From 58f37bde831877e467646d283b88c17251b84b7c Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 24 Dec 2015 20:51:58 +0100 Subject: m 1 gum: enable urlwatch service --- makefu/1systems/gum.nix | 3 +++ makefu/1systems/pnp.nix | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 417a020fa..93fb3dc3a 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -15,6 +15,9 @@ in { ../2configs/git/cgit-retiolum.nix ../2configs/mattermost-docker.nix ../2configs/nginx/euer.test.nix + + ../2configs/exim-retiolum.nix + ../2configs/urlwatch.nix ]; diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index 161bfa3e9..a1b73c0c9 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -28,9 +28,6 @@ ../2configs/Reaktor/titlebot.nix ../2configs/Reaktor/shack-correct.nix - ../2configs/exim-retiolum.nix - ../2configs/urlwatch.nix - # ../2configs/graphite-standalone.nix ]; krebs.urlwatch.verbose = true; -- cgit v1.2.3 From 7bed1761bdbfc3fc7e2df56dcf069511eec2a97d Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 26 Dec 2015 11:41:41 +0100 Subject: m 3 Reaktor: now supports plugin infra see m/1/pornocauster --- makefu/1systems/pornocauster.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 28b77d330..690e26b36 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -26,6 +26,7 @@ # services ../2configs/git/brain-retiolum.nix ../2configs/tor.nix + # ../2configs/buildbot-standalone.nix # hardware specifics are in here ../2configs/hw/tp-x220.nix @@ -36,14 +37,14 @@ ]; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; - buildbot = let - pkgs1509 = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; - in pkgs1509.buildbot; }; - makefu.buildbot.master.enable = true; - #krebs.Reaktor.enable = true; - #krebs.Reaktor.nickname = "makefu|r"; + krebs.Reaktor = { + enable = true; + nickname = "makefu|r"; + plugins = with pkgs.ReaktorPlugins; [ nixos-version random-emoji ]; + }; + # nix.binaryCaches = [ "http://acng.shack/nixos" "https://cache.nixos.org" ]; environment.systemPackages = with pkgs;[ -- cgit v1.2.3 From 4b6cd401a85cdc7aab150208cc5310645a7e59e2 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 29 Dec 2015 21:20:36 +0100 Subject: m 1 gum: add smart monitor --- makefu/1systems/gum.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 93fb3dc3a..1907424ec 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -6,11 +6,11 @@ let internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; in { imports = [ - # TODO: copy this config or move to krebs ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix ../2configs/fs/simple-swap.nix ../2configs/fs/single-partition-ext4.nix + ../2configs/smart-monitor.nix # ../2configs/iodined.nix ../2configs/git/cgit-retiolum.nix ../2configs/mattermost-docker.nix @@ -18,6 +18,7 @@ in { ../2configs/exim-retiolum.nix ../2configs/urlwatch.nix + ]; -- cgit v1.2.3 From c962e8549e968fd15d4f15b4d184e86e1cd7ed04 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 30 Dec 2015 11:29:28 +0100 Subject: k 3 Reaktor: add channels Option --- makefu/1systems/wry.nix | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index cd2b3f657..3bdf053db 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -18,8 +18,6 @@ in { ../2configs/iodined.nix - # Reaktor - ../2configs/Reaktor/simpleExtend.nix # other nginx ../2configs/nginx/euer.wiki.nix @@ -29,9 +27,22 @@ in { # collectd ../2configs/collectd/collectd-base.nix ]; + krebs.build.host = config.krebs.hosts.wry; - krebs.Reaktor.enable = true; + krebs.Reaktor = { + nickname = "Reaktor|bot"; + channels = [ "#krebs_test" ]; + enable = true; + debug = true; + plugins = with pkgs.ReaktorPlugins;[ + titlebot + # stockholm-issue + nixos-version + shack-correct + sed-plugin + random-emoji ]; + }; # bepasty to listen only on the correct interfaces krebs.bepasty.servers.internal.nginx.listen = [ "${internal-ip}:80" ]; @@ -59,11 +70,11 @@ in { }; networking = { - firewall = { + firewall = { allowPing = true; logRefusedConnections = false; allowedTCPPorts = [ 53 80 443 ]; - allowedUDPPorts = [ 655 ]; + allowedUDPPorts = [ 655 53 ]; }; interfaces.enp2s1.ip4 = [{ address = external-ip; -- cgit v1.2.3 From f7894c29dbfb8404aeb9f4d387942fd638434a22 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 30 Dec 2015 11:53:48 +0100 Subject: m 1 wry: update Reaktor config --- makefu/1systems/wry.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 3bdf053db..f022311c9 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -32,9 +32,8 @@ in { krebs.Reaktor = { nickname = "Reaktor|bot"; - channels = [ "#krebs_test" ]; + channels = [ "#krebs" "#shackspace" "#binaergewitter" ]; enable = true; - debug = true; plugins = with pkgs.ReaktorPlugins;[ titlebot # stockholm-issue -- cgit v1.2.3 From 6fb2bff38742607dda99e24ebb40466839e44a16 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 2 Jan 2016 21:22:00 +0100 Subject: ma 1 filepimp: add missing kernel modules pata_atiixp is required for booting sata --- makefu/1systems/filepimp.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix index 66ea2ce90..1e9ee5031 100644 --- a/makefu/1systems/filepimp.nix +++ b/makefu/1systems/filepimp.nix @@ -17,15 +17,15 @@ loader.grub.device = "/dev/sda"; initrd.availableKernelModules = [ - "usb_storage" "ahci" - "xhci_hcd" - "ata_piix" - "uhci_hcd" + "ohci_pci" "ehci_pci" + "pata_atiixp" + "usb_storage" + "usbhid" ]; - kernelModules = [ ]; + kernelModules = [ "kvm-amd" ]; extraModulePackages = [ ]; }; -- cgit v1.2.3 From 98848a9fffc8f4a2f456770654648f04bf92d5e2 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Jan 2016 06:07:35 +0100 Subject: ma 1 omo: actually build the host --- makefu/1systems/omo.nix | 48 ++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 40 insertions(+), 8 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 6ae79398a..08923d1c2 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -6,32 +6,64 @@ { imports = - [ # Include the results of the hardware scan. + [ + # TODO: unlock home partition via ssh ../2configs/fs/single-partition-ext4.nix ../2configs/tinc-basic-retiolum.nix + ../2configs/zsh-user.nix ../2configs/exim-retiolum.nix + ../2configs/smart-monitor.nix ]; krebs.build.host = config.krebs.hosts.omo; + services.smartd.devices = [ + { device = "/dev/sda"; } + { device = "/dev/sdb"; } + { device = "/dev/sdc"; } + { device = "/dev/sdd"; } + { device = "/dev/sde"; } + ]; # AMD E350 + fileSystems."/home" = { + device = "/dev/mapper/home"; + fsType = "ext4"; + }; + powerManagement.powerUpCommands = '' + for i in a b c d e f g h i;do + ${pkgs.hdparm}/sbin/hdparm -S 100 /dev/sd$i + ${pkgs.hdparm}/sbin/hdparm -B 127 /dev/sd$i + ${pkgs.hdparm}/sbin/hdparm -y /dev/sd$i + ''; boot = { - loader.grub.device = "/dev/sda"; + initrd.luks = { + devices = [ + { name = "home"; + device = "/dev/disk/by-uuid/85bff22e-dcbb-4246-b030-faf6c1782995"; + keyFileSize = 4096; + keyFile = "/dev/disk/by-id/usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; } + ]; + }; + loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; initrd.availableKernelModules = [ - "usb_storage" "ahci" - "xhci_hcd" - "ata_piix" - "uhci_hcd" + "ohci_pci" "ehci_pci" + "pata_atiixp" + "firewire_ohci" + "usb_storage" + "usbhid" ]; - kernelModules = [ ]; + kernelModules = [ "kvm-amd" ]; extraModulePackages = [ ]; }; + networking.firewall.allowedUDPPorts = [ 655 ]; hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; - networking.firewall.allowPing = true; + #zramSwap.enable = true; + zramSwap.numDevices = 2; + } -- cgit v1.2.3 From 757953e551d157b42c06f50e6592cbb3ee64747e Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Jan 2016 06:08:01 +0100 Subject: ma 1 filepimp: prepare raid --- makefu/1systems/filepimp.nix | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix index 1e9ee5031..2d008cee6 100644 --- a/makefu/1systems/filepimp.nix +++ b/makefu/1systems/filepimp.nix @@ -9,12 +9,19 @@ [ # Include the results of the hardware scan. ../2configs/fs/single-partition-ext4.nix ../2configs/tinc-basic-retiolum.nix + ../2configs/smart-monitor.nix ]; krebs.build.host = config.krebs.hosts.filepimp; - + services.smartd.devices = [ + { device = "/dev/sda"; } + { device = "/dev/sdb"; } + { device = "/dev/sdc"; } + { device = "/dev/sdd"; } + { device = "/dev/sde"; } + ]; # AMD N54L boot = { - loader.grub.device = "/dev/sda"; + loader.grub.device = "/dev/sde"; initrd.availableKernelModules = [ "ahci" @@ -28,9 +35,9 @@ kernelModules = [ "kvm-amd" ]; extraModulePackages = [ ]; }; - hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; - networking.firewall.allowPing = true; + zramSwap.enable = true; + zramSwap.numDevices = 2; } -- cgit v1.2.3 From 6cb83cd17413be412836041d8235793ff53e66f5 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 3 Jan 2016 23:07:55 +0100 Subject: m 1 omo: act as mail client --- makefu/1systems/omo.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu/1systems') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 08923d1c2..d7d3dba00 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -13,6 +13,7 @@ ../2configs/zsh-user.nix ../2configs/exim-retiolum.nix ../2configs/smart-monitor.nix + ../2configs/mail-client.nix ]; krebs.build.host = config.krebs.hosts.omo; services.smartd.devices = [ -- cgit v1.2.3 From d73c8df6e4246f34e7a98091bc3c7dab9f90fdde Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 5 Jan 2016 16:07:13 +0100 Subject: k 5 snapraid: is part of upstream --- makefu/1systems/omo.nix | 49 ++++++++++++++++++++++++++++--------------------- 1 file changed, 28 insertions(+), 21 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index d7d3dba00..65a25a2a1 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -2,9 +2,18 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, ... }: - -{ +{ config, pkgs, lib, ... }: +let + byid = dev: "/dev/disk/by-id/" + dev; + keyFile = "/dev/disk/by-id/usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; + rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; + homePartition = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN-part3"; + cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; + cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; + cryptDisk2 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WCAZA5548487"; + # all physical disks + allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk2 ]; +in { imports = [ # TODO: unlock home partition via ssh @@ -16,35 +25,33 @@ ../2configs/mail-client.nix ]; krebs.build.host = config.krebs.hosts.omo; - services.smartd.devices = [ - { device = "/dev/sda"; } - { device = "/dev/sdb"; } - { device = "/dev/sdc"; } - { device = "/dev/sdd"; } - { device = "/dev/sde"; } - ]; + services.smartd.devices = builtins.map (x: { device = x; }) allDisks; # AMD E350 fileSystems."/home" = { device = "/dev/mapper/home"; fsType = "ext4"; }; - powerManagement.powerUpCommands = '' - for i in a b c d e f g h i;do - ${pkgs.hdparm}/sbin/hdparm -S 100 /dev/sd$i - ${pkgs.hdparm}/sbin/hdparm -B 127 /dev/sd$i - ${pkgs.hdparm}/sbin/hdparm -y /dev/sd$i - ''; + powerManagement.powerUpCommands = lib.concatStrings (map (disk: '' + ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk} + ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} + ${pkgs.hdparm}/sbin/hdparm -y ${disk} + '') allDisks); boot = { initrd.luks = { - devices = [ - { name = "home"; - device = "/dev/disk/by-uuid/85bff22e-dcbb-4246-b030-faf6c1782995"; + devices = let + usbkey = name: device: { + inherit name device keyFile; keyFileSize = 4096; - keyFile = "/dev/disk/by-id/usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; } + }; + in [ + (usbkey "home" homePartition) + (usbkey "crypt0" cryptDisk0) + (usbkey "crypt1" cryptDisk1) + (usbkey "crypt2" cryptDisk2) ]; }; - loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; + loader.grub.device = rootDisk; initrd.availableKernelModules = [ "ahci" -- cgit v1.2.3 From 719b8fb7a8b9b4992200c222b37bd9a6744c25ec Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 5 Jan 2016 16:21:01 +0100 Subject: ma 3 snapraid: init, configuration for omo --- makefu/1systems/omo.nix | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 65a25a2a1..e19205a95 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -8,6 +8,10 @@ let keyFile = "/dev/disk/by-id/usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; homePartition = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN-part3"; + # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 + # cryptsetup luksAddKey $dev tmpkey + # cryptsetup luksOpen $dev crypt0 + # mkfs.xfs /dev/mapper/crypt0 -L crypt0 cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; cryptDisk2 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WCAZA5548487"; @@ -23,15 +27,30 @@ in { ../2configs/exim-retiolum.nix ../2configs/smart-monitor.nix ../2configs/mail-client.nix + ../3modules ]; krebs.build.host = config.krebs.hosts.omo; services.smartd.devices = builtins.map (x: { device = x; }) allDisks; - - # AMD E350 - fileSystems."/home" = { - device = "/dev/mapper/home"; - fsType = "ext4"; + makefu.snapraid = let + toMapper = id: "/media/crypt${builtins.toString id}"; + in { + enable = true; + disks = map toMapper [ 0 1 ]; + parity = toMapper 2; }; + # AMD E350 + fileSystems = let + cryptMount = name: + { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; + in { + "/home" = { + device = "/dev/mapper/home"; + fsType = "ext4"; + }; + } // cryptMount "crypt0" + // cryptMount "crypt1" + // cryptMount "crypt2"; + powerManagement.powerUpCommands = lib.concatStrings (map (disk: '' ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk} ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} -- cgit v1.2.3 From 49b6fd9c87678893ed47794b116660700994b1bc Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 7 Jan 2016 17:34:56 +0100 Subject: ma 1 pnp: be able to build as vm --- makefu/1systems/pnp.nix | 64 ++++++++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 36 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index a1b73c0c9..51c124bbe 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -1,59 +1,51 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - +# Usage: +# NIX_PATH=secrets=/home/makefu/secrets/wry:nixpkgs=/var/src/nixpkgs nix-build -A users.makefu.pnp.config.system.build.vm +# result/bin/run-pnp-vm -virtfs local,path=/home/makefu/secrets/pnp,security_model=none,mount_tag=secrets { config, pkgs, ... }: { imports = - [ # Include the results of the hardware scan. - # Base + [ ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix + ../../krebs/3modules/Reaktor.nix - # HW/FS - - # enables virtio kernel modules in initrd + # these will be overwritten by qemu-vm.nix but will be used if the system + # is directly deployed ../2configs/fs/vm-single-partition.nix - # Services - ../2configs/git/cgit-retiolum.nix - - ## Reaktor - ## \/ are only plugins, must enable Reaktor explicitly - ../2configs/Reaktor/stockholmLentil.nix - ../2configs/Reaktor/simpleExtend.nix - ../2configs/Reaktor/random-emoji.nix - ../2configs/Reaktor/titlebot.nix - ../2configs/Reaktor/shack-correct.nix - - # ../2configs/graphite-standalone.nix + # config.system.build.vm + ]; - krebs.urlwatch.verbose = true; - krebs.Reaktor.enable = true; - krebs.Reaktor.debug = true; - krebs.Reaktor.nickname = "Reaktor|bot"; - krebs.Reaktor.extraEnviron = { - REAKTOR_CHANNELS = "#krebs,#binaergewitter,#shackspace"; + virtualisation.graphics = false; + # also export secrets, see Usage above + fileSystems = pkgs.lib.mkVMOverride { + "${builtins.toString }" = + { device = "secrets"; + fsType = "9p"; + options = "trans=virtio,version=9p2000.L,cache=loose"; + neededForBoot = true; + }; + }; + + krebs.Reaktor = { + enable = true; + debug = true; + extraEnviron = { + REAKTOR_HOST = "cd.retiolum"; + }; + plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ]; + channels = [ "#retiolum" ]; }; krebs.build.host = config.krebs.hosts.pnp; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; - networking.firewall.allowedTCPPorts = [ - # nginx runs on 80 - 80 - # graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp - # 8080 2003 - - # smtp 25 ]; - # networking.firewall.allowedUDPPorts = [ 2003 ]; - } -- cgit v1.2.3