diff options
43 files changed, 503 insertions, 313 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index ec85464df..82ede952d 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -90,11 +90,11 @@ let }; imp = lib.mkMerge [ - { krebs = import ./lass { inherit config lib; }; } - { krebs = import ./makefu { inherit config lib; }; } - { krebs = import ./mv { inherit config lib; }; } - { krebs = import ./shared { inherit config lib; }; } - { krebs = import ./tv { inherit config lib; }; } + { krebs = import ./lass { inherit config; }; } + { krebs = import ./makefu { inherit config; }; } + { krebs = import ./mv { inherit config; }; } + { krebs = import ./shared { inherit config; }; } + { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { "krebsco.de" = "zones"; @@ -130,7 +130,9 @@ let shorts = let s = ".${cfg.search-domain}"; in map (removeSuffix s) (filter (hasSuffix s) longs); in - map (addr: "${addr} ${toString aliases}") net.addrs + optionals + (aliases != []) + (map (addr: "${addr} ${toString aliases}") net.addrs) ) (filterAttrs (name: host: host.aliases != []) host.nets) ) cfg.hosts )); diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index ad1221e8e..5af1e37cd 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, ... }: with import <stockholm/lib>; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 7317e0b60..ff187b878 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, ... }: with import <stockholm/lib>; diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix index 50cf72ef9..0779feede 100644 --- a/krebs/3modules/os-release.nix +++ b/krebs/3modules/os-release.nix @@ -13,7 +13,7 @@ let version-id = "${stockholm-version-id}/${nixos-version-id}"; pretty-name = "${stockholm-pretty-name} / ${nixos-pretty-name}"; - home-url = http://cgit.cd.krebsco.de/stockholm; + home-url = http://cgit.ni.krebsco.de/stockholm; in { # http://0pointer.de/public/systemd-man/os-release.html diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index fddaed9e3..0a3d7ed2f 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -79,6 +79,15 @@ let ''; }; + hostsArchive = mkOption { + type = types.package; + default = pkgs.runCommand "retiolum-hosts.tar.bz2" {} '' + ${pkgs.coreutils}/bin/ln -s ${tinc.config.hostsPackage} hosts + ${pkgs.gnutar}/bin/tar -hcjf $out hosts + ''; + readOnly = true; + }; + hostsPackage = mkOption { type = types.package; default = pkgs.stdenv.mkDerivation { @@ -125,7 +134,11 @@ let connectTo = mkOption { type = types.listOf types.str; - default = [ "fastpoke" "cd" "prism" "gum" ]; + ${if tinc.config.netname == "retiolum" then "default" else null} = [ + "gum" + "ni" + "prism" + ]; description = '' The list of hosts in the network which the client will try to connect to. These hosts should have an 'Address' configured which points to a diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 0e7535e6c..8e266e1b3 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -78,11 +78,7 @@ with import <stockholm/lib>; extraZones = { # TODO generate krebsco.de zone from nets and don't use extraZones at all "krebsco.de" = '' - krebsco.de. 60 IN MX 5 mx23 - mx23 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} - cgit 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} - cgit.cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} ''; }; nets = { @@ -90,11 +86,7 @@ with import <stockholm/lib>; ip4.addr = "45.62.237.203"; aliases = [ "cd.i" - "cd.internet" "cd.krebsco.de" - "cgit.cd.krebsco.de" - "cd.viljetic.de" - "cgit.cd.viljetic.de" ]; ssh.port = 11423; }; @@ -218,6 +210,53 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1vJsAddvxMA84u9iJEOrIkKn7pQiemMbfW5cfK1d7g root@mu"; }; + ni = { + extraZones = { + "krebsco.de" = '' + krebsco.de. 60 IN MX 5 ni + ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} + cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} + cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} + ''; + }; + nets = { + internet = { + ip4.addr = "188.68.36.196"; + aliases = [ + "cgit.ni.i" + "ni.i" + ]; + ssh.port = 11423; + }; + retiolum = { + via = config.krebs.hosts.ni.nets.internet; + ip4.addr = "10.243.113.223"; + ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af4"; + aliases = [ + "ni.r" + "ni.retiolum" + "cgit.ni.r" + "cgit.ni.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA7NHuW8eLVhpBfL70WwcSGVmv4dijKLJs5cH/BmqK8zN2lpiLKt12 + bhaE1YEhGoGma7Kef1Fa0V9xUkJy6C1+sVlfWp/LeY8VRSX5E3u36TEl6kl/4zu6 + Ea/44BoGUSOC9ImxVEX51czA10PFjUSrGFyK0oaRlKNsTwwpNiBOY7/6i74bhn59 + OIsySRUBd2QPjYhJkiuc7gltVfwt6wteZh8R4w2rluVGYLQPsmN/XEWgJbhzI4im + W+3/bdewHVF1soZWtdocPLeXTn5HETX5g8p2V3bwYL37oIwkCcYxOeQtT7W+lNJ2 + NvIiVh4Phojl4dBUgUQGT0NApMnsaG/4LJpSC4AGiqbsznBdSPhepob7zJggPnWY + nfAs+YrUUZp1wovhSgWfYTRglRuyYvWkoGbq411H1efawyZ0gcMr+HQlSn2keQOv + lbcvdgOAxQiEcPVixPq3mTeKaSxWyIJGFceuqtnILGifRNvViX0uo9g5rLQ41PrJ + 9F3azz3gD2Uh73j5pvLU72cge7p1a7epPYWTJYf8oc5JcI3nYTKpSqH8IYaWUjv9 + q0NwOYFDhYtUcTwdbUNl/tUWKyBcovIe7f40723pHSijiPV2WDZC2M/mOc3dvWKF + Mf00uin+7uMuKtnG6+1z5nKb/AWrqN1RZu0rnG/IkZPKwa19HYsYcOkCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGDdcKwFm6udU0/x6XGGb87k9py0VlrxF54HeYu9Izb"; + }; nomic = { cores = 2; nets = { diff --git a/krebs/5pkgs/cac-api/default.nix b/krebs/5pkgs/cac-api/default.nix index 85a906e1d..e2bd8c148 100644 --- a/krebs/5pkgs/cac-api/default.nix +++ b/krebs/5pkgs/cac-api/default.nix @@ -4,7 +4,7 @@ stdenv.mkDerivation { name = "cac-api-1.1.2"; src = fetchgit { - url = http://cgit.cd.krebsco.de/cac-api; + url = http://cgit.ni.krebsco.de/cac-api; rev = "67e93510e7742acae44db30275abbfe671aa9b7b"; sha256 = "1vxh57j7vrq5sg9j1sam0538kkkhqpgf230vvdz2ifzgkj01z27l"; }; diff --git a/krebs/5pkgs/get/default.nix b/krebs/5pkgs/get/default.nix index 7dda86601..83f6b0228 100644 --- a/krebs/5pkgs/get/default.nix +++ b/krebs/5pkgs/get/default.nix @@ -4,7 +4,7 @@ stdenv.mkDerivation { name = "get-1.4.1"; src = fetchgit { - url = http://cgit.cd.krebsco.de/get; + url = http://cgit.ni.krebsco.de/get; rev = "41c0c35805ec1708729f73d14650d8ebc94a405b"; sha256 = "0rx1qsbb4py14795yhhqwlvaibj2569fqm7x2671l868xi59h9f9"; }; diff --git a/krebs/5pkgs/github-hosts-sync/default.nix b/krebs/5pkgs/github-hosts-sync/default.nix index 0dcbe7fd8..bc4c58bb0 100644 --- a/krebs/5pkgs/github-hosts-sync/default.nix +++ b/krebs/5pkgs/github-hosts-sync/default.nix @@ -1,13 +1,9 @@ -{ stdenv, fetchgit, pkgs, ... }: +{ pkgs, stdenv, ... }: stdenv.mkDerivation { name = "github-hosts-sync"; - src = fetchgit { - url = https://github.com/krebscode/painload; - rev = "35ccac73d563ad30d2851b9aeed4cfef69ff74e3"; - sha256 = "1y1fs2p3xj2yrqpw0h5kd0f3c5p1y70xk1hjnw99sr33r67s9c35"; - }; + src = pkgs.painload; phases = [ "unpackPhase" diff --git a/krebs/5pkgs/haskell-overrides/blessings.nix b/krebs/5pkgs/haskell-overrides/blessings.nix index ba776b352..5fb57a332 100644 --- a/krebs/5pkgs/haskell-overrides/blessings.nix +++ b/krebs/5pkgs/haskell-overrides/blessings.nix @@ -3,7 +3,7 @@ mkDerivation { pname = "blessings"; version = "1.0.0"; src = fetchgit { - url = http://cgit.cd.krebsco.de/blessings; + url = http://cgit.ni.krebsco.de/blessings; rev = "25a510dcb38ea9158e9969d56eb66cb1b860ab5f"; sha256 = "0xg329h1y68ndg4w3m1jp38pkg3gqg7r19q70gqqj4mswb6qcrqc"; }; diff --git a/krebs/5pkgs/haskell-overrides/hyphenation.nix b/krebs/5pkgs/haskell-overrides/hyphenation.nix new file mode 100644 index 000000000..6e5fe9455 --- /dev/null +++ b/krebs/5pkgs/haskell-overrides/hyphenation.nix @@ -0,0 +1,17 @@ +# Same as upstream but with doCheck = false because doctest has wrong version. +{ mkDerivation, base, bytestring, containers, directory +, filepath, unordered-containers, zlib, stdenv +}: +mkDerivation { + pname = "hyphenation"; + version = "0.6"; + sha256 = "2f673666c18f63581422f7c6389b78b0ff754406671296a3d680d417942512f7"; + libraryHaskellDepends = [ + base bytestring containers unordered-containers zlib + ]; + homepage = "http://github.com/ekmett/hyphenation"; + description = "Configurable Knuth-Liang hyphenation"; + license = stdenv.lib.licenses.bsd3; + hydraPlatforms = stdenv.lib.platforms.none; + doCheck = false; +} diff --git a/krebs/5pkgs/haskell-overrides/scanner.nix b/krebs/5pkgs/haskell-overrides/scanner.nix index 5146fa41d..071fd757f 100644 --- a/krebs/5pkgs/haskell-overrides/scanner.nix +++ b/krebs/5pkgs/haskell-overrides/scanner.nix @@ -3,7 +3,7 @@ mkDerivation { pname = "scanner"; version = "1.0.0"; src = fetchgit { - url = http://cgit.cd.krebsco.de/scanner; + url = http://cgit.ni.krebsco.de/scanner; rev = "7f091a3bc152ad3974a1873b460fa1759bf8dcad"; sha256 = "1lgl158axczsm4fx53fyq1d4116v91jsx4dbz66ka4k1ljqrmhgn"; }; diff --git a/krebs/5pkgs/haskell-overrides/xmonad-stockholm.nix b/krebs/5pkgs/haskell-overrides/xmonad-stockholm.nix index 12eab943d..bf19e7d66 100644 --- a/krebs/5pkgs/haskell-overrides/xmonad-stockholm.nix +++ b/krebs/5pkgs/haskell-overrides/xmonad-stockholm.nix @@ -5,7 +5,7 @@ mkDerivation { pname = "xmonad-stockholm"; version = "1.1.0"; src = fetchgit { - url = http://cgit.cd.krebsco.de/xmonad-stockholm; + url = http://cgit.ni.krebsco.de/xmonad-stockholm; rev = "179d29fd4c765dee698058ef63295331ac603639"; sha256 = "0c6mj68xsxxr4j8adkzhjszi7bg6cpisrsmqn587a16sblpbrnkj"; }; diff --git a/krebs/5pkgs/much/default.nix b/krebs/5pkgs/much/default.nix index 61a58b01b..aa3c56fe0 100644 --- a/krebs/5pkgs/much/default.nix +++ b/krebs/5pkgs/much/default.nix @@ -12,7 +12,7 @@ mkDerivation { pname = "much"; version = "1.0.0"; src = fetchgit { - url = "http://cgit.cd.krebsco.de/much"; + url = "http://cgit.ni.krebsco.de/much"; rev = "045dc986b4de225a927175f81c8ccfdab450202c"; sha256 = "17jbw7x82a3bgn1qv5k764f103knrf865dmx48h7192vdh8gz766"; }; diff --git a/krebs/5pkgs/painload/default.nix b/krebs/5pkgs/painload/default.nix new file mode 100644 index 000000000..10fd379c0 --- /dev/null +++ b/krebs/5pkgs/painload/default.nix @@ -0,0 +1,7 @@ +{ fetchgit, ... }: + +fetchgit { + url = https://github.com/krebscode/painload; + rev = "8df031f810a2776d8c43b03a9793cb49398bd33b"; + sha256 = "03md5k6fmz0j1ny22iw96dzq7cvijbz24ii85i0h2dhcychdp650"; +} diff --git a/krebs/5pkgs/populate/default.nix b/krebs/5pkgs/populate/default.nix index dc5750bda..3ec432229 100644 --- a/krebs/5pkgs/populate/default.nix +++ b/krebs/5pkgs/populate/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { version = "1.2.0"; src = fetchgit { - url = http://cgit.cd.krebsco.de/populate; + url = http://cgit.ni.krebsco.de/populate; rev = "refs/tags/v${version}"; sha256 = "0q3110hkkxn9bc3a63xbx1hyd1fpzz4wrck4lng3j5a9i1y1jm07"; }; diff --git a/krebs/5pkgs/push/default.nix b/krebs/5pkgs/push/default.nix index 9a627fe36..2e0291aac 100644 --- a/krebs/5pkgs/push/default.nix +++ b/krebs/5pkgs/push/default.nix @@ -13,7 +13,7 @@ stdenv.mkDerivation { name = "push-1.1.2"; src = fetchgit { - url = http://cgit.cd.krebsco.de/push; + url = http://cgit.ni.krebsco.de/push; rev = "da5b3a4b05ef822cc41d36b6cc2071a2e78506d4"; sha256 = "0gfxz207lm11g77rw02jcqpvzhx07j9hzgjgscbmslzl5r8icd6g"; }; diff --git a/krebs/5pkgs/with-tmpdir/default.nix b/krebs/5pkgs/with-tmpdir/default.nix index 517e46310..9862671f8 100644 --- a/krebs/5pkgs/with-tmpdir/default.nix +++ b/krebs/5pkgs/with-tmpdir/default.nix @@ -4,7 +4,7 @@ stdenv.mkDerivation { name = "with-tmpdir-1"; src = fetchgit { - url = http://cgit.cd.krebsco.de/with-tmpdir; + url = http://cgit.ni.krebsco.de/with-tmpdir; rev = "3243c02ed8cd27a04c080bd39560204980f6c16a"; sha256 = "80ee6cafb2c337999ddcd1e41747d6256b7cfcea605358c2046eb7e3729555c6"; }; diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 5da66d265..555e7fe1a 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -229,6 +229,9 @@ in { enable = true; }; } + { + virtualisation.libvirtd.enable = true; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 9d1df1d72..095898380 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -75,6 +75,10 @@ with import <stockholm/lib>; fsType = "tmpfs"; options = ["nosuid" "nodev" "noatime"]; }; + "/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 00911cf9e..cf3354fd7 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -25,20 +25,6 @@ in { pollinterval=120)) ''; scheduler = { - force-scheduler = '' - sched.append(schedulers.ForceScheduler( - name="force", - builderNames=["fast-tests"])) - ''; - fast-tests-scheduler = '' - # test everything real quick - sched.append(schedulers.SingleBranchScheduler( - ## all branches - change_filter=util.ChangeFilter(branch_re=".*"), - treeStableTimer=10, - name="fast-all-branches", - builderNames=["fast-tests"])) - ''; build-scheduler = '' # build all hosts sched.append(schedulers.SingleBranchScheduler( @@ -113,43 +99,6 @@ in { ''; - fast-tests = '' - f = util.BuildFactory() - f.addStep(grab_repo) - for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: - addShell(f,name="build-{}".format(i),env=env_lass, - command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=eval \ - system={}".format(i)]) - - for i in [ "x", "wry", "vbob", "wbob", "shoney" ]: - addShell(f,name="build-{}".format(i),env=env_makefu, - command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=eval \ - system={}".format(i)]) - - for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf" ]: - addShell(f,name="build-{}".format(i),env=env_shared, - command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=eval \ - system={}".format(i)]) - - bu.append(util.BuilderConfig(name="fast-tests", - slavenames=slavenames, - factory=f)) - ''; build-pkgs = '' f = util.BuildFactory() f.addStep(grab_repo) @@ -212,7 +161,7 @@ in { irc = { enable = true; nick = "buildbot-lass"; - server = "cd.retiolum"; + server = "ni.r"; channels = [ { channels = "retiolum"; } ]; allowForce = true; }; diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 06cae734e..57950e1b7 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -54,7 +54,7 @@ let # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; channel = "#retiolum"; - server = "cd.retiolum"; + server = "ni.r"; verbose = config.krebs.build.host.name == "prism"; branches = [ "master" ]; }; diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index f2e4de6a7..baa4bb380 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -15,7 +15,7 @@ let nick = config.networking.hostName; verbose = false; channel = "#retiolum"; - server = "cd.retiolum"; + server = "ni.r"; branches = [ "newest" ]; }; }); @@ -41,7 +41,7 @@ let mirror.url = "${mirror}${name}"; }; tv = { - origin.url = "http://cgit.cd/${name}"; + origin.url = "http://cgit.ni.i/${name}"; mirror.url = "${mirror}${name}"; }; lassulus = { diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index fa56d0e12..2a6df06ff 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -103,27 +103,6 @@ in { "o_ubikmedia_de" ]; - krebs.backup.plans = { - prism-sql-domsen = { - method = "push"; - src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-sql"; }; - startAt = "00:01"; - }; - prism-http-domsen = { - method = "push"; - src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-http"; }; - startAt = "00:10"; - }; - prism-o-ubikmedia-domsen = { - method = "push"; - src = { host = config.krebs.hosts.prism; path = "/srv/o.ubikmedia.de-data"; }; - dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-owncloud"; }; - startAt = "00:30"; - }; - }; - services.phpfpm.phpOptions = '' sendmail_path = ${sendmail} -t upload_max_filesize = 100M diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index b8342e148..29374e97d 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -37,6 +37,31 @@ in { }; }; + krebs.tinc_graphs.enable = true; + + users.users.lass-stuff = { + uid = genid "lass-stuff"; + description = "lassul.us blog cgi stuff"; + home = "/var/empty"; + }; + + services.phpfpm.poolConfigs."lass-stuff" = '' + listen = /var/run/lass-stuff.socket + user = lass-stuff + group = nginx + pm = dynamic + pm.max_children = 5 + pm.start_servers = 1 + pm.min_spare_servers = 1 + pm.max_spare_servers = 1 + listen.owner = lass-stuff + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + security.limit_extensions = + ''; + users.groups.lasscert.members = [ "dovecot2" "ejabberd" @@ -53,6 +78,28 @@ in { (nameValuePair "/.well-known/acme-challenge" '' |