From 3971bd1e35dc9ec72b3aa50f29b2f82d1e06cf72 Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Fri, 7 Jun 2019 12:16:27 -0700 Subject: rename lithium and activate gitlab-runner --- depo/default.nix | 3 +- depo/hidor-kahih/configuration.nix | 216 ---------------------------------- depo/hidor-kahih/default.nix | 26 ----- depo/hidor-kahih/hardware.nix | 34 ------ depo/hikuj-zupip/configuration.nix | 230 +++++++++++++++++++++++++++++++++++++ depo/hikuj-zupip/default.nix | 27 +++++ depo/hikuj-zupip/hardware.nix | 34 ++++++ depo/nutin-madaj/default.nix | 3 +- depo/packages.nix | 2 + keys/deploy.pub | 1 + 10 files changed, 298 insertions(+), 278 deletions(-) delete mode 100644 depo/hidor-kahih/configuration.nix delete mode 100644 depo/hidor-kahih/default.nix delete mode 100644 depo/hidor-kahih/hardware.nix create mode 100644 depo/hikuj-zupip/configuration.nix create mode 100644 depo/hikuj-zupip/default.nix create mode 100644 depo/hikuj-zupip/hardware.nix create mode 100644 keys/deploy.pub diff --git a/depo/default.nix b/depo/default.nix index 65e06ae..131320d 100644 --- a/depo/default.nix +++ b/depo/default.nix @@ -1,4 +1,5 @@ { nutin-madaj = import ./nutin-madaj; -hidor-kahih = import ./hidor-kahih; +hikuj-zupip = import ./hikuj-zupip; + } diff --git a/depo/hidor-kahih/configuration.nix b/depo/hidor-kahih/configuration.nix deleted file mode 100644 index d3172e3..0000000 --- a/depo/hidor-kahih/configuration.nix +++ /dev/null @@ -1,216 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - networking = { - hostName = "lithium"; - hosts = { - "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ]; - }; - - firewall = { - allowedTCPPorts = [ - 22 8000 8443 443 8080 8081 # std - 500 10000 # no idea - 8096 # emby - 8112 # deluge - ]; - allowedTCPPortRanges = [ - { from = 3000; to = 3100; } # dev stuff - ]; - checkReversePath = false; - }; - - }; - - time.timeZone = "America/Los_Angeles"; - - fonts.fonts = with pkgs; [ - google-fonts mononoki source-code-pro fantasque-sans-mono hack-font - fira fira-code fira-code-symbols - ]; - - nixpkgs = { - config = { - allowUnfree = true; - allowBroken = true; - }; - }; - - hardware = { - opengl.enable = true; - pulseaudio = { - enable = true; - extraConfig = '' - load-module module-loopback - ''; - }; - }; - - programs = { - bash.enableCompletion = true; - command-not-found.enable = true; - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - mosh.enable = true; - }; - - virtualisation = { - docker = { - enable = false; - liveRestore = false; - }; - libvirtd.enable = true; - virtualbox = { - host = { - enable = false; - headless = false; - addNetworkInterface = false; - }; - guest = { - enable = false; - x11 = false; - }; - }; - }; - - services = { - pcscd.enable = true; - logind = { - lidSwitch = "ignore"; - extraConfig = "IdleAction=ignore"; - }; - - openssh = { - enable = true; - forwardX11 = true; - }; - - deluge = { - enable = true; - openFilesLimit = 10240; - web.enable = true; - }; - - printing.enable = true; - - tarsnap = { - enable = false; - archives = { - ben-home = { - directories = [ - ]; - }; - }; - }; - - xserver = { - enable = true; - layout = "us"; - - xkbOptions = "caps:ctrl_modifier"; - - displayManager.sddm.enable = true; - - desktopManager = { - kodi.enable = true; - plasma5.enable = true; - xterm.enable = true; - }; - }; - - jupyter = { - enable = false; - port = 3099; - ip = "*"; - password = "'sha1:4b14a407cabe:fbab8e5400f3f4f3ffbdb00e996190d6a84bf51e'"; - kernels = { - python3 = let - env = (pkgs.python3.withPackages (p: with p; [ - ipykernel pandas scikitlearn numpy matplotlib sympy ipywidgets - ])); - in { - displayName = "py3"; - argv = [ - "${env.interpreter}" - "-m" - "ipykernel_launcher" - "-f" - "{connection_file}" - ]; - language = "python"; - #logo32 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-32x32.png"; - #logo64 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-64x64.png"; - }; - }; - }; - - emby = { - enable = true; - user = "emby"; - }; - - vnstat.enable = true; - - # security stuff - fail2ban.enable = true; - clamav = { - daemon.enable = true; - updater.enable = true; - }; - - postgresql = { - enable = true; - package = pkgs.postgresql_10; - authentication = '' - local all pprjam md5 - local all pprjam_test md5 - ''; - enableTCPIP = true; - }; - redis = { - enable = true; - }; - }; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/disk/by-uuid/a0160f25-e0e3-4af0-8236-3e298eac957a"; - preLVM = true; - } - ]; - - powerManagement.enable = false; - - nix = { - gc = { - automatic = true; - dates = "03:15"; - }; - binaryCaches = [ "https://cache.nixos.org/" ]; - nixPath = [ - "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs" - "nixos-config=/etc/nixos/configuration.nix" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - extraOptions = '' - gc-keep-outputs = true - gc-keep-derivations = true - ''; - }; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "17.09"; # Did you read the comment? - system.autoUpgrade.enable = true; - -} diff --git a/depo/hidor-kahih/default.nix b/depo/hidor-kahih/default.nix deleted file mode 100644 index 4af629f..0000000 --- a/depo/hidor-kahih/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -/* - -hidor-kahih - main development/build server - -*/ - -let - nixpkgs = builtins.fetchTarball (import ../../pack/nixpkgs.nix); -in -import "${nixpkgs}/nixos" { - system = "x86_64-linux"; - configuration = { - nixpkgs.overlays = [ - (import ../../pack/overlay.nix) - ]; - - imports = - [ ./hardware.nix - ../users.nix - ../packages.nix - ./configuration.nix - ]; - - users.users.root.openssh.authorizedKeys.keys = [(builtins.readFile ../../keys/ben.pub)]; - }; -} diff --git a/depo/hidor-kahih/hardware.nix b/depo/hidor-kahih/hardware.nix deleted file mode 100644 index fc0e7a0..0000000 --- a/depo/hidor-kahih/hardware.nix +++ /dev/null @@ -1,34 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/0d8b0e52-10de-4af2-bcd9-b36278352e77"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/9B89-85C7"; - fsType = "vfat"; - }; - - fileSystems."/mnt/lake" = - { device = "/dev/disk/by-uuid/037df3ae-4609-402c-ab1d-4593190d0ee7"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = "powersave"; -} diff --git a/depo/hikuj-zupip/configuration.nix b/depo/hikuj-zupip/configuration.nix new file mode 100644 index 0000000..00fbf46 --- /dev/null +++ b/depo/hikuj-zupip/configuration.nix @@ -0,0 +1,230 @@ +{ config, lib, pkgs, ... }: + +{ + + networking = { + hostName = "lithium"; + hosts = { + "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ]; + }; + + firewall = { + allowedTCPPorts = [ + 22 8000 8443 443 8080 8081 # std + 500 10000 # no idea + 8096 # emby + 8112 # deluge + ]; + allowedTCPPortRanges = [ + { from = 3000; to = 3100; } # dev stuff + ]; + checkReversePath = false; + }; + + }; + + time.timeZone = "America/Los_Angeles"; + + fonts.fonts = with pkgs; [ + google-fonts mononoki source-code-pro fantasque-sans-mono hack-font + fira fira-code fira-code-symbols + ]; + + nixpkgs = { + config = { + allowUnfree = true; + allowBroken = true; + }; + }; + + hardware = { + opengl.enable = true; + pulseaudio = { + enable = true; + extraConfig = '' + load-module module-loopback + ''; + }; + }; + + programs = { + bash.enableCompletion = true; + command-not-found.enable = true; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + mosh.enable = true; + }; + + virtualisation = { + docker = { + enable = false; + liveRestore = false; + }; + libvirtd.enable = true; + virtualbox = { + host = { + enable = false; + headless = false; + addNetworkInterface = false; + }; + guest = { + enable = false; + x11 = false; + }; + }; + }; + + # https://github.com/NixOS/nixpkgs/issues/53985 + systemd.services.gitlab-runner.path = [ + "/run/wrappers" + ]; + + services = { + pcscd.enable = true; + logind = { + lidSwitch = "ignore"; + extraConfig = "IdleAction=ignore"; + }; + + # runner for hero ci + gitlab-runner = { + packages = [ pkgs.bash pkgs.git pkgs.python3 ]; + enable = true; + gracefulTimeout = "2min"; + gracefulTermination = true; + configFile = "/home/ben/gitlab-runner.toml"; + }; + + openssh = { + enable = true; + forwardX11 = true; + }; + + deluge = { + enable = true; + openFilesLimit = 10240; + web.enable = true; + }; + + printing.enable = true; + + tarsnap = { + enable = false; + archives = { + ben-home = { + directories = [ + ]; + }; + }; + }; + + xserver = { + enable = true; + layout = "us"; + + xkbOptions = "caps:ctrl_modifier"; + + displayManager.sddm.enable = true; + + desktopManager = { + kodi.enable = true; + plasma5.enable = true; + xterm.enable = true; + }; + }; + + jupyter = { + enable = false; + port = 3099; + ip = "*"; + password = "'sha1:4b14a407cabe:fbab8e5400f3f4f3ffbdb00e996190d6a84bf51e'"; + kernels = { + python3 = let + env = (pkgs.python3.withPackages (p: with p; [ + ipykernel pandas scikitlearn numpy matplotlib sympy ipywidgets + ])); + in { + displayName = "py3"; + argv = [ + "${env.interpreter}" + "-m" + "ipykernel_launcher" + "-f" + "{connection_file}" + ]; + language = "python"; + #logo32 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-32x32.png"; + #logo64 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-64x64.png"; + }; + }; + }; + + emby = { + enable = true; + user = "emby"; + }; + + vnstat.enable = true; + + # security stuff + fail2ban.enable = true; + clamav = { + daemon.enable = true; + updater.enable = true; + }; + + postgresql = { + enable = true; + package = pkgs.postgresql_10; + authentication = '' + local all pprjam md5 + local all pprjam_test md5 + ''; + enableTCPIP = true; + }; + redis = { + enable = true; + }; + }; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.luks.devices = [ + { + name = "root"; + device = "/dev/disk/by-uuid/a0160f25-e0e3-4af0-8236-3e298eac957a"; + preLVM = true; + } + ]; + + powerManagement.enable = false; + + nix = { + gc = { + automatic = true; + dates = "03:15"; + }; + binaryCaches = [ "https://cache.nixos.org/" ]; + nixPath = [ + "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs" + "nixos-config=/etc/nixos/configuration.nix" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + extraOptions = '' + gc-keep-outputs = true + gc-keep-derivations = true + ''; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "17.09"; # Did you read the comment? + system.autoUpgrade.enable = true; + +} diff --git a/depo/hikuj-zupip/default.nix b/depo/hikuj-zupip/default.nix new file mode 100644 index 0000000..ed1733e --- /dev/null +++ b/depo/hikuj-zupip/default.nix @@ -0,0 +1,27 @@ +/* + +hidor-kahih - main development/build server + +*/ + +let + nixpkgs = builtins.fetchTarball (import ../../pack/nixpkgs.nix); +in +import "${nixpkgs}/nixos" { + system = "x86_64-linux"; + configuration = { + nixpkgs.overlays = [ + (import ../../pack/overlay.nix) + ]; + + imports = + [ ./hardware.nix + ../users.nix + ../packages.nix + ./configuration.nix + ]; + + users.users.root.openssh.authorizedKeys.keys = + [(builtins.readFile ../../keys/deploy.pub)]; + }; +} diff --git a/depo/hikuj-zupip/hardware.nix b/depo/hikuj-zupip/hardware.nix new file mode 100644 index 0000000..fc0e7a0 --- /dev/null +++ b/depo/hikuj-zupip/hardware.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/0d8b0e52-10de-4af2-bcd9-b36278352e77"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/9B89-85C7"; + fsType = "vfat"; + }; + + fileSystems."/mnt/lake" = + { device = "/dev/disk/by-uuid/037df3ae-4609-402c-ab1d-4593190d0ee7"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = "powersave"; +} diff --git a/depo/nutin-madaj/default.nix b/depo/nutin-madaj/default.nix index 8789c0c..bb854cd 100644 --- a/depo/nutin-madaj/default.nix +++ b/depo/nutin-madaj/default.nix @@ -88,6 +88,7 @@ import "${nixpkgs}/nixos" { networking.hostName = "simatime"; networking.firewall.allowPing = true; services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [(builtins.readFile ../../keys/ben.pub)]; + users.users.root.openssh.authorizedKeys.keys = + [(builtins.readFile ../../keys/deploy.pub)]; }; } diff --git a/depo/packages.nix b/depo/packages.nix index c542d54..2c522f6 100644 --- a/depo/packages.nix +++ b/depo/packages.nix @@ -5,5 +5,7 @@ pkgs.wget pkgs.ranger pkgs.vnstat + pkgs.gitAndTools.gitFull + pkgs.python3 ]; } diff --git a/keys/deploy.pub b/keys/deploy.pub new file mode 100644 index 0000000..664a2d9 --- /dev/null +++ b/keys/deploy.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDlLRbbXgwjF7IqObf4dZE/jj0HoT6xJR6bP/6ZrJz7NPCPIgY3GacOtBfkJp6KK0zKQdFmxNpcfb3zgpe/Ru7pkmSfI9IoWAU3aLPWK2G3tbLPmktGmF9C53OhyXgFtBGr2Q/+wSRKAfN/FrEEa2FuRBtvtcAMiwbQLbFCzlmWhE7swSBvg38ZSFrjhANsEhfNVCtsrtG16fkfrfmBFv4JIog1fEoMKmXg7rhMjpaas8+n52HMFXvjllePRpywK4wB20GOcOuDSdc3i3zs7NFuicGunEpW2S/byrHotSWHZ9VuUwPn3GJ6xorrGyvsRuPS2anhHTSBxYCqYdXg0BIYUn1x5Uhtzd8kIU06gSLsvuhqGCLNucnXAT1Zix7pSlO21be81SX4vwQEth+6Dkm6kja0ArHZL6wglF8Njd1fV9iOwvcS07clwa/2S8suFLwVrQXz16vfAfA2zi4/qeop5Sv9W4DIOZuIMPmbWZCoy7L6Fu4+x4prb8LCQNM5m4CP3HngCW8PpxtBbBJd0dcXVap1HgDTIt/CLH8ms52uX5k3bHuvzryOihSuwmi/cDZAJAmbgclM9klsZr4R/GAoAWhhGxXM2tLuiwZ2nLvCPlXbBazZpdM2aC3VIwnMwJrJFu2u9B6RSsz2ijbygecT98UmiMYK7Mk1y6GkvY+mDQ== ben@lithium -- cgit v1.2.3