summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/dishfire.nix43
-rw-r--r--lass/1systems/mors.nix1
-rw-r--r--lass/1systems/uriel.nix1
-rw-r--r--lass/2configs/base.nix9
-rw-r--r--lass/2configs/baseX.nix1
-rw-r--r--lass/2configs/bitcoin.nix7
-rw-r--r--lass/2configs/buildbot-standalone.nix78
-rw-r--r--lass/2configs/git.nix2
8 files changed, 139 insertions, 3 deletions
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
new file mode 100644
index 000000000..a1288d578
--- /dev/null
+++ b/lass/1systems/dishfire.nix
@@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+ ../2configs/base.nix
+ {
+ boot.loader.grub = {
+ device = "/dev/vda";
+ splashImage = null;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "ehci_pci"
+ "uhci_hcd"
+ "virtio_pci"
+ "virtio_blk"
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/mapper/pool-nix";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/vda1";
+ fsType = "ext4";
+ };
+ }
+ {
+ networking.dhcpcd.allowInterfaces = [
+ "enp*"
+ "eth*"
+ ];
+ }
+ {
+ sound.enable = false;
+ }
+ ];
+
+ krebs.build.host = config.krebs.hosts.dishfire;
+}
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 61f57f1f9..effaa576b 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -25,6 +25,7 @@
../2configs/teamviewer.nix
../2configs/libvirt.nix
../2configs/fetchWallpaper.nix
+ ../2configs/buildbot-standalone.nix
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 1b008cbfd..d53e783d0 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -13,6 +13,7 @@ with builtins;
../2configs/retiolum.nix
../2configs/bitlbee.nix
../2configs/weechat.nix
+ ../2configs/skype.nix
{
users.extraUsers = {
root = {
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 66e12b262..ab7cda7d3 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -50,7 +50,8 @@ with lib;
source = {
git.nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
- rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119";
+ rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
+ target-path = "/var/src/nixpkgs";
};
dir.secrets = {
host = config.krebs.hosts.mors;
@@ -176,4 +177,10 @@ with lib;
noipv4ll
'';
+ #CVE-2016-0777 and CVE-2016-0778 workaround
+ #https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
+ programs.ssh.extraConfig = ''
+ UseRoaming no
+ '';
+
}
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 0596682df..ede1c7b7b 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -31,6 +31,7 @@ in {
environment.systemPackages = with pkgs; [
+ dmenu
gitAndTools.qgit
mpv
much
diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix
index d3bccbf5c..2f4cd5710 100644
--- a/lass/2configs/bitcoin.nix
+++ b/lass/2configs/bitcoin.nix
@@ -1,6 +1,8 @@
{ config, pkgs, ... }:
-{
+let
+ mainUser = config.users.extraUsers.mainUser;
+in {
environment.systemPackages = with pkgs; [
electrum
];
@@ -14,4 +16,7 @@
createHome = true;
};
};
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL
+ '';
}
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
new file mode 100644
index 000000000..4d02fb97a
--- /dev/null
+++ b/lass/2configs/buildbot-standalone.nix
@@ -0,0 +1,78 @@
+{ lib, config, pkgs, ... }:
+{
+ #networking.firewall.allowedTCPPorts = [ 8010 9989 ];
+ krebs.buildbot.master = {
+ slaves = {
+ testslave = "lasspass";
+ };
+ change_source.stockholm = ''
+ stockholm_repo = 'http://cgit.mors/stockholm'
+ cs.append(changes.GitPoller(
+ stockholm_repo,
+ workdir='stockholm-poller', branch='master',
+ project='stockholm',
+ pollinterval=120))
+ '';
+ scheduler = {
+ force-scheduler = ''
+ sched.append(schedulers.ForceScheduler(
+ name="force",
+ builderNames=["fast-tests"]))
+ '';
+ fast-tests-scheduler = ''
+ # test the master real quick
+ sched.append(schedulers.SingleBranchScheduler(
+ change_filter=util.ChangeFilter(branch="master"),
+ name="fast-master-test",
+ builderNames=["fast-tests"]))
+ '';
+ };
+ builder_pre = ''
+ # prepare grab_repo step for stockholm
+ grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
+
+ env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"}
+
+ # prepare nix-shell
+ # the dependencies which are used by the test script
+ deps = [ "gnumake", "jq","nix","rsync" ]
+ # TODO: --pure , prepare ENV in nix-shell command:
+ # SSL_CERT_FILE,LOGNAME,NIX_REMOTE
+ nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ]
+
+ # prepare addShell function
+ def addShell(factory,**kwargs):
+ factory.addStep(steps.ShellCommand(**kwargs))
+ '';
+ builder = {
+ fast-tests = ''
+ f = util.BuildFactory()
+ f.addStep(grab_repo)
+ addShell(f,name="mors-eval",env=env,
+ command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"])
+
+ bu.append(util.BuilderConfig(name="fast-tests",
+ slavenames=slavenames,
+ factory=f))
+ '';
+ };
+ enable = true;
+ web.enable = true;
+ irc = {
+ enable = true;
+ nick = "lass-buildbot";
+ server = "cd.retiolum";
+ channels = [ "retiolum" ];
+ allowForce = true;
+ };
+ };
+
+ krebs.buildbot.slave = {
+ enable = true;
+ masterhost = "localhost";
+ username = "testslave";
+ password = "lasspass";
+ packages = with pkgs;[ git nix ];
+ extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
+ };
+}
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 16ecaefec..10e54074c 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -74,7 +74,7 @@ let
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
optional repo.public {
- user = [ tv makefu uriel ];
+ user = [ tv makefu miefda uriel ];
repo = [ repo ];
perm = fetch;
} ++