From 9ea664b63c348a5855299250ec45f622c1404c5d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Oct 2021 12:13:53 +0200 Subject: l coaxmetal.r: use nixos-unstable --- lass/1systems/coaxmetal/source.nix | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 lass/1systems/coaxmetal/source.nix (limited to 'lass/1systems') diff --git a/lass/1systems/coaxmetal/source.nix b/lass/1systems/coaxmetal/source.nix new file mode 100644 index 000000000..0e2628b5b --- /dev/null +++ b/lass/1systems/coaxmetal/source.nix @@ -0,0 +1,4 @@ +{ lib, pkgs, ... }: +{ + nixpkgs.git.ref = lib.mkForce (lib.importJSON ../../../krebs/nixpkgs-unstable.json).rev; +} -- cgit v1.3.1 From d1a55f88766b72769e5f756f8b4724e13e1c6981 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Oct 2021 19:03:02 +0200 Subject: l coaxmetal.r: build with unstable --- lass/1systems/coaxmetal/source.nix | 23 ++++++++++++++++++++--- lass/krops.nix | 2 +- 2 files changed, 21 insertions(+), 4 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/coaxmetal/source.nix b/lass/1systems/coaxmetal/source.nix index 0e2628b5b..7f335ec05 100644 --- a/lass/1systems/coaxmetal/source.nix +++ b/lass/1systems/coaxmetal/source.nix @@ -1,4 +1,21 @@ -{ lib, pkgs, ... }: -{ - nixpkgs.git.ref = lib.mkForce (lib.importJSON ../../../krebs/nixpkgs-unstable.json).rev; +{ lib, pkgs, test, ... }: let + npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; +in { + nixpkgs = lib.mkForce (if test then { derivation = let + rev = npkgs.rev; + sha256 = npkgs.sha256; + in '' + with import (builtins.fetchTarball { + url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; + sha256 = "${sha256}"; + }) {}; + pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = "${rev}"; + sha256 = "${sha256}"; + } + ''; } else { + git.ref = npkgs.rev; + }); } diff --git a/lass/krops.nix b/lass/krops.nix index 128c9ee04..fe5c00f3d 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -24,7 +24,7 @@ }; }; } - (if (lib.pathExists (./. + "/1systems/${name}/source.nix")) && (! test) then + (if lib.pathExists (./. + "/1systems/${name}/source.nix") then import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs test; } else {} -- cgit v1.3.1 From ddac84e9e6eb49805ad244829ea5add7370a7829 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Oct 2021 21:53:26 +0200 Subject: l green.r: make source.nix ci compatible --- lass/1systems/green/source.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix index 48499c9db..cc7617f92 100644 --- a/lass/1systems/green/source.nix +++ b/lass/1systems/green/source.nix @@ -1,5 +1,4 @@ -{ lib, pkgs, ... }: -{ +{ lib, pkgs, test, ... }: +if test then { nixpkgs-unstable = lib.mkForce { file = "/var/empty"; }; - nixpkgs.git.shallow = true; -} +} else {} -- cgit v1.3.1 From bd8baec395d258cf9201ef243d4237f64aaef26b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Oct 2021 22:02:15 +0200 Subject: l blue.r: don't delete nixpkgs-unstable in ci --- lass/1systems/blue/source.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index 2b4158211..2a4e1336b 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -1,5 +1,5 @@ { lib, pkgs, test, ... }: -{ +if test then { nixpkgs = lib.mkIf (! test) (lib.mkForce { file = { path = toString (pkgs.fetchFromGitHub { @@ -14,4 +14,4 @@ nixpkgs-unstable = lib.mkForce { file.path = "/var/empty"; }; -} +} else {} -- cgit v1.3.1 From 3ea4c8f5735cd99d8ede55d67deb51d44795db59 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Oct 2021 22:22:38 +0200 Subject: l: fix test sources --- lass/1systems/blue/source.nix | 4 ++-- lass/1systems/green/source.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index 2a4e1336b..0b2bf5f5b 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -1,5 +1,5 @@ { lib, pkgs, test, ... }: -if test then { +if test then {} else { nixpkgs = lib.mkIf (! test) (lib.mkForce { file = { path = toString (pkgs.fetchFromGitHub { @@ -14,4 +14,4 @@ if test then { nixpkgs-unstable = lib.mkForce { file.path = "/var/empty"; }; -} else {} +} diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix index cc7617f92..da137e064 100644 --- a/lass/1systems/green/source.nix +++ b/lass/1systems/green/source.nix @@ -1,4 +1,4 @@ { lib, pkgs, test, ... }: -if test then { +if test then {} else { nixpkgs-unstable = lib.mkForce { file = "/var/empty"; }; -} else {} +} -- cgit v1.3.1 From f455668ff33d7555f8fe8d02ae9cf1b72cab596c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 24 Oct 2021 11:06:43 +0200 Subject: l: remove red.r morpheus.r uriel.r --- krebs/3modules/lass/default.nix | 97 ------------------------------------- lass/1systems/morpheus/config.nix | 29 ----------- lass/1systems/morpheus/physical.nix | 44 ----------------- lass/1systems/red/config.nix | 28 ----------- lass/1systems/red/physical.nix | 7 --- lass/1systems/uriel/config.nix | 47 ------------------ lass/1systems/uriel/physical.nix | 59 ---------------------- 7 files changed, 311 deletions(-) delete mode 100644 lass/1systems/morpheus/config.nix delete mode 100644 lass/1systems/morpheus/physical.nix delete mode 100644 lass/1systems/red/config.nix delete mode 100644 lass/1systems/red/physical.nix delete mode 100644 lass/1systems/uriel/config.nix delete mode 100644 lass/1systems/uriel/physical.nix (limited to 'lass/1systems') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3419d806c..428691841 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -122,33 +122,6 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU"; }; - uriel = { - monitoring = false; - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.81.176"; - ip6.addr = r6 "1e1"; - aliases = [ - "uriel.r" - ]; - tinc.port = 0; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAzw0pvoEmqeqiZrzSOPH0IT99gr1rrvMZbvabXoU4MAiVgGoGrkmR - duJkk8Fj12ftMc+Of1gnwDkFhRcfAKOeH1RSc4CTircWVq99WyecTwEZoaR/goQb - MND022kIBoG6NQNxv1Y5I1B/h7hfloMFEPym9oFtOAXoGhBY2vVl4g64NNz+RLME - m1RipLXKANAh6LRNPGPQCUYX4TVY2ZJVxM3CM1XdomUAdOYXJmWFyUg9NcIKaacx - uRrmuy7J9yFBcihZX5Y7NV361kINrpRmZYxJRf9cr0hb5EkJJ7bMIKQMEFQ5RnYo - u7MPGKD7aNHa6hLLCeIfJ5u0igVmSLh3pwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBryIo/Waw8SWvlQ0+5I+Bd/dJgcMd6iPXtELS6gQXoc"; - secure = true; - }; mors = { cores = 2; nets = { @@ -418,38 +391,6 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; syncthing.id = "EA76ZHP-DF2I3CJ-NNTFEUH-YGPQK5S-T7FQ6JA-BNQQUNC-GF2YL46-CKOZCQM"; }; - red = { - monitoring = false; - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.0.13"; - ip6.addr = r6 "12ed"; - aliases = [ - "red.r" - ]; - tinc.port = 0; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG - 4/cqsjvHlffAN8jYDq+GImgREvbiLlFhhHgxwKh0gcDTR8P1xX/00P3/fx/g5bRF - Te7LZT2AFmVFFFfx1n9NBweN/gG2/hzB9J8epbWLNT+RzpzHuAoREvDZ+jweSXaI - phdmQY2s36yrR3TAShqq0q4cwlXuHT00J+InDutM0mTftBQG/fvYkBhHOfq4WSY0 - FeMK7DTKNbsqQiKKQ/kvWi7KfTW0F0c7SDpi7BLwbQzP2WbogtGy9MIrw9ZhE6Ox - TVdAksPKw0TlYdb16X/MkbzBqTYbxFlmWzpMJABMxIVwAfQx3ZGYvJDdDXmQS2qa - mDN2xBb/5pj3fbfp4wbwWlRVSd/AJQtRvaNY24F+UsRJb0WinIguDI6oRZx7Xt8w - oYirKqqq1leb3EYUt8TMIXQsOw0/Iq+JJCwB+ZyLLGVNB19XOxdR3RN1JYeZANpE - cMSS3SdFGgZ//ZAdhIN5kw9yMeKo6Rnt+Vdz3vZWTuSVp/xYO3IMGXNGAdIWIwrJ - 7fwSl/rfXGG816h0sD46U0mxd+i68YOtHlzOKe+vMZ4/FJZYd/E5/IDQluV8HLwa - 5lODfZXUmfStdV+GDA9KVEGUP5xSkC3rMnir66NgHzKpIL002/g/HfGu7O3MrvpW - ng7AMvRv5vbsYcJBj2HUhKUCAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp"; - }; yellow = { cores = 1; nets = { @@ -583,44 +524,6 @@ in { ci = false; syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ"; }; - morpheus = { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.0.19"; - ip6.addr = r6 "012f"; - aliases = [ - "morpheus.r" - ]; - tinc.port = 0; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY - T7yWiKaUuBJThWged9PdPltLUEMmv+ubQqpWHZq442VWSS36r1yMSGpUeKK+oYMN - /Sfu+1yC4m2uXno95wpJZIcDfbbn26jT6ldJ4Yd97zyrXKljvcdrz3wZzQq0tojh - S5Q59x/aQMJbnQpnlFnMIEVgULuFPW16+vPGsXIPdYNggaF1avcBaFl8i3M0EZVz - Swn4hArDynDJhR7M0QdlwOpOh7O+1iOnmXqqei3LxMVHb+YtzfHgxOPxggUsy7CR - bj9uBR9loGwgmZwaxXd1Vfbw8kn/feOb9FcW73u+SZyzwEA9HFRV0jGQe3P9mGfI - Bwe02DOTVXEB8jTAGCw5T3bXLIOX8kqdlCECuAWFfrt8H+GjZDuGUWRcMn32orMz - sMvkab95ZOHK6Q31mrhILOIOdyZWKPZIabL3HF6CZtu52h6MDHbmGS0w0OJYhj2+ - VnT9ZBoaeooVg8QOE43rCXvmL5vzhLKrj4s/53wTGG5SpzLs9Q9rrJVgAnz4YQ7j - 3Ov5q3Zxyr+vO6O7Pb5X49vCQw/jzK41S0/15GEmKcoxXemzeZCpX1mbeeTUtLvA - U7OJwldrElzictBJ1gT94L4BDvoGZVqAkXJCJPamfsWaiw6SsMqtTfECAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - wiregrill = { - ip6.addr = w6 "012f"; - aliases = [ - "morpheus.w" - ]; - wireguard.pubkey = "BdiIHJjJQThmZD8DehxPGA+bboBHjljedwaRaV5yyDY="; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f "; - syncthing.id = "JS4RFIL-MJP2SMJ-EOQXCPQ-MC3NB4V-BQ77GN5-LPKGLWY-GHDP732-G22OJQQ"; - }; hilum = { cores = 1; nets = { diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix deleted file mode 100644 index 79d4f528d..000000000 --- a/lass/1systems/morpheus/config.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, pkgs, ... }: -with import ; -{ - imports = [ - - - - - - ]; - - krebs.build.host = config.krebs.hosts.morpheus; - - networking.wireless.enable = false; - networking.networkmanager.enable = true; - - services.logind.lidSwitch = "ignore"; - services.logind.lidSwitchDocked = "ignore"; - - environment.systemPackages = with pkgs; [ - gitAndTools.hub - nix-review - firefox - ag - ]; - - services.openssh.forwardX11 = true; - programs.x2goserver.enable = true; -} diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix deleted file mode 100644 index 6e59a2273..000000000 --- a/lass/1systems/morpheus/physical.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - imports = [ - ./config.nix - - ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.efiSupport = true; - boot.loader.grub.efiInstallAsRemovable = true; - boot.loader.grub.device = "nodev"; - - networking.hostId = "06442b9a"; - - fileSystems."/" = { - device = "/dev/pool/root"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/1F60-17C6"; - fsType = "vfat"; - }; - - fileSystems."/home" = { - device = "/dev/pool/home"; - fsType = "btrfs"; - }; - - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - devices.luksroot.device = "/dev/nvme0n1p3"; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0" - ''; -} diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix deleted file mode 100644 index 3139e94a2..000000000 --- a/lass/1systems/red/config.nix +++ /dev/null @@ -1,28 +0,0 @@ -with import ; -{ config, lib, pkgs, ... }: -let - inherit (import {inherit lib pkgs;}) - servephpBB - ; -in -{ - imports = [ - - - - - - (servephpBB [ "rote-allez-fraktion.de" ]) - ]; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } - ]; - - krebs.build.host = config.krebs.hosts.red; - - services.nginx.enable = true; - environment.systemPackages = [ - pkgs.mk_sql_pair - ]; -} diff --git a/lass/1systems/red/physical.nix b/lass/1systems/red/physical.nix deleted file mode 100644 index b6aa3a894..000000000 --- a/lass/1systems/red/physical.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./config.nix - ]; - boot.isContainer = true; - networking.useDHCP = false; -} diff --git a/lass/1systems/uriel/config.nix b/lass/1systems/uriel/config.nix deleted file mode 100644 index c3ce8fced..000000000 --- a/lass/1systems/uriel/config.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ config, pkgs, ... }: - -with builtins; -with import ; -{ - imports = [ - - - - { - # locke config - i18n.defaultLocale ="de_DE.UTF-8"; - time.timeZone = "Europe/Berlin"; - services.xserver.enable = true; - services.xserver.libinput.enable = false; - users.users.locke = { - uid = genid "locke"; - home = "/home/locke"; - group = "users"; - createHome = true; - extraGroups = [ - "audio" - "networkmanager" - ]; - useDefaultShell = true; - isNormalUser = true; - }; - networking.networkmanager.enable = true; - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - environment.systemPackages = with pkgs; [ - pavucontrol - firefox - hexchat - networkmanagerapplet - ]; - services.xserver.desktopManager.xfce = { - enable = true; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.uriel; - nixpkgs.config.allowUnfree = true; -} diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix deleted file mode 100644 index 82a088643..000000000 --- a/lass/1systems/uriel/physical.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ - imports = [ - ./config.nix - ]; - - hardware.enableRedistributableFirmware = true; - boot = { - #kernelParams = [ - # "acpi.brightness_switch_enabled=0" - #]; - #loader.grub.enable = true; - #loader.grub.version = 2; - #loader.grub.device = "/dev/sda"; - - loader.systemd-boot.enable = true; - loader.timeout = 5; - - initrd.luks.devices.luksroot.device = "/dev/sda2"; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; - }; - fileSystems = { - "/" = { - device = "/dev/pool/root"; - fsType = "ext4"; - }; - - "/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/sda1"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" - ''; - - services.xserver.synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - additionalOptions = '' - Option "FingerHigh" "60" - Option "FingerLow" "60" - ''; - }; -} -- cgit v1.3.1 From 4c15270e18861dd84036d776dd3143a74f7ea9b2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 24 Oct 2021 16:54:23 +0200 Subject: l prism.r: remove ts3 server --- lass/1systems/prism/config.nix | 1 - lass/2configs/ts3.nix | 19 ------------------- 2 files changed, 20 deletions(-) delete mode 100644 lass/2configs/ts3.nix (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d43fb804a..356b8d182 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -112,7 +112,6 @@ with import ; }; } - diff --git a/lass/2configs/ts3.nix b/lass/2configs/ts3.nix deleted file mode 100644 index d0cfdf478..000000000 --- a/lass/2configs/ts3.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, ... }: - -{ - services.teamspeak3 = { - enable = true; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - #voice port - { predicate = "-p tcp --dport 9987"; target = "ACCEPT"; } - { predicate = "-p udp --dport 9987"; target = "ACCEPT"; } - ##file transfer port - { predicate = "-p tcp --dport 30033"; target = "ACCEPT"; } - { predicate = "-p udp --dport 30033"; target = "ACCEPT"; } - ##query port - #{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; } - #{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; } - ]; -} -- cgit v1.3.1 From 566951d3f0aa9fcc64df3ef5d7bf1fcf0eff04ab Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 24 Oct 2021 16:58:08 +0200 Subject: l prism.r: fix mdmonitor service error --- lass/1systems/prism/config.nix | 10 --------- lass/1systems/prism/physical.nix | 6 ++++++ lass/2configs/bepasty.nix | 44 ---------------------------------------- 3 files changed, 6 insertions(+), 54 deletions(-) delete mode 100644 lass/2configs/bepasty.nix (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 356b8d182..45f9ae00e 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -123,16 +123,6 @@ with import ; - { # quasi bepasty.nix - imports = [ - - ]; - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { - return 403; - } - ''; - } { services.tor = { enable = true; diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 1a3bee850..26ecd1cda 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -65,6 +65,12 @@ fsType = "ext4"; }; + # silence mdmonitor.service failures + # https://github.com/NixOS/nixpkgs/issues/72394 + environment.etc."mdadm.conf".text = '' + MAILADDR root + ''; + nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix deleted file mode 100644 index 9bd416c05..000000000 --- a/lass/2configs/bepasty.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ config, pkgs, ... }: -with import ; - -# secrets used: -# wildcard.krebsco.de.crt -# wildcard.krebsco.de.key -# bepasty-secret.nix <- contains single string - -with import ; -let - secKey = import ; - ext-doms = [ - "paste.lassul.us" - "paste.krebsco.de" - ]; -in { - - services.nginx.enable = mkDefault true; - krebs.bepasty = { - enable = true; - serveNginx= true; - - servers = { - "paste.r" = { - nginx = { - serverAliases = [ - "paste.${config.krebs.build.host.name}" - "paste.r" - ]; - }; - defaultPermissions = "admin,list,create,read,delete"; - secretKey = secKey; - }; - } // - genAttrs ext-doms (ext-dom: { - nginx = { - forceSSL = true; - enableACME = true; - }; - defaultPermissions = "read,create"; - secretKey = secKey; - }); - }; -} -- cgit v1.3.1 From ee50871bd10676e26b280084417bcbc9963ffe70 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 24 Oct 2021 20:34:17 +0200 Subject: l coaxmetal.r: force only git.ref --- lass/1systems/coaxmetal/source.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/coaxmetal/source.nix b/lass/1systems/coaxmetal/source.nix index 7f335ec05..abbf26c75 100644 --- a/lass/1systems/coaxmetal/source.nix +++ b/lass/1systems/coaxmetal/source.nix @@ -1,7 +1,7 @@ { lib, pkgs, test, ... }: let npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; in { - nixpkgs = lib.mkForce (if test then { derivation = let + nixpkgs = (if test then lib.mkForce ({ derivation = let rev = npkgs.rev; sha256 = npkgs.sha256; in '' @@ -15,7 +15,7 @@ in { rev = "${rev}"; sha256 = "${sha256}"; } - ''; } else { - git.ref = npkgs.rev; + ''; }) else { + git.ref = lib.mkForce npkgs.rev; }); } -- cgit v1.3.1 From ff39fb0d1f436e1587c71ffa1feb462fd4d784e6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 24 Oct 2021 21:35:54 +0200 Subject: l echelon.r: import green-host --- lass/1systems/coaxmetal/config.nix | 2 +- lass/1systems/echelon/config.nix | 3 +++ lass/2configs/prism-mounts/samba.nix | 15 +++++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 lass/2configs/prism-mounts/samba.nix (limited to 'lass/1systems') diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix index 227c5e1e9..0e6bddf5e 100644 --- a/lass/1systems/coaxmetal/config.nix +++ b/lass/1systems/coaxmetal/config.nix @@ -16,7 +16,7 @@ - # + diff --git a/lass/1systems/echelon/config.nix b/lass/1systems/echelon/config.nix index 9e72916b3..eacdff782 100644 --- a/lass/1systems/echelon/config.nix +++ b/lass/1systems/echelon/config.nix @@ -5,10 +5,13 @@ + + ]; krebs.build.host = config.krebs.hosts.echelon; boot.tmpOnTmpfs = true; + } diff --git a/lass/2configs/prism-mounts/samba.nix b/lass/2configs/prism-mounts/samba.nix new file mode 100644 index 000000000..4b1475ef3 --- /dev/null +++ b/lass/2configs/prism-mounts/samba.nix @@ -0,0 +1,15 @@ +{ + fileSystems."/mnt/prism" = { + device = "//prism.r/public"; + fsType = "cifs"; + options = [ + "guest" + "nofail" + "noauto" + "ro" + "x-systemd.automount" + "x-systemd.device-timeout=1" + "x-systemd.idle-timeout=1min" + ]; + }; + } -- cgit v1.3.1 From 3a7c33394328108cc9159de89367a90701fcbc80 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 25 Oct 2021 19:52:54 +0200 Subject: l green.r: add brain repo --- lass/1systems/green/config.nix | 9 +++++++ lass/2configs/git-brain.nix | 57 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 lass/2configs/git-brain.nix (limited to 'lass/1systems') diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index d7bf62b40..b41e396c9 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -17,6 +17,8 @@ with import ; + + ]; krebs.build.host = config.krebs.hosts.green; @@ -68,6 +70,13 @@ with import ; ]; clearTarget = true; }; + "/var/lib/git" = { + source = "/var/state/git"; + options = [ + "-M ${toString config.users.users.git.uid}" + ]; + clearTarget = true; + }; }; systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" '' diff --git a/lass/2configs/git-brain.nix b/lass/2configs/git-brain.nix new file mode 100644 index 000000000..1c6f92fcd --- /dev/null +++ b/lass/2configs/git-brain.nix @@ -0,0 +1,57 @@ +{ config, lib, pkgs, ... }: +with import ; +let + + repos = krebs-repos; + rules = concatMap krebs-rules (attrValues krebs-repos); + + krebs-repos = mapAttrs make-krebs-repo { + brain = { }; + krebs-secrets = { }; + }; + + + make-krebs-repo = with git; name: { cgit ? {}, ... }: { + inherit cgit name; + public = false; + hooks = { + post-receive = pkgs.git-hooks.irc-announce { + nick = config.networking.hostName; + verbose = true; + channel = "#xxx"; + # TODO remove the hardcoded hostname + server = "irc.r"; + }; + }; + }; + + + + # TODO: get the list of all krebsministers + krebsminister = with config.krebs.users; [ makefu tv ]; + krebs-rules = repo: + set-owners repo [ config.krebs.users.lass ] ++ set-ro-access repo krebsminister; + + set-ro-access = with git; repo: user: + singleton { + inherit user; + repo = [ repo ]; + perm = fetch; + }; + + set-owners = with git;repo: user: + singleton { + inherit user; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + }; + +in { + krebs.git = { + enable = true; + cgit = { + enable = false; + }; + inherit repos rules; + }; +} -- cgit v1.3.1 From 4dea6681b4726a749e4cfc56c45f289a9cfdcf37 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 5 Nov 2021 14:07:22 +0100 Subject: l mors.r: use unstable --- lass/1systems/mors/source.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 lass/1systems/mors/source.nix (limited to 'lass/1systems') diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix new file mode 100644 index 000000000..abbf26c75 --- /dev/null +++ b/lass/1systems/mors/source.nix @@ -0,0 +1,21 @@ +{ lib, pkgs, test, ... }: let + npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json; +in { + nixpkgs = (if test then lib.mkForce ({ derivation = let + rev = npkgs.rev; + sha256 = npkgs.sha256; + in '' + with import (builtins.fetchTarball { + url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; + sha256 = "${sha256}"; + }) {}; + pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = "${rev}"; + sha256 = "${sha256}"; + } + ''; }) else { + git.ref = lib.mkForce npkgs.rev; + }); +} -- cgit v1.3.1 From b244950e5d0b7ce3ebaf4f63a00f93abab46a893 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 14 Nov 2021 17:13:08 +0100 Subject: l mors.r: remove deprecated restic setup --- lass/1systems/mors/config.nix | 29 ----------------------------- 1 file changed, 29 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 95b688590..88ac90de4 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -183,35 +183,6 @@ with import ; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; - lass.restic = genAttrs [ - "daedalus" - "icarus" - "littleT" - "prism" - "shodan" - "skynet" - ] (dest: { - dirs = [ - "/home/lass/src" - "/home/lass/work" - "/home/lass/.gnupg" - "/home/lass/Maildir" - "/home/lass/stockholm" - "/home/lass/.password-store" - "/home/bitcoin" - "/home/bch" - ]; - passwordFile = (toString ) + "/restic/${dest}"; - repo = "sftp:backup@${dest}.r:/backups/mors"; - #sshPrivateKey = config.krebs.build.host.ssh.privkey.path; - extraArguments = [ - "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - ]; - timerConfig = { - OnCalendar = "00:05"; - RandomizedDelaySec = "5h"; - }; - }); virtualisation.libvirtd.enable = true; services.earlyoom = { -- cgit v1.3.1