diff options
Diffstat (limited to 'lass')
32 files changed, 634 insertions, 274 deletions
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index a3cc9d7b3..5aa35f5a7 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -13,7 +13,6 @@ in { ../2configs/retiolum.nix ../2configs/git.nix ../2configs/realwallpaper.nix - ../2configs/realwallpaper-server.nix ../2configs/privoxy-retiolum.nix { networking.interfaces.enp2s1.ip4 = [ diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index 97734a7bd..8d944ed40 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -11,7 +11,7 @@ in { ../2configs/default.nix ../2configs/exim-retiolum.nix ../2configs/retiolum.nix - ../2configs/realwallpaper-server.nix + ../2configs/realwallpaper.nix ../2configs/privoxy-retiolum.nix ../2configs/git.nix #../2configs/redis.nix diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 10b00de47..51d2afe84 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -26,6 +26,9 @@ with builtins; enable = true; }; } + { + lass.power-action.battery = "BAT1"; + } ]; krebs.build.host = config.krebs.hosts.helios; diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 062e4c29d..d065d4dfa 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -3,6 +3,7 @@ { imports = [ ../. + ../2configs/hw/tp-x220.nix ../2configs/baseX.nix ../2configs/exim-retiolum.nix ../2configs/programs.nix @@ -14,14 +15,9 @@ ../2configs/elster.nix ../2configs/steam.nix ../2configs/wine.nix - #../2configs/texlive.nix - ../2configs/binary-caches.nix - #../2configs/ircd.nix ../2configs/chromium-patched.nix ../2configs/git.nix - #../2configs/wordpress.nix ../2configs/bitlbee.nix - #../2configs/firefoxPatched.nix ../2configs/skype.nix ../2configs/teamviewer.nix ../2configs/libvirt.nix @@ -29,7 +25,7 @@ ../2configs/c-base.nix ../2configs/mail.nix ../2configs/krebs-pass.nix - ../2configs/umts.nix + ../2configs/repo-sync.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ @@ -58,16 +54,19 @@ # }; #} { + lass.umts = { + enable = true; + modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09"; + initstrings = '' + Init1 = AT+CFUN=1 + Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + ''; + }; } ]; krebs.build.host = config.krebs.hosts.mors; - networking.wireless.enable = true; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - boot = { loader.grub.enable = true; loader.grub.version = 2; @@ -77,7 +76,6 @@ initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; }; fileSystems = { "/" = { @@ -168,22 +166,6 @@ echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control' ''; - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; - environment.systemPackages = with pkgs; [ acronym cac-api @@ -214,15 +196,11 @@ }; }; - services.mongodb = { - enable = true; + krebs.repo-sync.timerConfig = { + OnCalendar = "00:37"; }; - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; } - ]; - }; + services.mongodb = { + enable = true; }; } diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 9a9bd4730..1eb81cd0a 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -1,5 +1,7 @@ { config, lib, pkgs, ... }: +with config.krebs.lib; + let ip = config.krebs.build.host.nets.internet.ip4.addr; @@ -19,14 +21,27 @@ in { ../2configs/privoxy-retiolum.nix ../2configs/radio.nix ../2configs/buildbot-standalone.nix + ../2configs/repo-sync.nix + ../2configs/binary-cache/server.nix { imports = [ ../2configs/git.nix - ( manageCerts [ "cgit.lassul.us" ]) - ]; - krebs.nginx.servers.cgit.server-names = [ - "cgit.lassul.us" ]; + krebs.nginx.servers.cgit = { + server-names = [ + "cgit.lassul.us" + ]; + locations = [ + (nameValuePair "/.well-known/acme-challenge" '' + root /var/lib/acme/challenges/cgit.lassul.us/; + '') + ]; + ssl = { + enable = true; + certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem"; + certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem"; + }; + }; } { users.extraGroups = { @@ -66,8 +81,6 @@ in { } { - #boot.loader.gummiboot.enable = true; - #boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { devices = [ "/dev/sda" @@ -110,10 +123,6 @@ in { { sound.enable = false; } - #{ - # #workaround for server dying after 6-7h - # boot.kernelPackages = pkgs.linuxPackages_4_2; - #} { nixpkgs.config.allowUnfree = true; } @@ -202,7 +211,7 @@ in { } { imports = [ - ../2configs/realwallpaper-server.nix + ../2configs/realwallpaper.nix ]; krebs.nginx.servers."lassul.us".locations = [ (lib.nameValuePair "/wallpaper.png" '' @@ -210,30 +219,6 @@ in { '') ]; } - { - services.nix-serve = { - enable = true; - secretKeyFile = config.krebs.secret.files.nix-serve-key.path; - }; - systemd.services.nix-serve = { - requires = ["secret.service"]; - after = ["secret.service"]; - }; - krebs.secret.files.nix-serve-key = { - path = "/run/secret/nix-serve.key"; - owner.name = "nix-serve"; - source-path = toString <secrets> + "/nix-serve.key"; - }; - krebs.nginx = { - enable = true; - servers.nix-serve = { - server-names = [ "cache.prism.r" ]; - locations = lib.singleton (lib.nameValuePair "/" '' - proxy_pass http://localhost:${toString config.services.nix-serve.port}; - ''); - }; - }; - } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 073d86790..96d64bda3 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -4,6 +4,7 @@ with builtins; { imports = [ ../. + ../2configs/hw/tp-x220.nix ../2configs/baseX.nix ../2configs/git.nix ../2configs/exim-retiolum.nix @@ -20,34 +21,10 @@ with builtins; # }; # }; #} - { - #x220 config from mors - #TODO: make x220 config file (or look in other user dir) - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 0; - emulateWheel = true; - }; - - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; - } ]; krebs.build.host = config.krebs.hosts.shodan; - networking.wireless.enable = true; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - boot = { loader.grub.enable = true; loader.grub.version = 2; @@ -57,7 +34,6 @@ with builtins; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; }; fileSystems = { "/" = { diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index 92996c181..83553f5ca 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -16,6 +16,12 @@ with builtins; ../2configs/bitlbee.nix ../2configs/weechat.nix ../2configs/skype.nix + { + lass.umts = { + enable = true; + modem = "/dev/serial/by-id/usb-HUAWEI_Technologies_HUAWEI_Mobile-if00-port0"; + }; + } ]; krebs.build.host = config.krebs.hosts.uriel; @@ -33,8 +39,8 @@ with builtins; #loader.grub.version = 2; #loader.grub.device = "/dev/sda"; - loader.gummiboot.enable = true; - loader.gummiboot.timeout = 5; + loader.systemd-boot.enable = true; + loader.timeout = 5; initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix new file mode 100644 index 000000000..108ff7a1e --- /dev/null +++ b/lass/2configs/binary-cache/client.nix @@ -0,0 +1,9 @@ +{ config, ... }: + +{ + nix = { + binaryCaches = ["http://cache.prism.r"]; + binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; + }; +} + diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix new file mode 100644 index 000000000..22ec04307 --- /dev/null +++ b/lass/2configs/binary-cache/server.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ...}: + +{ + # generate private key with: + # nix-store --generate-binary-cache-key my-secret-key my-public-key + services.nix-serve = { + enable = true; + secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + }; + + systemd.services.nix-serve = { + requires = ["secret.service"]; + after = ["secret.service"]; + }; + krebs.secret.files.nix-serve-key = { + path = "/run/secret/nix-serve.key"; + owner.name = "nix-serve"; + source-path = toString <secrets> + "/nix-serve.key"; + }; + krebs.nginx = { + enable = true; + servers.nix-serve = { + server-names = [ "cache.prism.r" ]; + locations = lib.singleton (lib.nameValuePair "/" '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + ''); + }; + }; +} + diff --git a/lass/2configs/binary-caches.nix b/lass/2configs/binary-caches.nix deleted file mode 100644 index c2727520d..000000000 --- a/lass/2configs/binary-caches.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, ... }: - -{ - nix.sshServe.enable = true; - nix.sshServe.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBF9SBNKE3Pw/ALwTfzpzs+j6Rpaf0kUy6FiPMmgNNNt root@mors" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCZSq5oLrokkh3F+MOdK5/nzVIEDvqyvfzLMNWmzsYD root@uriel" - ]; - nix.binaryCaches = [ - #"scp://nix-ssh@mors" - #"scp://nix-ssh@uriel" - ]; -} diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 7d3c236a6..04bdcf9d8 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -37,13 +37,12 @@ in { name="fast-all-branches", builderNames=["fast-tests"])) ''; - build-all-scheduler = '' - # build all lass hosts + build-scheduler = '' + # build all hosts sched.append(schedulers.SingleBranchScheduler( - ## only master - change_filter=util.ChangeFilter(branch_re="master"), + change_filter=util.ChangeFilter(branch_re=".*"), treeStableTimer=10, - name="prism-master", + name="prism-all-branches", builderNames=["build-all"])) ''; }; @@ -52,11 +51,16 @@ in { grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') # TODO: get nixpkgs/stockholm paths from krebs - env = { + env_lass = { "LOGNAME": "lass", "NIX_REMOTE": "daemon", "dummy_secrets": "true", } + env_makefu = { + "LOGNAME": "makefu", + "NIX_REMOTE": "daemon", + "dummy_secrets": "true", + } # prepare nix-shell # the dependencies which are used by the test script @@ -76,9 +80,18 @@ in { build-all = '' f = util.BuildFactory() f.addStep(grab_repo) - #TODO: get hosts via krebs for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: - addShell(f,name="build-{}".format(i),env=env, + addShell(f,name="build-{}".format(i),env=env_lass, + command=nixshell + \ + ["make \ + test \ + ssh=${sshWrapper} \ + target=build@localhost:${config.users.users.build.home}/testbuild \ + method=build \ + system={}".format(i)]) + + for i in [ "pornocauster", "wry" ]: + addShell(f,name="build-{}".format(i),env=env_makefu, command=nixshell + \ ["make \ test \ @@ -92,16 +105,17 @@ in { factory=f)) ''; + fast-tests = '' f = util.BuildFactory() f.addStep(grab_repo) for i in [ "prism", "mors", "echelon" ]: - addShell(f,name="populate-{}".format(i),env=env, + addShell(f,name="populate-{}".format(i),env=env_lass, command=nixshell + \ ["{}( make system={} eval.config.krebs.build.populate \ | jq -er .)".format("!" if "failing" in i else "",i)]) - addShell(f,name="build-test-minimal",env=env, + addShell(f,name="build-test-minimal",env=env_lass, command=nixshell + \ ["nix-instantiate \ --show-trace --eval --strict --json \ diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 9e0e37e48..e3065ba84 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -8,6 +8,8 @@ with config.krebs.lib; ../2configs/mc.nix ../2configs/retiolum.nix ../2configs/nixpkgs.nix + ../2configs/binary-cache/client.nix + ../2configs/gc.nix ./backups.nix { users.extraUsers = @@ -41,12 +43,6 @@ with config.krebs.lib; }; }; } - { - nix = { - binaryCaches = ["http://cache.prism.r"]; - binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; - }; - } ]; networking.hostName = config.krebs.build.host.name; @@ -63,9 +59,7 @@ with config.krebs.lib; then toString <stockholm/lass/2configs/tests/dummy-secrets> else "/home/lass/secrets/${config.krebs.build.host.name}"; #secrets-common = "/home/lass/secrets/common"; - stockholm = if getEnv "dummy_secrets" == "true" - then "/var/lib/buildbot/slave/build-all/build" - else "/home/lass/stockholm"; + stockholm = getEnv "PWD"; } // optionalAttrs config.krebs.build.host.secure { #secrets-master = "/home/lass/secrets/master"; }); @@ -122,6 +116,7 @@ with config.krebs.lib; krebspaste pciutils psmisc + q rs tmux untilport diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix new file mode 100644 index 000000000..8762ad95e --- /dev/null +++ b/lass/2configs/gc.nix @@ -0,0 +1,8 @@ +{ config, ... }: + +with config.krebs.lib; +{ + nix.gc = { + automatic = ! elem config.krebs.build.host.name [ "prism" "mors" ]; + }; +} diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index c0affe981..9a1cab176 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -29,18 +29,10 @@ let rules = concatMap make-rules (attrValues repos); public-repos = mapAttrs make-public-repo { - painload = {}; stockholm = { cgit.desc = "take all the computers hostage, they'll love you!"; }; - wai-middleware-time = {}; - web-routes-wai-custom = {}; - go = {}; - newsbot-js = {}; kimsufi-check = {}; - realwallpaper = {}; - xmonad-stockholm = {}; - the_playlist = {}; } // mapAttrs make-public-repo-silent { the_playlist = {}; }; @@ -50,8 +42,6 @@ let brain = { collaborators = with config.krebs.users; [ tv makefu ]; }; - extraction_webinterface = {}; - politics-fetching = {}; } // import <secrets/repos.nix> { inherit config lib pkgs; } ); @@ -66,6 +56,7 @@ let channel = "#retiolum"; server = "cd.retiolum"; verbose = config.krebs.build.host.name == "prism"; + branches = [ "master" ]; }; }; }; @@ -84,12 +75,12 @@ let with git // config.krebs.users; repo: singleton { - user = [ lass lass-helios lass-uriel ]; + user = [ lass lass-uriel ]; repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ optional repo.public { - user = [ tv makefu miefda ]; + user = [ tv makefu ]; repo = [ repo ]; perm = fetch; } ++ diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix new file mode 100644 index 000000000..be1faccea --- /dev/null +++ b/lass/2configs/hw/tp-x220.nix @@ -0,0 +1,54 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +{ + networking.wireless.enable = lib.mkDefault true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + hardware.cpu.intel.updateMicrocode = true; + + zramSwap.enable = true; + zramSwap.numDevices = 2; + + hardware.trackpoint = { + enable = true; + sensitivity = 220; + speed = 0; + emulateWheel = true; + }; + + services.tlp.enable = true; + services.tlp.extraConfig = '' + # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery + #START_CHARGE_THRESH_BAT0=80 + STOP_CHARGE_THRESH_BAT0=95 + + CPU_SCALING_GOVERNOR_ON_AC=performance + CPU_SCALING_GOVERNOR_ON_BAT=ondemand + CPU_MIN_PERF_ON_AC=0 + CPU_MAX_PERF_ON_AC=100 + CPU_MIN_PERF_ON_BAT=0 + CPU_MAX_PERF_ON_BAT=30 + ''; + + boot = { + kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; + extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; + }; + + hardware.opengl.extraPackages = [ + pkgs.vaapiIntel + pkgs.vaapiVdpau + ]; + + services.xserver = { + videoDriver = "intel"; + deviceSection = '' + Option "AccelMethod" "sna" + ''; + }; + + security.rngd.enable = true; +} diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index c6d8a5f8c..0f940a369 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs = { url = https://github.com/lassulus/nixpkgs; - rev = "7d932301fe1d98a1ef1872a7124e8809279def74"; + rev = "446d4c1fc10f53cf97abea1996d067ad93de2ded"; }; } diff --git a/lass/2configs/realwallpaper-server.nix b/lass/2configs/realwallpaper-server.nix deleted file mode 100644 index 7340fc7ca..000000000 --- a/lass/2configs/realwallpaper-server.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, lib, ... }: - -let - hostname = config.krebs.build.host.name; - inherit (lib) - nameValuePair - ; - -in { - imports = [ - ./realwallpaper.nix - ]; - - krebs.nginx.servers.wallpaper = { - server-names = [ - hostname - ]; - locations = [ - (nameValuePair "/wallpaper.png" '' - root /tmp/; - '') - ]; - }; - - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - }; -} diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index c69cb1660..2ab52ed92 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -1,5 +1,30 @@ -{ config, ... }: +{ config, lib, ... }: -{ +let + hostname = config.krebs.build.host.name; + inherit (lib) + nameValuePair + ; + +in { krebs.realwallpaper.enable = true; + + krebs.nginx.servers.wallpaper = { + server-names = [ + hostname + ]; + locations = [ + (nameValuePair "/wallpaper.png" '' + root /tmp/; + '') + ]; + }; + + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + }; } diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix new file mode 100644 index 000000000..45a4e2afd --- /dev/null +++ b/lass/2configs/repo-sync.nix @@ -0,0 +1,106 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +let + mirror = "git@${config.networking.hostName}:"; + + defineRepo = name: announce: let + repo = { + public = true; + name = mkDefault "${name}"; + cgit.desc = mkDefault "mirror for ${name}"; + hooks = mkIf announce (mkDefault { + post-receive = pkgs.git-hooks.irc-announce { + nick = config.networking.hostName; + verbose = false; + channel = "#retiolum"; + server = "cd.retiolum"; + branches = [ "newest" ]; + }; + }); + }; + in { + rules = with git; singleton { + user = with config.krebs.users; [ + config.krebs.users."${config.networking.hostName}-repo-sync" + lass + lass-shodan + ]; + repo = [ repo ]; + perm = push ''refs/*'' [ non-fast-forward create delete merge ]; |