summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/lass/default.nix32
-rw-r--r--krebs/3modules/shared/default.nix32
-rw-r--r--krebs/5pkgs/Reaktor/default.nix4
-rw-r--r--krebs/5pkgs/go/default.nix (renamed from lass/5pkgs/go/default.nix)0
-rw-r--r--krebs/5pkgs/go/packages.nix (renamed from lass/5pkgs/go/packages.nix)0
-rw-r--r--lass/1systems/prism.nix1
-rw-r--r--lass/2configs/base.nix6
-rw-r--r--lass/2configs/bitlbee.nix16
-rw-r--r--lass/2configs/weechat.nix31
-rw-r--r--lass/5pkgs/bitlbee-dev.nix20
-rw-r--r--lass/5pkgs/bitlbee-steam.nix31
-rw-r--r--lass/5pkgs/bitlbee.nix71
-rw-r--r--lass/5pkgs/default.nix4
-rw-r--r--makefu/1systems/filepimp.nix2
-rw-r--r--makefu/1systems/gum.nix1
-rw-r--r--makefu/2configs/fs/simple-swap.nix11
-rw-r--r--makefu/2configs/main-laptop.nix2
-rw-r--r--makefu/2configs/virtualization-virtualbox.nix6
-rw-r--r--shared/1systems/test-arch.nix (renamed from lass/1systems/test-arch.nix)8
-rw-r--r--shared/1systems/test-centos6.nix (renamed from lass/1systems/test-centos6.nix)4
-rw-r--r--shared/1systems/test-centos7.nix (renamed from lass/1systems/test-centos7.nix)4
-rw-r--r--shared/1systems/wolf.nix71
-rw-r--r--shared/2configs/base.nix74
-rw-r--r--shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix47
-rw-r--r--shared/2configs/os-templates/CAC-CentOS-7-64bit.nix47
25 files changed, 260 insertions, 265 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 2ad4353bd..c99263fe8 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -2,35 +2,7 @@
with lib;
-let
- testHosts = lib.genAttrs [
- "test-arch"
- "test-centos6"
- "test-centos7"
- ] (name: {
- inherit name;
- cores = 1;
- nets = {
- retiolum = {
- addrs4 = ["10.243.111.111"];
- addrs6 = ["42:0:0:0:0:0:0:7357"];
- aliases = [
- "test.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAy41YKF/wpHLnN370MSdnAo63QUW30aw+6O79cnaJyxoL6ZQkk4Nd
- mrX2tBIfb2hhhgm4Jecy33WVymoEL7EiRZ6gshJaYwte51Jnrac6IFQyiRGMqHY5
- TG/6IzzTOkeQrT1fw3Yfh0NRfqLBZLr0nAFoqgzIVRxvy+QO1gCU2UDKkQ/y5df1
- K+YsMipxU08dsOkPkmLdC/+vDaZiEdYljIS3Omd+ED5JmLM3MSs/ZPQ8xjkjEAy8
- QqD9/67bDoeXyg1ZxED2n0+aRKtU/CK/66Li//yev6yv38OQSEM4t/V0dr9sjLcY
- VIdkxKf96F9r3vcDf/9xw2HrqVoy+D5XYQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- });
-in {
+{
hosts = addNames {
echelon = {
cores = 2;
@@ -241,7 +213,7 @@ in {
};
};
- } // testHosts;
+ };
users = addNames {
lass = {
pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix
index 24dd7b782..13aae886b 100644
--- a/krebs/3modules/shared/default.nix
+++ b/krebs/3modules/shared/default.nix
@@ -2,7 +2,35 @@
with lib;
-{
+let
+ testHosts = lib.genAttrs [
+ "test-arch"
+ "test-centos6"
+ "test-centos7"
+ ] (name: {
+ inherit name;
+ cores = 1;
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.111.111"];
+ addrs6 = ["42:0:0:0:0:0:0:7357"];
+ aliases = [
+ "test.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAy41YKF/wpHLnN370MSdnAo63QUW30aw+6O79cnaJyxoL6ZQkk4Nd
+ mrX2tBIfb2hhhgm4Jecy33WVymoEL7EiRZ6gshJaYwte51Jnrac6IFQyiRGMqHY5
+ TG/6IzzTOkeQrT1fw3Yfh0NRfqLBZLr0nAFoqgzIVRxvy+QO1gCU2UDKkQ/y5df1
+ K+YsMipxU08dsOkPkmLdC/+vDaZiEdYljIS3Omd+ED5JmLM3MSs/ZPQ8xjkjEAy8
+ QqD9/67bDoeXyg1ZxED2n0+aRKtU/CK/66Li//yev6yv38OQSEM4t/V0dr9sjLcY
+ VIdkxKf96F9r3vcDf/9xw2HrqVoy+D5XYQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ });
+in {
hosts = addNames {
wolf = {
#dc = "shack";
@@ -32,7 +60,7 @@ with lib;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR";
};
- };
+ } // testHosts;
users = addNames {
shared = {
mail = "spam@krebsco.de";
diff --git a/krebs/5pkgs/Reaktor/default.nix b/krebs/5pkgs/Reaktor/default.nix
index c38aa6423..c4a362757 100644
--- a/krebs/5pkgs/Reaktor/default.nix
+++ b/krebs/5pkgs/Reaktor/default.nix
@@ -2,14 +2,14 @@
python3Packages.buildPythonPackage rec {
name = "Reaktor-${version}";
- version = "0.5.0";
+ version = "0.5.1";
propagatedBuildInputs = with pkgs;[
python3Packages.docopt
python3Packages.requests2
];
src = fetchurl {
url = "https://pypi.python.org/packages/source/R/Reaktor/Reaktor-${version}.tar.gz";
- sha256 = "1npag52xmnyqv56z0anyf6xf00q0smfzsippal0xdbxrfj7s8qim";
+ sha256 = "0dn9r0cyxi1sji2pnybsrc4hhaaq7hmf235nlgkrxqlsdb7y6n6n";
};
meta = {
homepage = http://krebsco.de/;
diff --git a/lass/5pkgs/go/default.nix b/krebs/5pkgs/go/default.nix
index 9dd166adc..9dd166adc 100644
--- a/lass/5pkgs/go/default.nix
+++ b/krebs/5pkgs/go/default.nix
diff --git a/lass/5pkgs/go/packages.nix b/krebs/5pkgs/go/packages.nix
index 9acfd7658..9acfd7658 100644
--- a/lass/5pkgs/go/packages.nix
+++ b/krebs/5pkgs/go/packages.nix
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 85021887f..599f4704e 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -11,6 +11,7 @@ in {
../2configs/git.nix
../2configs/ts3.nix
../2configs/bitlbee.nix
+ ../2configs/weechat.nix
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 944db83e0..61023057b 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -48,7 +48,7 @@ with lib;
source = {
git.nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
- rev = "7ae05edcdd14f6ace83ead9bf0d114e97c89a83a";
+ rev = "8d1ce129361312334bf914ce0d27e463cb0bb21b";
};
dir.secrets = {
host = config.krebs.hosts.mors;
@@ -92,6 +92,10 @@ with lib;
most
rxvt_unicode.terminfo
+ #monitoring tools
+ htop
+ iotop
+
#network
iptables
diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix
index fa14c7fea..b23628dc5 100644
--- a/lass/2configs/bitlbee.nix
+++ b/lass/2configs/bitlbee.nix
@@ -1,16 +1,12 @@
{ config, pkgs, ... }:
-let
- lpkgs = import ../5pkgs { inherit pkgs; };
-in {
-
- imports = [
- ../3modules/bitlbee.nix
- ];
-
- lass.bitlbee = {
+{
+ services.bitlbee = {
enable = true;
- bitlbeePkg = lpkgs.bitlbee;
portNumber = 6666;
+ plugins = [
+ pkgs.bitlbee-facebook
+ pkgs.bitlbee-steam
+ ];
};
}
diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix
index cfcc1a2f6..18007ed61 100644
--- a/lass/2configs/weechat.nix
+++ b/lass/2configs/weechat.nix
@@ -1,22 +1,37 @@
{ config, lib, pkgs, ... }:
-with lib;
{
- imports = [
- ../3modules/per-user.nix
- ];
-
- lass.per-user.chat.packages = [
+ krebs.per-user.chat.packages = [
pkgs.weechat
pkgs.tmux
];
users.extraUsers.chat = {
home = "/home/chat";
+ uid = 986764891; # genid chat
useDefaultShell = true;
createHome = true;
- openssh.authorizedKeys.keys = map readFile [
- ../../krebs/Zpubkeys/lass.ssh.pub
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
];
};
+
+ #systemd.services.chat = {
+ # description = "chat environment setup";
+ # after = [ "network.target" ];
+ # wantedBy = [ "multi-user.target" ];
+
+ # path = with pkgs; [
+ # weechat
+ # tmux
+ # ];
+
+ # restartIfChanged = true;
+
+ # serviceConfig = {
+ # User = "chat";
+ # Restart = "always";
+ # ExecStart = "${pkgs.tmux}/bin/tmux new -s IM weechat";
+ # };
+ #};
}
diff --git a/lass/5pkgs/bitlbee-dev.nix b/lass/5pkgs/bitlbee-dev.nix
deleted file mode 100644
index dd129591e..000000000
--- a/lass/5pkgs/bitlbee-dev.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python }:
-
-stdenv.mkDerivation rec {
- name = "bitlbee-3.4.1";
-
- src = fetchurl {
- url = "mirror://bitlbee/src/${name}.tar.gz";
- sha256 = "1qf0ypa9ba5jvsnpg9slmaran16hcc5fnfzbb1sdch1hjhchn2jh";
- };
-
- buildInputs = [ gnutls glib pkgconfig libotr python ];
-
- buildPhase = "";
-
- installPhase = ''
- make install-dev
- '';
-
-}
-
diff --git a/lass/5pkgs/bitlbee-steam.nix b/lass/5pkgs/bitlbee-steam.nix
deleted file mode 100644
index d869eaac5..000000000
--- a/lass/5pkgs/bitlbee-steam.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ stdenv, fetchgit, autoconf, automake, bitlbee-dev, glib, libgcrypt, libtool, pkgconfig }:
-
-stdenv.mkDerivation rec {
- name = "bitlbee-steam-1.3.1";
-
- src = fetchgit {
- url = "https://github.com/jgeboski/bitlbee-steam";
- rev = "439d777c7e8d06712ffc15c3e51d61799f4c0d0c";
- sha256 = "493924da1083a3b23073c595a9e1989a7ae09a196524ad66ca99c4d8ccc20d2a";
- };
-
- buildInputs = [
- autoconf
- automake
- bitlbee-dev
- glib
- libgcrypt
- libtool
- pkgconfig
- ];
-
- configurePhase = ''
- ./autogen.sh
- '';
-
- installPhase = ''
- mkdir -p $out
- cp steam/.libs/steam.la $out/
- cp steam/.libs/steam.so $out/
- '';
-}
diff --git a/lass/5pkgs/bitlbee.nix b/lass/5pkgs/bitlbee.nix
deleted file mode 100644
index 2a5a8d86d..000000000
--- a/lass/5pkgs/bitlbee.nix
+++ /dev/null
@@ -1,71 +0,0 @@
-{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python
- , bitlbee-facebook ? null
- , bitlbee-steam ? null
-}:
-
-with stdenv.lib;
-stdenv.mkDerivation rec {
- name = "bitlbee-3.4.1";
-
- src = fetchurl {
- url = "mirror://bitlbee/src/${name}.tar.gz";
- sha256 = "1qf0ypa9ba5jvsnpg9slmaran16hcc5fnfzbb1sdch1hjhchn2jh";
- };
-
-
- buildInputs = [ gnutls glib pkgconfig libotr python ]
- ++ optional doCheck check;
-
- configureFlags = [
- "--gcov=1"
- "--otr=1"
- "--ssl=gnutls"
- ];
-
- postBuild = ''
- ${if (bitlbee-steam != null) then
- ''
- mkdir -p $out/lib/bitlbee/
- find ${bitlbee-steam}
- cp ${bitlbee-steam}/* $out/lib/bitlbee/
- ''
- else
- ""
- }
- '';
- #${concatMapStringsSep "\n" ([] ++
- # (if (bitlbee-facebook != null) then
- # "cp ${bitlbee-faceook}/* $out/"
- # else
- # ""
- # ) ++
- # (if (bitlbee-steam != null) then
- # "cp ${bitlbee-steam}/* $out/"
- # else
- # ""
- # )
- #)}
-
- doCheck = true;
-
- meta = {
- description = "IRC instant messaging gateway";
-
- longDescription = ''
- BitlBee brings IM (instant messaging) to IRC clients. It's a
- great solution for people who have an IRC client running all the
- time and don't want to run an additional MSN/AIM/whatever
- client.
-
- BitlBee currently supports the following IM networks/protocols:
- XMPP/Jabber (including Google Talk), MSN Messenger, Yahoo!
- Messenger, AIM and ICQ.
- '';
-
- homepage = http://www.bitlbee.org/;
- license = licenses.gpl2Plus;
-
- maintainers = with maintainers; [ wkennington pSub ];
- platforms = platforms.gnu; # arbitrary choice
- };
-}
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 844d68a45..2b9582912 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -5,15 +5,11 @@ let
in
rec {
- bitlbee-dev = callPackage ./bitlbee-dev.nix {};
- bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; };
- bitlbee = callPackage ./bitlbee.nix { inherit bitlbee-steam; };
firefoxPlugins = {
noscript = callPackage ./firefoxPlugins/noscript.nix {};
ublock = callPackage ./firefoxPlugins/ublock.nix {};
vimperator = callPackage ./firefoxPlugins/vimperator.nix {};
};
- go = callPackage ./go/default.nix {};
newsbot-js = callPackage ./newsbot-js/default.nix {};
xmonad-lass =
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
index fb1a57552..66ea2ce90 100644
--- a/makefu/1systems/filepimp.nix
+++ b/makefu/1systems/filepimp.nix
@@ -7,8 +7,6 @@
{
imports =
[ # Include the results of the hardware scan.
- ../2configs/default.nix
- ../2configs/fs/vm-single-partition.nix
../2configs/fs/single-partition-ext4.nix
../2configs/tinc-basic-retiolum.nix
];
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 63db7a71c..d8b7ed5f9 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -9,6 +9,7 @@ in {
# TODO: copy this config or move to krebs
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
+ ../2configs/fs/simple-swap.nix
../2configs/fs/single-partition-ext4.nix
# ../2configs/iodined.nix
diff --git a/makefu/2configs/fs/simple-swap.nix b/makefu/2configs/fs/simple-swap.nix
new file mode 100644
index 000000000..8c161b287
--- /dev/null
+++ b/makefu/2configs/fs/simple-swap.nix
@@ -0,0 +1,11 @@
+_:
+{
+ # do not swap that often
+ boot.kernel.sysctl = {
+ "vm.swappiness" = 25;
+ };
+
+ swapDevices = [
+ { device = "/dev/disk/by-label/swap"; }
+ ];
+}
diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix
index 294ee7510..dfc8c1c07 100644
--- a/makefu/2configs/main-laptop.nix
+++ b/makefu/2configs/main-laptop.nix
@@ -12,7 +12,7 @@ with lib;
firefox
chromium
keepassx
-
+ ntfs3g
virtmanager
at_spi2_core # dep for virtmanager?
];
diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix
index 610b63732..aaabcd50e 100644
--- a/makefu/2configs/virtualization-virtualbox.nix
+++ b/makefu/2configs/virtualization-virtualbox.nix
@@ -2,11 +2,11 @@
let
mainUser = config.krebs.build.user;
- version = "5.0.4";
- rev = "102546";
+ version = "5.0.6";
+ rev = "103037";
vboxguestpkg = pkgs.fetchurl {
url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
- sha256 = "1ykwpjvfgj11iwhx70bh2hbxhyy3hg6rnqzl4qac7xzg8xw8wqg4";
+ sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf";
};
in {
#inherit vboxguestpkg;
diff --git a/lass/1systems/test-arch.nix b/shared/1systems/test-arch.nix
index 0ab9da2f3..ece209490 100644
--- a/lass/1systems/test-arch.nix
+++ b/shared/1systems/test-arch.nix
@@ -1,10 +1,6 @@
-{ config, lib, pkgs, ... }:
+{ config, pkgs, ... }:
-let
- inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
- inherit (lib) head;
-
-in {
+{
imports = [
../2configs/base.nix
{
diff --git a/lass/1systems/test-centos6.nix b/shared/1systems/test-centos6.nix
index 7270c2262..a8b5f9b9c 100644
--- a/lass/1systems/test-centos6.nix
+++ b/shared/1systems/test-centos6.nix
@@ -1,10 +1,10 @@
{ config, lib, pkgs, ... }:
let
- inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
inherit (lib) head;
ip = "168.235.148.52";
+ gw = "168.235.148.1";
in {
imports = [
../2configs/base.nix
@@ -16,7 +16,7 @@ in {
prefixLength = 24;
}
];
- networking.defaultGateway = getDefaultGateway ip;
+ networking.defaultGateway = gw;
networking.nameservers = [
"8.8.8.8"
];
diff --git a/lass/1systems/test-centos7.nix b/shared/1systems/test-centos7.nix
index 91bd3e0fe..51e99600c 100644
--- a/lass/1systems/test-centos7.nix
+++ b/shared/1systems/test-centos7.nix
@@ -1,10 +1,10 @@
{ config, lib, pkgs, ... }:
let
- inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
inherit (lib) head;
ip = "168.235.145.85";
+ gw = "168.235.145.1";
in {
imports = [
../2configs/base.nix
@@ -16,7 +16,7 @@ in {
prefixLength = 24;
}
];
- networking.defaultGateway = getDefaultGateway ip;
+ networking.defaultGateway = gw;
networking.nameservers = [
"8.8.8.8"
];
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index 60d1e8ce8..4fe3388c8 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -1,9 +1,8 @@
{ config, lib, pkgs, ... }:
-with lib;
-
{
imports = [
+ ../2configs/base.nix
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/collectd-base.nix
];
@@ -13,34 +12,6 @@ with lib;
krebs.build.user = config.krebs.users.shared;
krebs.build.target = "wolf";
- krebs.enable = true;
- krebs.retiolum = {
- enable = true;
- connectTo = [
- # TODO remove connectTo cd, this was only used for bootstrapping
- "cd"
- "gum"
- "pigstarter"
- ];
- };
-
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
- };
- dir.secrets = {
- host = config.krebs.current.host;
- path = "${getEnv "HOME"}/secrets/krebs/wolf";
- };
- dir.stockholm = {
- host = config.krebs.current.host;
- path = "${getEnv "HOME"}/stockholm";
- };
- };
-
- networking.hostName = config.krebs.build.host.name;
-
boot.kernel.sysctl = {
# Enable IPv6 Privacy Extensions
"net.ipv6.conf.all.use_tempaddr" = 2;
@@ -63,45 +34,5 @@ with lib;
{ device = "/dev/disk/by-label/swap"; }
];
- nix.maxJobs = 1;
- nix.trustedBinaryCaches = [
- "https://cache.nixos.org"
- "http://cache.nixos.org"
- "http://hydra.nixos.org"
- ];
- nix.useChroot = true;
-
- nixpkgs.config.packageOverrides = pkgs: {
- nano = pkgs.vim;
- };
-
- environment.systemPackages = with pkgs; [
- git
- rxvt_unicode.terminfo
- ];
-
time.timeZone = "Europe/Berlin";
-
- programs.ssh.startAgent = false;
-
- services.openssh = {
- enable = true;
- hostKeys = [
- { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
- services.cron.enable = false;
- services.nscd.enable = false;
- services.ntp.enable = false;
-
- users.mutableUsers = false;
- users.extraUsers.root.openssh.authorizedKeys.keys = [
- # TODO
- config.krebs.users.lass.pubkey
- config.krebs.users.makefu.pubkey
- config.krebs.users.tv.pubkey
- ];
-
- # The NixOS release to be compatible with for stateful data such as databases.
- system.stateVersion = "15.09";
}
diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix
new file mode 100644
index 000000000..c9f4ffa8d
--- /dev/null
+++ b/shared/2configs/base.nix
@@ -0,0 +1,74 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+ krebs.enable = true;
+ krebs.retiolum = {
+ enable = true;
+ connectTo = [
+ # TODO remove connectTo cd, this was only used for bootstrapping
+ "cd"
+ "gum"
+ "pigstarter"
+ ];
+ };
+
+ krebs.build.source = {
+ git.nixpkgs = {
+ url = https://github.com/NixOS/nixpkgs;
+ rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
+ };
+ dir.secrets = {
+ host = config.krebs.current.host;
+ path = "${getEnv "HOME"}/secrets/krebs/wolf";
+ };
+ dir.stockholm = {
+ host = config.krebs.current.host;
+ path = "${getEnv "HOME"}/stockholm";
+ };
+ };
+
+ networking.hostName = config.krebs.build.host.name;
+
+ nix.maxJobs = 1;
+ nix.trustedBinaryCaches = [
+ "https://cache.nixos.org"
+ "http://cache.nixos.org"
+ "http://hydra.nixos.org"
+ ];
+ nix.useChroot = true;
+
+ nixpkgs.config.packageOverrides = pkgs: {
+ nano = pkgs.vim;
+ };
+
+ environment.systemPackages = with pkgs; [
+ git
+ rxvt_unicode.terminfo
+ ];
+
+ programs.ssh.startAgent = false;
+
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ };
+ services.cron.enable = false;
+ services.nscd.enable = false;
+ services.ntp.enable = false;
+
+ users.mutableUsers = false;
+ users.extraUsers.root.openssh.authorizedKeys.keys = [
+ # TODO
+ config.krebs.users.lass.pubkey
+ config.krebs.users.makefu.pubkey
+ config.krebs.users.tv.pubkey
+ ];
+
+
+ # The NixOS release to be compatible with for stateful data such as databases.
+ system.stateVersion = "15.09";
+
+}
diff --git a/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix b/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix
new file mode 100644
index 000000000..b5ec722a0
--- /dev/null
+++ b/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix
@@ -0,0 +1,47 @@
+_:
+
+{
+ boot.loader.grub = {
+ device = "/dev/sda";
+ splashImage = null;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "vmw_pvscsi"
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/VolGroup/lv_root";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/sda1";
+ fsType = "ext4";
+ };
+
+ swapDevices = [
+ { device = "/dev/VolGroup/lv_swap"; }
+ ];
+
+ users.extraGroups = {
+ # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
+ # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
+ # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
+ # Docs: man:tmpfiles.d(5)
+ # man:systemd-tmpfiles(8)
+ # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
+ # Main PID: 19272 (code=exited, status=1/FAILURE)
+ #
+ # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
+ # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
+ # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
+ # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
+ # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
+ # warning: error(s) occured while switching to the new configuration
+ lock.gid = 10001;
+ };
+}
diff --git a/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix b/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix
new file mode 100644
index 000000000..168d1d97b
--- /dev/null
+++ b/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix
@@ -0,0 +1,47 @@
+_:
+
+{
+ boot.loader.grub = {
+ device = "/dev/sda";
+ splashImage = null;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "vmw_pvscsi"
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/centos/root";
+ fsType = "xfs";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/sda1";
+ fsType = "xfs";
+ };
+
+ swapDevices = [
+ { device = "/dev/centos/swap"; }
+ ];
+
+ users.extraGroups = {
+ # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
+ # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
+ # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
+ # Docs: man:tmpfiles.d(5)
+ # man:systemd-tmpfiles(8)
+ # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
+ # Main PID: 19272 (code=exited, status=1/FAILURE)
+ #
+ # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
+ # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
+ # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directorie