diff options
Diffstat (limited to 'krebs')
| -rw-r--r-- | krebs/1systems/hotdog/config.nix | 17 | ||||
| -rw-r--r-- | krebs/1systems/hotdog/source.nix | 3 | ||||
| -rw-r--r-- | krebs/1systems/puyak/config.nix | 6 | ||||
| -rw-r--r-- | krebs/1systems/wolf/config.nix | 2 | ||||
| -rw-r--r-- | krebs/2configs/hw/x220.nix | 29 | ||||
| -rw-r--r-- | krebs/2configs/stats/puyak-client.nix | 64 | ||||
| -rw-r--r-- | krebs/2configs/stats/wolf-client.nix (renamed from krebs/2configs/central-stats-client.nix) | 0 | ||||
| -rw-r--r-- | krebs/3modules/krebs/default.nix | 24 | ||||
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 15 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/repo-sync/default.nix | 12 |
10 files changed, 162 insertions, 10 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix new file mode 100644 index 000000000..18c8a86cd --- /dev/null +++ b/krebs/1systems/hotdog/config.nix @@ -0,0 +1,17 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/krebs> + <stockholm/krebs/2configs> + ]; + + krebs.build.host = config.krebs.hosts.hotdog; + + boot.isContainer = true; + networking.useDHCP = false; +} diff --git a/krebs/1systems/hotdog/source.nix b/krebs/1systems/hotdog/source.nix new file mode 100644 index 000000000..0fa61b20f --- /dev/null +++ b/krebs/1systems/hotdog/source.nix @@ -0,0 +1,3 @@ +import <stockholm/krebs/source.nix> { + name = "hotdog"; +} diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index bcf63dc4b..19ee2343d 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -5,9 +5,11 @@ <stockholm/krebs> <stockholm/krebs/2configs> <stockholm/krebs/2configs/secret-passwords.nix> + <stockholm/krebs/2configs/hw/x220.nix> <stockholm/krebs/2configs/repo-sync.nix> <stockholm/krebs/2configs/shared-buildbot.nix> + <stockholm/krebs/2configs/stats/puyak-client.nix> ]; krebs.build.host = config.krebs.hosts.puyak; @@ -47,10 +49,6 @@ }; }; - hardware.enableAllFirmware = true; - networking.wireless.enable = true; - nixpkgs.config.allowUnfree = true; - services.logind.extraConfig = '' HandleLidSwitch=ignore ''; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 32e7bd49d..0deb01f0a 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -8,7 +8,7 @@ in <stockholm/krebs/2configs> <nixpkgs/nixos/modules/profiles/qemu-guest.nix> <stockholm/krebs/2configs/collectd-base.nix> - <stockholm/krebs/2configs/central-stats-client.nix> + <stockholm/krebs/2configs/stats/wolf-client.nix> <stockholm/krebs/2configs/save-diskspace.nix> <stockholm/krebs/2configs/graphite.nix> diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix new file mode 100644 index 000000000..c85bac0d4 --- /dev/null +++ b/krebs/2configs/hw/x220.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +{ + networking.wireless.enable = lib.mkDefault true; + + hardware.enableRedistributableFirmware = true; + + hardware.cpu.intel.updateMicrocode = true; + + services.tlp.enable = true; + + boot = { + kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; + extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; + kernelParams = [ "acpi_backlight=none" ]; + }; + + hardware.opengl.extraPackages = [ + pkgs.vaapiIntel + pkgs.vaapiVdpau + ]; + + security.rngd.enable = true; + + services.xserver = { + videoDriver = "intel"; + }; +} diff --git a/krebs/2configs/stats/puyak-client.nix b/krebs/2configs/stats/puyak-client.nix new file mode 100644 index 000000000..6ff88e4bc --- /dev/null +++ b/krebs/2configs/stats/puyak-client.nix @@ -0,0 +1,64 @@ +{pkgs, config, ...}: +let + stats-server = "stats.makefu.r"; # TODO: central krebs logging server +in{ + services.collectd = { + enable = true; + autoLoadPlugin = true; + extraConfig = '' + Hostname ${config.krebs.build.host.name} + LoadPlugin load + LoadPlugin disk + LoadPlugin memory + LoadPlugin df + Interval 30.0 + + LoadPlugin thermal + + LoadPlugin interface + <Plugin "interface"> + Interface "*Link" + Interface "lo" + Interface "vboxnet*" + Interface "virbr*" + IgnoreSelected true + </Plugin> + + LoadPlugin df + <Plugin "df"> + MountPoint "/nix/store" + # MountPoint "/run*" + # MountPoint "/sys*" + # MountPoint "/dev" + # MountPoint "/dev/shm" + # MountPoint "/tmp" + FSType "tmpfs" + FSType "binfmt_misc" + FSType "debugfs" + FSType "mqueue" + FSType "hugetlbfs" + FSType "systemd-1" + FSType "cgroup" + FSType "securityfs" + FSType "ramfs" + FSType "proc" + FSType "devpts" + FSType "devtmpfs" + MountPoint "/var/lib/docker/devicemapper" + IgnoreSelected true + </Plugin> + + LoadPlugin cpu + <Plugin cpu> + ReportByCpu true + ReportByState true + ValuesPercentage true + </Plugin> + + LoadPlugin network + <Plugin "network"> + Server "${stats-server}" "25826" + </Plugin> + ''; + }; +} diff --git a/krebs/2configs/central-stats-client.nix b/krebs/2configs/stats/wolf-client.nix index 0412eba9a..0412eba9a 100644 --- a/krebs/2configs/central-stats-client.nix +++ b/krebs/2configs/stats/wolf-client.nix diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index f751b4f9f..07543489a 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -30,6 +30,30 @@ let }); in { hosts = { + hotdog = { + owner = config.krebs.users.krebs; + nets = { + retiolum = { + ip4.addr = "10.243.77.3"; + ip6.addr = "42:0:0:0:0:0:77:3"; + aliases = [ + "hotdog.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAs9+Au3oj29C5ol/YnkG9GjfCH5z53wxjH2iy8UPike8C7GASZKqc + bZBrvxkIOyVs5oVtolPcaI0/nvtpIhSlmM6hg9qe1rZO6jXt53GVNvgdcUIfVHbX + mQmp4oVXOjPIeDqLn32Mc0O73Kp6i66zQGAXi8ejczuO0h6oSvAnjolT4wM9jugk + JBGCDlpl9mxAGDN5VOqbg2i0FxwtUk2UA9XghEaRcfBkVdsOrtW8sCwOg8YttQt9 + fs7JjezUtw7JBxN754ynaahSRODcjyJhwjE18tKx6P7wsNbgbmULFQz+7IxZ01/P + h5ZUzfd1r1pTzQ0nYD5aRtlDd7zP7y5tUwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp"; + }; puyak = { owner = config.krebs.users.krebs; nets = { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index f80c397ee..21ea7e23c 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -6,6 +6,7 @@ with import <stockholm/lib>; hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { drop = rec { cores = 1; + managed = true; nets = { retiolum = { ip4.addr = "10.243.177.9"; @@ -28,6 +29,7 @@ with import <stockholm/lib>; }; studio = rec { cores = 4; + managed = true; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio"; nets = { @@ -53,6 +55,7 @@ with import <stockholm/lib>; fileleech = rec { cores = 4; + managed = true; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech"; nets = { @@ -78,6 +81,7 @@ with import <stockholm/lib>; pnp = { cores = 1; + managed = true; nets = { retiolum = { ip4.addr = "10.243.0.210"; @@ -101,6 +105,7 @@ with import <stockholm/lib>; }; darth = { cores = 4; + managed = true; nets = { retiolum = { ip4.addr = "10.243.0.84"; @@ -171,6 +176,7 @@ with import <stockholm/lib>; }; }; tsp = { + managed = true; cores = 1; nets = { retiolum = { @@ -198,6 +204,7 @@ with import <stockholm/lib>; }; }; x = { + managed = true; cores = 4; nets = { retiolum = { @@ -243,6 +250,7 @@ with import <stockholm/lib>; vbob = { cores = 2; + managed = true; nets = { retiolum = { ip4.addr = "10.243.1.91"; @@ -305,6 +313,7 @@ with import <stockholm/lib>; }; wry = rec { cores = 1; + managed = true; extraZones = { "krebsco.de" = '' wry IN A ${nets.internet.ip4.addr} @@ -349,6 +358,7 @@ with import <stockholm/lib>; }; filepimp = rec { cores = 1; + managed = true; nets = { lan = { ip4.addr = "192.168.1.12"; @@ -378,6 +388,7 @@ with import <stockholm/lib>; omo = rec { cores = 2; + managed = true; nets = { lan = { @@ -411,6 +422,7 @@ with import <stockholm/lib>; }; wbob = rec { cores = 4; + managed = true; nets = { siem = { ip4.addr = "10.8.10.7"; @@ -452,6 +464,7 @@ with import <stockholm/lib>; gum = rec { cores = 2; + managed = true; extraZones = { "krebsco.de" = '' @@ -514,6 +527,7 @@ with import <stockholm/lib>; }; shoney = rec { cores = 1; + managed = true; nets = rec { siem = { via = internet; @@ -562,6 +576,7 @@ with import <stockholm/lib>; }; sdev = rec { cores = 1; + managed = true; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev"; nets = { diff --git a/krebs/5pkgs/simple/repo-sync/default.nix b/krebs/5pkgs/simple/repo-sync/default.nix index 7cba87b09..20326901d 100644 --- a/krebs/5pkgs/simple/repo-sync/default.nix +++ b/krebs/5pkgs/simple/repo-sync/default.nix @@ -1,17 +1,19 @@ -{ lib, pkgs, python3Packages, fetchurl, ... }: +{ lib, pkgs, python3Packages, fetchFromGitHub, ... }: with python3Packages; buildPythonPackage rec { name = "repo-sync-${version}"; - version = "0.2.6"; + version = "0.2.7"; disabled = isPy26 || isPy27; propagatedBuildInputs = [ docopt GitPython pkgs.git ]; - src = fetchurl { - url = "https://pypi.python.org/packages/source/r/repo-sync/repo-sync-${version}.tar.gz"; - sha256 = "1hqa9qw9qg7mxgniqzys9szycs05llg4yik8a9wz94a437zzarsk"; + src = fetchFromGitHub { + owner = "krebscode"; + repo = "repo-sync"; + rev = version; + sha256 = "1qjf1jmxf7xzwskybdys4vqncnwj9f3xwk1gv354zrla68s533cw"; }; meta = { homepage = http://github.com/makefu/repo-sync; |