2017-04-17 13:45:32 +00:00
{ config , pkgs , . . . }:
2015-11-17 21:15:07 +00:00
let
2016-04-08 01:53:34 +00:00
shack-ip = config . krebs . build . host . nets . shack . ip4 . addr ;
2017-09-09 23:32:53 +00:00
influx-host = " 1 2 7 . 0 . 0 . 1 " ;
2018-01-28 14:09:18 +00:00
ext-if = " e t 0 " ;
external-mac = " 5 2 : 5 4 : b 0 : 0 b : a f : f e " ;
2015-11-17 21:15:07 +00:00
in
2015-10-25 13:07:51 +00:00
{
imports = [
2017-07-13 22:17:58 +00:00
<stockholm/krebs>
<stockholm/krebs/2configs>
2015-10-25 13:07:51 +00:00
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
2017-07-13 22:17:58 +00:00
<stockholm/krebs/2configs/collectd-base.nix>
2017-07-23 08:46:46 +00:00
<stockholm/krebs/2configs/stats/wolf-client.nix>
2017-06-01 07:21:20 +00:00
2017-07-13 22:17:58 +00:00
<stockholm/krebs/2configs/graphite.nix>
2017-08-05 10:02:08 +00:00
<stockholm/krebs/2configs/binary-cache/nixos.nix>
2017-07-29 17:41:59 +00:00
<stockholm/krebs/2configs/binary-cache/prism.nix>
2017-06-01 07:21:20 +00:00
2017-07-13 22:17:58 +00:00
<stockholm/krebs/2configs/shack/worlddomination.nix>
<stockholm/krebs/2configs/shack/drivedroid.nix>
# <stockholm/krebs/2configs/shack/nix-cacher.nix>
<stockholm/krebs/2configs/shack/mqtt_sub.nix>
<stockholm/krebs/2configs/shack/muell_caller.nix>
<stockholm/krebs/2configs/shack/radioactive.nix>
<stockholm/krebs/2configs/shack/share.nix>
2017-09-09 23:32:53 +00:00
{
systemd . services . telegraf . path = [ pkgs . net_snmp ] ; # for snmptranslate
2017-11-02 13:26:50 +00:00
systemd . services . telegraf . environment = {
MIBDIRS = pkgs . fetchgit {
url = " h t t p : / / g i t . s h a c k s p a c e . d e / m a k e f u / m o d e m - m i b s . g i t " ;
sha256 =
2017-11-12 00:55:15 +00:00
" 1 r h r p a a s c v j 5 p 3 d j 2 9 h r w 7 9 g m 3 9 r p 0 a a 7 8 7 x 9 5 m 3 r 2 j r c q 8 3 l n 1 k " ;
2017-11-02 13:26:50 +00:00
} ; # extra mibs like ADSL
} ;
2017-09-09 23:32:53 +00:00
services . telegraf = {
enable = true ;
extraConfig = {
inputs = {
snmp = {
agents = [ " 1 0 . 0 . 1 . 3 : 1 6 1 " ] ;
version = 2 ;
community = " s h a c k " ;
name = " s n m p " ;
field = [
{
name = " h o s t n a m e " ;
oid = " R F C 1 2 1 3 - M I B : : s y s N a m e . 0 " ;
is_tag = true ;
}
{
name = " l o a d - p e r c e n t " ; #cisco
oid = " . 1 . 3 . 6 . 1 . 4 . 1 . 9 . 9 . 1 0 9 . 1 . 1 . 1 . 1 . 4 . 9 " ;
}
{
name = " u p t i m e " ;
oid = " D I S M A N - E V E N T - M I B : : s y s U p T i m e I n s t a n c e " ;
}
] ;
table = [ {
name = " s n m p " ;
inherit_tags = [ " h o s t n a m e " ] ;
oid = " I F - M I B : : i f X T a b l e " ;
field = [ {
name = " i f N a m e " ;
oid = " I F - M I B : : i f N a m e " ;
is_tag = true ;
} ] ;
} ] ;
} ;
} ;
outputs = {
influxdb = {
urls = [ " h t t p : / / ${ influx-host } : 8 0 8 6 " ] ;
database = " t e l e g r a f " ;
write_consistency = " a n y " ;
timeout = " 5 s " ;
} ;
} ;
} ;
} ;
}
2017-06-01 07:21:20 +00:00
2015-10-25 13:07:51 +00:00
] ;
2015-11-17 22:13:09 +00:00
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)
2016-01-22 23:27:33 +00:00
2017-05-24 08:51:58 +00:00
services . influxdb . enable = true ;
2016-03-11 01:23:04 +00:00
# local discovery in shackspace
nixpkgs . config . packageOverrides = pkgs : { tinc = pkgs . tinc_pre ; } ;
2016-07-20 15:20:47 +00:00
krebs . tinc . retiolum . extraConfig = " T C P O n l y = y e s " ;
2016-01-22 23:27:33 +00:00
services . grafana = {
enable = true ;
addr = " 0 . 0 . 0 . 0 " ;
users . allowSignUp = true ;
users . allowOrgCreate = true ;
users . autoAssignOrg = true ;
2016-11-27 14:25:53 +00:00
auth . anonymous . enable = true ;
2016-01-22 23:27:33 +00:00
security = import <secrets/grafana_security.nix> ;
} ;
2017-03-08 16:12:26 +00:00
nix = {
2017-07-11 09:26:24 +00:00
# use the up to date prism cache
2017-03-08 16:12:26 +00:00
binaryCaches = [
" h t t p s : / / c a c h e . n i x o s . o r g / "
] ;
binaryCachePublicKeys = [
" h y d r a . n i x o s . o r g - 1 : C N H J Z B h 9 K 4 t P 3 E K F 6 F k k g e V Y s S 3 o h T l + o S 0 Q a 8 b e z V s = "
] ;
} ;
2015-10-25 13:07:51 +00:00
2015-11-17 21:15:07 +00:00
networking = {
2015-11-17 22:13:09 +00:00
firewall . enable = false ;
2017-05-24 08:51:58 +00:00
firewall . allowedTCPPorts = [ 8088 8086 8083 ] ;
2018-01-28 14:09:18 +00:00
interfaces . " ${ ext-if } " . ip4 = [ {
2015-11-17 21:15:07 +00:00
address = shack-ip ;
prefixLength = 20 ;
} ] ;
defaultGateway = " 1 0 . 4 2 . 0 . 1 " ;
2015-12-14 18:36:06 +00:00
nameservers = [ " 1 0 . 4 2 . 0 . 1 0 0 " " 1 0 . 4 2 . 0 . 2 0 0 " ] ;
2015-11-17 21:15:07 +00:00
} ;
#####################
# uninteresting stuff
#####################
2015-10-25 13:07:51 +00:00
krebs . build . host = config . krebs . hosts . wolf ;
boot . kernel . sysctl = {
# Enable IPv6 Privacy Extensions
" n e t . i p v 6 . c o n f . a l l . u s e _ t e m p a d d r " = 2 ;
" n e t . i p v 6 . c o n f . d e f a u l t . u s e _ t e m p a d d r " = 2 ;
} ;
boot . initrd . availableKernelModules = [
" a t a _ p i i x " " u h c i _ h c d " " e h c i _ p c i " " v i r t i o _ p c i " " v i r t i o _ b l k "
] ;
boot . kernelModules = [ ] ;
boot . extraModulePackages = [ ] ;
boot . loader . grub . enable = true ;
boot . loader . grub . version = 2 ;
boot . loader . grub . device = " / d e v / v d a " ;
2017-09-11 21:01:24 +00:00
# without it `/nix/store` is not added grub paths
boot . loader . grub . copyKernels = true ;
2015-10-25 13:07:51 +00:00
fileSystems . " / " = { device = " / d e v / d i s k / b y - l a b e l / n i x o s " ; fsType = " e x t 4 " ; } ;
swapDevices = [
2015-11-17 21:15:07 +00:00
{ device = " / d e v / d i s k / b y - l a b e l / s w a p " ; }
2015-10-25 13:07:51 +00:00
] ;
2017-06-18 12:09:02 +00:00
# fallout of ipv6calypse
networking . extraHosts = ''
hass . shack 10 .42 .2 .191
heidi . shack 10 .42 .2 .135
'' ;
users . extraUsers . root . openssh . authorizedKeys . keys = [
config . krebs . users . ulrich . pubkey
2017-07-21 07:06:30 +00:00
config . krebs . users . makefu-omo . pubkey
2017-09-09 14:27:30 +00:00
" s s h - r s a A A A A B 3 N z a C 1 y c 2 E A A A A D A Q A B A A A E A Q D b 9 N P a 2 H f 5 1 a f c G 1 H 1 3 U P b E 5 E 0 2 J 8 a C 9 a 1 s G C R l s 5 9 2 w A V l Q b m o j Y R 1 j W D P A 2 m 3 2 B s y v 0 z t q i 8 1 z D y n d W W Z P Q V J V B k 0 0 V j Y B c g k 6 D 5 i f q o A u W L z f u H J P W Z G O v B f / U 7 4 / L N F N U k j 1 y w j n e K 7 H Y T R P X r R B B f B S Q N m Q z k v u e 7 s 5 9 9 L 2 v d u e Z K y j N s M p x 2 m 6 n m 2 S c h a M u D s k S Q u t / 1 6 8 J g U 1 l 4 M 8 B e T 6 8 B o 4 W d e l h B Y n h S I 1 a 5 9 F G k g d u 2 S C j y i g h L Q R y 2 s O H 3 k s n k H W E N P k A + w w Q O l K l 7 R 3 D s E y b r N d 4 N U 9 F S w F D y D m d h f v 5 g J p 8 U G S F d j A w x 4 3 + 8 z M 5 t 5 r u Z 2 5 J 0 L n V b 0 P u T u R A 0 0 U s W 8 3 M k L x F p D Q L r Q V 0 8 t l s Y 6 i G r q x P 6 7 C 3 V J 6 t 4 v 6 o T p 7 / v a R L h E F c 1 P h O L h + s Z 1 8 o 8 M L O + e 2 r G m H G H Q n S K f B O L U v D M G a 4 j b 0 1 X B G j d n I X L O k V o 7 9 Y R 5 j Z n 7 j J b 2 g T Z 9 5 O D 6 b W S D A D o U R S u w u L a 7 k h 4 t i 1 I t A K u h k I v b u k y 3 r R V v Q E c 9 2 k J 6 a N U s w I U X J a 0 K 2 i b b I Y 6 y c K A A 3 L j k s l 3 M m 9 K z O n 6 y c / i / l S F + S O r T G h a b P J i g K k I o q K I w n V 5 I U 3 g k f s x P Q J O B M P q H D G A O e Y Q e 3 W p W e d E P Y u h Q E c z w 4 e x M b 9 T k N E 9 6 F 7 1 P z u Q P J D l 5 s P A W y P L e M K p y 5 X b f R i F 2 b y 4 n x N 3 Z I Q v j t o y V k j N V + q M 0 q 0 y K B z L x u R A E Q O Z 2 y C E a B u d Z Q k Q i w H D 9 7 H 2 v u 4 S R Q / 2 a O i e 1 X i O n m d b Q R D Z S O 3 B s o D K 5 6 9 K 1 w + g D f S n q Y 7 z V U M j 6 t w + u K x 6 G s t c k 5 l b v Y M t d W K s f P v / p D M 8 e y I V F L L 9 3 d K T X + e r t c Q j 6 x D w L f O i N u b E 5 a y F X h Y k j w I m V 6 N g f B u q + 3 h L K 0 U R P 2 r P l O Z b b Z T Q 0 W l K D 6 C C R Z P M S Z C U 9 o D 2 z Y f q p v R A r B U c d k A w G e P e z O R k f J Q L E 6 m Y E J p 6 p d F k J / I e F L b O 6 M 0 l Z V l f n p z A C 9 k j j k M C R o f Z U E T c F S p p y T I m C b g o 3 + o k 5 9 / P k N U 5 o a v B X y W 8 0 u e 2 t W H r 0 8 H X / Q A L N t e 3 U I T m I I l U 6 S F M C P M W J q a d K 1 e D P W f J 4 H 4 i D X R N n 3 D 5 w q N + + i M l o K v p a j 0 w i e q X L Y 4 + Y f v N T N r 1 7 7 O U 4 8 G E W W 8 D n o E k b p w s C b j P x z n G D Q h d D q d Y y M Y / f D g R Q R e K I T v K Y G H R z e s G y s w 5 c K s p 9 L E f X D 0 R 6 W E 2 T e i i E N l a 5 A W z T g X J B 0 A y Z E c O i I f q O g T 9 N r 9 S 8 q 5 g c / B d A 7 P + j h G G J g E H h V 3 d V l f I Z 7 p m Z c 2 7 Y u 7 U T Q 0 l b A K W q c M S T O d n e + Q L 6 I L z b v L r Q w d v a x 4 t Q d m 5 o p f U 1 6 S r O o x 1 A M w A b k d q 8 4 z 6 u J q Y V x 3 c U X f M J g T y D N r V v 3 o r r o o t @ p l a t t e n s c h w e i n " # for backup
2017-06-18 12:09:02 +00:00
] ;
2018-01-28 14:09:18 +00:00
services . udev . extraRules = ''
SUBSYSTEM == " n e t " , ATTR { address } == " ${ external-mac } " , NAME = " ${ ext-if } "
'' ;
2015-10-25 13:07:51 +00:00
time . timeZone = " E u r o p e / B e r l i n " ;
2017-05-25 21:21:20 +00:00
sound . enable = false ;
2015-10-25 13:07:51 +00:00
}