From 265bfe7949c7cccd80763d0b642df7b00f102a41 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 9 Sep 2017 16:27:30 +0200 Subject: wolf: add plattenschwein pubkey --- krebs/1systems/wolf/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 91aabb716..4796d26fd 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -100,6 +100,7 @@ in users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.ulrich.pubkey config.krebs.users.makefu-omo.pubkey + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup ]; time.timeZone = "Europe/Berlin"; -- cgit v1.2.3 From 31b9df0a3b7828887ff9ee4eaddf12b26707c3bf Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 10 Sep 2017 01:32:53 +0200 Subject: wolf: add telegraf snmp --- krebs/1systems/wolf/config.nix | 53 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) (limited to 'krebs') diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 4796d26fd..d89d0b0b2 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -1,6 +1,7 @@ { config, pkgs, ... }: let shack-ip = config.krebs.build.host.nets.shack.ip4.addr; + influx-host = "127.0.0.1"; in { imports = [ @@ -23,6 +24,58 @@ in + { + systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate + #systemd.services.telegraf.environment = { + # "MIBDIRS" : ""; # extra mibs like ADSL + #}; + services.telegraf = { + enable = true; + extraConfig = { + inputs = { + snmp = { + agents = [ "10.0.1.3:161" ]; + version = 2; + community = "shack"; + name = "snmp"; + field = [ + { + name = "hostname"; + oid = "RFC1213-MIB::sysName.0"; + is_tag = true; + } + { + name = "load-percent"; #cisco + oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.9"; + } + { + name = "uptime"; + oid = "DISMAN-EVENT-MIB::sysUpTimeInstance"; + } + ]; + table = [{ + name = "snmp"; + inherit_tags = [ "hostname" ]; + oid = "IF-MIB::ifXTable"; + field = [{ + name = "ifName"; + oid = "IF-MIB::ifName"; + is_tag = true; + }]; + }]; + }; + }; + outputs = { + influxdb = { + urls = [ "http://${influx-host}:8086" ]; + database = "telegraf"; + write_consistency = "any"; + timeout = "5s"; + }; + }; + }; + }; + } ]; # use your own binary cache, fallback use cache.nixos.org (which is used by -- cgit v1.2.3 From ffbd8c9d51753e479fb2c9f83721e0fda58c441a Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Sep 2017 23:01:24 +0200 Subject: wolf.r: add copyKernels --- krebs/1systems/wolf/config.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'krebs') diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index d89d0b0b2..21ae20ea0 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -139,6 +139,9 @@ in boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; + # without it `/nix/store` is not added grub paths + boot.loader.grub.copyKernels = true; + fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; swapDevices = [ -- cgit v1.2.3 From 044320bfe49d822f102daf82b270e20308f9049f Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Sep 2017 23:02:10 +0200 Subject: wolf muell_caller: bump to latest version --- krebs/2configs/shack/muell_caller.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix index 2d8d78e33..7e8d278f6 100644 --- a/krebs/2configs/shack/muell_caller.nix +++ b/krebs/2configs/shack/muell_caller.nix @@ -6,8 +6,8 @@ let name = "muell_caller-2017-06-01"; src = pkgs.fetchgit { url = "https://github.com/shackspace/muell_caller/"; - rev = "bbd4009"; - sha256 = "1bfnfl2vdh0p5wzyz5p48qh04vvsg2445avg86fzhzragx25fqv0"; + rev = "ee4e499"; + sha256 = "0q1v07q633sbqg4wkgf0zya2bnqrikpyjhzp05iwn2vcs8rvsi3k"; }; buildInputs = [ (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ -- cgit v1.2.3 From ab36abc9338b5bf2ffe0b090961ec26be5677663 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 15 Sep 2017 00:08:47 +0200 Subject: withGetopt: init --- krebs/5pkgs/simple/withGetopt.nix | 106 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 106 insertions(+) create mode 100644 krebs/5pkgs/simple/withGetopt.nix (limited to 'krebs') diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix new file mode 100644 index 000000000..fd59adcaf --- /dev/null +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -0,0 +1,106 @@ +with import ; +{ utillinux, writeDash }: + +opt-spec: cmd-spec: let + + cmd = cmd-spec opts; + + cmd-script = + if typeOf cmd == "set" + then "exec ${cmd}" + else cmd; + + opts = mapAttrs (name: value: value // rec { + long = value.long or (replaceStrings ["_"] ["-"] name); + ref = value.ref or "\"\$${varname}\""; + switch = value.switch or false; + varname = value.varname or (replaceStrings ["-"] ["_"] name); + }) opt-spec; + + # true if b requires a to define its default value + opts-before = a: b: + test ".*[$]${stringAsChars (c: "[${c}]") a.varname}\\>.*" (b.default or ""); + + opts-list = let + sort-out = toposort opts-before (attrValues opts); + in + if sort-out ? result + then sort-out.result + else throw "toposort output: ${toJSON sort-out}"; + + wrapper-name = + if typeOf cmd == "set" && cmd ? name + then "${cmd.name}-getopt" + else "getopt-wrapper"; + +in writeDash wrapper-name '' + set -efu + + wrapper_name=${shell.escape wrapper-name} + + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' + unset ${opt.varname} + '') opts)} + + args=$(${utillinux}/bin/getopt \ + -n "$wrapper_name" \ + -o "" \ + -l ${concatMapStringsSep "," + (opt: opt.long + optionalString (!opt.switch) ":") + (attrValues opts)} \ + -s sh \ + -- "$@") + if \test $? != 0; then exit 1; fi + eval set -- "$args" + + while :; do + case $1 in + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' + --${opt.long}) + ${if opt.switch then /* sh */ '' + ${opt.varname}=true + shift + '' else /* sh */ '' + ${opt.varname}=$2 + shift 2 + ''} + ;; + '') opts)} + --) + shift + break + esac + done + + ${concatMapStringsSep "\n" + (opt: /* sh */ '' + if \test "''${${opt.varname}+1}" != 1; then + printf '%s: missing mandatory option '--%s'\n' \ + "$wrapper_name" \ + ${shell.escape opt.long} + error=1 + fi + '') + (filter + (x: ! hasAttr "default" x) + (attrValues opts))} + if test "''${error+1}" = 1; then + exit 1 + fi + + ${concatMapStringsSep "\n" + (opt: /* sh */ '' + if \test "''${${opt.varname}+1}" != 1; then + ${opt.varname}=${opt.default} + fi + '') + (filter + (hasAttr "default") + opts-list)} + + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' + export ${opt.varname} + '') opts)} + + ${cmd-script} +'' -- cgit v1.2.3 From 3416a45b54e092c6b9b24738aa44d3c217982c26 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:32:46 +0200 Subject: withGetopt: pass "$@" to command --- krebs/5pkgs/simple/withGetopt.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix index fd59adcaf..21322b783 100644 --- a/krebs/5pkgs/simple/withGetopt.nix +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -102,5 +102,5 @@ in writeDash wrapper-name '' export ${opt.varname} '') opts)} - ${cmd-script} + ${cmd-script} "$@" '' -- cgit v1.2.3 From 9f85824da25311ec096d748798f49d09519e16aa Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:50:00 +0200 Subject: withGetopt: make long option optional --- krebs/5pkgs/simple/withGetopt.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix index 21322b783..b7bd40126 100644 --- a/krebs/5pkgs/simple/withGetopt.nix +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -45,9 +45,11 @@ in writeDash wrapper-name '' args=$(${utillinux}/bin/getopt \ -n "$wrapper_name" \ -o "" \ - -l ${concatMapStringsSep "," - (opt: opt.long + optionalString (!opt.switch) ":") - (attrValues opts)} \ + -l ${shell.escape + (concatMapStringsSep "," + (opt: opt.long + optionalString (!opt.switch) ":") + (filter (opt: opt.long != null) + (attrValues opts)))} \ -s sh \ -- "$@") if \test $? != 0; then exit 1; fi @@ -65,7 +67,9 @@ in writeDash wrapper-name '' shift 2 ''} ;; - '') opts)} + '') (filterAttrs + (_: opt: opt.long != null) + opts))} --) shift break -- cgit v1.2.3 From ab7e0c879cc0657ea7e25eb95ab89473f38c5507 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:51:07 +0200 Subject: withGetopt: sort getopt arguments --- krebs/5pkgs/simple/withGetopt.nix | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix index b7bd40126..7a19ccd29 100644 --- a/krebs/5pkgs/simple/withGetopt.nix +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -38,18 +38,31 @@ in writeDash wrapper-name '' wrapper_name=${shell.escape wrapper-name} + # TODO + for i in "$@"; do + case $i in + -h|--help) + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' + printf ' %-16s %s\n' \ + --${shell.escape opt.long} \ + ${shell.escape (opt.description or "undocumented flag")} + '') opts)} + exit + esac + done + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' unset ${opt.varname} '') opts)} args=$(${utillinux}/bin/getopt \ - -n "$wrapper_name" \ - -o "" \ -l ${shell.escape (concatMapStringsSep "," (opt: opt.long + optionalString (!opt.switch) ":") (filter (opt: opt.long != null) (attrValues opts)))} \ + -n "$wrapper_name" \ + -o "" \ -s sh \ -- "$@") if \test $? != 0; then exit 1; fi -- cgit v1.2.3 From 16e6046544378bd5cdac73a9099b1d9d22a712cb Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:59:08 +0200 Subject: withGetopt: support short options --- krebs/5pkgs/simple/withGetopt.nix | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix index 7a19ccd29..196e6765a 100644 --- a/krebs/5pkgs/simple/withGetopt.nix +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -13,6 +13,7 @@ opt-spec: cmd-spec: let opts = mapAttrs (name: value: value // rec { long = value.long or (replaceStrings ["_"] ["-"] name); ref = value.ref or "\"\$${varname}\""; + short = value.short or null; switch = value.switch or false; varname = value.varname or (replaceStrings ["-"] ["_"] name); }) opt-spec; @@ -38,19 +39,6 @@ in writeDash wrapper-name '' wrapper_name=${shell.escape wrapper-name} - # TODO - for i in "$@"; do - case $i in - -h|--help) - ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' - printf ' %-16s %s\n' \ - --${shell.escape opt.long} \ - ${shell.escape (opt.description or "undocumented flag")} - '') opts)} - exit - esac - done - ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' unset ${opt.varname} '') opts)} @@ -62,7 +50,11 @@ in writeDash wrapper-name '' (filter (opt: opt.long != null) (attrValues opts)))} \ -n "$wrapper_name" \ - -o "" \ + -o ${shell.escape + (concatMapStringsSep "" + (opt: opt.short + optionalString (!opt.switch) ":") + (filter (opt: opt.short != null) + (attrValues opts)))} \ -s sh \ -- "$@") if \test $? != 0; then exit 1; fi @@ -71,7 +63,10 @@ in writeDash wrapper-name '' while :; do case $1 in ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' - --${opt.long}) + (${concatMapStringsSep "|" shell.escape (filter (x: x != "") [ + (optionalString (opt.long != null) "--${opt.long}") + (optionalString (opt.short != null) "-${opt.short}") + ])}) ${if opt.switch then /* sh */ '' ${opt.varname}=true shift @@ -81,7 +76,7 @@ in writeDash wrapper-name '' ''} ;; '') (filterAttrs - (_: opt: opt.long != null) + (_: opt: opt.long != null || opt.short != null) opts))} --) shift -- cgit v1.2.3 From 94c57badae775cb863b76a6c6cb8c11012cd4f83 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 22:28:36 +0200 Subject: tv cd: RIP, thanks for alots of no fish --- krebs/3modules/tv/default.nix | 46 ------------------------------------------- 1 file changed, 46 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 79fa27bad..e80becfa7 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -32,52 +32,6 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; }; - cd = { - ci = true; - cores = 2; - extraZones = { - # TODO generate krebsco.de zone from nets and don't use extraZones at all - "krebsco.de" = '' - cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} - ''; - }; - nets = { - internet = { - ip4.addr = "45.62.237.203"; - aliases = [ - "cd.i" - "cd.krebsco.de" - ]; - ssh.port = 11423; - }; - retiolum = { - via = config.krebs.hosts.cd.nets.internet; - ip4.addr = "10.243.113.222"; - ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af3"; - aliases = [ - "cd.r" - "cgit.cd.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ - rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4 - e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN - sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v - CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0 - PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V - LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk - DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW - ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK - jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5 - Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6"; - }; ju = { external = true; nets = { -- cgit v1.2.3 From d2c388ce3928764a78e4158162cb64ce3b5e43ce Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 21 Sep 2017 20:59:38 +0200 Subject: iana-etc module: init --- krebs/3modules/default.nix | 1 + krebs/3modules/iana-etc.nix | 55 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 krebs/3modules/iana-etc.nix (limited to 'krebs') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 42df3f053..48cf7971b 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -24,6 +24,7 @@ let ./go.nix ./hidden-ssh.nix ./htgen.nix + ./iana-etc.nix ./iptables.nix ./kapacitor.nix ./monit.nix diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix new file mode 100644 index 000000000..f6d47f27e --- /dev/null +++ b/krebs/3modules/iana-etc.nix @@ -0,0 +1,55 @@ +with import ; +{ config, pkgs, ... }: { + + options.krebs.iana-etc.services = mkOption { + default = {}; + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + port = mkOption { + default = config._module.args.name; + type = types.addCheck types.str (test "[1-9][0-9]*"); + }; + } // genAttrs ["tcp" "udp"] (protocol: mkOption { + default = null; + type = types.nullOr (types.submodule { + options = { + name = mkOption { + type = types.str; + }; + }; + }); + }); + })); + }; + + config.environment.etc = mkIf (config.krebs.iana-etc.services != {}) { + services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} '' + exec < ${pkgs.iana_etc}/etc/services + exec > $out + awk -F '[ /]+' ' + BEGIN { + port=0 + } + ${concatMapStringsSep "\n" (entry: '' + $2 == ${entry.port} { + port=$2 + next + } + port == ${entry.port} { + ${concatMapStringsSep "\n" + (proto: let + s = "${entry.${proto}.name} ${entry.port}/${proto}"; + in + "print ${toJSON s}") + (filter (proto: entry.${proto} != null) ["tcp" "udp"])} + port=0 + } + '') (attrValues config.krebs.iana-etc.services)} + { + print $0 + } + ' + ''); + }; + +} -- cgit v1.2.3 From 457f2f134587e10e386fb76e9d8c571dfe4490ec Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 21 Sep 2017 23:36:34 +0200 Subject: git-preview: init --- krebs/5pkgs/simple/git-preview/default.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 krebs/5pkgs/simple/git-preview/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/simple/git-preview/default.nix b/krebs/5pkgs/simple/git-preview/default.nix new file mode 100644 index 000000000..f20f2a636 --- /dev/null +++ b/krebs/5pkgs/simple/git-preview/default.nix @@ -0,0 +1,15 @@ +{ coreutils, git, stdenv, writeDashBin }: + +writeDashBin "git-preview" '' + PATH=${stdenv.lib.makeBinPath [ + coreutils + git + ]}''${PATH+:$PATH} + hashes=$(git log --format=%h "..$1") + end=$(echo "$hashes" | head -1) + start=$(echo "$hashes" | tail -1) + # exit if no diff was found + test -z "$start" && exit 0 + shift + git diff "$start^..$end" "$@" +'' -- cgit v1.2.3 From ea0b2cca51106bc7e92f36017bb3dc3ecdcc085e Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 22 Sep 2017 00:18:15 +0200 Subject: git-preview: init --- krebs/5pkgs/simple/git-preview.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 krebs/5pkgs/simple/git-preview.nix (limited to 'krebs') diff --git a/krebs/5pkgs/simple/git-preview.nix b/krebs/5pkgs/simple/git-preview.nix new file mode 100644 index 000000000..d6c9579a7 --- /dev/null +++ b/krebs/5pkgs/simple/git-preview.nix @@ -0,0 +1,17 @@ +{ coreutils, git, writeDashBin }: + +writeDashBin "git-preview" '' + set -efu + head_commit=$(${git}/bin/git log -1 --format=%H) + merge_commit=$1; shift + merge_message='Merge for git-preview' + preview_dir=$(${coreutils}/bin/mktemp --tmpdir -d git-preview.XXXXXXXX) + preview_branch=$(${coreutils}/bin/basename "$preview_dir") + ${git}/bin/git worktree add -b "$preview_branch" "$preview_dir" >/dev/null + ${git}/bin/git -C "$preview_dir" checkout "$head_commit" + ${git}/bin/git -C "$preview_dir" merge -m "$merge_message" "$merge_commit" + ${git}/bin/git -C "$preview_dir" diff "$head_commit.." "$@" & + ${git}/bin/git branch -fd "$preview_branch" + ${coreutils}/bin/rm -fR "$preview_dir" + wait +'' -- cgit v1.2.3 From 0701b6ad80beb42ad3c93a4d191a108ff7ae61ee Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 25 Sep 2017 19:17:50 +0200 Subject: l hosts: add eddie & borg (Mic92) --- krebs/3modules/lass/default.nix | 53 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index ce19c0a05..4a1fe5e8f 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -381,6 +381,59 @@ with import ; }; }; }; + eddie = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.29.170"; + ip6.addr = "42:4992:6a6d:700::1"; + aliases = [ "eddie.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d + j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm + 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF + 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua + KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq + iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t + 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD + kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u + hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay + pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ + lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + borg = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.29.171"; + ip6.addr = "42:4992:6a6d:700::2"; + aliases = [ "borg.r" ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0bHZApTM7Hl4qqNakSwq + bt7zJoTVK9ePoC3Mue1VmJ1mCKMaxKdzlO31kPeHtkilAzgyIJdgikyKFlApGsQL + aIuU9h55X7TbikoDD6ghbSrAe3Pgc+sJ3OZ7wO7Qb8CKgJvEbkk/u68YiJgyTjYD + HNjIQzlsGdpoSke9vwC8qWanfgN7c2MMGtakqfXDjYjCgp7O43i+SMupkMSXIXMA + 5XUFh/vVp6xgPxBofcw0uQIyZ5v4PPFjnGPm4rnMbFzbhubntHjDadwGd5Niyw4O + zNNKNchTLfNiuNGqTZeYd0kJ5fNMKykhpSs+ou34MvexvpuyPlFuotnPXN/nOMml + 3nwiqzthzPuBZRLswxT0WvlA8wlbeTOKJ0wTIR4dDuAF+euDtoNocVEN5PJNc7yN + fmwAV6geESoJbZQMSCtAp1NioaBlRPp1pFfoM/GotHywuFrTIxyoIBiYhkpWyQvq + WYw5j13IKqkL7jDchhoBmcardmh+AP5bL3uQ84BgaYNwFzHp04qIRrrdpF0eMaHB + /8zaqsNLn4/zQJB5ffkelwoIqfvLPQeCMLzHGHgP5xUnWgmZZGiiDLvhuaMeNq4U + EpCKoTL178sPOgNfHfd8mEqx0qKYuPrNQEdlpa5xOZqwx56pfYpGWY+KtF2FHLhS + iO64GCJqCi1MKBYx/NhaxKMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; }; users = { lass = { -- cgit v1.2.3 From 1514a6502dfeed739a4752652ca5437222110375 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 26 Sep 2017 00:22:53 +0200 Subject: puyak.r: enable fan control --- krebs/1systems/puyak/config.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 978bd18e0..cca8850fa 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -65,7 +65,12 @@ ''; environment.systemPackages = [ pkgs.zsh ]; - boot.kernelModules = [ "kvm-intel" ]; + boot = { + kernelModules = [ "kvm-intel" ]; + extraModprobeConfig = '' + options thinkpad_acpi fan_control=1 + ''; + } users.users.joerg = { openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ]; isNormalUser = true; -- cgit v1.2.3 From f1d2f346a3c1bf9df0dda32a5b797169dcb88620 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 26 Sep 2017 00:24:30 +0200 Subject: puyak.r: fan speed to 11 --- krebs/1systems/puyak/config.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'krebs') diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index cca8850fa..444bf383c 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -71,6 +71,10 @@ options thinkpad_acpi fan_control=1 ''; } + + system.activationScripts."disengage fancontrol" = '' + echo level disengaged > /proc/acpi/ibm/fan + ''; users.users.joerg = { openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ]; isNormalUser = true; -- cgit v1.2.3 From 39ce46938dda0a6afd57cd11843be5867c7bab66 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 26 Sep 2017 23:21:56 +0200 Subject: l hosts: add inspector (Mic92) --- krebs/3modules/lass/default.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 4a1fe5e8f..4bfbdea41 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -434,6 +434,32 @@ with import ; }; }; }; + inspector = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.29.172"; + ip6.addr = "fd42:4992:6a6d:800::1"; + aliases = [ "inspector.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG + EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ + 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF + m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw + WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd + eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 + OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau + ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x + B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG + q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj + 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { lass = { -- cgit v1.2.3 From 9a393c4fc049a99f42a11812f6094e95d43da905 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 28 Sep 2017 19:36:10 +0200 Subject: l hosts: fix inspector ipv6 (Mic92) --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 4bfbdea41..ca3c8b45b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -440,7 +440,7 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.29.172"; - ip6.addr = "fd42:4992:6a6d:800::1"; + ip6.addr = "42:4992:6a6d:800::1"; aliases = [ "inspector.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From 6dfe071664136790b7d62bf062e090722997372f Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 29 Sep 2017 11:07:07 +0200 Subject: pkgs.weechat: RIP --- krebs/5pkgs/simple/weechat/default.nix | 80 ---------------------------------- 1 file changed, 80 deletions(-) delete mode 100644 krebs/5pkgs/simple/weechat/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/simple/weechat/default.nix b/krebs/5pkgs/simple/weechat/default.nix deleted file mode 100644 index c703ca8bf..000000000 --- a/krebs/5pkgs/simple/weechat/default.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ stdenv, fetchurl, ncurses, openssl, aspell, gnutls -, zlib, curl , pkgconfig, libgcrypt -, cmake, makeWrapper, libiconv -, asciidoctor # manpages -, guileSupport ? true, guile -, luaSupport ? true, lua5 -, perlSupport ? true, perl -, pythonPackages -, rubySupport ? true, ruby -, tclSupport ? true, tcl -, extraBuildInputs ? [] }: - -assert guileSupport -> guile != null; -assert luaSupport -> lua5 != null; -assert perlSupport -> perl != null; -assert rubySupport -> ruby != null; -assert tclSupport -> tcl != null; - -let - inherit (pythonPackages) python pycrypto pync; -in - -stdenv.mkDerivation rec { - version = "1.8"; - name = "weechat-${version}"; - - src = fetchurl { - url = "http://weechat.org/files/src/weechat-${version}.tar.bz2"; - sha256 = "10km0437lg9ms6f16h20s89l2w9f9g597rykybxb16s95ql48z08"; - }; - - outputs = [ "out" "doc" ]; - - enableParallelBuilding = true; - cmakeFlags = with stdenv.lib; [ - "-DENABLE_MAN=ON" - "-DENABLE_DOC=ON" - ] - ++ optionals stdenv.isDarwin ["-DICONV_LIBRARY=${libiconv}/lib/libiconv.dylib" "-DCMAKE_FIND_FRAMEWORK=LAST"] - ++ optional (!guileSupport) "-DENABLE_GUILE=OFF" - ++ optional (!luaSupport) "-DENABLE_LUA=OFF" - ++ optional (!perlSupport) "-DENABLE_PERL=OFF" - ++ optional (!rubySupport) "-DENABLE_RUBY=OFF" - ++ optional (!tclSupport) "-DENABLE_TCL=OFF" - ; - - buildInputs = with stdenv.lib; [ - ncurses python openssl aspell gnutls zlib curl pkgconfig - libgcrypt pycrypto makeWrapper - cmake - asciidoctor - ] - ++ optional guileSupport guile - ++ optional luaSupport lua5 - ++ optional perlSupport perl - ++ optional rubySupport ruby - ++ optional tclSupport tcl - ++ extraBuildInputs; - - NIX_CFLAGS_COMPILE = "-I${python}/include/${python.libPrefix}" - # Fix '_res_9_init: undefined symbol' error - + (stdenv.lib.optionalString stdenv.isDarwin "-DBIND_8_COMPAT=1 -lresolv"); - - postInstall = with stdenv.lib; '' - NIX_PYTHONPATH="$out/lib/${python.libPrefix}/site-packages" - wrapProgram "$out/bin/weechat" \ - ${optionalString perlSupport "--prefix PATH : ${perl}/bin"} \ - --prefix PATH : ${pythonPackages.python}/bin \ - --prefix PYTHONPATH : "$PYTHONPATH" \ - --prefix PYTHONPATH : "$NIX_PYTHONPATH" - ''; - - meta = { - homepage = http://www.weechat.org/; - description = "A fast, light and extensible chat client"; - license = stdenv.lib.licenses.gpl3; - maintainers = with stdenv.lib.maintainers; [ lovek323 garbas the-kenny ]; - platforms = stdenv.lib.platforms.unix; - }; -} -- cgit v1.2.3 From 37951eed3dd7806f73c40c47ec9cd047ad76c15d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 29 Sep 2017 20:05:13 +0200 Subject: hw/x220: enable opengl --- krebs/2configs/hw/x220.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'krebs') diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index c85bac0d4..44743b87d 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -8,6 +8,8 @@ with import ; hardware.cpu.intel.updateMicrocode = true; + hardware.opengl.enable = true; + services.tlp.enable = true; boot = { -- cgit v1.2.3 From 7db4c634fc266d25ac80f2545c6c77d5b4d28708 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:29:26 +0200 Subject: ma latte.r: init --- krebs/3modules/makefu/default.nix | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 6e0e876b8..a34c8cd97 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -78,6 +78,37 @@ with import ; }; }; }; + latte = rec { + ci = true; + cores = 1; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; + nets = { + internet = { + ip4.addr = "185.215.224.160"; + aliases = [ + "latte.i" + ]; + }; + retiolum = { + ip4.addr = "10.243.80.249"; + ip6.addr = "42:ecb0:376:b37d:cf47:1ecf:f32b:a3b9"; + aliases = [ + "latte.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAx70gmNoP4RYeF3ShddEMsbNad9L5ezegwxJTZA7XTfF+/cwr/QwU + 5BL0QXTwBnKzS0gun5NXmhwPzvOdvfczAxtJLk8/NjVHFeE39CiTHGgIxkZFgnbo + r2Rj6jJb89ZPaTr+hl0+0WQQVpl9NI7MTCUimvFBaD6IPmBh5wTySu6mYBs0mqmf + 43RrvS42ieqQJAvVPkIzxxJeTS/M3NXmjbJ3bdx/2Yzd7INdfPkMhOONHcQhTKS4 + GSXJRTytLYZEah8lp8F4ONggN6ixlhlcQAotToFP4s8c+KqYfIZrtP+pRj7W72Y6 + vhnobLDJwBbAsW1RQ6FHcw10TrP2H+haewIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; pnp = { ci = true; @@ -460,6 +491,8 @@ with import ; ''; }; }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr"; }; gum = rec { -- cgit v1.2.3 From deb717fda416de23b32f73180ae4a248990d2a85 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 30 Sep 2017 17:59:44 +0200 Subject: l: add archprism.r --- krebs/3modules/lass/default.nix | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index ca3c8b45b..69cc36346 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -116,6 +116,38 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; }; + archprism = rec { + cores = 4; + nets = rec { + retiolum = { + via = internet; + ip4.addr = "10.243.0.104"; + ip6.addr = "42::fa17"; + aliases = [ + "archprism.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl + kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl + JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I + AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5 + jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j + anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + internet = { + ip4.addr = "213.239.205.240"; + aliases = [ + "archprism.i" + ]; + ssh.port = 45621; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; + }; domsen-nas = { ci = false; external = true; @@ -487,10 +519,14 @@ with import ; fritz = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; }; - prism-repo-sync = { + archprism-repo-sync = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C"; mail = "lass@prism.r"; }; + prism-repo-sync = { + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe"; + mail = "lass@prism.r"; + }; mors-repo-sync = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h"; mail = "lass@mors.r"; -- cgit v1.2.3 From dda93e30e0ab3746841fa851361ddb55f7d24102 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 30 Sep 2017 18:03:58 +0200 Subject: l prism.r: cleanup & adapt to new HW --- krebs/3modules/lass/default.nix | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 69cc36346..364c02d1d 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -83,7 +83,7 @@ with import ; }; nets = rec { internet = { - ip4.addr = "213.239.205.240"; + ip4.addr = "46.4.114.247"; aliases = [ "prism.i" "paste.i" @@ -103,18 +103,34 @@ with import ; ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl - kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl - JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I - AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5 - jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j - anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB + MIIECgKCBAEAtpI0+jz2deUiH18T/+JcRshQi7lq8zlRvaXpvyuxJlYCz+o5cLje + fxrKn67JbDb0cTAiDkI88alHBd8xeq2I6+CY90NT6PNVfsQBFx2v5YXafELXJWlo + rBvPFrR7nt1VzmG/hzkY8RwgC8hC6jRn7cvWWPCkvm2ZnNtYqAjiYMcUcWv6Vn9Z + ytPgkebDF9KpD8bL4vQu9iPZGNZpwncCw/Ix66oyTM6e24j/fTYgp7xn28wVUzUB + wWDH0uMQOxyBGFutEvAQ48XZ+QQxZv+2ZGqWJ+MeXreUPNP5wTxFCQOrkR1EXNio + /jgdHXtU5wVvqPwziukwwnfGJYUUHw7mjdo6ps5rch/aDxs0lahNc2TMbhr3rqgA + BkXVfwDTt8W/PB6Z0Y/djXOlUmQKO39OgZuhsYzqM4Uj17up7CDY77SiQYrV901C + 9CR5oFsAvV+WIMFUBc7ZZGPotJ9nZ2yyLQh+fT3sXuqFpGlyaI2SAm2edZUXKWQ5 + Q6AIyQRPkTNRCDuvXxIMdmOE++tBnyCI/Psn/Qet5gFcSsUMPhto8Yaka4SgJfyu + 3iIojFUzskowLWt6dBOGm5brI/OaKz0gyw5K3Hb4T7Jz+EwoeJfhbdZYA6NIY+qH + TGGl+47ffT+8e+1hvcAnO+bN5Br8WPN3+VD4FQD5yTb6pCFdZuL3QEyoKc9eugDb + g/+rFOsI8bfVeH5zZrl6B6XJBLGeKEECf3zwE2JObO3IuwxATSkahx1jAEy+hFyZ + kPwooGj03tkgVGc2AxgdHbfmNUbSVkO+m+ouBojikSrnFNKRTS/wZ69RVg3tl4qg + 7F4Vs/aMQ9bSWycvRBZQXITPQ1Y6mCEUj2mSKVHmgy/5rqwz2va/Yc1zhUptcINo + 7ztGiEzFMPGagkTs/Ntuqh2VbC/MwTao0BKl+gyCNwrACnNW87X4og2gtG3ukduz + cnSupO84hdTrclthsSEH/rLUauBsuIch58S/F7KCz9hwK45+Btky7Kz4mf/pE451 + k88QfDHw/cTSzlESPnEnthrRnhxn0fW7FRwJpieKm2AmyEEjSiiYt8mUdD3teKj0 + dgYrcGQkCnhmKDawgcw46wstBG/sAKT8qnZPRmlzKpcCS186ffuobQvj42LSmuMu + ToANi5pw2yEfzwLxNG/3whozB9rqwbqV/YAR/mthMxD0IXpLDKXlV1IeD7MfpV8i + jx6SghnkX/s2F7UTOlwJYe/Gl1biLRB8EPnOZKadHR0BRWFd+Qz6pJDp0B13jT3/ + AEPNGXLwVjmdhy2TVec3OGL/CukPEdiW1Urw5lfOc9dacTXjTNTXzod7Ub6s7ZOE + T7Y4dsVeW4OM7NmE/riqS3cG9obGWO7gIQIDAQAB -----END RSA PUBLIC KEY----- ''; }; }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; }; archprism = rec { cores = 4; @@ -145,8 +161,8 @@ with import ; ssh.port = 45621; }; }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; + ssh.privkey.path = ; + ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; }; domsen-nas = { ci = false; -- cgit v1.2.3 From 8bd9894a2af5a0db91c0cb7943a34f60e2252c32 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 30 Sep 2017 18:06:21 +0200 Subject: add new prism.r binary-cache key --- krebs/2configs/binary-cache/prism.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/2configs/binary-cache/prism.nix b/krebs/2configs/binary-cache/prism.nix index 4813eeb0f..46b386e14 100644 --- a/krebs/2configs/binary-cache/prism.nix +++ b/krebs/2configs/binary-cache/prism.nix @@ -7,6 +7,7 @@ ]; binaryCachePublicKeys = [ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + "cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI=" ]; }; } -- cgit v1.2.3 From c159128c2cb4eb247cdbbacbea2aed4961dbc28d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 30 Sep 2017 23:13:49 +0200 Subject: puyak.r: fix syntax --- krebs/1systems/puyak/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 444bf383c..ba578512e 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -70,7 +70,7 @@ extraModprobeConfig = '' options thinkpad_acpi fan_control=1 ''; - } + }; system.activationScripts."disengage fancontrol" = '' echo level disengaged > /proc/acpi/ibm/fan -- cgit v1.2.3 From c404a21d1bd03595292ce28e48f13621a5fcc7fb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Oct 2017 01:32:36 +0200 Subject: puyak.r: merge multiple boot configs --- krebs/1systems/puyak/config.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'krebs') diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index ba578512e..d2664ef84 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -27,6 +27,11 @@ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + + kernelModules = [ "kvm-intel" ]; + extraModprobeConfig = '' + options thinkpad_acpi fan_control=1 + ''; }; fileSystems = { @@ -65,12 +70,6 @@ ''; environment.systemPackages = [ pkgs.zsh ]; - boot = { - kernelModules = [ "kvm-intel" ]; - extraModprobeConfig = '' - options thinkpad_acpi fan_control=1 - ''; - }; system.activationScripts."disengage fancontrol" = '' echo level disengaged > /proc/acpi/ibm/fan -- cgit v1.2.3 From a43efa33f60d36f22f3ea49084d5b7b3ec01828f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Oct 2017 13:01:55 +0200 Subject: htodog.r: add irc.r --- krebs/1systems/hotdog/config.nix | 1 + krebs/3modules/krebs/default.nix | 1 + 2 files changed, 2 insertions(+) (limited to 'krebs') diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 2ad22f49c..7f49f9485 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -12,6 +12,7 @@ + ]; krebs.build.host = config.krebs.hosts.hotdog; diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 2fe3e5115..1e626f0a0 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -74,6 +74,7 @@ in { "build.r" "build.hotdog.r" "cgit.hotdog.r" + "irc.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From 7cdf5705d91e3710ae82bd9cc9843c70130698ce Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Oct 2017 13:41:41 +0200 Subject: #retiolum@ni.r -> #krebs@irc.r --- krebs/2configs/repo-sync.nix | 4 ++-- krebs/3modules/announce-activation.nix | 4 ++-- krebs/3modules/ci.nix | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'krebs') diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index b0b0b2f62..9b60dc552 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -15,8 +15,8 @@ let post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; verbose = false; - channel = "#retiolum"; - server = "ni.r"; + channel = "#krebs"; + server = "irc.r"; branches = [ "master" ]; }; }); diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix index 5a3a788c2..73704ae27 100644 --- a/krebs/3modules/announce-activation.nix +++ b/krebs/3modules/announce-activation.nix @@ -35,7 +35,7 @@ in { irc = { # TODO rename channel to target? channel = mkOption { - default = "#retiolum"; + default = "#krebs"; type = types.str; # TODO types.irc-channel }; nick = mkOption { @@ -47,7 +47,7 @@ in { type = types.int; }; server = mkOption { - default = "ni.r"; + default = "irc.r"; type = types.hostname; }; }; diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index dab87792e..49d5bbc93 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -133,8 +133,8 @@ in irc = { enable = true; nick = "build|${hostname}"; - server = "ni.r"; - channels = [ "retiolum" "noise" ]; + server = "irc.r"; + channels = [ "krebs" "noise" ]; allowForce = true; }; extraConfig = '' -- cgit v1.2.3 From 0fe3f562d7dc66dc4dcf39522fc17ccce6ee30b4 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 1 Oct 2017 14:01:48 +0200 Subject: ma cake.r: init --- krebs/3modules/makefu/default.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index a34c8cd97..d80935683 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -4,6 +4,31 @@ with import ; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { + cake = rec { + cores = 1; + ci = false; + nets = { + retiolum = { + ip4.addr = "10.243.136.236"; + ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee1"; + aliases = [ + "cake.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu + jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+ + MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq + 6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7 + 36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP + MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake"; + }; drop = rec { ci = true; cores = 1; -- cgit v1.2.3 From cf62603b129ff4afad5fac4789ee98d1beddda3b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Oct 2017 14:26:12 +0200 Subject: #krebs@irc.r -> #xxx@irc.r --- krebs/2configs/repo-sync.nix | 2 +- krebs/3modules/announce-activation.nix | 2 +- krebs/3modules/ci.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 9b60dc552..84b7d9c0e 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -15,7 +15,7 @@ let post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; verbose = false; - channel = "#krebs"; + channel = "#xxx"; server = "irc.r"; branches = [ "master" ]; }; diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix index 73704ae27..8f8440eb7 100644 --- a/krebs/3modules/announce-activation.nix +++ b/krebs/3modules/announce-activation.nix @@ -35,7 +35,7 @@ in { irc = { # TODO rename channel to target? channel = mkOption { - default = "#krebs"; + default = "#xxx"; type = types.str; # TODO types.irc-channel }; nick = mkOption { diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 49d5bbc93..adbc1ebe1 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -134,7 +134,7 @@ in enable = true; nick = "build|${hostname}"; server = "irc.r"; - channels = [ "krebs" "noise" ]; + channels = [ "xxx" "noise" ]; allowForce = true; }; extraConfig = '' -- cgit v1.2.3