From e1cd9fa013f34236db1ceebd84badd4315e92701 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 31 Mar 2016 03:48:43 +0200 Subject: tv: import mu --- krebs/3modules/tv/default.nix | 9 ++- tv/1systems/mu.nix | 169 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 177 insertions(+), 1 deletion(-) create mode 100644 tv/1systems/mu.nix diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 262f508c3..13d3163c0 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -169,6 +169,7 @@ with config.krebs.lib; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF"; }; mu = { + cores = 2; nets = { retiolum = { addrs4 = ["10.243.20.1"]; @@ -189,6 +190,8 @@ with config.krebs.lib; ''; }; }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1vJsAddvxMA84u9iJEOrIkKn7pQiemMbfW5cfK1d7g root@mu"; }; nomic = { cores = 2; @@ -387,7 +390,7 @@ with config.krebs.lib; -----END PGP PUBLIC KEY BLOCK----- ''; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu"; - uid = 1337; # TODO use default + uid = 1337; # TODO use default and document what has to be done (for vv) }; tv-nomic = { inherit (tv) mail; @@ -397,5 +400,9 @@ with config.krebs.lib; inherit (tv) mail; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu"; }; + vv = { + mail = "vv@mu.r"; + uid = 2000; # TODO use default + }; }; } diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix new file mode 100644 index 000000000..06da15ecc --- /dev/null +++ b/tv/1systems/mu.nix @@ -0,0 +1,169 @@ +{ config, pkgs, ... }: + +with config.krebs.lib; + +{ + imports = [ + ../../krebs + ../2configs + ../3modules + ../2configs/exim-retiolum.nix + ../2configs/retiolum.nix + ]; + + krebs.build.host = config.krebs.hosts.mu; + krebs.build.user = mkForce config.krebs.users.vv; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0" + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0" + + # for jack + KERNEL=="rtc0", GROUP="audio" + KERNEL=="hpet", GROUP="audio" + ''; + + + # hardware configuration + boot.initrd.luks.devices = [ + { name = "vgmu1"; device = "/dev/sda2"; } + ]; + boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ]; + boot.initrd.availableKernelModules = [ "ahci" ]; + boot.kernelModules = [ "fbcon" "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + boot.extraModprobeConfig = '' + options kvm_intel nested=1 + ''; + + fileSystems = { + "/" = { + device = "/dev/vgmu1/nixroot"; + fsType = "ext4"; + options = [ "defaults" "noatime" ]; + }; + "/home" = { + device = "/dev/vgmu1/home"; + options = [ "defaults" "noatime" ]; + }; + "/boot" = { + device = "/dev/sda1"; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = [ "nosuid" "nodev" "noatime" ]; + }; + }; + + swapDevices =[ ]; + + nixpkgs.config.firefox.enableAdobeFlash = true; + nixpkgs.config.chromium.enablePepperFlash = true; + + nixpkgs.config.allowUnfree = true; + hardware.opengl.driSupport32Bit = true; + + hardware.pulseaudio.enable = true; + + hardware.enableAllFirmware = true; + + boot.loader.gummiboot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.networkmanager.enable = true; + + environment.systemPackages = with pkgs; [ + slock + tinc + iptables + vim + gimp + xsane + firefoxWrapper + chromiumDev + skype + libreoffice + kde4.l10n.de + kde4.plasma-nm + pidgin-with-plugins + pidginotr + + kde4.print_manager + #foomatic_filters + #gutenprint + #cups_pdf_filter + #ghostscript + ]; + + + i18n.defaultLocale = "de_DE.UTF-8"; + + programs.ssh.startAgent = false; + + security.setuidPrograms = [ + "sendmail" # for cron + "slock" + ]; + + security.pam.loginLimits = [ + # for jack + { domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; } + { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; } + ]; + + fonts.fonts = [ + pkgs.xlibs.fontschumachermisc + ]; + + # Enable CUPS to print documents. + services.printing = { + enable = true; + #drivers = [ + # #pkgs.foomatic_filters + # #pkgs.gutenprint + # #pkgs.cups_pdf_filter + # #pkgs.ghostscript + #]; + #cupsdConf = '' + # LogLevel debug2 + #''; + }; + + services.xserver.enable = true; + services.xserver.layout = "de"; + services.xserver.xkbOptions = "eurosign:e"; + + # TODO this is host specific + services.xserver.synaptics = { + enable = true; + twoFingerScroll = true; + }; + + services.xserver.desktopManager.kde4.enable = true; + services.xserver.displayManager.auto = { + enable = true; + user = "vv"; + }; + + users.users.vv = { + inherit (config.krebs.users.vv) home uid; + isNormalUser = true; + extraGroups = [ + "audio" + "video" + "networkmanager" + ]; + }; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + + # see tmpfiles.d(5) + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" # does this work with mounted /tmp? + ]; +} -- cgit v1.2.3 From b297544847b71cd8759bc6d1feeb4c80e7094270 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 1 Apr 2016 14:28:16 +0200 Subject: ma 2 fs: use list of strings for options --- makefu/2configs/fs/sda-crypto-root-home.nix | 2 +- makefu/2configs/fs/sda-crypto-root.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/fs/sda-crypto-root-home.nix b/makefu/2configs/fs/sda-crypto-root-home.nix index 5214cf872..1ef0d69e9 100644 --- a/makefu/2configs/fs/sda-crypto-root-home.nix +++ b/makefu/2configs/fs/sda-crypto-root-home.nix @@ -19,7 +19,7 @@ with config.krebs.lib; "/home" = { device = "/dev/mapper/main-home"; fsType = "ext4"; - options="defaults,discard"; + options = [ "defaults" "discard" ]; }; }; } diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix index e9d7b755a..b82c0e44e 100644 --- a/makefu/2configs/fs/sda-crypto-root.nix +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -18,12 +18,12 @@ with config.krebs.lib; "/" = { device = "/dev/mapper/luksroot"; fsType = "ext4"; - options="defaults,discard"; + options = [ "defaults" "discard" ]; }; "/boot" = { device = "/dev/disk/by-label/nixboot"; fsType = "ext4"; - options="defaults,discard"; + options = [ "defaults" "discard" ]; }; }; } -- cgit v1.2.3 From f47212c2ce09b22bad37670b2d434eeb9badf49d Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:39:28 +0200 Subject: ma 2 omo: share emu --- makefu/2configs/omo-share.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/omo-share.nix index a9640b38b..3a4dd456f 100644 --- a/makefu/2configs/omo-share.nix +++ b/makefu/2configs/omo-share.nix @@ -48,6 +48,13 @@ in { browseable = "yes"; "guest ok" = "yes"; }; + + emu = { + path = "/media/crypt1/emu"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; usenet = { path = "/media/crypt0/usenet/dst"; "read only" = "yes"; -- cgit v1.2.3 From 3435e02dadf0a13515a5d387e7a99d5c1a383fe4 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:39:53 +0200 Subject: ma 5 mycube: use new version --- makefu/5pkgs/mycube-flask/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/5pkgs/mycube-flask/default.nix b/makefu/5pkgs/mycube-flask/default.nix index 5bf85a66a..1b1672f08 100644 --- a/makefu/5pkgs/mycube-flask/default.nix +++ b/makefu/5pkgs/mycube-flask/default.nix @@ -10,8 +10,8 @@ with pkgs.pythonPackages;buildPythonPackage rec { src = fetchFromGitHub { owner = "makefu"; repo = "mycube-flask"; - rev = "5f5260a"; - sha256 = "1jx0h81nlmi1xry2vw46rvsanq0sdca6hlq31lhh7klqrg885hgh"; + rev = "48dc6857"; + sha256 = "1ax1vz6m5982l1mmp9vmywn9nw9p9h4m3ss74zazyspxq1wjim0v"; }; meta = { homepage = https://github.com/makefu/mycube-flask; -- cgit v1.2.3 From 4f55e3862c942d8d05591873f587cc767aef3a0d Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:42:13 +0200 Subject: ma 1 darth: add virtualization --- makefu/1systems/darth.nix | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index ad3ac4f22..2f2358ddc 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -10,15 +10,27 @@ let allDisks = [ rootDisk auxDisk ]; in { imports = [ - ../. - ../2configs/fs/single-partition-ext4.nix - ../2configs/zsh-user.nix - ../2configs/smart-monitor.nix + ../. + ../2configs/fs/single-partition-ext4.nix + ../2configs/zsh-user.nix + ../2configs/smart-monitor.nix + ../2configs/exim-retiolum.nix + ../2configs/virtualization.nix ]; + networking.firewall.allowedUDPPorts = [ 80 655 67 ]; + networking.firewall.allowedTCPPorts = [ 80 655 ]; + networking.firewall.checkReversePath = false; + #networking.firewall.enable = false; # virtualisation.nova.enableSingleNode = true; krebs.retiolum.enable = true; + boot.kernelModules = [ "coretemp" "f71882fg" ]; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + networking.wireless.enable = true; + # TODO smartd omo darth gum all-in-one services.smartd.devices = builtins.map (x: { device = x; }) allDisks; zramSwap.enable = true; -- cgit v1.2.3 From 540d629e0daa74dd37d8c6d5b462c6888a498c58 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:42:46 +0200 Subject: ma 2 tp-x220: start charging at 95 my thinkpad never fills 100% --- makefu/2configs/hw/tp-x2x0.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index d5ce34bd4..7f9dc67a5 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -23,6 +23,7 @@ with config.krebs.lib; services.tlp.enable = true; services.tlp.extraConfig = '' START_CHARGE_THRESH_BAT0=80 + STOP_CHARGE_THRESH_BAT0=95 CPU_SCALING_GOVERNOR_ON_AC=performance CPU_SCALING_GOVERNOR_ON_BAT=ondemand -- cgit v1.2.3 From 315bb8e67ef1a2c5fbf4b6ed4debdc8d2ce0f15e Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:43:02 +0200 Subject: ma 2 base-gui: save more lines --- makefu/2configs/base-gui.nix | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 341a2ab20..b807957ba 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -10,16 +10,6 @@ # # if this is not enough, check out main-laptop.nix -## TODO: .Xdefaults: -# URxvt*termName: rxvt -# URxvt.scrollBar : false -# URxvt*scrollBar_right: false -# URxvt*borderLess: false -# URxvt.foreground: white -# URxvt.background: black -# URxvt.urgentOnBell: true -# URxvt.visualBell: false -# URxvt.font : xft:Terminus with config.krebs.lib; let @@ -83,7 +73,9 @@ in XTerm*FaceName : Terminus:pixelsize=14 URxvt*termName: rxvt - URxvt.scrollBar : False + URxvt*saveLines: 10000 + URxvt*loginShell: false + URxvt.scrollBar : false URxvt*scrollBar_right: false URxvt*borderLess: false URxvt.foreground: white -- cgit v1.2.3 From bc72bad6e22eeae9fa138be1583e742eec1e162f Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:43:31 +0200 Subject: ma 1 vbob: remove obsolete source --- makefu/1systems/vbob.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 748b08ef1..5e2382f37 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -15,11 +15,6 @@ ]; nixpkgs.config.allowUnfree = true; - krebs.build.source.upstream-nixpkgs = { - url = https://github.com/makefu/nixpkgs; - # HTTP Everywhere + libredir - rev = "8239ac6"; - }; fileSystems."/nix" = { device ="/dev/disk/by-label/nixstore"; fsType = "ext4"; -- cgit v1.2.3 From c8b8dac1dbcba9a8ca5da5ee2ee27af0da9d8f97 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:44:11 +0200 Subject: ma 2 nginx/public_html: publish home --- makefu/2configs/nginx/public_html.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 makefu/2configs/nginx/public_html.nix diff --git a/makefu/2configs/nginx/public_html.nix b/makefu/2configs/nginx/public_html.nix new file mode 100644 index 000000000..9df8351ca --- /dev/null +++ b/makefu/2configs/nginx/public_html.nix @@ -0,0 +1,15 @@ +{ config, lib, ... }: + +with config.krebs.lib; + +{ + krebs.nginx = { + enable = true; + servers.default.locations = [ + (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' + alias /home/$1/public_html$2; + autoindex on; + '') + ]; + }; +} -- cgit v1.2.3 From ac7cece1d27422ce6b17540618cacc90ac4bfdb0 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:52:16 +0200 Subject: ma 1 omo: cleanup --- makefu/1systems/omo.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index f0f1d3088..fbd06a9c7 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -44,16 +44,21 @@ in { ../2configs/smart-monitor.nix ../2configs/mail-client.nix ../2configs/share-user-sftp.nix + ../2configs/graphite-standalone.nix ../2configs/omo-share.nix ]; + krebs.retiolum.enable = true; networking.firewall.trustedInterfaces = [ "enp3s0" ]; # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net # tcp:80 - nginx for sharing files # tcp:655 udp:655 - tinc - # tcp:8080 - sabnzbd + # tcp:8111 - graphite + # tcp:9090 - sabnzbd + # tcp:9200 - elasticsearch + # tcp:5601 - kibana networking.firewall.allowedUDPPorts = [ 655 ]; - networking.firewall.allowedTCPPorts = [ 80 655 8080 ]; + networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ]; # services.openssh.allowSFTP = false; -- cgit v1.2.3 From ef74e1f71338bba1eb558b63e100c4803c33cd8c Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:52:50 +0200 Subject: ma 2 mail: use mutt, not mutt-kz --- makefu/2configs/mail-client.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/mail-client.nix b/makefu/2configs/mail-client.nix index 793daa6f8..eeade94e8 100644 --- a/makefu/2configs/mail-client.nix +++ b/makefu/2configs/mail-client.nix @@ -7,7 +7,7 @@ with config.krebs.lib; gnupg imapfilter msmtp - mutt-kz + mutt notmuch offlineimap openssl -- cgit v1.2.3 From 3d5c085f100d91543cb0f786337c4f4a1756f216 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Apr 2016 21:55:01 +0200 Subject: ma 4 default: prepare backups --- makefu/4lib/default.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 makefu/4lib/default.nix diff --git a/makefu/4lib/default.nix b/makefu/4lib/default.nix new file mode 100644 index 000000000..5e9ab2087 --- /dev/null +++ b/makefu/4lib/default.nix @@ -0,0 +1,30 @@ +{ config, lib, ... }: + +with lib; +let + addDefaultTime = bku-entry: recursiveUpdate { + snapshots = { + daily = { format = "%Y-%m-%d"; retain = 7; }; + weekly = { format = "%YW%W"; retain = 4; }; + monthly = { format = "%Y-%m"; retain = 12; }; + yearly = { format = "%Y"; }; + }; + startAt = "5:23"; + } bku-entry; + + backup-host = config.krebs.hosts.omo; + backup-path = "/media/backup"; +in { + bku = { + inherit addDefaultTime; + simplePath = addDefaultTime (path: { + method = "pull"; + src = { host = config.krebs.build.host; inherit path; }; + dst = { + host = backup-host; + path = backup-path ++ config.krebs.build.host.name + ++ builtins.replaceStrings ["/"] ["-"] path; + }; + }); + }; +} -- cgit v1.2.3 From bcb395fa76e35e82b68b16a9d4958087da1a0803 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 7 Apr 2016 11:16:57 +0200 Subject: exim: 4.86.2 -> 4.87 --- krebs/5pkgs/exim/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/exim/default.nix b/krebs/5pkgs/exim/default.nix index d8d1f0dc3..0918e308d 100644 --- a/krebs/5pkgs/exim/default.nix +++ b/krebs/5pkgs/exim/default.nix @@ -1,11 +1,11 @@ { coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }: stdenv.mkDerivation rec { - name = "exim-4.86.2"; + name = "exim-4.87"; src = fetchurl { url = "http://mirror.switch.ch/ftp/mirror/exim/exim/exim4/${name}.tar.bz2"; - sha256 = "1cvfcc1hi60lydv8h3a2rxlfc0v2nflwpvzjj7h7cdsqs2pxwmkp"; + sha256 = "1jbxn13shq90kpn0s73qpjnx5xm8jrpwhcwwgqw5s6sdzw6iwsbl"; }; buildInputs = [ coreutils db openssl pcre perl pkgconfig ]; -- cgit v1.2.3 From 43ea1e5ab36b081c6b4776f2729d100c9f13afcd Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 7 Apr 2016 19:54:17 +0200 Subject: k 3 makefu: add senderechner --- krebs/3modules/makefu/default.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index b04280848..bd7c0db48 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -543,6 +543,29 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; }; + senderechner = rec { + cores = 2; + nets = { + retiolum = { + addrs4 = ["10.243.0.163"]; + addrs6 = ["42:b67b:5752:a730:5f28:d80d:6b37:5bda/128"]; + aliases = [ + "senderechner.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7 + lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X + rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL + inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT + BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO + OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + muhbaasu = rec { cores = 1; nets = { -- cgit v1.2.3 From 033bf438bd2ae39d6a465c475500a24514cc2739 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 7 Apr 2016 20:29:07 +0200 Subject: addr4: str -> mkOptionType --- krebs/4lib/types.nix | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 32d1daf9d..7255dc3e1 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -186,10 +186,16 @@ types // rec { }; }); - # TODO - addr = str; - addr4 = str; - addr6 = str; + addr = either addr4 addr6; + addr4 = mkOptionType { + name = "IPv4 address"; + check = let + IPv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in + concatMapStringsSep "." (const d) (range 1 4); + in x: match IPv4address != null; + merge = mergeOneOption; + }; + addr6 = str; # TODO pgp-pubkey = str; -- cgit v1.2.3 From 7fb1a3e775439d61e054e872dad79f9b6b1ae227 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 7 Apr 2016 20:48:07 +0200 Subject: krebs.nginx: don't abuse extraConfig --- krebs/3modules/nginx.nix | 40 ++++++++++++++++++---------------------- 1 file changed, 18 insertions(+), 22 deletions(-) diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index 816c2ff69..6af93a570 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -117,28 +117,24 @@ let } ''; - to-server = { server-names, listen, locations, extraConfig, ssl, ... }: - let - _extraConfig = if ssl.enable then - extraConfig + '' - ssl_certificate ${ssl.certificate}; - ssl_certificate_key ${ssl.certificate_key}; - ${optionalString ssl.prefer_server_ciphers "ssl_prefer_server_ciphers On;"} - ssl_ciphers ${ssl.ciphers}; - ssl_protocols ${toString ssl.protocols}; - '' - else - extraConfig - ; - - in '' - server { - ${concatMapStringsSep "\n" (x: "listen ${x};") (listen ++ optional ssl.enable "443 ssl")} - server_name ${toString server-names}; - ${indent _extraConfig} - ${indent (concatMapStrings to-location locations)} - } - ''; + to-server = { server-names, listen, locations, extraConfig, ssl, ... }: '' + server { + server_name ${toString server-names}; + ${concatMapStringsSep "\n" (x: indent "listen ${x};") listen} + ${optionalString ssl.enable (indent '' + listen 443 ssl; + ssl_certificate ${ssl.certificate}; + ssl_certificate_key ${ssl.certificate_key}; + ${optionalString ssl.prefer_server_ciphers '' + ssl_prefer_server_ciphers On; + ''} + ssl_ciphers ${ssl.ciphers}; + ssl_protocols ${toString ssl.protocols}; + '')} + ${indent extraConfig} + ${indent (concatMapStrings to-location locations)} + } + ''; in out -- cgit v1.2.3 From 827f1790803bda906ed71c56138cfdbf108ee730 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 7 Apr 2016 21:40:56 +0200 Subject: doppelbock: init --- krebs/3modules/tv/default.nix | 35 +++++++++++++++++++++++++++++++++++ tv/1systems/doppelbock.nix | 23 +++++++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 tv/1systems/doppelbock.nix diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 13d3163c0..f0f0c5e79 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -62,6 +62,41 @@ with config.krebs.lib; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6"; }; + doppelbock = rec { + cores = 2; + nets = rec { + internet = { + addrs4 = ["45.62.237.203"]; + aliases = [ + "doppelbock.i" + "doppelbock.internet" + ]; + }; + retiolum = { + via = internet; + addrs4 = ["10.243.113.224"]; + addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"]; + aliases = [ + "doppelbock.r" + "doppelbock.retiolum" + "cgit.doppelbock.r" + "cgit.doppelbock.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAq/luvzH4CQX5qRuucUqR3aLwXtzsRmBOdd2hvrPG1z8ML2kKV+IG + 0aBfyJmQ8csfeGhOj0y0LEBv4bkEjEtYObs+LJfdWZC5e39eAVUE0z8QbSPOx4di + /7Bo+9sFRELP1kYb47eLR8quiIkslMWQMbTLM5RHoXJ5jE8fQSitfp4WUZYiSPDF + d5F7RU/ZQfTZuh8gv7RmSn/6N6bXAQWrueK6ZqMuImIjBrmYyXUWxgsDnpeHxR5j + j/0F2Bda5lyp+Qzv24PREdPT8FazUfmIQwZTTArXHxiqLq+SEVT21E4WEf2sJRan + dti9yVUW3eiqpu8b9BRpvxOB3YdkyqlrGwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLhrVTEmbtuTsgRTHHxsLrq7ai1Yt7+oKFevr1gzktCQqHuyucXzxn60F00kuNDkNiKIF5fHmWy6ajU+6PKD3TfiFMagT9ah0x0RSB0+0tevxnlOp6VdHhrdM5YrBduWMiELmOiI1lvYhRqKd/ZE7b2mra6KYe5VtTi9UX3wQp8qN+bI01KCxv0p6ciUgEO8fnwLKDBUuFJ2UfE7Ais9XrXFIBFXB+MKcpLnIXvrV6dSXdUEiaswg8wo0Q0Y3tMaQ0dNJdH2yp3FVn1aiX3E/vVnffmDKMWYWqn78klujdEdmLm8/8NkXnc/jpgu8ZlSpQHECO2ZUJzd35yRnVKALv"; + }; mkdir = rec { cores = 1; nets = rec { diff --git a/tv/1systems/doppelbock.nix b/tv/1systems/doppelbock.nix new file mode 100644 index 000000000..9a8d5b05d --- /dev/null +++ b/tv/1systems/doppelbock.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: +with config.krebs.lib; +{ + krebs.build.host = config.krebs.hosts.doppelbock; + + imports = [ + ../. + ../2configs/hw/CAC-Developer-2.nix + ../2configs/fs/CAC-CentOS-7-64bit.nix + ../2configs/retiolum.nix + ]; + + networking = { + interfaces.enp2s1.ip4 = singleton { + address = let + addr4 = "45.62.237.203"; + in assert config.krebs.build.host.nets.internet.addrs4 == [addr4]; addr4; + prefixLength = 24; + }; + defaultGateway = "45.62.237.1"; + nameservers = ["8.8.8.8"]; + }; +} -- cgit v1.2.3 From 46e818ebbc5446b4215ad9524089d9b2dc91cbd3 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 8 Apr 2016 03:53:34 +0200 Subject: retiolum: don't hardcode routing prefixes --- krebs/3modules/lass/default.nix | 46 ++++---- krebs/3modules/makefu/default.nix | 126 ++++++++++----------- krebs/3modules/miefda/default.nix | 4 +- krebs/3modules/mv/default.nix | 4 +- krebs/3modules/retiolum.nix | 83 +++++--------- krebs/3modules/shared/default.nix | 10 +- krebs/3modules/tv/default.nix | 74 ++++++------ krebs/4lib/types.nix | 48 ++++++-- lass/1systems/cloudkrebs.nix | 3 +- lass/1systems/echelon.nix | 3 +- lass/1systems/prism.nix | 4 +- lass/2configs/privoxy-retiolum.nix | 3 +- lass/3modules/static_nginx.nix | 2 +- makefu/1systems/gum.nix | 4 +- makefu/1systems/wry.nix | 4 +- .../2configs/deployment/mycube.connector.one.nix | 2 +- makefu/2configs/iodined.nix | 2 +- makefu/2configs/nginx/euer.blog.nix | 4 +- makefu/2configs/nginx/euer.test.nix | 4 +- makefu/2configs/nginx/euer.wiki.nix | 4 +- makefu/2configs/nginx/update.connector.one.nix | 2 +- makefu/2configs/omo-share.nix | 2 +- shared/1systems/wolf.nix | 4 +- tv/1systems/doppelbock.nix | 4 +- tv/1systems/mkdir.nix | 11 +- tv/1systems/rmdir.nix | 7 +- tv/2configs/exim-smarthost.nix | 2 +- tv/3modules/charybdis/config.nix | 9 +- 28 files changed, 228 insertions(+), 247 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3d54900e4..b4686894e 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -8,15 +8,15 @@ with config.krebs.lib; cores = 4; nets = rec { internet = { - addrs4 = ["144.76.172.188"]; + ip4.addr = "144.76.172.188"; aliases = [ "dishfire.internet" ]; }; retiolum = { via = internet; - addrs4 = ["10.243.133.99"]; - addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"]; + ip4.addr = "10.243.133.99"; + ip6.addr = "42:0000:0000:0000:0000:0000:d15f:1233"; aliases = [ "dishfire.retiolum" "dishfire.r" @@ -40,15 +40,15 @@ with config.krebs.lib; cores = 2; nets = rec { internet = { - addrs4 = ["162.252.241.33"]; + ip4.addr = "162.252.241.33"; aliases = [ "echelon.internet" ]; }; retiolum = { via = internet; - addrs4 = ["10.243.206.103"]; - addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f763"]; + ip4.addr = "10.243.206.103"; + ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f763"; aliases = [ "echelon.retiolum" "echelon.r" @@ -75,15 +75,15 @@ with config.krebs.lib; cores = 4; nets = rec { internet = { - addrs4 = ["213.239.205.240"]; + ip4.addr = "213.239.205.240"; aliases = [ "prism.internet" ]; }; retiolum = { via = internet; - addrs4 = ["10.243.0.103"]; - addrs6 = ["42:0000:0000:0000:0000:0000:0000:15ab"]; + ip4.addr = "10.243.0.103"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:15ab"; aliases = [ "prism.retiolum" "prism.r" @@ -107,15 +107,15 @@ with config.krebs.lib; fastpoke = { nets = rec { internet = { - addrs4 = ["193.22.164.36"]; + ip4.addr = "193.22.164.36"; aliases = [ "fastpoke.internet" ]; }; retiolum = { via = internet; - addrs4 = ["10.243.253.152"]; - addrs6 = ["42:422a:194f:ff3b:e196:2f82:5cf5:bc00"]; + ip4.addr = "10.243.253.152"; + ip6.addr = "42:422a:194f:ff3b:e196:2f82:5cf5:bc00"; aliases = [ "fastpoke.retiolum" "fastpoke.r" @@ -139,15 +139,15 @@ with config.krebs.lib; cores = 1; nets = rec { internet = { - addrs4 = ["104.167.113.104"]; + ip4.addr = "104.167.113.104"; aliases = [ "cloudkrebs.internet" ]; }; retiolum = { via = internet; - addrs4 = ["10.243.206.102"]; - addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f762"]; + ip4.addr = "10.243.206.102"; + ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f762"; aliases = [ "cloudkrebs.retiolum" "cloudkrebs.r" @@ -172,12 +172,12 @@ with config.krebs.lib; cores = 1; nets = { gg23 = { - addrs4 = ["10.23.1.12"]; + ip4.addr = "10.23.1.12"; aliases = ["uriel.gg23"]; }; retiolum = { - addrs4 = ["10.243.81.176"]; - addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"]; + ip4.addr = "10.243.81.176"; + ip6.addr = "42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"; aliases = [ "uriel.retiolum" "uriel.r" @@ -203,12 +203,12 @@ with config.krebs.lib; cores = 2; nets = { gg23 = { - addrs4 = ["10.23.1.11"]; + ip4.addr = "10.23.1.11"; aliases = ["mors.gg23"]; }; retiolum = { - addrs4 = ["10.243.0.2"]; - addrs6 = ["42:0:0:0:0:0:0:dea7"]; + ip4.addr = "10.243.0.2"; + ip6.addr = "42:0:0:0:0:0:0:dea7"; aliases = [ "mors.retiolum" "mors.r" @@ -234,8 +234,8 @@ with config.krebs.lib; cores = 2; nets = { retiolum = { - addrs4 = ["10.243.0.3"]; - addrs6 = ["42:0:0:0:0:0:0:7105"]; + ip4.addr = "10.243.0.3"; + ip6.addr = "42:0:0:0:0:0:0:7105"; aliases = [ "helios.retiolum" "helios.r" diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index bd7c0db48..b93b34d24 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -8,8 +8,8 @@ with config.krebs.lib; cores = 1; nets = { retiolum = { - addrs4 = ["10.243.0.210"]; - addrs6 = ["42:f9f1:0000:0000:0000:0000:0000:0001"]; + ip4.addr = "10.243.0.210"; + ip6.addr = "42:f9f1:0000:0000:0000:0000:0000:0001"; aliases = [ "pnp.retiolum" "cgit.pnp.retiolum" @@ -31,8 +31,8 @@ with config.krebs.lib; cores = 4; nets = { retiolum = { - addrs4 = ["10.243.0.84"]; - addrs6 = ["42:ff6b:5f0b:460d:2cee:4d05:73f7:5566"]; + ip4.addr = "10.243.0.84"; + ip6.addr = "42:ff6b:5f0b:460d:2cee:4d05:73f7:5566"; aliases = [ "darth.retiolum" "darth.r" @@ -54,8 +54,8 @@ with config.krebs.lib; cores = 1; nets = { retiolum = { - addrs4 = ["10.243.0.212"]; - addrs6 = ["42:f9f1:0000:0000:0000:0000:0000:0002"]; + ip4.addr = "10.243.0.212"; + ip6.addr = "42:f9f1:0000:0000:0000:0000:0000:0002"; aliases = [ "tsp.retiolum" ]; @@ -81,8 +81,8 @@ with config.krebs.lib; cores = 2; nets = { retiolum = { - addrs4 = ["10.243.0.91"]; - addrs6 = ["42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"]; + ip4.addr = "10.243.0.91"; + ip6.addr = "42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"; aliases = [ "pornocauster.retiolum" "pornocauster.r" @@ -108,8 +108,8 @@ with config.krebs.lib; cores = 2; nets = { retiolum = { - addrs4 = ["10.243.1.91"]; - addrs6 = ["42:0b2c:d90e:e717:03dd:9ac1:0000:a400"]; + ip4.addr = "10.243.1.91"; + ip6.addr = "42:0b2c:d90e:e717:03dd:9ac1:0000:a400"; aliases = [ "vbob.retiolum" ]; @@ -135,22 +135,22 @@ with config.krebs.lib; extraZones = { "krebsco.de" = '' euer IN MX 1 aspmx.l.google.com. - pigstarter IN A ${head nets.internet.addrs4} - gold IN A ${head nets.internet.addrs4} - boot IN A ${head nets.internet.addrs4} + pigstarter IN A ${nets.internet.ip4.addr} + gold IN A ${nets.internet.ip4.addr} + boot IN A ${nets.internet.ip4.addr} ''; }; nets = { internet = { - addrs4 = ["192.40.56.122"]; - addrs6 = ["2604:2880::841f:72c"]; + ip4.addr = "192.40.56.122"; + ip6.addr = "2604:2880::841f:72c"; aliases = [ "pigstarter.internet" ]; }; retiolum = { - addrs4 = ["10.243.0.153"]; - addrs6 = ["42:9143:b4c0:f981:6030:7aa2:8bc5:4110"]; + ip4.addr = "10.243.0.153"; + ip6.addr = "42:9143:b4c0:f981:6030:7aa2:8bc5:4110"; aliases = [ "pigstarter.retiolum" ]; @@ -171,18 +171,18 @@ with config.krebs.lib; cores = 1; extraZones = { "krebsco.de" = '' - euer IN A ${head nets.internet.addrs4} - wiki.euer IN A ${head nets.internet.addrs4} - wry IN A ${head nets.internet.addrs4} + euer IN A ${nets.internet.ip4.addr} + wiki.euer IN A ${nets.internet.ip4.addr} + wry IN A ${nets.internet.ip4.addr} io IN NS wry.krebsco.de. - graphs IN A ${head nets.internet.addrs4} - paste 60 IN A ${head nets.internet.addrs4} - tinc IN A ${head nets.internet.addrs4} + graphs IN A ${nets.internet.ip4.addr} + paste 60 IN A ${nets.internet.ip4.addr} + tinc IN A ${nets.internet.ip4.addr} ''; }; nets = rec { internet = { - addrs4 = ["104.233.87.86"]; + ip4.addr = "104.233.87.86"; aliases = [ "wry.internet" "paste.internet" @@ -190,8 +190,8 @@ with config.krebs.lib; }; retiolum = { via = internet; - addrs4 = ["10.243.29.169"]; - addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"]; + ip4.addr = "10.243.29.169"; + ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad"; aliases = [ "graphs.wry.retiolum" "graphs.retiolum" @@ -228,8 +228,8 @@ with config.krebs.lib; nets = { retiolum = { - addrs4 = ["10.243.153.102"]; - addrs6 = ["42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"]; + ip4.addr = "10.243.153.102"; + ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"; aliases = [ "filepimp.retiolum" ]; @@ -252,8 +252,8 @@ with config.krebs.lib; nets = { retiolum = { - addrs4 = ["10.243.0.89"]; - addrs6 = ["42:f9f0::10"]; + ip4.addr = "10.243.0.89"; + ip6.addr = "42:f9f0::10"; aliases = [ "omo.retiolum" "omo.r" @@ -277,8 +277,8 @@ with config.krebs.lib; cores = 1; nets = { retiolum = { - addrs4 = ["10.243.214.15"]; - addrs6 = ["42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"]; + ip4.addr = "10.243.214.15"; + ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"; aliases = [ "wbob.retiolum" ]; @@ -301,24 +301,24 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB extraZones = { "krebsco.de" = '' - share.euer IN A ${head nets.internet.addrs4} - mattermost.euer IN A ${head nets.internet.addrs4} - git.euer IN A ${head nets.internet.addrs4} - gum IN A ${head nets.internet.addrs4} - cgit.euer IN A ${head nets.internet.addrs4} + share.euer IN A ${nets.internet.ip4.addr} + mattermost.euer IN A ${nets.internet.ip4.addr} + git.euer IN A ${nets.internet.ip4.addr} + gum IN A ${nets.internet.ip4.addr} + cgit.euer IN A ${nets.internet.ip4.addr} ''; }; nets = rec { internet = { - addrs4 = ["195.154.108.70"]; + ip4.addr = "195.154.108.70"; aliases = [ "gum.internet" ]; }; retiolum = { via = internet; - addrs4 = ["10.243.0.211"]; - addrs6 = ["42:f9f0:0000:0000:0000:0000:0000:70d2"]; + ip4.addr = "10.243.0.211"; + ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2"; aliases = [ "gum.r" "gum.retiolum" @@ -346,20 +346,20 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; extraZones = { "krebsco.de" = '' - mediengewitter IN A ${head nets.internet.addrs4} - flap IN A ${head nets.internet.addrs4} + mediengewitter IN A ${nets.internet.ip4.addr} + flap IN A ${nets.internet.ip4.addr} ''; }; nets = { internet = { - addrs4 = ["162.248.11.162"]; + ip4.addr = "162.248.11.162"; aliases = [ "flap.internet" ]; }; retiolum = { - addrs4 = ["10.243.211.172"]; - addrs6 = ["42:472a:3d01:bbe4:4425:567e:592b:065d"]; + ip4.addr = "10.243.211.172"; + ip6.addr = "42:472a:3d01:bbe4:4425:567e:592b:065d"; aliases = [ "flap.retiolum" "flap.r" @@ -382,8 +382,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { retiolum = { - addrs4 = ["10.243.231.219"]; - addrs6 = ["42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72"]; + ip4.addr = "10.243.231.219"; + ip6.addr = "42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72"; aliases = [ "nukular.r" ]; @@ -405,8 +405,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { retiolum = { - addrs4 = ["10.243.124.21"]; - addrs6 = ["42:9898:a8be:ce56:0ee3:b99c:42c5:109e"]; + ip4.addr = "10.243.124.21"; + ip6.addr = "42:9898:a8be:ce56:0ee3:b99c:42c5:109e"; aliases = [ "heidi.r" ]; @@ -428,7 +428,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { retiolum = { - addrs4 = ["10.243.69.184"]; + ip4.addr = "10.243.69.184"; aliases = [ "soundflower.r" ]; @@ -450,7 +450,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { retiolum = { - addrs4 = ["10.243.120.19"]; + ip4.addr = "10.243.120.19"; aliases = [ "falk.r" ]; @@ -472,8 +472,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 4; nets = { retiolum = { - addrs4 = ["10.243.189.130"]; - addrs6 = ["42:c64e:011f:9755:31e1:c3e6:73c0:af2d"]; + ip4.addr = "10.243.189.130"; + ip6.addr = "42:c64e:011f:9755:31e1:c3e6:73c0:af2d"; aliases = [ "filebitch.r" ]; @@ -495,8 +495,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { retiolum = { - addrs4 = ["10.243.26.29"]; - addrs6 = ["42:927a:3d59:1cb3:29d6:1a08:78d3:812e"]; + ip4.addr = "10.243.26.29"; + ip6.addr = "42:927a:3d59:1cb3:29d6:1a08:78d3:812e"; aliases = [ "excobridge.r" ]; @@ -518,14 +518,14 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { internet = { - addrs4 = ["148.251.47.69"]; + ip4.addr = "148.251.47.69"; aliases = [ "wooki.internet" ]; }; retiolum = { - addrs4 = ["10.243.57.85"]; - addrs6 = ["42:2f06:b899:a3b5:1dcf:51a4:a02b:8731"]; + ip4.addr = "10.243.57.85"; + ip6.addr = "42:2f06:b899:a3b5:1dcf:51a4:a02b:8731"; aliases = [ "wooki.r" ]; @@ -547,8 +547,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 2; nets = { retiolum = { - addrs4 = ["10.243.0.163"]; - addrs6 = ["42:b67b:5752:a730:5f28:d80d:6b37:5bda/128"]; + ip4.addr = "10.243.0.163"; + ip6.addr = "42:b67b:5752:a730:5f28:d80d:6b37:5bda/128"; aliases = [ "senderechner.r" ]; @@ -570,14 +570,14 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cores = 1; nets = { internet = { - addrs4 = ["217.160.206.154"]; + ip4.addr = "217.160.206.154"; aliases = [ "muhbaasu.internet" ]; }; retiolum = { - addrs4 = ["10.243.139.184"]; - addrs6 = ["42:d568:6106:ba30:753b:0f2a:8225:b1fb"]; + ip4.addr = "10.243.139.184"; + ip6.addr = "42:d568:6106:ba30:753b:0f2a:8225:b1fb"; aliases = [ "muhbaasu.r" ]; diff --git a/krebs/3modules/miefda/default.nix b/krebs/3modules/miefda/default.nix index 9a5866294..a03f7ff4d 100644 --- a/krebs/3modules/miefda/default.nix +++ b/krebs/3modules/miefda/default.nix @@ -8,8 +8,8 @@ with config.krebs.lib; cores = 4; nets = { retiolum = { - addrs4 = ["10.243.111.112"]; - addrs6 = ["42:0:0:0:0:0:111:112"]; + ip4.addr = "10.243.111.112"; + ip6.addr = "42:0:0:0:0:0:111:112"; aliases = [ "bobby.retiolum" "cgit.bobby.retiolum" diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix index 3b4001e7a..20118c61f 100644 --- a/krebs/3modules/mv/default.nix +++ b/krebs/3modules/mv/default.nix @@ -8,8 +8,8 @@ with config.krebs.lib; cores = 4; nets = { retiolum = { - addrs4 = ["10.243.111.111"]; - addrs6 = ["42:0:0:0:0:0:111:111"]; + ip4.addr = "10.243.111.111"; + ip6.addr = "42:0:0:0:0:0:111:111"; aliases = [ "stro.retiolum" "cgit.stro.retiolum" diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 61b4473e1..fe4dbd50c 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -11,26 +11,13 @@ let api = { enable = mkEnableOption "krebs.retiolum"; - name = mkOption { - type = types.str; - default = config.networking.hostName; - # Description stolen from tinc.conf(5). - description = '' - This is the name which identifies this tinc daemon. It must - be unique for the virtual private network this daemon will - connect to. The Name may only consist of alphanumeric and - underscore characters. If Name starts with a $, then the - contents of the environment variable that follows will be - used. In that case, invalid characters will be converted to - underscores. If Name is $HOST, but no such environment - variable exist, the hostname will be read using the - gethostnname() system call This is the name which identifies - the this tinc daemon. - ''; + host = mkOption { + type = types.host; + default = config.krebs.build.host; }; netname = mkOption { - type = types.str; + type = types.hostname; default = "retiolum"; description = '' The tinc network name. @@ -157,46 +144,34 @@ let uid = genid name; }; + net = cfg.host.nets.${cfg.netname}; + tinc = cfg.tincPackage; iproute = cfg.iproutePackage; - confDir = pkgs.runCommand "retiolum" { - # TODO text - executable = true; - preferLocalBuild = true; - } '' - set -euf - - mkdir -p $out - - ln -s ${cfg.hostsPackage} $out/hosts - - cat > $out/tinc.conf < $out/tinc-up <