Merge remote-tracking branch 'gum/master'

krebs/3modules/makefu/default.nix

@@ -336,7 +336,6 @@ with import <stockholm/lib>;
         "krebsco.de" = ''
           euer              IN MX 1   aspmx.l.google.com.
           nixos.unstable    IN CNAME  krebscode.github.io.
-          gold              IN A      ${nets.internet.ip4.addr}
           boot              IN A      ${nets.internet.ip4.addr}
         '';
       };
@@ -522,6 +521,13 @@ with import <stockholm/lib>;
     };
     nextgum = rec {
       ci = true;
+      extraZones = {
+        "krebsco.de" = ''
+          cache.euer        IN A      ${nets.internet.ip4.addr}
+          cache.gum         IN A      ${nets.internet.ip4.addr}
+          gold              IN A      ${nets.internet.ip4.addr}
+        '';
+      };
       cores = 8;
       nets = rec {
         internet = {
@@ -537,6 +543,7 @@ with import <stockholm/lib>;
           ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3";
           aliases = [
             "nextgum.r"
+            "cache.gum.r"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----

krebs/3modules/rtorrent.nix

@@ -29,7 +29,7 @@ let
     ''}
 
     ${optionalString (cfg.watchDir != null) ''
-      schedule = watch_directory,5,5,load_start=${cfg.watchDir}/*.torrent
+      directory.watch.added = "${cfg.watchDir}", load.start_verbose
     ''}
 
     directory = ${cfg.downloadDir}

makefu/1systems/nextgum/config.nix

@@ -49,6 +49,7 @@ in {
       <stockholm/makefu/2configs/vpn/openvpn-server.nix>
       # <stockholm/makefu/2configs/vpn/vpnws/server.nix>
       <stockholm/makefu/2configs/dnscrypt/server.nix>
+      <stockholm/makefu/2configs/binary-cache/server.nix>
       <stockholm/makefu/2configs/iodined.nix>
 
       ## buildbot
@@ -69,6 +70,8 @@ in {
       #<stockholm/makefu/2configs/nginx/public_html.nix>
       #<stockholm/makefu/2configs/nginx/update.connector.one.nix>
       #<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
+      <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
+      <stockholm/makefu/2configs/deployment/events-publisher>
 
       #<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
       #<stockholm/makefu/2configs/deployment/graphs.nix>

makefu/1systems/nextgum/hardware-config.nix

@@ -45,12 +45,20 @@ in {
     "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
     "xhci_pci" "ehci_pci" "ahci" "sd_mod"
   ];
-  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelModules = [ "kvm-intel" "dm-raid" "dm_thin_pool" ];
   hardware.enableRedistributableFirmware = true;
   fileSystems."/" = {
     device = "/dev/mapper/nixos-root";
     fsType = "ext4";
   };
+  fileSystems."/var/lib" = {
+    device = "/dev/mapper/nixos-lib";
+    fsType = "ext4";
+  };
+  fileSystems."/var/download" = {
+    device = "/dev/mapper/nixos-download";
+    fsType = "ext4";
+  };
   fileSystems."/boot" = {
     device = "/dev/sda2";
     fsType = "vfat";
@@ -69,7 +77,9 @@ in {
   #pvcreate /dev/sda3
   #pvcreate /dev/sdb1
   #vgcreate nixos /dev/sda3 /dev/sdb1
-  #lvcreate -L 120G -n root nixos
+  #lvcreate -L 120G -m 1 -n root nixos
+  #lvcreate -L 50G -m 1 -n lib nixos
+  #lvcreate -L 50G -n download nixos
   #mkfs.ext4 /dev/mapper/nixos-root
   #mount /dev/mapper/nixos-root /mnt
   #mkdir /mnt/boot

makefu/1systems/wbob/config.nix

@@ -39,11 +39,15 @@ in {
 
       # Sensors
       <stockholm/makefu/2configs/stats/telegraf>
-      <stockholm/makefu/2configs/deployment/led-fader.nix>
-      <stockholm/makefu/2configs/stats/external/aralast.nix>
       <stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
-      # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
+      <stockholm/makefu/2configs/stats/telegraf/europastats.nix>
+      <stockholm/makefu/2configs/stats/external/aralast.nix>
+      <stockholm/makefu/2configs/stats/arafetch.nix>
+      <stockholm/makefu/2configs/deployment/led-fader.nix>
       <stockholm/makefu/2configs/hw/mceusb.nix>
+      # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
+
+
 
       <stockholm/makefu/2configs/deployment/bureautomation>
       (let

makefu/1systems/x/config.nix

@@ -8,6 +8,7 @@ with import <stockholm/lib>;
   imports =
     [ # base
       <stockholm/makefu>
+      <stockholm/makefu/2configs/nur.nix>
       <stockholm/makefu/2configs/main-laptop.nix>
       <stockholm/makefu/2configs/extra-fonts.nix>
       <stockholm/makefu/2configs/tools/all.nix>
@@ -54,7 +55,6 @@ with import <stockholm/lib>;
           internalInterfaces = [ "vboxnet0" ];
         };
       }
-
       # Services
       <stockholm/makefu/2configs/git/brain-retiolum.nix>
       <stockholm/makefu/2configs/tor.nix>
@@ -64,6 +64,7 @@ with import <stockholm/lib>;
 
       # Hardware
       <stockholm/makefu/2configs/hw/tp-x230.nix>
+      <stockholm/makefu/2configs/hw/mceusb.nix>
       # <stockholm/makefu/2configs/hw/tpm.nix>
       # <stockholm/makefu/2configs/hw/rtl8812au.nix>
       <stockholm/makefu/2configs/hw/network-manager.nix>
@@ -125,7 +126,7 @@ with import <stockholm/lib>;
 
   krebs.build.host = config.krebs.hosts.x;
 
-  krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
+  krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" "nextgum" ];
 
   networking.extraHosts = ''
     192.168.1.11  omo.local
@@ -133,6 +134,8 @@ with import <stockholm/lib>;
   '';
   # hard dependency because otherwise the device will not be unlocked
   boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
+  # avoid full boot dir
+  boot.loader.grub.configurationLimit = 3;
 
   environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
   nixpkgs.overlays = [ (import <python/overlay.nix>) ];

makefu/2configs/binary-cache/server.nix

@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ...}:
+
+{
+  # generate private key with:
+  # nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+  };
+
+  systemd.services.nix-serve = {
+    requires = ["secret.service"];
+    after = ["secret.service"];
+  };
+  krebs.secret.files.nix-serve-key = {
+    path = "/run/secret/nix-serve.key";
+    owner.name = "nix-serve";
+    source-path = toString <secrets> + "/nix-serve.key";
+  };
+  services.nginx = {
+    enable = true;
+    virtualHosts.nix-serve = {
+      serverAliases = [ "cache.gum.r"
+                        "cache.euer.krebsco.de"
+                        "cache.gum.krebsco.de"
+                      ];
+      locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";
+    };
+  };
+}
+

makefu/2configs/deployment/events-publisher/default.nix

@@ -0,0 +1,48 @@
+{ pkgs, ... }:
+with import <stockholm/lib>;
+let
+  shack-announce = pkgs.callPackage (builtins.fetchTarball {
+    url = "https://github.com/makefu/events-publisher/archive/15fbe5cc6ac9617a08a042870795f9e879d9952a.tar.gz";
+    sha256 = "1bqp1qdnwx5q1w468zbm57hmpjz3x8if3j29qrqcia0vzks1s37a";
+  }) {} ;
+  home = "/var/lib/shackannounce";
+  user = "shackannounce";
+  creds = (toString <secrets>) + "/shack-announce.json";
+in
+{
+  users.users.${user}= {
+    uid = genid user;
+    inherit home;
+    createHome = true;
+  };
+  systemd.services.shack-announce = {
+    description = "Announce shack events";
+    startAt = "*:0/30";
+    path = [ shack-announce ];
+    serviceConfig  = {
+      WorkingDirectory = home;
+      User = user;
+      PermissionsStartOnly = true;
+      ExecStartPre = pkgs.writeDash "shack-announce-pre" ''
+        set -eu
+        cp ${creds} creds.json
+        chown ${user} creds.json
+      '';
+      ExecStart = pkgs.writeDash "shack-announce" ''
+        if test ! -e announce.state; then
+          echo "initializing state"
+          announce-daemon \
+            --lol INFO \
+            --creds creds.json \
+            --state announce.state \
+            --clean --init
+        fi
+        echo "Running announce"
+        announce-daemon \
+           --lol INFO \
+           --creds creds.json \
+           --state announce.state
+      '';
+    };
+  };
+}

makefu/2configs/hw/mceusb.nix

@@ -1,4 +1,4 @@
-{pkgs,...}:{
+{pkgs, lib, ...}:{
   # Disable the MCE remote from acting like a keyboard.  (We use lirc instead.)
   services.xserver.inputClassSections = [''
     Identifier   "MCE USB Keyboard mimic blacklist"
@@ -6,13 +6,12 @@
     MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)"
     Option       "Ignore" "on"
   ''];
-  boot.kernelPackages = builtins.trace "Using linux kernel 4.16, not latest" pkgs.linuxPackages_4_16;
-  nixpkgs.config.packageOverrides = pkgs: {
-    linux_4_16 = pkgs.linux_4_16.override {
-        extraConfig = ''
-          LIRC y
-        '';
-    };
+  boot.kernelPatches = lib.singleton {
+    name = "enable-lirc";
+    patch = null;
+    extraConfig = ''
+      LIRC y
+    '';
   };
 
 }

makefu/2configs/hw/network-manager.nix

@@ -22,15 +22,9 @@
   };
   networking.networkmanager.enable = true;
 
-  # TODO: put somewhere else
-  services.xserver.displayManager.sessionCommands = ''
-    ${pkgs.clipit}/bin/clipit &
-    ${pkgs.networkmanagerapplet}/bin/nm-applet &
-    '';
-
 # nixOSUnstable
-# networking.networkmanager.wifi = {
-#   powersave = true;
-#   scanRandMacAddress = true;
-# };
+  networking.networkmanager.wifi = {
+    powersave = true;
+    scanRandMacAddress = true;
+  };
 }

makefu/2configs/hw/stk1160.nix

@@ -1,13 +1,12 @@
 { pkgs, lib, ... }:
 {
-  # TODO: un-pin linuxPackages somehow
-  nixpkgs.config.packageOverrides = pkgs: {
-    linux_4_14 = pkgs.linux_4_14.override {
-        extraConfig = ''
-          MEDIA_ANALOG_TV_SUPPORT y
-          VIDEO_STK1160_COMMON m
-          VIDEO_STK1160 m
-        '';
-    };
+  boot.kernelPatches = lib.singleton {
+    name = "enable-stk1160";
+    patch = null;
+    extraConfig = ''
+      MEDIA_ANALOG_TV_SUPPORT y
+      VIDEO_STK1160_COMMON m
+      VIDEO_STK1160 m
+    '';
   };
 }

makefu/2configs/nginx/gold.krebsco.de.nix

@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+  gold = pkgs.fetchFromGitHub {
+    owner = "krebs";
+    repo = "krebsgold";
+    rev = "15f7a74";
+    sha256= "1ya9xgg640k3hbl63022sfm44c1si2mxch8jkxindmwg4pa1y4ly";
+  };
+in {
+
+  services.nginx = {
+    enable = mkDefault true;
+    virtualHosts = {
+      "gold.krebsco.de" = {
+        enableACME = true;
+        forceSSL = true;
+        root = toString gold + "/html";
+      };
+    };
+  };
+}
+

makefu/2configs/nur.nix

@@ -0,0 +1,7 @@
+{ pkgs, ... }:{
+  nixpkgs.config.packageOverrides = pkgs: {
+    nur = pkgs.callPackage (import (builtins.fetchGit {
+      url = "https://github.com/nix-community/NUR";
+    })) {};
+  };
+}

makefu/2configs/task-client.nix

@@ -1,6 +1,6 @@
 { pkgs, ... }:
 {
-  krebs.per-user.makefu.packages = [
+  users.users.makefu.packages = [
     pkgs.taskwarrior
   ];
 

makefu/2configs/tools/core-gui.nix

@@ -1,10 +1,10 @@
 { pkgs, ... }:
 
 {
-  krebs.per-user.makefu.packages = with pkgs; [
+  users.users.makefu.packages = with pkgs; [
     chromium
-    clipit
     feh
+    clipit
     firefox
     keepassx
     pcmanfm

makefu/2configs/tools/desktop.nix

@@ -4,8 +4,10 @@
   users.users.makefu.packages = with pkgs; [
     taskwarrior
     pass
+    gopass
     mutt
     weechat
     tmux
   ];
+
 }

makefu/2configs/tools/extra-gui.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 
 {
-  krebs.per-user.makefu.packages = with pkgs;[
+  users.users.makefu.packages = with pkgs;[
     # media
     gimp
     inkscape

makefu/2configs/tools/media.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 
 {
-  krebs.per-user.makefu.packages = with pkgs; [
+  users.users.makefu.packages = with pkgs; [
     kodi
     streamripper
     youtube-dl

makefu/2configs/tools/sec.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 
 {
-  krebs.per-user.makefu.packages = with pkgs; [
+  users.users.makefu.packages = with pkgs; [
     aria2
     # mitmproxy
     pythonPackages.binwalk-full

makefu/2configs/torrent.nix

@@ -8,13 +8,13 @@ let
   peer-port = 51412;
   web-port = 8112;
   daemon-port = 58846;
-  torrent-dir = config.makefu.dl-dir;
+  base-dir = config.makefu.dl-dir;
 in {
 
   users.users = {
     download = {
       name = "download";
-      home = torrent-dir;
+      home = base-dir;
       uid = mkDefault (genid "download");
       createHome = true;
       useDefaultShell = true;
@@ -25,10 +25,12 @@ in {
 
   # todo: race condition, do this after download user has been created
   system.activationScripts."download-dir-chmod" = ''
-    for i in finished watch torrents; do
-      mkdir -p "${torrent-dir}/$i"
-      chown download:download "${torrent-dir}/$i"
-      chmod 770 "${torrent-dir}/$i"
+    for i in finished watch; do
+      if test ! -d $i;then
+        mkdir -p "${base-dir}/$i"
+        chown rtorrent:download "${base-dir}/$i"
+        chmod 775 "${base-dir}/$i"
+      fi
     done
   '';
 
@@ -42,6 +44,7 @@ in {
         "nginx"
       ];
     };
+    rtorrent.members = [ "download" ];
   };
 
   krebs.rtorrent = {
@@ -54,7 +57,8 @@ in {
     rutorrent.enable = true;
     enableXMLRPC = true;
     listenPort = peer-port;
-    workDir = torrent-dir;
+    downloadDir = base-dir + "/finished";
+    watchDir = base-dir + "/watch";
     # dump old torrents into watch folder to have them re-added
   };
 

makefu/5pkgs/awesomecfg/default.nix

@@ -2,7 +2,10 @@
 , lib
 , alsaUtils
 , xbacklight
-, modkey?"Mod4"
+, networkmanagerapplet
+, blueman
+, clipit
+, modkey ? "Mod4"
 , locker? "${pkgs.xlock}/bin/xlock -mode blank"
 , ... }:
 
@@ -10,7 +13,7 @@
   # replace: @alsaUtils@ @xlockmore@ @xbacklight@ @modkey@
   full = lib.makeOverridable pkgs.substituteAll {
     name = "awesome_full_config";
-    inherit alsaUtils locker xbacklight modkey;
+    inherit alsaUtils locker xbacklight modkey networkmanagerapplet blueman clipit;
     isExecutable = false;
     src = ./full.cfg;
   };

makefu/5pkgs/awesomecfg/full.cfg

@@ -568,6 +568,18 @@ local os = {
 
 -- }}}
 
+-- {{{ autostart
+do
+  local cmds =
+  {
+    "@networkmanagerapplet@/bin/nm-applet",
+    "@blueman@/bin/blueman-applet",
+    "@clipit@/bin/clipit"
+  }
 
+  for _,i in pairs(cmds) do
+    awful.util.spawn(i)
+  end
+end
 
 -- }}}