From 8c5ca07413e983208ced2fc5b67dd84fb70482a4 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 26 Aug 2015 17:11:05 +0200 Subject: add vaapi for tp-x220 this resolves the issue of vlc being slow after suspend --- makefu/2configs/tp-x220.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/tp-x220.nix b/makefu/2configs/tp-x220.nix index 787a0639e..94e51f726 100644 --- a/makefu/2configs/tp-x220.nix +++ b/makefu/2configs/tp-x220.nix @@ -8,13 +8,21 @@ with lib; boot.kernelModules = [ "kvm-intel" ]; #services.xserver.vaapiDrivers = [pkgs.vaapiIntel pkgs.vaapiVdpau ]; - services.xserver.vaapiDrivers = []; + + services.xserver = { + videoDriver = "intel"; + vaapiDrivers = [ pkgs.vaapiIntel ]; + deviceSection = '' + Option "AccelMethod" "sna" + BusID "PCI:0:2:0" + ''; + }; services.xserver.displayManager.sessionCommands ='' xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1 xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2 - xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 8 200 xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5 + # xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 8 200 ''; } -- cgit v1.2.3 From 0acd7f23e1e3adf4bf1427f186a7bf5505ff910d Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 31 Aug 2015 10:47:22 +0200 Subject: makefu: cleanup --- makefu/2configs/tp-x220.nix | 5 +---- makefu/2configs/tp-x2x0.nix | 10 +++++++--- 2 files changed, 8 insertions(+), 7 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/tp-x220.nix b/makefu/2configs/tp-x220.nix index 94e51f726..f03922150 100644 --- a/makefu/2configs/tp-x220.nix +++ b/makefu/2configs/tp-x220.nix @@ -7,14 +7,11 @@ with lib; boot.kernelModules = [ "kvm-intel" ]; - #services.xserver.vaapiDrivers = [pkgs.vaapiIntel pkgs.vaapiVdpau ]; - services.xserver = { videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; + vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; deviceSection = '' Option "AccelMethod" "sna" - BusID "PCI:0:2:0" ''; }; diff --git a/makefu/2configs/tp-x2x0.nix b/makefu/2configs/tp-x2x0.nix index b79d94b4a..aa2fc2050 100644 --- a/makefu/2configs/tp-x2x0.nix +++ b/makefu/2configs/tp-x2x0.nix @@ -11,9 +11,13 @@ with lib; zramSwap.enable = true; zramSwap.numDevices = 2; - hardware.trackpoint.enable = true; - hardware.trackpoint.sensitivity = 220; - hardware.trackpoint.speed = 220; + hardware.trackpoint = { + enable = true; + sensitivity = 220; + speed = 220; + emulateWheel = true; + }; + services.tlp.enable = true; services.tlp.extraConfig = '' -- cgit v1.2.3 From cbac1a75959c96d37f6c24a38efce19e88dadca2 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 31 Aug 2015 10:59:28 +0200 Subject: makefu: merge /Z -> krebs/Z --- makefu/1systems/repunit.nix | 2 +- makefu/2configs/cgit-retiolum.nix | 4 ++-- makefu/2configs/tinc-basic-retiolum.nix | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix index 503fe8f65..d98ff17c1 100644 --- a/makefu/1systems/repunit.nix +++ b/makefu/1systems/repunit.nix @@ -49,7 +49,7 @@ }; krebs.retiolum = { enable = true; - hosts = ../../Zhosts; + hosts = ../../krebs/Zhosts; connectTo = [ "gum" "pigstarter" diff --git a/makefu/2configs/cgit-retiolum.nix b/makefu/2configs/cgit-retiolum.nix index 8d9439569..a40dabb3f 100644 --- a/makefu/2configs/cgit-retiolum.nix +++ b/makefu/2configs/cgit-retiolum.nix @@ -63,11 +63,11 @@ in { imports = [{ krebs.users.makefu-omo = { name = "makefu-omo" ; - pubkey= with builtins; readFile ../../Zpubkeys/makefu_omo.ssh.pub; + pubkey= with builtins; readFile ../../krebs/Zpubkeys/makefu_omo.ssh.pub; }; krebs.users.makefu-tsp = { name = "makefu-tsp" ; - pubkey= with builtins; readFile ../../Zpubkeys/makefu_tsp.ssh.pub; + pubkey= with builtins; readFile ../../krebs/Zpubkeys/makefu_tsp.ssh.pub; }; }]; krebs.git = { diff --git a/makefu/2configs/tinc-basic-retiolum.nix b/makefu/2configs/tinc-basic-retiolum.nix index cb1991bd6..fd6d1683d 100644 --- a/makefu/2configs/tinc-basic-retiolum.nix +++ b/makefu/2configs/tinc-basic-retiolum.nix @@ -4,7 +4,7 @@ with lib; { krebs.retiolum = { enable = true; - hosts = ../../Zhosts; + hosts = ../../krebs/Zhosts; connectTo = [ "gum" "pigstarter" -- cgit v1.2.3 From 4d917dfa98d1a324a73e3290d553114e7047a621 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 31 Aug 2015 14:25:27 +0200 Subject: makefu: enable Reaktor for pnp --- makefu/1systems/pnp.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'makefu') diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index 963d07744..bbb99390d 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -21,6 +21,8 @@ krebs.build.user = config.krebs.users.makefu; krebs.build.target = "root@pnp"; + krebs.Reaktor.enable = true; + krebs.build.deps = { nixpkgs = { url = https://github.com/NixOS/nixpkgs; -- cgit v1.2.3 From e10d36bec7e4fb8cb82162c2e9bc86e58f2d5a0e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 31 Aug 2015 19:56:47 +0200 Subject: add sample of how to extend the Reaktor config --- makefu/1systems/pornocauster.nix | 2 ++ makefu/2configs/Reaktor/simpleExtend.nix | 21 +++++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 makefu/2configs/Reaktor/simpleExtend.nix (limited to 'makefu') diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 415c1af30..1e2c31257 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -23,6 +23,8 @@ ../2configs/virtualization.nix ../2configs/wwan.nix + ../2configs/Reaktor/simpleExtend.nix + # hardware specifics are in here ../2configs/tp-x220.nix ]; diff --git a/makefu/2configs/Reaktor/simpleExtend.nix b/makefu/2configs/Reaktor/simpleExtend.nix new file mode 100644 index 000000000..3b55ca412 --- /dev/null +++ b/makefu/2configs/Reaktor/simpleExtend.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +with pkgs; +let + nixos-version-script = pkgs.writeScript "nix-version" '' + #! /bin/sh + . /etc/os-release + echo "$PRETTY_NAME" + ''; +in { + krebs.Reaktor.enable = true; + krebs.Reaktor.nickname = "test-reaktor"; + krebs.Reaktor.extraConfig = '' + public_commands.insert(0,{ + 'capname' : "nixos-version", + 'pattern' : indirect_pattern.format("nixos-version"), + 'argv' : ["${nixos-version-script}"], + 'env' : { 'state_dir': workdir } }) + ''; +} + -- cgit v1.2.3 From 37744f0016b77af41e8f57bc6da32b15f5ac50fd Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 2 Sep 2015 10:02:05 +0200 Subject: makefu: sort 2configs --- makefu/1systems/pnp.nix | 6 +-- makefu/1systems/pornocauster.nix | 16 +++--- makefu/1systems/tsp.nix | 4 +- makefu/2configs/cgit-retiolum.nix | 79 ----------------------------- makefu/2configs/fs/cac-boot-partition.nix | 23 +++++++++ makefu/2configs/fs/sda-crypto-root-home.nix | 39 ++++++++++++++ makefu/2configs/fs/sda-crypto-root.nix | 29 +++++++++++ makefu/2configs/fs/vm-single-partition.nix | 20 ++++++++ makefu/2configs/git/brain-retiolum.nix | 77 ++++++++++++++++++++++++++++ makefu/2configs/git/cgit-retiolum.nix | 79 +++++++++++++++++++++++++++++ makefu/2configs/hw/tp-x200.nix | 21 ++++++++ makefu/2configs/hw/tp-x220.nix | 25 +++++++++ makefu/2configs/hw/tp-x2x0.nix | 26 ++++++++++ makefu/2configs/sda-crypto-root-home.nix | 39 -------------- makefu/2configs/sda-crypto-root.nix | 29 ----------- makefu/2configs/tp-x200.nix | 21 -------- makefu/2configs/tp-x220.nix | 25 --------- makefu/2configs/tp-x2x0.nix | 26 ---------- makefu/2configs/vm-single-partition.nix | 20 -------- makefu/3modules/default.nix | 2 +- 20 files changed, 355 insertions(+), 251 deletions(-) delete mode 100644 makefu/2configs/cgit-retiolum.nix create mode 100644 makefu/2configs/fs/cac-boot-partition.nix create mode 100644 makefu/2configs/fs/sda-crypto-root-home.nix create mode 100644 makefu/2configs/fs/sda-crypto-root.nix create mode 100644 makefu/2configs/fs/vm-single-partition.nix create mode 100644 makefu/2configs/git/brain-retiolum.nix create mode 100644 makefu/2configs/git/cgit-retiolum.nix create mode 100644 makefu/2configs/hw/tp-x200.nix create mode 100644 makefu/2configs/hw/tp-x220.nix create mode 100644 makefu/2configs/hw/tp-x2x0.nix delete mode 100644 makefu/2configs/sda-crypto-root-home.nix delete mode 100644 makefu/2configs/sda-crypto-root.nix delete mode 100644 makefu/2configs/tp-x200.nix delete mode 100644 makefu/2configs/tp-x220.nix delete mode 100644 makefu/2configs/tp-x2x0.nix delete mode 100644 makefu/2configs/vm-single-partition.nix (limited to 'makefu') diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index bbb99390d..6ca1f1108 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -9,9 +9,9 @@ [ # Include the results of the hardware scan. ../2configs/base.nix - ../2configs/cgit-retiolum.nix + ../2configs/git/cgit-retiolum.nix # ../2configs/graphite-standalone.nix - ../2configs/vm-single-partition.nix + ../2configs/fs/vm-single-partition.nix ../2configs/tinc-basic-retiolum.nix ../2configs/exim-retiolum.nix @@ -26,7 +26,7 @@ krebs.build.deps = { nixpkgs = { url = https://github.com/NixOS/nixpkgs; - rev = "13576925552b1d0751498fdda22e91a055a1ff6c"; + rev = "03921972268934d900cc32dad253ff383926771c"; }; }; diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 1e2c31257..4dcfe4eca 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -13,9 +13,7 @@ ../2configs/tinc-basic-retiolum.nix #../2configs/disable_v6.nix - #../2configs/sda-crypto-root.nix - ../2configs/sda-crypto-root-home.nix - + # environment ../2configs/zsh-user.nix # applications @@ -23,16 +21,22 @@ ../2configs/virtualization.nix ../2configs/wwan.nix - ../2configs/Reaktor/simpleExtend.nix + # services + ../2configs/git/brain-retiolum.nix + # ../2configs/Reaktor/simpleExtend.nix # hardware specifics are in here - ../2configs/tp-x220.nix + ../2configs/hw/tp-x220.nix + # mount points + ../2configs/fs/sda-crypto-root-home.nix ]; krebs.build.host = config.krebs.hosts.pornocauster; krebs.build.user = config.krebs.users.makefu; krebs.build.target = "root@pornocauster"; + #krebs.Reaktor.nickname = "makefu|r"; + networking.firewall.allowedTCPPorts = [ 25 ]; @@ -41,7 +45,7 @@ nixpkgs = { url = https://github.com/NixOS/nixpkgs; #url = https://github.com/makefu/nixpkgs; - rev = "13576925552b1d0751498fdda22e91a055a1ff6c"; + rev = "03921972268934d900cc32dad253ff383926771c"; }; }; } diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index 67db22460..3c2bb2eda 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -9,9 +9,9 @@ ../2configs/base.nix ../2configs/base-gui.nix ../2configs/tinc-basic-retiolum.nix - ../2configs/sda-crypto-root.nix + ../2configs/fs/sda-crypto-root.nix # hardware specifics are in here - ../2configs/tp-x200.nix #< imports tp-x2x0.nix + ../2configs/hw/tp-x200.nix #< imports tp-x2x0.nix ../2configs/disable_v6.nix ../2configs/rad1o.nix diff --git a/makefu/2configs/cgit-retiolum.nix b/makefu/2configs/cgit-retiolum.nix deleted file mode 100644 index a40dabb3f..000000000 --- a/makefu/2configs/cgit-retiolum.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ config, lib, pkgs, ... }: -# TODO: remove tv lib :) -with import ../../tv/4lib { inherit lib pkgs; }; -let - - repos = priv-repos // krebs-repos ; - rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos); - - krebs-repos = mapAttrs make-krebs-repo { - stockholm = { - desc = "Make all the systems into 1systems!"; - }; - }; - - priv-repos = mapAttrs make-priv-repo { - autosync = { }; - }; - - - # TODO move users to separate module - make-priv-repo = name: { desc ? null, ... }: { - inherit name desc; - public = false; - }; - - make-krebs-repo = with git; name: { desc ? null, ... }: { - inherit name desc; - public = true; - hooks = { - post-receive = git.irc-announce { - nick = config.networking.hostName; - channel = "#retiolum"; - # TODO remove the hardcoded hostname - server = "cd.retiolum"; - }; - }; - }; - - set-owners = with git;repo: user: - singleton { - inherit user; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - }; - - set-ro-access = with git; repo: user: - optional repo.public { - inherit user; - repo = [ repo ]; - perm = fetch; - }; - - # TODO: get the list of all krebsministers - krebsminister = with config.krebs.users; [ lass tv uriel ]; - all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ]; - - priv-rules = repo: set-owners repo all-makefu; - - krebs-rules = repo: - set-owners repo all-makefu ++ set-ro-access repo krebsminister; - -in { - imports = [{ - krebs.users.makefu-omo = { - name = "makefu-omo" ; - pubkey= with builtins; readFile ../../krebs/Zpubkeys/makefu_omo.ssh.pub; - }; - krebs.users.makefu-tsp = { - name = "makefu-tsp" ; - pubkey= with builtins; readFile ../../krebs/Zpubkeys/makefu_tsp.ssh.pub; - }; - }]; - krebs.git = { - enable = true; - root-title = "public repositories"; - root-desc = "keep on krebsing"; - inherit repos rules; - }; -} diff --git a/makefu/2configs/fs/cac-boot-partition.nix b/makefu/2configs/fs/cac-boot-partition.nix new file mode 100644 index 000000000..fdf4b89d8 --- /dev/null +++ b/makefu/2configs/fs/cac-boot-partition.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +# vda1 ext4 (label nixos) -> only root partition +with lib; +{ + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "ext4"; + }; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + hardware.cpu.amd.updateMicrocode = true; + +} diff --git a/makefu/2configs/fs/sda-crypto-root-home.nix b/makefu/2configs/fs/sda-crypto-root-home.nix new file mode 100644 index 000000000..3821c7504 --- /dev/null +++ b/makefu/2configs/fs/sda-crypto-root-home.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: + +# ssd # +# sda: bootloader grub2 +# sda1: boot ext4 (label nixboot) +# sda2: cryptoluks -> lvm: +# / (main-root) +# /home (main-home) + +with lib; +{ + boot = { + loader.grub.enable =true; + loader.grub.version =2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "main"; device = "/dev/sda2"; allowDiscards=true; }]; + initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/main-root"; + fsType = "ext4"; + options="defaults,discard"; + }; + # TODO: just import sda-crypto-root, add this device + "/home" = { + device = "/dev/mapper/main-home"; + fsType = "ext4"; + options="defaults,discard"; + }; + "/boot" = { + device = "/dev/disk/by-label/nixboot"; + fsType = "ext4"; + options="defaults,discard"; + }; + }; +} diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix new file mode 100644 index 000000000..54db87547 --- /dev/null +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, ... }: + +# sda: bootloader grub2 +# sda1: boot ext4 (label nixboot) +# sda2: cryptoluks -> ext4 +with lib; +{ + boot = { + loader.grub.enable =true; + loader.grub.version =2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; + initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/luksroot"; + fsType = "ext4"; + options="defaults,discard"; + }; + "/boot" = { + device = "/dev/disk/by-label/nixboot"; + fsType = "ext4"; + options="defaults,discard"; + }; + }; +} diff --git a/makefu/2configs/fs/vm-single-partition.nix b/makefu/2configs/fs/vm-single-partition.nix new file mode 100644 index 000000000..78a5e7175 --- /dev/null +++ b/makefu/2configs/fs/vm-single-partition.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: + +# vda1 ext4 (label nixos) -> only root partition +with lib; +{ + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; + + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + hardware.cpu.amd.updateMicrocode = true; + + +} diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix new file mode 100644 index 000000000..0ab64773f --- /dev/null +++ b/makefu/2configs/git/brain-retiolum.nix @@ -0,0 +1,77 @@ +{ config, lib, pkgs, ... }: +# TODO: remove tv lib :) +with import ../../../tv/4lib { inherit lib pkgs; }; +let + + repos = priv-repos // krebs-repos ; + rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos); + + krebs-repos = mapAttrs make-krebs-repo { + brain = { + desc = "braiiiins"; + }; + }; + + priv-repos = mapAttrs make-priv-repo { + autosync = { }; + }; + + # TODO move users to separate module + make-priv-repo = name: { desc ? null, ... }: { + inherit name desc; + public = false; + }; + + make-krebs-repo = with git; name: { desc ? null, ... }: { + inherit name desc; + public = false; + hooks = { + post-receive = git.irc-announce { + nick = config.networking.hostName; + channel = "#retiolum"; + # TODO remove the hardcoded hostname + server = "cd.retiolum"; + }; + }; + }; + + set-owners = with git;repo: user: + singleton { + inherit user; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + }; + + set-ro-access = with git; repo: user: + optional repo.public { + inherit user; + repo = [ repo ]; + perm = fetch; + }; + + # TODO: get the list of all krebsministers + krebsminister = with config.krebs.users; [ lass tv ]; + all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ]; + + priv-rules = repo: set-owners repo all-makefu; + + krebs-rules = repo: + set-owners repo all-makefu ++ set-ro-access repo krebsminister; + +in { + imports = [{ + krebs.users.makefu-omo = { + name = "makefu-omo" ; + pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub; + }; + krebs.users.makefu-tsp = { + name = "makefu-tsp" ; + pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub; + }; + }]; + krebs.git = { + enable = true; + cgit = false; + inherit repos rules; + }; +} diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix new file mode 100644 index 000000000..40b51e601 --- /dev/null +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -0,0 +1,79 @@ +{ config, lib, pkgs, ... }: +# TODO: remove tv lib :) +with import ../../../tv/4lib { inherit lib pkgs; }; +let + + repos = priv-repos // krebs-repos ; + rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos); + + krebs-repos = mapAttrs make-krebs-repo { + stockholm = { + desc = "Make all the systems into 1systems!"; + }; + }; + + priv-repos = mapAttrs make-priv-repo { + autosync = { }; + }; + + + # TODO move users to separate module + make-priv-repo = name: { desc ? null, ... }: { + inherit name desc; + public = false; + }; + + make-krebs-repo = with git; name: { desc ? null, ... }: { + inherit name desc; + public = true; + hooks = { + post-receive = git.irc-announce { + nick = config.networking.hostName; + channel = "#retiolum"; + # TODO remove the hardcoded hostname + server = "cd.retiolum"; + }; + }; + }; + + set-owners = with git;repo: user: + singleton { + inherit user; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + }; + + set-ro-access = with git; repo: user: + optional repo.public { + inherit user; + repo = [ repo ]; + perm = fetch; + }; + + # TODO: get the list of all krebsministers + krebsminister = with config.krebs.users; [ lass tv uriel ]; + all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ]; + + priv-rules = repo: set-owners repo all-makefu; + + krebs-rules = repo: + set-owners repo all-makefu ++ set-ro-access repo krebsminister; + +in { + imports = [{ + krebs.users.makefu-omo = { + name = "makefu-omo" ; + pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub; + }; + krebs.users.makefu-tsp = { + name = "makefu-tsp" ; + pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub; + }; + }]; + krebs.git = { + enable = true; + root-title = "public repositories"; + root-desc = "keep on krebsing"; + inherit repos rules; + }; +} diff --git a/makefu/2configs/hw/tp-x200.nix b/makefu/2configs/hw/tp-x200.nix new file mode 100644 index 000000000..ed46875d8 --- /dev/null +++ b/makefu/2configs/hw/tp-x200.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + + imports = [ ./tp-x2x0.nix ]; + + boot = { + kernelModules = [ "tp_smapi" "msr" ]; + extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; + + }; + services.thinkfan.enable = true; + + # only works on tp-x200 , not x220 + services.xserver.displayManager.sessionCommands = '' + xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 1 + xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 2 + xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 200 + ''; +} diff --git a/makefu/2configs/hw/tp-x220.nix b/makefu/2configs/hw/tp-x220.nix new file mode 100644 index 000000000..f03922150 --- /dev/null +++ b/makefu/2configs/hw/tp-x220.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + + imports = [ ./tp-x2x0.nix ]; + + boot.kernelModules = [ "kvm-intel" ]; + + services.xserver = { + videoDriver = "intel"; + vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; + deviceSection = '' + Option "AccelMethod" "sna" + ''; + }; + + services.xserver.displayManager.sessionCommands ='' + xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1 + xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2 + xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5 + # xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 8 200 + ''; + +} diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix new file mode 100644 index 000000000..aa2fc2050 --- /dev/null +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + # TODO: put this somewhere else + networking.wireless.enable = true; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + + zramSwap.enable = true; + zramSwap.numDevices = 2; + + hardware.trackpoint = { + enable = true; + sensitivity = 220; + speed = 220; + emulateWheel = true; + }; + + + services.tlp.enable = true; + services.tlp.extraConfig = '' + START_CHARGE_THRESH_BAT0=80 + ''; +} diff --git a/makefu/2configs/sda-crypto-root-home.nix b/makefu/2configs/sda-crypto-root-home.nix deleted file mode 100644 index 3821c7504..000000000 --- a/makefu/2configs/sda-crypto-root-home.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, lib, pkgs, ... }: - -# ssd # -# sda: bootloader grub2 -# sda1: boot ext4 (label nixboot) -# sda2: cryptoluks -> lvm: -# / (main-root) -# /home (main-home) - -with lib; -{ - boot = { - loader.grub.enable =true; - loader.grub.version =2; - loader.grub.device = "/dev/sda"; - - initrd.luks.devices = [ { name = "main"; device = "/dev/sda2"; allowDiscards=true; }]; - initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - }; - fileSystems = { - "/" = { - device = "/dev/mapper/main-root"; - fsType = "ext4"; - options="defaults,discard"; - }; - # TODO: just import sda-crypto-root, add this device - "/home" = { - device = "/dev/mapper/main-home"; - fsType = "ext4"; - options="defaults,discard"; - }; - "/boot" = { - device = "/dev/disk/by-label/nixboot"; - fsType = "ext4"; - options="defaults,discard"; - }; - }; -} diff --git a/makefu/2configs/sda-crypto-root.nix b/makefu/2configs/sda-crypto-root.nix deleted file mode 100644 index 54db87547..000000000 --- a/makefu/2configs/sda-crypto-root.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, pkgs, ... }: - -# sda: bootloader grub2 -# sda1: boot ext4 (label nixboot) -# sda2: cryptoluks -> ext4 -with lib; -{ - boot = { - loader.grub.enable =true; - loader.grub.version =2; - loader.grub.device = "/dev/sda"; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; - initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - }; - fileSystems = { - "/" = { - device = "/dev/mapper/luksroot"; - fsType = "ext4"; - options="defaults,discard"; - }; - "/boot" = { - device = "/dev/disk/by-label/nixboot"; - fsType = "ext4"; - options="defaults,discard"; - }; - }; -} diff --git a/makefu/2configs/tp-x200.nix b/makefu/2configs/tp-x200.nix deleted file mode 100644 index ed46875d8..000000000 --- a/makefu/2configs/tp-x200.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -{ - - imports = [ ./tp-x2x0.nix ]; - - boot = { - kernelModules = [ "tp_smapi" "msr" ]; - extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; - - }; - services.thinkfan.enable = true; - - # only works on tp-x200 , not x220 - services.xserver.displayManager.sessionCommands = '' - xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 1 - xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 2 - xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 200 - ''; -} diff --git a/makefu/2configs/tp-x220.nix b/makefu/2configs/tp-x220.nix deleted file mode 100644 index f03922150..000000000 --- a/makefu/2configs/tp-x220.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -{ - - imports = [ ./tp-x2x0.nix ]; - - boot.kernelModules = [ "kvm-intel" ]; - - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; - deviceSection = '' - Option "AccelMethod" "sna" - ''; - }; - - services.xserver.displayManager.sessionCommands ='' - xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1 - xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2 - xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5 - # xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 8 200 - ''; - -} diff --git a/makefu/2configs/tp-x2x0.nix b/makefu/2configs/tp-x2x0.nix deleted file mode 100644 index aa2fc2050..000000000 --- a/makefu/2configs/tp-x2x0.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -{ - # TODO: put this somewhere else - networking.wireless.enable = true; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - zramSwap.enable = true; - zramSwap.numDevices = 2; - - hardware.trackpoint = { - enable = true; - sensitivity = 220; - speed = 220; - emulateWheel = true; - }; - - - services.tlp.enable = true; - services.tlp.extraConfig = '' - START_CHARGE_THRESH_BAT0=80 - ''; -} diff --git a/makefu/2configs/vm-single-partition.nix b/makefu/2configs/vm-single-partition.nix deleted file mode 100644 index 78a5e7175..000000000 --- a/makefu/2configs/vm-single-partition.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, pkgs, ... }: - -# vda1 ext4 (label nixos) -> only root partition -with lib; -{ - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/vda"; - - fileSystems."/" = { - device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - hardware.cpu.amd.updateMicrocode = true; - - -} diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 015f472f7..417808425 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with import ../../krebs/4lib { inherit lib; }; +with lib; let cfg = config.krebs; -- cgit v1.2.3 From 6bcda8fa7b87ae84e6484d497382abb766c7bae8 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 4 Sep 2015 22:57:16 +0200 Subject: makefu:Reakor add random-issue --- makefu/2configs/Reaktor/random-issue.sh | 20 ++++++++++++++++++++ makefu/2configs/Reaktor/stockholmLentil.nix | 25 +++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 makefu/2configs/Reaktor/random-issue.sh create mode 100644 makefu/2configs/Reaktor/stockholmLentil.nix (limited to 'makefu') diff --git a/makefu/2configs/Reaktor/random-issue.sh b/makefu/2configs/Reaktor/random-issue.sh new file mode 100644 index 000000000..5c47c6156 --- /dev/null +++ b/makefu/2configs/Reaktor/random-issue.sh @@ -0,0 +1,20 @@ +#! /bin/sh +set -eu +# requires env: +# $state_dir +# $origin + +# in PATH: git,lentil,coreutils +subdir=`echo "$1" | tr -dc "[:alnum:]"` +name=`echo "$origin" | tr -dc "[:alnum:]"` +track="$state_dir/$name-checkout" +(if test -e "$track" ;then + cd "$track" + git fetch origin master + git reset --hard origin/master +else + git clone "$origin" "$track" +fi) >&2 + +cd "$track" +lentil "${subdir:-.}" -f csv | sed 1d | shuf | head -1 diff --git a/makefu/2configs/Reaktor/stockholmLentil.nix b/makefu/2configs/Reaktor/stockholmLentil.nix new file mode 100644 index 000000000..80f1f7765 --- /dev/null +++ b/makefu/2configs/Reaktor/stockholmLentil.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +with pkgs; +let + random-issue = pkgs.writeScript "random-issue" (builtins.readFile ./random-issue.sh); + random-issue-path = lib.makeSearchPath "bin" (with pkgs; [ + coreutils + git + gnused + lentil]); +in { + krebs.Reaktor.enable = true; + krebs.Reaktor.debug = true; + # krebs.Reaktor.nickname = "test-reaktor"; + # TODO: make origin variable + krebs.Reaktor.extraConfig = '' + public_commands.insert(0,{ + 'capname' : "stockholm-issue", + 'pattern' : indirect_pattern.format("stockholm-issue"), + 'argv' : ["${random-issue}"], + 'env' : { 'state_dir': workdir, + 'PATH':'${random-issue-path}', + 'origin':'http://cgit.pnp/stockholm' } }) + ''; +} -- cgit v1.2.3 From 6099a42734f4fe242c7d244944cb2b3b23b2524f Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 4 Sep 2015 23:01:41 +0200 Subject: Reaktor extraconfig is extensible --- makefu/2configs/Reaktor/simpleExtend.nix | 2 -- makefu/2configs/Reaktor/stockholmLentil.nix | 5 +---- 2 files changed, 1 insertion(+), 6 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/Reaktor/simpleExtend.nix b/makefu/2configs/Reaktor/simpleExtend.nix index 3b55ca412..95175a4e0 100644 --- a/makefu/2configs/Reaktor/simpleExtend.nix +++ b/makefu/2configs/Reaktor/simpleExtend.nix @@ -8,8 +8,6 @@ let echo "$PRETTY_NAME" ''; in { - krebs.Reaktor.enable = true; - krebs.Reaktor.nickname = "test-reaktor"; krebs.Reaktor.extraConfig = '' public_commands.insert(0,{ 'capname' : "nixos-version", diff --git a/makefu/2configs/Reaktor/stockholmLentil.nix b/makefu/2configs/Reaktor/stockholmLentil.nix index 80f1f7765..147fb5a7a 100644 --- a/makefu/2configs/Reaktor/stockholmLentil.nix +++ b/makefu/2configs/Reaktor/stockholmLentil.nix @@ -9,10 +9,7 @@ let gnused lentil]); in { - krebs.Reaktor.enable = true; - krebs.Reaktor.debug = true; - # krebs.Reaktor.nickname = "test-reaktor"; - # TODO: make origin variable + # TODO: make origin a variable, <- module is generic enough to handle different origins, not only stockholm krebs.Reaktor.extraConfig = '' public_commands.insert(0,{ 'capname' : "stockholm-issue", -- cgit v1.2.3 From d6d9956abc60548c755d30e6a5bd13c10abbb181 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 4 Sep 2015 23:06:43 +0200 Subject: makefu/pnp: uses new Reaktor infrastructure --- makefu/1systems/pnp.nix | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index 6ca1f1108..98f3ecd22 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -7,21 +7,33 @@ { imports = [ # Include the results of the hardware scan. - + # Base ../2configs/base.nix - ../2configs/git/cgit-retiolum.nix - # ../2configs/graphite-standalone.nix - ../2configs/fs/vm-single-partition.nix ../2configs/tinc-basic-retiolum.nix + # HW/FS + + ../2configs/fs/vm-single-partition.nix + + # Services + ../2configs/git/cgit-retiolum.nix + + ## Reaktor + ## \/ are only plugins, must enable Reaktor explicitly + ../2configs/Reaktor/stockholmLentil.nix + ../2configs/Reaktor/simpleExtend.nix + ../2configs/exim-retiolum.nix ../2configs/urlwatch.nix + + # ../2configs/graphite-standalone.nix ]; + krebs.Reaktor.enable = true; + krebs.build.host = config.krebs.hosts.pnp; krebs.build.user = config.krebs.users.makefu; krebs.build.target = "root@pnp"; - krebs.Reaktor.enable = true; krebs.build.deps = { nixpkgs = { -- cgit v1.2.3