summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
Diffstat (limited to 'makefu')
-rw-r--r--makefu/1systems/filepimp.nix38
-rw-r--r--makefu/1systems/gum.nix8
-rw-r--r--makefu/1systems/pnp.nix6
-rw-r--r--makefu/1systems/pornocauster.nix22
-rw-r--r--makefu/1systems/repunit.nix17
-rw-r--r--makefu/1systems/tsp.nix11
-rw-r--r--makefu/1systems/wry.nix15
-rw-r--r--makefu/2configs/base-sources.nix21
-rw-r--r--makefu/2configs/default.nix (renamed from makefu/2configs/base.nix)33
-rw-r--r--makefu/2configs/fs/cac-boot-partition.nix2
-rw-r--r--makefu/2configs/fs/sda-crypto-root.nix4
-rw-r--r--makefu/2configs/fs/single-partition-ext4.nix10
-rw-r--r--makefu/2configs/fs/vm-single-partition.nix15
-rw-r--r--makefu/2configs/headless.nix4
-rw-r--r--makefu/2configs/hw/tp-x2x0.nix2
-rw-r--r--makefu/2configs/nginx/euer.blog.nix34
-rw-r--r--makefu/2configs/nginx/euer.wiki.nix13
-rw-r--r--makefu/2configs/unstable-sources.nix16
18 files changed, 148 insertions, 123 deletions
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
new file mode 100644
index 000000000..fb1a57552
--- /dev/null
+++ b/makefu/1systems/filepimp.nix
@@ -0,0 +1,38 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+ imports =
+ [ # Include the results of the hardware scan.
+ ../2configs/default.nix
+ ../2configs/fs/vm-single-partition.nix
+ ../2configs/fs/single-partition-ext4.nix
+ ../2configs/tinc-basic-retiolum.nix
+ ];
+ krebs.build.host = config.krebs.hosts.filepimp;
+
+ # AMD N54L
+ boot = {
+ loader.grub.device = "/dev/sda";
+
+ initrd.availableKernelModules = [
+ "usb_storage"
+ "ahci"
+ "xhci_hcd"
+ "ata_piix"
+ "uhci_hcd"
+ "ehci_pci"
+ ];
+
+ kernelModules = [ ];
+ extraModulePackages = [ ];
+ };
+
+ hardware.enableAllFirmware = true;
+ hardware.cpu.amd.updateMicrocode = true;
+
+ networking.firewall.allowPing = true;
+}
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index c4fa064b3..85cf4c533 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -7,8 +7,6 @@ let
in {
imports = [
# TODO: copy this config or move to krebs
- ../2configs/base.nix
- ../2configs/base-sources.nix
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
# ../2configs/iodined.nix
@@ -17,11 +15,7 @@ in {
../2configs/Reaktor/simpleExtend.nix
];
- krebs.build = {
- user = config.krebs.users.makefu;
- target = "root@gum.krebsco.de";
- host = config.krebs.hosts.gum;
- };
+ krebs.build.host = config.krebs.hosts.gum;
krebs.Reaktor.enable = true;
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index 9c7be3b79..161bfa3e9 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -8,12 +8,12 @@
imports =
[ # Include the results of the hardware scan.
# Base
- ../2configs/base.nix
- ../2configs/base-sources.nix
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
# HW/FS
+
+ # enables virtio kernel modules in initrd
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/fs/vm-single-partition.nix
@@ -43,8 +43,6 @@
};
krebs.build.host = config.krebs.hosts.pnp;
- krebs.build.user = config.krebs.users.makefu;
- krebs.build.target = "root@pnp";
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 97cf86a4e..8624cb2d1 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -6,12 +6,8 @@
{
imports =
[ # Include the results of the hardware scan.
- ../2configs/base.nix
../2configs/main-laptop.nix #< base-gui
- # configures sources
- ../2configs/base-sources.nix
-
# Krebs
../2configs/tinc-basic-retiolum.nix
#../2configs/disable_v6.nix
@@ -23,7 +19,8 @@
../2configs/exim-retiolum.nix
../2configs/mail-client.nix
#../2configs/virtualization.nix
- ../2configs/virtualization-virtualbox.nix
+ ../2configs/virtualization.nix
+ #../2configs/virtualization-virtualbox.nix
../2configs/wwan.nix
# services
@@ -34,16 +31,19 @@
../2configs/hw/tp-x220.nix
# mount points
../2configs/fs/sda-crypto-root-home.nix
+ # ../2configs/mediawiki.nix
+ #../2configs/wordpress.nix
];
- krebs.Reaktor.enable = true;
- krebs.Reaktor.debug = true;
- krebs.Reaktor.nickname = "makefu|r";
+ #krebs.Reaktor.enable = true;
+ #krebs.Reaktor.nickname = "makefu|r";
krebs.build.host = config.krebs.hosts.pornocauster;
- krebs.build.user = config.krebs.users.makefu;
- krebs.build.target = "root@pornocauster";
- environment.systemPackages = with pkgs;[ get ];
+ environment.systemPackages = with pkgs;[
+ get
+ virtmanager
+ gnome3.dconf
+ ];
services.logind.extraConfig = "HandleLidSwitch=ignore";
# configure pulseAudio to provide a HDMI sink as well
diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix
index d98ff17c1..a069cc36f 100644
--- a/makefu/1systems/repunit.nix
+++ b/makefu/1systems/repunit.nix
@@ -8,26 +8,9 @@
imports =
[ # Include the results of the hardware scan.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
- ../2configs/base.nix
../2configs/cgit-retiolum.nix
];
krebs.build.host = config.krebs.hosts.repunit;
- krebs.build.user = config.krebs.users.makefu;
- krebs.build.target = "root@repunit";
-
- krebs.build.deps = {
- nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- #url = https://github.com/makefu/nixpkgs;
- rev = "13576925552b1d0751498fdda22e91a055a1ff6c";
- };
- secrets = {
- url = "/home/makefu/secrets/${config.krebs.build.host.name}";
- };
- stockholm = {
- url = toString ../..;
- };
- };
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix
index 3c2bb2eda..990db65d2 100644
--- a/makefu/1systems/tsp.nix
+++ b/makefu/1systems/tsp.nix
@@ -6,7 +6,6 @@
{
imports =
[ # Include the results of the hardware scan.
- ../2configs/base.nix
../2configs/base-gui.nix
../2configs/tinc-basic-retiolum.nix
../2configs/fs/sda-crypto-root.nix
@@ -21,19 +20,9 @@
];
# not working in vm
krebs.build.host = config.krebs.hosts.tsp;
- krebs.build.user = config.krebs.users.makefu;
- krebs.build.target = "root@tsp";
-
networking.firewall.allowedTCPPorts = [
25
];
- krebs.build.deps = {
- nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- #url = https://github.com/makefu/nixpkgs;
- rev = "13576925552b1d0751498fdda22e91a055a1ff6c";
- };
- };
}
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index c90b84451..ba94972fb 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -8,8 +8,8 @@ let
in {
imports = [
# TODO: copy this config or move to krebs
- ../../tv/2configs/CAC-CentOS-7-64bit.nix
- ../2configs/base.nix
+ ../../tv/2configs/hw/CAC.nix
+ ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/unstable-sources.nix
../2configs/headless.nix
../2configs/tinc-basic-retiolum.nix
@@ -23,15 +23,13 @@ in {
# other nginx
../2configs/nginx/euer.wiki.nix
+ ../2configs/nginx/euer.blog.nix
+
# collectd
../2configs/collectd/collectd-base.nix
];
- krebs.build = {
- user = config.krebs.users.makefu;
- target = "root@wry";
- host = config.krebs.hosts.wry;
- };
+ krebs.build.host = config.krebs.hosts.wry;
krebs.Reaktor.enable = true;
@@ -59,6 +57,7 @@ in {
};
};
};
+
networking = {
firewall.allowPing = true;
firewall.allowedTCPPorts = [ 53 80 443 ];
@@ -71,5 +70,5 @@ in {
nameservers = [ "8.8.8.8" ];
};
-
+ environment.systemPackages = [ pkgs.translate-shell ];
}
diff --git a/makefu/2configs/base-sources.nix b/makefu/2configs/base-sources.nix
deleted file mode 100644
index 65c6e8e76..000000000
--- a/makefu/2configs/base-sources.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- system.stateVersion = "15.09";
- krebs.build.source = {
- git.nixpkgs = {
- #url = https://github.com/NixOS/nixpkgs;
- url = https://github.com/makefu/nixpkgs;
- rev = "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picked iodine
- };
-
- dir.secrets = {
- host = config.krebs.hosts.pornocauster;
- path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
- };
- dir.stockholm = {
- host = config.krebs.hosts.pornocauster;
- path = toString ../.. ;
- };
- };
-}
diff --git a/makefu/2configs/base.nix b/makefu/2configs/default.nix
index 4e38c27f8..3d9174788 100644
--- a/makefu/2configs/base.nix
+++ b/makefu/2configs/default.nix
@@ -2,6 +2,8 @@
with lib;
{
+ system.stateVersion = "15.09";
+
imports = [
{
users.extraUsers =
@@ -10,10 +12,36 @@ with lib;
}
./vim.nix
];
- krebs.enable = true;
- krebs.search-domain = "retiolum";
+ krebs = {
+ enable = true;
+ search-domain = "retiolum";
+ build = {
+ target = mkDefault "root@${config.krebs.build.host.name}";
+ user = config.krebs.users.makefu;
+ source = {
+ git.nixpkgs = {
+ #url = https://github.com/NixOS/nixpkgs;
+ url = mkDefault https://github.com/makefu/nixpkgs;
+ rev = mkDefault "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picking
+ target-path = "/var/src/nixpkgs";
+ };
+
+ dir.secrets = {
+ host = config.krebs.hosts.pornocauster;
+ path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
+ };
+
+ dir.stockholm = {
+ host = config.krebs.hosts.pornocauster;
+ path = "/home/makefu/stockholm" ;
+ target-path = "/var/src/stockholm";
+ };
+ };
+ };
+ };
+
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
@@ -56,7 +84,6 @@ with lib;
environment.systemPackages = with pkgs; [
jq
git
- vim
gnumake
rxvt_unicode.terminfo
htop
diff --git a/makefu/2configs/fs/cac-boot-partition.nix b/makefu/2configs/fs/cac-boot-partition.nix
index fdf4b89d8..cec004582 100644
--- a/makefu/2configs/fs/cac-boot-partition.nix
+++ b/makefu/2configs/fs/cac-boot-partition.nix
@@ -18,6 +18,4 @@ with lib;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
- hardware.cpu.amd.updateMicrocode = true;
-
}
diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix
index 54db87547..2bfe26960 100644
--- a/makefu/2configs/fs/sda-crypto-root.nix
+++ b/makefu/2configs/fs/sda-crypto-root.nix
@@ -6,8 +6,8 @@
with lib;
{
boot = {
- loader.grub.enable =true;
- loader.grub.version =2;
+ loader.grub.enable = true;
+ loader.grub.version = 2;
loader.grub.device = "/dev/sda";
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
diff --git a/makefu/2configs/fs/single-partition-ext4.nix b/makefu/2configs/fs/single-partition-ext4.nix
new file mode 100644
index 000000000..1970c949f
--- /dev/null
+++ b/makefu/2configs/fs/single-partition-ext4.nix
@@ -0,0 +1,10 @@
+{config, ...}:
+{
+ boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true;
+ boot.loader.grub.version = 2;
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-label/nixos";
+ fsType = "ext4";
+ };
+}
diff --git a/makefu/2configs/fs/vm-single-partition.nix b/makefu/2configs/fs/vm-single-partition.nix
index 78a5e7175..27e28cb68 100644
--- a/makefu/2configs/fs/vm-single-partition.nix
+++ b/makefu/2configs/fs/vm-single-partition.nix
@@ -3,18 +3,9 @@
# vda1 ext4 (label nixos) -> only root partition
with lib;
{
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
+ imports = [
+ ./single-partition-ext4.nix
+ ];
boot.loader.grub.device = "/dev/vda";
- fileSystems."/" = {
- device = "/dev/disk/by-label/nixos";
- fsType = "ext4";
- };
-
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
- hardware.cpu.amd.updateMicrocode = true;
-
-
}
diff --git a/makefu/2configs/headless.nix b/makefu/2configs/headless.nix
index 33847c5e1..772ca3771 100644
--- a/makefu/2configs/headless.nix
+++ b/makefu/2configs/headless.nix
@@ -1,4 +1,4 @@
-_:
+{lib,... }:
{
- sound.enable = false;
+ sound.enable = lib.mkForce false;
}
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index aa2fc2050..047895ce6 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -8,6 +8,8 @@ with lib;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
+ hardware.cpu.intel.updateMicrocode = true;
+
zramSwap.enable = true;
zramSwap.numDevices = 2;
diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix
index e97050ec4..c6724c617 100644
--- a/makefu/2configs/nginx/euer.blog.nix
+++ b/makefu/2configs/nginx/euer.blog.nix
@@ -5,14 +5,40 @@ let
sec = toString <secrets>;
ssl_cert = "${sec}/wildcard.krebsco.de.crt";
ssl_key = "${sec}/wildcard.krebsco.de.key";
- hostname = krebs.build.host.name;
+ hostname = config.krebs.build.host.name;
+ user = config.services.nginx.user;
+ group = config.services.nginx.group;
+ external-ip = head config.krebs.build.host.nets.internet.addrs4;
+ internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
+ base-dir = "/var/www/blog.euer";
in {
+ # Prepare Blog directory
+ systemd.services.prepare-euer-blog = {
+ wantedBy = [ "local-fs.target" ];
+ before = [ "nginx.service" ];
+ serviceConfig = {
+ # do nothing if the base dir already exists
+ ExecStart = pkgs.writeScript "prepare-euer-blog-service" ''
+ #!/bin/sh
+ if ! test -d "${base-dir}" ;then
+ mkdir -p "${base-dir}"
+ chown ${user}:${group} "${base-dir}"
+ chmod 700 "${base-dir}"
+ fi
+ '';
+ Type = "oneshot";
+ RemainAfterExit = "yes";
+ TimeoutSec = "0";
+ };
+ };
+
krebs.nginx = {
enable = mkDefault true;
servers = {
euer-blog = {
- listen = [ "80" "443 ssl" ];
- server-names = [ "euer.krebsco.de" "euer.blog.krebsco.de" "blog.${hostname}" ];
+ listen = [ "${external-ip}:80" "${external-ip}:443 ssl"
+ "${internal-ip}:80" "${internal-ip}:443 ssl" ];
+ server-names = [ "euer.krebsco.de" "blog.euer.krebsco.de" "blog.${hostname}" ];
extraConfig = ''
gzip on;
gzip_buffers 4 32k;
@@ -22,7 +48,7 @@ in {
default_type text/plain;
'';
locations = singleton (nameValuePair "/" ''
- root /var/www/euer.blog/;
+ root ${base-dir};
'');
};
};
diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix
index fbcfe2047..2b5fa6ead 100644
--- a/makefu/2configs/nginx/euer.wiki.nix
+++ b/makefu/2configs/nginx/euer.wiki.nix
@@ -51,18 +51,21 @@ in {
serviceConfig = {
ExecStart = pkgs.writeScript "prepare-tw-service" ''
#!/bin/sh
- mkdir -p "${wiki-dir}" "${backup-dir}"
+ if ! test -d "${base-dir}" ;then
+ mkdir -p "${wiki-dir}" "${backup-dir}"
- # write the base configuration
- cat > "${base-cfg}" <<EOF
+ # write the base configuration
+ cat > "${base-cfg}" <<EOF
[users]
$(cat "${tw-pass-file}")
[directories]
backupdir = ${backup-dir}
savedir = ${wiki-dir}
EOF
- chown -R ${user}:${group} "${base-dir}"
- chmod 700 -R "${base-dir}"
+
+ chown -R ${user}:${group} "${base-dir}"
+ chmod 700 -R "${base-dir}"
+ fi
'';
Type = "oneshot";
RemainAfterExit = "yes";
diff --git a/makefu/2configs/unstable-sources.nix b/makefu/2configs/unstable-sources.nix
index 7bd5f50cb..7a9a8a81c 100644
--- a/makefu/2configs/unstable-sources.nix
+++ b/makefu/2configs/unstable-sources.nix
@@ -1,20 +1,8 @@
-{ config, lib, pkgs, ... }:
+_:
{
- system.stateVersion = "15.09";
- krebs.build.source = {
- git.nixpkgs = {
+ krebs.build.source.git.nixpkgs = {
url = https://github.com/makefu/nixpkgs;
rev = "15b5bbfbd1c8a55e7d9e05dd9058dc102fac04fe"; # cherry-picked collectd
};
-
- dir.secrets = {
- host = config.krebs.hosts.pornocauster;
- path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
- };
- dir.stockholm = {
- host = config.krebs.hosts.pornocauster;
- path = toString ../.. ;
- };
- };
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-13 21:41:17 +0000