Merge remote-tracking branch 'prism/makefu'
This commit is contained in:
commit
0248fce6be
@ -20,6 +20,7 @@ let
|
|||||||
./github-hosts-sync.nix
|
./github-hosts-sync.nix
|
||||||
./git.nix
|
./git.nix
|
||||||
./go.nix
|
./go.nix
|
||||||
|
./htgen.nix
|
||||||
./iptables.nix
|
./iptables.nix
|
||||||
./kapacitor.nix
|
./kapacitor.nix
|
||||||
./monit.nix
|
./monit.nix
|
||||||
|
68
krebs/3modules/htgen.nix
Normal file
68
krebs/3modules/htgen.nix
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
let
|
||||||
|
cfg = config.krebs.htgen;
|
||||||
|
|
||||||
|
out = {
|
||||||
|
options.krebs.htgen = api;
|
||||||
|
config = imp;
|
||||||
|
};
|
||||||
|
|
||||||
|
api = mkOption {
|
||||||
|
default = {};
|
||||||
|
type = types.attrsOf (types.submodule ({ config, ... }: {
|
||||||
|
options = {
|
||||||
|
enable = mkEnableOption "krebs.htgen-${config.name}";
|
||||||
|
|
||||||
|
name = mkOption {
|
||||||
|
type = types.username;
|
||||||
|
default = config._module.args.name;
|
||||||
|
};
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
type = types.uint;
|
||||||
|
};
|
||||||
|
|
||||||
|
script = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
user = mkOption {
|
||||||
|
type = types.user;
|
||||||
|
default = {
|
||||||
|
name = "htgen-${config.name}";
|
||||||
|
home = "/var/lib/htgen-${config.name}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}));
|
||||||
|
};
|
||||||
|
imp = {
|
||||||
|
|
||||||
|
systemd.services = mapAttrs' (name: htgen:
|
||||||
|
nameValuePair "htgen-${name}" {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
environment = {
|
||||||
|
HTGEN_PORT = toString htgen.port;
|
||||||
|
HTGEN_SCRIPT = htgen.script;
|
||||||
|
};
|
||||||
|
serviceConfig = {
|
||||||
|
SyslogIdentifier = "htgen";
|
||||||
|
User = htgen.user.name;
|
||||||
|
PrivateTmp = true;
|
||||||
|
Restart = "always";
|
||||||
|
ExecStart = "${pkgs.htgen}/bin/htgen --serve";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
) cfg;
|
||||||
|
|
||||||
|
users.users = mapAttrs' (name: htgen:
|
||||||
|
nameValuePair htgen.user.name {
|
||||||
|
inherit (htgen.user) home name uid;
|
||||||
|
createHome = true;
|
||||||
|
}
|
||||||
|
) cfg;
|
||||||
|
|
||||||
|
};
|
||||||
|
in out
|
@ -285,11 +285,8 @@ with import <stockholm/lib>;
|
|||||||
cores = 1;
|
cores = 1;
|
||||||
extraZones = {
|
extraZones = {
|
||||||
"krebsco.de" = ''
|
"krebsco.de" = ''
|
||||||
euer IN A ${nets.internet.ip4.addr}
|
|
||||||
wiki.euer IN A ${nets.internet.ip4.addr}
|
|
||||||
wry IN A ${nets.internet.ip4.addr}
|
wry IN A ${nets.internet.ip4.addr}
|
||||||
io IN NS wry.krebsco.de.
|
io IN NS wry.krebsco.de.
|
||||||
graphs IN A ${nets.internet.ip4.addr}
|
|
||||||
tinc IN A ${nets.internet.ip4.addr}
|
tinc IN A ${nets.internet.ip4.addr}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
@ -307,13 +304,8 @@ with import <stockholm/lib>;
|
|||||||
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
|
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
|
||||||
aliases = [
|
aliases = [
|
||||||
"graphs.wry.retiolum"
|
"graphs.wry.retiolum"
|
||||||
"graphs.r" "graphs.retiolum"
|
|
||||||
"paste.wry.retiolum"
|
"paste.wry.retiolum"
|
||||||
"wry.r" "wry.retiolum"
|
"wry.r" "wry.retiolum"
|
||||||
"wiki.makefu.retiolum"
|
|
||||||
"wiki.wry.retiolum"
|
|
||||||
"blog.makefu.retiolum"
|
|
||||||
"blog.wry.retiolum"
|
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
@ -452,6 +444,9 @@ with import <stockholm/lib>;
|
|||||||
cgit.euer IN A ${nets.internet.ip4.addr}
|
cgit.euer IN A ${nets.internet.ip4.addr}
|
||||||
o.euer IN A ${nets.internet.ip4.addr}
|
o.euer IN A ${nets.internet.ip4.addr}
|
||||||
dl.euer IN A ${nets.internet.ip4.addr}
|
dl.euer IN A ${nets.internet.ip4.addr}
|
||||||
|
euer IN A ${nets.internet.ip4.addr}
|
||||||
|
wiki.euer IN A ${nets.internet.ip4.addr}
|
||||||
|
graphs IN A ${nets.internet.ip4.addr}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
nets = rec {
|
nets = rec {
|
||||||
@ -464,7 +459,7 @@ with import <stockholm/lib>;
|
|||||||
retiolum = {
|
retiolum = {
|
||||||
via = internet;
|
via = internet;
|
||||||
ip4.addr = "10.243.0.211";
|
ip4.addr = "10.243.0.211";
|
||||||
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2";
|
# ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2";
|
||||||
aliases = [
|
aliases = [
|
||||||
"gum.r"
|
"gum.r"
|
||||||
"gum.retiolum"
|
"gum.retiolum"
|
||||||
@ -473,6 +468,12 @@ with import <stockholm/lib>;
|
|||||||
"o.gum.retiolum"
|
"o.gum.retiolum"
|
||||||
"tracker.makefu.r"
|
"tracker.makefu.r"
|
||||||
"tracker.makefu.retiolum"
|
"tracker.makefu.retiolum"
|
||||||
|
|
||||||
|
"graphs.r" "graphs.retiolum"
|
||||||
|
"wiki.makefu.retiolum"
|
||||||
|
"wiki.wry.retiolum"
|
||||||
|
"blog.makefu.retiolum"
|
||||||
|
"blog.wry.retiolum"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
@ -2,11 +2,11 @@
|
|||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "apt-cacher-ng-${version}";
|
name = "apt-cacher-ng-${version}";
|
||||||
version = "0.9.3.2";
|
version = "2";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz";
|
url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz";
|
||||||
sha256 = "1bvng9mwrggvc93q2alj0x72i56wifnjs2dsycr17mapsv0f2gnc";
|
sha256 = "0bkc3012vinridl5ch46pwnxjalymx4wf6nxax64nm7bdkcj9azf";
|
||||||
};
|
};
|
||||||
|
|
||||||
NIX_LDFLAGS = "-lpthread";
|
NIX_LDFLAGS = "-lpthread";
|
||||||
|
28
krebs/5pkgs/htgen/default.nix
Normal file
28
krebs/5pkgs/htgen/default.nix
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
{ bash, coreutils, gnused, stdenv, fetchgit, ucspi-tcp }:
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
let
|
||||||
|
version = "1.1";
|
||||||
|
in stdenv.mkDerivation {
|
||||||
|
name = "htgen-${version}";
|
||||||
|
|
||||||
|
src = fetchgit {
|
||||||
|
url = "http://cgit.krebsco.de/htgen";
|
||||||
|
rev = "refs/tags/v${version}";
|
||||||
|
sha256 = "1zxj0fv9vdrqyl3x2hgq7a6xdlzpclf93akygysrzsqk9wjapp4z";
|
||||||
|
};
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/bin
|
||||||
|
{
|
||||||
|
echo '#! ${bash}/bin/bash'
|
||||||
|
echo 'export PATH=${makeBinPath [
|
||||||
|
ucspi-tcp
|
||||||
|
coreutils
|
||||||
|
gnused
|
||||||
|
]}''${PATH+":$PATH"}'
|
||||||
|
cat htgen
|
||||||
|
} > $out/bin/htgen
|
||||||
|
chmod +x $out/bin/htgen
|
||||||
|
cp -r examples $out
|
||||||
|
'';
|
||||||
|
}
|
@ -32,10 +32,13 @@ let
|
|||||||
public-repos = mapAttrs make-public-repo {
|
public-repos = mapAttrs make-public-repo {
|
||||||
stockholm = {
|
stockholm = {
|
||||||
cgit.desc = "take all the computers hostage, they'll love you!";
|
cgit.desc = "take all the computers hostage, they'll love you!";
|
||||||
|
cgit.section = "configuration";
|
||||||
};
|
};
|
||||||
kimsufi-check = {};
|
|
||||||
} // mapAttrs make-public-repo-silent {
|
} // mapAttrs make-public-repo-silent {
|
||||||
the_playlist = {};
|
the_playlist = {
|
||||||
|
cgit.desc = "Good Music collection + tools";
|
||||||
|
cgit.section = "art";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
restricted-repos = mapAttrs make-restricted-repo (
|
restricted-repos = mapAttrs make-restricted-repo (
|
||||||
|
@ -10,6 +10,7 @@ let
|
|||||||
public = true;
|
public = true;
|
||||||
name = mkDefault "${name}";
|
name = mkDefault "${name}";
|
||||||
cgit.desc = mkDefault "mirror for ${name}";
|
cgit.desc = mkDefault "mirror for ${name}";
|
||||||
|
cgit.section = mkDefault "mirror";
|
||||||
hooks = mkIf announce (mkDefault {
|
hooks = mkIf announce (mkDefault {
|
||||||
post-receive = pkgs.git-hooks.irc-announce {
|
post-receive = pkgs.git-hooks.irc-announce {
|
||||||
nick = config.networking.hostName;
|
nick = config.networking.hostName;
|
||||||
|
@ -120,6 +120,7 @@ in {
|
|||||||
sender_domains = [
|
sender_domains = [
|
||||||
"jla-trading.com"
|
"jla-trading.com"
|
||||||
"ubikmedia.eu"
|
"ubikmedia.eu"
|
||||||
|
"ubikmedia.de"
|
||||||
];
|
];
|
||||||
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
|
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
|
||||||
ssl_key = "/var/lib/acme/lassul.us/key.pem";
|
ssl_key = "/var/lib/acme/lassul.us/key.pem";
|
||||||
|
@ -29,9 +29,12 @@ in {
|
|||||||
../2configs/deployment/owncloud.nix
|
../2configs/deployment/owncloud.nix
|
||||||
../2configs/nginx/share-download.nix
|
../2configs/nginx/share-download.nix
|
||||||
../2configs/nginx/euer.test.nix
|
../2configs/nginx/euer.test.nix
|
||||||
|
../2configs/nginx/euer.wiki.nix
|
||||||
|
../2configs/nginx/euer.blog.nix
|
||||||
../2configs/nginx/public_html.nix
|
../2configs/nginx/public_html.nix
|
||||||
../2configs/nginx/update.connector.one.nix
|
../2configs/nginx/update.connector.one.nix
|
||||||
../2configs/deployment/mycube.connector.one.nix
|
../2configs/deployment/mycube.connector.one.nix
|
||||||
|
../2configs/deployment/graphs.nix
|
||||||
|
|
||||||
# ../2configs/opentracker.nix
|
# ../2configs/opentracker.nix
|
||||||
../2configs/logging/central-stats-client.nix
|
../2configs/logging/central-stats-client.nix
|
||||||
|
@ -43,7 +43,6 @@ in {
|
|||||||
# TODO: unlock home partition via ssh
|
# TODO: unlock home partition via ssh
|
||||||
../2configs/fs/sda-crypto-root.nix
|
../2configs/fs/sda-crypto-root.nix
|
||||||
../2configs/zsh-user.nix
|
../2configs/zsh-user.nix
|
||||||
../2configs/urlwatch.nix
|
|
||||||
../2configs/backup.nix
|
../2configs/backup.nix
|
||||||
../2configs/exim-retiolum.nix
|
../2configs/exim-retiolum.nix
|
||||||
../2configs/smart-monitor.nix
|
../2configs/smart-monitor.nix
|
||||||
@ -182,5 +181,17 @@ in {
|
|||||||
|
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
|
|
||||||
|
krebs.Reaktor.reaktor = {
|
||||||
|
nickname = "Reaktor|bot";
|
||||||
|
channels = [ "#krebs" "#shackspace" "#binaergewitter" ];
|
||||||
|
plugins = with pkgs.ReaktorPlugins;[
|
||||||
|
titlebot
|
||||||
|
# stockholm-issue
|
||||||
|
nixos-version
|
||||||
|
shack-correct
|
||||||
|
sed-plugin
|
||||||
|
random-emoji ];
|
||||||
|
};
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.omo;
|
krebs.build.host = config.krebs.hosts.omo;
|
||||||
}
|
}
|
||||||
|
@ -19,8 +19,6 @@ in {
|
|||||||
../2configs/backup.nix
|
../2configs/backup.nix
|
||||||
|
|
||||||
# other nginx
|
# other nginx
|
||||||
../2configs/nginx/euer.wiki.nix
|
|
||||||
../2configs/nginx/euer.blog.nix
|
|
||||||
# ../2configs/nginx/euer.test.nix
|
# ../2configs/nginx/euer.test.nix
|
||||||
|
|
||||||
# collectd
|
# collectd
|
||||||
@ -33,46 +31,9 @@ in {
|
|||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.wry;
|
krebs.build.host = config.krebs.hosts.wry;
|
||||||
|
|
||||||
krebs.Reaktor.reaktor = {
|
|
||||||
nickname = "Reaktor|bot";
|
|
||||||
channels = [ "#krebs" "#shackspace" "#binaergewitter" ];
|
|
||||||
plugins = with pkgs.ReaktorPlugins;[
|
|
||||||
titlebot
|
|
||||||
# stockholm-issue
|
|
||||||
nixos-version
|
|
||||||
shack-correct
|
|
||||||
sed-plugin
|
|
||||||
random-emoji ];
|
|
||||||
};
|
|
||||||
|
|
||||||
# prepare graphs
|
# prepare graphs
|
||||||
services.nginx.enable = true;
|
services.nginx.enable = true;
|
||||||
krebs.retiolum-bootstrap.enable = true;
|
krebs.retiolum-bootstrap.enable = true;
|
||||||
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
|
|
||||||
if ( $server_addr = "${external-ip}" ) {
|
|
||||||
return 403;
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
krebs.tinc_graphs = {
|
|
||||||
enable = true;
|
|
||||||
nginx = {
|
|
||||||
enable = true;
|
|
||||||
# TODO: remove hard-coded hostname
|
|
||||||
complete = {
|
|
||||||
extraConfig = ''
|
|
||||||
if ( $server_addr = "${external-ip}" ) {
|
|
||||||
return 403;
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
serverAliases = [ "graphs.retiolum" "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ];
|
|
||||||
};
|
|
||||||
anonymous = {
|
|
||||||
enableSSL = true;
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
firewall = {
|
firewall = {
|
||||||
|
@ -8,6 +8,7 @@
|
|||||||
[ # base
|
[ # base
|
||||||
../.
|
../.
|
||||||
../2configs/main-laptop.nix
|
../2configs/main-laptop.nix
|
||||||
|
../2configs/extra-fonts.nix
|
||||||
../2configs/tools/all.nix
|
../2configs/tools/all.nix
|
||||||
../2configs/laptop-backup.nix
|
../2configs/laptop-backup.nix
|
||||||
../2configs/dnscrypt.nix
|
../2configs/dnscrypt.nix
|
||||||
@ -46,7 +47,7 @@
|
|||||||
../2configs/mail-client.nix
|
../2configs/mail-client.nix
|
||||||
../2configs/printer.nix
|
../2configs/printer.nix
|
||||||
../2configs/virtualization.nix
|
../2configs/virtualization.nix
|
||||||
# ../2configs/virtualization-virtualbox.nix
|
../2configs/virtualization-virtualbox.nix
|
||||||
../2configs/wwan.nix
|
../2configs/wwan.nix
|
||||||
../2configs/rad1o.nix
|
../2configs/rad1o.nix
|
||||||
|
|
||||||
|
@ -29,7 +29,7 @@ let
|
|||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
krebs.backup.plans = {
|
krebs.backup.plans = {
|
||||||
wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
|
# wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
|
||||||
gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
|
gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -41,7 +41,7 @@ in
|
|||||||
fonts = {
|
fonts = {
|
||||||
enableCoreFonts = true;
|
enableCoreFonts = true;
|
||||||
enableFontDir = true;
|
enableFontDir = true;
|
||||||
enableGhostscriptFonts = false;
|
enableGhostscriptFonts = true;
|
||||||
fonts = [ pkgs.terminus_font ];
|
fonts = [ pkgs.terminus_font ];
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -62,7 +62,7 @@ in
|
|||||||
cat |derp <<EOF
|
cat |derp <<EOF
|
||||||
XTerm*background: black
|
XTerm*background: black
|
||||||
XTerm*foreground: white
|
XTerm*foreground: white
|
||||||
XTerm*FaceName : Terminus:pixelsize=14
|
XTerm*FaceName : xft:xos4 Terminus:pixelsize=14
|
||||||
|
|
||||||
URxvt*termName: rxvt
|
URxvt*termName: rxvt
|
||||||
URxvt*saveLines: 10000
|
URxvt*saveLines: 10000
|
||||||
@ -74,7 +74,8 @@ in
|
|||||||
URxvt.background: black
|
URxvt.background: black
|
||||||
URxvt.urgentOnBell: true
|
URxvt.urgentOnBell: true
|
||||||
URxvt.visualBell: false
|
URxvt.visualBell: false
|
||||||
URxvt.font : xft:Terminus
|
URxvt.font : xft:xos4 Terminus:size=12
|
||||||
|
|
||||||
|
|
||||||
! blue
|
! blue
|
||||||
URxvt*color4: #268bd2
|
URxvt*color4: #268bd2
|
||||||
|
@ -14,7 +14,7 @@ with import <stockholm/lib>;
|
|||||||
let
|
let
|
||||||
sec = toString <secrets>;
|
sec = toString <secrets>;
|
||||||
# secKey is nothing worth protecting on a local machine
|
# secKey is nothing worth protecting on a local machine
|
||||||
secKey = import <secrets/bepasty-secret.nix>;
|
secKey = "${secrets}/bepasty-secret";
|
||||||
acmepath = "/var/lib/acme/";
|
acmepath = "/var/lib/acme/";
|
||||||
acmechall = acmepath + "/challenges/";
|
acmechall = acmepath + "/challenges/";
|
||||||
ext-dom = "paste.krebsco.de" ;
|
ext-dom = "paste.krebsco.de" ;
|
||||||
@ -31,7 +31,7 @@ in {
|
|||||||
serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
|
serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
|
||||||
};
|
};
|
||||||
defaultPermissions = "admin,list,create,read,delete";
|
defaultPermissions = "admin,list,create,read,delete";
|
||||||
secretKey = secKey;
|
secretKeyFile = secKey;
|
||||||
};
|
};
|
||||||
|
|
||||||
"${ext-dom}" = {
|
"${ext-dom}" = {
|
||||||
@ -41,7 +41,7 @@ in {
|
|||||||
enableACME = true;
|
enableACME = true;
|
||||||
};
|
};
|
||||||
defaultPermissions = "read";
|
defaultPermissions = "read";
|
||||||
secretKey = secKey;
|
secretKeyFile = secKey;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -22,7 +22,7 @@ with import <stockholm/lib>;
|
|||||||
user = config.krebs.users.makefu;
|
user = config.krebs.users.makefu;
|
||||||
source = let
|
source = let
|
||||||
inherit (config.krebs.build) host user;
|
inherit (config.krebs.build) host user;
|
||||||
ref = "53a2baa"; # unstable @ 2017-02-28
|
ref = "2982661"; # unstable @ 2017-03-31 + cups-dymo + snapraid-11.1
|
||||||
in {
|
in {
|
||||||
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
|
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
|
||||||
{
|
{
|
||||||
|
37
makefu/2configs/deployment/graphs.nix
Normal file
37
makefu/2configs/deployment/graphs.nix
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
let
|
||||||
|
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||||
|
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||||
|
hn = config.krebs.build.host.name;
|
||||||
|
in {
|
||||||
|
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
|
||||||
|
if ( $server_addr = "${external-ip}" ) {
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
krebs.tinc_graphs = {
|
||||||
|
enable = true;
|
||||||
|
nginx = {
|
||||||
|
enable = true;
|
||||||
|
# TODO: remove hard-coded hostname
|
||||||
|
complete = {
|
||||||
|
extraConfig = ''
|
||||||
|
if ( $server_addr = "${external-ip}" ) {
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
serverAliases = [
|
||||||
|
"graphs.r" "graphs.retiolum"
|
||||||
|
"graphs.${hn}" "graphs.${hn}.retiolum"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
anonymous = {
|
||||||
|
enableSSL = true;
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
14
makefu/2configs/extra-fonts.nix
Normal file
14
makefu/2configs/extra-fonts.nix
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
fonts = {
|
||||||
|
enableFontDir = true;
|
||||||
|
enableGhostscriptFonts = true;
|
||||||
|
fonts = with pkgs; [
|
||||||
|
inconsolata # monospaced
|
||||||
|
ubuntu_font_family # Ubuntu fonts
|
||||||
|
unifont # some international languages
|
||||||
|
dejavu_fonts
|
||||||
|
terminus_font
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
@ -5,7 +5,7 @@
|
|||||||
enable = true;
|
enable = true;
|
||||||
drivers = [
|
drivers = [
|
||||||
pkgs.samsungUnifiedLinuxDriver
|
pkgs.samsungUnifiedLinuxDriver
|
||||||
pkgs.dymo-cups-drivers
|
pkgs.cups-dymo
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
## nixpkgs maintenance
|
## nixpkgs maintenance
|
||||||
https://api.github.com/repos/ovh/python-ovh/tags
|
https://api.github.com/repos/ovh/python-ovh/tags
|
||||||
https://api.github.com/repos/embray/d2to1/tags
|
https://api.github.com/repos/embray/d2to1/tags
|
||||||
http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release
|
https://api.github.com/repos/Mic92/vicious/tags
|
||||||
https://pypi.python.org/simple/bepasty/
|
https://pypi.python.org/simple/bepasty/
|
||||||
https://pypi.python.org/simple/xstatic/
|
https://pypi.python.org/simple/xstatic/
|
||||||
http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
|
http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
|
||||||
@ -19,6 +19,7 @@
|
|||||||
https://api.github.com/repos/embray/d2to1/tags
|
https://api.github.com/repos/embray/d2to1/tags
|
||||||
https://api.github.com/repos/dorimanx/exfat-nofuse/commits
|
https://api.github.com/repos/dorimanx/exfat-nofuse/commits
|
||||||
https://api.github.com/repos/dorimanx/exfat-nofuse/tags
|
https://api.github.com/repos/dorimanx/exfat-nofuse/tags
|
||||||
|
https://api.github.com/repos/radare/radare2/tags
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
_:
|
_:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
# TODO: requires in path: amixer, xlock, xbacklight
|
||||||
full = ./full.cfg;
|
full = ./full.cfg;
|
||||||
kiosk = ./kiosk.lua;
|
kiosk = ./kiosk.lua;
|
||||||
}
|
}
|
||||||
|
@ -1,17 +0,0 @@
|
|||||||
{ stdenv, lib, pkgs, fetchurl, cups, ... }:
|
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
|
||||||
name = "dymo-cups-drivers-${version}";
|
|
||||||
version = "1.4.0";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "http://download.dymo.com/dymo/Software/Download%20Drivers/Linux/Download/${name}.tar.gz";
|
|
||||||
sha256 = "0wagsrz3q7yrkzb5ws0m5faq68rqnqfap9p98sgk5jl6x7krf1y6";
|
|
||||||
};
|
|
||||||
buildInputs = [ cups ];
|
|
||||||
makeFlags = [ "cupsfilterdir=$(out)/lib/cups/filter" "cupsmodeldir=$(out)/share/cups/model" ];
|
|
||||||
|
|
||||||
# acd_cli gets dumped in bin and gets overwritten by fixupPhase
|
|
||||||
meta = {
|
|
||||||
description = "Dymo printer drivers";
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,43 +0,0 @@
|
|||||||
{ stdenv, fetchurl, cmake, libuuid, gnutls, makeWrapper }:
|
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
|
||||||
name = "taskserver-${version}";
|
|
||||||
version = "1.1.0";
|
|
||||||
|
|
||||||
enableParallelBuilding = true;
|
|
||||||
|
|
||||||
src = fetchurl {
|
|
||||||
url = "http://www.taskwarrior.org/download/taskd-${version}.tar.gz";
|
|
||||||
sha256 = "1d110q9vw8g5syzihxymik7hd27z1592wkpz55kya6lphzk8i13v";
|
|
||||||
};
|
|
||||||
|
|
||||||
patchPhase = ''
|
|
||||||
pkipath=$out/share/taskd/pki
|
|
||||||
mkdir -p $pkipath
|
|
||||||
cp -r pki/* $pkipath
|
|
||||||
echo "patching paths in pki/generate"
|
|
||||||
sed -i "s#^\.#$pkipath#" $pkipath/generate
|
|
||||||
for f in $pkipath/generate* ;do
|
|
||||||
i=$(basename $f)
|
|
||||||
echo patching $i
|
|
||||||
sed -i \
|
|
||||||
-e 's/which/type -p/g' \
|
|
||||||
-e 's#^\. ./vars#if test -e ./vars;then . ./vars; else echo "cannot find ./vars - copy the template from '$pkipath'/vars into the working directory";exit 1; fi#' $f
|
|
||||||
|
|
||||||
echo wrapping $i
|
|
||||||
makeWrapper $pkipath/$i $out/bin/taskd-pki-$i \
|
|
||||||
--prefix PATH : ${gnutls}/bin/
|
|
||||||
done
|
|
||||||
'';
|
|
||||||
|
|
||||||
buildInputs = [ makeWrapper ];
|
|
||||||
nativeBuildInputs = [ cmake libuuid gnutls ];
|
|
||||||
|
|
||||||
meta = {
|
|
||||||
description = "Server for synchronising Taskwarrior clients";
|
|
||||||
homepage = http://taskwarrior.org;
|
|
||||||
license = stdenv.lib.licenses.mit;
|
|
||||||
platforms = stdenv.lib.platforms.linux;
|
|
||||||
maintainers = with stdenv.lib.maintainers; [ matthiasbeyer makefu ];
|
|
||||||
};
|
|
||||||
}
|
|
@ -15,6 +15,7 @@ in
|
|||||||
../2configs/cgit-mirror.nix
|
../2configs/cgit-mirror.nix
|
||||||
../2configs/repo-sync.nix
|
../2configs/repo-sync.nix
|
||||||
../2configs/graphite.nix
|
../2configs/graphite.nix
|
||||||
|
../2configs/share-shack.nix
|
||||||
];
|
];
|
||||||
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
||||||
# apt-cacher-ng in first place)
|
# apt-cacher-ng in first place)
|
||||||
|
38
shared/2configs/share-shack.nix
Normal file
38
shared/2configs/share-shack.nix
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
{config, ... }:{
|
||||||
|
users.users.smbguest = {
|
||||||
|
name = "smbguest";
|
||||||
|
uid = config.ids.uids.smbguest;
|
||||||
|
group = "share";
|
||||||
|
description = "smb guest user";
|
||||||
|
home = "/home/share";
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
139 445 # samba
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.firewall.allowedUDPPorts = [
|
||||||
|
137 138
|
||||||
|
];
|
||||||
|
services.samba = {
|
||||||
|
enable = true;
|
||||||
|
shares = {
|
||||||
|
share-home = {
|
||||||
|
path = "/home/share/";
|
||||||
|
"read only" = "no";
|
||||||
|
browseable = "yes";
|
||||||
|
"guest ok" = "yes";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
guest account = smbguest
|
||||||
|
map to guest = bad user
|
||||||
|
# disable printing
|
||||||
|
load printers = no
|
||||||
|
printing = bsd
|
||||||
|
printcap name = /dev/null
|
||||||
|
disable spoolss = yes
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user