Merge remote-tracking branch 'gum/master'

2018-08-09 17:23:53 +02:00 · 2018-08-09 17:23:53 +02:00 · 2bf24eae61
commit 2bf24eae61
parent f9d96d13de 6368507f02
22 changed files with 201 additions and 51 deletions
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@ -336,7 +336,6 @@ with import <stockholm/lib>;
        "krebsco.de" = ''
          euer              IN MX 1   aspmx.l.google.com.
          nixos.unstable    IN CNAME  krebscode.github.io.
          gold              IN A      ${nets.internet.ip4.addr}
          boot              IN A      ${nets.internet.ip4.addr}
        '';
      };
@ -522,6 +521,13 @@ with import <stockholm/lib>;
    };
    nextgum = rec {
      ci = true;
      extraZones = {
        "krebsco.de" = ''
          cache.euer        IN A      ${nets.internet.ip4.addr}
          cache.gum         IN A      ${nets.internet.ip4.addr}
          gold              IN A      ${nets.internet.ip4.addr}
        '';
      };
      cores = 8;
      nets = rec {
        internet = {
@ -537,6 +543,7 @@ with import <stockholm/lib>;
          ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3";
          aliases = [
            "nextgum.r"
            "cache.gum.r"
          ];
          tinc.pubkey = ''
            -----BEGIN RSA PUBLIC KEY-----
--- a/krebs/3modules/rtorrent.nix
+++ b/krebs/3modules/rtorrent.nix
@ -29,7 +29,7 @@ let
    ''}
    ${optionalString (cfg.watchDir != null) ''
-      schedule = watch_directory,5,5,load_start=${cfg.watchDir}/*.torrent
+      directory.watch.added = "${cfg.watchDir}", load.start_verbose
    ''}
    directory = ${cfg.downloadDir}
--- a/makefu/1systems/nextgum/config.nix
+++ b/makefu/1systems/nextgum/config.nix
@ -49,6 +49,7 @@ in {
      <stockholm/makefu/2configs/vpn/openvpn-server.nix>
      # <stockholm/makefu/2configs/vpn/vpnws/server.nix>
      <stockholm/makefu/2configs/dnscrypt/server.nix>
      <stockholm/makefu/2configs/binary-cache/server.nix>
      <stockholm/makefu/2configs/iodined.nix>
      ## buildbot
@ -69,6 +70,8 @@ in {
      #<stockholm/makefu/2configs/nginx/public_html.nix>
      #<stockholm/makefu/2configs/nginx/update.connector.one.nix>
      #<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
      <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
      <stockholm/makefu/2configs/deployment/events-publisher>
      #<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
      #<stockholm/makefu/2configs/deployment/graphs.nix>
--- a/makefu/1systems/nextgum/hardware-config.nix
+++ b/makefu/1systems/nextgum/hardware-config.nix
@ -45,12 +45,20 @@ in {
    "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
    "xhci_pci" "ehci_pci" "ahci" "sd_mod"
  ];
-  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelModules = [ "kvm-intel" "dm-raid" "dm_thin_pool" ];
  hardware.enableRedistributableFirmware = true;
  fileSystems."/" = {
    device = "/dev/mapper/nixos-root";
    fsType = "ext4";
  };
  fileSystems."/var/lib" = {
    device = "/dev/mapper/nixos-lib";
    fsType = "ext4";
  };
  fileSystems."/var/download" = {
    device = "/dev/mapper/nixos-download";
    fsType = "ext4";
  };
  fileSystems."/boot" = {
    device = "/dev/sda2";
    fsType = "vfat";
@ -69,7 +77,9 @@ in {
  #pvcreate /dev/sda3
  #pvcreate /dev/sdb1
  #vgcreate nixos /dev/sda3 /dev/sdb1
-  #lvcreate -L 120G -n root nixos
+  #lvcreate -L 120G -m 1 -n root nixos
  #lvcreate -L 50G -m 1 -n lib nixos
  #lvcreate -L 50G -n download nixos
  #mkfs.ext4 /dev/mapper/nixos-root
  #mount /dev/mapper/nixos-root /mnt
  #mkdir /mnt/boot
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@ -39,11 +39,15 @@ in {
      # Sensors
      <stockholm/makefu/2configs/stats/telegraf>
      <stockholm/makefu/2configs/deployment/led-fader.nix>
      <stockholm/makefu/2configs/stats/external/aralast.nix>
      <stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
-      # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
+      <stockholm/makefu/2configs/stats/telegraf/europastats.nix>
      <stockholm/makefu/2configs/stats/external/aralast.nix>
      <stockholm/makefu/2configs/stats/arafetch.nix>
      <stockholm/makefu/2configs/deployment/led-fader.nix>
      <stockholm/makefu/2configs/hw/mceusb.nix>
      # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
      <stockholm/makefu/2configs/deployment/bureautomation>
      (let
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@ -8,6 +8,7 @@ with import <stockholm/lib>;
  imports =
    [ # base
      <stockholm/makefu>
      <stockholm/makefu/2configs/nur.nix>
      <stockholm/makefu/2configs/main-laptop.nix>
      <stockholm/makefu/2configs/extra-fonts.nix>
      <stockholm/makefu/2configs/tools/all.nix>
@ -54,7 +55,6 @@ with import <stockholm/lib>;
          internalInterfaces = [ "vboxnet0" ];
        };
      }
      # Services
      <stockholm/makefu/2configs/git/brain-retiolum.nix>
      <stockholm/makefu/2configs/tor.nix>
@ -64,6 +64,7 @@ with import <stockholm/lib>;
      # Hardware
      <stockholm/makefu/2configs/hw/tp-x230.nix>
      <stockholm/makefu/2configs/hw/mceusb.nix>
      # <stockholm/makefu/2configs/hw/tpm.nix>
      # <stockholm/makefu/2configs/hw/rtl8812au.nix>
      <stockholm/makefu/2configs/hw/network-manager.nix>
@ -125,7 +126,7 @@ with import <stockholm/lib>;
  krebs.build.host = config.krebs.hosts.x;
-  krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
+  krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" "nextgum" ];
  networking.extraHosts = ''
    192.168.1.11  omo.local
@ -133,6 +134,8 @@ with import <stockholm/lib>;
  '';
  # hard dependency because otherwise the device will not be unlocked
  boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
  # avoid full boot dir
  boot.loader.grub.configurationLimit = 3;
  environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
  nixpkgs.overlays = [ (import <python/overlay.nix>) ];
--- a/makefu/2configs/binary-cache/server.nix
+++ b/makefu/2configs/binary-cache/server.nix
@ -0,0 +1,31 @@
 { config, lib, pkgs, ...}:
 {
  # generate private key with:
  # nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub
  services.nix-serve = {
    enable = true;
    secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
  };
  systemd.services.nix-serve = {
    requires = ["secret.service"];
    after = ["secret.service"];
  };
  krebs.secret.files.nix-serve-key = {
    path = "/run/secret/nix-serve.key";
    owner.name = "nix-serve";
    source-path = toString <secrets> + "/nix-serve.key";
  };
  services.nginx = {
    enable = true;
    virtualHosts.nix-serve = {
      serverAliases = [ "cache.gum.r"
                        "cache.euer.krebsco.de"
                        "cache.gum.krebsco.de"
                      ];
      locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";
    };
  };
 }
--- a/makefu/2configs/deployment/events-publisher/default.nix
+++ b/makefu/2configs/deployment/events-publisher/default.nix
@ -0,0 +1,48 @@
 { pkgs, ... }:
 with import <stockholm/lib>;
 let
  shack-announce = pkgs.callPackage (builtins.fetchTarball {
    url = "https://github.com/makefu/events-publisher/archive/15fbe5cc6ac9617a08a042870795f9e879d9952a.tar.gz";
    sha256 = "1bqp1qdnwx5q1w468zbm57hmpjz3x8if3j29qrqcia0vzks1s37a";
  }) {} ;
  home = "/var/lib/shackannounce";
  user = "shackannounce";
  creds = (toString <secrets>) + "/shack-announce.json";
 in
 {
  users.users.${user}= {
    uid = genid user;
    inherit home;
    createHome = true;
  };
  systemd.services.shack-announce = {
    description = "Announce shack events";
    startAt = "*:0/30";
    path = [ shack-announce ];
    serviceConfig  = {
      WorkingDirectory = home;
      User = user;
      PermissionsStartOnly = true;
      ExecStartPre = pkgs.writeDash "shack-announce-pre" ''
        set -eu
        cp ${creds} creds.json
        chown ${user} creds.json
      '';
      ExecStart = pkgs.writeDash "shack-announce" ''
        if test ! -e announce.state; then
          echo "initializing state"
          announce-daemon \
            --lol INFO \
            --creds creds.json \
            --state announce.state \
            --clean --init
        fi
        echo "Running announce"
        announce-daemon \
           --lol INFO \
           --creds creds.json \
           --state announce.state
      '';
    };
  };
 }
--- a/makefu/2configs/hw/mceusb.nix
+++ b/makefu/2configs/hw/mceusb.nix
@ -1,4 +1,4 @@
-{pkgs,...}:{
+{pkgs, lib, ...}:{
  # Disable the MCE remote from acting like a keyboard.  (We use lirc instead.)
  services.xserver.inputClassSections = [''
    Identifier   "MCE USB Keyboard mimic blacklist"
@ -6,13 +6,12 @@
    MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)"
    Option       "Ignore" "on"
  ''];
-  boot.kernelPackages = builtins.trace "Using linux kernel 4.16, not latest" pkgs.linuxPackages_4_16;
+  boot.kernelPatches = lib.singleton {
-  nixpkgs.config.packageOverrides = pkgs: {
+    name = "enable-lirc";
-    linux_4_16 = pkgs.linux_4_16.override {
+    patch = null;
    extraConfig = ''
      LIRC y
    '';
  };
  };
 }
--- a/makefu/2configs/hw/network-manager.nix
+++ b/makefu/2configs/hw/network-manager.nix
@ -22,15 +22,9 @@
  };
  networking.networkmanager.enable = true;
  # TODO: put somewhere else
  services.xserver.displayManager.sessionCommands = ''
    ${pkgs.clipit}/bin/clipit &
    ${pkgs.networkmanagerapplet}/bin/nm-applet &
    '';
 # nixOSUnstable
-# networking.networkmanager.wifi = {
+  networking.networkmanager.wifi = {
-#   powersave = true;
+    powersave = true;
-#   scanRandMacAddress = true;
+    scanRandMacAddress = true;
-# };
+  };
 }
--- a/makefu/2configs/hw/stk1160.nix
+++ b/makefu/2configs/hw/stk1160.nix
@ -1,13 +1,12 @@
 { pkgs, lib, ... }:
 {
-  # TODO: un-pin linuxPackages somehow
+  boot.kernelPatches = lib.singleton {
-  nixpkgs.config.packageOverrides = pkgs: {
+    name = "enable-stk1160";
-    linux_4_14 = pkgs.linux_4_14.override {
+    patch = null;
    extraConfig = ''
      MEDIA_ANALOG_TV_SUPPORT y
      VIDEO_STK1160_COMMON m
      VIDEO_STK1160 m
    '';
  };
  };
 }
--- a/makefu/2configs/nginx/gold.krebsco.de.nix
+++ b/makefu/2configs/nginx/gold.krebsco.de.nix
@ -0,0 +1,24 @@
 { config, lib, pkgs, ... }:
 with import <stockholm/lib>;
 let
  gold = pkgs.fetchFromGitHub {
    owner = "krebs";
    repo = "krebsgold";
    rev = "15f7a74";
    sha256= "1ya9xgg640k3hbl63022sfm44c1si2mxch8jkxindmwg4pa1y4ly";
  };
 in {
  services.nginx = {
    enable = mkDefault true;
    virtualHosts = {
      "gold.krebsco.de" = {
        enableACME = true;
        forceSSL = true;
        root = toString gold + "/html";
      };
    };
  };
 }
--- a/makefu/2configs/nur.nix
+++ b/makefu/2configs/nur.nix
@ -0,0 +1,7 @@
 { pkgs, ... }:{
  nixpkgs.config.packageOverrides = pkgs: {
    nur = pkgs.callPackage (import (builtins.fetchGit {
      url = "https://github.com/nix-community/NUR";
    })) {};
  };
 }
--- a/makefu/2configs/task-client.nix
+++ b/makefu/2configs/task-client.nix
@ -1,6 +1,6 @@
 { pkgs, ... }:
 {
-  krebs.per-user.makefu.packages = [
+  users.users.makefu.packages = [
    pkgs.taskwarrior
  ];
--- a/makefu/2configs/tools/core-gui.nix
+++ b/makefu/2configs/tools/core-gui.nix
@ -1,10 +1,10 @@
 { pkgs, ... }:
 {
-  krebs.per-user.makefu.packages = with pkgs; [
+  users.users.makefu.packages = with pkgs; [
    chromium
    clipit
    feh
    clipit
    firefox
    keepassx
    pcmanfm
--- a/makefu/2configs/tools/desktop.nix
+++ b/makefu/2configs/tools/desktop.nix
@ -4,8 +4,10 @@
  users.users.makefu.packages = with pkgs; [
    taskwarrior
    pass
    gopass
    mutt
    weechat
    tmux
  ];
 }
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
-  krebs.per-user.makefu.packages = with pkgs;[
+  users.users.makefu.packages = with pkgs;[
    # media
    gimp
    inkscape
--- a/makefu/2configs/tools/media.nix
+++ b/makefu/2configs/tools/media.nix
@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
-  krebs.per-user.makefu.packages = with pkgs; [
+  users.users.makefu.packages = with pkgs; [
    kodi
    streamripper
    youtube-dl
--- a/makefu/2configs/tools/sec.nix
+++ b/makefu/2configs/tools/sec.nix
@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
-  krebs.per-user.makefu.packages = with pkgs; [
+  users.users.makefu.packages = with pkgs; [
    aria2
    # mitmproxy
    pythonPackages.binwalk-full
--- a/makefu/2configs/torrent.nix
+++ b/makefu/2configs/torrent.nix
@ -8,13 +8,13 @@ let
  peer-port = 51412;
  web-port = 8112;
  daemon-port = 58846;
-  torrent-dir = config.makefu.dl-dir;
+  base-dir = config.makefu.dl-dir;
 in {
  users.users = {
    download = {
      name = "download";
-      home = torrent-dir;
+      home = base-dir;
      uid = mkDefault (genid "download");
      createHome = true;
      useDefaultShell = true;
@ -25,10 +25,12 @@ in {
  # todo: race condition, do this after download user has been created
  system.activationScripts."download-dir-chmod" = ''
-    for i in finished watch torrents; do
+    for i in finished watch; do
-      mkdir -p "${torrent-dir}/$i"
+      if test ! -d $i;then
-      chown download:download "${torrent-dir}/$i"
+        mkdir -p "${base-dir}/$i"
-      chmod 770 "${torrent-dir}/$i"
+        chown rtorrent:download "${base-dir}/$i"
        chmod 775 "${base-dir}/$i"
      fi
    done
  '';
@ -42,6 +44,7 @@ in {
        "nginx"
      ];
    };
    rtorrent.members = [ "download" ];
  };
  krebs.rtorrent = {
@ -54,7 +57,8 @@ in {
    rutorrent.enable = true;
    enableXMLRPC = true;
    listenPort = peer-port;
-    workDir = torrent-dir;
+    downloadDir = base-dir + "/finished";
    watchDir = base-dir + "/watch";
    # dump old torrents into watch folder to have them re-added
  };
--- a/makefu/5pkgs/awesomecfg/default.nix
+++ b/makefu/5pkgs/awesomecfg/default.nix
@ -2,6 +2,9 @@
 , lib
 , alsaUtils
 , xbacklight
 , networkmanagerapplet
 , blueman
 , clipit
 , modkey ? "Mod4"
 , locker? "${pkgs.xlock}/bin/xlock -mode blank"
 , ... }:
@ -10,7 +13,7 @@
  # replace: @alsaUtils@ @xlockmore@ @xbacklight@ @modkey@
  full = lib.makeOverridable pkgs.substituteAll {
    name = "awesome_full_config";
-    inherit alsaUtils locker xbacklight modkey;
+    inherit alsaUtils locker xbacklight modkey networkmanagerapplet blueman clipit;
    isExecutable = false;
    src = ./full.cfg;
  };
--- a/makefu/5pkgs/awesomecfg/full.cfg
+++ b/makefu/5pkgs/awesomecfg/full.cfg
@ -568,6 +568,18 @@ local os = {
 -- }}}
 -- {{{ autostart
 do
  local cmds =
  {
    "@networkmanagerapplet@/bin/nm-applet",
    "@blueman@/bin/blueman-applet",
    "@clipit@/bin/clipit"
  }
  for _,i in pairs(cmds) do
    awful.util.spawn(i)
  end
 end
 -- }}}