summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/Reaktor.nix25
-rw-r--r--krebs/3modules/build/default.nix5
-rw-r--r--krebs/3modules/default.nix66
-rw-r--r--makefu/1systems/pnp.nix11
-rw-r--r--makefu/1systems/pornocauster.nix19
-rw-r--r--makefu/1systems/wry.nix34
-rw-r--r--makefu/2configs/base-sources.nix19
-rw-r--r--makefu/2configs/base.nix9
-rw-r--r--makefu/2configs/tor.nix7
-rw-r--r--makefu/2configs/virtualization-virtualbox.nix18
10 files changed, 165 insertions, 48 deletions
diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix
index fce24fa63..82089a660 100644
--- a/krebs/3modules/Reaktor.nix
+++ b/krebs/3modules/Reaktor.nix
@@ -2,7 +2,6 @@
let
- kpkgs = import ../5pkgs { inherit pkgs; inherit lib; };
inherit (lib)
mkIf
@@ -63,13 +62,20 @@ let
configuration appended to the default or overridden configuration
'';
};
-
- ReaktorPkg = mkOption {
- default = kpkgs.Reaktor;
+ extraEnviron = mkOption {
+ default = {};
+ type = types.attrsOf types.str;
description = ''
- the Reaktor pkg to use.
+ Environment to be provided to the service, can be:
+ REAKTOR_HOST
+ REAKTOR_PORT
+ REAKTOR_STATEDIR
+ REAKTOR_CHANNELS
+
+ debug and nickname can be set separately via the Reaktor api
'';
};
+
debug = mkOption {
default = false;
description = ''
@@ -80,7 +86,6 @@ let
imp = {
# for reaktor get-config
- environment.systemPackages = [ cfg.ReaktorPkg ];
users.extraUsers = singleton {
name = "Reaktor";
# uid = config.ids.uids.Reaktor;
@@ -98,7 +103,7 @@ let
systemd.services.Reaktor = {
path = with pkgs; [
utillinux #flock for tell_on-join
- # git # for nag
+ git # for nag
python # for caps
];
description = "Reaktor IRC Bot";
@@ -108,17 +113,17 @@ let
GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
REAKTOR_NICKNAME = cfg.nickname;
REAKTOR_DEBUG = (if cfg.debug then "True" else "False");
- };
+ } // cfg.extraEnviron;
serviceConfig= {
ExecStartPre = pkgs.writeScript "Reaktor-init" ''
#! /bin/sh
${if (isString cfg.overrideConfig) then
''cp ${ReaktorConfig} /tmp/config.py''
else
- ''(${cfg.ReaktorPkg}/bin/reaktor get-config;cat "${ReaktorConfig}" ) > /tmp/config.py''
+ ''(${pkgs.Reaktor}/bin/reaktor get-config;cat "${ReaktorConfig}" ) > /tmp/config.py''
}
'';
- ExecStart = "${cfg.ReaktorPkg}/bin/reaktor run /tmp/config.py";
+ ExecStart = "${pkgs.Reaktor}/bin/reaktor run /tmp/config.py";
PrivateTmp = "true";
User = "Reaktor";
Restart = "on-abort";
diff --git a/krebs/3modules/build/default.nix b/krebs/3modules/build/default.nix
index 23bd8c8fd..6097a7b5d 100644
--- a/krebs/3modules/build/default.nix
+++ b/krebs/3modules/build/default.nix
@@ -214,6 +214,11 @@ let
options = {
host = mkOption {
type = types.host;
+ description = ''
+ define the host where the directory is stored on.
+ XXX: currently it is just used to check if rsync is working,
+ becomes part of url
+ '';
};
path = mkOption {
type = types.str;
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 2b4a13c42..f0eb290ca 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -352,8 +352,8 @@ let
extraZones = {
"krebsco.de" = ''
- mediengewitter IN A ${elemAt nets.internet.addrs4 0}
- flap IN A ${elemAt nets.internet.addrs4 0}'';
+ mediengewitter IN A ${head nets.internet.addrs4}
+ flap IN A ${head nets.internet.addrs4}'';
};
nets = {
internet = {
@@ -390,14 +390,13 @@ let
IN MX 10 mx42
euer IN MX 1 aspmx.l.google.com.
io IN NS pigstarter.krebsco.de.
- euer IN A ${elemAt nets.internet.addrs4 0}
- pigstarter IN A ${elemAt nets.internet.addrs4 0}
- conf IN A ${elemAt nets.internet.addrs4 0}
- gold IN A ${elemAt nets.internet.addrs4 0}
- graph IN A ${elemAt nets.internet.addrs4 0}
- tinc IN A ${elemAt nets.internet.addrs4 0}
- boot IN A ${elemAt nets.internet.addrs4 0}
- mx42 IN A ${elemAt nets.internet.addrs4 0}'';
+ pigstarter IN A ${head nets.internet.addrs4}
+ conf IN A ${head nets.internet.addrs4}
+ gold IN A ${head nets.internet.addrs4}
+ graph IN A ${head nets.internet.addrs4}
+ tinc IN A ${head nets.internet.addrs4}
+ boot IN A ${head nets.internet.addrs4}
+ mx42 IN A ${head nets.internet.addrs4}'';
};
nets = {
internet = {
@@ -426,15 +425,56 @@ let
};
};
};
+ wry = rec {
+ cores = 1;
+ dc = "makefu"; #dc = "cac";
+ extraZones = {
+ "krebsco.de" = ''
+ wry IN A ${head nets.internet.addrs4}
+ '';
+ };
+ nets = rec {
+ internet = {
+ addrs4 = ["162.219.7.216"];
+ aliases = [
+ "wry.internet"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.29.169"];
+ addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"];
+ aliases = [
+ "wry.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
+ rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
+ e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
+ sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
+ CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
+ PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
+ LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
+ DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
+ ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
+ jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
+ Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
gum = rec {
cores = 1;
dc = "online.net"; #root-server
extraZones = {
"krebsco.de" = ''
- omo IN A ${elemAt nets.internet.addrs4 0}
- gum IN A ${elemAt nets.internet.addrs4 0}
- paste IN A ${elemAt nets.internet.addrs4 0}'';
+ omo IN A ${head nets.internet.addrs4}
+ euer IN A ${head nets.internet.addrs4}
+ gum IN A ${head nets.internet.addrs4}
+ paste IN A ${head nets.internet.addrs4}'';
};
nets = {
internet = {
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index 2dce87d5d..7698ea14d 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -9,6 +9,7 @@
[ # Include the results of the hardware scan.
# Base
../2configs/base.nix
+ ../2configs/base-sources.nix
../2configs/tinc-basic-retiolum.nix
# HW/FS
@@ -31,6 +32,10 @@
];
krebs.Reaktor.enable = true;
krebs.Reaktor.debug = true;
+ krebs.Reaktor.nickname = "Reaktor|bot";
+ krebs.Reaktor.extraEnviron = {
+ REAKTOR_CHANNELS = "#krebs,#binaergewitter";
+ };
krebs.build.host = config.krebs.hosts.pnp;
krebs.build.user = config.krebs.users.makefu;
@@ -38,12 +43,6 @@
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
- krebs.build.deps = {
- nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "03921972268934d900cc32dad253ff383926771c";
- };
- };
networking.firewall.allowedTCPPorts = [
# nginx runs on 80
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 4dcfe4eca..d43f89a03 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -9,6 +9,9 @@
../2configs/base.nix
../2configs/main-laptop.nix #< base-gui
+ # configures sources
+ ../2configs/base-sources.nix
+
# Krebs
../2configs/tinc-basic-retiolum.nix
#../2configs/disable_v6.nix
@@ -18,34 +21,30 @@
# applications
../2configs/exim-retiolum.nix
- ../2configs/virtualization.nix
+ #../2configs/virtualization.nix
+ ../2configs/virtualization-virtualbox.nix
../2configs/wwan.nix
# services
../2configs/git/brain-retiolum.nix
- # ../2configs/Reaktor/simpleExtend.nix
+ ../2configs/tor.nix
# hardware specifics are in here
../2configs/hw/tp-x220.nix
# mount points
../2configs/fs/sda-crypto-root-home.nix
];
+ krebs.Reaktor.enable = true;
+ krebs.Reaktor.debug = true;
+ krebs.Reaktor.nickname = "makefu|r";
krebs.build.host = config.krebs.hosts.pornocauster;
krebs.build.user = config.krebs.users.makefu;
krebs.build.target = "root@pornocauster";
- #krebs.Reaktor.nickname = "makefu|r";
networking.firewall.allowedTCPPorts = [
25
];
- krebs.build.deps = {
- nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- #url = https://github.com/makefu/nixpkgs;
- rev = "03921972268934d900cc32dad253ff383926771c";
- };
- };
}
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
new file mode 100644
index 000000000..29ad82d4c
--- /dev/null
+++ b/makefu/1systems/wry.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+let
+
+ ip = (lib.elemAt config.krebs.build.host.nets.internet.addrs4 0);
+in {
+ imports = [
+ ../../tv/2configs/CAC-CentOS-7-64bit.nix
+ ../2configs/base.nix
+ ../2configs/tinc-basic-retiolum.nix
+ {
+ }
+ ];
+ networking.firewall.allowPing = true;
+ networking.interfaces.enp2s1.ip4 = [
+ {
+ address = ip;
+ prefixLength = 24;
+ }
+ ];
+ networking.defaultGateway = "104.233.80.1";
+ networking.nameservers = [
+ "8.8.8.8"
+ ];
+
+ # based on ../../tv/2configs/CAC-Developer-2.nix
+ sound.enable = false;
+ krebs.build = {
+ user = config.krebs.users.makefu;
+ target = "root@${ip}";
+ host = config.krebs.hosts.wry;
+ };
+
+}
diff --git a/makefu/2configs/base-sources.nix b/makefu/2configs/base-sources.nix
new file mode 100644
index 000000000..a2715ba4c
--- /dev/null
+++ b/makefu/2configs/base-sources.nix
@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }:
+
+{
+ krebs.build.source = {
+ git.nixpkgs = {
+ url = https://github.com/NixOS/nixpkgs;
+ #url = https://github.com/makefu/nixpkgs;
+ rev = "68bd8e4a9dc247726ae89cc8739574261718e328";
+ };
+ dir.secrets = {
+ host = config.krebs.hosts.pornocauster;
+ path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
+ };
+ dir.stockholm = {
+ host = config.krebs.hosts.pornocauster;
+ path = toString ../.. ;
+ };
+ };
+}
diff --git a/makefu/2configs/base.nix b/makefu/2configs/base.nix
index a5c64f4f3..34b413024 100644
--- a/makefu/2configs/base.nix
+++ b/makefu/2configs/base.nix
@@ -37,15 +37,6 @@ with lib;
time.timeZone = "Europe/Berlin";
#nix.maxJobs = 1;
- krebs.build.deps = {
- secrets = {
- url = "/home/makefu/secrets/${config.krebs.build.host.name}";
- };
- stockholm = {
- url = toString ../..;
- };
- };
-
services.openssh.enable = true;
nix.useChroot = true;
diff --git a/makefu/2configs/tor.nix b/makefu/2configs/tor.nix
new file mode 100644
index 000000000..e466a1839
--- /dev/null
+++ b/makefu/2configs/tor.nix
@@ -0,0 +1,7 @@
+{ config, lib, pkgs, ... }:
+
+{
+ services.tor.enable = true;
+ services.tor.client.enable = true;
+ # also enables services.tor.client.privoxy
+}
diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix
new file mode 100644
index 000000000..610b63732
--- /dev/null
+++ b/makefu/2configs/virtualization-virtualbox.nix
@@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }:
+
+let
+ mainUser = config.krebs.build.user;
+ version = "5.0.4";
+ rev = "102546";
+ vboxguestpkg = pkgs.fetchurl {
+ url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
+ sha256 = "1ykwpjvfgj11iwhx70bh2hbxhyy3hg6rnqzl4qac7xzg8xw8wqg4";
+ };
+in {
+ #inherit vboxguestpkg;
+ virtualisation.virtualbox.host.enable = true;
+ nixpkgs.config.virtualbox.enableExtensionPack = true;
+
+ users.extraGroups.vboxusers.members = [ "${mainUser.name}" ];
+ environment.systemPackages = [ vboxguestpkg ];
+}