Merge branch 'master' of prism.r:stockholm
This commit is contained in:
commit
5030b74cc5
4
ci.nix
4
ci.nix
@ -1,4 +1,4 @@
|
|||||||
# usage: nix-instantiate --eval --strict --json ./ci.nix
|
# usage: nix-instantiate --eval --json --read-write-mode --strict ci.nix | jq .
|
||||||
with import ./lib;
|
with import ./lib;
|
||||||
let
|
let
|
||||||
pkgs = import <nixpkgs> { overlays = [ (import ./submodules/nix-writers/pkgs) ]; };
|
pkgs = import <nixpkgs> { overlays = [ (import ./submodules/nix-writers/pkgs) ]; };
|
||||||
@ -16,6 +16,6 @@ let
|
|||||||
ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts;
|
ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts;
|
||||||
|
|
||||||
build = host: owner:
|
build = host: owner:
|
||||||
((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build/${host}";});
|
((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-tmp";});
|
||||||
|
|
||||||
in mapAttrs (n: h: build n h.owner.name) ci-systems
|
in mapAttrs (n: h: build n h.owner.name) ci-systems
|
||||||
|
21
default.nix
21
default.nix
@ -1,19 +1,12 @@
|
|||||||
import <nixpkgs/nixos/lib/eval-config.nix> {
|
import <nixpkgs/nixos> {} // rec {
|
||||||
modules = [
|
|
||||||
(import <nixpkgs/nixos/lib/from-env.nix> "NIXOS_CONFIG" <nixos-config>)
|
|
||||||
];
|
|
||||||
}
|
|
||||||
//
|
|
||||||
{
|
|
||||||
lib = import ./lib;
|
lib = import ./lib;
|
||||||
systems = with import ./lib; let
|
systems = with lib; let
|
||||||
ns = getEnv "LOGNAME";
|
namespace = getEnv "LOGNAME";
|
||||||
|
systemsDir = <stockholm> + "/${namespace}/1systems";
|
||||||
in
|
in
|
||||||
genAttrs
|
genAttrs
|
||||||
(attrNames (filterAttrs (_: eq "directory") (readDir (<stockholm> + "/${ns}/1systems"))))
|
(attrNames (filterAttrs (_: eq "directory") (readDir systemsDir)))
|
||||||
(name: let
|
(name: import <nixpkgs/nixos> {
|
||||||
config = import (<stockholm> + "/${ns}/1systems/${name}/config.nix");
|
configuration = import (systemsDir + "/${name}/config.nix");
|
||||||
in import <nixpkgs/nixos/lib/eval-config.nix> {
|
|
||||||
modules = [ config ];
|
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -15,10 +15,4 @@ let
|
|||||||
else override;
|
else override;
|
||||||
in
|
in
|
||||||
|
|
||||||
listToAttrs
|
mapNixDir (path: callPackage path {}) ./.
|
||||||
(map
|
|
||||||
(name: nameValuePair (removeSuffix ".nix" name)
|
|
||||||
(callPackage (./. + "/${name}") {}))
|
|
||||||
(filter
|
|
||||||
(name: name != "default.nix" && !hasPrefix "." name)
|
|
||||||
(attrNames (readDir ./.))))
|
|
||||||
|
@ -24,8 +24,9 @@ import Control.Monad.Extra (whenJustM)
|
|||||||
import Graphics.X11.ExtraTypes.XF86
|
import Graphics.X11.ExtraTypes.XF86
|
||||||
import Text.Read (readEither)
|
import Text.Read (readEither)
|
||||||
import XMonad
|
import XMonad
|
||||||
import System.IO (hPutStrLn, stderr)
|
|
||||||
import System.Environment (getArgs, withArgs, getEnv, getEnvironment, lookupEnv)
|
import System.Environment (getArgs, withArgs, getEnv, getEnvironment, lookupEnv)
|
||||||
|
import System.Exit (exitFailure)
|
||||||
|
import System.IO (hPutStrLn, stderr)
|
||||||
import System.Posix.Process (executeFile)
|
import System.Posix.Process (executeFile)
|
||||||
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
|
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
|
||||||
, removeEmptyWorkspace)
|
, removeEmptyWorkspace)
|
||||||
@ -66,12 +67,14 @@ myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
|
|||||||
|
|
||||||
main :: IO ()
|
main :: IO ()
|
||||||
main = getArgs >>= \case
|
main = getArgs >>= \case
|
||||||
["--shutdown"] -> sendShutdownEvent
|
[] -> mainNoArgs
|
||||||
_ -> mainNoArgs
|
["--shutdown"] -> shutdown
|
||||||
|
args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure
|
||||||
|
|
||||||
mainNoArgs :: IO ()
|
mainNoArgs :: IO ()
|
||||||
mainNoArgs = do
|
mainNoArgs = do
|
||||||
workspaces0 <- getWorkspaces0
|
workspaces0 <- getWorkspaces0
|
||||||
|
handleShutdownEvent <- newShutdownEventHandler
|
||||||
xmonad
|
xmonad
|
||||||
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
|
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
|
||||||
-- urgencyConfig { remindWhen = Every 1 }
|
-- urgencyConfig { remindWhen = Every 1 }
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
;
|
;
|
||||||
|
|
||||||
source = { test }: lib.evalSource [
|
source = { test }: lib.evalSource [
|
||||||
krebs-source
|
(krebs-source { test = test; })
|
||||||
{
|
{
|
||||||
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
|
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
|
||||||
secrets = if test then {
|
secrets = if test then {
|
||||||
|
@ -10,7 +10,6 @@
|
|||||||
<stockholm/krebs/2configs>
|
<stockholm/krebs/2configs>
|
||||||
|
|
||||||
<stockholm/krebs/2configs/buildbot-stockholm.nix>
|
<stockholm/krebs/2configs/buildbot-stockholm.nix>
|
||||||
<stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
|
|
||||||
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
||||||
<stockholm/krebs/2configs/ircd.nix>
|
<stockholm/krebs/2configs/ircd.nix>
|
||||||
<stockholm/krebs/2configs/reaktor-retiolum.nix>
|
<stockholm/krebs/2configs/reaktor-retiolum.nix>
|
||||||
|
33
krebs/2configs/cache.nsupdate.info.nix
Normal file
33
krebs/2configs/cache.nsupdate.info.nix
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
{lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
domain = "cache.nsupdate.info";
|
||||||
|
in {
|
||||||
|
# This only works for a single domain for nsupdate.info as multiple usernames
|
||||||
|
# and passwords are required for multiple domains
|
||||||
|
services.ddclient = {
|
||||||
|
enable = true;
|
||||||
|
server = "ipv4.nsupdate.info";
|
||||||
|
username = domain;
|
||||||
|
password = import ((toString <secrets>) + "/nsupdate-cache.nix");
|
||||||
|
domains = [ domain ];
|
||||||
|
use= "if, if=et0";
|
||||||
|
# use = "web, web=http://ipv4.nsupdate.info/myip";
|
||||||
|
|
||||||
|
};
|
||||||
|
krebs.cachecache = {
|
||||||
|
enable = true;
|
||||||
|
enableSSL = false; # disable letsencrypt for testing
|
||||||
|
cacheDir = "/var/cache/nix-cache-cache";
|
||||||
|
maxSize = "10g";
|
||||||
|
|
||||||
|
# assumes that the domain is reachable from the internet
|
||||||
|
virtualHost = domain;
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.kernelModules = [ "tcp_bbr" ];
|
||||||
|
|
||||||
|
boot.kernel.sysctl."net.ipv4.tcp_congestion_control" = "bbr";
|
||||||
|
boot.kernel.sysctl."net.core.default_qdisc" = "fq";
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
}
|
@ -5,7 +5,7 @@
|
|||||||
6667 6669
|
6667 6669
|
||||||
];
|
];
|
||||||
|
|
||||||
services.charybdis = {
|
krebs.charybdis = {
|
||||||
enable = true;
|
enable = true;
|
||||||
motd = ''
|
motd = ''
|
||||||
hello
|
hello
|
||||||
|
@ -243,7 +243,7 @@ let
|
|||||||
in {
|
in {
|
||||||
systemd.services.airdcpp = {
|
systemd.services.airdcpp = {
|
||||||
description = "airdcpp webui";
|
description = "airdcpp webui";
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" "local-fs.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
restartIfChanged = true;
|
restartIfChanged = true;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
@ -362,7 +362,7 @@ let
|
|||||||
# normally we should write buildbot.tac by our own
|
# normally we should write buildbot.tac by our own
|
||||||
# ${pkgs.buildbot-classic}/bin/buildbot upgrade-master ${workdir}
|
# ${pkgs.buildbot-classic}/bin/buildbot upgrade-master ${workdir}
|
||||||
|
|
||||||
chmod 700 -R ${workdir}
|
chmod 700 ${workdir}
|
||||||
chown buildbotMaster:buildbotMaster -R ${workdir}
|
chown buildbotMaster:buildbotMaster -R ${workdir}
|
||||||
'';
|
'';
|
||||||
ExecStart = "${pkgs.buildbot-classic}/bin/buildbot start --nodaemon ${workdir}";
|
ExecStart = "${pkgs.buildbot-classic}/bin/buildbot start --nodaemon ${workdir}";
|
||||||
|
@ -166,7 +166,7 @@ let
|
|||||||
echo ${description} > ${workdir}/info/host
|
echo ${description} > ${workdir}/info/host
|
||||||
|
|
||||||
chown buildbotSlave:buildbotSlave -R ${workdir}
|
chown buildbotSlave:buildbotSlave -R ${workdir}
|
||||||
chmod 700 -R ${workdir}
|
chmod 700 ${workdir}
|
||||||
'';
|
'';
|
||||||
ExecStart = "${pkgs.buildbot-classic-slave}/bin/buildslave start ${workdir}";
|
ExecStart = "${pkgs.buildbot-classic-slave}/bin/buildslave start ${workdir}";
|
||||||
ExecStop = "${pkgs.buildbot-classic-slave}/bin/buildslave stop ${workdir}";
|
ExecStop = "${pkgs.buildbot-classic-slave}/bin/buildslave stop ${workdir}";
|
||||||
|
171
krebs/3modules/cachecache.nix
Normal file
171
krebs/3modules/cachecache.nix
Normal file
@ -0,0 +1,171 @@
|
|||||||
|
{ config, lib, ... }:
|
||||||
|
|
||||||
|
|
||||||
|
# fork of https://gist.github.com/rycee/f495fc6cc4130f155e8b670609a1e57b
|
||||||
|
# related: https://github.com/nh2/nix-binary-cache-proxy
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
cfg = config.krebs.cachecache;
|
||||||
|
|
||||||
|
nginxCfg = config.services.nginx;
|
||||||
|
|
||||||
|
cacheFallbackConfig = {
|
||||||
|
proxyPass = "$upstream_endpoint";
|
||||||
|
extraConfig = ''
|
||||||
|
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1.
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
|
||||||
|
# Remove the Connection header if the client sends it, it could
|
||||||
|
# be "close" to close a keepalive connection
|
||||||
|
proxy_set_header Connection "";
|
||||||
|
|
||||||
|
# Needed for CloudFront.
|
||||||
|
proxy_ssl_server_name on;
|
||||||
|
|
||||||
|
proxy_set_header Host $proxy_host;
|
||||||
|
proxy_cache nix_cache_cache;
|
||||||
|
proxy_cache_valid 200 302 60m;
|
||||||
|
proxy_cache_valid 404 1m;
|
||||||
|
|
||||||
|
expires max;
|
||||||
|
add_header Cache-Control $nix_cache_cache_header always;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
krebs.cachecache = {
|
||||||
|
enable = mkEnableOption "Nix binary cache cache";
|
||||||
|
|
||||||
|
virtualHost = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "nix-cache";
|
||||||
|
description = ''
|
||||||
|
Name of the nginx virtualhost to use and setup. If null, do
|
||||||
|
not setup any virtualhost.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
enableSSL = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
enable SSL via letsencrypt. Requires working dns resolution and open
|
||||||
|
internet tls port.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
# webRoot = mkOption {
|
||||||
|
# type = types.str;
|
||||||
|
# default = "/";
|
||||||
|
# description = ''
|
||||||
|
# Directory on virtual host that serves the cache. Must end in
|
||||||
|
# <literal>/</literal>.
|
||||||
|
# '';
|
||||||
|
# };
|
||||||
|
|
||||||
|
resolver = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "Address of DNS resolver.";
|
||||||
|
default = "8.8.8.8 ipv6=off";
|
||||||
|
example = "127.0.0.1 ipv6=off";
|
||||||
|
};
|
||||||
|
|
||||||
|
cacheDir = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "/var/cache/nix-cache-cache";
|
||||||
|
description = ''
|
||||||
|
Where nginx should store cached data.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
maxSize = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "50g";
|
||||||
|
description = "Maximum cache size.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
|
|
||||||
|
systemd.services.nginx.preStart = ''
|
||||||
|
mkdir -p ${cfg.cacheDir} /srv/www/nix-cache-cache
|
||||||
|
chmod 700 ${cfg.cacheDir} /srv/www/nix-cache-cache
|
||||||
|
chown ${nginxCfg.user}:${nginxCfg.group} \
|
||||||
|
${cfg.cacheDir} /srv/www/nix-cache-cache
|
||||||
|
'';
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
appendHttpConfig = ''
|
||||||
|
proxy_cache_path ${cfg.cacheDir}
|
||||||
|
levels=1:2
|
||||||
|
keys_zone=nix_cache_cache:100m
|
||||||
|
max_size=${cfg.maxSize}
|
||||||
|
inactive=365d
|
||||||
|
use_temp_path=off;
|
||||||
|
|
||||||
|
# Cache only success status codes; in particular we don't want
|
||||||
|
# to cache 404s. See https://serverfault.com/a/690258/128321.
|
||||||
|
map $status $nix_cache_cache_header {
|
||||||
|
200 "public";
|
||||||
|
302 "public";
|
||||||
|
default "no-cache";
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
|
||||||
|
virtualHosts.${cfg.virtualHost} = {
|
||||||
|
addSSL = cfg.enableSSL;
|
||||||
|
enableACME = cfg.enableSSL;
|
||||||
|
extraConfig = ''
|
||||||
|
# Using a variable for the upstream endpoint to ensure that it is
|
||||||
|
# resolved at runtime as opposed to once when the config file is loaded
|
||||||
|
# and then cached forever (we don't want that):
|
||||||
|
# see https://tenzer.dk/nginx-with-dynamic-upstreams/
|
||||||
|
# This fixes errors like
|
||||||
|
#
|
||||||
|
# nginx: [emerg] host not found in upstream "upstream.example.com"
|
||||||
|
#
|
||||||
|
# when the upstream host is not reachable for a short time when
|
||||||
|
# nginx is started.
|
||||||
|
resolver ${cfg.resolver} valid=10s;
|
||||||
|
set $upstream_endpoint https://cache.nixos.org;
|
||||||
|
'';
|
||||||
|
|
||||||
|
locations."/" =
|
||||||
|
{
|
||||||
|
root = "/srv/www/nix-cache-cache";
|
||||||
|
extraConfig = ''
|
||||||
|
expires max;
|
||||||
|
add_header Cache-Control $nix_cache_cache_header always;
|
||||||
|
|
||||||
|
# Ask the upstream server if a file isn't available
|
||||||
|
# locally.
|
||||||
|
error_page 404 = @fallback;
|
||||||
|
|
||||||
|
# Don't bother logging the above 404.
|
||||||
|
log_not_found off;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
locations."@fallback" = cacheFallbackConfig;
|
||||||
|
|
||||||
|
# We always want to copy cache.nixos.org's nix-cache-info
|
||||||
|
# file, and ignore our own, because `nix-push` by default
|
||||||
|
# generates one without `Priority` field, and thus that file
|
||||||
|
# by default has priority 50 (compared to cache.nixos.org's
|
||||||
|
# `Priority: 40`), which will make download clients prefer
|
||||||
|
# `cache.nixos.org` over our binary cache.
|
||||||
|
locations."= /nix-cache-info" = cacheFallbackConfig;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
110
krebs/3modules/charybdis.nix
Normal file
110
krebs/3modules/charybdis.nix
Normal file
@ -0,0 +1,110 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (lib) mkEnableOption mkIf mkOption singleton types;
|
||||||
|
inherit (pkgs) coreutils charybdis;
|
||||||
|
cfg = config.krebs.charybdis;
|
||||||
|
|
||||||
|
configFile = pkgs.writeText "charybdis.conf" ''
|
||||||
|
${cfg.config}
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
###### interface
|
||||||
|
|
||||||
|
options = {
|
||||||
|
|
||||||
|
krebs.charybdis = {
|
||||||
|
|
||||||
|
enable = mkEnableOption "Charybdis IRC daemon";
|
||||||
|
|
||||||
|
config = mkOption {
|
||||||
|
type = types.string;
|
||||||
|
description = ''
|
||||||
|
Charybdis IRC daemon configuration file.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
statedir = mkOption {
|
||||||
|
type = types.string;
|
||||||
|
default = "/var/lib/charybdis";
|
||||||
|
description = ''
|
||||||
|
Location of the state directory of charybdis.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
user = mkOption {
|
||||||
|
type = types.string;
|
||||||
|
default = "ircd";
|
||||||
|
description = ''
|
||||||
|
Charybdis IRC daemon user.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
group = mkOption {
|
||||||
|
type = types.string;
|
||||||
|
default = "ircd";
|
||||||
|
description = ''
|
||||||
|
Charybdis IRC daemon group.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
motd = mkOption {
|
||||||
|
type = types.nullOr types.lines;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Charybdis MOTD text.
|
||||||
|
|
||||||
|
Charybdis will read its MOTD from /etc/charybdis/ircd.motd .
|
||||||
|
If set, the value of this option will be written to this path.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
###### implementation
|
||||||
|
|
||||||
|
config = mkIf cfg.enable (lib.mkMerge [
|
||||||
|
{
|
||||||
|
users.users = singleton {
|
||||||
|
name = cfg.user;
|
||||||
|
description = "Charybdis IRC daemon user";
|
||||||
|
uid = config.ids.uids.ircd;
|
||||||
|
group = cfg.group;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups = singleton {
|
||||||
|
name = cfg.group;
|
||||||
|
gid = config.ids.gids.ircd;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.charybdis = {
|
||||||
|
description = "Charybdis IRC daemon";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
environment = {
|
||||||
|
BANDB_DBPATH = "${cfg.statedir}/ban.db";
|
||||||
|
};
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${charybdis}/bin/charybdis -foreground -logfile /dev/stdout -configfile ${configFile}";
|
||||||
|
Group = cfg.group;
|
||||||
|
User = cfg.user;
|
||||||
|
PermissionsStartOnly = true; # preStart needs to run with root permissions
|
||||||
|
};
|
||||||
|
preStart = ''
|
||||||
|
${coreutils}/bin/mkdir -p ${cfg.statedir}
|
||||||
|
${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.statedir}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
(mkIf (cfg.motd != null) {
|
||||||
|
environment.etc."charybdis/ircd.motd".text = cfg.motd;
|
||||||
|
})
|
||||||
|
]);
|
||||||
|
}
|
@ -26,10 +26,19 @@ let
|
|||||||
|
|
||||||
hostname = config.networking.hostName;
|
hostname = config.networking.hostName;
|
||||||
getJobs = pkgs.writeDash "get_jobs" ''
|
getJobs = pkgs.writeDash "get_jobs" ''
|
||||||
nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null
|
set -efu
|
||||||
nix-instantiate --quiet -Q --eval --strict --json ./ci.nix
|
${pkgs.nix}/bin/nix-build --no-out-link --quiet -Q ./ci.nix >&2
|
||||||
|
json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)"
|
||||||
|
echo "$json" | ${pkgs.jq}/bin/jq -r 'to_entries[] | [.key, .value] | @tsv' \
|
||||||
|
| while read -r host builder; do
|
||||||
|
gcroot=${shell.escape profileRoot}/$host-builder
|
||||||
|
${pkgs.nix}/bin/nix-env -p "$gcroot" --set "$builder"
|
||||||
|
done
|
||||||
|
echo "$json"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
profileRoot = "/nix/var/nix/profiles/ci";
|
||||||
|
|
||||||
imp = {
|
imp = {
|
||||||
krebs.buildbot.master = {
|
krebs.buildbot.master = {
|
||||||
slaves = {
|
slaves = {
|
||||||
@ -98,9 +107,16 @@ let
|
|||||||
self.addBuildSteps([steps.ShellCommand(
|
self.addBuildSteps([steps.ShellCommand(
|
||||||
name=str(new_step),
|
name=str(new_step),
|
||||||
command=[
|
command=[
|
||||||
new_steps[new_step]
|
"${pkgs.writeDash "build-stepper.sh" ''
|
||||||
|
set -efu
|
||||||
|
profile=${shell.escape profileRoot}/$build_name
|
||||||
|
result=$("$build_script")
|
||||||
|
${pkgs.nix}/bin/nix-env -p "$profile" --set "$result"
|
||||||
|
''}"
|
||||||
],
|
],
|
||||||
env={
|
env={
|
||||||
|
"build_name": new_step,
|
||||||
|
"build_script": new_steps[new_step],
|
||||||
"NIX_REMOTE": "daemon",
|
"NIX_REMOTE": "daemon",
|
||||||
"NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
|
"NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
|
||||||
},
|
},
|
||||||
@ -163,6 +179,20 @@ let
|
|||||||
password = "lasspass";
|
password = "lasspass";
|
||||||
packages = with pkgs; [ gnumake jq nix populate gnutar lzma gzip ];
|
packages = with pkgs; [ gnumake jq nix populate gnutar lzma gzip ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
system.activationScripts.buildbots-nix-profile = ''
|
||||||
|
${pkgs.coreutils}/bin/mkdir -p ${shell.escape profileRoot}
|
||||||
|
${pkgs.coreutils}/bin/chmod 0770 ${shell.escape profileRoot}
|
||||||
|
${pkgs.coreutils}/bin/chgrp buildbots ${shell.escape profileRoot}
|
||||||
|
'';
|
||||||
|
|
||||||
|
users = {
|
||||||
|
groups.buildbots.gid = genid "buildbots";
|
||||||
|
users = {
|
||||||
|
buildbotMaster.extraGroups = [ "buildbots" ];
|
||||||
|
buildbotSlave.extraGroups = [ "buildbots" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
in out
|
in out
|
||||||
|
@ -14,6 +14,8 @@ let
|
|||||||
./buildbot/master.nix
|
./buildbot/master.nix
|
||||||
./buildbot/slave.nix
|
./buildbot/slave.nix
|
||||||
./build.nix
|
./build.nix
|
||||||
|
./cachecache.nix
|
||||||
|
./charybdis.nix
|
||||||
./ci.nix
|
./ci.nix
|
||||||
./current.nix
|
./current.nix
|
||||||
./exim.nix
|
./exim.nix
|
||||||
@ -111,7 +113,6 @@ let
|
|||||||
{ krebs = import ./krebs { inherit config; }; }
|
{ krebs = import ./krebs { inherit config; }; }
|
||||||
{ krebs = import ./lass { inherit config; }; }
|
{ krebs = import ./lass { inherit config; }; }
|
||||||
{ krebs = import ./makefu { inherit config; }; }
|
{ krebs = import ./makefu { inherit config; }; }
|
||||||
{ krebs = import ./nin { inherit config; }; }
|
|
||||||
{ krebs = import ./tv { inherit config; }; }
|
{ krebs = import ./tv { inherit config; }; }
|
||||||
{
|
{
|
||||||
krebs.dns.providers = {
|
krebs.dns.providers = {
|
||||||
@ -201,6 +202,7 @@ let
|
|||||||
"cfp@eloop.org" = eloop-ml;
|
"cfp@eloop.org" = eloop-ml;
|
||||||
"kontakt@eloop.org" = eloop-ml;
|
"kontakt@eloop.org" = eloop-ml;
|
||||||
"root@eloop.org" = eloop-ml;
|
"root@eloop.org" = eloop-ml;
|
||||||
|
"youtube@eloop.org" = eloop-ml;
|
||||||
"eloop2016@krebsco.de" = eloop-ml;
|
"eloop2016@krebsco.de" = eloop-ml;
|
||||||
"eloop2017@krebsco.de" = eloop-ml;
|
"eloop2017@krebsco.de" = eloop-ml;
|
||||||
"postmaster@krebsco.de" = spam-ml; # RFC 822
|
"postmaster@krebsco.de" = spam-ml; # RFC 822
|
||||||
|
@ -38,11 +38,6 @@ let
|
|||||||
'';
|
'';
|
||||||
default = {};
|
default = {};
|
||||||
};
|
};
|
||||||
maxTime = mkOption {
|
|
||||||
type = types.int;
|
|
||||||
default = 0;
|
|
||||||
description = "Time to wait before download is aborted";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" ''
|
fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" ''
|
||||||
@ -51,8 +46,8 @@ let
|
|||||||
mkdir -p ${cfg.stateDir}
|
mkdir -p ${cfg.stateDir}
|
||||||
chmod o+rx ${cfg.stateDir}
|
chmod o+rx ${cfg.stateDir}
|
||||||
cd ${cfg.stateDir}
|
cd ${cfg.stateDir}
|
||||||
(curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper.tmp ${shell.escape cfg.url} && cp wallpaper.tmp wallpaper) || :
|
(curl -s -o wallpaper.tmp -z wallpaper.tmp ${shell.escape cfg.url} && cp wallpaper.tmp wallpaper) || :
|
||||||
feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
|
feh --no-fehbg --bg-scale wallpaper
|
||||||
'';
|
'';
|
||||||
|
|
||||||
imp = {
|
imp = {
|
||||||
|
@ -57,7 +57,7 @@ let
|
|||||||
|
|
||||||
user = rec {
|
user = rec {
|
||||||
name = "github-hosts-sync";
|
name = "github-hosts-sync";
|
||||||
uid = genid name;
|
uid = genid_uint31 name;
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO move to lib?
|
# TODO move to lib?
|
||||||
|
@ -15,8 +15,9 @@ with import <stockholm/lib>;
|
|||||||
cores = 4;
|
cores = 4;
|
||||||
extraZones = {
|
extraZones = {
|
||||||
"krebsco.de" = ''
|
"krebsco.de" = ''
|
||||||
prism IN A ${nets.internet.ip4.addr}
|
cache IN A ${nets.internet.ip4.addr}
|
||||||
paste IN A ${nets.internet.ip4.addr}
|
paste IN A ${nets.internet.ip4.addr}
|
||||||
|
prism IN A ${nets.internet.ip4.addr}
|
||||||
'';
|
'';
|
||||||
"lassul.us" = ''
|
"lassul.us" = ''
|
||||||
$TTL 3600
|
$TTL 3600
|
||||||
@ -27,12 +28,13 @@ with import <stockholm/lib>;
|
|||||||
60 IN TXT v=spf1 mx a:lassul.us -all
|
60 IN TXT v=spf1 mx a:lassul.us -all
|
||||||
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
|
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
|
||||||
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
|
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
|
||||||
|
cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
io 60 IN NS ions.lassul.us.
|
io 60 IN NS ions.lassul.us.
|
||||||
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
@ -642,47 +644,6 @@ with import <stockholm/lib>;
|
|||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
|
||||||
};
|
};
|
||||||
cabal = {
|
|
||||||
cores = 2;
|
|
||||||
nets = rec {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.1.4";
|
|
||||||
ip6.addr = "42::1:4";
|
|
||||||
aliases = [
|
|
||||||
"cabal.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A
|
|
||||||
SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj
|
|
||||||
rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK
|
|
||||||
qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e
|
|
||||||
LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq
|
|
||||||
rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3
|
|
||||||
6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE
|
|
||||||
fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v
|
|
||||||
yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A
|
|
||||||
kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR
|
|
||||||
KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi
|
|
||||||
TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U
|
|
||||||
oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs
|
|
||||||
TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw
|
|
||||||
3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD
|
|
||||||
rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ
|
|
||||||
4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf
|
|
||||||
luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py
|
|
||||||
w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG
|
|
||||||
09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1
|
|
||||||
K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g
|
|
||||||
ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
secure = true;
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
|
|
||||||
};
|
|
||||||
red = {
|
red = {
|
||||||
monitoring = false;
|
monitoring = false;
|
||||||
cores = 1;
|
cores = 1;
|
||||||
@ -714,6 +675,36 @@ with import <stockholm/lib>;
|
|||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
|
||||||
};
|
};
|
||||||
|
yellow = {
|
||||||
|
cores = 1;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.0.14";
|
||||||
|
ip6.addr = "42:0:0:0:0:0:0:14";
|
||||||
|
aliases = [
|
||||||
|
"yellow.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP
|
||||||
|
MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY
|
||||||
|
b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU
|
||||||
|
Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd
|
||||||
|
OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP
|
||||||
|
vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6
|
||||||
|
C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp
|
||||||
|
Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU
|
||||||
|
52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg
|
||||||
|
zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p
|
||||||
|
DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ
|
||||||
|
Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje ";
|
||||||
|
};
|
||||||
blue = {
|
blue = {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
nets = {
|
nets = {
|
||||||
@ -787,9 +778,6 @@ with import <stockholm/lib>;
|
|||||||
mail = "lass@daedalus.r";
|
mail = "lass@daedalus.r";
|
||||||
pubkey = builtins.readFile ./ssh/daedalus.rsa;
|
pubkey = builtins.readFile ./ssh/daedalus.rsa;
|
||||||
};
|
};
|
||||||
fritz = {
|
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
|
|
||||||
};
|
|
||||||
prism-repo-sync = {
|
prism-repo-sync = {
|
||||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe";
|
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe";
|
||||||
mail = "lass@prism.r";
|
mail = "lass@prism.r";
|
||||||
|
@ -60,7 +60,7 @@ in {
|
|||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi";
|
||||||
};
|
};
|
||||||
drop = rec {
|
drop = rec {
|
||||||
ci = true;
|
ci = false;
|
||||||
cores = 1;
|
cores = 1;
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
@ -83,7 +83,7 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
studio = rec {
|
studio = rec {
|
||||||
ci = true;
|
ci = false;
|
||||||
cores = 4;
|
cores = 4;
|
||||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio";
|
||||||
@ -109,7 +109,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
fileleech = rec {
|
fileleech = rec {
|
||||||
ci = true;
|
ci = false;
|
||||||
cores = 4;
|
cores = 4;
|
||||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
|
||||||
@ -134,7 +134,7 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
latte = rec {
|
latte = rec {
|
||||||
ci = true;
|
ci = false;
|
||||||
cores = 1;
|
cores = 1;
|
||||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||||
# ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte";
|
# ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte";
|
||||||
@ -166,7 +166,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
pnp = {
|
pnp = {
|
||||||
ci = true;
|
ci = false;
|
||||||
cores = 1;
|
cores = 1;
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
@ -190,7 +190,7 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
darth = {
|
darth = {
|
||||||
ci = true;
|
ci = false;
|
||||||
cores = 4;
|
cores = 4;
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
@ -404,7 +404,7 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
wry = rec {
|
wry = rec {
|
||||||
ci = true;
|
ci = false;
|
||||||
cores = 1;
|
cores = 1;
|
||||||
extraZones = {
|
extraZones = {
|
||||||
"krebsco.de" = ''
|
"krebsco.de" = ''
|
||||||
@ -449,7 +449,7 @@ in {
|
|||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry";
|
||||||
};
|
};
|
||||||
filepimp = rec {
|
filepimp = rec {
|
||||||
ci = true;
|
ci = false;
|
||||||
cores = 1;
|
cores = 1;
|
||||||
nets = {
|
nets = {
|
||||||
lan = {
|
lan = {
|
||||||
@ -494,6 +494,8 @@ in {
|
|||||||
ip6.addr = "42:f9f0::10";
|
ip6.addr = "42:f9f0::10";
|
||||||
aliases = [
|
aliases = [
|
||||||
"omo.r"
|
"omo.r"
|
||||||
|
"dcpp.omo.r"
|
||||||
|
"torrent.omo.r"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
@ -554,7 +556,7 @@ in {
|
|||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr";
|
||||||
};
|
};
|
||||||
nextgum = rec {
|
gum = rec {
|
||||||
ci = true;
|
ci = true;
|
||||||
extraZones = {
|
extraZones = {
|
||||||
"krebsco.de" = ''
|
"krebsco.de" = ''
|
||||||
@ -563,6 +565,23 @@ in {
|
|||||||
graph IN A ${nets.internet.ip4.addr}
|
graph IN A ${nets.internet.ip4.addr}
|
||||||
gold IN A ${nets.internet.ip4.addr}
|
gold IN A ${nets.internet.ip4.addr}
|
||||||
iso.euer IN A ${nets.internet.ip4.addr}
|
iso.euer IN A ${nets.internet.ip4.addr}
|
||||||
|
wg.euer IN A ${nets.internet.ip4.addr}
|
||||||
|
photostore IN A ${nets.internet.ip4.addr}
|
||||||
|
o.euer IN A ${nets.internet.ip4.addr}
|
||||||
|
mon.euer IN A ${nets.internet.ip4.addr}
|
||||||
|
boot.euer IN A ${nets.internet.ip4.addr}
|
||||||
|
wiki.euer IN A ${nets.internet.ip4.addr}
|
||||||
|
pigstarter IN A ${nets.internet.ip4.addr}
|
||||||
|
cgit.euer IN A ${nets.internet.ip4.addr}
|
||||||
|
git.euer IN A ${nets.internet.ip4.addr}
|
||||||
|
euer IN A ${nets.internet.ip4.addr}
|
||||||
|
share.euer IN A ${nets.internet.ip4.addr}
|
||||||
|
gum IN A ${nets.internet.ip4.addr}
|
||||||
|
wikisearch IN A ${nets.internet.ip4.addr}
|
||||||
|
dl.euer IN A ${nets.internet.ip4.addr}
|
||||||
|
ghook IN A ${nets.internet.ip4.addr}
|
||||||
|
dockerhub IN A ${nets.internet.ip4.addr}
|
||||||
|
io IN NS gum.krebsco.de.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
cores = 8;
|
cores = 8;
|
||||||
@ -571,6 +590,7 @@ in {
|
|||||||
ip4.addr = "144.76.26.247";
|
ip4.addr = "144.76.26.247";
|
||||||
ip6.addr = "2a01:4f8:191:12f6::2";
|
ip6.addr = "2a01:4f8:191:12f6::2";
|
||||||
aliases = [
|
aliases = [
|
||||||
|
"gum.i"
|
||||||
"nextgum.i"
|
"nextgum.i"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
@ -594,71 +614,17 @@ in {
|
|||||||
"stats.makefu.r"
|
"stats.makefu.r"
|
||||||
"backup.makefu.r"
|
"backup.makefu.r"
|
||||||
"dcpp.nextgum.r"
|
"dcpp.nextgum.r"
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAucCebFmS96WorD+Br4UQudmAhMlLpacErjwA/u2argBTT2nGHTR8
|
|
||||||
aN4e0xf3IYLA+iogLIW/JuQfKLe8evEK21iZ3jleW8N7mbCulhasi/0lqWlirrpO
|
|
||||||
npJAiSNF1m7ijoylkEKxtmehze+8ojprUT2hx1ImMlHMWGxvs+TmBbZBMgxAGMJh
|
|
||||||
6cMMDJQi+4d9XrJQ3+XUVK3MkviLA91oIAXsLdFptL6b12siUaz4StQXDJUHemBF
|
|
||||||
3ZwlO+W2Es69ifEhmV6NaDDRcSRdChGbHTz1OU8wYaFNaxWla/iprQQ+jEUldpcN
|
|
||||||
VC18QGYRUAgZ0PCIpKurjWNehJFB3zXt+wIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
|
|
||||||
};
|
|
||||||
|
|
||||||
gum = rec {
|
|
||||||
ci = true;
|
|
||||||
cores = 2;
|
|
||||||
|
|
||||||
extraZones = {
|
|
||||||
"krebsco.de" = ''
|
|
||||||
share.euer IN A ${nets.internet.ip4.addr}
|
|
||||||
mattermost.euer IN A ${nets.internet.ip4.addr}
|
|
||||||
gum IN A ${nets.internet.ip4.addr}
|
|
||||||
wikisearch IN A ${nets.internet.ip4.addr}
|
|
||||||
pigstarter IN A ${nets.internet.ip4.addr}
|
|
||||||
cgit.euer IN A ${nets.internet.ip4.addr}
|
|
||||||
euer IN A ${nets.internet.ip4.addr}
|
|
||||||
o.euer IN A ${nets.internet.ip4.addr}
|
|
||||||
git.euer IN A ${nets.internet.ip4.addr}
|
|
||||||
dl.euer IN A ${nets.internet.ip4.addr}
|
|
||||||
boot.euer IN A ${nets.internet.ip4.addr}
|
|
||||||
wiki.euer IN A ${nets.internet.ip4.addr}
|
|
||||||
mon.euer IN A ${nets.internet.ip4.addr}
|
|
||||||
ghook IN A ${nets.internet.ip4.addr}
|
|
||||||
dockerhub IN A ${nets.internet.ip4.addr}
|
|
||||||
photostore IN A ${nets.internet.ip4.addr}
|
|
||||||
io IN NS gum.krebsco.de.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
nets = rec {
|
|
||||||
internet = {
|
|
||||||
ip4.addr = "185.194.143.140";
|
|
||||||
ip6.addr = "2a03:4000:1c:43f::1";
|
|
||||||
aliases = [
|
|
||||||
"gum.i"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
retiolum = {
|
|
||||||
via = internet;
|
|
||||||
ip4.addr = "10.243.0.211";
|
|
||||||
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2";
|
|
||||||
aliases = [
|
|
||||||
"gum.r"
|
"gum.r"
|
||||||
"cgit.gum.r"
|
"cgit.gum.r"
|
||||||
"o.gum.r"
|
"o.gum.r"
|
||||||
"tracker.makefu.r"
|
"tracker.makefu.r"
|
||||||
|
|
||||||
"search.makefu.r"
|
"search.makefu.r"
|
||||||
"wiki.makefu.r"
|
"wiki.makefu.r"
|
||||||
"wiki.gum.r"
|
"wiki.gum.r"
|
||||||
"blog.makefu.r"
|
"blog.makefu.r"
|
||||||
"blog.gum.r"
|
"blog.gum.r"
|
||||||
"dcpp.gum.r"
|
"dcpp.gum.r"
|
||||||
|
"torrent.gum.r"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
@ -672,12 +638,11 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
# configured manually
|
|
||||||
# ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
|
||||||
};
|
};
|
||||||
|
|
||||||
shoney = rec {
|
shoney = rec {
|
||||||
ci = true;
|
ci = false;
|
||||||
cores = 1;
|
cores = 1;
|
||||||
nets = rec {
|
nets = rec {
|
||||||
siem = {
|
siem = {
|
||||||
|
@ -1,111 +0,0 @@
|
|||||||
{ config, ... }:
|
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
|
|
||||||
{
|
|
||||||
hosts = mapAttrs (_: recursiveUpdate {
|
|
||||||
owner = config.krebs.users.nin;
|
|
||||||
ci = true;
|
|
||||||
}) {
|
|
||||||
hiawatha = {
|
|
||||||
cores = 2;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.132.96";
|
|
||||||
ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342";
|
|
||||||
aliases = [
|
|
||||||
"hiawatha.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o
|
|
||||||
Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB
|
|
||||||
iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E
|
|
||||||
UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr
|
|
||||||
lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ
|
|
||||||
yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
|
|
||||||
};
|
|
||||||
axon= {
|
|
||||||
cores = 2;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.134.66";
|
|
||||||
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
|
|
||||||
aliases = [
|
|
||||||
"axon.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo
|
|
||||||
glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj
|
|
||||||
KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH
|
|
||||||
L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j
|
|
||||||
VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY
|
|
||||||
PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN
|
|
||||||
X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh
|
|
||||||
m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp
|
|
||||||
OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT
|
|
||||||
LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H
|
|
||||||
/F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK
|
|
||||||
MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w
|
|
||||||
7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm
|
|
||||||
ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3
|
|
||||||
1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF
|
|
||||||
29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt
|
|
||||||
4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj
|
|
||||||
FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl
|
|
||||||
buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p
|
|
||||||
hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG
|
|
||||||
yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi
|
|
||||||
ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc";
|
|
||||||
};
|
|
||||||
onondaga = {
|
|
||||||
cores = 1;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.132.55";
|
|
||||||
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357";
|
|
||||||
aliases = [
|
|
||||||
"onondaga.r"
|
|
||||||
"cgit.onondaga.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR
|
|
||||||
OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu
|
|
||||||
htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH
|
|
||||||
xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO
|
|
||||||
kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn
|
|
||||||
hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO";
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
users = {
|
|
||||||
nin = {
|
|
||||||
mail = "nin@axon.r";
|
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
|
|
||||||
};
|
|
||||||
nin_h = {
|
|
||||||
mail = "nin@hiawatha.r";
|
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -77,7 +77,190 @@ let
|
|||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
ExecStart = "${pkgs.realwallpaper}/realwallpaper.sh";
|
ExecStart = pkgs.writeDash "generate-wallpaper" ''
|
||||||
|
set -xeuf
|
||||||
|
|
||||||
|
# usage: getimg FILENAME URL
|
||||||
|
fetch() {
|
||||||
|
echo "fetch $1"
|
||||||
|
curl -LsS -z "$1" -o "$1" "$2"
|
||||||
|
}
|
||||||
|
|
||||||
|
# usage: check_type FILENAME TYPE
|
||||||
|
check_type() {
|
||||||
|
if ! file -ib "$1" | grep -q "^$2/"; then
|
||||||
|
echo "$1 is not of type $2" >&2
|
||||||
|
rm "$1"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# usage: image_size FILENAME
|
||||||
|
image_size() {
|
||||||
|
identify "$1" | awk '{print$3}'
|
||||||
|
}
|
||||||
|
|
||||||
|
# usage: make_mask DST SRC MASK
|
||||||
|
make_layer() {
|
||||||
|
if needs_rebuild "$@"; then
|
||||||
|
echo "make $1 (apply mask)" >&2
|
||||||
|
convert "$2" "$3" -alpha off -compose copy_opacity -composite "$1"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# usage: flatten DST HILAYER LOLAYER
|
||||||
|
flatten() {
|
||||||
|
if needs_rebuild "$@"; then
|
||||||
|
echo "make $1 (flatten)" >&2
|
||||||
|
composite "$2" "$3" "$1"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# usage: needs_rebuild DST SRC...
|
||||||
|
needs_rebuild() {
|
||||||
|
a="$1"
|
||||||
|
shift
|
||||||
|
if ! test -e "$a"; then
|
||||||
|
#echo " $a does not exist" >&2
|
||||||
|
result=0
|
||||||
|
else
|
||||||
|
result=1
|
||||||
|
for b; do
|
||||||
|
if test "$b" -nt "$a"; then
|
||||||
|
#echo " $b is newer than $a" >&2
|
||||||
|
result=0
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
#case $result in
|
||||||
|
# 0) echo "$a needs rebuild" >&2;;
|
||||||
|
#esac
|
||||||
|
return $result
|
||||||
|
}
|
||||||
|
|
||||||
|
main() {
|
||||||
|
cd ${cfg.workingDir}
|
||||||
|
|
||||||
|
# fetch source images in parallel
|
||||||
|
fetch nightmap-raw.jpg \
|
||||||
|
${cfg.nightmap} &
|
||||||
|
fetch daymap-raw.png \
|
||||||
|
${cfg.daymap} &
|
||||||
|
fetch clouds-raw.jpg \
|
||||||
|
${cfg.cloudmap} &
|
||||||
|
fetch marker.json \
|
||||||
|
${cfg.marker} &
|
||||||
|
wait
|
||||||
|
|
||||||
|
check_type nightmap-raw.jpg image
|
||||||
|
check_type daymap-raw.png image
|
||||||
|
check_type clouds-raw.jpg image
|
||||||
|
|
||||||
|
in_size=2048x1024
|
||||||
|
xplanet_out_size=1466x1200
|
||||||
|
out_geometry=1366x768+100+160
|
||||||
|
|
||||||
|
nightsnow_color='#0c1a49' # nightmap
|
||||||
|
|
||||||
|
for raw in \
|
||||||
|
nightmap-raw.jpg \
|
||||||
|
daymap-raw.png \
|
||||||
|
clouds-raw.jpg \
|
||||||
|
;
|
||||||
|
do
|
||||||
|
normal=''${raw%-raw.*}.png
|
||||||
|
if needs_rebuild $normal $raw; then
|
||||||
|
echo "make $normal; normalize $raw" >&2
|
||||||
|
convert $raw -scale $in_size $normal
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# create nightmap-fullsnow
|
||||||
|
if needs_rebuild nightmap-fullsnow.png; then
|
||||||
|
convert -size $in_size xc:$nightsnow_color nightmap-fullsnow.png
|
||||||
|
fi
|
||||||
|
|
||||||
|
# extract daymap-snowmask from daymap-final
|
||||||
|
if needs_rebuild daymap-snowmask.png daymap.png; then
|
||||||
|
convert daymap.png -threshold 95% daymap-snowmask.png
|
||||||
|
fi
|
||||||
|
|
||||||
|
# extract nightmap-lightmask from nightmap
|
||||||
|
if needs_rebuild nightmap-lightmask.png nightmap.png; then
|
||||||
|
convert nightmap.png -threshold 25% nightmap-lightmask.png
|
||||||
|
fi
|
||||||
|
|
||||||
|
# create layers
|
||||||
|
make_layer nightmap-snowlayer.png nightmap-fullsnow.png daymap-snowmask.png
|
||||||
|
make_layer nightmap-lightlayer.png nightmap.png nightmap-lightmask.png
|
||||||
|
|
||||||
|
# apply layers
|
||||||
|
flatten nightmap-lightsnowlayer.png \
|
||||||
|
nightmap-lightlayer.png \
|
||||||
|
nightmap-snowlayer.png
|
||||||
|
|
||||||
|
flatten nightmap-final.png \
|
||||||
|
nightmap-lightsnowlayer.png \
|
||||||
|
nightmap.png
|
||||||
|
|
||||||
|
# create marker file from json
|
||||||
|
if [ -s marker.json ]; then
|
||||||
|
jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude)"' marker.json > marker_file
|
||||||
|
fi
|
||||||
|
|
||||||
|
# make all unmodified files as final
|
||||||
|
for normal in \
|
||||||
|
daymap.png \
|
||||||
|
clouds.png \
|
||||||
|
;
|
||||||
|
do
|
||||||
|
final=''${normal%.png}-final.png
|
||||||
|
needs_rebuild $final &&
|
||||||
|
ln $normal $final
|
||||||
|
done
|
||||||
|
|
||||||
|
# rebuild every time to update shadow
|
||||||
|
xplanet --num_times 1 --geometry $xplanet_out_size \
|
||||||
|
--output xplanet-output.png --projection merc \
|
||||||
|
-config ${pkgs.writeText "xplanet.config" ''
|
||||||
|
[earth]
|
||||||
|
"Earth"
|
||||||
|
map=daymap-final.png
|
||||||
|
night_map=nightmap-final.png
|
||||||
|
cloud_map=clouds-final.png
|
||||||
|
cloud_threshold=10
|
||||||
|
shade=15
|
||||||
|
''}
|
||||||
|
|
||||||
|
xplanet --num_times 1 --geometry $xplanet_out_size \
|
||||||
|
--output xplanet-krebs-output.png --projection merc \
|
||||||
|
-config ${pkgs.writeText "xplanet-krebs.config" ''
|
||||||
|
[earth]
|
||||||
|
"Earth"
|
||||||
|
map=daymap-final.png
|
||||||
|
night_map=nightmap-final.png
|
||||||
|
cloud_map=clouds-final.png
|
||||||
|
cloud_threshold=10
|
||||||
|
marker_file=marker_file
|
||||||
|
shade=15
|
||||||
|
''}
|
||||||
|
|
||||||
|
# trim xplanet output
|
||||||
|
if needs_rebuild realwallpaper.png xplanet-output.png; then
|
||||||
|
convert xplanet-output.png -crop $out_geometry \
|
||||||
|
realwallpaper-tmp.png
|
||||||
|
mv realwallpaper-tmp.png realwallpaper.png
|
||||||
|
fi
|
||||||
|
|
||||||
|
if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then
|
||||||
|
convert xplanet-krebs-output.png -crop $out_geometry \
|
||||||
|
realwallpaper-krebs-tmp.png
|
||||||
|
mv realwallpaper-krebs-tmp.png realwallpaper-krebs.png
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
main "$@"
|
||||||
|
'';
|
||||||
User = "realwallpaper";
|
User = "realwallpaper";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -75,6 +75,7 @@ let
|
|||||||
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname}
|
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname}
|
||||||
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname}
|
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname}
|
||||||
''}
|
''}
|
||||||
|
${tinc.config.tincUpExtra}
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = ''
|
||||||
tinc-up script to be used. Defaults to setting the
|
tinc-up script to be used. Defaults to setting the
|
||||||
@ -83,6 +84,11 @@ let
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
tincUpExtra = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "";
|
||||||
|
};
|
||||||
|
|
||||||
tincPackage = mkOption {
|
tincPackage = mkOption {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
default = pkgs.tinc;
|
default = pkgs.tinc;
|
||||||
|
@ -183,7 +183,7 @@ let
|
|||||||
|
|
||||||
user = rec {
|
user = rec {
|
||||||
name = "urlwatch";
|
name = "urlwatch";
|
||||||
uid = genid name;
|
uid = genid_uint31 name;
|
||||||
};
|
};
|
||||||
|
|
||||||
subtypes.job = types.submodule {
|
subtypes.job = types.submodule {
|
||||||
|
@ -1,13 +1,6 @@
|
|||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
let
|
let
|
||||||
overrides = self: super:
|
overrides = self: super: mapNixDir (path: self.callPackage path {}) ./.;
|
||||||
listToAttrs
|
|
||||||
(map
|
|
||||||
(name: nameValuePair (removeSuffix ".nix" name)
|
|
||||||
(self.callPackage (./. + "/${name}") {}))
|
|
||||||
(filter
|
|
||||||
(name: name != "default.nix" && !hasPrefix "." name)
|
|
||||||
(attrNames (readDir ./.))));
|
|
||||||
in
|
in
|
||||||
self: super:
|
self: super:
|
||||||
{
|
{
|
||||||
|
@ -1,17 +1,16 @@
|
|||||||
{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xft, X11-xshape
|
{ mkDerivation, base, containers, fetchgit, filepath, stdenv, unix, X11, X11-xft
|
||||||
, xmonad, xmonad-contrib
|
, X11-xshape, xmonad, xmonad-contrib
|
||||||
}:
|
}:
|
||||||
mkDerivation rec {
|
mkDerivation rec {
|
||||||
pname = "xmonad-stockholm";
|
pname = "xmonad-stockholm";
|
||||||
version = "1.2.0";
|
version = "1.3.0";
|
||||||
# src = /home/jeschli/projects/haskell/xmonad-stockholm;
|
|
||||||
src = fetchgit {
|
src = fetchgit {
|
||||||
url = http://cgit.ni.krebsco.de/xmonad-stockholm;
|
url = http://cgit.ni.krebsco.de/xmonad-stockholm;
|
||||||
rev = "refs/tags/v${version}";
|
rev = "refs/tags/v1.3.0";
|
||||||
sha256 = "13mvmh3kk9a79l1nii028p0n7l95pb78wz9c4j42l90m02mg6cis";
|
sha256 = "1np5126wn67y0a1r60rnkq828s0w9zjnvai4b8zy3yc02xlkrjm9";
|
||||||
};
|
};
|
||||||
libraryHaskellDepends = [
|
libraryHaskellDepends = [
|
||||||
base containers X11 X11-xft X11-xshape xmonad xmonad-contrib
|
base containers filepath unix X11 X11-xft X11-xshape xmonad xmonad-contrib
|
||||||
];
|
];
|
||||||
license = stdenv.lib.licenses.mit;
|
license = stdenv.lib.licenses.mit;
|
||||||
}
|
}
|
||||||
|
@ -15,10 +15,4 @@ let
|
|||||||
else override;
|
else override;
|
||||||
in
|
in
|
||||||
|
|
||||||
listToAttrs
|
mapNixDir (path: callPackage path {}) ./.
|
||||||
(map
|
|
||||||
(name: nameValuePair (removeSuffix ".nix" name)
|
|
||||||
(callPackage (./. + "/${name}") {}))
|
|
||||||
(filter
|
|
||||||
(name: name != "default.nix" && !hasPrefix "." name)
|
|
||||||
(attrNames (readDir ./.))))
|
|
||||||
|
@ -1,122 +0,0 @@
|
|||||||
{ stdenv, writeScriptBin, lib, fetchurl, git, cacert
|
|
||||||
, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd
|
|
||||||
, withMysql ? false
|
|
||||||
, withPgsql ? false
|
|
||||||
, withSqlite ? false, sqlite
|
|
||||||
, withPam ? false, pam
|
|
||||||
, withZlib ? true, zlib
|
|
||||||
, withRiak ? false
|
|
||||||
, withElixir ? false, elixir
|
|
||||||
, withIconv ? true
|
|
||||||
, withTools ? false
|
|
||||||
, withRedis ? false
|
|
||||||
}:
|
|
||||||
|
|
||||||
let
|
|
||||||
fakegit = writeScriptBin "git" ''
|
|
||||||
#! ${stdenv.shell} -e
|
|
||||||
if [ "$1" = "describe" ]; then
|
|
||||||
[ -r .rev ] && cat .rev || true
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
|
|
||||||
ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ];
|
|
||||||
|
|
||||||
in stdenv.mkDerivation rec {
|
|
||||||
version = "18.01";
|
|
||||||
name = "ejabberd-${version}";
|
|
||||||
|
|
||||||
src = fetchurl {
|
|
||||||
url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz";
|
|
||||||
sha256 = "01i2n8mlgw293jdf4172f9q8ca8m35vysjws791p7nynpfdb4cn6";
|
|
||||||
};
|
|
||||||
|
|
||||||
nativeBuildInputs = [ fakegit ];
|
|
||||||
|
|
||||||
buildInputs = [ erlang openssl expat libyaml gd ]
|
|
||||||
++ lib.optional withSqlite sqlite
|
|
||||||
++ lib.optional withPam pam
|
|
||||||
++ lib.optional withZlib zlib
|
|
||||||
++ lib.optional withElixir elixir
|
|
||||||
;
|
|
||||||
|
|
||||||
# Apparently needed for Elixir
|
|
||||||
LANG = "en_US.UTF-8";
|
|
||||||
|
|
||||||
deps = stdenv.mkDerivation {
|
|
||||||
name = "ejabberd-deps-${version}";
|
|
||||||
|
|
||||||
inherit src;
|
|
||||||
|
|
||||||
configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ];
|
|
||||||
|
|
||||||
nativeBuildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ];
|
|
||||||
|
|
||||||
GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";
|
|
||||||
|
|
||||||
makeFlags = [ "deps" ];
|
|
||||||
|
|
||||||
phases = [ "unpackPhase" "configurePhase" "buildPhase" "installPhase" ];
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
for i in deps/*; do
|
|
||||||
( cd $i
|
|
||||||
git reset --hard
|
|
||||||
git clean -ffdx
|
|
||||||
git describe --always --tags > .rev
|
|
||||||
rm -rf .git
|
|
||||||
)
|
|
||||||
done
|
|
||||||
rm deps/.got
|
|
||||||
|
|
||||||
cp -r deps $out
|
|
||||||
'';
|
|
||||||
|
|
||||||
outputHashMode = "recursive";
|
|
||||||
outputHashAlgo = "sha256";
|
|
||||||
outputHash = "1v3h0c7kfifb6wsfxyv5j1wc7rlxbb7r0pgd4s340wiyxnllzzhk";
|
|
||||||
};
|
|
||||||
|
|
||||||
configureFlags =
|
|
||||||
[ (lib.enableFeature withMysql "mysql")
|
|
||||||
(lib.enableFeature withPgsql "pgsql")
|
|
||||||
(lib.enableFeature withSqlite "sqlite")
|
|
||||||
(lib.enableFeature withPam "pam")
|
|
||||||
(lib.enableFeature withZlib "zlib")
|
|
||||||
(lib.enableFeature withRiak "riak")
|
|
||||||
(lib.enableFeature withElixir "elixir")
|
|
||||||
(lib.enableFeature withIconv "iconv")
|
|
||||||
(lib.enableFeature withTools "tools")
|
|
||||||
(lib.enableFeature withRedis "redis")
|
|
||||||
] ++ lib.optional withSqlite "--with-sqlite3=${sqlite.dev}";
|
|
||||||
|
|
||||||
enableParallelBuilding = true;
|
|
||||||
|
|
||||||
patches = [
|
|
||||||
./ejabberdctl.patch
|
|
||||||
];
|
|
||||||
|
|
||||||
preBuild = ''
|
|
||||||
cp -r $deps deps
|
|
||||||
chmod -R +w deps
|
|
||||||
patchShebangs deps
|
|
||||||
'';
|
|
||||||
|
|
||||||
postInstall = ''
|
|
||||||
sed -i \
|
|
||||||
-e '2iexport PATH=${ctlpath}:$PATH' \
|
|
||||||
-e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \
|
|
||||||
-e 's,\(^ *JOT=\).*,\1,' \
|
|
||||||
-e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \
|
|
||||||
$out/sbin/ejabberdctl
|
|
||||||
'';
|
|
||||||
|
|
||||||
meta = with stdenv.lib; {
|
|
||||||
description = "Open-source XMPP application server written in Erlang";
|
|
||||||
license = licenses.gpl2;
|
|
||||||
homepage = http://www.ejabberd.im;
|
|
||||||
platforms = platforms.linux;
|
|
||||||
maintainers = with maintainers; [ sander abbradar ];
|
|
||||||
broken = withElixir;
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,32 +0,0 @@
|
|||||||
--- a/ejabberdctl.template 1970-01-01 01:00:01.000000000 +0100
|
|
||||||
+++ b/ejabberdctl.template 2018-04-24 23:06:54.127715441 +0200
|
|
||||||
@@ -42,19 +42,18 @@
|
|
||||||
esac
|
|
||||||
|
|
||||||
# parse command line parameters
|
|
||||||
-for arg; do
|
|
||||||
- case $arg in
|
|
||||||
- -n|--node) ERLANG_NODE_ARG=$2; shift;;
|
|
||||||
- -s|--spool) SPOOL_DIR=$2; shift;;
|
|
||||||
- -l|--logs) LOGS_DIR=$2; shift;;
|
|
||||||
- -f|--config) EJABBERD_CONFIG_PATH=$2; shift;;
|
|
||||||
- -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift;;
|
|
||||||
- -d|--config-dir) ETC_DIR=$2; shift;;
|
|
||||||
- -t|--no-timeout) NO_TIMEOUT="--no-timeout";;
|
|
||||||
- --) :;;
|
|
||||||
+while test $# -gt 0; do
|
|
||||||
+ case $1 in
|
|
||||||
+ -n|--node) ERLANG_NODE_ARG=$2; shift 2;;
|
|
||||||
+ -s|--spool) SPOOL_DIR=$2; shift 2;;
|
|
||||||
+ -l|--logs) LOGS_DIR=$2; shift 2;;
|
|
||||||
+ -f|--config) EJABBERD_CONFIG_PATH=$2; shift 2;;
|
|
||||||
+ -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift 2;;
|
|
||||||
+ -d|--config-dir) ETC_DIR=$2; shift 2;;
|
|
||||||
+ -t|--no-timeout) NO_TIMEOUT="--no-timeout"; shift 1;;
|
|
||||||
+ # --) :;; what is this for?
|
|
||||||
*) break;;
|
|
||||||
esac
|
|
||||||
- shift
|
|
||||||
done
|
|
||||||
|
|
||||||
# define ejabberd variables if not already defined from the command line
|
|
@ -1,24 +0,0 @@
|
|||||||
{ stdenv, fetchgit, xplanet, imagemagick, curl, file }:
|
|
||||||
|
|
||||||
stdenv.mkDerivation {
|
|
||||||
name = "realwallpaper";
|
|
||||||
|
|
||||||
src = fetchgit {
|
|
||||||
url = https://github.com/Lassulus/realwallpaper;
|
|
||||||
rev = "e0563289c2ab592b669ce4549fc40130246e9d79";
|
|
||||||
sha256 = "1zgk8ips2d686216h203w62wrw7zy9z0lrndx9f8z6f1vpvjcmqc";
|
|
||||||
};
|
|
||||||
|
|
||||||
phases = [
|
|
||||||
"unpackPhase"
|
|
||||||
"installPhase"
|
|
||||||
];
|
|
||||||
|
|
||||||
buildInputs = [
|
|
||||||
];
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
mkdir -p $out
|
|
||||||
cp realwallpaper.sh $out/realwallpaper.sh
|
|
||||||
'';
|
|
||||||
}
|
|
@ -1,12 +1,14 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
{
|
{
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./3modules
|
./3modules
|
||||||
{
|
|
||||||
nixpkgs.config.packageOverrides =
|
|
||||||
import ../submodules/nix-writers/pkgs pkgs;
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
|
|
||||||
|
nixpkgs = {
|
||||||
|
overlays = [
|
||||||
|
(import ./5pkgs)
|
||||||
|
(import ../submodules/nix-writers/pkgs)
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -7,15 +7,27 @@
|
|||||||
# TODO document why pkgs should be used like this
|
# TODO document why pkgs should be used like this
|
||||||
pkgs = import "${krops}/pkgs" {};
|
pkgs = import "${krops}/pkgs" {};
|
||||||
|
|
||||||
krebs-source = {
|
krebs-source = { test ? false }: rec {
|
||||||
nixpkgs.git = {
|
nixpkgs = if test then {
|
||||||
|
file = {
|
||||||
|
path = toString (pkgs.fetchFromGitHub {
|
||||||
|
owner = "nixos";
|
||||||
|
repo = "nixpkgs";
|
||||||
|
rev = (lib.importJSON ./nixpkgs.json).rev;
|
||||||
|
sha256 = (lib.importJSON ./nixpkgs.json).sha256;
|
||||||
|
});
|
||||||
|
useChecksum = true;
|
||||||
|
};
|
||||||
|
} else {
|
||||||
|
git = {
|
||||||
ref = (lib.importJSON ./nixpkgs.json).rev;
|
ref = (lib.importJSON ./nixpkgs.json).rev;
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
url = https://github.com/NixOS/nixpkgs;
|
||||||
};
|
};
|
||||||
|
};
|
||||||
stockholm.file = toString ../.;
|
stockholm.file = toString ../.;
|
||||||
stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" ''
|
stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" ''
|
||||||
set -efu
|
set -efu
|
||||||
cd ${lib.escapeShellArg krebs-source.stockholm.file}
|
cd ${lib.escapeShellArg stockholm.file}
|
||||||
V=$(${pkgs.coreutils}/bin/date +%y.%m)
|
V=$(${pkgs.coreutils}/bin/date +%y.%m)
|
||||||
if test -d .git; then
|
if test -d .git; then
|
||||||
V=$V.git.$(${pkgs.git}/bin/git describe --always --dirty)
|
V=$V.git.$(${pkgs.git}/bin/git describe --always --dirty)
|
||||||
@ -28,21 +40,17 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
source ={ test }: lib.evalSource [
|
source ={ test }: lib.evalSource [
|
||||||
krebs-source
|
(krebs-source { test = test; })
|
||||||
{
|
{
|
||||||
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
|
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
|
||||||
secrets =
|
secrets = if test then {
|
||||||
if test
|
|
||||||
then {
|
|
||||||
file = toString <stockholm/krebs/0tests/data/secrets>;
|
file = toString <stockholm/krebs/0tests/data/secrets>;
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
pass = {
|
pass = {
|
||||||
dir = "${lib.getEnv "HOME"}/brain";
|
dir = "${lib.getEnv "HOME"}/brain";
|
||||||
name = "krebs-secrets/${name}";
|
name = "krebs-secrets/${name}";
|
||||||
};
|
};
|
||||||
}
|
};
|
||||||
;
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs-channels",
|
"url": "https://github.com/NixOS/nixpkgs-channels",
|
||||||
"rev": "bf7930d582bcf7953c3b87e649858f3f1873eb9c",
|
"rev": "5d4a1a3897e2d674522bcb3aa0026c9e32d8fd7c",
|
||||||
"date": "2018-11-04T19:36:25+01:00",
|
"date": "2018-11-24T00:40:22-05:00",
|
||||||
"sha256": "0nvn6g0pxp0glqjg985qxs7ash0cmcdc80h8jxxk6z4pnr3f2n1m",
|
"sha256": "19kryzx9a6x68mpyxks3dajraf92hkbnw1zf952k73s2k4qw9jlq",
|
||||||
"fetchSubmodules": false
|
"fetchSubmodules": false
|
||||||
}
|
}
|
||||||
|
@ -36,10 +36,10 @@ with import <stockholm/lib>;
|
|||||||
# TODO write function for proxy_pass (ssl/nonssl)
|
# TODO write function for proxy_pass (ssl/nonssl)
|
||||||
|
|
||||||
krebs.iptables.tables.filter.FORWARD.rules = [
|
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||||
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; }
|
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.179"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
krebs.iptables.tables.nat.PREROUTING.rules = [
|
krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||||
{ v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; }
|
{ v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; }
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
@ -57,13 +57,6 @@ with import <stockholm/lib>;
|
|||||||
config.krebs.users.makefu.pubkey
|
config.krebs.users.makefu.pubkey
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
users.users.nin = {
|
|
||||||
uid = genid "nin";
|
|
||||||
isNormalUser = true;
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
config.krebs.users.nin.pubkey
|
|
||||||
];
|
|
||||||
};
|
|
||||||
users.extraUsers.dritter = {
|
users.extraUsers.dritter = {
|
||||||
uid = genid "dritter";
|
uid = genid "dritter";
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
@ -109,26 +102,6 @@ with import <stockholm/lib>;
|
|||||||
localAddress = "10.233.2.2";
|
localAddress = "10.233.2.2";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
|
||||||
#onondaga
|
|
||||||
systemd.services."container@onondaga".reloadIfChanged = mkForce false;
|
|
||||||
containers.onondaga = {
|
|
||||||
config = { ... }: {
|
|
||||||
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
|
|
||||||
environment.systemPackages = [ pkgs.git ];
|
|
||||||
services.openssh.enable = true;
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
|
||||||
config.krebs.users.lass.pubkey
|
|
||||||
config.krebs.users.nin.pubkey
|
|
||||||
];
|
|
||||||
};
|
|
||||||
autoStart = true;
|
|
||||||
enableTun = true;
|
|
||||||
privateNetwork = true;
|
|
||||||
hostAddress = "10.233.2.5";
|
|
||||||
localAddress = "10.233.2.6";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
<stockholm/lass/2configs/exim-smarthost.nix>
|
<stockholm/lass/2configs/exim-smarthost.nix>
|
||||||
<stockholm/lass/2configs/ts3.nix>
|
<stockholm/lass/2configs/ts3.nix>
|
||||||
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
||||||
@ -137,7 +110,6 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/iodined.nix>
|
<stockholm/lass/2configs/iodined.nix>
|
||||||
<stockholm/lass/2configs/paste.nix>
|
<stockholm/lass/2configs/paste.nix>
|
||||||
<stockholm/lass/2configs/syncthing.nix>
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
<stockholm/lass/2configs/reaktor-coders.nix>
|
|
||||||
<stockholm/lass/2configs/ciko.nix>
|
<stockholm/lass/2configs/ciko.nix>
|
||||||
<stockholm/lass/2configs/container-networking.nix>
|
<stockholm/lass/2configs/container-networking.nix>
|
||||||
<stockholm/lass/2configs/monitoring/prometheus-server.nix>
|
<stockholm/lass/2configs/monitoring/prometheus-server.nix>
|
||||||
|
@ -14,16 +14,16 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
# TODO use this network config
|
# TODO use this network config
|
||||||
#networking.interfaces.et0.ipv4.addresses = [
|
networking.interfaces.eth0.ipv4.addresses = [
|
||||||
# {
|
{
|
||||||
# address = config.krebs.build.host.nets.internet.ip4.addr;
|
address = config.krebs.build.host.nets.internet.ip4.addr;
|
||||||
# prefixLength = 27;
|
prefixLength = 27;
|
||||||
# }
|
}
|
||||||
# {
|
{
|
||||||
# address = "46.4.114.243";
|
address = "46.4.114.243";
|
||||||
# prefixLength = 27;
|
prefixLength = 27;
|
||||||
# }
|
}
|
||||||
#];
|
];
|
||||||
#networking.defaultGateway = "46.4.114.225";
|
#networking.defaultGateway = "46.4.114.225";
|
||||||
#networking.nameservers = [
|
#networking.nameservers = [
|
||||||
# "8.8.8.8"
|
# "8.8.8.8"
|
||||||
|
11
lass/1systems/blue/source.nix
Normal file
11
lass/1systems/blue/source.nix
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
{ lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
nixpkgs = lib.mkForce {
|
||||||
|
file = toString (pkgs.fetchFromGitHub {
|
||||||
|
owner = "nixos";
|
||||||
|
repo = "nixpkgs";
|
||||||
|
rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
|
||||||
|
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
|
||||||
|
});
|
||||||
|
};
|
||||||
|
}
|
@ -1,16 +0,0 @@
|
|||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
<stockholm/lass>
|
|
||||||
|
|
||||||
<stockholm/lass/2configs/mouse.nix>
|
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
|
||||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
|
||||||
<stockholm/lass/2configs/baseX.nix>
|
|
||||||
<stockholm/lass/2configs/AP.nix>
|
|
||||||
<stockholm/lass/2configs/blue-host.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.cabal;
|
|
||||||
}
|
|
@ -1,12 +0,0 @@
|
|||||||
{
|
|
||||||
imports = [
|
|
||||||
./config.nix
|
|
||||||
<stockholm/lass/2configs/hw/x220.nix>
|
|
||||||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0"
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0"
|
|
||||||
'';
|
|
||||||
}
|
|
@ -25,9 +25,5 @@
|
|||||||
macchanger
|
macchanger
|
||||||
dpass
|
dpass
|
||||||
];
|
];
|
||||||
services.redshift = {
|
|
||||||
enable = true;
|
|
||||||
provider = "geoclue2";
|
|
||||||
};
|
|
||||||
programs.adb.enable = true;
|
programs.adb.enable = true;
|
||||||
}
|
}
|
||||||
|
@ -33,6 +33,7 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/rtl-sdr.nix>
|
<stockholm/lass/2configs/rtl-sdr.nix>
|
||||||
<stockholm/lass/2configs/backup.nix>
|
<stockholm/lass/2configs/backup.nix>
|
||||||
<stockholm/lass/2configs/print.nix>
|
<stockholm/lass/2configs/print.nix>
|
||||||
|
<stockholm/lass/2configs/blue-host.nix>
|
||||||
{
|
{
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
#risk of rain
|
#risk of rain
|
||||||
@ -101,6 +102,7 @@ with import <stockholm/lib>;
|
|||||||
urban
|
urban
|
||||||
mk_sql_pair
|
mk_sql_pair
|
||||||
remmina
|
remmina
|
||||||
|
transmission
|
||||||
|
|
||||||
iodine
|
iodine
|
||||||
|
|
||||||
@ -147,10 +149,6 @@ with import <stockholm/lib>;
|
|||||||
programs.adb.enable = true;
|
programs.adb.enable = true;
|
||||||
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
|
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
services.redshift = {
|
|
||||||
enable = true;
|
|
||||||
provider = "geoclue2";
|
|
||||||
};
|
|
||||||
|
|
||||||
lass.restic = genAttrs [
|
lass.restic = genAttrs [
|
||||||
"daedalus"
|
"daedalus"
|
||||||
|
@ -57,13 +57,6 @@ with import <stockholm/lib>;
|
|||||||
config.krebs.users.makefu.pubkey
|
config.krebs.users.makefu.pubkey
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
users.users.nin = {
|
|
||||||
uid = genid "nin";
|
|
||||||
isNormalUser = true;
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
config.krebs.users.nin.pubkey
|
|
||||||
];
|
|
||||||
};
|
|
||||||
users.extraUsers.dritter = {
|
users.extraUsers.dritter = {
|
||||||
uid = genid "dritter";
|
uid = genid "dritter";
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
@ -119,7 +112,6 @@ with import <stockholm/lib>;
|
|||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
config.krebs.users.lass.pubkey
|
config.krebs.users.lass.pubkey
|
||||||
config.krebs.users.nin.pubkey
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
@ -215,7 +207,6 @@ with import <stockholm/lib>;
|
|||||||
RandomizedDelaySec = "2min";
|
RandomizedDelaySec = "2min";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
<stockholm/lass/2configs/downloading.nix>
|
|
||||||
<stockholm/lass/2configs/minecraft.nix>
|
<stockholm/lass/2configs/minecraft.nix>
|
||||||
{
|
{
|
||||||
services.taskserver = {
|
services.taskserver = {
|
||||||
@ -346,11 +337,64 @@ with import <stockholm/lib>;
|
|||||||
];
|
];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
systemd.services."container@yellow".reloadIfChanged = mkForce false;
|
||||||
|
containers.yellow = {
|
||||||
|
config = { ... }: {
|
||||||
|
environment.systemPackages = [ pkgs.git ];
|
||||||
|
services.openssh.enable = true;
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
|
config.krebs.users.lass.pubkey
|
||||||
|
];
|
||||||
|
};
|
||||||
|
autoStart = false;
|
||||||
|
enableTun = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "10.233.2.13";
|
||||||
|
localAddress = "10.233.2.14";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = ''
|
||||||
|
if ($scheme != "https") {
|
||||||
|
rewrite ^ https://$host$uri permanent;
|
||||||
|
}
|
||||||
|
auth_basic "Restricted Content";
|
||||||
|
auth_basic_user_file ${pkgs.writeText "transmission-user-pass" ''
|
||||||
|
krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
|
||||||
|
''};
|
||||||
|
proxy_pass http://10.233.2.14:9091;
|
||||||
|
'';
|
||||||
|
|
||||||
|
users.groups.download = {};
|
||||||
|
users.users = {
|
||||||
|
download = {
|
||||||
|
createHome = true;
|
||||||
|
group = "download";
|
||||||
|
name = "download";
|
||||||
|
home = "/var/download";
|
||||||
|
useDefaultShell = true;
|
||||||
|
openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||||
|
lass.pubkey
|
||||||
|
lass-shodan.pubkey
|
||||||
|
lass-icarus.pubkey
|
||||||
|
lass-daedalus.pubkey
|
||||||
|
lass-helios.pubkey
|
||||||
|
makefu.pubkey
|
||||||
|
wine-mors.pubkey
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
system.activationScripts.downloadFolder = ''
|
||||||
|
mkdir -p /var/download
|
||||||
|
chmod 775 /var/download
|
||||||
|
ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
|
||||||
|
chown download: /var/download/finished
|
||||||
|
'';
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.prism;
|
krebs.build.host = config.krebs.hosts.prism;
|
||||||
# workaround because grub store paths are broken
|
|
||||||
boot.copyKernels = true;
|
|
||||||
services.earlyoom = {
|
services.earlyoom = {
|
||||||
enable = true;
|
enable = true;
|
||||||
freeMemThreshold = 5;
|
freeMemThreshold = 5;
|
||||||
|
@ -1,77 +1,61 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./config.nix
|
./config.nix
|
||||||
{
|
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||||
boot.kernelParams = [ "net.ifnames=0" ];
|
|
||||||
networking = {
|
|
||||||
defaultGateway = "46.4.114.225";
|
|
||||||
# Use google's public DNS server
|
|
||||||
nameservers = [ "8.8.8.8" ];
|
|
||||||
interfaces.eth0 = {
|
|
||||||
ipAddress = "46.4.114.247";
|
|
||||||
prefixLength = 27;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
# TODO use this network config
|
|
||||||
#networking.interfaces.et0.ipv4.addresses = [
|
|
||||||
# {
|
|
||||||
# address = config.krebs.build.host.nets.internet.ip4.addr;
|
|
||||||
# prefixLength = 27;
|
|
||||||
# }
|
|
||||||
# {
|
|
||||||
# address = "46.4.114.243";
|
|
||||||
# prefixLength = 27;
|
|
||||||
# }
|
|
||||||
#];
|
|
||||||
#networking.defaultGateway = "46.4.114.225";
|
|
||||||
#networking.nameservers = [
|
|
||||||
# "8.8.8.8"
|
|
||||||
#];
|
|
||||||
#services.udev.extraRules = ''
|
|
||||||
# SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
|
|
||||||
#'';
|
|
||||||
}
|
|
||||||
{
|
|
||||||
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
|
|
||||||
|
|
||||||
networking.hostId = "fb4173ea";
|
|
||||||
boot.loader.grub = {
|
|
||||||
devices = [
|
|
||||||
"/dev/sda"
|
|
||||||
"/dev/sdb"
|
|
||||||
];
|
|
||||||
splashImage = null;
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [
|
|
||||||
"ata_piix"
|
|
||||||
"vmw_pvscsi"
|
|
||||||
"ahci" "sd_mod"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
|
||||||
sound.enable = false;
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
fileSystems."/" = {
|
||||||
device = "rpool/root/nixos";
|
device = "rpool/root/nixos";
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/home" = {
|
|
||||||
device = "rpool/home";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" = {
|
fileSystems."/boot" = {
|
||||||
device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d";
|
device = "/dev/disk/by-uuid/d155d6ff-8e89-4876-a9e7-d1b7ba6a4804";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
fileSystems."/srv/http" = {
|
||||||
];
|
device = "tank/srv-http";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/download" = {
|
||||||
|
device = "tank/download";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/lib/containers" = {
|
||||||
|
device = "tank/containers";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/home" = {
|
||||||
|
device = "tank/home";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
nix.maxJobs = lib.mkDefault 8;
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
|
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.version = 2;
|
||||||
|
boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
|
||||||
|
|
||||||
|
boot.kernelParams = [ "net.ifnames=0" ];
|
||||||
|
networking = {
|
||||||
|
hostId = "2283aaae";
|
||||||
|
defaultGateway = "95.216.1.129";
|
||||||
|
# Use google's public DNS server
|
||||||
|
nameservers = [ "8.8.8.8" ];
|
||||||
|
interfaces.eth0 = {
|
||||||
|
ipAddress = "95.216.1.150";
|
||||||
|
prefixLength = 26;
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
@ -16,6 +16,7 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/wine.nix>
|
<stockholm/lass/2configs/wine.nix>
|
||||||
<stockholm/lass/2configs/bitcoin.nix>
|
<stockholm/lass/2configs/bitcoin.nix>
|
||||||
<stockholm/lass/2configs/backup.nix>
|
<stockholm/lass/2configs/backup.nix>
|
||||||
|
<stockholm/lass/2configs/blue-host.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.shodan;
|
krebs.build.host = config.krebs.hosts.shodan;
|
||||||
|
@ -5,42 +5,36 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass>
|
<stockholm/lass>
|
||||||
|
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
#<stockholm/lass/2configs/exim-retiolum.nix>
|
|
||||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||||
|
<stockholm/lass/2configs/blue-host.nix>
|
||||||
|
<stockholm/lass/2configs/power-action.nix>
|
||||||
{
|
{
|
||||||
# discordius config
|
|
||||||
services.xserver.enable = true;
|
services.xserver.enable = true;
|
||||||
|
services.xserver.desktopManager.xfce.enable = true;
|
||||||
|
|
||||||
users.users.discordius = {
|
users.users.discordius = {
|
||||||
uid = genid "discordius";
|
uid = genid "diskordius";
|
||||||
home = "/home/discordius";
|
isNormalUser = true;
|
||||||
group = "users";
|
|
||||||
createHome = true;
|
|
||||||
extraGroups = [
|
extraGroups = [
|
||||||
"audio"
|
"audio"
|
||||||
"networkmanager"
|
"networkmanager"
|
||||||
];
|
];
|
||||||
useDefaultShell = true;
|
|
||||||
};
|
};
|
||||||
networking.networkmanager.enable = true;
|
environment.systemPackages = with pkgs; [
|
||||||
networking.wireless.enable = mkForce false;
|
google-chrome
|
||||||
|
];
|
||||||
hardware.pulseaudio = {
|
hardware.pulseaudio = {
|
||||||
enable = true;
|
enable = true;
|
||||||
systemWide = true;
|
systemWide = true;
|
||||||
};
|
};
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
pavucontrol
|
|
||||||
firefox
|
|
||||||
hexchat
|
|
||||||
networkmanagerapplet
|
|
||||||
];
|
|
||||||
services.xserver.desktopManager.gnome3 = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.skynet;
|
krebs.build.host = config.krebs.hosts.skynet;
|
||||||
|
|
||||||
|
networking.wireless.enable = false;
|
||||||
|
networking.networkmanager.enable = true;
|
||||||
|
|
||||||
services.logind.extraConfig = ''
|
services.logind.extraConfig = ''
|
||||||
HandleLidSwitch=ignore
|
HandleLidSwitch=ignore
|
||||||
'';
|
'';
|
||||||
|
@ -1,10 +1,27 @@
|
|||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./config.nix
|
./config.nix
|
||||||
<stockholm/lass/2configs/hw/x220.nix>
|
<stockholm/krebs/2configs/hw/x220.nix>
|
||||||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
|
||||||
];
|
];
|
||||||
|
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.version = 2;
|
||||||
|
boot.loader.grub.efiSupport = true;
|
||||||
|
boot.loader.grub.efiInstallAsRemovable = true;
|
||||||
|
boot.loader.grub.device = "nodev";
|
||||||
|
|
||||||
|
networking.hostId = "06442b9a";
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "rpool/root";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{ device = "/dev/disk/by-uuid/0876-B308";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
services.udev.extraRules = ''
|
services.udev.extraRules = ''
|
||||||
SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0"
|
SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0"
|
||||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0"
|
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0"
|
||||||
|
140
lass/1systems/yellow/config.nix
Normal file
140
lass/1systems/yellow/config.nix
Normal file
@ -0,0 +1,140 @@
|
|||||||
|
with import <stockholm/lib>;
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
<stockholm/lass>
|
||||||
|
<stockholm/lass/2configs>
|
||||||
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
|
];
|
||||||
|
|
||||||
|
krebs.build.host = config.krebs.hosts.yellow;
|
||||||
|
|
||||||
|
system.activationScripts.downloadFolder = ''
|
||||||
|
mkdir -p /var/download
|
||||||
|
chown download:download /var/download
|
||||||
|
chmod 775 /var/download
|
||||||
|
'';
|
||||||
|
|
||||||
|
users.users.download = { uid = genid "download"; };
|
||||||
|
users.groups.download.members = [ "transmission" ];
|
||||||
|
users.users.transmission.group = mkForce "download";
|
||||||
|
|
||||||
|
systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ];
|
||||||
|
services.transmission = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
download-dir = "/var/download/finished";
|
||||||
|
incomplete-dir = "/var/download/incoming";
|
||||||
|
incomplete-dir-enable = true;
|
||||||
|
umask = "002";
|
||||||
|
rpc-whitelist-enabled = false;
|
||||||
|
rpc-host-whitelist-enabled = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts."yellow.r".locations."/dl".extraConfig = ''
|
||||||
|
autoindex on;
|
||||||
|
alias /var/download/finished;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.iptables = {
|
||||||
|
enable = true;
|
||||||
|
tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.openvpn.servers.nordvpn.config = ''
|
||||||
|
client
|
||||||
|
dev tun
|
||||||
|
proto udp
|
||||||
|
remote 82.102.16.229 1194
|
||||||
|
resolv-retry infinite
|
||||||
|
remote-random
|
||||||
|
nobind
|
||||||
|
tun-mtu 1500
|
||||||
|
tun-mtu-extra 32
|
||||||
|
mssfix 1450
|
||||||
|
persist-key
|
||||||
|
persist-tun
|
||||||
|
ping 15
|
||||||
|
ping-restart 0
|
||||||
|
ping-timer-rem
|
||||||
|
reneg-sec 0
|
||||||
|
comp-lzo no
|
||||||
|
|
||||||
|
explicit-exit-notify 3
|
||||||
|
|
||||||
|
remote-cert-tls server
|
||||||
|
|
||||||
|
#mute 10000
|
||||||
|
auth-user-pass ${toString <secrets/nordvpn.txt>}
|
||||||
|
|
||||||
|
verb 3
|
||||||
|
pull
|
||||||
|
fast-io
|
||||||
|
cipher AES-256-CBC
|
||||||
|
auth SHA512
|
||||||
|
|
||||||
|
<ca>
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
|
||||||
|
VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH
|
||||||
|
Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw
|
||||||
|
bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y
|
||||||
|
ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG
|
||||||
|
A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT
|
||||||
|
B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2
|
||||||
|
cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v
|
||||||
|
cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG
|
||||||
|
UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny
|
||||||
|
mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X
|
||||||
|
+D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT
|
||||||
|
ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI
|
||||||
|
583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA
|
||||||
|
VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT
|
||||||
|
Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh
|
||||||
|
MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ
|
||||||
|
MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy
|
||||||
|
Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW
|
||||||
|
EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG
|
||||||
|
SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ
|
||||||
|
e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW
|
||||||
|
//DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB
|
||||||
|
wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB
|
||||||
|
KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p
|
||||||
|
lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
</ca>
|
||||||
|
key-direction 1
|
||||||
|
<tls-auth>
|
||||||
|
#
|
||||||
|
# 2048 bit OpenVPN static key
|
||||||
|
#
|
||||||
|
-----BEGIN OpenVPN Static key V1-----
|
||||||
|
49b2f54c6ee58d2d97331681bb577d55
|
||||||
|
054f56d92b743c31e80b684de0388702
|
||||||
|
ad3bf51088cd88f3fac7eb0729f2263c
|
||||||
|
51d82a6eb7e2ed4ae6dfa65b1ac764d0
|
||||||
|
b9dedf1379c1b29b36396d64cb6fd6b2
|
||||||
|
e61f869f9a13001dadc02db171f04c4d
|
||||||
|
c46d1132c1f31709e7b54a6eabae3ea8
|
||||||
|
fbd2681363c185f4cb1be5aa42a27c31
|
||||||
|
21db7b2187fd11c1acf224a0d5a44466
|
||||||
|
b4b5a3cc34ec0227fe40007e8b379654
|
||||||
|
f1e8e2b63c6b46ee7ab6f1bd82f57837
|
||||||
|
92c209e8f25bc9ed493cb5c1d891ae72
|
||||||
|
7f54f4693c5b20f136ca23e639fd8ea0
|
||||||
|
865b4e22dd2af43e13e6b075f12427b2
|
||||||
|
08af9ffd09c56baa694165f57fe2697a
|
||||||
|
3377fa34aebcba587c79941d83deaf45
|
||||||
|
-----END OpenVPN Static key V1-----
|
||||||
|
</tls-auth>
|
||||||
|
'';
|
||||||
|
}
|
8
lass/1systems/yellow/physical.nix
Normal file
8
lass/1systems/yellow/physical.nix
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
];
|
||||||
|
boot.isContainer = true;
|
||||||
|
networking.useDHCP = false;
|
||||||
|
environment.variables.NIX_REMOTE = "daemon";
|
||||||
|
}
|
@ -126,6 +126,12 @@ in {
|
|||||||
restartIfChanged = false;
|
restartIfChanged = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nixpkgs.config.packageOverrides = super: {
|
||||||
|
dmenu = pkgs.writeDashBin "dmenu" ''
|
||||||
|
${pkgs.fzfmenu}/bin/fzfmenu "$@"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
krebs.xresources.enable = true;
|
krebs.xresources.enable = true;
|
||||||
lass.screenlock.enable = true;
|
lass.screenlock.enable = true;
|
||||||
}
|
}
|
||||||
|
@ -25,6 +25,14 @@
|
|||||||
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
virtualHosts."cache.krebsco.de" = {
|
||||||
|
forceSSL = true;
|
||||||
|
serverAliases = [ "cache.lassul.us" ];
|
||||||
|
enableACME = true;
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,23 +1,115 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
|
let
|
||||||
|
all_hosts = [
|
||||||
|
"icarus"
|
||||||
|
"shodan"
|
||||||
|
"daedalus"
|
||||||
|
"skynet"
|
||||||
|
"prism"
|
||||||
|
];
|
||||||
|
remote_hosts = filter (h: h != config.networking.hostName) all_hosts;
|
||||||
|
|
||||||
{
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/lass/2configs/container-networking.nix>
|
<stockholm/lass/2configs/container-networking.nix>
|
||||||
];
|
{ #hack for already defined
|
||||||
systemd.services."container@blue".reloadIfChanged = mkForce false;
|
systemd.services."container@blue".reloadIfChanged = mkForce false;
|
||||||
|
systemd.services."container@blue".preStart = ''
|
||||||
|
${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
|
||||||
|
'';
|
||||||
|
systemd.services."container@blue".preStop = ''
|
||||||
|
/run/wrappers/bin/fusermount -u /var/lib/containers/blue
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
system.activationScripts.containerPermissions = ''
|
||||||
|
mkdir -p /var/lib/containers
|
||||||
|
chmod 711 /var/lib/containers
|
||||||
|
'';
|
||||||
|
|
||||||
containers.blue = {
|
containers.blue = {
|
||||||
config = { ... }: {
|
config = { ... }: {
|
||||||
environment.systemPackages = [ pkgs.git ];
|
environment.systemPackages = [
|
||||||
|
pkgs.git
|
||||||
|
pkgs.rxvt_unicode.terminfo
|
||||||
|
];
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
config.krebs.users.lass.pubkey
|
config.krebs.users.lass.pubkey
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
autoStart = true;
|
autoStart = false;
|
||||||
enableTun = true;
|
enableTun = true;
|
||||||
privateNetwork = true;
|
privateNetwork = true;
|
||||||
hostAddress = "10.233.2.9";
|
hostAddress = "10.233.2.9";
|
||||||
localAddress = "10.233.2.10";
|
localAddress = "10.233.2.10";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
systemd.services = builtins.listToAttrs (map (host:
|
||||||
|
let
|
||||||
|
in nameValuePair "sync-blue-${host}" {
|
||||||
|
bindsTo = [ "container@blue.service" ];
|
||||||
|
wantedBy = [ "container@blue.service" ];
|
||||||
|
# ssh needed for rsync
|
||||||
|
path = [ pkgs.openssh ];
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = 10;
|
||||||
|
ExecStart = pkgs.writeDash "sync-blue-${host}" ''
|
||||||
|
set -efu
|
||||||
|
#make sure blue is running
|
||||||
|
/run/wrappers/bin/ping -c1 blue.r > /dev/null
|
||||||
|
|
||||||
|
#make sure the container is unlocked
|
||||||
|
${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
|
||||||
|
|
||||||
|
#make sure our target is reachable
|
||||||
|
${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null
|
||||||
|
|
||||||
|
#start sync
|
||||||
|
${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" ''
|
||||||
|
settings {
|
||||||
|
nodaemon = true,
|
||||||
|
inotifyMode = "CloseWrite or Modify",
|
||||||
|
}
|
||||||
|
sync {
|
||||||
|
default.rsyncssh,
|
||||||
|
source = "/var/lib/containers/.blue",
|
||||||
|
host = "${host}.r",
|
||||||
|
targetdir = "/var/lib/containers/.blue",
|
||||||
|
rsync = {
|
||||||
|
archive = true,
|
||||||
|
owner = true,
|
||||||
|
group = true,
|
||||||
|
};
|
||||||
|
ssh = {
|
||||||
|
binary = "${pkgs.openssh}/bin/ssh";
|
||||||
|
identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
''}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
|
||||||
|
}
|
||||||
|
) remote_hosts);
|
||||||
|
|
||||||
|
environment.systemPackages = [
|
||||||
|
(pkgs.writeDashBin "start-blue" ''
|
||||||
|
set -ef
|
||||||
|
if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then
|
||||||
|
${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue
|
||||||
|
fi
|
||||||
|
nixos-container start blue
|
||||||
|
nixos-container run blue -- nixos-rebuild -I /var/src dry-build
|
||||||
|
if ping -c1 blue.r >/dev/null; then
|
||||||
|
echo 'blue is already running. bailing out'
|
||||||
|
exit 23
|
||||||
|
fi
|
||||||
|
nixos-container run blue -- nixos-rebuild -I /var/src switch
|
||||||
|
'')
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
@ -15,6 +15,7 @@ with (import <stockholm/lib>);
|
|||||||
dic
|
dic
|
||||||
nmap
|
nmap
|
||||||
git-preview
|
git-preview
|
||||||
|
l-gen-secrets
|
||||||
];
|
];
|
||||||
|
|
||||||
services.tor.enable = true;
|
services.tor.enable = true;
|
||||||
|
@ -19,5 +19,9 @@ with import <stockholm/lib>;
|
|||||||
"slash16.net"
|
"slash16.net"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
system.activationScripts.user-shadow = ''
|
||||||
|
${pkgs.coreutils}/bin/chmod +x /home/ciko
|
||||||
|
'';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,65 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
|
|
||||||
{
|
|
||||||
users.extraUsers = {
|
|
||||||
download = {
|
|
||||||
name = "download";
|
|
||||||
home = "/var/download";
|
|
||||||
createHome = true;
|
|
||||||
useDefaultShell = true;
|
|
||||||
extraGroups = [
|
|
||||||
"download"
|
|
||||||
];
|
|
||||||
openssh.authorizedKeys.keys = with config.krebs.users; [
|
|
||||||
lass.pubkey
|
|
||||||
lass-shodan.pubkey
|
|
||||||
lass-icarus.pubkey
|
|
||||||
lass-daedalus.pubkey
|
|
||||||
lass-helios.pubkey
|
|
||||||
makefu.pubkey
|
|
||||||
wine-mors.pubkey
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
transmission = {
|
|
||||||
extraGroups = [
|
|
||||||
"download"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
users.extraGroups = {
|
|
||||||
download = {
|
|
||||||
members = [
|
|
||||||
"download"
|
|
||||||
"transmission"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
krebs.rtorrent = {
|
|
||||||
enable = true;
|
|
||||||
web = {
|
|
||||||
enable = true;
|
|
||||||
port = 9091;
|
|
||||||
basicAuth = import <secrets/torrent-auth>;
|
|
||||||
};
|
|
||||||
rutorrent.enable = true;
|
|
||||||
enableXMLRPC = true;
|
|
||||||
listenPort = 51413;
|
|
||||||
downloadDir = "/var/download/finished";
|
|
||||||
# dump old torrents into watch folder to have them re-added
|
|
||||||
watchDir = "/var/download/watch";
|
|
||||||
};
|
|
||||||
|
|
||||||
krebs.iptables = {
|
|
||||||
enable = true;
|
|
||||||
tables.filter.INPUT.rules = [
|
|
||||||
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
|
|
||||||
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
|
|
||||||
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
@ -90,6 +90,10 @@ with import <stockholm/lib>;
|
|||||||
{ from = "afra@lassul.us"; to = lass.mail; }
|
{ from = "afra@lassul.us"; to = lass.mail; }
|
||||||
{ from = "ksp@lassul.us"; to = lass.mail; }
|
{ from = "ksp@lassul.us"; to = lass.mail; }
|
||||||
{ from = "ccc@lassul.us"; to = lass.mail; }
|
{ from = "ccc@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "neocron@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "osmocom@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "lesswrong@lassul.us"; to = lass.mail; }
|
||||||
|
{ from = "nordvpn@lassul.us"; to = lass.mail; }
|
||||||
];
|
];
|
||||||
system-aliases = [
|
system-aliases = [
|
||||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||||
|
@ -6,8 +6,7 @@ in {
|
|||||||
krebs.fetchWallpaper = {
|
krebs.fetchWallpaper = {
|
||||||
enable = true;
|
enable = true;
|
||||||
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
|
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
|
||||||
url = "prism/realwallpaper-sat-krebs.png";
|
url = "prism/realwallpaper-krebs.png";
|
||||||
maxTime = 10;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -75,6 +75,8 @@ in {
|
|||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
ftb
|
ftb
|
||||||
minecraft
|
minecraft
|
||||||
|
steam-run
|
||||||
|
dolphinEmu
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -21,6 +21,10 @@ let
|
|||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
|
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
|
|
||||||
|
system.activationScripts.spool-chmod = ''
|
||||||
|
${pkgs.coreutils}/bin/chmod +x /var/spool
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
cgit-clear-cache = pkgs.cgit-clear-cache.override {
|
cgit-clear-cache = pkgs.cgit-clear-cache.override {
|
||||||
|
@ -31,6 +31,7 @@ let
|
|||||||
'';
|
'';
|
||||||
|
|
||||||
mailboxes = {
|
mailboxes = {
|
||||||
|
afra = [ "to:afra@afra-berlin.de" ];
|
||||||
c-base = [ "to:c-base.org" ];
|
c-base = [ "to:c-base.org" ];
|
||||||
coins = [
|
coins = [
|
||||||
"to:btce@lassul.us"
|
"to:btce@lassul.us"
|
||||||
@ -46,12 +47,15 @@ let
|
|||||||
];
|
];
|
||||||
dezentrale = [ "to:dezentrale.space" ];
|
dezentrale = [ "to:dezentrale.space" ];
|
||||||
dhl = [ "to:dhl@lassul.us" ];
|
dhl = [ "to:dhl@lassul.us" ];
|
||||||
|
dn42 = [ "to:dn42@lists.nox.tf" ];
|
||||||
eloop = [ "to:eloop.org" ];
|
eloop = [ "to:eloop.org" ];
|
||||||
github = [ "to:github@lassul.us" ];
|
github = [ "to:github@lassul.us" ];
|
||||||
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
|
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
|
||||||
|
india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ];
|
||||||
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
|
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
|
||||||
lugs = [ "to:lugs@lug-s.org" ];
|
lugs = [ "to:lugs@lug-s.org" ];
|
||||||
nix-devel = [ "to:nix-devel@googlegroups.com" ];
|
meetup = [ "to:meetup@lassul.us" ];
|
||||||
|
nix = [ "to:nix-devel@googlegroups.com" "to:nix@lassul.us" ];
|
||||||
patreon = [ "to:patreon@lassul.us" ];
|
patreon = [ "to:patreon@lassul.us" ];
|
||||||
paypal = [ "to:paypal@lassul.us" ];
|
paypal = [ "to:paypal@lassul.us" ];
|
||||||
ptl = [ "to:ptl@posttenebraslab.ch" ];
|
ptl = [ "to:ptl@posttenebraslab.ch" ];
|
||||||
@ -170,6 +174,16 @@ let
|
|||||||
macro pager a "<modify-labels>-archive\n" # tag as Archived
|
macro pager a "<modify-labels>-archive\n" # tag as Archived
|
||||||
|
|
||||||
|
|
||||||
|
bind index U noop
|
||||||
|
bind index u noop
|
||||||
|
bind pager U noop
|
||||||
|
bind pager u noop
|
||||||
|
macro index U "<modify-labels>+unread\n"
|
||||||
|
macro index u "<modify-labels>-unread\n"
|
||||||
|
macro pager U "<modify-labels>+unread\n"
|
||||||
|
macro pager u "<modify-labels>-unread\n"
|
||||||
|
|
||||||
|
|
||||||
bind index t noop
|
bind index t noop
|
||||||
bind pager t noop
|
bind pager t noop
|
||||||
macro index t "<modify-labels>" # tag as Archived
|
macro index t "<modify-labels>" # tag as Archived
|
||||||
|
@ -177,7 +177,8 @@
|
|||||||
addr = "0.0.0.0";
|
addr = "0.0.0.0";
|
||||||
domain = "grafana.example.com";
|
domain = "grafana.example.com";
|
||||||
rootUrl = "https://grafana.example.com/";
|
rootUrl = "https://grafana.example.com/";
|
||||||
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
|
auth.anonymous.enable = true;
|
||||||
|
auth.anonymous.org_role = "Admin";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.logstash = {
|
services.logstash = {
|
||||||
|
@ -60,10 +60,25 @@ in {
|
|||||||
group = "radio";
|
group = "radio";
|
||||||
musicDirectory = "/home/radio/the_playlist/music";
|
musicDirectory = "/home/radio/the_playlist/music";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
audio_output {
|
||||||
|
type "shout"
|
||||||
|
encoding "lame"
|
||||||
|
name "the_playlist_mp3"
|
||||||
|
host "localhost"
|
||||||
|
port "8000"
|
||||||
|
mount "/radio.mp3"
|
||||||
|
password "${source-password}"
|
||||||
|
bitrate "128"
|
||||||
|
|
||||||
|
format "44100:16:2"
|
||||||
|
|
||||||
|
user "source"
|
||||||
|
genre "good music"
|
||||||
|
}
|
||||||
audio_output {
|
audio_output {
|
||||||
type "shout"
|
type "shout"
|
||||||
encoding "ogg"
|
encoding "ogg"
|
||||||
name "the_playlist"
|
name "the_playlist_ogg"
|
||||||
host "localhost"
|
host "localhost"
|
||||||
port "8000"
|
port "8000"
|
||||||
mount "/radio.ogg"
|
mount "/radio.ogg"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ config, lib, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
hostname = config.krebs.build.host.name;
|
hostname = config.krebs.build.host.name;
|
||||||
@ -9,6 +9,9 @@ let
|
|||||||
in {
|
in {
|
||||||
krebs.realwallpaper.enable = true;
|
krebs.realwallpaper.enable = true;
|
||||||
|
|
||||||
|
system.activationScripts.user-shadow = ''
|
||||||
|
${pkgs.coreutils}/bin/chmod +x /var/realwallpaper
|
||||||
|
'';
|
||||||
services.nginx.virtualHosts.wallpaper = {
|
services.nginx.virtualHosts.wallpaper = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
|
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
|
||||||
@ -22,10 +25,7 @@ in {
|
|||||||
locations."/realwallpaper.png".extraConfig = ''
|
locations."/realwallpaper.png".extraConfig = ''
|
||||||
root /var/realwallpaper/;
|
root /var/realwallpaper/;
|
||||||
'';
|
'';
|
||||||
locations."/realwallpaper-sat.png".extraConfig = ''
|
locations."/realwallpaper-krebs.png".extraConfig = ''
|
||||||
root /var/realwallpaper/;
|
|
||||||
'';
|
|
||||||
locations."/realwallpaper-sat-krebs.png".extraConfig = ''
|
|
||||||
root /var/realwallpaper/;
|
root /var/realwallpaper/;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -139,6 +139,13 @@ in {
|
|||||||
ssl_key = "/var/lib/acme/lassul.us/key.pem";
|
ssl_key = "/var/lib/acme/lassul.us/key.pem";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.users.xanf = {
|
||||||
|
uid = genid_uint31 "xanf";
|
||||||
|
home = "/home/xanf";
|
||||||
|
useDefaultShell = true;
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
|
||||||
users.users.domsen = {
|
users.users.domsen = {
|
||||||
uid = genid_uint31 "domsen";
|
uid = genid_uint31 "domsen";
|
||||||
description = "maintenance acc for domsen";
|
description = "maintenance acc for domsen";
|
||||||
|
@ -1,70 +0,0 @@
|
|||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
let
|
|
||||||
inherit (import <stockholm/lib>)
|
|
||||||
genid
|
|
||||||
head
|
|
||||||
;
|
|
||||||
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
|
|
||||||
servePage
|
|
||||||
serveWordpress
|
|
||||||
;
|
|
||||||
|
|
||||||
msmtprc = pkgs.writeText "msmtprc" ''
|
|
||||||
account default
|
|
||||||
host localhost
|
|
||||||
'';
|
|
||||||
|
|
||||||
sendmail = pkgs.writeDash "msmtp" ''
|
|
||||||
exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
|
|
||||||
'';
|
|
||||||
|
|
||||||
in {
|
|
||||||
|
|
||||||
services.nginx.enable = true;
|
|
||||||
|
|
||||||
imports = [
|
|
||||||
./default.nix
|
|
||||||
./sqlBackup.nix
|
|
||||||
|
|
||||||
(serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ])
|
|
||||||
|
|
||||||
(serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ])
|
|
||||||
|
|
||||||
(serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
|
|
||||||
|
|
||||||
(servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
|
|
||||||
|
|
||||||
(serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
|
|
||||||
|
|
||||||
(serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
|
|
||||||
|
|
||||||
(serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
|
|
||||||
];
|
|
||||||
|
|
||||||
lass.mysqlBackup.config.all.databases = [
|
|
||||||
"eastuttgart_de"
|
|
||||||
"radical_dreamers_de"
|
|
||||||
"spielwaren_kern_de"
|
|
||||||
"ttf_kleinaspach_de"
|
|
||||||
];
|
|
||||||
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
|
||||||
config.krebs.users.fritz.pubkey
|
|
||||||
];
|
|
||||||
|
|
||||||
users.users.goldbarrendiebstahl = {
|
|
||||||
home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de";
|
|
||||||
uid = genid "goldbarrendiebstahl";
|
|
||||||
createHome = true;
|
|
||||||
useDefaultShell = true;
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
config.krebs.users.fritz.pubkey
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.phpfpm.phpOptions = ''
|
|
||||||
sendmail_path = ${sendmail} -t
|
|
||||||
'';
|
|
||||||
}
|
|
@ -66,22 +66,6 @@ in {
|
|||||||
locations."/tinc".extraConfig = ''
|
locations."/tinc".extraConfig = ''
|
||||||
alias ${config.krebs.tinc_graphs.workingDir}/external;
|
alias ${config.krebs.tinc_graphs.workingDir}/external;
|
||||||
'';
|
'';
|
||||||
locations."/urlaubyay2018".extraConfig = ''
|
|
||||||
autoindex on;
|
|
||||||
alias /srv/http/lassul.us-media/india2018;
|
|
||||||
auth_basic "Restricted Content";
|
|
||||||
auth_basic_user_file ${pkgs.writeText "pics-user-pass" ''
|
|
||||||
paolo:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0
|
|
||||||
''};
|
|
||||||
'';
|
|
||||||
locations."/heilstadt".extraConfig = ''
|
|
||||||
autoindex on;
|
|
||||||
alias /srv/http/lassul.us-media/grabowsee2018;
|
|
||||||
auth_basic "Restricted Content";
|
|
||||||
auth_basic_user_file ${pkgs.writeText "pics-user-pass" ''
|
|
||||||
c-base:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0
|
|
||||||
''};
|
|
||||||
'';
|
|
||||||
locations."/krebspage".extraConfig = ''
|
locations."/krebspage".extraConfig = ''
|
||||||
default_type "text/html";
|
default_type "text/html";
|
||||||
alias ${pkgs.krebspage}/index.html;
|
alias ${pkgs.krebspage}/index.html;
|
||||||
|
@ -11,7 +11,6 @@
|
|||||||
enable = true;
|
enable = true;
|
||||||
dataDir = "/var/mysql";
|
dataDir = "/var/mysql";
|
||||||
package = pkgs.mariadb;
|
package = pkgs.mariadb;
|
||||||
rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.mysql = {
|
systemd.services.mysql = {
|
||||||
|
@ -87,7 +87,6 @@ in /* yaml */ ''
|
|||||||
mod_configure: {}
|
mod_configure: {}
|
||||||
mod_disco: {}
|
mod_disco: {}
|
||||||
mod_echo: {}
|
mod_echo: {}
|
||||||
mod_irc: {}
|
|
||||||
mod_bosh: {}
|
mod_bosh: {}
|
||||||
mod_last: {}
|
mod_last: {}
|
||||||
mod_offline:
|
mod_offline:
|
||||||
@ -96,9 +95,9 @@ in /* yaml */ ''
|
|||||||
mod_privacy: {}
|
mod_privacy: {}
|
||||||
mod_private: {}
|
mod_private: {}
|
||||||
mod_register:
|
mod_register:
|
||||||
access_from: deny
|
access_from: allow
|
||||||
access: register
|
access: register
|
||||||
ip_access: trusted_network
|
# ip_access: trusted_network
|
||||||
registration_watchers: ${toJSON config.registration_watchers}
|
registration_watchers: ${toJSON config.registration_watchers}
|
||||||
mod_roster: {}
|
mod_roster: {}
|
||||||
mod_shared_roster: {}
|
mod_shared_roster: {}
|
||||||
|
@ -25,6 +25,8 @@ import Control.Monad.Extra (whenJustM)
|
|||||||
import Data.List (isInfixOf)
|
import Data.List (isInfixOf)
|
||||||
import Data.Monoid (Endo)
|
import Data.Monoid (Endo)
|
||||||
import System.Environment (getArgs, lookupEnv)
|
import System.Environment (getArgs, lookupEnv)
|
||||||
|
import System.Exit (exitFailure)
|
||||||
|
import System.IO (hPutStrLn, stderr)
|
||||||
import System.Posix.Process (executeFile)
|
import System.Posix.Process (executeFile)
|
||||||
import XMonad.Actions.CopyWindow (copy, kill1)
|
import XMonad.Actions.CopyWindow (copy, kill1)
|
||||||
import XMonad.Actions.CycleWS (toggleWS)
|
import XMonad.Actions.CycleWS (toggleWS)
|
||||||
@ -36,7 +38,7 @@ import XMonad.Hooks.EwmhDesktops (ewmh)
|
|||||||
import XMonad.Hooks.FloatNext (floatNext)
|
import XMonad.Hooks.FloatNext (floatNext)
|
||||||
import XMonad.Hooks.FloatNext (floatNextHook)
|
import XMonad.Hooks.FloatNext (floatNextHook)
|
||||||
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
|
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
|
||||||
import XMonad.Hooks.Place (placeHook, smart)
|
import XMonad.Hooks.ManageHelpers (composeOne, doCenterFloat, (-?>))
|
||||||
import XMonad.Hooks.UrgencyHook (focusUrgent)
|
import XMonad.Hooks.UrgencyHook (focusUrgent)
|
||||||
import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
|
import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
|
||||||
import XMonad.Layout.FixedColumn (FixedColumn(..))
|
import XMonad.Layout.FixedColumn (FixedColumn(..))
|
||||||
@ -49,7 +51,7 @@ import XMonad.Util.EZConfig (additionalKeysP)
|
|||||||
import XMonad.Util.NamedWindows (getName)
|
import XMonad.Util.NamedWindows (getName)
|
||||||
import XMonad.Util.Run (safeSpawn)
|
import XMonad.Util.Run (safeSpawn)
|
||||||
|
|
||||||
import XMonad.Stockholm.Shutdown (handleShutdownEvent, sendShutdownEvent)
|
import XMonad.Stockholm.Shutdown (newShutdownEventHandler, shutdown)
|
||||||
import XMonad.Stockholm.Pager (defaultWindowColors, pager, MatchMethod(MatchPrefix), PagerConfig(..))
|
import XMonad.Stockholm.Pager (defaultWindowColors, pager, MatchMethod(MatchPrefix), PagerConfig(..))
|
||||||
|
|
||||||
data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show)
|
data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show)
|
||||||
@ -69,18 +71,20 @@ myFont = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"
|
|||||||
|
|
||||||
main :: IO ()
|
main :: IO ()
|
||||||
main = getArgs >>= \case
|
main = getArgs >>= \case
|
||||||
["--shutdown"] -> sendShutdownEvent
|
[] -> main'
|
||||||
_ -> main'
|
["--shutdown"] -> shutdown
|
||||||
|
args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure
|
||||||
|
|
||||||
main' :: IO ()
|
main' :: IO ()
|
||||||
main' = do
|
main' = do
|
||||||
|
handleShutdownEvent <- newShutdownEventHandler
|
||||||
xmonad $ ewmh
|
xmonad $ ewmh
|
||||||
$ withUrgencyHook LibNotifyUrgencyHook
|
$ withUrgencyHook LibNotifyUrgencyHook
|
||||||
$ def
|
$ def
|
||||||
{ terminal = myTerm
|
{ terminal = myTerm
|
||||||
, modMask = mod4Mask
|
, modMask = mod4Mask
|
||||||
, layoutHook = smartBorders $ myLayoutHook
|
, layoutHook = smartBorders $ myLayoutHook
|
||||||
, manageHook = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks
|
, manageHook = floatHooks <+> floatNextHook
|
||||||
, startupHook =
|
, startupHook =
|
||||||
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
|
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
|
||||||
(\path -> forkFile path [] Nothing)
|
(\path -> forkFile path [] Nothing)
|
||||||
@ -95,13 +99,12 @@ myLayoutHook = defLayout
|
|||||||
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
|
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
|
||||||
|
|
||||||
floatHooks :: Query (Endo WindowSet)
|
floatHooks :: Query (Endo WindowSet)
|
||||||
floatHooks = composeAll . concat $
|
floatHooks = composeOne
|
||||||
[ [ title =? t --> doFloat | t <- myTitleFloats]
|
[ className =? "Pinentry" -?> doCenterFloat
|
||||||
, [ className =? c --> doFloat | c <- myClassFloats ] ]
|
, title =? "fzfmenu" -?> doCenterFloat
|
||||||
where
|
, title =? "glxgears" -?> doCenterFloat
|
||||||
myTitleFloats = []
|
, resource =? "Dialog" -?> doFloat
|
||||||
myClassFloats = ["Pinentry"] -- for gpg passphrase entry
|
]
|
||||||
|
|
||||||
|
|
||||||
myKeyMap :: [([Char], X ())]
|
myKeyMap :: [([Char], X ())]
|
||||||
myKeyMap =
|
myKeyMap =
|
||||||
@ -110,6 +113,7 @@ myKeyMap =
|
|||||||
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
|
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
|
||||||
, ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
|
, ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
|
||||||
, ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type")
|
, ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type")
|
||||||
|
, ("M4-z", spawn "${pkgs.emot-menu}/bin/emoticons")
|
||||||
|
|
||||||
, ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle")
|
, ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle")
|
||||||
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
|
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
|
||||||
@ -159,6 +163,9 @@ myKeyMap =
|
|||||||
, ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
|
, ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
|
||||||
, ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
|
, ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
|
||||||
|
|
||||||
|
, ("M4-<F9>", spawn "${pkgs.redshift}/bin/redshift -O 4000 -g 0.9:0.8:0.8")
|
||||||
|
, ("M4-<F10>", spawn "${pkgs.redshift}/bin/redshift -x")
|
||||||
|
|
||||||
, ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
|
, ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
|
||||||
|
|
||||||
, ("M4-s", spawn "${pkgs.knav}/bin/knav")
|
, ("M4-s", spawn "${pkgs.knav}/bin/knav")
|
||||||
|
31
lass/5pkgs/emot-menu/default.nix
Normal file
31
lass/5pkgs/emot-menu/default.nix
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
{ coreutils, dmenu, gnused, writeDashBin, writeText, xdotool }: let
|
||||||
|
|
||||||
|
emoticons = writeText "emoticons" ''
|
||||||
|
¯\(°_o)/¯ | dunno lol shrug dlol
|
||||||
|
¯\_(ツ)_/¯ | dunno lol shrug dlol
|
||||||
|
( ͡° ͜ʖ ͡°) | lenny
|
||||||
|
¯\_( ͡° ͜ʖ ͡°)_/¯ | lenny shrug dlol
|
||||||
|
( ゚д゚) | aaah sad noo
|
||||||
|
ヽ(^o^)丿 | hi yay hello
|
||||||
|
(^o^; | ups hehe
|
||||||
|
(^∇^) | yay
|
||||||
|
┗(`皿´)┛ | angry argh
|
||||||
|
ヾ(^_^) byebye!! | bye
|
||||||
|
<(^.^<) <(^.^)> (>^.^)> (7^.^)7 (>^.^<) | dance
|
||||||
|
(-.-)Zzz... | sleep
|
||||||
|
(∩╹□╹∩) | oh noes woot
|
||||||
|
™ | tm
|
||||||
|
ζ | zeta
|
||||||
|
(╯°□°)╯ ┻━┻ | table flip
|
||||||
|
(」゜ロ゜)」 | why woot
|
||||||
|
'';
|
||||||
|
|
||||||
|
in
|
||||||
|
writeDashBin "emoticons" ''
|
||||||
|
set -efu
|
||||||
|
|
||||||
|
data=$(${coreutils}/bin/cat ${emoticons})
|
||||||
|
emoticon=$(echo "$data" | ${dmenu}/bin/dmenu | ${gnused}/bin/sed 's/ | .*//')
|
||||||
|
${xdotool}/bin/xdotool type -- "$emoticon"
|
||||||
|
exit 0
|
||||||
|
''
|
45
lass/5pkgs/fzfmenu/default.nix
Normal file
45
lass/5pkgs/fzfmenu/default.nix
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
pkgs.writeDashBin "fzfmenu" ''
|
||||||
|
set -efu
|
||||||
|
PROMPT=">"
|
||||||
|
for i in "$@"
|
||||||
|
do
|
||||||
|
case $i in
|
||||||
|
-p)
|
||||||
|
PROMPT="$2"
|
||||||
|
shift
|
||||||
|
shift
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
-l)
|
||||||
|
# no reason to filter number of lines
|
||||||
|
LINES="$2"
|
||||||
|
shift
|
||||||
|
shift
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
-i)
|
||||||
|
# we do this anyway
|
||||||
|
shift
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Unknown option $1" >&2
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
INPUT=$(${pkgs.coreutils}/bin/cat)
|
||||||
|
OUTPUT="$(${pkgs.coreutils}/bin/mktemp)"
|
||||||
|
${pkgs.rxvt_unicode}/bin/urxvt \
|
||||||
|
-name fzfmenu -title fzfmenu \
|
||||||
|
-e ${pkgs.dash}/bin/dash -c \
|
||||||
|
"echo \"$INPUT\" | ${pkgs.fzf}/bin/fzf \
|
||||||
|
--history=/dev/null \
|
||||||
|
--no-sort \
|
||||||
|
--prompt=\"$PROMPT\" \
|
||||||
|
> \"$OUTPUT\"" 2>/dev/null
|
||||||
|
${pkgs.coreutils}/bin/cat "$OUTPUT"
|
||||||
|
${pkgs.coreutils}/bin/rm "$OUTPUT"
|
||||||
|
''
|
@ -5,8 +5,14 @@
|
|||||||
pkgs
|
pkgs
|
||||||
;
|
;
|
||||||
|
|
||||||
|
host-source = if lib.pathExists (./. + "/1systems/${name}/source.nix") then
|
||||||
|
import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs; }
|
||||||
|
else
|
||||||
|
{}
|
||||||
|
;
|
||||||
|
|
||||||
source = { test }: lib.evalSource [
|
source = { test }: lib.evalSource [
|
||||||
krebs-source
|
(krebs-source { test = test; })
|
||||||
{
|
{
|
||||||
nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
|
nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
|
||||||
secrets = if test then {
|
secrets = if test then {
|
||||||
@ -18,15 +24,24 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
host-source
|
||||||
];
|
];
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
|
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
|
||||||
deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
|
deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
|
||||||
source = source { test = false; };
|
source = source { test = false; };
|
||||||
inherit target;
|
inherit target;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate)
|
||||||
|
populate = { target, force ? false }: pkgs.populate {
|
||||||
|
inherit force;
|
||||||
|
source = source { test = false; };
|
||||||
|
target = lib.mkTarget target;
|
||||||
|
};
|
||||||
|
|
||||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
|
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
|
||||||
test = { target }: pkgs.krops.writeTest "${name}-test" {
|
test = { target }: pkgs.krops.writeTest "${name}-test" {
|
||||||
force = true;
|
force = true;
|
||||||
|
@ -5,6 +5,7 @@ let
|
|||||||
evalSource = import ./eval-source.nix;
|
evalSource = import ./eval-source.nix;
|
||||||
|
|
||||||
git = import ./git.nix { inherit lib; };
|
git = import ./git.nix { inherit lib; };
|
||||||
|
krops = import ../submodules/krops/lib;
|
||||||
shell = import ./shell.nix { inherit lib; };
|
shell = import ./shell.nix { inherit lib; };
|
||||||
types = nixpkgs-lib.types // import ./types.nix { inherit lib; };
|
types = nixpkgs-lib.types // import ./types.nix { inherit lib; };
|
||||||
|
|
||||||
@ -12,8 +13,9 @@ let
|
|||||||
ne = x: y: x != y;
|
ne = x: y: x != y;
|
||||||
mod = x: y: x - y * (x / y);
|
mod = x: y: x - y * (x / y);
|
||||||
|
|
||||||
genid = import ./genid.nix { inherit lib; };
|
genid = lib.genid_uint32; # TODO remove
|
||||||
genid_uint31 = x: ((lib.genid x) + 16777216) / 2;
|
genid_uint31 = x: ((lib.genid_uint32 x) + 16777216) / 2;
|
||||||
|
genid_uint32 = import ./genid.nix { inherit lib; };
|
||||||
|
|
||||||
lpad = n: c: s:
|
lpad = n: c: s:
|
||||||
if lib.stringLength s < n
|
if lib.stringLength s < n
|
||||||
@ -44,6 +46,23 @@ let
|
|||||||
|
|
||||||
indent = replaceChars ["\n"] ["\n "];
|
indent = replaceChars ["\n"] ["\n "];
|
||||||
|
|
||||||
|
mapNixDir = f: x: {
|
||||||
|
list = foldl' mergeAttrs {} (map (mapNixDir1 f) x);
|
||||||
|
path = mapNixDir1 f x;
|
||||||
|
}.${typeOf x};
|
||||||
|
|
||||||
|
mapNixDir1 = f: dirPath:
|
||||||
|
listToAttrs
|
||||||
|
(map
|
||||||
|
(relPath: let
|
||||||
|
name = removeSuffix ".nix" relPath;
|
||||||
|
path = dirPath + "/${relPath}";
|
||||||
|
in
|
||||||
|
nameValuePair name (f path))
|
||||||
|
(filter
|
||||||
|
(name: name != "default.nix" && !hasPrefix "." name)
|
||||||
|
(attrNames (readDir dirPath))));
|
||||||
|
|
||||||
# https://tools.ietf.org/html/rfc5952
|
# https://tools.ietf.org/html/rfc5952
|
||||||
normalize-ip6-addr =
|
normalize-ip6-addr =
|
||||||
let
|
let
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
let
|
let
|
||||||
inherit (lib)
|
inherit (lib)
|
||||||
all any attrNames concatMapStringsSep concatStringsSep const filter flip
|
all any attrNames concatMapStringsSep concatStringsSep const filter flip
|
||||||
genid hasSuffix head isInt isString length mergeOneOption mkOption
|
genid_uint31 hasSuffix head isInt isString length mergeOneOption mkOption
|
||||||
mkOptionType optional optionalAttrs optionals range splitString
|
mkOptionType optional optionalAttrs optionals range splitString
|
||||||
stringLength substring test testString typeOf;
|
stringLength substring test testString typeOf;
|
||||||
inherit (lib.types)
|
inherit (lib.types)
|
||||||
@ -365,7 +365,7 @@ rec {
|
|||||||
};
|
};
|
||||||
uid = mkOption {
|
uid = mkOption {
|
||||||
type = int;
|
type = int;
|
||||||
default = genid config.name;
|
default = genid_uint31 config.name;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
@ -377,7 +377,7 @@ rec {
|
|||||||
};
|
};
|
||||||
gid = mkOption {
|
gid = mkOption {
|
||||||
type = int;
|
type = int;
|
||||||
default = genid config.name;
|
default = genid_uint31 config.name;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
0
makefu/0tests/data/secrets/hass/darksky.apikey
Normal file
0
makefu/0tests/data/secrets/hass/darksky.apikey
Normal file
@ -8,16 +8,21 @@ in {
|
|||||||
imports = [
|
imports = [
|
||||||
<stockholm/makefu>
|
<stockholm/makefu>
|
||||||
./hardware-config.nix
|
./hardware-config.nix
|
||||||
|
{
|
||||||
|
users.users.lass = {
|
||||||
|
uid = 9002;
|
||||||
|
isNormalUser = true;
|
||||||
|
createHome = true;
|
||||||
|
useDefaultShell = true;
|
||||||
|
openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||||
|
lass.pubkey
|
||||||
|
makefu.pubkey
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
<stockholm/makefu/2configs/headless.nix>
|
<stockholm/makefu/2configs/headless.nix>
|
||||||
# <stockholm/makefu/2configs/smart-monitor.nix>
|
# <stockholm/makefu/2configs/smart-monitor.nix>
|
||||||
|
|
||||||
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
|
|
||||||
<stockholm/makefu/2configs/backup.nix>
|
|
||||||
# <stockholm/makefu/2configs/mattermost-docker.nix>
|
|
||||||
# <stockholm/makefu/2configs/disable_v6.nix>
|
|
||||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
|
||||||
|
|
||||||
# Security
|
# Security
|
||||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||||
|
|
||||||
@ -26,83 +31,90 @@ in {
|
|||||||
<stockholm/makefu/2configs/tools/dev.nix>
|
<stockholm/makefu/2configs/tools/dev.nix>
|
||||||
<stockholm/makefu/2configs/tools/sec.nix>
|
<stockholm/makefu/2configs/tools/sec.nix>
|
||||||
<stockholm/makefu/2configs/zsh-user.nix>
|
<stockholm/makefu/2configs/zsh-user.nix>
|
||||||
|
<stockholm/makefu/2configs/mosh.nix>
|
||||||
|
# <stockholm/makefu/2configs/gui/xpra.nix>
|
||||||
|
|
||||||
|
# networking
|
||||||
|
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
|
||||||
|
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
|
||||||
|
#<stockholm/makefu/2configs/dnscrypt/server.nix>
|
||||||
|
<stockholm/makefu/2configs/iodined.nix>
|
||||||
|
# <stockholm/makefu/2configs/backup.nix>
|
||||||
|
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||||
|
|
||||||
|
# ci
|
||||||
|
# <stockholm/makefu/2configs/exim-retiolum.nix>
|
||||||
|
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
|
||||||
|
<stockholm/makefu/2configs/shack/gitlab-runner>
|
||||||
|
<stockholm/makefu/2configs/remote-build/slave.nix>
|
||||||
|
<stockholm/makefu/2configs/taskd.nix>
|
||||||
|
|
||||||
# services
|
# services
|
||||||
<stockholm/makefu/2configs/share/gum.nix>
|
<stockholm/makefu/2configs/sabnzbd.nix>
|
||||||
# <stockholm/makefu/2configs/sabnzbd.nix>
|
<stockholm/makefu/2configs/mail/mail.euer.nix>
|
||||||
<stockholm/makefu/2configs/torrent.nix>
|
|
||||||
<stockholm/makefu/2configs/mosh.nix>
|
|
||||||
# <stockholm/makefu/2configs/retroshare.nix>
|
|
||||||
|
|
||||||
# network
|
# sharing
|
||||||
|
<stockholm/makefu/2configs/share/gum.nix>
|
||||||
|
<stockholm/makefu/2configs/torrent.nix>
|
||||||
|
#<stockholm/makefu/2configs/retroshare.nix>
|
||||||
|
## <stockholm/makefu/2configs/ipfs.nix>
|
||||||
|
#<stockholm/makefu/2configs/syncthing.nix>
|
||||||
|
{ # ncdc
|
||||||
|
environment.systemPackages = [ pkgs.ncdc ];
|
||||||
|
networking.firewall = {
|
||||||
|
allowedUDPPorts = [ 51411 ];
|
||||||
|
allowedTCPPorts = [ 51411 ];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
# <stockholm/makefu/2configs/opentracker.nix>
|
||||||
|
|
||||||
|
## network
|
||||||
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
|
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
|
||||||
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
|
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
|
||||||
<stockholm/makefu/2configs/dnscrypt/server.nix>
|
<stockholm/makefu/2configs/dnscrypt/server.nix>
|
||||||
|
<stockholm/makefu/2configs/binary-cache/server.nix>
|
||||||
|
<stockholm/makefu/2configs/backup/server.nix>
|
||||||
<stockholm/makefu/2configs/iodined.nix>
|
<stockholm/makefu/2configs/iodined.nix>
|
||||||
|
<stockholm/makefu/2configs/bitlbee.nix>
|
||||||
|
<stockholm/makefu/2configs/wireguard/server.nix>
|
||||||
|
|
||||||
# buildbot
|
# Removed until move: no extra mails
|
||||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
<stockholm/makefu/2configs/urlwatch>
|
||||||
|
# Removed until move: avoid letsencrypt ban
|
||||||
## Web
|
### Web
|
||||||
<stockholm/makefu/2configs/nginx/share-download.nix>
|
#<stockholm/makefu/2configs/nginx/share-download.nix>
|
||||||
<stockholm/makefu/2configs/nginx/euer.test.nix>
|
#<stockholm/makefu/2configs/nginx/euer.test.nix>
|
||||||
<stockholm/makefu/2configs/nginx/euer.mon.nix>
|
<stockholm/makefu/2configs/nginx/euer.mon.nix>
|
||||||
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
|
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
|
||||||
<stockholm/makefu/2configs/nginx/euer.blog.nix>
|
<stockholm/makefu/2configs/nginx/euer.blog.nix>
|
||||||
# <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
|
## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
|
||||||
<stockholm/makefu/2configs/nginx/public_html.nix>
|
#<stockholm/makefu/2configs/nginx/public_html.nix>
|
||||||
<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
||||||
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
|
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
|
||||||
|
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
|
||||||
|
<stockholm/makefu/2configs/nginx/iso.euer.nix>
|
||||||
|
<stockholm/makefu/2configs/shack/events-publisher>
|
||||||
|
|
||||||
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
|
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
|
||||||
# <stockholm/makefu/2configs/deployment/graphs.nix>
|
<stockholm/makefu/2configs/deployment/graphs.nix>
|
||||||
<stockholm/makefu/2configs/deployment/owncloud.nix>
|
<stockholm/makefu/2configs/deployment/owncloud.nix>
|
||||||
<stockholm/makefu/2configs/deployment/boot-euer.nix>
|
<stockholm/makefu/2configs/deployment/boot-euer.nix>
|
||||||
<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
|
<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
|
||||||
|
|
||||||
{
|
|
||||||
services.taskserver.enable = true;
|
|
||||||
services.taskserver.fqdn = config.krebs.build.host.name;
|
|
||||||
services.taskserver.listenHost = "::";
|
|
||||||
services.taskserver.organisations.home.users = [ "makefu" ];
|
|
||||||
networking.firewall.extraCommands = ''
|
|
||||||
iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
|
|
||||||
ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
# <stockholm/makefu/2configs/ipfs.nix>
|
|
||||||
<stockholm/makefu/2configs/syncthing.nix>
|
|
||||||
|
|
||||||
# <stockholm/makefu/2configs/opentracker.nix>
|
|
||||||
<stockholm/makefu/2configs/dcpp/hub.nix>
|
|
||||||
<stockholm/makefu/2configs/dcpp/client.nix>
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/stats/client.nix>
|
<stockholm/makefu/2configs/stats/client.nix>
|
||||||
# <stockholm/makefu/2configs/logging/client.nix>
|
# <stockholm/makefu/2configs/logging/client.nix>
|
||||||
|
|
||||||
# Temporary:
|
# sharing
|
||||||
|
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
||||||
|
<stockholm/makefu/2configs/dcpp/hub.nix>
|
||||||
|
|
||||||
|
## Temporary:
|
||||||
# <stockholm/makefu/2configs/temp/rst-issue.nix>
|
# <stockholm/makefu/2configs/temp/rst-issue.nix>
|
||||||
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
||||||
|
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
||||||
|
|
||||||
#{
|
# krebs infrastructure services
|
||||||
# services.dockerRegistry.enable = true;
|
<stockholm/makefu/2configs/stats/server.nix>
|
||||||
# networking.firewall.allowedTCPPorts = [ 8443 ];
|
|
||||||
|
|
||||||
# services.nginx.virtualHosts."euer.krebsco.de" = {
|
|
||||||
# forceSSL = true;
|
|
||||||
# enableACME = true;
|
|
||||||
# extraConfig = ''
|
|
||||||
# client_max_body_size 1000M;
|
|
||||||
# '';
|
|
||||||
# locations."/".proxyPass = "http://localhost:5000";
|
|
||||||
# };
|
|
||||||
#}
|
|
||||||
<stockholm/makefu/2configs/wireguard/server.nix>
|
|
||||||
{ # iperf3
|
|
||||||
networking.firewall.allowedUDPPorts = [ 5201 ];
|
|
||||||
networking.firewall.allowedTCPPorts = [ 5201 ];
|
|
||||||
}
|
|
||||||
|
|
||||||
];
|
];
|
||||||
makefu.dl-dir = "/var/download";
|
makefu.dl-dir = "/var/download";
|
||||||
|
|
||||||
@ -120,9 +132,7 @@ in {
|
|||||||
ListenAddress = ${external-ip} 21031
|
ListenAddress = ${external-ip} 21031
|
||||||
'';
|
'';
|
||||||
connectTo = [
|
connectTo = [
|
||||||
"muhbaasu" "tahoe" "flap" "wry"
|
"prism" "ni" "enklave" "dishfire" "echelon" "hotdog"
|
||||||
"ni"
|
|
||||||
"fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -137,10 +147,11 @@ in {
|
|||||||
environment.systemPackages = with pkgs;[
|
environment.systemPackages = with pkgs;[
|
||||||
weechat
|
weechat
|
||||||
bepasty-client-cli
|
bepasty-client-cli
|
||||||
get
|
|
||||||
tmux
|
tmux
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# Hardware
|
||||||
|
|
||||||
# Network
|
# Network
|
||||||
networking = {
|
networking = {
|
||||||
firewall = {
|
firewall = {
|
||||||
@ -179,4 +190,5 @@ in {
|
|||||||
};
|
};
|
||||||
users.users.makefu.extraGroups = [ "download" "nginx" ];
|
users.users.makefu.extraGroups = [ "download" "nginx" ];
|
||||||
boot.tmpOnTmpfs = true;
|
boot.tmpOnTmpfs = true;
|
||||||
|
state = [ "/home/makefu/.weechat" ];
|
||||||
}
|
}
|
||||||
|
@ -1,26 +1,24 @@
|
|||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
let
|
let
|
||||||
external-mac = "2a:c5:6e:d2:fc:7f";
|
external-mac = "50:46:5d:9f:63:6b";
|
||||||
main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
|
main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
|
||||||
external-gw = "185.194.140.1";
|
sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
|
||||||
|
external-gw = "144.76.26.225";
|
||||||
# single partition, label "nixos"
|
# single partition, label "nixos"
|
||||||
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
|
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
|
||||||
|
|
||||||
|
|
||||||
# static
|
# static
|
||||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
external-ip = "144.76.26.247";
|
||||||
external-ip6 = config.krebs.build.host.nets.internet.ip6.addr;
|
external-ip6 = "2a01:4f8:191:12f6::2";
|
||||||
external-gw6 = "fe80::1";
|
external-gw6 = "fe80::1";
|
||||||
external-netmask = 22;
|
external-netmask = 27;
|
||||||
external-netmask6 = 64;
|
external-netmask6 = 64;
|
||||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||||
ext-if = "et0"; # gets renamed on the fly
|
ext-if = "et0"; # gets renamed on the fly
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
|
||||||
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
|
||||||
];
|
];
|
||||||
|
|
||||||
makefu.server.primary-itf = ext-if;
|
makefu.server.primary-itf = ext-if;
|
||||||
services.udev.extraRules = ''
|
services.udev.extraRules = ''
|
||||||
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
|
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
|
||||||
@ -40,7 +38,62 @@ in {
|
|||||||
defaultGateway = external-gw;
|
defaultGateway = external-gw;
|
||||||
};
|
};
|
||||||
boot.kernelParams = [ ];
|
boot.kernelParams = [ ];
|
||||||
boot.loader.grub.device = main-disk;
|
boot.loader.grub.enable = true;
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
|
boot.loader.grub.version = 2;
|
||||||
|
boot.loader.grub.devices = [ main-disk ];
|
||||||
|
boot.initrd.kernelModules = [ "dm-raid" ];
|
||||||
|
boot.initrd.availableKernelModules = [
|
||||||
|
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
|
||||||
|
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
|
||||||
|
];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
hardware.enableRedistributableFirmware = true;
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/mapper/nixos-root";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
fileSystems."/var/lib" = {
|
||||||
|
device = "/dev/mapper/nixos-lib";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
fileSystems."/var/download" = {
|
||||||
|
device = "/dev/mapper/nixos-download";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
fileSystems."/var/lib/borgbackup" = {
|
||||||
|
device = "/dev/mapper/nixos-backup";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/sda2";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
# parted -s -a optimal "$disk" \
|
||||||
|
# mklabel gpt \
|
||||||
|
# mkpart no-fs 0 1024KiB \
|
||||||
|
# set 1 bios_grub on \
|
||||||
|
# mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
|
||||||
|
# mkpart primary 1025MiB 100%
|
||||||
|
# parted -s -a optimal "/dev/sdb" \
|
||||||
|
# mklabel gpt \
|
||||||
|
# mkpart primary 1M 100%
|
||||||
|
|
||||||
|
#mkfs.vfat /dev/sda2
|
||||||
|
#pvcreate /dev/sda3
|
||||||
|
#pvcreate /dev/sdb1
|
||||||
|
#vgcreate nixos /dev/sda3 /dev/sdb1
|
||||||
|
#lvcreate -L 120G -m 1 -n root nixos
|
||||||
|
#lvcreate -L 50G -m 1 -n lib nixos
|
||||||
|
#lvcreate -L 100G -n download nixos
|
||||||
|
#lvcreate -L 100G -n backup nixos
|
||||||
|
#mkfs.ext4 /dev/mapper/nixos-root
|
||||||
|
#mkfs.ext4 /dev/mapper/nixos-lib
|
||||||
|
#mkfs.ext4 /dev/mapper/nixos-download
|
||||||
|
#mkfs.ext4 /dev/mapper/nixos-borgbackup
|
||||||
|
#mount /dev/mapper/nixos-root /mnt
|
||||||
|
#mkdir /mnt/boot
|
||||||
|
#mount /dev/sda2 /mnt/boot
|
||||||
|
#mkdir -p /mnt/var/src
|
||||||
|
#touch /mnt/var/src/.populate
|
||||||
|
|
||||||
}
|
}
|
||||||
|
11
makefu/1systems/gum/rescue.txt
Normal file
11
makefu/1systems/gum/rescue.txt
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
mount /dev/mapper/nixos-root /mnt
|
||||||
|
mount /dev/sda2 /mnt/boot
|
||||||
|
|
||||||
|
chroot-prepare /mnt
|
||||||
|
chroot /mnt /bin/sh
|
||||||
|
|
||||||
|
journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub)
|
||||||
|
|
||||||
|
export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin
|
||||||
|
/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate
|
||||||
|
/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin/nixos-rebuild
|
@ -1,5 +1,5 @@
|
|||||||
{
|
{
|
||||||
name="gum";
|
name="nextgum";
|
||||||
torrent = true;
|
torrent = true;
|
||||||
clever_kexec = true;
|
clever_kexec = true;
|
||||||
}
|
}
|
||||||
|
@ -1,253 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
let
|
|
||||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
|
||||||
ext-if = config.makefu.server.primary-itf;
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
<stockholm/makefu>
|
|
||||||
./hardware-config.nix
|
|
||||||
./transfer-config.nix
|
|
||||||
<stockholm/makefu/2configs/headless.nix>
|
|
||||||
# <stockholm/makefu/2configs/smart-monitor.nix>
|
|
||||||
|
|
||||||
# Security
|
|
||||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
|
||||||
|
|
||||||
# Tools
|
|
||||||
<stockholm/makefu/2configs/tools/core.nix>
|
|
||||||
<stockholm/makefu/2configs/tools/dev.nix>
|
|
||||||
<stockholm/makefu/2configs/tools/sec.nix>
|
|
||||||
<stockholm/makefu/2configs/zsh-user.nix>
|
|
||||||
<stockholm/makefu/2configs/mosh.nix>
|
|
||||||
<stockholm/makefu/2configs/gui/xpra.nix>
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
|
|
||||||
<stockholm/makefu/2configs/backup.nix>
|
|
||||||
# <stockholm/makefu/2configs/exim-retiolum.nix>
|
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
|
||||||
|
|
||||||
# services
|
|
||||||
<stockholm/makefu/2configs/sabnzbd.nix>
|
|
||||||
<stockholm/makefu/2configs/mail/mail.euer.nix>
|
|
||||||
|
|
||||||
# sharing
|
|
||||||
<stockholm/makefu/2configs/share/gum.nix>
|
|
||||||
<stockholm/makefu/2configs/torrent.nix>
|
|
||||||
#<stockholm/makefu/2configs/retroshare.nix>
|
|
||||||
## <stockholm/makefu/2configs/ipfs.nix>
|
|
||||||
#<stockholm/makefu/2configs/syncthing.nix>
|
|
||||||
{ # ncdc
|
|
||||||
environment.systemPackages = [ pkgs.ncdc ];
|
|
||||||
networking.firewall = {
|
|
||||||
allowedUDPPorts = [ 51411 ];
|
|
||||||
allowedTCPPorts = [ 51411 ];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
# <stockholm/makefu/2configs/opentracker.nix>
|
|
||||||
|
|
||||||
## network
|
|
||||||
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
|
|
||||||
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
|
|
||||||
<stockholm/makefu/2configs/dnscrypt/server.nix>
|
|
||||||
<stockholm/makefu/2configs/binary-cache/server.nix>
|
|
||||||
<stockholm/makefu/2configs/iodined.nix>
|
|
||||||
<stockholm/makefu/2configs/bitlbee.nix>
|
|
||||||
|
|
||||||
## buildbot
|
|
||||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
|
||||||
|
|
||||||
# Removed until move: no extra mails
|
|
||||||
<stockholm/makefu/2configs/urlwatch>
|
|
||||||
# Removed until move: avoid double-update of domain
|
|
||||||
# <stockholm/makefu/2configs/hub.nix>
|
|
||||||
# Removed until move: avoid letsencrypt ban
|
|
||||||
### Web
|
|
||||||
#<stockholm/makefu/2configs/nginx/share-download.nix>
|
|
||||||
#<stockholm/makefu/2configs/nginx/euer.test.nix>
|
|
||||||
#<stockholm/makefu/2configs/nginx/euer.mon.nix>
|
|
||||||
#<stockholm/makefu/2configs/nginx/euer.wiki.nix>
|
|
||||||
#<stockholm/makefu/2configs/nginx/euer.blog.nix>
|
|
||||||
## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
|
|
||||||
#<stockholm/makefu/2configs/nginx/public_html.nix>
|
|
||||||
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
|
||||||
#<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
|
|
||||||
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
|
|
||||||
<stockholm/makefu/2configs/nginx/iso.euer.nix>
|
|
||||||
<stockholm/makefu/2configs/deployment/events-publisher>
|
|
||||||
|
|
||||||
#<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
|
|
||||||
#<stockholm/makefu/2configs/deployment/graphs.nix>
|
|
||||||
#<stockholm/makefu/2configs/deployment/owncloud.nix>
|
|
||||||
#<stockholm/makefu/2configs/deployment/boot-euer.nix>
|
|
||||||
#<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
|
|
||||||
|
|
||||||
{
|
|
||||||
services.taskserver.enable = true;
|
|
||||||
services.taskserver.fqdn = config.krebs.build.host.name;
|
|
||||||
services.taskserver.listenHost = "::";
|
|
||||||
services.taskserver.organisations.home.users = [ "makefu" ];
|
|
||||||
networking.firewall.extraCommands = ''
|
|
||||||
iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
|
|
||||||
ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/stats/client.nix>
|
|
||||||
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
|
||||||
# <stockholm/makefu/2configs/logging/client.nix>
|
|
||||||
|
|
||||||
## Temporary:
|
|
||||||
# <stockholm/makefu/2configs/temp/rst-issue.nix>
|
|
||||||
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
|
||||||
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
|
||||||
|
|
||||||
#{
|
|
||||||
# services.dockerRegistry.enable = true;
|
|
||||||
# networking.firewall.allowedTCPPorts = [ 8443 ];
|
|
||||||
|
|
||||||
# services.nginx.virtualHosts."euer.krebsco.de" = {
|
|
||||||
# forceSSL = true;
|
|
||||||
# enableACME = true;
|
|
||||||
# extraConfig = ''
|
|
||||||
# client_max_body_size 1000M;
|
|
||||||
# '';
|
|
||||||
# locations."/".proxyPass = "http://localhost:5000";
|
|
||||||
# };
|
|
||||||
#}
|
|
||||||
{ # wireguard server
|
|
||||||
|
|
||||||
# opkg install wireguard luci-proto-wireguard
|
|
||||||
|
|
||||||
# TODO: networking.nat
|
|
||||||
|
|
||||||
# boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
|
||||||
# conf.all.proxy_arp =1
|
|
||||||
networking.firewall = {
|
|
||||||
allowedUDPPorts = [ 51820 ];
|
|
||||||
extraCommands = ''
|
|
||||||
iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.wireguard.interfaces.wg0 = {
|
|
||||||
ips = [ "10.244.0.1/24" ];
|
|
||||||
listenPort = 51820;
|
|
||||||
privateKeyFile = (toString <secrets>) + "/wireguard.key";
|
|
||||||
allowedIPsAsRoutes = true;
|
|
||||||
peers = [
|
|
||||||
{
|
|
||||||
# x
|
|
||||||
allowedIPs = [ "10.244.0.2/32" ];
|
|
||||||
publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# vbob
|
|
||||||
allowedIPs = [ "10.244.0.3/32" ];
|
|
||||||
publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# x-test
|
|
||||||
allowedIPs = [ "10.244.0.4/32" ];
|
|
||||||
publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# work-router
|
|
||||||
allowedIPs = [ "10.244.0.5/32" ];
|
|
||||||
publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# workr
|
|
||||||
allowedIPs = [ "10.244.0.6/32" ];
|
|
||||||
publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{ # iperf3
|
|
||||||
networking.firewall.allowedUDPPorts = [ 5201 ];
|
|
||||||
networking.firewall.allowedTCPPorts = [ 5201 ];
|
|
||||||
}
|
|
||||||
|
|
||||||
# krebs infrastructure services
|
|
||||||
<stockholm/makefu/2configs/stats/server.nix>
|
|
||||||
];
|
|
||||||
makefu.dl-dir = "/var/download";
|
|
||||||
|
|
||||||
services.openssh.hostKeys = [
|
|
||||||
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
|
|
||||||
{ path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
|
|
||||||
###### stable
|
|
||||||
services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
|
|
||||||
krebs.build.host = config.krebs.hosts.gum;
|
|
||||||
|
|
||||||
krebs.tinc.retiolum = {
|
|
||||||
extraConfig = ''
|
|
||||||
ListenAddress = ${external-ip} 53
|
|
||||||
ListenAddress = ${external-ip} 655
|
|
||||||
ListenAddress = ${external-ip} 21031
|
|
||||||
'';
|
|
||||||
connectTo = [
|
|
||||||
"muhbaasu" "tahoe" "flap" "wry"
|
|
||||||
"ni"
|
|
||||||
"fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
# access
|
|
||||||
users.users = {
|
|
||||||
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
|
|
||||||
makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ];
|
|
||||||
};
|
|
||||||
|
|
||||||
# Chat
|
|
||||||
environment.systemPackages = with pkgs;[
|
|
||||||
weechat
|
|
||||||
bepasty-client-cli
|
|
||||||
tmux
|
|
||||||
];
|
|
||||||
|
|
||||||
# Hardware
|
|
||||||
|
|
||||||
# Network
|
|
||||||
networking = {
|
|
||||||
firewall = {
|
|
||||||
allowPing = true;
|
|
||||||
logRefusedConnections = false;
|
|
||||||
allowedTCPPorts = [
|
|
||||||
# smtp
|
|
||||||
25
|
|
||||||
# http
|
|
||||||
80 443
|
|
||||||
# httptunnel
|
|
||||||
8080 8443
|
|
||||||
# tinc
|
|
||||||
655
|
|
||||||
# tinc-shack
|
|
||||||
21032
|
|
||||||
# tinc-retiolum
|
|
||||||
21031
|
|
||||||
# taskserver
|
|
||||||
53589
|
|
||||||
# temp vnc
|
|
||||||
18001
|
|
||||||
# temp reverseshell
|
|
||||||
31337
|
|
||||||
];
|
|
||||||
allowedUDPPorts = [
|
|
||||||
# tinc
|
|
||||||
655 53
|
|
||||||
# tinc-retiolum
|
|
||||||
21031
|
|
||||||
# tinc-shack
|
|
||||||
21032
|
|
||||||
];
|
|
||||||
};
|
|
||||||
nameservers = [ "8.8.8.8" ];
|
|
||||||
};
|
|
||||||
users.users.makefu.extraGroups = [ "download" "nginx" ];
|
|
||||||
boot.tmpOnTmpfs = true;
|
|
||||||
}
|
|
@ -1,99 +0,0 @@
|
|||||||
{ config, ... }:
|
|
||||||
let
|
|
||||||
external-mac = "50:46:5d:9f:63:6b";
|
|
||||||
main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
|
|
||||||
sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
|
|
||||||
external-gw = "144.76.26.225";
|
|
||||||
# single partition, label "nixos"
|
|
||||||
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
|
|
||||||
|
|
||||||
|
|
||||||
# static
|
|
||||||
external-ip = "144.76.26.247";
|
|
||||||
external-ip6 = "2a01:4f8:191:12f6::2";
|
|
||||||
external-gw6 = "fe80::1";
|
|
||||||
external-netmask = 27;
|
|
||||||
external-netmask6 = 64;
|
|
||||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
|
||||||
ext-if = "et0"; # gets renamed on the fly
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
];
|
|
||||||
makefu.server.primary-itf = ext-if;
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
|
|
||||||
'';
|
|
||||||
networking = {
|
|
||||||
interfaces."${ext-if}" = {
|
|
||||||
ipv4.addresses = [{
|
|
||||||
address = external-ip;
|
|
||||||
prefixLength = external-netmask;
|
|
||||||
}];
|
|
||||||
ipv6.addresses = [{
|
|
||||||
address = external-ip6;
|
|
||||||
prefixLength = external-netmask6;
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
defaultGateway6 = external-gw6;
|
|
||||||
defaultGateway = external-gw;
|
|
||||||
};
|
|
||||||
boot.kernelParams = [ ];
|
|
||||||
boot.loader.grub.enable = true;
|
|
||||||
boot.loader.grub.version = 2;
|
|
||||||
boot.loader.grub.devices = [ main-disk ];
|
|
||||||
boot.initrd.kernelModules = [ "dm-raid" ];
|
|
||||||
boot.initrd.availableKernelModules = [
|
|
||||||
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
|
|
||||||
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
|
|
||||||
];
|
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/mapper/nixos-root";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/var/lib" = {
|
|
||||||
device = "/dev/mapper/nixos-lib";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/var/download" = {
|
|
||||||
device = "/dev/mapper/nixos-download";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/var/lib/borgbackup" = {
|
|
||||||
device = "/dev/mapper/nixos-backup";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/boot" = {
|
|
||||||
device = "/dev/sda2";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
# parted -s -a optimal "$disk" \
|
|
||||||
# mklabel gpt \
|
|
||||||
# mkpart no-fs 0 1024KiB \
|
|
||||||
# set 1 bios_grub on \
|
|
||||||
# mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
|
|
||||||
# mkpart primary 1025MiB 100%
|
|
||||||
# parted -s -a optimal "/dev/sdb" \
|
|
||||||
# mklabel gpt \
|
|
||||||
# mkpart primary 1M 100%
|
|
||||||
|
|
||||||
#mkfs.vfat /dev/sda2
|
|
||||||
#pvcreate /dev/sda3
|
|
||||||
#pvcreate /dev/sdb1
|
|
||||||
#vgcreate nixos /dev/sda3 /dev/sdb1
|
|
||||||
#lvcreate -L 120G -m 1 -n root nixos
|
|
||||||
#lvcreate -L 50G -m 1 -n lib nixos
|
|
||||||
#lvcreate -L 100G -n download nixos
|
|
||||||
#lvcreate -L 100G -n backup nixos
|
|
||||||
#mkfs.ext4 /dev/mapper/nixos-root
|
|
||||||
#mkfs.ext4 /dev/mapper/nixos-lib
|
|
||||||
#mkfs.ext4 /dev/mapper/nixos-download
|
|
||||||
#mkfs.ext4 /dev/mapper/nixos-borgbackup
|
|
||||||
#mount /dev/mapper/nixos-root /mnt
|
|
||||||
#mkdir /mnt/boot
|
|
||||||
#mount /dev/sda2 /mnt/boot
|
|
||||||
#mkdir -p /mnt/var/src
|
|
||||||
#touch /mnt/var/src/.populate
|
|
||||||
|
|
||||||
}
|
|
@ -1,5 +0,0 @@
|
|||||||
{
|
|
||||||
name="nextgum";
|
|
||||||
torrent = true;
|
|
||||||
clever_kexec = true;
|
|
||||||
}
|
|
@ -1,7 +0,0 @@
|
|||||||
{ config, lib, ... }:
|
|
||||||
# configuration which is only required for the time of the transfer
|
|
||||||
{
|
|
||||||
krebs.tinc.retiolum.connectTo = [ "gum" ];
|
|
||||||
krebs.build.host = lib.mkForce config.krebs.hosts.nextgum;
|
|
||||||
}
|
|
||||||
|
|
@ -8,11 +8,11 @@ let
|
|||||||
in {
|
in {
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
#./hw/omo.nix
|
./hw/omo.nix
|
||||||
./hw/tsp.nix
|
#./hw/tsp.nix
|
||||||
<stockholm/makefu>
|
<stockholm/makefu>
|
||||||
<stockholm/makefu/2configs/zsh-user.nix>
|
<stockholm/makefu/2configs/zsh-user.nix>
|
||||||
<stockholm/makefu/2configs/backup.nix>
|
<stockholm/makefu/2configs/backup/state.nix>
|
||||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
<stockholm/makefu/2configs/exim-retiolum.nix>
|
||||||
# <stockholm/makefu/2configs/smart-monitor.nix>
|
# <stockholm/makefu/2configs/smart-monitor.nix>
|
||||||
<stockholm/makefu/2configs/mail-client.nix>
|
<stockholm/makefu/2configs/mail-client.nix>
|
||||||
@ -25,6 +25,22 @@ in {
|
|||||||
#<stockholm/makefu/2configs/graphite-standalone.nix>
|
#<stockholm/makefu/2configs/graphite-standalone.nix>
|
||||||
#<stockholm/makefu/2configs/share-user-sftp.nix>
|
#<stockholm/makefu/2configs/share-user-sftp.nix>
|
||||||
<stockholm/makefu/2configs/share/omo.nix>
|
<stockholm/makefu/2configs/share/omo.nix>
|
||||||
|
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
||||||
|
{ krebs.airdcpp.dcpp.shares = let
|
||||||
|
d = path: "/media/cryptX/${path}";
|
||||||
|
in {
|
||||||
|
emu.path = d "emu";
|
||||||
|
audiobooks.path = lib.mkForce (d "audiobooks");
|
||||||
|
incoming.path = lib.mkForce (d "torrent");
|
||||||
|
anime.path = d "anime";
|
||||||
|
};
|
||||||
|
krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
|
||||||
|
#services.sabnzbd.enable = true;
|
||||||
|
#systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
|
}
|
||||||
# <stockholm/makefu/2configs/share/omo-timemachine.nix>
|
# <stockholm/makefu/2configs/share/omo-timemachine.nix>
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||||
|
|
||||||
@ -41,12 +57,30 @@ in {
|
|||||||
<stockholm/makefu/2configs/stats/arafetch.nix>
|
<stockholm/makefu/2configs/stats/arafetch.nix>
|
||||||
|
|
||||||
# services
|
# services
|
||||||
<stockholm/makefu/2configs/syncthing.nix>
|
{
|
||||||
|
services.nginx.enable = true;
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||||
|
}
|
||||||
|
# <stockholm/makefu/2configs/syncthing.nix>
|
||||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
<stockholm/makefu/2configs/remote-build/slave.nix>
|
||||||
<stockholm/makefu/2configs/deployment/google-muell.nix>
|
# TODO:
|
||||||
|
# <stockholm/makefu/2configs/deployment/google-muell.nix>
|
||||||
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
||||||
<stockholm/makefu/2configs/bluetooth-mpd.nix>
|
<stockholm/makefu/2configs/bluetooth-mpd.nix>
|
||||||
|
|
||||||
|
{
|
||||||
|
# Risikoübernahme
|
||||||
|
nixpkgs.config.permittedInsecurePackages = [
|
||||||
|
"homeassistant-0.77.2"
|
||||||
|
];
|
||||||
|
}
|
||||||
<stockholm/makefu/2configs/deployment/homeautomation>
|
<stockholm/makefu/2configs/deployment/homeautomation>
|
||||||
|
{
|
||||||
|
makefu.ps3netsrv = {
|
||||||
|
enable = true;
|
||||||
|
servedir = "/media/cryptX/emu/ps3";
|
||||||
|
};
|
||||||
|
}
|
||||||
{
|
{
|
||||||
hardware.pulseaudio.systemWide = true;
|
hardware.pulseaudio.systemWide = true;
|
||||||
makefu.mpd.musicDirectory = "/media/cryptX/music";
|
makefu.mpd.musicDirectory = "/media/cryptX/music";
|
||||||
@ -71,10 +105,11 @@ in {
|
|||||||
|
|
||||||
];
|
];
|
||||||
makefu.full-populate = true;
|
makefu.full-populate = true;
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) {
|
krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) {
|
||||||
downloadDir = lib.mkForce "/media/cryptX/torrent";
|
downloadDir = lib.mkForce "/media/cryptX/torrent";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
upload_rate = 200
|
upload_rate = 500
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
users.groups.share = {
|
users.groups.share = {
|
||||||
@ -83,14 +118,7 @@ in {
|
|||||||
};
|
};
|
||||||
networking.firewall.trustedInterfaces = [ primaryInterface ];
|
networking.firewall.trustedInterfaces = [ primaryInterface ];
|
||||||
|
|
||||||
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
|
|
||||||
services.sabnzbd.enable = true;
|
|
||||||
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
|
||||||
|
|
||||||
makefu.ps3netsrv = {
|
|
||||||
enable = true;
|
|
||||||
servedir = "/media/cryptX/emu/ps3";
|
|
||||||
};
|
|
||||||
|
|
||||||
users.users.misa = {
|
users.users.misa = {
|
||||||
uid = 9002;
|
uid = 9002;
|
||||||
|
@ -11,10 +11,10 @@ in {
|
|||||||
<stockholm/makefu>
|
<stockholm/makefu>
|
||||||
<stockholm/makefu/2configs/zsh-user.nix>
|
<stockholm/makefu/2configs/zsh-user.nix>
|
||||||
<stockholm/makefu/2configs/tools/core.nix>
|
<stockholm/makefu/2configs/tools/core.nix>
|
||||||
<stockholm/makefu/2configs/disable_v6.nix>
|
# <stockholm/makefu/2configs/disable_v6.nix>
|
||||||
# <stockholm/makefu/2configs/tools/core-gui.nix>
|
<stockholm/makefu/2configs/tools/core-gui.nix>
|
||||||
# <stockholm/makefu/2configs/tools/extra-gui.nix>
|
<stockholm/makefu/2configs/tools/extra-gui.nix>
|
||||||
# <stockholm/makefu/2configs/tools/media.nix>
|
<stockholm/makefu/2configs/tools/media.nix>
|
||||||
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||||
<stockholm/makefu/2configs/mqtt.nix>
|
<stockholm/makefu/2configs/mqtt.nix>
|
||||||
@ -33,9 +33,6 @@ in {
|
|||||||
|
|
||||||
<stockholm/makefu/2configs/share/wbob.nix>
|
<stockholm/makefu/2configs/share/wbob.nix>
|
||||||
<stockholm/makefu/2configs/bluetooth-mpd.nix>
|
<stockholm/makefu/2configs/bluetooth-mpd.nix>
|
||||||
{
|
|
||||||
users.users.makefu.extraGroups = [ "pulse" ];
|
|
||||||
}
|
|
||||||
|
|
||||||
# Sensors
|
# Sensors
|
||||||
<stockholm/makefu/2configs/stats/telegraf>
|
<stockholm/makefu/2configs/stats/telegraf>
|
||||||
@ -46,10 +43,16 @@ in {
|
|||||||
<stockholm/makefu/2configs/deployment/led-fader.nix>
|
<stockholm/makefu/2configs/deployment/led-fader.nix>
|
||||||
<stockholm/makefu/2configs/hw/mceusb.nix>
|
<stockholm/makefu/2configs/hw/mceusb.nix>
|
||||||
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
|
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
|
||||||
|
{ environment.systemPackages = [ pkgs.vlc ]; }
|
||||||
|
|
||||||
|
{
|
||||||
|
# Risikoübernahme
|
||||||
|
nixpkgs.config.permittedInsecurePackages = [
|
||||||
|
"homeassistant-0.77.2"
|
||||||
|
];
|
||||||
|
}
|
||||||
<stockholm/makefu/2configs/deployment/bureautomation>
|
<stockholm/makefu/2configs/deployment/bureautomation>
|
||||||
|
<stockholm/makefu/2configs/deployment/bureautomation/mpd.nix>
|
||||||
<stockholm/makefu/2configs/deployment/bureautomation/hass.nix>
|
<stockholm/makefu/2configs/deployment/bureautomation/hass.nix>
|
||||||
(let
|
(let
|
||||||
collectd-port = 25826;
|
collectd-port = 25826;
|
||||||
@ -174,20 +177,4 @@ in {
|
|||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# DualHead on NUC
|
|
||||||
# TODO: update synergy package with these extras (username)
|
|
||||||
# TODO: add crypto layer
|
|
||||||
systemd.services."synergy-client" = {
|
|
||||||
environment.DISPLAY = ":0";
|
|
||||||
serviceConfig.User = user;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.synergy = {
|
|
||||||
client = {
|
|
||||||
enable = true;
|
|
||||||
screenName = "wbob";
|
|
||||||
serverAddress = "x.r";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
<stockholm/makefu/2configs/extra-fonts.nix>
|
<stockholm/makefu/2configs/extra-fonts.nix>
|
||||||
<stockholm/makefu/2configs/tools/all.nix>
|
<stockholm/makefu/2configs/tools/all.nix>
|
||||||
|
|
||||||
<stockholm/makefu/2configs/laptop-backup.nix>
|
<stockholm/makefu/2configs/backup/state.nix>
|
||||||
# <stockholm/makefu/2configs/dnscrypt/client.nix>
|
# <stockholm/makefu/2configs/dnscrypt/client.nix>
|
||||||
<stockholm/makefu/2configs/avahi.nix>
|
<stockholm/makefu/2configs/avahi.nix>
|
||||||
|
|
||||||
@ -74,6 +74,7 @@
|
|||||||
<stockholm/makefu/2configs/hw/network-manager.nix>
|
<stockholm/makefu/2configs/hw/network-manager.nix>
|
||||||
<stockholm/makefu/2configs/hw/stk1160.nix>
|
<stockholm/makefu/2configs/hw/stk1160.nix>
|
||||||
<stockholm/makefu/2configs/hw/irtoy.nix>
|
<stockholm/makefu/2configs/hw/irtoy.nix>
|
||||||
|
<stockholm/makefu/2configs/hw/switch.nix>
|
||||||
<stockholm/makefu/2configs/hw/bluetooth.nix>
|
<stockholm/makefu/2configs/hw/bluetooth.nix>
|
||||||
# <stockholm/makefu/2configs/hw/rad1o.nix>
|
# <stockholm/makefu/2configs/hw/rad1o.nix>
|
||||||
<stockholm/makefu/2configs/hw/smartcard.nix>
|
<stockholm/makefu/2configs/hw/smartcard.nix>
|
||||||
@ -83,11 +84,11 @@
|
|||||||
|
|
||||||
# Security
|
# Security
|
||||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||||
{
|
{ programs.adb.enable = true; }
|
||||||
programs.adb.enable = true;
|
|
||||||
}
|
|
||||||
# temporary
|
# temporary
|
||||||
|
{ services.redis.enable = true; }
|
||||||
<stockholm/makefu/2configs/pyload.nix>
|
<stockholm/makefu/2configs/pyload.nix>
|
||||||
|
# <stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
||||||
# <stockholm/makefu/2configs/nginx/rompr.nix>
|
# <stockholm/makefu/2configs/nginx/rompr.nix>
|
||||||
# <stockholm/makefu/2configs/lanparty/lancache.nix>
|
# <stockholm/makefu/2configs/lanparty/lancache.nix>
|
||||||
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
|
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
|
||||||
@ -121,13 +122,11 @@
|
|||||||
];
|
];
|
||||||
|
|
||||||
makefu.server.primary-itf = "wlp3s0";
|
makefu.server.primary-itf = "wlp3s0";
|
||||||
makefu.full-populate = true;
|
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
# configure pulseAudio to provide a HDMI sink as well
|
# configure pulseAudio to provide a HDMI sink as well
|
||||||
networking.firewall.enable = true;
|
networking.firewall.enable = true;
|
||||||
networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
|
|
||||||
networking.firewall.allowedUDPPorts = [ 665 26061 ];
|
networking.firewall.allowedUDPPorts = [ 665 26061 ];
|
||||||
networking.firewall.trustedInterfaces = [ "vboxnet0" ];
|
networking.firewall.trustedInterfaces = [ "vboxnet0" ];
|
||||||
|
|
||||||
@ -144,14 +143,25 @@
|
|||||||
# avoid full boot dir
|
# avoid full boot dir
|
||||||
boot.loader.grub.configurationLimit = 3;
|
boot.loader.grub.configurationLimit = 3;
|
||||||
|
|
||||||
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
|
environment.systemPackages = [ pkgs.passwdqc-utils ];
|
||||||
|
|
||||||
# environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; };
|
# environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; };
|
||||||
state = [
|
state = [
|
||||||
"/home/makefu/stockholm"
|
"/home/makefu/stockholm"
|
||||||
"/home/makefu/backup/borgun"
|
"/home/makefu/.ssh/"
|
||||||
"/home/makefu/.mail/"
|
"/home/makefu/.zsh_history"
|
||||||
|
"/home/makefu/.bash_history"
|
||||||
|
"/home/makefu/.zshrc"
|
||||||
|
"/home/makefu/bin"
|
||||||
|
"/home/makefu/.gnupg"
|
||||||
|
"/home/makefu/.imapfilter"
|
||||||
|
"/home/makefu/.mutt"
|
||||||
|
"/home/makefu/docs"
|
||||||
|
"/home/makefu/.password-store"
|
||||||
|
"/home/makefu/.secrets-pass"
|
||||||
|
"/home/makefu/autosync/Database.kdb"
|
||||||
];
|
];
|
||||||
|
|
||||||
services.syncthing.user = lib.mkForce "makefu";
|
services.syncthing.user = lib.mkForce "makefu";
|
||||||
services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
|
services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
|
||||||
}
|
}
|
||||||
|
@ -1,52 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
let
|
|
||||||
# preparation:
|
|
||||||
# mkdir -p defaultBackupDir/host.name/src
|
|
||||||
# as root on omo:
|
|
||||||
# ssh-copy-id root@src
|
|
||||||
startAt = "0,6,12,18:00";
|
|
||||||
defaultBackupServer = config.krebs.hosts.omo;
|
|
||||||
defaultBackupDir = "/home/backup";
|
|
||||||
defaultPull = host: src: {
|
|
||||||
method = "pull";
|
|
||||||
src = {
|
|
||||||
inherit host;
|
|
||||||
path = src;
|
|
||||||
};
|
|
||||||
dst = {
|
|
||||||
host = defaultBackupServer;
|
|
||||||
path = "${defaultBackupDir}/${host.name}${src}";
|
|
||||||
};
|
|
||||||
startAt = "0,6,12,18:00";
|
|
||||||
snapshots = {
|
|
||||||
hourly = { format = "%Y-%m-%dT%H"; retain = 4; };
|
|
||||||
daily = { format = "%Y-%m-%d"; retain = 7; };
|
|
||||||
weekly = { format = "%YW%W"; retain = 4; };
|
|
||||||
monthly = { format = "%Y-%m"; retain = 12; };
|
|
||||||
yearly = { format = "%Y"; };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in {
|
|
||||||
krebs.backup.plans = {
|
|
||||||
# wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
|
|
||||||
gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
|
|
||||||
gum-dl-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/download" )//
|
|
||||||
{
|
|
||||||
dst.path = "/media/cryptX/backup/gum/var-download";
|
|
||||||
dst.host = defaultBackupServer;
|
|
||||||
startAt = "19:00";
|
|
||||||
};
|
|
||||||
gum-owncloud-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/www/o.euer.krebsco.de" )//
|
|
||||||
{
|
|
||||||
dst.path = "/media/cryptX/backup/gum/var-www-o.euer.krebsco.de";
|
|
||||||
dst.host = defaultBackupServer;
|
|
||||||
|
|
||||||
startAt = "05:00";
|
|
||||||
};
|
|
||||||
# wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/";
|
|
||||||
};
|
|
||||||
environment.systemPackages = [
|
|
||||||
pkgs.borgbackup
|
|
||||||
];
|
|
||||||
}
|
|
11
makefu/2configs/backup/server.nix
Normal file
11
makefu/2configs/backup/server.nix
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
{lib, ... }:
|
||||||
|
let
|
||||||
|
hosts = lib.mapAttrsToList (f: _: lib.removeSuffix ".pub" f) (builtins.readDir ./ssh );
|
||||||
|
in {
|
||||||
|
# TODO: for all enabled machines
|
||||||
|
services.borgbackup.repos = lib.genAttrs hosts (host: {
|
||||||
|
authorizedKeys = [ (builtins.readFile (./ssh + "/${host}.pub") ) ];
|
||||||
|
path = "/var/lib/borgbackup/${host}";
|
||||||
|
user = "borg-${host}";
|
||||||
|
}) ;
|
||||||
|
}
|
1
makefu/2configs/backup/ssh/gum.pub
Normal file
1
makefu/2configs/backup/ssh/gum.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCJe7DQkKbL58pL78ImO+nVI/aaNFP8Zyqgo8EbNhW makefu@x
|
1
makefu/2configs/backup/ssh/nextgum.pub
Normal file
1
makefu/2configs/backup/ssh/nextgum.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x
|
1
makefu/2configs/backup/ssh/omo.pub
Normal file
1
makefu/2configs/backup/ssh/omo.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtA3XzpjByYQ9uSHQr0dkNUyi6nROjwv1S2IQtUu4pi makefu@x
|
1
makefu/2configs/backup/ssh/x.pub
Normal file
1
makefu/2configs/backup/ssh/x.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfhUv9twYbO7tUe2r2LOXEMNxW14GO3Q0RTkUWeMxw makefu@x
|
25
makefu/2configs/backup/state.nix
Normal file
25
makefu/2configs/backup/state.nix
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{ config, ... }:
|
||||||
|
# back up all state
|
||||||
|
let
|
||||||
|
sec = toString <secrets>;
|
||||||
|
sshkey = sec + "/borg.priv";
|
||||||
|
phrase = sec + "/borg.pw";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
services.borgbackup.jobs.state = {
|
||||||
|
repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:.";
|
||||||
|
paths = config.state;
|
||||||
|
encryption = {
|
||||||
|
mode = "repokey";
|
||||||
|
passCommand = "cat ${phrase}";
|
||||||
|
};
|
||||||
|
environment.BORG_RSH = "ssh -i ${sshkey}";
|
||||||
|
prune.keep =
|
||||||
|
{ daily = 7;
|
||||||
|
weekly = 4;
|
||||||
|
monthly = -1; # Keep at least one archive for each month
|
||||||
|
};
|
||||||
|
compression = "auto,lzma";
|
||||||
|
startAt = "daily";
|
||||||
|
};
|
||||||
|
}
|
@ -32,6 +32,11 @@ in {
|
|||||||
"paste.${config.krebs.build.host.name}"
|
"paste.${config.krebs.build.host.name}"
|
||||||
"paste.r"
|
"paste.r"
|
||||||
];
|
];
|
||||||
|
extraConfig = ''
|
||||||
|
if ( $server_addr = "${external-ip}" ) {
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
defaultPermissions = "admin,list,create,read,delete";
|
defaultPermissions = "admin,list,create,read,delete";
|
||||||
secretKeyFile = secKey;
|
secretKeyFile = secKey;
|
||||||
|
@ -57,6 +57,8 @@ in {
|
|||||||
load-module module-filter-heuristics
|
load-module module-filter-heuristics
|
||||||
load-module module-filter-apply
|
load-module module-filter-apply
|
||||||
load-module module-switch-on-connect
|
load-module module-switch-on-connect
|
||||||
|
load-module module-equalizer-sink
|
||||||
|
load-module module-dbus-protocol
|
||||||
#load-module module-bluez5-device
|
#load-module module-bluez5-device
|
||||||
#load-module module-bluez5-discover
|
#load-module module-bluez5-discover
|
||||||
'';
|
'';
|
||||||
|
@ -44,5 +44,6 @@
|
|||||||
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
state = map (f: "${config.krebs.airdcpp.stateDir}/${f}")
|
||||||
|
[ "Favorites.xml" "DCPlusPlus.xml" "WebServer.xml" "Recents.xml" "IgnoredUsers.xml" ];
|
||||||
}
|
}
|
||||||
|
@ -11,6 +11,11 @@ let
|
|||||||
payload_available= "Online";
|
payload_available= "Online";
|
||||||
payload_not_available= "Offline";
|
payload_not_available= "Offline";
|
||||||
};
|
};
|
||||||
|
tasmota_stecki = name: topic:
|
||||||
|
( tasmota_plug name topic) //
|
||||||
|
{ state_topic = "/bam/${topic}/stat/POWER";
|
||||||
|
command_topic = "/bam/${topic}/cmnd/POWER";
|
||||||
|
};
|
||||||
espeasy_dht22 = name: [
|
espeasy_dht22 = name: [
|
||||||
{ platform = "mqtt";
|
{ platform = "mqtt";
|
||||||
name = "${name} DHT22 Temperature";
|
name = "${name} DHT22 Temperature";
|
||||||
@ -38,9 +43,6 @@ let
|
|||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
networking.firewall.allowedTCPPorts = [ 8123 ];
|
networking.firewall.allowedTCPPorts = [ 8123 ];
|
||||||
nixpkgs.config.permittedInsecurePackages = [
|
|
||||||
"homeassistant-0.65.5"
|
|
||||||
];
|
|
||||||
|
|
||||||
services.home-assistant = {
|
services.home-assistant = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -48,6 +50,9 @@ in {
|
|||||||
homeassistant = {
|
homeassistant = {
|
||||||
name = "Bureautomation";
|
name = "Bureautomation";
|
||||||
time_zone = "Europe/Berlin";
|
time_zone = "Europe/Berlin";
|
||||||
|
latitude = "48.8265";
|
||||||
|
longitude = "9.0676";
|
||||||
|
elevation = 303;
|
||||||
};
|
};
|
||||||
|
|
||||||
mqtt = {
|
mqtt = {
|
||||||
@ -72,7 +77,7 @@ in {
|
|||||||
switch = [
|
switch = [
|
||||||
(tasmota_plug "Bauarbeiterlampe" "plug")
|
(tasmota_plug "Bauarbeiterlampe" "plug")
|
||||||
(tasmota_plug "Blitzdings" "plug2")
|
(tasmota_plug "Blitzdings" "plug2")
|
||||||
(tasmota_plug "Fernseher" "plug3")
|
(tasmota_stecki "Fernseher" "fernseher")
|
||||||
(tasmota_plug "Pluggy" "plug4")
|
(tasmota_plug "Pluggy" "plug4")
|
||||||
];
|
];
|
||||||
binary_sensor = [
|
binary_sensor = [
|
||||||
@ -96,26 +101,140 @@ in {
|
|||||||
sensorid = "5341";
|
sensorid = "5341";
|
||||||
monitored_conditions = [ "P1" "P2" ];
|
monitored_conditions = [ "P1" "P2" ];
|
||||||
}
|
}
|
||||||
{ platform = "influxdb";
|
|
||||||
queries = [
|
{ platform = "darksky";
|
||||||
{ name = "mean value of feinstaub P1";
|
api_key = lib.removeSuffix "\n"
|
||||||
where = '' "node" = 'esp8266-1355142' '';
|
(builtins.readFile <secrets/hass/darksky.apikey>);
|
||||||
measurement = "feinstaub";
|
language = "de";
|
||||||
database = "telegraf";
|
monitored_conditions = [ "summary" "icon"
|
||||||
field = "P1";
|
"nearest_storm_distance" "precip_probability"
|
||||||
}
|
"precip_intensity"
|
||||||
{ name = "mean value of feinstaub P2";
|
"temperature" # "temperature_high" "temperature_low"
|
||||||
where = '' "node" = 'esp8266-1355142' '';
|
"apparent_temperature"
|
||||||
measurement = "feinstaub";
|
"hourly_summary" # next 24 hours text
|
||||||
database = "telegraf";
|
"minutely_summary"
|
||||||
field = "P2";
|
"humidity"
|
||||||
|
"pressure"
|
||||||
|
"uv_index" ];
|
||||||
|
units = "si" ;
|
||||||
|
update_interval = {
|
||||||
|
days = 0;
|
||||||
|
hours = 0;
|
||||||
|
minutes = 30;
|
||||||
|
seconds = 0;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
#{ platform = "influxdb";
|
||||||
|
# queries = [
|
||||||
|
# { name = "mean value of feinstaub P1";
|
||||||
|
# where = '' "node" = 'esp8266-1355142' '';
|
||||||
|
# measurement = "feinstaub";
|
||||||
|
# database = "telegraf";
|
||||||
|
# field = "P1";
|
||||||
|
# }
|
||||||
|
# { name = "mean value of feinstaub P2";
|
||||||
|
# where = '' "node" = 'esp8266-1355142' '';
|
||||||
|
# measurement = "feinstaub";
|
||||||
|
# database = "telegraf";
|
||||||
|
# field = "P2";
|
||||||
|
# }
|
||||||
|
# ];
|
||||||
|
#}
|
||||||
];
|
];
|
||||||
|
camera = [
|
||||||
|
{ name = "Baumarkt";
|
||||||
|
platform = "generic";
|
||||||
|
still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt
|
||||||
|
}
|
||||||
|
{ name = "Autobahn Heilbronn";
|
||||||
|
platform = "generic";
|
||||||
|
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ;
|
||||||
|
}
|
||||||
|
{ name = "Autobahn Singen";
|
||||||
|
platform = "generic";
|
||||||
|
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
frontend = { };
|
frontend = { };
|
||||||
http = { };
|
http = { };
|
||||||
feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
|
conversation = {};
|
||||||
|
history = {};
|
||||||
|
logbook = {};
|
||||||
|
tts = [ { platform = "google";} ];
|
||||||
|
recorder = {};
|
||||||
|
group =
|
||||||
|
{ default_view =
|
||||||
|
{ view = "yes";
|
||||||
|
entities = [
|
||||||
|
"group.sensors"
|
||||||
|
"group.outside"
|
||||||
|
"group.switches"
|
||||||
|
"group.automation"
|
||||||
|
"group.camera"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
automation = [
|
||||||
|
"automation.turn_off_fernseher_10_minutes_after_last_movement"
|
||||||
|
];
|
||||||
|
switches = [
|
||||||
|
"switch.bauarbeiterlampe"
|
||||||
|
"switch.blitzdings"
|
||||||
|
"switch.fernseher"
|
||||||
|
"switch.pluggy"
|
||||||
|
];
|
||||||
|
camera = [
|
||||||
|
"camera.Baumarkt"
|
||||||
|
"camera.Autobahn_Heilbronn"
|
||||||
|
"camera.Autobahn_Singen"
|
||||||
|
];
|
||||||
|
sensors = [
|
||||||
|
"binary_sensor.motion"
|
||||||
|
"sensor.easy2_dht22_humidity"
|
||||||
|
"sensor.easy2_dht22_temperature"
|
||||||
|
];
|
||||||
|
outside = [
|
||||||
|
"sensor.ditzingen_pm10"
|
||||||
|
"sensor.ditzingen_pm25"
|
||||||
|
"sensor.dark_sky_temperature"
|
||||||
|
"sensor.dark_sky_humidity"
|
||||||
|
"sensor.dark_sky_pressure"
|
||||||
|
"sensor.dark_sky_hourly_summary"
|
||||||
|
"sensor.dark_sky_minutely_summary"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
# only for automation
|
||||||
|
# feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
|
||||||
|
automation = [
|
||||||
|
{ alias = "Turn on Fernseher on movement";
|
||||||
|
trigger = {
|
||||||
|
platform = "state";
|
||||||
|
entity_id = "binary_sensor.motion";
|
||||||
|
to = "on";
|
||||||
|
};
|
||||||
|
action = {
|
||||||
|
service= "homeassistant.turn_on";
|
||||||
|
entity_id= "switch.fernseher";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{ alias = "Turn off Fernseher 10 minutes after last movement";
|
||||||
|
trigger = {
|
||||||
|
platform = "state";
|
||||||
|
entity_id = "binary_sensor.motion";
|
||||||
|
to = "off";
|
||||||
|
for.minutes = 10;
|
||||||
|
};
|
||||||
|
action = {
|
||||||
|
service= "homeassistant.turn_off";
|
||||||
|
entity_id= "switch.fernseher";
|
||||||
|
};
|
||||||
|
condition = [{
|
||||||
|
condition = "time";
|
||||||
|
before = "06:30:00"; #only turn off between 6:30 and 18:00
|
||||||
|
after = "18:00:00";
|
||||||
|
weekday = [ "mon" "tue" "wed" "thu" "fri" ];
|
||||||
|
}];
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -1,67 +0,0 @@
|
|||||||
{ pkgs, lib, ... }:
|
|
||||||
let
|
|
||||||
firetv = "192.168.1.238";
|
|
||||||
in {
|
|
||||||
systemd.services.firetv = {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
serviceConfig = {
|
|
||||||
User = "nobody";
|
|
||||||
ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services.home-assistant = {
|
|
||||||
#panel_iframe:
|
|
||||||
#configurator:
|
|
||||||
# title: Configurator
|
|
||||||
# icon: mdi:wrench
|
|
||||||
# url: http://hassio.local:3218
|
|
||||||
# sensor:
|
|
||||||
# - platform: random
|
|
||||||
enable = true;
|
|
||||||
config = {
|
|
||||||
homeassistant = {
|
|
||||||
name = "Bureautomation";
|
|
||||||
time_zone = "Europe/Berlin";
|
|
||||||
};
|
|
||||||
panel_iframe = {
|
|
||||||
euer_blog = {
|
|
||||||
title = "Euer Blog";
|
|
||||||
icon = "mdi:wrench";
|
|
||||||
url = "https://euer.krebsco.de";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
media_player = [
|
|
||||||
{ platform = "kodi";
|
|
||||||
host = firetv;
|
|
||||||
}
|
|
||||||
{ platform = "firetv";
|
|
||||||
# assumes python-firetv running
|
|
||||||
}
|
|
||||||
];
|
|
||||||
sensor = [
|
|
||||||
{
|
|
||||||
platform = "luftdaten";
|
|
||||||
name = "Shack 1";
|
|
||||||
sensorid = "50";
|
|
||||||
monitored_conditions = [ "P1" "P2" ];
|
|
||||||
}
|
|
||||||
{
|
|
||||||
platform = "luftdaten";
|
|
||||||
name = "Shack 2";
|
|
||||||
sensorid = "658";
|
|
||||||
monitored_conditions = [ "P1" "P2" ];
|
|
||||||
}
|
|
||||||
{
|
|
||||||
platform = "luftdaten";
|
|
||||||
name = "Ditzingen";
|
|
||||||
sensorid = "5341";
|
|
||||||
monitored_conditions = [ "P1" "P2" ];
|
|
||||||
}
|
|
||||||
{ platform = "random"; }
|
|
||||||
];
|
|
||||||
frontend = { };
|
|
||||||
http = { };
|
|
||||||
feedreader.urls = [ "https://nixos.org/blogs.xml" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
9
makefu/2configs/deployment/bureautomation/mpd.nix
Normal file
9
makefu/2configs/deployment/bureautomation/mpd.nix
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
{lib,pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
systemd.services."ympd-wbob" = {
|
||||||
|
description = "mpd ";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host localhost --port 6600 --webport 8866 --user nobody";
|
||||||
|
};
|
||||||
|
}
|
@ -6,11 +6,6 @@ let
|
|||||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||||
hn = config.krebs.build.host.name;
|
hn = config.krebs.build.host.name;
|
||||||
in {
|
in {
|
||||||
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
|
|
||||||
if ( $server_addr = "${external-ip}" ) {
|
|
||||||
return 403;
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
krebs.tinc_graphs = {
|
krebs.tinc_graphs = {
|
||||||
enable = true;
|
enable = true;
|
||||||
nginx = {
|
nginx = {
|
||||||
|
@ -1,9 +1,60 @@
|
|||||||
{ pkgs, config, ... }:
|
{ pkgs, lib, config, ... }:
|
||||||
|
|
||||||
# Ideas:
|
# Ideas:
|
||||||
## wake-on-lan server
|
## wake-on-lan server
|
||||||
##
|
##
|
||||||
let
|
let
|
||||||
|
tasmota_rgb = name: topic:
|
||||||
|
# LED WS2812b
|
||||||
|
# effect_state_topic: "stat/led/Scheme"
|
||||||
|
# effect_command_topic: "cmnd/led/Scheme"
|
||||||
|
# effect_value_template: "{{ value_json.Scheme }}"
|
||||||
|
{ platform = "mqtt";
|
||||||
|
inherit name;
|
||||||
|
retain = false;
|
||||||
|
qos = 1;
|
||||||
|
optimistic = false;
|
||||||
|
# state
|
||||||
|
# TODO: currently broken, will not use the custom state topic
|
||||||
|
#state_topic = "/ham/${topic}/stat/POWER";
|
||||||
|
state_topic = "/ham/${topic}/stat/POWER";
|
||||||
|
command_topic = "/ham/${topic}/cmnd/POWER";
|
||||||
|
availability_topic = "/ham/${topic}/tele/LWT";
|
||||||
|
payload_on= "ON";
|
||||||
|
payload_off= "OFF";
|
||||||
|
payload_available= "Online";
|
||||||
|
payload_not_available= "Offline";
|
||||||
|
# brightness
|
||||||
|
brightness_state_topic = "/ham/${topic}/stat/Dimmer";
|
||||||
|
brightness_command_topic = "/ham/${topic}/cmnd/Dimmer";
|
||||||
|
brightness_value_template = "{{ value_json.Dimmer }}";
|
||||||
|
brightness_scale = 100;
|
||||||
|
# color
|
||||||
|
rgb_state_topic = "/ham/${topic}/stat/Color";
|
||||||
|
rgb_command_topic = "/ham/${topic}/cmnd/Color2";
|
||||||
|
rgb_command_mode = "hex";
|
||||||
|
rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
|
||||||
|
# effects
|
||||||
|
effect_state_topic = "/ham/${topic}/stat/Scheme";
|
||||||
|
effect_command_topic = "/ham/${topic}/cmnd/Scheme";
|
||||||
|
effect_value_template = "{{ value_json.Scheme }}";
|
||||||
|
effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ];
|
||||||
|
};
|
||||||
|
# switchmode 1 - also toggle power
|
||||||
|
# switchtopic flurlicht
|
||||||
|
tasmota_motion = name: topic:
|
||||||
|
{ platform = "mqtt";
|
||||||
|
device_class = "motion";
|
||||||
|
inherit name;
|
||||||
|
# TODO: currently broken, will not use the custom state topic
|
||||||
|
state_topic = "/ham/${topic}/stat/POWER";
|
||||||
|
payload_on = "ON";
|
||||||
|
payload_off = "OFF";
|
||||||
|
availability_topic = "/ham/${topic}/tele/LWT";
|
||||||
|
payload_available = "Online";
|
||||||
|
payload_not_available = "Offline";
|
||||||
|
};
|
||||||
|
|
||||||
firetv = "192.168.1.238";
|
firetv = "192.168.1.238";
|
||||||
tasmota_plug = name: topic:
|
tasmota_plug = name: topic:
|
||||||
{ platform = "mqtt";
|
{ platform = "mqtt";
|
||||||
@ -36,20 +87,31 @@ let
|
|||||||
unit_of_measurement = "hPa";
|
unit_of_measurement = "hPa";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
tasmota_am2301 = name: topic:
|
||||||
|
[ { platform = "mqtt";
|
||||||
|
name = "${name} Temperatur";
|
||||||
|
state_topic = "/ham/${topic}/tele/SENSOR";
|
||||||
|
value_template = "{{ value_json.AM2301.Temperature }}";
|
||||||
|
unit_of_measurement = "°C";
|
||||||
|
}
|
||||||
|
{ platform = "mqtt";
|
||||||
|
name = "${name} Luftfeuchtigkeit";
|
||||||
|
state_topic = "/ham/${topic}/tele/SENSOR";
|
||||||
|
value_template = "{{ value_json.AM2301.Humidity }}";
|
||||||
|
unit_of_measurement = "%";
|
||||||
|
}
|
||||||
|
];
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
./mqtt.nix
|
./mqtt.nix
|
||||||
];
|
];
|
||||||
systemd.services.firetv = {
|
#systemd.services.firetv = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
# wantedBy = [ "multi-user.target" ];
|
||||||
serviceConfig = {
|
# serviceConfig = {
|
||||||
User = "nobody";
|
# User = "nobody";
|
||||||
ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
|
# ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
|
||||||
};
|
# };
|
||||||
};
|
#};
|
||||||
nixpkgs.config.permittedInsecurePackages = [
|
|
||||||
"homeassistant-0.65.5"
|
|
||||||
];
|
|
||||||
services.home-assistant = {
|
services.home-assistant = {
|
||||||
config = {
|
config = {
|
||||||
homeassistant = {
|
homeassistant = {
|
||||||
@ -58,7 +120,7 @@ in {
|
|||||||
longitude = "9.2478";
|
longitude = "9.2478";
|
||||||
elevation = 247;
|
elevation = 247;
|
||||||
};
|
};
|
||||||
discovery = {};
|
#discovery = {};
|
||||||
conversation = {};
|
conversation = {};
|
||||||
history = {};
|
history = {};
|
||||||
logbook = {};
|
logbook = {};
|
||||||
@ -71,16 +133,16 @@ in {
|
|||||||
{ platform = "kodi";
|
{ platform = "kodi";
|
||||||
host = firetv;
|
host = firetv;
|
||||||
}
|
}
|
||||||
{ platform = "firetv";
|
#{ platform = "firetv";
|
||||||
# assumes python-firetv running
|
# # assumes python-firetv running
|
||||||
}
|
#}
|
||||||
];
|
];
|
||||||
mqtt = {
|
mqtt = {
|
||||||
broker = "localhost";
|
broker = "localhost";
|
||||||
port = 1883;
|
port = 1883;
|
||||||
client_id = "home-assistant";
|
client_id = "home-assistant";
|
||||||
username = "hass";
|
username = "hass";
|
||||||
password = builtins.readFile <secrets/mqtt/hass>;
|
password = lib.removeSuffix "\n" (builtins.readFile <secrets/mqtt/hass>);
|
||||||
keepalive = 60;
|
keepalive = 60;
|
||||||
protocol = 3.1;
|
protocol = 3.1;
|
||||||
birth_message = {
|
birth_message = {
|
||||||
@ -96,43 +158,100 @@ in {
|
|||||||
retain = true;
|
retain = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
binary_sensor = [
|
||||||
|
(tasmota_motion "Flur Bewegung" "flurlicht")
|
||||||
|
];
|
||||||
sensor = [
|
sensor = [
|
||||||
{ platform = "speedtest";
|
# broken
|
||||||
monitored_conditions = [ "ping" "download" "upload" ];
|
#{ platform = "speedtest";
|
||||||
}
|
# monitored_conditions = [ "ping" "download" "upload" ];
|
||||||
|
#}
|
||||||
{ platform = "luftdaten";
|
{ platform = "luftdaten";
|
||||||
name = "Ditzingen";
|
name = "Wangen";
|
||||||
sensorid = "663";
|
sensorid = "663";
|
||||||
monitored_conditions = [ "P1" "P2" ];
|
monitored_conditions = [ "P1" "P2" ];
|
||||||
}
|
}
|
||||||
# https://www.home-assistant.io/cookbook/automation_for_rainy_days/
|
# https://www.home-assistant.io/cookbook/automation_for_rainy_days/
|
||||||
{ platform = "darksky";
|
{ platform = "darksky";
|
||||||
api_key = "c73619e6ea79e553a585be06aacf3679";
|
api_key = lib.removeSuffix "\n"
|
||||||
|
(builtins.readFile <secrets/hass/darksky.apikey>);
|
||||||
language = "de";
|
language = "de";
|
||||||
monitored_conditions = [ "summary" "icon"
|
monitored_conditions = [ "summary" "icon"
|
||||||
"nearest_storm_distance" "precip_probability"
|
"nearest_storm_distance" "precip_probability"
|
||||||
"precip_intensity"
|
"precip_intensity"
|
||||||
"temperature" # "temperature_high" "temperature_low"
|
"temperature"
|
||||||
|
"apparent_temperature"
|
||||||
"hourly_summary"
|
"hourly_summary"
|
||||||
|
"humidity"
|
||||||
|
"pressure"
|
||||||
"uv_index" ];
|
"uv_index" ];
|
||||||
units = "si" ;
|
units = "si" ;
|
||||||
update_interval = {
|
update_interval = {
|
||||||
days = 0;
|
days = 0;
|
||||||
hours = 0;
|
hours = 0;
|
||||||
minutes = 10;
|
minutes = 30;
|
||||||
seconds = 0;
|
seconds = 0;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
] ++ (tasmota_bme "Schlafzimmer" "schlafzimmer");
|
]
|
||||||
|
++ (tasmota_bme "Schlafzimmer" "schlafzimmer")
|
||||||
|
++ (tasmota_am2301 "Arbeitszimmer" "arbeitszimmer");
|
||||||
frontend = { };
|
frontend = { };
|
||||||
#group = [
|
group =
|
||||||
# { default_view = { view = "yes"; entities = [
|
{ default_view =
|
||||||
# "sensor.luftdaten"
|
{ view = "yes";
|
||||||
# ]}
|
entities = [
|
||||||
#];
|
"group.flur"
|
||||||
|
"group.schlafzimmer"
|
||||||
|
"group.draussen"
|
||||||
|
"group.wohnzimmer"
|
||||||
|
"group.arbeitszimmer"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
flur = [
|
||||||
|
"light.flurlicht"
|
||||||
|
"binary_sensor.flur_bewegung"
|
||||||
|
];
|
||||||
|
wohnzimmer = [
|
||||||
|
"media_player.kodi"
|
||||||
|
];
|
||||||
|
draussen = [
|
||||||
|
"sensor.dark_sky_temperature"
|
||||||
|
"sensor.dark_sky_hourly_summary"
|
||||||
|
"sensor.wangen_pm10"
|
||||||
|
"sensor.wangen_pm25"
|
||||||
|
];
|
||||||
|
schlafzimmer = [
|
||||||
|
"sensor.schlafzimmer_temperatur"
|
||||||
|
"sensor.schlafzimmer_luftdruck"
|
||||||
|
"sensor.schlafzimmer_luftfeuchtigkeit"
|
||||||
|
"switch.lichterkette_schlafzimmer"
|
||||||
|
];
|
||||||
|
arbeitszimmer = [
|
||||||
|
"switch.strom_staubsauger"
|
||||||
|
"sensor.arbeitszimmer_temperatur"
|
||||||
|
"sensor.arbeitszimmer_luftfeuchtigkeit"
|
||||||
|
];
|
||||||
|
};
|
||||||
http = { };
|
http = { };
|
||||||
switch = [
|
switch = [
|
||||||
(tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer")
|
(tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer")
|
||||||
|
(tasmota_plug "Strom Staubsauger" "arbeitszimmer")
|
||||||
|
];
|
||||||
|
light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ];
|
||||||
|
automation = [
|
||||||
|
{ alias = "Staubsauger Strom aus nach 6h";
|
||||||
|
trigger = {
|
||||||
|
platform = "state";
|
||||||
|
entity_id = "switch.strom_staubsauger";
|
||||||
|
to = "on";
|
||||||
|
for.hours = 6;
|
||||||
|
};
|
||||||
|
action = {
|
||||||
|
service= "homeassistant.turn_off";
|
||||||
|
entity_id= "switch.strom_staubsauger";
|
||||||
|
};
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
timerConfig = {
|
timerConfig = {
|
||||||
OnCalendar = "*:0/30";
|
OnCalendar = "*:0/30";
|
||||||
};
|
};
|
||||||
url = "http://prism.r/realwallpaper-sat-krebs.png";
|
url = "http://prism.r/realwallpaper-krebs.png";
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user