Merge remote-tracking branch 'prism/makefu'

krebs/3modules/default.nix

@@ -20,6 +20,7 @@ let
       ./github-hosts-sync.nix
       ./git.nix
       ./go.nix
+      ./htgen.nix
       ./iptables.nix
       ./kapacitor.nix
       ./monit.nix

krebs/3modules/htgen.nix

@@ -0,0 +1,68 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+  cfg = config.krebs.htgen;
+
+  out = {
+    options.krebs.htgen = api;
+    config = imp;
+  };
+
+  api = mkOption {
+    default = {};
+    type = types.attrsOf (types.submodule ({ config, ... }: {
+      options = {
+        enable = mkEnableOption "krebs.htgen-${config.name}";
+
+        name = mkOption {
+          type = types.username;
+          default = config._module.args.name;
+        };
+
+        port = mkOption {
+          type = types.uint;
+        };
+
+        script = mkOption {
+          type = types.str;
+        };
+        user = mkOption {
+          type = types.user;
+          default = {
+            name = "htgen-${config.name}";
+            home = "/var/lib/htgen-${config.name}";
+          };
+        };
+      };
+    }));
+  };
+  imp = {
+
+    systemd.services = mapAttrs' (name: htgen:
+      nameValuePair "htgen-${name}" {
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+        environment = {
+          HTGEN_PORT = toString htgen.port;
+          HTGEN_SCRIPT = htgen.script;
+        };
+        serviceConfig = {
+          SyslogIdentifier = "htgen";
+          User = htgen.user.name;
+          PrivateTmp = true;
+          Restart = "always";
+          ExecStart = "${pkgs.htgen}/bin/htgen --serve";
+        };
+      }
+    ) cfg;
+
+    users.users = mapAttrs' (name: htgen:
+      nameValuePair htgen.user.name {
+        inherit (htgen.user) home name uid;
+        createHome = true;
+      }
+    ) cfg;
+
+  };
+in out

krebs/3modules/makefu/default.nix

@@ -285,12 +285,9 @@ with import <stockholm/lib>;
       cores = 1;
       extraZones = {
         "krebsco.de" = ''
-          euer           IN A  ${nets.internet.ip4.addr}
+          wry               IN A      ${nets.internet.ip4.addr}
-          wiki.euer      IN A  ${nets.internet.ip4.addr}
+          io                IN NS     wry.krebsco.de.
-          wry            IN A  ${nets.internet.ip4.addr}
+          tinc              IN A      ${nets.internet.ip4.addr}
-          io             IN NS wry.krebsco.de.
-          graphs         IN A  ${nets.internet.ip4.addr}
-          tinc           IN A  ${nets.internet.ip4.addr}
         '';
       };
       nets = rec {
@@ -307,13 +304,8 @@ with import <stockholm/lib>;
           ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
           aliases = [
             "graphs.wry.retiolum"
-            "graphs.r" "graphs.retiolum"
             "paste.wry.retiolum"
             "wry.r" "wry.retiolum"
-            "wiki.makefu.retiolum"
-            "wiki.wry.retiolum"
-            "blog.makefu.retiolum"
-            "blog.wry.retiolum"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
@@ -452,6 +444,9 @@ with import <stockholm/lib>;
           cgit.euer         IN A      ${nets.internet.ip4.addr}
           o.euer            IN A      ${nets.internet.ip4.addr}
           dl.euer           IN A      ${nets.internet.ip4.addr}
+          euer              IN A      ${nets.internet.ip4.addr}
+          wiki.euer         IN A      ${nets.internet.ip4.addr}
+          graphs            IN A      ${nets.internet.ip4.addr}
         '';
       };
       nets = rec {
@@ -464,7 +459,7 @@ with import <stockholm/lib>;
         retiolum = {
           via = internet;
           ip4.addr = "10.243.0.211";
-          ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2";
+          # ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2";
           aliases = [
             "gum.r"
             "gum.retiolum"
@@ -473,6 +468,12 @@ with import <stockholm/lib>;
             "o.gum.retiolum"
             "tracker.makefu.r"
             "tracker.makefu.retiolum"
+
+            "graphs.r" "graphs.retiolum"
+            "wiki.makefu.retiolum"
+            "wiki.wry.retiolum"
+            "blog.makefu.retiolum"
+            "blog.wry.retiolum"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----

krebs/5pkgs/apt-cacher-ng/default.nix

@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "apt-cacher-ng-${version}";
-  version = "0.9.3.2";
+  version = "2";
 
   src = fetchurl {
     url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz";
-    sha256 = "1bvng9mwrggvc93q2alj0x72i56wifnjs2dsycr17mapsv0f2gnc";
+    sha256 = "0bkc3012vinridl5ch46pwnxjalymx4wf6nxax64nm7bdkcj9azf";
   };
 
   NIX_LDFLAGS = "-lpthread";

krebs/5pkgs/htgen/default.nix

@@ -0,0 +1,28 @@
+{ bash, coreutils, gnused, stdenv, fetchgit, ucspi-tcp }:
+with import <stockholm/lib>;
+let
+  version = "1.1";
+in stdenv.mkDerivation {
+  name = "htgen-${version}";
+
+  src = fetchgit {
+    url = "http://cgit.krebsco.de/htgen";
+    rev = "refs/tags/v${version}";
+    sha256 = "1zxj0fv9vdrqyl3x2hgq7a6xdlzpclf93akygysrzsqk9wjapp4z";
+  };
+
+  installPhase = ''
+    mkdir -p $out/bin
+    {
+      echo '#! ${bash}/bin/bash'
+      echo 'export PATH=${makeBinPath [
+        ucspi-tcp
+        coreutils
+        gnused
+      ]}''${PATH+":$PATH"}'
+      cat htgen
+    } > $out/bin/htgen
+    chmod +x $out/bin/htgen
+    cp -r examples $out
+  '';
+}

lass/2configs/git.nix

@@ -32,10 +32,13 @@ let
   public-repos = mapAttrs make-public-repo {
     stockholm = {
       cgit.desc = "take all the computers hostage, they'll love you!";
+      cgit.section = "configuration";
     };
-    kimsufi-check = {};
   } // mapAttrs make-public-repo-silent {
-    the_playlist = {};
+    the_playlist = {
+      cgit.desc = "Good Music collection + tools";
+      cgit.section  = "art";
+    };
   };
 
   restricted-repos = mapAttrs make-restricted-repo (

lass/2configs/repo-sync.nix

@@ -10,6 +10,7 @@ let
       public = true;
       name = mkDefault "${name}";
       cgit.desc = mkDefault "mirror for ${name}";
+      cgit.section = mkDefault "mirror";
       hooks = mkIf announce (mkDefault {
         post-receive = pkgs.git-hooks.irc-announce {
           nick = config.networking.hostName;

lass/2configs/websites/domsen.nix

@@ -120,6 +120,7 @@ in {
     sender_domains = [
       "jla-trading.com"
       "ubikmedia.eu"
+      "ubikmedia.de"
     ];
     ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
     ssl_key = "/var/lib/acme/lassul.us/key.pem";

makefu/1systems/gum.nix

@@ -29,9 +29,12 @@ in {
       ../2configs/deployment/owncloud.nix
       ../2configs/nginx/share-download.nix
       ../2configs/nginx/euer.test.nix
+      ../2configs/nginx/euer.wiki.nix
+      ../2configs/nginx/euer.blog.nix
       ../2configs/nginx/public_html.nix
       ../2configs/nginx/update.connector.one.nix
       ../2configs/deployment/mycube.connector.one.nix
+      ../2configs/deployment/graphs.nix
 
       # ../2configs/opentracker.nix
       ../2configs/logging/central-stats-client.nix

makefu/1systems/omo.nix

@@ -43,7 +43,6 @@ in {
       # TODO: unlock home partition via ssh
       ../2configs/fs/sda-crypto-root.nix
       ../2configs/zsh-user.nix
-      ../2configs/urlwatch.nix
       ../2configs/backup.nix
       ../2configs/exim-retiolum.nix
       ../2configs/smart-monitor.nix
@@ -182,5 +181,17 @@ in {
 
   zramSwap.enable = true;
 
+  krebs.Reaktor.reaktor = {
+    nickname = "Reaktor|bot";
+    channels = [ "#krebs" "#shackspace" "#binaergewitter" ];
+    plugins = with pkgs.ReaktorPlugins;[
+                               titlebot
+                               # stockholm-issue
+                               nixos-version
+                               shack-correct
+                               sed-plugin
+                               random-emoji ];
+  };
+
   krebs.build.host = config.krebs.hosts.omo;
 }

makefu/1systems/wry.nix

@@ -19,8 +19,6 @@ in {
       ../2configs/backup.nix
 
       # other nginx
-      ../2configs/nginx/euer.wiki.nix
-      ../2configs/nginx/euer.blog.nix
       # ../2configs/nginx/euer.test.nix
 
       # collectd
@@ -33,46 +31,9 @@ in {
 
   krebs.build.host = config.krebs.hosts.wry;
 
-  krebs.Reaktor.reaktor = {
-    nickname = "Reaktor|bot";
-    channels = [ "#krebs" "#shackspace" "#binaergewitter" ];
-    plugins = with pkgs.ReaktorPlugins;[
-                               titlebot
-                               # stockholm-issue
-                               nixos-version
-                               shack-correct
-                               sed-plugin
-                               random-emoji ];
-  };
-
   # prepare graphs
   services.nginx.enable = true;
   krebs.retiolum-bootstrap.enable = true;
-  krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
-    if ( $server_addr = "${external-ip}" ) {
-      return 403;
-    }
-  '';
-  krebs.tinc_graphs = {
-    enable = true;
-    nginx = {
-      enable = true;
-      # TODO: remove hard-coded hostname
-      complete = {
-        extraConfig = ''
-          if ( $server_addr = "${external-ip}" ) {
-            return 403;
-          }
-        '';
-        serverAliases = [  "graphs.retiolum" "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ];
-      };
-      anonymous = {
-        enableSSL = true;
-        forceSSL = true;
-        enableACME = true;
-      };
-    };
-  };
 
   networking = {
     firewall = {

makefu/1systems/x.nix

@@ -8,6 +8,7 @@
     [ # base
       ../.
       ../2configs/main-laptop.nix
+      ../2configs/extra-fonts.nix
       ../2configs/tools/all.nix
       ../2configs/laptop-backup.nix
       ../2configs/dnscrypt.nix
@@ -46,7 +47,7 @@
       ../2configs/mail-client.nix
       ../2configs/printer.nix
       ../2configs/virtualization.nix
-      # ../2configs/virtualization-virtualbox.nix
+      ../2configs/virtualization-virtualbox.nix
       ../2configs/wwan.nix
       ../2configs/rad1o.nix
 

makefu/2configs/backup.nix

@@ -29,7 +29,7 @@ let
   };
 in {
   krebs.backup.plans = {
-    wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
+    # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
     gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
   };
 }

makefu/2configs/base-gui.nix

@@ -41,7 +41,7 @@ in
   fonts = {
     enableCoreFonts = true;
     enableFontDir = true;
-    enableGhostscriptFonts = false;
+    enableGhostscriptFonts = true;
     fonts = [ pkgs.terminus_font ];
   };
 
@@ -62,7 +62,7 @@ in
       cat |derp <<EOF
       XTerm*background: black
       XTerm*foreground: white
-      XTerm*FaceName  : Terminus:pixelsize=14
+      XTerm*FaceName  : xft:xos4 Terminus:pixelsize=14
 
       URxvt*termName:         rxvt
       URxvt*saveLines:            10000
@@ -74,7 +74,8 @@ in
       URxvt.background: black
       URxvt.urgentOnBell: true
       URxvt.visualBell: false
-      URxvt.font : xft:Terminus
+      URxvt.font : xft:xos4 Terminus:size=12
+
 
       ! blue
       URxvt*color4:                         #268bd2

makefu/2configs/bepasty-dual.nix

@@ -14,7 +14,7 @@ with import <stockholm/lib>;
 let
   sec = toString <secrets>;
   # secKey is nothing worth protecting on a local machine
-  secKey = import <secrets/bepasty-secret.nix>;
+  secKey = "${secrets}/bepasty-secret";
   acmepath = "/var/lib/acme/";
   acmechall = acmepath + "/challenges/";
   ext-dom = "paste.krebsco.de" ;
@@ -31,7 +31,7 @@ in {
           serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
         };
         defaultPermissions = "admin,list,create,read,delete";
-        secretKey = secKey;
+        secretKeyFile = secKey;
       };
 
       "${ext-dom}" = {
@@ -41,7 +41,7 @@ in {
           enableACME = true;
         };
         defaultPermissions = "read";
-        secretKey = secKey;
+        secretKeyFile = secKey;
       };
     };
   };

makefu/2configs/default.nix

@@ -22,7 +22,7 @@ with import <stockholm/lib>;
       user = config.krebs.users.makefu;
       source = let
           inherit (config.krebs.build) host user;
-          ref = "53a2baa"; # unstable @ 2017-02-28
+          ref = "2982661"; # unstable @ 2017-03-31 + cups-dymo + snapraid-11.1
       in {
         nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
           {

makefu/2configs/deployment/graphs.nix

@@ -0,0 +1,37 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+  external-ip = config.krebs.build.host.nets.internet.ip4.addr;
+  internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+  hn = config.krebs.build.host.name;
+in {
+  krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
+    if ( $server_addr = "${external-ip}" ) {
+      return 403;
+    }
+  '';
+  krebs.tinc_graphs = {
+    enable = true;
+    nginx = {
+      enable = true;
+      # TODO: remove hard-coded hostname
+      complete = {
+        extraConfig = ''
+          if ( $server_addr = "${external-ip}" ) {
+            return 403;
+          }
+        '';
+        serverAliases = [
+          "graphs.r" "graphs.retiolum"
+          "graphs.${hn}" "graphs.${hn}.retiolum"
+        ];
+      };
+      anonymous = {
+        enableSSL = true;
+        forceSSL = true;
+        enableACME = true;
+      };
+    };
+  };
+}

makefu/2configs/extra-fonts.nix

@@ -0,0 +1,14 @@
+ { pkgs, ... }:
+ {
+   fonts = {
+     enableFontDir = true;
+     enableGhostscriptFonts = true;
+     fonts = with pkgs; [
+       inconsolata  # monospaced
+       ubuntu_font_family  # Ubuntu fonts
+       unifont # some international languages
+       dejavu_fonts
+       terminus_font
+     ];
+   };
+ }

makefu/2configs/printer.nix

@@ -5,7 +5,7 @@
     enable = true;
     drivers = [
       pkgs.samsungUnifiedLinuxDriver
-      pkgs.dymo-cups-drivers
+      pkgs.cups-dymo
     ];
   };
 

makefu/2configs/urlwatch.nix

@@ -9,7 +9,7 @@
       ## nixpkgs maintenance
       https://api.github.com/repos/ovh/python-ovh/tags
       https://api.github.com/repos/embray/d2to1/tags
-      http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release
+      https://api.github.com/repos/Mic92/vicious/tags
       https://pypi.python.org/simple/bepasty/
       https://pypi.python.org/simple/xstatic/
       http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
@@ -19,6 +19,7 @@
       https://api.github.com/repos/embray/d2to1/tags
       https://api.github.com/repos/dorimanx/exfat-nofuse/commits
       https://api.github.com/repos/dorimanx/exfat-nofuse/tags
+      https://api.github.com/repos/radare/radare2/tags
     ];
   };
 }

makefu/5pkgs/awesomecfg/default.nix

@@ -1,6 +1,7 @@
 _:
 
 {
+  # TODO:  requires in path: amixer, xlock, xbacklight
   full = ./full.cfg;
   kiosk = ./kiosk.lua;
 }

makefu/5pkgs/dymo-cups-drivers/default.nix

@@ -1,17 +0,0 @@
-{ stdenv, lib, pkgs, fetchurl, cups, ... }:
-
-stdenv.mkDerivation rec {
-  name = "dymo-cups-drivers-${version}";
-  version = "1.4.0";
-  src = fetchurl {
-    url = "http://download.dymo.com/dymo/Software/Download%20Drivers/Linux/Download/${name}.tar.gz";
-    sha256 = "0wagsrz3q7yrkzb5ws0m5faq68rqnqfap9p98sgk5jl6x7krf1y6";
-  };
-  buildInputs = [ cups ];
-  makeFlags = [ "cupsfilterdir=$(out)/lib/cups/filter" "cupsmodeldir=$(out)/share/cups/model" ];
-
-  # acd_cli gets dumped in bin and gets overwritten by fixupPhase
-  meta = {
-    description = "Dymo printer drivers";
-  };
-}

makefu/5pkgs/taskserver/default.nix

@@ -1,43 +0,0 @@
-{ stdenv, fetchurl, cmake, libuuid, gnutls, makeWrapper }:
-
-stdenv.mkDerivation rec {
-  name = "taskserver-${version}";
-  version = "1.1.0";
-
-  enableParallelBuilding = true;
-
-  src = fetchurl {
-    url = "http://www.taskwarrior.org/download/taskd-${version}.tar.gz";
-    sha256 = "1d110q9vw8g5syzihxymik7hd27z1592wkpz55kya6lphzk8i13v";
-  };
-
-  patchPhase = ''
-    pkipath=$out/share/taskd/pki
-    mkdir -p $pkipath
-    cp -r pki/* $pkipath
-    echo "patching paths in pki/generate"
-    sed -i "s#^\.#$pkipath#" $pkipath/generate
-    for f in $pkipath/generate* ;do
-      i=$(basename $f)
-      echo patching $i
-      sed -i \
-          -e 's/which/type -p/g' \
-          -e 's#^\. ./vars#if test -e ./vars;then . ./vars; else echo "cannot find ./vars - copy the template from '$pkipath'/vars into the working directory";exit 1; fi#' $f
-
-      echo wrapping $i
-      makeWrapper  $pkipath/$i $out/bin/taskd-pki-$i \
-        --prefix PATH : ${gnutls}/bin/
-    done
-  '';
-
-  buildInputs = [ makeWrapper ];
-  nativeBuildInputs = [ cmake libuuid gnutls ];
-
-  meta = {
-    description = "Server for synchronising Taskwarrior clients";
-    homepage = http://taskwarrior.org;
-    license = stdenv.lib.licenses.mit;
-    platforms = stdenv.lib.platforms.linux;
-    maintainers = with stdenv.lib.maintainers; [ matthiasbeyer makefu ];
-  };
-}

shared/1systems/wolf.nix

@@ -15,6 +15,7 @@ in
     ../2configs/cgit-mirror.nix
     ../2configs/repo-sync.nix
     ../2configs/graphite.nix
+    ../2configs/share-shack.nix
   ];
   # use your own binary cache, fallback use cache.nixos.org (which is used by
   # apt-cacher-ng in first place)

shared/2configs/share-shack.nix

@@ -0,0 +1,38 @@
+{config, ... }:{
+  users.users.smbguest = {
+    name = "smbguest";
+    uid = config.ids.uids.smbguest;
+    group = "share";
+    description = "smb guest user";
+    home = "/home/share";
+    createHome = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    139 445 # samba
+  ];
+
+  networking.firewall.allowedUDPPorts = [
+    137 138
+  ];
+  services.samba = {
+    enable = true;
+    shares = {
+      share-home = {
+        path = "/home/share/";
+        "read only" = "no";
+        browseable = "yes";
+        "guest ok" = "yes";
+      };
+    };
+    extraConfig = ''
+      guest account = smbguest
+      map to guest = bad user
+      # disable printing
+      load printers = no
+      printing = bsd
+      printcap name = /dev/null
+      disable spoolss = yes
+    '';
+  };
+}