From 7d30101dd3f4b6e1191e37ea6a81c1c33fa535de Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Jan 2018 13:57:55 +0100 Subject: [PATCH 1/4] Revert "ma hw/stk1160: rip" This reverts commit 1cbc2e5aa359e7e9b4b32c9ef75902576347a6d0. --- makefu/1systems/x/config.nix | 6 ++---- makefu/2configs/hw/stk1160.nix | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 makefu/2configs/hw/stk1160.nix diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 3686acb6e..a32db91e1 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -61,7 +61,7 @@ with import ; - # + # # Filesystem @@ -86,6 +86,7 @@ with import ; nixpkgs.config.allowUnfree = true; + environment.systemPackages = [ pkgs.passwdqc-utils ]; # configure pulseAudio to provide a HDMI sink as well @@ -103,7 +104,4 @@ with import ; ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; - - nix.package = pkgs.nixUnstable; - environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; } diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix new file mode 100644 index 000000000..b3a9e1a5a --- /dev/null +++ b/makefu/2configs/hw/stk1160.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: +{ + # TODO: un-pin linuxPackages somehow + boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages; + nixpkgs.config.packageOverrides = pkgs: { + linux_4_9 = pkgs.linux_4_9.override { + extraConfig = '' + MEDIA_ANALOG_TV_SUPPORT y + VIDEO_STK1160_COMMON m + VIDEO_STK1160_AC97 y + VIDEO_STK1160 m + ''; + }; + }; +} From a645fb4b9acd5103bcb1b33ada8ba93f120834fa Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Jan 2018 14:15:02 +0100 Subject: [PATCH 2/4] ma photostore.krebsco.de: enable ssl --- .../deployment/photostore.krebsco.de.nix | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/makefu/2configs/deployment/photostore.krebsco.de.nix b/makefu/2configs/deployment/photostore.krebsco.de.nix index 9e16a384a..ecbca9ea3 100644 --- a/makefu/2configs/deployment/photostore.krebsco.de.nix +++ b/makefu/2configs/deployment/photostore.krebsco.de.nix @@ -26,14 +26,16 @@ in { services.nginx = { enable = mkDefault true; virtualHosts."photostore.krebsco.de" = { - locations = { - "/".extraConfig = '' - uwsgi_pass unix://${wsgi-sock}; - uwsgi_param UWSGI_CHDIR ${workdir}; - uwsgi_param UWSGI_MODULE cuserver.main; - uwsgi_param UWSGI_CALLABLE app; - include ${pkgs.nginx}/conf/uwsgi_params; - ''; + enableACME = true; + forceSSL = true; + locations = { + "/".extraConfig = '' + uwsgi_pass unix://${wsgi-sock}; + uwsgi_param UWSGI_CHDIR ${workdir}; + uwsgi_param UWSGI_MODULE cuserver.main; + uwsgi_param UWSGI_CALLABLE app; + include ${pkgs.nginx}/conf/uwsgi_params; + ''; }; }; }; From 0c8071080121deb593be0899bc20ec3eb3169688 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Jan 2018 14:15:48 +0100 Subject: [PATCH 3/4] ma gum.r: add vpn pubkeys for work router --- makefu/1systems/gum/config.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index f473d9e4c..a656fdce3 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -109,6 +109,8 @@ in { #} { # wireguard server + # opkg install wireguard luci-proto-wireguard + # TODO: networking.nat # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; @@ -136,9 +138,23 @@ in { allowedIPs = [ "10.244.0.3/32" ]; publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; } + { + # x-test + allowedIPs = [ "10.244.0.4/32" ]; + publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; + } + { + # work-router + allowedIPs = [ "10.244.0.5/32" ]; + publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; + } ]; }; } + { # iperf3 + networking.firewall.allowedUDPPorts = [ 5201 ]; + networking.firewall.allowedTCPPorts = [ 5201 ]; + } ]; makefu.dl-dir = "/var/download"; From 79ac162a9e967993252d910f5a6bb74c810fd0a1 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Jan 2018 14:16:11 +0100 Subject: [PATCH 4/4] ma hw/stk1160: bump linux kernel --- makefu/2configs/hw/stk1160.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix index b3a9e1a5a..bdd146365 100644 --- a/makefu/2configs/hw/stk1160.nix +++ b/makefu/2configs/hw/stk1160.nix @@ -1,9 +1,8 @@ -{ pkgs, ... }: +{ pkgs, lib, ... }: { # TODO: un-pin linuxPackages somehow - boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages; nixpkgs.config.packageOverrides = pkgs: { - linux_4_9 = pkgs.linux_4_9.override { + linux_4_14 = pkgs.linux_4_14.override { extraConfig = '' MEDIA_ANALOG_TV_SUPPORT y VIDEO_STK1160_COMMON m