summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/shared/default.nix42
-rw-r--r--krebs/Zhosts/wolf10
-rw-r--r--shared/1systems/wolf.nix108
-rw-r--r--shared/3modules/default.nix5
-rw-r--r--shared/5pkgs/default.nix5
6 files changed, 171 insertions, 0 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index e244ef7b7..dd2f9e762 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -76,6 +76,7 @@ let
imp = mkMerge [
{ krebs = import ./lass { inherit lib; }; }
{ krebs = import ./makefu { inherit lib; }; }
+ { krebs = import ./shared { inherit lib; }; }
{ krebs = import ./tv { inherit lib; }; }
{
krebs.dns.providers = {
diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix
new file mode 100644
index 000000000..24dd7b782
--- /dev/null
+++ b/krebs/3modules/shared/default.nix
@@ -0,0 +1,42 @@
+{ lib, ... }:
+
+with lib;
+
+{
+ hosts = addNames {
+ wolf = {
+ #dc = "shack";
+ nets = {
+ #shack = {
+ # addrs4 = [ TODO ];
+ # aliases = ["wolf.shack"];
+ #};
+ retiolum = {
+ addrs4 = ["10.243.77.1"];
+ addrs6 = ["42:0:0:0:0:0:77:1"];
+ aliases = [
+ "wolf.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAzpXyEATt8+ElxPq650/fkboEC9RvTWqN6UIAl/R4Zu+uDhAZ2ekb
+ HBjoSbRxu/0w2I37nwWUhEOemxGm4PXCgWrtO0jeRF4nVNYu3ZBppA3vuVALUWq7
+ apxRUEL9FdsWQlXGo4PVd20dGaDTi8M/Ggo755MStVTY0rRLluxyPq6VAa015sNg
+ 4NOFuWm0NDn4e+qrahTCTiSjbCU8rWixm0GktV40kdg0QAiFbEcRhuXF1s9/yojk
+ 7JT/nFg6LELjWUSSNZnioj5oSfVbThDRelIld9VaAKBAZZ5/zy6T2XSeDfoepytH
+ 8aw6itEuTCy1M1DTiTG+12SPPw+ubG+NqQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR";
+ };
+ };
+ users = addNames {
+ shared = {
+ mail = "spam@krebsco.de";
+ pubkey = "lol"; # TODO krebs.users.shared.pubkey should be unnecessary
+ };
+ };
+}
diff --git a/krebs/Zhosts/wolf b/krebs/Zhosts/wolf
new file mode 100644
index 000000000..ded8275bd
--- /dev/null
+++ b/krebs/Zhosts/wolf
@@ -0,0 +1,10 @@
+Subnet = 10.243.77.1/32
+Subnet = 42:0:0:0:0:0:77:1/128
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAzpXyEATt8+ElxPq650/fkboEC9RvTWqN6UIAl/R4Zu+uDhAZ2ekb
+HBjoSbRxu/0w2I37nwWUhEOemxGm4PXCgWrtO0jeRF4nVNYu3ZBppA3vuVALUWq7
+apxRUEL9FdsWQlXGo4PVd20dGaDTi8M/Ggo755MStVTY0rRLluxyPq6VAa015sNg
+4NOFuWm0NDn4e+qrahTCTiSjbCU8rWixm0GktV40kdg0QAiFbEcRhuXF1s9/yojk
+7JT/nFg6LELjWUSSNZnioj5oSfVbThDRelIld9VaAKBAZZ5/zy6T2XSeDfoepytH
+8aw6itEuTCy1M1DTiTG+12SPPw+ubG+NqQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
new file mode 100644
index 000000000..d4ed40956
--- /dev/null
+++ b/shared/1systems/wolf.nix
@@ -0,0 +1,108 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+ imports = [
+ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.wolf;
+ # TODO rename shared user to "krebs"
+ krebs.build.user = config.krebs.users.shared;
+ krebs.build.target = "wolf";
+
+ krebs.enable = true;
+ krebs.retiolum = {
+ enable = true;
+ connectTo = [
+ # TODO remove connectTo cd, this was only used for bootstrapping
+ "cd"
+ "gum"
+ "pigstarter"
+ ];
+ };
+
+ krebs.build.source = {
+ git.nixpkgs = {
+ url = https://github.com/NixOS/nixpkgs;
+ rev = "e916273209560b302ab231606babf5ce1c481f08";
+ };
+ dir.secrets = {
+ # TODO use current-host-name to determine secrets host
+ host = config.krebs.hosts.wu;
+ path = "${getEnv "HOME"}/secrets/krebs/wolf";
+ };
+ dir.stockholm = {
+ # TODO use current-host-name to determine stockholm host
+ host = config.krebs.hosts.wu;
+ path = "${getEnv "HOME"}/stockholm";
+ };
+ };
+
+ networking.hostName = config.krebs.build.host.name;
+
+ boot.kernel.sysctl = {
+ # Enable IPv6 Privacy Extensions
+ "net.ipv6.conf.all.use_tempaddr" = 2;
+ "net.ipv6.conf.default.use_tempaddr" = 2;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk"
+ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.device = "/dev/vda";
+
+ fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; };
+
+ swapDevices = [
+ { device = "/dev/disk/by-label/swap"; }
+ ];
+
+ nix.maxJobs = 1;
+ nix.trustedBinaryCaches = [
+ "https://cache.nixos.org"
+ "http://cache.nixos.org"
+ "http://hydra.nixos.org"
+ ];
+ nix.useChroot = true;
+
+ nixpkgs.config.packageOverrides = pkgs: {
+ nano = pkgs.vim;
+ };
+
+ environment.systemPackages = with pkgs; [
+ git
+ rxvt_unicode.terminfo
+ ];
+
+ time.timeZone = "Europe/Berlin";
+
+ programs.ssh.startAgent = false;
+
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ };
+ services.cron.enable = false;
+ services.nscd.enable = false;
+ services.ntp.enable = false;
+
+ users.mutableUsers = false;
+ users.extraUsers.root.openssh.authorizedKeys.keys = [
+ # TODO
+ config.krebs.users.lass.pubkey
+ config.krebs.users.makefu.pubkey
+ config.krebs.users.tv.pubkey
+ ];
+
+ # The NixOS release to be compatible with for stateful data such as databases.
+ system.stateVersion = "15.09";
+}
diff --git a/shared/3modules/default.nix b/shared/3modules/default.nix
new file mode 100644
index 000000000..7fbdb77f4
--- /dev/null
+++ b/shared/3modules/default.nix
@@ -0,0 +1,5 @@
+# TODO don't require 3modules
+_:
+
+{
+}
diff --git a/shared/5pkgs/default.nix b/shared/5pkgs/default.nix
new file mode 100644
index 000000000..fdcfbb209
--- /dev/null
+++ b/shared/5pkgs/default.nix
@@ -0,0 +1,5 @@
+# TODO don't require 5pkgs
+_:
+
+{
+}