diff options
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 2 | ||||
| -rw-r--r-- | makefu/1systems/darth.nix | 30 | ||||
| -rw-r--r-- | makefu/1systems/shoney.nix | 24 | ||||
| -rw-r--r-- | makefu/1systems/wry.nix | 4 | ||||
| -rw-r--r-- | makefu/2configs/fs/CAC-CentOS-7-64bit.nix | 20 | ||||
| -rw-r--r-- | makefu/2configs/hw/CAC.nix | 13 | ||||
| -rw-r--r-- | shared/1systems/wolf.nix | 4 | ||||
| -rw-r--r-- | shared/2configs/shared-buildbot.nix | 4 |
8 files changed, 80 insertions, 21 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 1b4096d09..14cee8e12 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -344,7 +344,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { internet = { - ip4.addr = "64.137.235.70"; + ip4.addr = "64.137.234.215"; aliases = [ "shoney.i" ]; diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index 2f2358ddc..08ac7e66e 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -17,19 +17,37 @@ in { ../2configs/exim-retiolum.nix ../2configs/virtualization.nix ]; - - networking.firewall.allowedUDPPorts = [ 80 655 67 ]; - networking.firewall.allowedTCPPorts = [ 80 655 ]; - networking.firewall.checkReversePath = false; + services.tinc.networks.siem = { + name = "sdarth"; + extraConfig = "ConnectTo = sjump"; + }; #networking.firewall.enable = false; - # virtualisation.nova.enableSingleNode = true; krebs.retiolum.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; - networking.wireless.enable = true; + networking = { + wireless.enable = true; + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedUDPPorts = [ 80 655 67 ]; + allowedTCPPorts = [ 80 655 ]; + }; + nat = { + enable = true; + internalIPs = [ "10.8.10.0/24" ]; + #internalInterfaces = [ "tinc.siem" ]; + externalIP = "10.8.8.2"; + externalInterface = "virbr3"; + }; + interfaces.virbr3.ip4 = [{ + address = "10.8.8.2"; + prefixLength = 24; + }]; + }; # TODO smartd omo darth gum all-in-one services.smartd.devices = builtins.map (x: { device = x; }) allDisks; diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index ebe5222c3..48679fe58 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -1,15 +1,20 @@ { config, pkgs, ... }: let - ip = "64.137.235.70"; - gw = "64.137.235.1"; + ip = "64.137.234.215"; + alt-ip = "64.137.234.210"; + extra-ip = "64.137.234.114"; #currently unused + gw = "64.137.234.1"; in { imports = [ ../. - ../../tv/2configs/hw/CAC.nix - ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix + ../2configs/hw/CAC.nix + ../2configs/fs/CAC-CentOS-7-64bit.nix ]; + + services.tinc.networks.siem.name = "sjump"; + # minimal resources services.nixosManual.enable = false; programs.man.enable = false; @@ -21,10 +26,13 @@ in { retiolum.enable = true; build.host = config.krebs.hosts.shoney; }; - networking.interfaces.enp2s1.ip4 = [ { - address = ip; - prefixLength = 24; - } ]; + networking.interfaces.enp2s1.ip4 = [ + { address = ip; prefixLength = 24; } + { address = alt-ip; prefixLength = 24; } + ]; + networking.defaultGateway = gw; networking.nameservers = [ "8.8.8.8" ]; + networking.firewall.allowedUDPPorts = [ 655 1655 ]; + networking.firewall.allowedTCPPorts = [ 655 1655 ]; } diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index d9f8ded83..ed48c6abe 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -9,8 +9,8 @@ in { imports = [ ../. # TODO: copy this config or move to krebs - ../../tv/2configs/hw/CAC.nix - ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix + ../2configs/hw/CAC.nix + ../2configs/fs/CAC-CentOS-7-64bit.nix ../2configs/headless.nix ../2configs/bepasty-dual.nix diff --git a/makefu/2configs/fs/CAC-CentOS-7-64bit.nix b/makefu/2configs/fs/CAC-CentOS-7-64bit.nix new file mode 100644 index 000000000..c9eb97f44 --- /dev/null +++ b/makefu/2configs/fs/CAC-CentOS-7-64bit.nix @@ -0,0 +1,20 @@ +_: + +{ + boot.loader.grub = { + device = "/dev/sda"; + }; + fileSystems = { + "/" = { + device = "/dev/centos/root"; + fsType = "xfs"; + }; + "/boot" = { + device = "/dev/sda1"; + fsType = "xfs"; + }; + }; + swapDevices = [ + { device = "/dev/centos/swap"; } + ]; +} diff --git a/makefu/2configs/hw/CAC.nix b/makefu/2configs/hw/CAC.nix new file mode 100644 index 000000000..9ed18344a --- /dev/null +++ b/makefu/2configs/hw/CAC.nix @@ -0,0 +1,13 @@ +_: +{ + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + boot.loader.grub.splashImage = null; + nix = { + daemonIONiceLevel = 1; + daemonNiceLevel = 1; + }; + sound.enable = false; +} diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 53334d6f1..180510066 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -22,7 +22,7 @@ in # local discovery in shackspace nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; - + krebs.retiolum.extraConfig = "TCPOnly = yes"; services.grafana = { enable = true; addr = "0.0.0.0"; @@ -37,7 +37,7 @@ in networking = { firewall.enable = false; - interfaces.eth0.ip4 = [{ + interfaces.enp0s3.ip4 = [{ address = shack-ip; prefixLength = 20; }]; diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix index 5f3b35304..6c40d9966 100644 --- a/shared/2configs/shared-buildbot.nix +++ b/shared/2configs/shared-buildbot.nix @@ -26,7 +26,7 @@ stockholm_repo, workdir='stockholm-poller', branches=True, project='stockholm', - pollinterval=120)) + pollinterval=60)) ''; scheduler = { force-scheduler = '' @@ -43,7 +43,7 @@ sched.append(schedulers.SingleBranchScheduler( ## all branches change_filter=util.ChangeFilter(branch_re=".*"), - # treeStableTimer=10, + treeStableTimer=10, name="fast-all-branches", builderNames=["fast-tests"])) ''; |