Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
2bf24eae61
@ -336,7 +336,6 @@ with import <stockholm/lib>;
|
||||
"krebsco.de" = ''
|
||||
euer IN MX 1 aspmx.l.google.com.
|
||||
nixos.unstable IN CNAME krebscode.github.io.
|
||||
gold IN A ${nets.internet.ip4.addr}
|
||||
boot IN A ${nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
@ -522,6 +521,13 @@ with import <stockholm/lib>;
|
||||
};
|
||||
nextgum = rec {
|
||||
ci = true;
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
cache.euer IN A ${nets.internet.ip4.addr}
|
||||
cache.gum IN A ${nets.internet.ip4.addr}
|
||||
gold IN A ${nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
cores = 8;
|
||||
nets = rec {
|
||||
internet = {
|
||||
@ -537,6 +543,7 @@ with import <stockholm/lib>;
|
||||
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3";
|
||||
aliases = [
|
||||
"nextgum.r"
|
||||
"cache.gum.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
|
@ -29,7 +29,7 @@ let
|
||||
''}
|
||||
|
||||
${optionalString (cfg.watchDir != null) ''
|
||||
schedule = watch_directory,5,5,load_start=${cfg.watchDir}/*.torrent
|
||||
directory.watch.added = "${cfg.watchDir}", load.start_verbose
|
||||
''}
|
||||
|
||||
directory = ${cfg.downloadDir}
|
||||
|
@ -49,6 +49,7 @@ in {
|
||||
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
|
||||
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
|
||||
<stockholm/makefu/2configs/dnscrypt/server.nix>
|
||||
<stockholm/makefu/2configs/binary-cache/server.nix>
|
||||
<stockholm/makefu/2configs/iodined.nix>
|
||||
|
||||
## buildbot
|
||||
@ -69,6 +70,8 @@ in {
|
||||
#<stockholm/makefu/2configs/nginx/public_html.nix>
|
||||
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
||||
#<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
|
||||
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
|
||||
<stockholm/makefu/2configs/deployment/events-publisher>
|
||||
|
||||
#<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
|
||||
#<stockholm/makefu/2configs/deployment/graphs.nix>
|
||||
|
@ -45,12 +45,20 @@ in {
|
||||
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
|
||||
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
|
||||
];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.kernelModules = [ "kvm-intel" "dm-raid" "dm_thin_pool" ];
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
fileSystems."/" = {
|
||||
device = "/dev/mapper/nixos-root";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/lib" = {
|
||||
device = "/dev/mapper/nixos-lib";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/download" = {
|
||||
device = "/dev/mapper/nixos-download";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/sda2";
|
||||
fsType = "vfat";
|
||||
@ -69,7 +77,9 @@ in {
|
||||
#pvcreate /dev/sda3
|
||||
#pvcreate /dev/sdb1
|
||||
#vgcreate nixos /dev/sda3 /dev/sdb1
|
||||
#lvcreate -L 120G -n root nixos
|
||||
#lvcreate -L 120G -m 1 -n root nixos
|
||||
#lvcreate -L 50G -m 1 -n lib nixos
|
||||
#lvcreate -L 50G -n download nixos
|
||||
#mkfs.ext4 /dev/mapper/nixos-root
|
||||
#mount /dev/mapper/nixos-root /mnt
|
||||
#mkdir /mnt/boot
|
||||
|
@ -39,11 +39,15 @@ in {
|
||||
|
||||
# Sensors
|
||||
<stockholm/makefu/2configs/stats/telegraf>
|
||||
<stockholm/makefu/2configs/deployment/led-fader.nix>
|
||||
<stockholm/makefu/2configs/stats/external/aralast.nix>
|
||||
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
|
||||
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
|
||||
<stockholm/makefu/2configs/stats/telegraf/europastats.nix>
|
||||
<stockholm/makefu/2configs/stats/external/aralast.nix>
|
||||
<stockholm/makefu/2configs/stats/arafetch.nix>
|
||||
<stockholm/makefu/2configs/deployment/led-fader.nix>
|
||||
<stockholm/makefu/2configs/hw/mceusb.nix>
|
||||
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
|
||||
|
||||
|
||||
|
||||
<stockholm/makefu/2configs/deployment/bureautomation>
|
||||
(let
|
||||
|
@ -8,6 +8,7 @@ with import <stockholm/lib>;
|
||||
imports =
|
||||
[ # base
|
||||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/nur.nix>
|
||||
<stockholm/makefu/2configs/main-laptop.nix>
|
||||
<stockholm/makefu/2configs/extra-fonts.nix>
|
||||
<stockholm/makefu/2configs/tools/all.nix>
|
||||
@ -54,7 +55,6 @@ with import <stockholm/lib>;
|
||||
internalInterfaces = [ "vboxnet0" ];
|
||||
};
|
||||
}
|
||||
|
||||
# Services
|
||||
<stockholm/makefu/2configs/git/brain-retiolum.nix>
|
||||
<stockholm/makefu/2configs/tor.nix>
|
||||
@ -64,6 +64,7 @@ with import <stockholm/lib>;
|
||||
|
||||
# Hardware
|
||||
<stockholm/makefu/2configs/hw/tp-x230.nix>
|
||||
<stockholm/makefu/2configs/hw/mceusb.nix>
|
||||
# <stockholm/makefu/2configs/hw/tpm.nix>
|
||||
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
|
||||
<stockholm/makefu/2configs/hw/network-manager.nix>
|
||||
@ -125,7 +126,7 @@ with import <stockholm/lib>;
|
||||
|
||||
krebs.build.host = config.krebs.hosts.x;
|
||||
|
||||
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
|
||||
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" "nextgum" ];
|
||||
|
||||
networking.extraHosts = ''
|
||||
192.168.1.11 omo.local
|
||||
@ -133,6 +134,8 @@ with import <stockholm/lib>;
|
||||
'';
|
||||
# hard dependency because otherwise the device will not be unlocked
|
||||
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
|
||||
# avoid full boot dir
|
||||
boot.loader.grub.configurationLimit = 3;
|
||||
|
||||
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
|
||||
nixpkgs.overlays = [ (import <python/overlay.nix>) ];
|
||||
|
31
makefu/2configs/binary-cache/server.nix
Normal file
31
makefu/2configs/binary-cache/server.nix
Normal file
@ -0,0 +1,31 @@
|
||||
{ config, lib, pkgs, ...}:
|
||||
|
||||
{
|
||||
# generate private key with:
|
||||
# nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub
|
||||
services.nix-serve = {
|
||||
enable = true;
|
||||
secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
|
||||
};
|
||||
|
||||
systemd.services.nix-serve = {
|
||||
requires = ["secret.service"];
|
||||
after = ["secret.service"];
|
||||
};
|
||||
krebs.secret.files.nix-serve-key = {
|
||||
path = "/run/secret/nix-serve.key";
|
||||
owner.name = "nix-serve";
|
||||
source-path = toString <secrets> + "/nix-serve.key";
|
||||
};
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts.nix-serve = {
|
||||
serverAliases = [ "cache.gum.r"
|
||||
"cache.euer.krebsco.de"
|
||||
"cache.gum.krebsco.de"
|
||||
];
|
||||
locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
48
makefu/2configs/deployment/events-publisher/default.nix
Normal file
48
makefu/2configs/deployment/events-publisher/default.nix
Normal file
@ -0,0 +1,48 @@
|
||||
{ pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
shack-announce = pkgs.callPackage (builtins.fetchTarball {
|
||||
url = "https://github.com/makefu/events-publisher/archive/15fbe5cc6ac9617a08a042870795f9e879d9952a.tar.gz";
|
||||
sha256 = "1bqp1qdnwx5q1w468zbm57hmpjz3x8if3j29qrqcia0vzks1s37a";
|
||||
}) {} ;
|
||||
home = "/var/lib/shackannounce";
|
||||
user = "shackannounce";
|
||||
creds = (toString <secrets>) + "/shack-announce.json";
|
||||
in
|
||||
{
|
||||
users.users.${user}= {
|
||||
uid = genid user;
|
||||
inherit home;
|
||||
createHome = true;
|
||||
};
|
||||
systemd.services.shack-announce = {
|
||||
description = "Announce shack events";
|
||||
startAt = "*:0/30";
|
||||
path = [ shack-announce ];
|
||||
serviceConfig = {
|
||||
WorkingDirectory = home;
|
||||
User = user;
|
||||
PermissionsStartOnly = true;
|
||||
ExecStartPre = pkgs.writeDash "shack-announce-pre" ''
|
||||
set -eu
|
||||
cp ${creds} creds.json
|
||||
chown ${user} creds.json
|
||||
'';
|
||||
ExecStart = pkgs.writeDash "shack-announce" ''
|
||||
if test ! -e announce.state; then
|
||||
echo "initializing state"
|
||||
announce-daemon \
|
||||
--lol INFO \
|
||||
--creds creds.json \
|
||||
--state announce.state \
|
||||
--clean --init
|
||||
fi
|
||||
echo "Running announce"
|
||||
announce-daemon \
|
||||
--lol INFO \
|
||||
--creds creds.json \
|
||||
--state announce.state
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -1,4 +1,4 @@
|
||||
{pkgs,...}:{
|
||||
{pkgs, lib, ...}:{
|
||||
# Disable the MCE remote from acting like a keyboard. (We use lirc instead.)
|
||||
services.xserver.inputClassSections = [''
|
||||
Identifier "MCE USB Keyboard mimic blacklist"
|
||||
@ -6,13 +6,12 @@
|
||||
MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)"
|
||||
Option "Ignore" "on"
|
||||
''];
|
||||
boot.kernelPackages = builtins.trace "Using linux kernel 4.16, not latest" pkgs.linuxPackages_4_16;
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
linux_4_16 = pkgs.linux_4_16.override {
|
||||
extraConfig = ''
|
||||
LIRC y
|
||||
'';
|
||||
};
|
||||
boot.kernelPatches = lib.singleton {
|
||||
name = "enable-lirc";
|
||||
patch = null;
|
||||
extraConfig = ''
|
||||
LIRC y
|
||||
'';
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -22,15 +22,9 @@
|
||||
};
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
# TODO: put somewhere else
|
||||
services.xserver.displayManager.sessionCommands = ''
|
||||
${pkgs.clipit}/bin/clipit &
|
||||
${pkgs.networkmanagerapplet}/bin/nm-applet &
|
||||
'';
|
||||
|
||||
# nixOSUnstable
|
||||
# networking.networkmanager.wifi = {
|
||||
# powersave = true;
|
||||
# scanRandMacAddress = true;
|
||||
# };
|
||||
networking.networkmanager.wifi = {
|
||||
powersave = true;
|
||||
scanRandMacAddress = true;
|
||||
};
|
||||
}
|
||||
|
@ -1,13 +1,12 @@
|
||||
{ pkgs, lib, ... }:
|
||||
{
|
||||
# TODO: un-pin linuxPackages somehow
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
linux_4_14 = pkgs.linux_4_14.override {
|
||||
extraConfig = ''
|
||||
MEDIA_ANALOG_TV_SUPPORT y
|
||||
VIDEO_STK1160_COMMON m
|
||||
VIDEO_STK1160 m
|
||||
'';
|
||||
};
|
||||
boot.kernelPatches = lib.singleton {
|
||||
name = "enable-stk1160";
|
||||
patch = null;
|
||||
extraConfig = ''
|
||||
MEDIA_ANALOG_TV_SUPPORT y
|
||||
VIDEO_STK1160_COMMON m
|
||||
VIDEO_STK1160 m
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
24
makefu/2configs/nginx/gold.krebsco.de.nix
Normal file
24
makefu/2configs/nginx/gold.krebsco.de.nix
Normal file
@ -0,0 +1,24 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
gold = pkgs.fetchFromGitHub {
|
||||
owner = "krebs";
|
||||
repo = "krebsgold";
|
||||
rev = "15f7a74";
|
||||
sha256= "1ya9xgg640k3hbl63022sfm44c1si2mxch8jkxindmwg4pa1y4ly";
|
||||
};
|
||||
in {
|
||||
|
||||
services.nginx = {
|
||||
enable = mkDefault true;
|
||||
virtualHosts = {
|
||||
"gold.krebsco.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
root = toString gold + "/html";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
7
makefu/2configs/nur.nix
Normal file
7
makefu/2configs/nur.nix
Normal file
@ -0,0 +1,7 @@
|
||||
{ pkgs, ... }:{
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
nur = pkgs.callPackage (import (builtins.fetchGit {
|
||||
url = "https://github.com/nix-community/NUR";
|
||||
})) {};
|
||||
};
|
||||
}
|
@ -1,6 +1,6 @@
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
krebs.per-user.makefu.packages = [
|
||||
users.users.makefu.packages = [
|
||||
pkgs.taskwarrior
|
||||
];
|
||||
|
||||
|
@ -1,10 +1,10 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
krebs.per-user.makefu.packages = with pkgs; [
|
||||
users.users.makefu.packages = with pkgs; [
|
||||
chromium
|
||||
clipit
|
||||
feh
|
||||
clipit
|
||||
firefox
|
||||
keepassx
|
||||
pcmanfm
|
||||
|
@ -4,8 +4,10 @@
|
||||
users.users.makefu.packages = with pkgs; [
|
||||
taskwarrior
|
||||
pass
|
||||
gopass
|
||||
mutt
|
||||
weechat
|
||||
tmux
|
||||
];
|
||||
|
||||
}
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
krebs.per-user.makefu.packages = with pkgs;[
|
||||
users.users.makefu.packages = with pkgs;[
|
||||
# media
|
||||
gimp
|
||||
inkscape
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
krebs.per-user.makefu.packages = with pkgs; [
|
||||
users.users.makefu.packages = with pkgs; [
|
||||
kodi
|
||||
streamripper
|
||||
youtube-dl
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
krebs.per-user.makefu.packages = with pkgs; [
|
||||
users.users.makefu.packages = with pkgs; [
|
||||
aria2
|
||||
# mitmproxy
|
||||
pythonPackages.binwalk-full
|
||||
|
@ -8,13 +8,13 @@ let
|
||||
peer-port = 51412;
|
||||
web-port = 8112;
|
||||
daemon-port = 58846;
|
||||
torrent-dir = config.makefu.dl-dir;
|
||||
base-dir = config.makefu.dl-dir;
|
||||
in {
|
||||
|
||||
users.users = {
|
||||
download = {
|
||||
name = "download";
|
||||
home = torrent-dir;
|
||||
home = base-dir;
|
||||
uid = mkDefault (genid "download");
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
@ -25,10 +25,12 @@ in {
|
||||
|
||||
# todo: race condition, do this after download user has been created
|
||||
system.activationScripts."download-dir-chmod" = ''
|
||||
for i in finished watch torrents; do
|
||||
mkdir -p "${torrent-dir}/$i"
|
||||
chown download:download "${torrent-dir}/$i"
|
||||
chmod 770 "${torrent-dir}/$i"
|
||||
for i in finished watch; do
|
||||
if test ! -d $i;then
|
||||
mkdir -p "${base-dir}/$i"
|
||||
chown rtorrent:download "${base-dir}/$i"
|
||||
chmod 775 "${base-dir}/$i"
|
||||
fi
|
||||
done
|
||||
'';
|
||||
|
||||
@ -42,6 +44,7 @@ in {
|
||||
"nginx"
|
||||
];
|
||||
};
|
||||
rtorrent.members = [ "download" ];
|
||||
};
|
||||
|
||||
krebs.rtorrent = {
|
||||
@ -54,7 +57,8 @@ in {
|
||||
rutorrent.enable = true;
|
||||
enableXMLRPC = true;
|
||||
listenPort = peer-port;
|
||||
workDir = torrent-dir;
|
||||
downloadDir = base-dir + "/finished";
|
||||
watchDir = base-dir + "/watch";
|
||||
# dump old torrents into watch folder to have them re-added
|
||||
};
|
||||
|
||||
|
@ -2,7 +2,10 @@
|
||||
, lib
|
||||
, alsaUtils
|
||||
, xbacklight
|
||||
, modkey?"Mod4"
|
||||
, networkmanagerapplet
|
||||
, blueman
|
||||
, clipit
|
||||
, modkey ? "Mod4"
|
||||
, locker? "${pkgs.xlock}/bin/xlock -mode blank"
|
||||
, ... }:
|
||||
|
||||
@ -10,7 +13,7 @@
|
||||
# replace: @alsaUtils@ @xlockmore@ @xbacklight@ @modkey@
|
||||
full = lib.makeOverridable pkgs.substituteAll {
|
||||
name = "awesome_full_config";
|
||||
inherit alsaUtils locker xbacklight modkey;
|
||||
inherit alsaUtils locker xbacklight modkey networkmanagerapplet blueman clipit;
|
||||
isExecutable = false;
|
||||
src = ./full.cfg;
|
||||
};
|
||||
|
@ -568,6 +568,18 @@ local os = {
|
||||
|
||||
-- }}}
|
||||
|
||||
-- {{{ autostart
|
||||
do
|
||||
local cmds =
|
||||
{
|
||||
"@networkmanagerapplet@/bin/nm-applet",
|
||||
"@blueman@/bin/blueman-applet",
|
||||
"@clipit@/bin/clipit"
|
||||
}
|
||||
|
||||
for _,i in pairs(cmds) do
|
||||
awful.util.spawn(i)
|
||||
end
|
||||
end
|
||||
|
||||
-- }}}
|
||||
|
Loading…
Reference in New Issue
Block a user