Zpkgs = import ../../Zpkgs/krebs { inherit pkgs; };
+ kpkgs = import ../../krebs/5pkgs { inherit pkgs; };
in
out
diff --git a/3modules/krebs/nginx.nix b/krebs/3modules/nginx.nix
index 702e8a7f6..702e8a7f6 100644
--- a/3modules/krebs/nginx.nix
+++ b/krebs/3modules/nginx.nix
diff --git a/3modules/krebs/retiolum.nix b/krebs/3modules/retiolum.nix
index 481d6565c..481d6565c 100644
--- a/3modules/krebs/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
diff --git a/3modules/krebs/urlwatch.nix b/krebs/3modules/urlwatch.nix
index 39d9fec54..39d9fec54 100644
--- a/3modules/krebs/urlwatch.nix
+++ b/krebs/3modules/urlwatch.nix
diff --git a/4lib/krebs/default.nix b/krebs/4lib/default.nix
index b67585335..b67585335 100644
--- a/4lib/krebs/default.nix
+++ b/krebs/4lib/default.nix
diff --git a/4lib/krebs/dns.nix b/krebs/4lib/dns.nix
index b2cf3c24c..b2cf3c24c 100644
--- a/4lib/krebs/dns.nix
+++ b/krebs/4lib/dns.nix
diff --git a/4lib/krebs/listset.nix b/krebs/4lib/listset.nix
index 3aae22f20..3aae22f20 100644
--- a/4lib/krebs/listset.nix
+++ b/krebs/4lib/listset.nix
diff --git a/4lib/krebs/tree.nix b/krebs/4lib/tree.nix
index 1cd83b3f6..1cd83b3f6 100644
--- a/4lib/krebs/tree.nix
+++ b/krebs/4lib/tree.nix
diff --git a/4lib/krebs/types.nix b/krebs/4lib/types.nix
index 92410dd58..92410dd58 100644
--- a/4lib/krebs/types.nix
+++ b/krebs/4lib/types.nix
diff --git a/Zpkgs/krebs/default.nix b/krebs/5pkgs/default.nix
index 231fda797..231fda797 100644
--- a/Zpkgs/krebs/default.nix
+++ b/krebs/5pkgs/default.nix
diff --git a/Zpkgs/krebs/dic.nix b/krebs/5pkgs/dic.nix
index 571773d22..571773d22 100644
--- a/Zpkgs/krebs/dic.nix
+++ b/krebs/5pkgs/dic.nix
diff --git a/Zpkgs/krebs/genid.nix b/krebs/5pkgs/genid.nix
index c75bec317..c75bec317 100644
--- a/Zpkgs/krebs/genid.nix
+++ b/krebs/5pkgs/genid.nix
diff --git a/Zpkgs/krebs/github-hosts-sync.nix b/krebs/5pkgs/github-hosts-sync.nix
index d69b2b12b..d69b2b12b 100644
--- a/Zpkgs/krebs/github-hosts-sync.nix
+++ b/krebs/5pkgs/github-hosts-sync.nix
diff --git a/Zpkgs/krebs/github-known_hosts.nix b/krebs/5pkgs/github-known_hosts.nix
index 302fdd8d5..302fdd8d5 100644
--- a/Zpkgs/krebs/github-known_hosts.nix
+++ b/krebs/5pkgs/github-known_hosts.nix
diff --git a/Zpkgs/krebs/hashPassword.nix b/krebs/5pkgs/hashPassword.nix
index a10340cc4..a10340cc4 100644
--- a/Zpkgs/krebs/hashPassword.nix
+++ b/krebs/5pkgs/hashPassword.nix
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
new file mode 100644
index 000000000..a60024b03
--- /dev/null
+++ b/lass/1systems/cloudkrebs.nix
@@ -0,0 +1,46 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ../../2configs/tv/CAC-Developer-2.nix
+ ../../2configs/tv/CAC-CentOS-7-64bit.nix
+ ../../2configs/lass/base.nix
+ ../../2configs/lass/retiolum.nix
+ ../../2configs/lass/fastpoke-pages.nix
+ ../../2configs/lass/new-repos.nix
+ {
+ networking.interfaces.enp2s1.ip4 = [
+ {
+ address = "104.167.113.104";
+ prefixLength = 24;
+ }
+ ];
+ networking.defaultGateway = "104.167.113.1";
+ networking.nameservers = [
+ "8.8.8.8"
+ ];
+
+ }
+ ];
+
+ krebs.build = {
+ user = config.krebs.users.lass;
+ target = "root@cloudkrebs";
+ host = config.krebs.hosts.cloudkrebs;
+ deps = {
+ nixpkgs = {
+ url = https://github.com/Lassulus/nixpkgs;
+ rev = "1879a011925c561f0a7fd4043da0768bbff41d0b";
+ };
+ secrets = {
+ url = "/home/lass/secrets/${config.krebs.build.host.name}";
+ };
+ stockholm = {
+ url = toString ../..;
+ };
+ };
+ };
+
+ networking.hostName = "cloudkrebs";
+
+}
diff --git a/1systems/lass/mors.nix b/lass/1systems/mors.nix
index 940dc4fdb..5bef56682 100644
--- a/1systems/lass/mors.nix
+++ b/lass/1systems/mors.nix
@@ -2,44 +2,43 @@
{
imports = [
- ../../2configs/lass/desktop-base.nix
- ../../2configs/lass/programs.nix
- ../../2configs/lass/bitcoin.nix
- ../../2configs/lass/browsers.nix
- ../../2configs/lass/games.nix
- ../../2configs/lass/pass.nix
- ../../2configs/lass/vim.nix
- ../../2configs/lass/virtualbox.nix
- ../../2configs/lass/elster.nix
- ../../2configs/lass/urxvt.nix
- ../../2configs/lass/steam.nix
- ../../2configs/lass/wine.nix
- ../../2configs/lass/texlive.nix
- ../../2configs/lass/binary-caches.nix
- ../../2configs/lass/ircd.nix
- ../../2configs/lass/chromium-patched.nix
- ../../2configs/lass/git-repos.nix
- ../../2configs/tv/synaptics.nix
- ../../2configs/tv/exim-retiolum.nix
- {
- imports = [ ../../3modules/tv/retiol