From 9abd00f6af48676f08b6afdddd03d12410a1d1cd Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 29 Dec 2015 21:20:11 +0100
Subject: k 3 makefu: add ssh pubkeys to hosts

---
 krebs/3modules/makefu/default.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 1970a0777..31516d591 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -83,6 +83,9 @@ with lib;
             '';
         };
       };
+      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster";
+
     };
 
     vbob = {
@@ -108,6 +111,8 @@ with lib;
             '';
         };
       };
+      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPLTMl+thSq77cjYa2XF7lz5fA7JMftrLo8Dy/OBXSg root@nixos";
     };
     flap = rec {
       cores = 1;
@@ -238,6 +243,8 @@ with lib;
           '';
         };
       };
+      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry";
     };
     filepimp = rec {
       cores = 1;
@@ -287,6 +294,8 @@ with lib;
             '';
         };
       };
+      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch";
     };
     gum = rec {
       cores = 1;
@@ -327,6 +336,8 @@ with lib;
             '';
         };
       };
+      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
     };
   };
   users = addNames rec {
-- 
cgit v1.2.3


From 4b6cd401a85cdc7aab150208cc5310645a7e59e2 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 29 Dec 2015 21:20:36 +0100
Subject: m 1 gum: add smart monitor

---
 makefu/1systems/gum.nix           |  3 ++-
 makefu/2configs/smart-monitor.nix | 18 ++++++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 makefu/2configs/smart-monitor.nix

diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 93fb3dc3a..1907424ec 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -6,11 +6,11 @@ let
   internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
 in {
   imports = [
-      # TODO: copy this config or move to krebs
       ../2configs/tinc-basic-retiolum.nix
       ../2configs/headless.nix
       ../2configs/fs/simple-swap.nix
       ../2configs/fs/single-partition-ext4.nix
+      ../2configs/smart-monitor.nix
       # ../2configs/iodined.nix
       ../2configs/git/cgit-retiolum.nix
       ../2configs/mattermost-docker.nix
@@ -18,6 +18,7 @@ in {
 
       ../2configs/exim-retiolum.nix
       ../2configs/urlwatch.nix
+
   ];
 
 
diff --git a/makefu/2configs/smart-monitor.nix b/makefu/2configs/smart-monitor.nix
new file mode 100644
index 000000000..7086f622b
--- /dev/null
+++ b/makefu/2configs/smart-monitor.nix
@@ -0,0 +1,18 @@
+{ config, ... }:
+{
+  services.smartd = {
+    enable = true;
+    notifications = {
+      mail = {
+        enable = true;
+        recipient = config.krebs.users.makefu.mail;
+      };
+    };
+    # short daily, long weekly, check on boot
+    defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
+
+    devices = [{
+      device = "/dev/sda";
+    }];
+  };
+}
-- 
cgit v1.2.3


From 81badfd47ede4cf3860e7006c13586340415ade5 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 29 Dec 2015 21:21:04 +0100
Subject: m 2 urlwatch: use py2 instead of py2k urlwatch

---
 makefu/2configs/urlwatch.nix | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix
index e4f639d5b..a83279ba2 100644
--- a/makefu/2configs/urlwatch.nix
+++ b/makefu/2configs/urlwatch.nix
@@ -1,6 +1,22 @@
-{ config, ... }:
+{ config, lib, ... }:
 
 {
+  nixpkgs.config.packageOverrides = pkgs: {
+    urlwatch = with pkgs.pythonPackages; buildPythonPackage rec {
+      name = "urlwatch-1.18";
+
+      propagatedBuildInputs =  [ futures ];
+
+      src = pkgs.fetchurl {
+        url = "http://thp.io/2008/urlwatch/${name}.tar.gz";
+        sha256 = "090qfgx249ks7103sap6w47f8302ix2k46wxhfssxwsqcqdl25vb";
+      };
+
+      postFixup = ''
+        wrapProgram "$out/bin/urlwatch" --prefix "PYTHONPATH" : "$PYTHONPATH"
+      '';
+    };
+  };
   krebs.urlwatch = {
     enable = true;
     mailto = config.krebs.users.makefu.mail;
@@ -12,7 +28,7 @@
       http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release
       https://pypi.python.org/simple/bepasty/
       https://pypi.python.org/simple/xstatic/
-      http://cvs2svn.tigris.org/svn/cvs2svn/tags/
+      http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
     ];
   };
 }
-- 
cgit v1.2.3


From d574c0ef78f7572aec88e484d3ff6256247e878c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 30 Dec 2015 01:38:33 +0100
Subject: m 3 buildbot/master: add secrets

---
 krebs/3modules/buildbot/master.nix      | 16 +++++++++++++---
 shared/2configs/buildbot-standalone.nix |  8 +++++---
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index 5870c3145..74385a433 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -132,6 +132,16 @@ let
       '';
     };
 
+    secrets = mkOption {
+      default = [];
+      type = types.listOf types.str;
+      example = [ "cac.json" ];
+      description = ''
+        List of all the secrets in <secrets> which should be copied into the
+        buildbot master directory.
+      '';
+    };
+
     slaves = mkOption {
       default = {};
       type = types.attrsOf types.str;
@@ -344,10 +354,10 @@ let
           fi
           # always override the master.cfg
           cp ${buildbot-master-config} ${workdir}/master.cfg
+
           # copy secrets
-          cp ${secretsdir}/cac.json ${workdir}
-          cp ${secretsdir}/retiolum-ci.rsa_key.priv \
-             ${workdir}/retiolum.rsa_key.priv
+          ${ concatMapStringsSep "\n"
+            (f: "cp ${secretsdir}/${f} ${workdir}/${f}" ) cfg.secrets }
           # sanity
           ${buildbot}/bin/buildbot checkconfig ${workdir}
 
diff --git a/shared/2configs/buildbot-standalone.nix b/shared/2configs/buildbot-standalone.nix
index 51c600329..28d1eef2e 100644
--- a/shared/2configs/buildbot-standalone.nix
+++ b/shared/2configs/buildbot-standalone.nix
@@ -8,6 +8,9 @@ in {
   };
   networking.firewall.allowedTCPPorts = [ 8010 9989 ];
   krebs.buildbot.master = {
+    secrets = [
+      "cac.json"
+    ];
     slaves = {
       testslave =  "krebspass";
       omo = "krebspass";
@@ -93,9 +96,8 @@ in {
   # slave needs 2 files:
   # * cac.json
   # * retiolum
-  for file in ["cac.json", "retiolum.rsa_key.priv"]:
-    s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/{}".format(file),
-                            slavedest=file))
+  s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/cac.json", slavedest="cac.json"))
+  s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/retiolum-ci.rsa_key.priv", slavedest="retiolum.rsa_key.priv"))
 
   addShell(s, name="infest-cac-centos7",env=env,
               sigtermTime=60,           # SIGTERM 1 minute before SIGKILL
-- 
cgit v1.2.3