Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2018-08-09 17:23:53 +02:00
commit 2bf24eae61
22 changed files with 201 additions and 51 deletions

View File

@ -336,7 +336,6 @@ with import <stockholm/lib>;
"krebsco.de" = ''
euer IN MX 1 aspmx.l.google.com.
nixos.unstable IN CNAME krebscode.github.io.
gold IN A ${nets.internet.ip4.addr}
boot IN A ${nets.internet.ip4.addr}
'';
};
@ -522,6 +521,13 @@ with import <stockholm/lib>;
};
nextgum = rec {
ci = true;
extraZones = {
"krebsco.de" = ''
cache.euer IN A ${nets.internet.ip4.addr}
cache.gum IN A ${nets.internet.ip4.addr}
gold IN A ${nets.internet.ip4.addr}
'';
};
cores = 8;
nets = rec {
internet = {
@ -537,6 +543,7 @@ with import <stockholm/lib>;
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3";
aliases = [
"nextgum.r"
"cache.gum.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----

View File

@ -29,7 +29,7 @@ let
''}
${optionalString (cfg.watchDir != null) ''
schedule = watch_directory,5,5,load_start=${cfg.watchDir}/*.torrent
directory.watch.added = "${cfg.watchDir}", load.start_verbose
''}
directory = ${cfg.downloadDir}

View File

@ -49,6 +49,7 @@ in {
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
<stockholm/makefu/2configs/dnscrypt/server.nix>
<stockholm/makefu/2configs/binary-cache/server.nix>
<stockholm/makefu/2configs/iodined.nix>
## buildbot
@ -69,6 +70,8 @@ in {
#<stockholm/makefu/2configs/nginx/public_html.nix>
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
#<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/events-publisher>
#<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
#<stockholm/makefu/2configs/deployment/graphs.nix>

View File

@ -45,12 +45,20 @@ in {
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
];
boot.kernelModules = [ "kvm-intel" ];
boot.kernelModules = [ "kvm-intel" "dm-raid" "dm_thin_pool" ];
hardware.enableRedistributableFirmware = true;
fileSystems."/" = {
device = "/dev/mapper/nixos-root";
fsType = "ext4";
};
fileSystems."/var/lib" = {
device = "/dev/mapper/nixos-lib";
fsType = "ext4";
};
fileSystems."/var/download" = {
device = "/dev/mapper/nixos-download";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/sda2";
fsType = "vfat";
@ -69,7 +77,9 @@ in {
#pvcreate /dev/sda3
#pvcreate /dev/sdb1
#vgcreate nixos /dev/sda3 /dev/sdb1
#lvcreate -L 120G -n root nixos
#lvcreate -L 120G -m 1 -n root nixos
#lvcreate -L 50G -m 1 -n lib nixos
#lvcreate -L 50G -n download nixos
#mkfs.ext4 /dev/mapper/nixos-root
#mount /dev/mapper/nixos-root /mnt
#mkdir /mnt/boot

View File

@ -39,11 +39,15 @@ in {
# Sensors
<stockholm/makefu/2configs/stats/telegraf>
<stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
<stockholm/makefu/2configs/stats/telegraf/europastats.nix>
<stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/arafetch.nix>
<stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
<stockholm/makefu/2configs/deployment/bureautomation>
(let

View File

@ -8,6 +8,7 @@ with import <stockholm/lib>;
imports =
[ # base
<stockholm/makefu>
<stockholm/makefu/2configs/nur.nix>
<stockholm/makefu/2configs/main-laptop.nix>
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
@ -54,7 +55,6 @@ with import <stockholm/lib>;
internalInterfaces = [ "vboxnet0" ];
};
}
# Services
<stockholm/makefu/2configs/git/brain-retiolum.nix>
<stockholm/makefu/2configs/tor.nix>
@ -64,6 +64,7 @@ with import <stockholm/lib>;
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
<stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/hw/tpm.nix>
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
@ -125,7 +126,7 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.x;
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" "nextgum" ];
networking.extraHosts = ''
192.168.1.11 omo.local
@ -133,6 +134,8 @@ with import <stockholm/lib>;
'';
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
# avoid full boot dir
boot.loader.grub.configurationLimit = 3;
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
nixpkgs.overlays = [ (import <python/overlay.nix>) ];

View File

@ -0,0 +1,31 @@
{ config, lib, pkgs, ...}:
{
# generate private key with:
# nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub
services.nix-serve = {
enable = true;
secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
};
systemd.services.nix-serve = {
requires = ["secret.service"];
after = ["secret.service"];
};
krebs.secret.files.nix-serve-key = {
path = "/run/secret/nix-serve.key";
owner.name = "nix-serve";
source-path = toString <secrets> + "/nix-serve.key";
};
services.nginx = {
enable = true;
virtualHosts.nix-serve = {
serverAliases = [ "cache.gum.r"
"cache.euer.krebsco.de"
"cache.gum.krebsco.de"
];
locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";
};
};
}

View File

@ -0,0 +1,48 @@
{ pkgs, ... }:
with import <stockholm/lib>;
let
shack-announce = pkgs.callPackage (builtins.fetchTarball {
url = "https://github.com/makefu/events-publisher/archive/15fbe5cc6ac9617a08a042870795f9e879d9952a.tar.gz";
sha256 = "1bqp1qdnwx5q1w468zbm57hmpjz3x8if3j29qrqcia0vzks1s37a";
}) {} ;
home = "/var/lib/shackannounce";
user = "shackannounce";
creds = (toString <secrets>) + "/shack-announce.json";
in
{
users.users.${user}= {
uid = genid user;
inherit home;
createHome = true;
};
systemd.services.shack-announce = {
description = "Announce shack events";
startAt = "*:0/30";
path = [ shack-announce ];
serviceConfig = {
WorkingDirectory = home;
User = user;
PermissionsStartOnly = true;
ExecStartPre = pkgs.writeDash "shack-announce-pre" ''
set -eu
cp ${creds} creds.json
chown ${user} creds.json
'';
ExecStart = pkgs.writeDash "shack-announce" ''
if test ! -e announce.state; then
echo "initializing state"
announce-daemon \
--lol INFO \
--creds creds.json \
--state announce.state \
--clean --init
fi
echo "Running announce"
announce-daemon \
--lol INFO \
--creds creds.json \
--state announce.state
'';
};
};
}

View File

@ -1,4 +1,4 @@
{pkgs,...}:{
{pkgs, lib, ...}:{
# Disable the MCE remote from acting like a keyboard. (We use lirc instead.)
services.xserver.inputClassSections = [''
Identifier "MCE USB Keyboard mimic blacklist"
@ -6,13 +6,12 @@
MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)"
Option "Ignore" "on"
''];
boot.kernelPackages = builtins.trace "Using linux kernel 4.16, not latest" pkgs.linuxPackages_4_16;
nixpkgs.config.packageOverrides = pkgs: {
linux_4_16 = pkgs.linux_4_16.override {
extraConfig = ''
LIRC y
'';
};
boot.kernelPatches = lib.singleton {
name = "enable-lirc";
patch = null;
extraConfig = ''
LIRC y
'';
};
}

View File

@ -22,15 +22,9 @@
};
networking.networkmanager.enable = true;
# TODO: put somewhere else
services.xserver.displayManager.sessionCommands = ''
${pkgs.clipit}/bin/clipit &
${pkgs.networkmanagerapplet}/bin/nm-applet &
'';
# nixOSUnstable
# networking.networkmanager.wifi = {
# powersave = true;
# scanRandMacAddress = true;
# };
networking.networkmanager.wifi = {
powersave = true;
scanRandMacAddress = true;
};
}

View File

@ -1,13 +1,12 @@
{ pkgs, lib, ... }:
{
# TODO: un-pin linuxPackages somehow
nixpkgs.config.packageOverrides = pkgs: {
linux_4_14 = pkgs.linux_4_14.override {
extraConfig = ''
MEDIA_ANALOG_TV_SUPPORT y
VIDEO_STK1160_COMMON m
VIDEO_STK1160 m
'';
};
boot.kernelPatches = lib.singleton {
name = "enable-stk1160";
patch = null;
extraConfig = ''
MEDIA_ANALOG_TV_SUPPORT y
VIDEO_STK1160_COMMON m
VIDEO_STK1160 m
'';
};
}

View File

@ -0,0 +1,24 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
gold = pkgs.fetchFromGitHub {
owner = "krebs";
repo = "krebsgold";
rev = "15f7a74";
sha256= "1ya9xgg640k3hbl63022sfm44c1si2mxch8jkxindmwg4pa1y4ly";
};
in {
services.nginx = {
enable = mkDefault true;
virtualHosts = {
"gold.krebsco.de" = {
enableACME = true;
forceSSL = true;
root = toString gold + "/html";
};
};
};
}

7
makefu/2configs/nur.nix Normal file
View File

@ -0,0 +1,7 @@
{ pkgs, ... }:{
nixpkgs.config.packageOverrides = pkgs: {
nur = pkgs.callPackage (import (builtins.fetchGit {
url = "https://github.com/nix-community/NUR";
})) {};
};
}

View File

@ -1,6 +1,6 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = [
users.users.makefu.packages = [
pkgs.taskwarrior
];

View File

@ -1,10 +1,10 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs; [
users.users.makefu.packages = with pkgs; [
chromium
clipit
feh
clipit
firefox
keepassx
pcmanfm

View File

@ -4,8 +4,10 @@
users.users.makefu.packages = with pkgs; [
taskwarrior
pass
gopass
mutt
weechat
tmux
];
}

View File

@ -1,7 +1,7 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs;[
users.users.makefu.packages = with pkgs;[
# media
gimp
inkscape

View File

@ -1,7 +1,7 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs; [
users.users.makefu.packages = with pkgs; [
kodi
streamripper
youtube-dl

View File

@ -1,7 +1,7 @@
{ pkgs, ... }:
{
krebs.per-user.makefu.packages = with pkgs; [
users.users.makefu.packages = with pkgs; [
aria2
# mitmproxy
pythonPackages.binwalk-full

View File

@ -8,13 +8,13 @@ let
peer-port = 51412;
web-port = 8112;
daemon-port = 58846;
torrent-dir = config.makefu.dl-dir;
base-dir = config.makefu.dl-dir;
in {
users.users = {
download = {
name = "download";
home = torrent-dir;
home = base-dir;
uid = mkDefault (genid "download");
createHome = true;
useDefaultShell = true;
@ -25,10 +25,12 @@ in {
# todo: race condition, do this after download user has been created
system.activationScripts."download-dir-chmod" = ''
for i in finished watch torrents; do
mkdir -p "${torrent-dir}/$i"
chown download:download "${torrent-dir}/$i"
chmod 770 "${torrent-dir}/$i"
for i in finished watch; do
if test ! -d $i;then
mkdir -p "${base-dir}/$i"
chown rtorrent:download "${base-dir}/$i"
chmod 775 "${base-dir}/$i"
fi
done
'';
@ -42,6 +44,7 @@ in {
"nginx"
];
};
rtorrent.members = [ "download" ];
};
krebs.rtorrent = {
@ -54,7 +57,8 @@ in {
rutorrent.enable = true;
enableXMLRPC = true;
listenPort = peer-port;
workDir = torrent-dir;
downloadDir = base-dir + "/finished";
watchDir = base-dir + "/watch";
# dump old torrents into watch folder to have them re-added
};

View File

@ -2,7 +2,10 @@
, lib
, alsaUtils
, xbacklight
, modkey?"Mod4"
, networkmanagerapplet
, blueman
, clipit
, modkey ? "Mod4"
, locker? "${pkgs.xlock}/bin/xlock -mode blank"
, ... }:
@ -10,7 +13,7 @@
# replace: @alsaUtils@ @xlockmore@ @xbacklight@ @modkey@
full = lib.makeOverridable pkgs.substituteAll {
name = "awesome_full_config";
inherit alsaUtils locker xbacklight modkey;
inherit alsaUtils locker xbacklight modkey networkmanagerapplet blueman clipit;
isExecutable = false;
src = ./full.cfg;
};

View File

@ -568,6 +568,18 @@ local os = {
-- }}}
-- {{{ autostart
do
local cmds =
{
"@networkmanagerapplet@/bin/nm-applet",
"@blueman@/bin/blueman-applet",
"@clipit@/bin/clipit"
}
for _,i in pairs(cmds) do
awful.util.spawn(i)
end
end
-- }}}