diff options
| -rw-r--r-- | krebs/2configs/ircd.nix | 4 | ||||
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/nin/default.nix | 8 | ||||
| -rw-r--r-- | krebs/3modules/tv/default.nix | 1 | ||||
| -rw-r--r-- | krebs/4lib/infest/prepare.sh | 87 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/internetarchive/default.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/bepasty.nix | 5 | ||||
| -rw-r--r-- | makefu/1systems/gum/config.nix | 2 | ||||
| -rw-r--r-- | makefu/2configs/bepasty-dual.nix | 5 | ||||
| -rw-r--r-- | makefu/2configs/collectd/collectd-base.nix | 4 | ||||
| -rw-r--r-- | makefu/2configs/deployment/photostore.krebsco.de.nix | 40 | ||||
| -rw-r--r-- | makefu/2configs/nginx/euer.wiki.nix | 2 | ||||
| -rw-r--r-- | makefu/5pkgs/cameraupload-server/default.nix | 23 | ||||
| -rw-r--r-- | mv/source.nix | 2 |
14 files changed, 147 insertions, 39 deletions
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index b534f9ad4..962dbf49c 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -12,10 +12,10 @@ ''; config = '' serverinfo { - name = "${config.krebs.build.host.name}.irc.retiolum"; + name = "${config.krebs.build.host.name}.irc.r"; sid = "1as"; description = "miep!"; - network_name = "irc.retiolum"; + network_name = "irc.r"; hub = yes; vhost = "0.0.0.0"; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 9f1842b88..56e5c6b82 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -541,6 +541,7 @@ with import <stockholm/lib>; graph IN A ${nets.internet.ip4.addr} ghook IN A ${nets.internet.ip4.addr} dockerhub IN A ${nets.internet.ip4.addr} + photostore IN A ${nets.internet.ip4.addr} io IN NS gum.krebsco.de. ''; }; diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix index 1a0999b8d..1531a2c89 100644 --- a/krebs/3modules/nin/default.nix +++ b/krebs/3modules/nin/default.nix @@ -14,7 +14,6 @@ with import <stockholm/lib>; ip4.addr = "10.243.132.96"; ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; aliases = [ - "hiawatha.retiolum" "hiawatha.r" ]; tinc.pubkey = '' @@ -39,7 +38,6 @@ with import <stockholm/lib>; ip4.addr = "10.243.134.66"; ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379"; aliases = [ - "axon.retiolum" "axon.r" ]; tinc.pubkey = '' @@ -80,10 +78,8 @@ with import <stockholm/lib>; ip4.addr = "10.243.132.55"; ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357"; aliases = [ - "onondaga.retiolum" "onondaga.r" "cgit.onondaga.r" - "cgit.onondaga.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -104,11 +100,11 @@ with import <stockholm/lib>; }; users = { nin = { - mail = "nin@axon.retiolum"; + mail = "nin@axon.r"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon"; }; nin_h = { - mail = "nin@hiawatha.retiolum"; + mail = "nin@hiawatha.r"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; }; }; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index ce01be5f3..cc09313f7 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -122,6 +122,7 @@ with import <stockholm/lib>; cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} krebsco.de. 60 IN MX 5 ni + krebsco.de. 60 IN TXT v=spf1 mx -all ''; }; nets = { diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index ccfc4f49b..78c1c6ec1 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -21,6 +21,10 @@ prepare() {( esac ;; debian) + if grep -Fq Hetzner /etc/motd; then + prepare_hetzner_rescue "$@" + exit + fi case $VERSION_ID in 7) prepare_debian "$@" @@ -72,7 +76,7 @@ prepare_debian() { type bzip2 2>/dev/null || apt-get install bzip2 type git 2>/dev/null || apt-get install git type rsync 2>/dev/null || apt-get install rsync - type curl 2>/dev/null || apt-get install curl + type curl 2>/dev/null || apt-get install curl prepare_common } @@ -90,10 +94,33 @@ prepare_nixos_iso() { mkdir -p bin rm -f bin/nixos-install - cp "$(type -p nixos-install)" bin/nixos-install + cp "$(_which nixos-install)" bin/nixos-install sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install } +prepare_hetzner_rescue() { + _which() ( + which "$1" + ) + mountpoint /mnt + + type bzip2 2>/dev/null || apt-get install bzip2 + type git 2>/dev/null || apt-get install git + type rsync 2>/dev/null || apt-get install rsync + type curl 2>/dev/null || apt-get install curl + + mkdir -p /mnt/"$target_path" + mkdir -p "$target_path" + + if ! mountpoint "$target_path"; then + mount --rbind /mnt/"$target_path" "$target_path" + fi + + _prepare_nix_users + _prepare_nix + _prepare_nixos_install +} + get_nixos_install() { echo "installing nixos-install" 2>&1 c=$(mktemp) @@ -107,24 +134,13 @@ EOF nix-env -i -A config.system.build.nixos-install -f "<nixpkgs/nixos>" rm -v $c } + prepare_common() {( + _which() ( + type -p "$1" + ) - if ! getent group nixbld >/dev/null; then - groupadd -g 30000 -r nixbld - fi - for i in `seq 1 10`; do - if ! getent passwd nixbld$i 2>/dev/null; then - useradd \ - -d /var/empty \ - -g 30000 \ - -G 30000 \ - -l \ - -M \ - -s /sbin/nologin \ - -u $(expr 30000 + $i) \ - nixbld$i - fi - done + _prepare_nix_users # # mount install directory @@ -173,10 +189,12 @@ prepare_common() {( mount --bind /nix /mnt/nix fi - # - # install nix - # + _prepare_nix + _prepare_nixos_install +)} + +_prepare_nix() { # install nix on host (cf. https://nixos.org/nix/install) if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then ( @@ -201,17 +219,40 @@ prepare_common() {( if ! mountpoint "$target_path"; then mount --rbind /mnt/"$target_path" "$target_path" fi +} +_prepare_nix_users() { + if ! getent group nixbld >/dev/null; then + groupadd -g 30000 -r nixbld + fi + for i in `seq 1 10`; do + if ! getent passwd nixbld$i 2>/dev/null; then + useradd \ + -d /var/empty \ + -g 30000 \ + -G 30000 \ + -l \ + -M \ + -s /sbin/nologin \ + -u $(expr 30000 + $i) \ + nixbld$i + fi + done +} + + +_prepare_nixos_install() { get_nixos_install + mkdir -p bin rm -f bin/nixos-install - cp "$(type -p nixos-install)" bin/nixos-install + cp "$(_which nixos-install)" bin/nixos-install sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install if ! grep -q '^PATH.*#krebs' .bashrc; then echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc echo 'PATH=$HOME/bin:$PATH #krebs' >> .bashrc fi -)} +} prepare "$@" diff --git a/krebs/5pkgs/simple/internetarchive/default.nix b/krebs/5pkgs/simple/internetarchive/default.nix index 2f55e6f42..3c83093be 100644 --- a/krebs/5pkgs/simple/internetarchive/default.nix +++ b/krebs/5pkgs/simple/internetarchive/default.nix @@ -1,4 +1,4 @@ -{ stdenv, pkgs, fetchPypi, ... }: +{ stdenv, pkgs, ... }: with pkgs.python3Packages; buildPythonPackage rec { pname = "internetarchive"; diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix index 43647892f..9bd416c05 100644 --- a/lass/2configs/bepasty.nix +++ b/lass/2configs/bepasty.nix @@ -23,7 +23,10 @@ in { servers = { "paste.r" = { nginx = { - serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; + serverAliases = [ + "paste.${config.krebs.build.host.name}" + "paste.r" + ]; }; defaultPermissions = "admin,list,create,read,delete"; secretKey = secKey; diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 6e5f3c2d4..f473d9e4c 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -67,7 +67,7 @@ in { <stockholm/makefu/2configs/nginx/public_html.nix> <stockholm/makefu/2configs/nginx/update.connector.one.nix> - <stockholm/makefu/2configs/deployment/mycube.connector.one.nix> + <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> <stockholm/makefu/2configs/deployment/graphs.nix> <stockholm/makefu/2configs/deployment/owncloud.nix> <stockholm/makefu/2configs/deployment/boot-euer.nix> diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix index 701bf5b1d..890652285 100644 --- a/makefu/2configs/bepasty-dual.nix +++ b/makefu/2configs/bepasty-dual.nix @@ -28,7 +28,10 @@ in { servers = { "paste.r" = { nginx = { - serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; + serverAliases = [ + "paste.${config.krebs.build.host.name}" + "paste.r" + ]; }; defaultPermissions = "admin,list,create,read,delete"; secretKeyFile = secKey; diff --git a/makefu/2configs/collectd/collectd-base.nix b/makefu/2configs/collectd/collectd-base.nix index 91e5216ad..9168d1fa9 100644 --- a/makefu/2configs/collectd/collectd-base.nix +++ b/makefu/2configs/collectd/collectd-base.nix @@ -10,7 +10,7 @@ let ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/" Import "collectd_connect_time" <Module collectd_connect_time> - target "wry.retiolum" "localhost" "google.com" + target "wry.r" "localhost" "google.com" interval 30 </Module> </Plugin> @@ -19,7 +19,7 @@ let LoadPlugin write_graphite <Plugin "write_graphite"> <Carbon> - Host "heidi.retiolum" + Host "heidi.r" Port "2003" Prefix "retiolum." EscapeCharacter "_" diff --git a/makefu/2configs/deployment/photostore.krebsco.de.nix b/makefu/2configs/deployment/photostore.krebsco.de.nix new file mode 100644 index 000000000..9e16a384a --- /dev/null +++ b/makefu/2configs/deployment/photostore.krebsco.de.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: +# more than just nginx config but not enough to become a module +with import <stockholm/lib>; +let + wsgi-sock = "${workdir}/uwsgi-photostore.sock"; + workdir = config.services.uwsgi.runDir; +in { + + services.uwsgi = { + enable = true; + user = "nginx"; + runDir = "/var/lib/photostore"; + plugins = [ "python3" ]; + instance = { + type = "emperor"; + vassals = { + cameraupload-server = { + type = "normal"; + pythonPackages = self: with self; [ pkgs.cameraupload-server ]; + socket = wsgi-sock; + }; + }; + }; + }; + + services.nginx = { + enable = mkDefault true; + virtualHosts."photostore.krebsco.de" = { + locations = { + "/".extraConfig = '' + uwsgi_pass unix://${wsgi-sock}; + uwsgi_param UWSGI_CHDIR ${workdir}; + uwsgi_param UWSGI_MODULE cuserver.main; + uwsgi_param UWSGI_CALLABLE app; + include ${pkgs.nginx}/conf/uwsgi_params; + ''; + }; + }; + }; +} diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index ef2c17c63..08bc5659f 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -76,7 +76,7 @@ in { virtualHosts = { "${ext-dom}" = { #serverAliases = [ - # "wiki.makefu.retiolum" + # "wiki.makefu.r" # "wiki.makefu" #]; forceSSL = true; diff --git a/makefu/5pkgs/cameraupload-server/default.nix b/makefu/5pkgs/cameraupload-server/default.nix new file mode 100644 index 000000000..e2e410958 --- /dev/null +++ b/makefu/5pkgs/cameraupload-server/default.nix @@ -0,0 +1,23 @@ +{ lib, pkgs, fetchFromGitHub, ... }: + +with pkgs.python3Packages;buildPythonPackage rec { + name = "cameraupload-server-${version}"; + version = "0.2.4"; + + propagatedBuildInputs = [ + flask + ]; + + src = fetchFromGitHub { + owner = "makefu"; + repo = "cameraupload-server"; + rev = "c98c8ec"; + sha256 = "0ssgvjm0z399l62wkgjk8c75mvhgn5z7g1dkb78r8vrih9428bb8"; + }; + + meta = { + homepage = https://github.com/makefu/cameraupload-server; + description = "server side for cameraupload_full"; + license = lib.licenses.asl20; + }; +} diff --git a/mv/source.nix b/mv/source.nix index 2fa53a13e..5f6b2fe36 100644 --- a/mv/source.nix +++ b/mv/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix"; nixpkgs.git = { # nixos-17.09 - ref = mkDefault "d0f0657ca06cc8cb239cb94f430b53bcdf755887"; + ref = mkDefault "0653b73bf61f3a23d28c38ab7e9c69a318d433de"; url = https://github.com/NixOS/nixpkgs; }; secrets.file = getAttr builder { |