From 57c520b722f25f384301118046bf9cf182d4edd7 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 16 Jul 2015 23:22:30 +0200
Subject: Goodbye old world, and thanks for all the fish!

---
 old/modules/uriel/default.nix  | 188 -----------------------------------------
 old/modules/uriel/git.nix      | 130 ----------------------------
 old/modules/uriel/repos.nix    |  78 -----------------
 old/modules/uriel/retiolum.nix |  31 -------
 4 files changed, 427 deletions(-)
 delete mode 100644 old/modules/uriel/default.nix
 delete mode 100644 old/modules/uriel/git.nix
 delete mode 100644 old/modules/uriel/repos.nix
 delete mode 100644 old/modules/uriel/retiolum.nix

(limited to 'old/modules/uriel')

diff --git a/old/modules/uriel/default.nix b/old/modules/uriel/default.nix
deleted file mode 100644
index eb0f3e906..000000000
--- a/old/modules/uriel/default.nix
+++ /dev/null
@@ -1,188 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    ../lass/desktop-base.nix
-    ./retiolum.nix
-    ../lass/browsers.nix
-    ../lass/programs.nix
-    ../lass/games.nix
-    ../tv/exim-retiolum.nix
-    ../lass/pass.nix
-    ../lass/vim.nix
-    ../lass/urxvt.nix
-    ../common/nixpkgs.nix
-    ../../secrets/uriel-pw.nix
-    ../lass/sshkeys.nix
-    ../lass/bird.nix
-    ./repos.nix
-    ../lass/chromium-patched.nix
-    ./git.nix
-  ];
-
-  nixpkgs = {
-    url = "https://github.com/Lassulus/nixpkgs";
-    rev = "7ef800430789252dac47f0b67e75a6b9bb616397";
-  };
-
-  networking.hostName = "uriel";
-  networking.wireless.enable = true;
-  nix.maxJobs = 2;
-
-  hardware.enableAllFirmware = true;
-  nixpkgs.config.allowUnfree = true;
-
-  boot = {
-    #kernelParams = [
-    #  "acpi.brightness_switch_enabled=0"
-    #];
-    #loader.grub.enable = true;
-    #loader.grub.version = 2;
-    #loader.grub.device = "/dev/sda";
-
-    loader.gummiboot.enable = true;
-    loader.gummiboot.timeout = 5;
-
-    initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
-    initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
-    initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
-    #kernelModules = [ "kvm-intel" "msr" ];
-    kernelModules = [ "msr" ];
-    extraModprobeConfig = ''
-    '';
-  };
-  fileSystems = {
-    "/" = {
-      device = "/dev/pool/root";
-      fsType = "ext4";
-    };
-
-    "/boot" = {
-      device = "/dev/sda1";
-    };
-  };
-
-  services.udev.extraRules = ''
-    SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
-    SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
-  '';
-
-  #services.xserver = {
-  #};
-
-  services.xserver.synaptics = {
-    enable = true;
-    twoFingerScroll = true;
-    accelFactor = "0.035";
-    additionalOptions = ''
-      Option "FingerHigh" "60"
-      Option "FingerLow"  "60"
-    '';
-  };
-
-  users.extraUsers = {
-    root = {
-      openssh.authorizedKeys.keys = [
-        config.sshKeys.lass.pub
-      ];
-    };
-    mainUser = {
-      uid = 1337;
-      name = "lass";
-      #isNormalUser = true;
-      group = "users";
-      createHome = true;
-      home = "/home/lass";
-      useDefaultShell = true;
-      isSystemUser = false;
-      description = "lassulus";
-      extraGroups = [ "wheel" "audio" ];
-      openssh.authorizedKeys.keys = [
-        config.sshKeys.lass.pub
-      ];
-    };
-  };
-
-  environment.systemPackages = with pkgs; [
-  ];
-
-  #for google hangout
-
-  users.extraUsers.google.extraGroups = [ "audio" "video" ];
-
-
-  #users.extraGroups = {
-  #  loot = {
-  #    members = [
-  #      "lass"
-  #      "firefox"
-  #      "chromium"
-  #      "google"
-  #    ];
-  #  };
-  #};
-  #
-  # iptables
-  #
-  #networking.firewall.enable = false;
-  #system.activationScripts.iptables =
-  #  let
-  #    log = false;
-  #    when = c: f: if c then f else "";
-  #  in
-  #    ''
-  #      ip4tables() { ${pkgs.iptables}/sbin/iptables "$@"; }
-  #      ip6tables() { ${pkgs.iptables}/sbin/ip6tables "$@"; }
-  #      ipXtables() { ip4tables "$@"; ip6tables "$@"; }
-
-  #      #
-  #      # nat
-  #      #
-
-  #      # reset tables
-  #      ipXtables -t nat -F
-  #      ipXtables -t nat -X
-
-  #      #
-  #      #ipXtables -t nat -A PREROUTING -j REDIRECT ! -i retiolum -p tcp --dport ssh --to-ports 0
-  #      ipXtables -t nat -A PREROUTING -j REDIRECT -p tcp --dport 11423 --to-ports ssh
-
-  #      #
-  #      # filter
-  #      #
-
-  #      # reset tables
-  #      ipXtables -P INPUT DROP
-  #      ipXtables -P FORWARD DROP
-  #      ipXtables -F
-  #      ipXtables -X
-
-  #      # create custom chains
-  #      ipXtables -N Retiolum
-
-  #      # INPUT
-  #      ipXtables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
-  #      ipXtables -A INPUT -j ACCEPT -i lo
-  #      ipXtables -A INPUT -j ACCEPT -p tcp --dport ssh -m conntrack --ctstate NEW
-  #      ipXtables -A INPUT -j ACCEPT -p tcp --dport http -m conntrack --ctstate NEW
-  #      ipXtables -A INPUT -j ACCEPT -p tcp --dport tinc -m conntrack --ctstate NEW
-  #      ipXtables -A INPUT -j Retiolum -i retiolum
-  #      ${when log "ipXtables -A INPUT -j LOG --log-level info --log-prefix 'INPUT DROP '"}
-
-  #      # FORWARD
-  #      ${when log "ipXtables -A FORWARD -j LOG --log-level info --log-prefix 'FORWARD DROP '"}
-
-  #      # Retiolum
-  #      ip4tables -A Retiolum -j ACCEPT -p icmp --icmp-type echo-request
-  #      ip6tables -A Retiolum -j ACCEPT -p ipv6-icmp -m icmp6 --icmpv6-type echo-request
-
-
-  #      ${when log "ipXtables -A Retiolum -j LOG --log-level info --log-prefix 'REJECT '"}
-  #      ipXtables -A Retiolum -j REJECT -p tcp --reject-with tcp-reset
-  #      ip4tables -A Retiolum -j REJECT -p udp --reject-with icmp-port-unreachable
-  #      ip4tables -A Retiolum -j REJECT        --reject-with icmp-proto-unreachable
-  #      ip6tables -A Retiolum -j REJECT -p udp --reject-with icmp6-port-unreachable
-  #      ip6tables -A Retiolum -j REJECT
-
-  #    '';
-}
diff --git a/old/modules/uriel/git.nix b/old/modules/uriel/git.nix
deleted file mode 100644
index 375064868..000000000
--- a/old/modules/uriel/git.nix
+++ /dev/null
@@ -1,130 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  inherit (builtins) map readFile;
-  inherit (lib) concatMap listToAttrs;
-  # TODO lib should already include our stuff
-  inherit (import ../../lib { inherit lib pkgs; }) addNames git;
-
-  x-repos = [
-    (krebs-private "brain")
-
-    (public "painload")
-    (public "shitment")
-    (public "wai-middleware-time")
-    (public "web-routes-wai-custom")
-
-    (secret "pass")
-
-    (tv-lass "emse-drywall")
-    (tv-lass "emse-hsdb")
-  ];
-
-  users = addNames {
-    tv = { pubkey = readFile <pubkeys/tv_wu.ssh.pub>; };
-    lass = { pubkey = readFile <pubkeys/lass.ssh.pub>; };
-    uriel = { pubkey = readFile <pubkeys/uriel.ssh.pub>; };
-    makefu = { pubkey = "xxx"; };
-  };
-
-  repos = listToAttrs (map ({ repo, ... }: { name = repo.name; value = repo; }) x-repos);
-
-  rules = concatMap ({ rules, ... }: rules) x-repos;
-
-  krebs-private = repo-name:
-    rec {
-      repo = {
-        name = repo-name;
-        hooks = {
-          post-receive = git.irc-announce {
-            nick = config.networking.hostName; # TODO make this the default
-            channel = "#retiolum";
-            server = "ire.retiolum";
-          };
-        };
-      };
-      rules = with git; with users; [
-        { user = lass;
-          repo = [ repo ];
-          perm = push "refs/*" [ non-fast-forward create delete merge ];
-        }
-        { user = [ tv makefu uriel ];
-          repo = [ repo ];
-          perm = fetch;
-        }
-      ];
-    };
-
-  public = repo-name:
-    rec {
-      repo = {
-        name = repo-name;
-        hooks = {
-          post-receive = git.irc-announce {
-            nick = config.networking.hostName; # TODO make this the default
-            channel = "#retiolum";
-            server = "ire.retiolum";
-          };
-        };
-        public = true;
-      };
-      rules = with git; with users; [
-        { user = lass;
-          repo = [ repo ];
-          perm = push "refs/*" [ non-fast-forward create delete merge ];
-        }
-        { user = [ tv makefu uriel ];
-          repo = [ repo ];
-          perm = fetch;
-        }
-      ];
-    };
-
-  secret = repo-name:
-    rec {
-      repo = {
-        name = repo-name;
-        hooks = {};
-      };
-      rules = with git; with users; [
-        { user = lass;
-          repo = [ repo ];
-          perm = push "refs/*" [ non-fast-forward create delete merge ];
-        }
-        { user = [ uriel ];
-          repo = [ repo ];
-          perm = fetch;
-        }
-      ];
-    };
-
-  tv-lass = repo-name:
-    rec {
-      repo = {
-        name = repo-name;
-        hooks = {};
-      };
-      rules = with git; with users; [
-        { user = lass;
-          repo = [ repo ];
-          perm = push "refs/*" [ non-fast-forward create delete merge ];
-        }
-        { user = [ tv ];
-          repo = [ repo ];
-          perm = fetch;
-        }
-      ];
-    };
-
-in
-
-{
-  imports = [
-    ../tv/git
-  ];
-
-  tv.git = {
-    enable = true;
-    inherit repos rules users;
-  };
-}
diff --git a/old/modules/uriel/repos.nix b/old/modules/uriel/repos.nix
deleted file mode 100644
index e31ba9481..000000000
--- a/old/modules/uriel/repos.nix
+++ /dev/null
@@ -1,78 +0,0 @@
-{ ... }:
-
-{
-  imports = [
-    ../lass/gitolite-base.nix
-    ../common/krebs-keys.nix
-    ../common/krebs-repos.nix
-  ];
-
-  services.gitolite = {
-    repos = {
-
-      config = {
-        users = {
-          lass = "RW+";
-          uriel = "R";
-          tv = "R";
-        };
-        extraConfig = "option hook.post-receive = irc-announce";
-      };
-
-      pass = {
-        users = {
-          lass = "RW+";
-          uriel = "R";
-        };
-      };
-
-      load-env = {
-        users = {
-          lass = "RW+";
-          uriel = "R";
-          tv = "R";
-        };
-        extraConfig = "option hook.post-receive = irc-announce";
-      };
-
-      emse-hsdb = {
-        users = {
-          lass = "RW+";
-          uriel = "R";
-          tv = "R";
-        };
-        extraConfig = "option hook.post-receive = irc-announce";
-      };
-
-      brain = {
-        users = {
-          lass = "RW+";
-        };
-        extraConfig = "option hook.post-receive = irc-announce";
-        #hooks.post-receive = irc-announce;
-      };
-
-      painload = {
-        users = {
-          lass = "RW+";
-        };
-        extraConfig = "option hook.post-receive = irc-announce";
-      };
-
-      services = {
-        users = {
-          lass = "RW+";
-        };
-        extraConfig = "option hook.post-receive = irc-announce";
-      };
-
-      xmonad-config = {
-        users = {
-          lass = "RW+";
-          uriel = "R";
-        };
-      };
-
-    };
-  };
-}
diff --git a/old/modules/uriel/retiolum.nix b/old/modules/uriel/retiolum.nix
deleted file mode 100644
index 1e90083fc..000000000
--- a/old/modules/uriel/retiolum.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    ../tv/retiolum
-    ../lass/iptables
-  ];
-
-  tv.retiolum = {
-    enable = true;
-    hosts = ../../hosts;
-    privateKeyFile = "/etc/nixos/secrets/uriel.retiolum.rsa_key.priv";
-    connectTo = [
-      "fastpoke"
-      "gum"
-      "ire"
-    ];
-  };
-
-  #networking.firewall.allowedTCPPorts = [ 655 ];
-  #networking.firewall.allowedUDPPorts = [ 655 ];
-  #lass.iptables = {
-  #  #input-internet-accept-new-tcp = [ "tinc" ];
-  #  #input-internet-accept-new-udp = [ "tinc" ];
-  #  tables.retiolum = {
-  #     interfaces = [ "retiolum" "wl0" ];
-  #     allowed-tcp = [ "tinc" ];
-  #     allowed-udp = [ "tinc" ];
-  #  };
-  #};
-}
-- 
cgit v1.2.3