2016-08-23 17:13:50 +00:00
|
|
|
{ config, pkgs, lib, ... }:
|
2017-05-12 09:29:46 +00:00
|
|
|
let
|
2016-08-23 17:13:50 +00:00
|
|
|
rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115";
|
|
|
|
datadisk = "/dev/disk/by-id/ata-HGST_HTS721010A9E630_JR10006PH3A02F";
|
2017-05-12 09:29:46 +00:00
|
|
|
user = config.makefu.gui.user;
|
2017-12-05 14:15:32 +00:00
|
|
|
primaryIP = "192.168.8.11";
|
2016-07-20 18:35:30 +00:00
|
|
|
in {
|
|
|
|
|
2016-01-19 19:26:38 +00:00
|
|
|
imports =
|
|
|
|
[ # Include the results of the hardware scan.
|
2017-07-15 17:01:02 +00:00
|
|
|
<stockholm/makefu>
|
2019-03-06 15:42:27 +00:00
|
|
|
<stockholm/makefu/2configs/support-nixos.nix>
|
2017-07-15 17:01:02 +00:00
|
|
|
<stockholm/makefu/2configs/zsh-user.nix>
|
|
|
|
<stockholm/makefu/2configs/tools/core.nix>
|
2018-11-05 12:51:28 +00:00
|
|
|
# <stockholm/makefu/2configs/disable_v6.nix>
|
|
|
|
<stockholm/makefu/2configs/tools/core-gui.nix>
|
|
|
|
<stockholm/makefu/2configs/tools/extra-gui.nix>
|
|
|
|
<stockholm/makefu/2configs/tools/media.nix>
|
2017-07-31 12:23:25 +00:00
|
|
|
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
2017-07-15 17:01:02 +00:00
|
|
|
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
|
|
|
<stockholm/makefu/2configs/mqtt.nix>
|
2018-01-29 13:47:00 +00:00
|
|
|
<stockholm/makefu/2configs/gui/wbob-kiosk.nix>
|
2017-12-05 14:15:32 +00:00
|
|
|
|
2017-07-31 12:23:25 +00:00
|
|
|
# <stockholm/makefu/2configs/gui/studio-virtual.nix>
|
|
|
|
# <stockholm/makefu/2configs/audio/jack-on-pulse.nix>
|
|
|
|
# <stockholm/makefu/2configs/audio/realtime-audio.nix>
|
|
|
|
# <stockholm/makefu/2configs/vncserver.nix>
|
2017-11-14 09:17:16 +00:00
|
|
|
|
2017-09-29 19:38:08 +00:00
|
|
|
# Services
|
2018-06-14 19:56:20 +00:00
|
|
|
# <stockholm/makefu/2configs/hydra/stockholm.nix>
|
2018-02-26 17:59:43 +00:00
|
|
|
|
2017-12-05 14:15:32 +00:00
|
|
|
<stockholm/makefu/2configs/share/wbob.nix>
|
2018-03-18 19:37:48 +00:00
|
|
|
<stockholm/makefu/2configs/bluetooth-mpd.nix>
|
2017-12-05 14:15:32 +00:00
|
|
|
|
2017-12-28 15:05:39 +00:00
|
|
|
# Sensors
|
2018-12-13 00:32:48 +00:00
|
|
|
<stockholm/makefu/2configs/stats/client.nix>
|
|
|
|
<stockholm/makefu/2configs/stats/collectd-client.nix>
|
2017-12-05 14:15:32 +00:00
|
|
|
<stockholm/makefu/2configs/stats/telegraf>
|
|
|
|
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
|
2018-08-06 14:33:14 +00:00
|
|
|
<stockholm/makefu/2configs/stats/telegraf/europastats.nix>
|
|
|
|
<stockholm/makefu/2configs/stats/external/aralast.nix>
|
|
|
|
<stockholm/makefu/2configs/stats/arafetch.nix>
|
2018-07-17 23:30:37 +00:00
|
|
|
<stockholm/makefu/2configs/hw/mceusb.nix>
|
2018-08-06 14:33:14 +00:00
|
|
|
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
|
2018-11-05 12:51:28 +00:00
|
|
|
{ environment.systemPackages = [ pkgs.vlc ]; }
|
2018-08-06 14:33:14 +00:00
|
|
|
|
2018-11-21 07:24:35 +00:00
|
|
|
{
|
|
|
|
# Risikoübernahme
|
|
|
|
nixpkgs.config.permittedInsecurePackages = [
|
|
|
|
"homeassistant-0.77.2"
|
|
|
|
];
|
|
|
|
}
|
2018-12-13 00:32:48 +00:00
|
|
|
<stockholm/makefu/2configs/bureautomation>
|
2019-03-06 15:42:27 +00:00
|
|
|
<stockholm/makefu/2configs/bureautomation/led-fader.nix>
|
2018-12-13 00:32:48 +00:00
|
|
|
<stockholm/makefu/2configs/bureautomation/mpd.nix>
|
|
|
|
<stockholm/makefu/2configs/bureautomation/hass.nix>
|
2017-12-05 14:15:32 +00:00
|
|
|
(let
|
|
|
|
collectd-port = 25826;
|
|
|
|
influx-port = 8086;
|
2018-07-17 23:30:37 +00:00
|
|
|
admin-port = 8083;
|
2017-12-05 14:15:32 +00:00
|
|
|
grafana-port = 3000; # TODO nginx forward
|
|
|
|
db = "collectd_db";
|
|
|
|
logging-interface = "enp0s25";
|
|
|
|
in {
|
2018-07-17 23:30:37 +00:00
|
|
|
networking.firewall.allowedTCPPorts = [ 3000 influx-port admin-port ];
|
2018-05-03 16:48:31 +00:00
|
|
|
|
2017-12-05 14:15:32 +00:00
|
|
|
services.grafana.enable = true;
|
|
|
|
services.grafana.addr = "0.0.0.0";
|
|
|
|
services.influxdb.enable = true;
|
|
|
|
services.influxdb.extraConfig = {
|
|
|
|
meta.hostname = config.krebs.build.host.name;
|
|
|
|
# meta.logging-enabled = true;
|
|
|
|
http.bind-address = ":${toString influx-port}";
|
2018-07-17 23:30:37 +00:00
|
|
|
admin.bind-address = ":${toString admin-port}";
|
2017-12-05 14:15:32 +00:00
|
|
|
collectd = [{
|
|
|
|
enabled = true;
|
|
|
|
typesdb = "${pkgs.collectd}/share/collectd/types.db";
|
|
|
|
database = db;
|
|
|
|
bind-address = ":${toString collectd-port}";
|
|
|
|
}];
|
|
|
|
};
|
|
|
|
|
|
|
|
networking.firewall.extraCommands = ''
|
|
|
|
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
|
|
|
|
'';
|
|
|
|
})
|
2017-11-14 09:17:16 +00:00
|
|
|
|
|
|
|
# temporary
|
|
|
|
# <stockholm/makefu/2configs/temp/rst-issue.nix>
|
2017-09-29 19:38:08 +00:00
|
|
|
];
|
2016-08-23 17:13:50 +00:00
|
|
|
|
2016-02-11 16:05:00 +00:00
|
|
|
krebs = {
|
|
|
|
enable = true;
|
|
|
|
build.host = config.krebs.hosts.wbob;
|
|
|
|
};
|
2016-08-23 17:13:50 +00:00
|
|
|
|
|
|
|
swapDevices = [ { device = "/var/swap"; } ];
|
2017-09-29 19:38:08 +00:00
|
|
|
services.collectd.extraConfig = lib.mkAfter ''
|
2016-08-23 17:13:50 +00:00
|
|
|
|
2017-09-29 19:38:08 +00:00
|
|
|
#LoadPlugin ping
|
|
|
|
# does not work because it requires privileges
|
|
|
|
#<Plugin "ping">
|
|
|
|
# Host "google.de"
|
|
|
|
# Host "heise.de"
|
|
|
|
#</Plugin>
|
|
|
|
|
|
|
|
LoadPlugin curl
|
|
|
|
<Plugin curl>
|
|
|
|
TotalTime true
|
|
|
|
NamelookupTime true
|
|
|
|
ConnectTime true
|
|
|
|
|
|
|
|
<Page "google">
|
|
|
|
MeasureResponseTime true
|
|
|
|
MeasureResponseCode true
|
|
|
|
URL "https://google.de"
|
|
|
|
</Page>
|
|
|
|
|
|
|
|
<Page "webde">
|
|
|
|
MeasureResponseTime true
|
|
|
|
MeasureResponseCode true
|
|
|
|
URL "http://web.de"
|
|
|
|
</Page>
|
|
|
|
|
|
|
|
</Plugin>
|
|
|
|
#LoadPlugin netlink
|
|
|
|
#<Plugin "netlink">
|
|
|
|
# Interface "enp0s25"
|
|
|
|
# Interface "wlp2s0"
|
|
|
|
# IgnoreSelected false
|
|
|
|
#</Plugin>
|
|
|
|
'';
|
2016-02-11 16:05:00 +00:00
|
|
|
|
2016-08-23 17:13:50 +00:00
|
|
|
networking.firewall.allowedUDPPorts = [ 655 ];
|
2017-09-29 19:38:08 +00:00
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
|
|
655
|
|
|
|
8081 #smokeping
|
|
|
|
49152
|
|
|
|
];
|
2017-05-11 14:06:41 +00:00
|
|
|
networking.firewall.trustedInterfaces = [ "enp0s25" ];
|
2016-08-23 17:13:50 +00:00
|
|
|
#services.tinc.networks.siem = {
|
|
|
|
# name = "display";
|
|
|
|
# extraConfig = ''
|
|
|
|
# ConnectTo = sjump
|
|
|
|
# Port = 1655
|
|
|
|
# '';
|
|
|
|
#};
|
|
|
|
|
2016-02-11 16:05:00 +00:00
|
|
|
# rt2870.bin wifi card, part of linux-unfree
|
|
|
|
hardware.enableAllFirmware = true;
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
networking.wireless.enable = true;
|
|
|
|
# rt2870 with nonfree creates wlp2s0 from wlp0s20u2
|
|
|
|
# not explicitly setting the interface results in wpa_supplicant to crash
|
|
|
|
networking.wireless.interfaces = [ "wlp2s0" ];
|
2018-08-28 22:57:57 +00:00
|
|
|
networking.interfaces.virbr1.ipv4.addresses = [{
|
2016-10-19 10:31:13 +00:00
|
|
|
address = "10.8.8.11";
|
|
|
|
prefixLength = 24;
|
|
|
|
}];
|
2016-02-11 16:05:00 +00:00
|
|
|
|
|
|
|
|
|
|
|
# nuc hardware
|
2016-07-20 18:35:30 +00:00
|
|
|
boot.loader.grub.device = rootdisk;
|
2016-02-11 16:05:00 +00:00
|
|
|
hardware.cpu.intel.updateMicrocode = true;
|
|
|
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
2018-01-29 13:47:00 +00:00
|
|
|
|
|
|
|
boot.kernelModules = [ "kvm-intel"
|
|
|
|
"snd-seq" "snd-rawmidi"
|
|
|
|
];
|
2016-08-23 17:13:50 +00:00
|
|
|
fileSystems = {
|
|
|
|
"/" = {
|
2016-07-20 18:35:30 +00:00
|
|
|
device = rootdisk + "-part1";
|
2016-02-11 16:05:00 +00:00
|
|
|
fsType = "ext4";
|
2016-08-23 17:13:50 +00:00
|
|
|
};
|
|
|
|
"/data" = {
|
|
|
|
device = datadisk + "-part1";
|
|
|
|
fsType = "ext4";
|
|
|
|
};
|
2016-02-11 16:05:00 +00:00
|
|
|
};
|
2016-01-19 19:26:38 +00:00
|
|
|
}
|