From afb6afff1d0f81d8a0dcfd94fa8e46a849bb094f Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 27 Jul 2015 02:02:34 +0200 Subject: * tv -> tv * --- tv/systems/mkdir.nix | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 tv/systems/mkdir.nix (limited to 'tv/systems/mkdir.nix') diff --git a/tv/systems/mkdir.nix b/tv/systems/mkdir.nix new file mode 100644 index 000000000..a88e9812e --- /dev/null +++ b/tv/systems/mkdir.nix @@ -0,0 +1,67 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + krebs.build.host = config.krebs.hosts.mkdir; + + imports = [ + ../configs/CAC-Developer-1.nix + ../configs/CAC-CentOS-7-64bit.nix + ../configs/base.nix + ../configs/consul-server.nix + ../configs/exim-smarthost.nix + ../configs/git.nix + { + tv.iptables = { + enable = true; + input-internet-accept-new-tcp = [ + "ssh" + "tinc" + "smtp" + ]; + input-retiolum-accept-new-tcp = [ + "http" + ]; + }; + } + { + krebs.retiolum = { + enable = true; + connectTo = [ + "cd" + "fastpoke" + "pigstarter" + "ire" + ]; + }; + } + ]; + + networking.interfaces.enp2s1.ip4 = [ + { + address = "162.248.167.241"; # TODO + prefixLength = 24; + } + ]; + networking.defaultGateway = "162.248.167.1"; + networking.nameservers = [ + "8.8.8.8" + ]; + + environment.systemPackages = with pkgs; [ + git # required for ./deploy, clone_or_update + htop + iftop + iotop + iptables + nethogs + rxvt_unicode.terminfo + tcpdump + ]; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; +} -- cgit v1.2.3 From 03e03a7cbda232d1e8581231aefe632072665194 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 27 Jul 2015 04:33:37 +0200 Subject: 0 tv * -> tv systems * --- tv/systems/mkdir.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'tv/systems/mkdir.nix') diff --git a/tv/systems/mkdir.nix b/tv/systems/mkdir.nix index a88e9812e..f601ec838 100644 --- a/tv/systems/mkdir.nix +++ b/tv/systems/mkdir.nix @@ -4,6 +4,22 @@ with lib; { krebs.build.host = config.krebs.hosts.mkdir; + krebs.build.user = config.krebs.users.tv; + + krebs.build.target = "root@mkdir.internet"; + + krebs.build.deps = { + nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + rev = "9d5508d85c33b8fb22d79dde6176792eac2c2696"; + }; + secrets = { + url = "/home/tv/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; imports = [ ../configs/CAC-Developer-1.nix -- cgit v1.2.3