Merge branch 'master' of prism.r:stockholm
This commit is contained in:
commit
5030b74cc5
4
ci.nix
4
ci.nix
@ -1,4 +1,4 @@
|
||||
# usage: nix-instantiate --eval --strict --json ./ci.nix
|
||||
# usage: nix-instantiate --eval --json --read-write-mode --strict ci.nix | jq .
|
||||
with import ./lib;
|
||||
let
|
||||
pkgs = import <nixpkgs> { overlays = [ (import ./submodules/nix-writers/pkgs) ]; };
|
||||
@ -16,6 +16,6 @@ let
|
||||
ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts;
|
||||
|
||||
build = host: owner:
|
||||
((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build/${host}";});
|
||||
((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-tmp";});
|
||||
|
||||
in mapAttrs (n: h: build n h.owner.name) ci-systems
|
||||
|
21
default.nix
21
default.nix
@ -1,19 +1,12 @@
|
||||
import <nixpkgs/nixos/lib/eval-config.nix> {
|
||||
modules = [
|
||||
(import <nixpkgs/nixos/lib/from-env.nix> "NIXOS_CONFIG" <nixos-config>)
|
||||
];
|
||||
}
|
||||
//
|
||||
{
|
||||
import <nixpkgs/nixos> {} // rec {
|
||||
lib = import ./lib;
|
||||
systems = with import ./lib; let
|
||||
ns = getEnv "LOGNAME";
|
||||
systems = with lib; let
|
||||
namespace = getEnv "LOGNAME";
|
||||
systemsDir = <stockholm> + "/${namespace}/1systems";
|
||||
in
|
||||
genAttrs
|
||||
(attrNames (filterAttrs (_: eq "directory") (readDir (<stockholm> + "/${ns}/1systems"))))
|
||||
(name: let
|
||||
config = import (<stockholm> + "/${ns}/1systems/${name}/config.nix");
|
||||
in import <nixpkgs/nixos/lib/eval-config.nix> {
|
||||
modules = [ config ];
|
||||
(attrNames (filterAttrs (_: eq "directory") (readDir systemsDir)))
|
||||
(name: import <nixpkgs/nixos> {
|
||||
configuration = import (systemsDir + "/${name}/config.nix");
|
||||
});
|
||||
}
|
||||
|
@ -15,10 +15,4 @@ let
|
||||
else override;
|
||||
in
|
||||
|
||||
listToAttrs
|
||||
(map
|
||||
(name: nameValuePair (removeSuffix ".nix" name)
|
||||
(callPackage (./. + "/${name}") {}))
|
||||
(filter
|
||||
(name: name != "default.nix" && !hasPrefix "." name)
|
||||
(attrNames (readDir ./.))))
|
||||
mapNixDir (path: callPackage path {}) ./.
|
||||
|
@ -24,8 +24,9 @@ import Control.Monad.Extra (whenJustM)
|
||||
import Graphics.X11.ExtraTypes.XF86
|
||||
import Text.Read (readEither)
|
||||
import XMonad
|
||||
import System.IO (hPutStrLn, stderr)
|
||||
import System.Environment (getArgs, withArgs, getEnv, getEnvironment, lookupEnv)
|
||||
import System.Exit (exitFailure)
|
||||
import System.IO (hPutStrLn, stderr)
|
||||
import System.Posix.Process (executeFile)
|
||||
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
|
||||
, removeEmptyWorkspace)
|
||||
@ -66,12 +67,14 @@ myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
|
||||
|
||||
main :: IO ()
|
||||
main = getArgs >>= \case
|
||||
["--shutdown"] -> sendShutdownEvent
|
||||
_ -> mainNoArgs
|
||||
[] -> mainNoArgs
|
||||
["--shutdown"] -> shutdown
|
||||
args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure
|
||||
|
||||
mainNoArgs :: IO ()
|
||||
mainNoArgs = do
|
||||
workspaces0 <- getWorkspaces0
|
||||
handleShutdownEvent <- newShutdownEventHandler
|
||||
xmonad
|
||||
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
|
||||
-- urgencyConfig { remindWhen = Every 1 }
|
||||
|
@ -6,7 +6,7 @@
|
||||
;
|
||||
|
||||
source = { test }: lib.evalSource [
|
||||
krebs-source
|
||||
(krebs-source { test = test; })
|
||||
{
|
||||
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
|
||||
secrets = if test then {
|
||||
|
@ -10,7 +10,6 @@
|
||||
<stockholm/krebs/2configs>
|
||||
|
||||
<stockholm/krebs/2configs/buildbot-stockholm.nix>
|
||||
<stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
|
||||
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
||||
<stockholm/krebs/2configs/ircd.nix>
|
||||
<stockholm/krebs/2configs/reaktor-retiolum.nix>
|
||||
|
33
krebs/2configs/cache.nsupdate.info.nix
Normal file
33
krebs/2configs/cache.nsupdate.info.nix
Normal file
@ -0,0 +1,33 @@
|
||||
{lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
domain = "cache.nsupdate.info";
|
||||
in {
|
||||
# This only works for a single domain for nsupdate.info as multiple usernames
|
||||
# and passwords are required for multiple domains
|
||||
services.ddclient = {
|
||||
enable = true;
|
||||
server = "ipv4.nsupdate.info";
|
||||
username = domain;
|
||||
password = import ((toString <secrets>) + "/nsupdate-cache.nix");
|
||||
domains = [ domain ];
|
||||
use= "if, if=et0";
|
||||
# use = "web, web=http://ipv4.nsupdate.info/myip";
|
||||
|
||||
};
|
||||
krebs.cachecache = {
|
||||
enable = true;
|
||||
enableSSL = false; # disable letsencrypt for testing
|
||||
cacheDir = "/var/cache/nix-cache-cache";
|
||||
maxSize = "10g";
|
||||
|
||||
# assumes that the domain is reachable from the internet
|
||||
virtualHost = domain;
|
||||
};
|
||||
|
||||
boot.kernelModules = [ "tcp_bbr" ];
|
||||
|
||||
boot.kernel.sysctl."net.ipv4.tcp_congestion_control" = "bbr";
|
||||
boot.kernel.sysctl."net.core.default_qdisc" = "fq";
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
}
|
@ -5,7 +5,7 @@
|
||||
6667 6669
|
||||
];
|
||||
|
||||
services.charybdis = {
|
||||
krebs.charybdis = {
|
||||
enable = true;
|
||||
motd = ''
|
||||
hello
|
||||
|
@ -243,7 +243,7 @@ let
|
||||
in {
|
||||
systemd.services.airdcpp = {
|
||||
description = "airdcpp webui";
|
||||
after = [ "network.target" ];
|
||||
after = [ "network.target" "local-fs.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
restartIfChanged = true;
|
||||
serviceConfig = {
|
||||
|
@ -362,7 +362,7 @@ let
|
||||
# normally we should write buildbot.tac by our own
|
||||
# ${pkgs.buildbot-classic}/bin/buildbot upgrade-master ${workdir}
|
||||
|
||||
chmod 700 -R ${workdir}
|
||||
chmod 700 ${workdir}
|
||||
chown buildbotMaster:buildbotMaster -R ${workdir}
|
||||
'';
|
||||
ExecStart = "${pkgs.buildbot-classic}/bin/buildbot start --nodaemon ${workdir}";
|
||||
|
@ -166,7 +166,7 @@ let
|
||||
echo ${description} > ${workdir}/info/host
|
||||
|
||||
chown buildbotSlave:buildbotSlave -R ${workdir}
|
||||
chmod 700 -R ${workdir}
|
||||
chmod 700 ${workdir}
|
||||
'';
|
||||
ExecStart = "${pkgs.buildbot-classic-slave}/bin/buildslave start ${workdir}";
|
||||
ExecStop = "${pkgs.buildbot-classic-slave}/bin/buildslave stop ${workdir}";
|
||||
|
171
krebs/3modules/cachecache.nix
Normal file
171
krebs/3modules/cachecache.nix
Normal file
@ -0,0 +1,171 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
|
||||
# fork of https://gist.github.com/rycee/f495fc6cc4130f155e8b670609a1e57b
|
||||
# related: https://github.com/nh2/nix-binary-cache-proxy
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.krebs.cachecache;
|
||||
|
||||
nginxCfg = config.services.nginx;
|
||||
|
||||
cacheFallbackConfig = {
|
||||
proxyPass = "$upstream_endpoint";
|
||||
extraConfig = ''
|
||||
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1.
|
||||
proxy_http_version 1.1;
|
||||
|
||||
# Remove the Connection header if the client sends it, it could
|
||||
# be "close" to close a keepalive connection
|
||||
proxy_set_header Connection "";
|
||||
|
||||
# Needed for CloudFront.
|
||||
proxy_ssl_server_name on;
|
||||
|
||||
proxy_set_header Host $proxy_host;
|
||||
proxy_cache nix_cache_cache;
|
||||
proxy_cache_valid 200 302 60m;
|
||||
proxy_cache_valid 404 1m;
|
||||
|
||||
expires max;
|
||||
add_header Cache-Control $nix_cache_cache_header always;
|
||||
'';
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
options = {
|
||||
krebs.cachecache = {
|
||||
enable = mkEnableOption "Nix binary cache cache";
|
||||
|
||||
virtualHost = mkOption {
|
||||
type = types.str;
|
||||
default = "nix-cache";
|
||||
description = ''
|
||||
Name of the nginx virtualhost to use and setup. If null, do
|
||||
not setup any virtualhost.
|
||||
'';
|
||||
};
|
||||
enableSSL = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
enable SSL via letsencrypt. Requires working dns resolution and open
|
||||
internet tls port.
|
||||
'';
|
||||
};
|
||||
|
||||
# webRoot = mkOption {
|
||||
# type = types.str;
|
||||
# default = "/";
|
||||
# description = ''
|
||||
# Directory on virtual host that serves the cache. Must end in
|
||||
# <literal>/</literal>.
|
||||
# '';
|
||||
# };
|
||||
|
||||
resolver = mkOption {
|
||||
type = types.str;
|
||||
description = "Address of DNS resolver.";
|
||||
default = "8.8.8.8 ipv6=off";
|
||||
example = "127.0.0.1 ipv6=off";
|
||||
};
|
||||
|
||||
cacheDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/cache/nix-cache-cache";
|
||||
description = ''
|
||||
Where nginx should store cached data.
|
||||
'';
|
||||
};
|
||||
|
||||
maxSize = mkOption {
|
||||
type = types.str;
|
||||
default = "50g";
|
||||
description = "Maximum cache size.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
|
||||
systemd.services.nginx.preStart = ''
|
||||
mkdir -p ${cfg.cacheDir} /srv/www/nix-cache-cache
|
||||
chmod 700 ${cfg.cacheDir} /srv/www/nix-cache-cache
|
||||
chown ${nginxCfg.user}:${nginxCfg.group} \
|
||||
${cfg.cacheDir} /srv/www/nix-cache-cache
|
||||
'';
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
appendHttpConfig = ''
|
||||
proxy_cache_path ${cfg.cacheDir}
|
||||
levels=1:2
|
||||
keys_zone=nix_cache_cache:100m
|
||||
max_size=${cfg.maxSize}
|
||||
inactive=365d
|
||||
use_temp_path=off;
|
||||
|
||||
# Cache only success status codes; in particular we don't want
|
||||
# to cache 404s. See https://serverfault.com/a/690258/128321.
|
||||
map $status $nix_cache_cache_header {
|
||||
200 "public";
|
||||
302 "public";
|
||||
default "no-cache";
|
||||
}
|
||||
'';
|
||||
|
||||
virtualHosts.${cfg.virtualHost} = {
|
||||
addSSL = cfg.enableSSL;
|
||||
enableACME = cfg.enableSSL;
|
||||
extraConfig = ''
|
||||
# Using a variable for the upstream endpoint to ensure that it is
|
||||
# resolved at runtime as opposed to once when the config file is loaded
|
||||
# and then cached forever (we don't want that):
|
||||
# see https://tenzer.dk/nginx-with-dynamic-upstreams/
|
||||
# This fixes errors like
|
||||
#
|
||||
# nginx: [emerg] host not found in upstream "upstream.example.com"
|
||||
#
|
||||
# when the upstream host is not reachable for a short time when
|
||||
# nginx is started.
|
||||
resolver ${cfg.resolver} valid=10s;
|
||||
set $upstream_endpoint https://cache.nixos.org;
|
||||
'';
|
||||
|
||||
locations."/" =
|
||||
{
|
||||
root = "/srv/www/nix-cache-cache";
|
||||
extraConfig = ''
|
||||
expires max;
|
||||
add_header Cache-Control $nix_cache_cache_header always;
|
||||
|
||||
# Ask the upstream server if a file isn't available
|
||||
# locally.
|
||||
error_page 404 = @fallback;
|
||||
|
||||
# Don't bother logging the above 404.
|
||||
log_not_found off;
|
||||
'';
|
||||
};
|
||||
|
||||
locations."@fallback" = cacheFallbackConfig;
|
||||
|
||||
# We always want to copy cache.nixos.org's nix-cache-info
|
||||
# file, and ignore our own, because `nix-push` by default
|
||||
# generates one without `Priority` field, and thus that file
|
||||
# by default has priority 50 (compared to cache.nixos.org's
|
||||
# `Priority: 40`), which will make download clients prefer
|
||||
# `cache.nixos.org` over our binary cache.
|
||||
locations."= /nix-cache-info" = cacheFallbackConfig;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
110
krebs/3modules/charybdis.nix
Normal file
110
krebs/3modules/charybdis.nix
Normal file
@ -0,0 +1,110 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) mkEnableOption mkIf mkOption singleton types;
|
||||
inherit (pkgs) coreutils charybdis;
|
||||
cfg = config.krebs.charybdis;
|
||||
|
||||
configFile = pkgs.writeText "charybdis.conf" ''
|
||||
${cfg.config}
|
||||
'';
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
krebs.charybdis = {
|
||||
|
||||
enable = mkEnableOption "Charybdis IRC daemon";
|
||||
|
||||
config = mkOption {
|
||||
type = types.string;
|
||||
description = ''
|
||||
Charybdis IRC daemon configuration file.
|
||||
'';
|
||||
};
|
||||
|
||||
statedir = mkOption {
|
||||
type = types.string;
|
||||
default = "/var/lib/charybdis";
|
||||
description = ''
|
||||
Location of the state directory of charybdis.
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.string;
|
||||
default = "ircd";
|
||||
description = ''
|
||||
Charybdis IRC daemon user.
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.string;
|
||||
default = "ircd";
|
||||
description = ''
|
||||
Charybdis IRC daemon group.
|
||||
'';
|
||||
};
|
||||
|
||||
motd = mkOption {
|
||||
type = types.nullOr types.lines;
|
||||
default = null;
|
||||
description = ''
|
||||
Charybdis MOTD text.
|
||||
|
||||
Charybdis will read its MOTD from /etc/charybdis/ircd.motd .
|
||||
If set, the value of this option will be written to this path.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable (lib.mkMerge [
|
||||
{
|
||||
users.users = singleton {
|
||||
name = cfg.user;
|
||||
description = "Charybdis IRC daemon user";
|
||||
uid = config.ids.uids.ircd;
|
||||
group = cfg.group;
|
||||
};
|
||||
|
||||
users.groups = singleton {
|
||||
name = cfg.group;
|
||||
gid = config.ids.gids.ircd;
|
||||
};
|
||||
|
||||
systemd.services.charybdis = {
|
||||
description = "Charybdis IRC daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = {
|
||||
BANDB_DBPATH = "${cfg.statedir}/ban.db";
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = "${charybdis}/bin/charybdis -foreground -logfile /dev/stdout -configfile ${configFile}";
|
||||
Group = cfg.group;
|
||||
User = cfg.user;
|
||||
PermissionsStartOnly = true; # preStart needs to run with root permissions
|
||||
};
|
||||
preStart = ''
|
||||
${coreutils}/bin/mkdir -p ${cfg.statedir}
|
||||
${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.statedir}
|
||||
'';
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
(mkIf (cfg.motd != null) {
|
||||
environment.etc."charybdis/ircd.motd".text = cfg.motd;
|
||||
})
|
||||
]);
|
||||
}
|
@ -26,10 +26,19 @@ let
|
||||
|
||||
hostname = config.networking.hostName;
|
||||
getJobs = pkgs.writeDash "get_jobs" ''
|
||||
nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null
|
||||
nix-instantiate --quiet -Q --eval --strict --json ./ci.nix
|
||||
set -efu
|
||||
${pkgs.nix}/bin/nix-build --no-out-link --quiet -Q ./ci.nix >&2
|
||||
json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)"
|
||||
echo "$json" | ${pkgs.jq}/bin/jq -r 'to_entries[] | [.key, .value] | @tsv' \
|
||||
| while read -r host builder; do
|
||||
gcroot=${shell.escape profileRoot}/$host-builder
|
||||
${pkgs.nix}/bin/nix-env -p "$gcroot" --set "$builder"
|
||||
done
|
||||
echo "$json"
|
||||
'';
|
||||
|
||||
profileRoot = "/nix/var/nix/profiles/ci";
|
||||
|
||||
imp = {
|
||||
krebs.buildbot.master = {
|
||||
slaves = {
|
||||
@ -98,9 +107,16 @@ let
|
||||
self.addBuildSteps([steps.ShellCommand(
|
||||
name=str(new_step),
|
||||
command=[
|
||||
new_steps[new_step]
|
||||
"${pkgs.writeDash "build-stepper.sh" ''
|
||||
set -efu
|
||||
profile=${shell.escape profileRoot}/$build_name
|
||||
result=$("$build_script")
|
||||
${pkgs.nix}/bin/nix-env -p "$profile" --set "$result"
|
||||
''}"
|
||||
],
|
||||
env={
|
||||
"build_name": new_step,
|
||||
"build_script": new_steps[new_step],
|
||||
"NIX_REMOTE": "daemon",
|
||||
"NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
|
||||
},
|
||||
@ -163,6 +179,20 @@ let
|
||||
password = "lasspass";
|
||||
packages = with pkgs; [ gnumake jq nix populate gnutar lzma gzip ];
|
||||
};
|
||||
|
||||
system.activationScripts.buildbots-nix-profile = ''
|
||||
${pkgs.coreutils}/bin/mkdir -p ${shell.escape profileRoot}
|
||||
${pkgs.coreutils}/bin/chmod 0770 ${shell.escape profileRoot}
|
||||
${pkgs.coreutils}/bin/chgrp buildbots ${shell.escape profileRoot}
|
||||
'';
|
||||
|
||||
users = {
|
||||
groups.buildbots.gid = genid "buildbots";
|
||||
users = {
|
||||
buildbotMaster.extraGroups = [ "buildbots" ];
|
||||
buildbotSlave.extraGroups = [ "buildbots" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
in out
|
||||
|
@ -14,6 +14,8 @@ let
|
||||
./buildbot/master.nix
|
||||
./buildbot/slave.nix
|
||||
./build.nix
|
||||
./cachecache.nix
|
||||
./charybdis.nix
|
||||
./ci.nix
|
||||
./current.nix
|
||||
./exim.nix
|
||||
@ -111,7 +113,6 @@ let
|
||||
{ krebs = import ./krebs { inherit config; }; }
|
||||
{ krebs = import ./lass { inherit config; }; }
|
||||
{ krebs = import ./makefu { inherit config; }; }
|
||||
{ krebs = import ./nin { inherit config; }; }
|
||||
{ krebs = import ./tv { inherit config; }; }
|
||||
{
|
||||
krebs.dns.providers = {
|
||||
@ -201,6 +202,7 @@ let
|
||||
"cfp@eloop.org" = eloop-ml;
|
||||
"kontakt@eloop.org" = eloop-ml;
|
||||
"root@eloop.org" = eloop-ml;
|
||||
"youtube@eloop.org" = eloop-ml;
|
||||
"eloop2016@krebsco.de" = eloop-ml;
|
||||
"eloop2017@krebsco.de" = eloop-ml;
|
||||
"postmaster@krebsco.de" = spam-ml; # RFC 822
|
||||
|
@ -38,11 +38,6 @@ let
|
||||
'';
|
||||
default = {};
|
||||
};
|
||||
maxTime = mkOption {
|
||||
type = types.int;
|
||||
default = 0;
|
||||
description = "Time to wait before download is aborted";
|
||||
};
|
||||
};
|
||||
|
||||
fetchWallpaperScript = pkgs.writeDash "fetchWallpaper" ''
|
||||
@ -51,8 +46,8 @@ let
|
||||
mkdir -p ${cfg.stateDir}
|
||||
chmod o+rx ${cfg.stateDir}
|
||||
cd ${cfg.stateDir}
|
||||
(curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper.tmp ${shell.escape cfg.url} && cp wallpaper.tmp wallpaper) || :
|
||||
feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
|
||||
(curl -s -o wallpaper.tmp -z wallpaper.tmp ${shell.escape cfg.url} && cp wallpaper.tmp wallpaper) || :
|
||||
feh --no-fehbg --bg-scale wallpaper
|
||||
'';
|
||||
|
||||
imp = {
|
||||
|
@ -57,7 +57,7 @@ let
|
||||
|
||||
user = rec {
|
||||
name = "github-hosts-sync";
|
||||
uid = genid name;
|
||||
uid = genid_uint31 name;
|
||||
};
|
||||
|
||||
# TODO move to lib?
|
||||
|
@ -15,8 +15,9 @@ with import <stockholm/lib>;
|
||||
cores = 4;
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
prism IN A ${nets.internet.ip4.addr}
|
||||
cache IN A ${nets.internet.ip4.addr}
|
||||
paste IN A ${nets.internet.ip4.addr}
|
||||
prism IN A ${nets.internet.ip4.addr}
|
||||
'';
|
||||
"lassul.us" = ''
|
||||
$TTL 3600
|
||||
@ -27,12 +28,13 @@ with import <stockholm/lib>;
|
||||
60 IN TXT v=spf1 mx a:lassul.us -all
|
||||
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
|
||||
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
|
||||
cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
io 60 IN NS ions.lassul.us.
|
||||
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
@ -642,47 +644,6 @@ with import <stockholm/lib>;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
|
||||
};
|
||||
cabal = {
|
||||
cores = 2;
|
||||
nets = rec {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.1.4";
|
||||
ip6.addr = "42::1:4";
|
||||
aliases = [
|
||||
"cabal.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A
|
||||
SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj
|
||||
rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK
|
||||
qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e
|
||||
LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq
|
||||
rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3
|
||||
6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE
|
||||
fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v
|
||||
yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A
|
||||
kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR
|
||||
KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi
|
||||
TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U
|
||||
oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs
|
||||
TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw
|
||||
3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD
|
||||
rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ
|
||||
4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf
|
||||
luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py
|
||||
w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG
|
||||
09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1
|
||||
K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g
|
||||
ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
secure = true;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
|
||||
};
|
||||
red = {
|
||||
monitoring = false;
|
||||
cores = 1;
|
||||
@ -714,6 +675,36 @@ with import <stockholm/lib>;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
|
||||
};
|
||||
yellow = {
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.14";
|
||||
ip6.addr = "42:0:0:0:0:0:0:14";
|
||||
aliases = [
|
||||
"yellow.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP
|
||||
MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY
|
||||
b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU
|
||||
Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd
|
||||
OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP
|
||||
vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6
|
||||
C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp
|
||||
Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU
|
||||
52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg
|
||||
zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p
|
||||
DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ
|
||||
Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje ";
|
||||
};
|
||||
blue = {
|
||||
cores = 1;
|
||||
nets = {
|
||||
@ -787,9 +778,6 @@ with import <stockholm/lib>;
|
||||
mail = "lass@daedalus.r";
|
||||
pubkey = builtins.readFile ./ssh/daedalus.rsa;
|
||||
};
|
||||
fritz = {
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
|
||||
};
|
||||
prism-repo-sync = {
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe";
|
||||
mail = "lass@prism.r";
|
||||
|
@ -60,7 +60,7 @@ in {
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi";
|
||||
};
|
||||
drop = rec {
|
||||
ci = true;
|
||||
ci = false;
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
@ -83,7 +83,7 @@ in {
|
||||
};
|
||||
};
|
||||
studio = rec {
|
||||
ci = true;
|
||||
ci = false;
|
||||
cores = 4;
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio";
|
||||
@ -109,7 +109,7 @@ in {
|
||||
};
|
||||
|
||||
fileleech = rec {
|
||||
ci = true;
|
||||
ci = false;
|
||||
cores = 4;
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
|
||||
@ -134,7 +134,7 @@ in {
|
||||
};
|
||||
};
|
||||
latte = rec {
|
||||
ci = true;
|
||||
ci = false;
|
||||
cores = 1;
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
# ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte";
|
||||
@ -166,7 +166,7 @@ in {
|
||||
};
|
||||
|
||||
pnp = {
|
||||
ci = true;
|
||||
ci = false;
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
@ -190,7 +190,7 @@ in {
|
||||
};
|
||||
};
|
||||
darth = {
|
||||
ci = true;
|
||||
ci = false;
|
||||
cores = 4;
|
||||
nets = {
|
||||
retiolum = {
|
||||
@ -404,7 +404,7 @@ in {
|
||||
};
|
||||
};
|
||||
wry = rec {
|
||||
ci = true;
|
||||
ci = false;
|
||||
cores = 1;
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
@ -449,7 +449,7 @@ in {
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry";
|
||||
};
|
||||
filepimp = rec {
|
||||
ci = true;
|
||||
ci = false;
|
||||
cores = 1;
|
||||
nets = {
|
||||
lan = {
|
||||
@ -494,6 +494,8 @@ in {
|
||||
ip6.addr = "42:f9f0::10";
|
||||
aliases = [
|
||||
"omo.r"
|
||||
"dcpp.omo.r"
|
||||
"torrent.omo.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
@ -554,7 +556,7 @@ in {
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr";
|
||||
};
|
||||
nextgum = rec {
|
||||
gum = rec {
|
||||
ci = true;
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
@ -563,6 +565,23 @@ in {
|
||||
graph IN A ${nets.internet.ip4.addr}
|
||||
gold IN A ${nets.internet.ip4.addr}
|
||||
iso.euer IN A ${nets.internet.ip4.addr}
|
||||
wg.euer IN A ${nets.internet.ip4.addr}
|
||||
photostore IN A ${nets.internet.ip4.addr}
|
||||
o.euer IN A ${nets.internet.ip4.addr}
|
||||
mon.euer IN A ${nets.internet.ip4.addr}
|
||||
boot.euer IN A ${nets.internet.ip4.addr}
|
||||
wiki.euer IN A ${nets.internet.ip4.addr}
|
||||
pigstarter IN A ${nets.internet.ip4.addr}
|
||||
cgit.euer IN A ${nets.internet.ip4.addr}
|
||||
git.euer IN A ${nets.internet.ip4.addr}
|
||||
euer IN A ${nets.internet.ip4.addr}
|
||||
share.euer IN A ${nets.internet.ip4.addr}
|
||||
gum IN A ${nets.internet.ip4.addr}
|
||||
wikisearch IN A ${nets.internet.ip4.addr}
|
||||
dl.euer IN A ${nets.internet.ip4.addr}
|
||||
ghook IN A ${nets.internet.ip4.addr}
|
||||
dockerhub IN A ${nets.internet.ip4.addr}
|
||||
io IN NS gum.krebsco.de.
|
||||
'';
|
||||
};
|
||||
cores = 8;
|
||||
@ -571,6 +590,7 @@ in {
|
||||
ip4.addr = "144.76.26.247";
|
||||
ip6.addr = "2a01:4f8:191:12f6::2";
|
||||
aliases = [
|
||||
"gum.i"
|
||||
"nextgum.i"
|
||||
];
|
||||
};
|
||||
@ -594,71 +614,17 @@ in {
|
||||
"stats.makefu.r"
|
||||
"backup.makefu.r"
|
||||
"dcpp.nextgum.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAucCebFmS96WorD+Br4UQudmAhMlLpacErjwA/u2argBTT2nGHTR8
|
||||
aN4e0xf3IYLA+iogLIW/JuQfKLe8evEK21iZ3jleW8N7mbCulhasi/0lqWlirrpO
|
||||
npJAiSNF1m7ijoylkEKxtmehze+8ojprUT2hx1ImMlHMWGxvs+TmBbZBMgxAGMJh
|
||||
6cMMDJQi+4d9XrJQ3+XUVK3MkviLA91oIAXsLdFptL6b12siUaz4StQXDJUHemBF
|
||||
3ZwlO+W2Es69ifEhmV6NaDDRcSRdChGbHTz1OU8wYaFNaxWla/iprQQ+jEUldpcN
|
||||
VC18QGYRUAgZ0PCIpKurjWNehJFB3zXt+wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
|
||||
};
|
||||
|
||||
gum = rec {
|
||||
ci = true;
|
||||
cores = 2;
|
||||
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
share.euer IN A ${nets.internet.ip4.addr}
|
||||
mattermost.euer IN A ${nets.internet.ip4.addr}
|
||||
gum IN A ${nets.internet.ip4.addr}
|
||||
wikisearch IN A ${nets.internet.ip4.addr}
|
||||
pigstarter IN A ${nets.internet.ip4.addr}
|
||||
cgit.euer IN A ${nets.internet.ip4.addr}
|
||||
euer IN A ${nets.internet.ip4.addr}
|
||||
o.euer IN A ${nets.internet.ip4.addr}
|
||||
git.euer IN A ${nets.internet.ip4.addr}
|
||||
dl.euer IN A ${nets.internet.ip4.addr}
|
||||
boot.euer IN A ${nets.internet.ip4.addr}
|
||||
wiki.euer IN A ${nets.internet.ip4.addr}
|
||||
mon.euer IN A ${nets.internet.ip4.addr}
|
||||
ghook IN A ${nets.internet.ip4.addr}
|
||||
dockerhub IN A ${nets.internet.ip4.addr}
|
||||
photostore IN A ${nets.internet.ip4.addr}
|
||||
io IN NS gum.krebsco.de.
|
||||
'';
|
||||
};
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "185.194.143.140";
|
||||
ip6.addr = "2a03:4000:1c:43f::1";
|
||||
aliases = [
|
||||
"gum.i"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.243.0.211";
|
||||
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2";
|
||||
aliases = [
|
||||
"gum.r"
|
||||
"cgit.gum.r"
|
||||
"o.gum.r"
|
||||
"tracker.makefu.r"
|
||||
|
||||
"search.makefu.r"
|
||||
"wiki.makefu.r"
|
||||
"wiki.gum.r"
|
||||
"blog.makefu.r"
|
||||
"blog.gum.r"
|
||||
"dcpp.gum.r"
|
||||
"torrent.gum.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
@ -672,12 +638,11 @@ in {
|
||||
'';
|
||||
};
|
||||
};
|
||||
# configured manually
|
||||
# ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
|
||||
};
|
||||
|
||||
shoney = rec {
|
||||
ci = true;
|
||||
ci = false;
|
||||
cores = 1;
|
||||
nets = rec {
|
||||
siem = {
|
||||
|
@ -1,111 +0,0 @@
|
||||
{ config, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
hosts = mapAttrs (_: recursiveUpdate {
|
||||
owner = config.krebs.users.nin;
|
||||
ci = true;
|
||||
}) {
|
||||
hiawatha = {
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.132.96";
|
||||
ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342";
|
||||
aliases = [
|
||||
"hiawatha.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o
|
||||
Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB
|
||||
iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E
|
||||
UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr
|
||||
lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ
|
||||
yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
|
||||
};
|
||||
axon= {
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.134.66";
|
||||
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
|
||||
aliases = [
|
||||
"axon.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo
|
||||
glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj
|
||||
KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH
|
||||
L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j
|
||||
VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY
|
||||
PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN
|
||||
X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh
|
||||
m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp
|
||||
OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT
|
||||
LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H
|
||||
/F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK
|
||||
MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w
|
||||
7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm
|
||||
ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3
|
||||
1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF
|
||||
29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt
|
||||
4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj
|
||||
FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl
|
||||
buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p
|
||||
hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG
|
||||
yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi
|
||||
ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc";
|
||||
};
|
||||
onondaga = {
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.132.55";
|
||||
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357";
|
||||
aliases = [
|
||||
"onondaga.r"
|
||||
"cgit.onondaga.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR
|
||||
OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu
|
||||
htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH
|
||||
xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO
|
||||
kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn
|
||||
hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO";
|
||||
};
|
||||
|
||||
};
|
||||
users = {
|
||||
nin = {
|
||||
mail = "nin@axon.r";
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
|
||||
};
|
||||
nin_h = {
|
||||
mail = "nin@hiawatha.r";
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
|
||||
};
|
||||
};
|
||||
}
|
@ -77,7 +77,190 @@ let
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = "${pkgs.realwallpaper}/realwallpaper.sh";
|
||||
ExecStart = pkgs.writeDash "generate-wallpaper" ''
|
||||
set -xeuf
|
||||
|
||||
# usage: getimg FILENAME URL
|
||||
fetch() {
|
||||
echo "fetch $1"
|
||||
curl -LsS -z "$1" -o "$1" "$2"
|
||||
}
|
||||
|
||||
# usage: check_type FILENAME TYPE
|
||||
check_type() {
|
||||
if ! file -ib "$1" | grep -q "^$2/"; then
|
||||
echo "$1 is not of type $2" >&2
|
||||
rm "$1"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
# usage: image_size FILENAME
|
||||
image_size() {
|
||||
identify "$1" | awk '{print$3}'
|
||||
}
|
||||
|
||||
# usage: make_mask DST SRC MASK
|
||||
make_layer() {
|
||||
if needs_rebuild "$@"; then
|
||||
echo "make $1 (apply mask)" >&2
|
||||
convert "$2" "$3" -alpha off -compose copy_opacity -composite "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
# usage: flatten DST HILAYER LOLAYER
|
||||
flatten() {
|
||||
if needs_rebuild "$@"; then
|
||||
echo "make $1 (flatten)" >&2
|
||||
composite "$2" "$3" "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
# usage: needs_rebuild DST SRC...
|
||||
needs_rebuild() {
|
||||
a="$1"
|
||||
shift
|
||||
if ! test -e "$a"; then
|
||||
#echo " $a does not exist" >&2
|
||||
result=0
|
||||
else
|
||||
result=1
|
||||
for b; do
|
||||
if test "$b" -nt "$a"; then
|
||||
#echo " $b is newer than $a" >&2
|
||||
result=0
|
||||
fi
|
||||
done
|
||||
fi
|
||||
#case $result in
|
||||
# 0) echo "$a needs rebuild" >&2;;
|
||||
#esac
|
||||
return $result
|
||||
}
|
||||
|
||||
main() {
|
||||
cd ${cfg.workingDir}
|
||||
|
||||
# fetch source images in parallel
|
||||
fetch nightmap-raw.jpg \
|
||||
${cfg.nightmap} &
|
||||
fetch daymap-raw.png \
|
||||
${cfg.daymap} &
|
||||
fetch clouds-raw.jpg \
|
||||
${cfg.cloudmap} &
|
||||
fetch marker.json \
|
||||
${cfg.marker} &
|
||||
wait
|
||||
|
||||
check_type nightmap-raw.jpg image
|
||||
check_type daymap-raw.png image
|
||||
check_type clouds-raw.jpg image
|
||||
|
||||
in_size=2048x1024
|
||||
xplanet_out_size=1466x1200
|
||||
out_geometry=1366x768+100+160
|
||||
|
||||
nightsnow_color='#0c1a49' # nightmap
|
||||
|
||||
for raw in \
|
||||
nightmap-raw.jpg \
|
||||
daymap-raw.png \
|
||||
clouds-raw.jpg \
|
||||
;
|
||||
do
|
||||
normal=''${raw%-raw.*}.png
|
||||
if needs_rebuild $normal $raw; then
|
||||
echo "make $normal; normalize $raw" >&2
|
||||
convert $raw -scale $in_size $normal
|
||||
fi
|
||||
done
|
||||
|
||||
# create nightmap-fullsnow
|
||||
if needs_rebuild nightmap-fullsnow.png; then
|
||||
convert -size $in_size xc:$nightsnow_color nightmap-fullsnow.png
|
||||
fi
|
||||
|
||||
# extract daymap-snowmask from daymap-final
|
||||
if needs_rebuild daymap-snowmask.png daymap.png; then
|
||||
convert daymap.png -threshold 95% daymap-snowmask.png
|
||||
fi
|
||||
|
||||
# extract nightmap-lightmask from nightmap
|
||||
if needs_rebuild nightmap-lightmask.png nightmap.png; then
|
||||
convert nightmap.png -threshold 25% nightmap-lightmask.png
|
||||
fi
|
||||
|
||||
# create layers
|
||||
make_layer nightmap-snowlayer.png nightmap-fullsnow.png daymap-snowmask.png
|
||||
make_layer nightmap-lightlayer.png nightmap.png nightmap-lightmask.png
|
||||
|
||||
# apply layers
|
||||
flatten nightmap-lightsnowlayer.png \
|
||||
nightmap-lightlayer.png \
|
||||
nightmap-snowlayer.png
|
||||
|
||||
flatten nightmap-final.png \
|
||||
nightmap-lightsnowlayer.png \
|
||||
nightmap.png
|
||||
|
||||
# create marker file from json
|
||||
if [ -s marker.json ]; then
|
||||
jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude)"' marker.json > marker_file
|
||||
fi
|
||||
|
||||
# make all unmodified files as final
|
||||
for normal in \
|
||||
daymap.png \
|
||||
clouds.png \
|
||||
;
|
||||
do
|
||||
final=''${normal%.png}-final.png
|
||||
needs_rebuild $final &&
|
||||
ln $normal $final
|
||||
done
|
||||
|
||||
# rebuild every time to update shadow
|
||||
xplanet --num_times 1 --geometry $xplanet_out_size \
|
||||
--output xplanet-output.png --projection merc \
|
||||
-config ${pkgs.writeText "xplanet.config" ''
|
||||
[earth]
|
||||
"Earth"
|
||||
map=daymap-final.png
|
||||
night_map=nightmap-final.png
|
||||
cloud_map=clouds-final.png
|
||||
cloud_threshold=10
|
||||
shade=15
|
||||
''}
|
||||
|
||||
xplanet --num_times 1 --geometry $xplanet_out_size \
|
||||
--output xplanet-krebs-output.png --projection merc \
|
||||
-config ${pkgs.writeText "xplanet-krebs.config" ''
|
||||
[earth]
|
||||
"Earth"
|
||||
map=daymap-final.png
|
||||
night_map=nightmap-final.png
|
||||
cloud_map=clouds-final.png
|
||||
cloud_threshold=10
|
||||
marker_file=marker_file
|
||||
shade=15
|
||||
''}
|
||||
|
||||
# trim xplanet output
|
||||
if needs_rebuild realwallpaper.png xplanet-output.png; then
|
||||
convert xplanet-output.png -crop $out_geometry \
|
||||
realwallpaper-tmp.png
|
||||
mv realwallpaper-tmp.png realwallpaper.png
|
||||
fi
|
||||
|
||||
if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then
|
||||
convert xplanet-krebs-output.png -crop $out_geometry \
|
||||
realwallpaper-krebs-tmp.png
|
||||
mv realwallpaper-krebs-tmp.png realwallpaper-krebs.png
|
||||
fi
|
||||
}
|
||||
|
||||
main "$@"
|
||||
'';
|
||||
User = "realwallpaper";
|
||||
};
|
||||
};
|
||||
|
@ -75,6 +75,7 @@ let
|
||||
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname}
|
||||
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname}
|
||||
''}
|
||||
${tinc.config.tincUpExtra}
|
||||
'';
|
||||
description = ''
|
||||
tinc-up script to be used. Defaults to setting the
|
||||
@ -83,6 +84,11 @@ let
|
||||
'';
|
||||
};
|
||||
|
||||
tincUpExtra = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
|
||||
tincPackage = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.tinc;
|
||||
|
@ -183,7 +183,7 @@ let
|
||||
|
||||
user = rec {
|
||||
name = "urlwatch";
|
||||
uid = genid name;
|
||||
uid = genid_uint31 name;
|
||||
};
|
||||
|
||||
subtypes.job = types.submodule {
|
||||
|
@ -1,13 +1,6 @@
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
overrides = self: super:
|
||||
listToAttrs
|
||||
(map
|
||||
(name: nameValuePair (removeSuffix ".nix" name)
|
||||
(self.callPackage (./. + "/${name}") {}))
|
||||
(filter
|
||||
(name: name != "default.nix" && !hasPrefix "." name)
|
||||
(attrNames (readDir ./.))));
|
||||
overrides = self: super: mapNixDir (path: self.callPackage path {}) ./.;
|
||||
in
|
||||
self: super:
|
||||
{
|
||||
|
@ -1,17 +1,16 @@
|
||||
{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xft, X11-xshape
|
||||
, xmonad, xmonad-contrib
|
||||
{ mkDerivation, base, containers, fetchgit, filepath, stdenv, unix, X11, X11-xft
|
||||
, X11-xshape, xmonad, xmonad-contrib
|
||||
}:
|
||||
mkDerivation rec {
|
||||
pname = "xmonad-stockholm";
|
||||
version = "1.2.0";
|
||||
# src = /home/jeschli/projects/haskell/xmonad-stockholm;
|
||||
version = "1.3.0";
|
||||
src = fetchgit {
|
||||
url = http://cgit.ni.krebsco.de/xmonad-stockholm;
|
||||
rev = "refs/tags/v${version}";
|
||||
sha256 = "13mvmh3kk9a79l1nii028p0n7l95pb78wz9c4j42l90m02mg6cis";
|
||||
rev = "refs/tags/v1.3.0";
|
||||
sha256 = "1np5126wn67y0a1r60rnkq828s0w9zjnvai4b8zy3yc02xlkrjm9";
|
||||
};
|
||||
libraryHaskellDepends = [
|
||||
base containers X11 X11-xft X11-xshape xmonad xmonad-contrib
|
||||
base containers filepath unix X11 X11-xft X11-xshape xmonad xmonad-contrib
|
||||
];
|
||||
license = stdenv.lib.licenses.mit;
|
||||
}
|
||||
|
@ -15,10 +15,4 @@ let
|
||||
else override;
|
||||
in
|
||||
|
||||
listToAttrs
|
||||
(map
|
||||
(name: nameValuePair (removeSuffix ".nix" name)
|
||||
(callPackage (./. + "/${name}") {}))
|
||||
(filter
|
||||
(name: name != "default.nix" && !hasPrefix "." name)
|
||||
(attrNames (readDir ./.))))
|
||||
mapNixDir (path: callPackage path {}) ./.
|
||||
|
@ -1,122 +0,0 @@
|
||||
{ stdenv, writeScriptBin, lib, fetchurl, git, cacert
|
||||
, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd
|
||||
, withMysql ? false
|
||||
, withPgsql ? false
|
||||
, withSqlite ? false, sqlite
|
||||
, withPam ? false, pam
|
||||
, withZlib ? true, zlib
|
||||
, withRiak ? false
|
||||
, withElixir ? false, elixir
|
||||
, withIconv ? true
|
||||
, withTools ? false
|
||||
, withRedis ? false
|
||||
}:
|
||||
|
||||
let
|
||||
fakegit = writeScriptBin "git" ''
|
||||
#! ${stdenv.shell} -e
|
||||
if [ "$1" = "describe" ]; then
|
||||
[ -r .rev ] && cat .rev || true
|
||||
fi
|
||||
'';
|
||||
|
||||
ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ];
|
||||
|
||||
in stdenv.mkDerivation rec {
|
||||
version = "18.01";
|
||||
name = "ejabberd-${version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz";
|
||||
sha256 = "01i2n8mlgw293jdf4172f9q8ca8m35vysjws791p7nynpfdb4cn6";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ fakegit ];
|
||||
|
||||
buildInputs = [ erlang openssl expat libyaml gd ]
|
||||
++ lib.optional withSqlite sqlite
|
||||
++ lib.optional withPam pam
|
||||
++ lib.optional withZlib zlib
|
||||
++ lib.optional withElixir elixir
|
||||
;
|
||||
|
||||
# Apparently needed for Elixir
|
||||
LANG = "en_US.UTF-8";
|
||||
|
||||
deps = stdenv.mkDerivation {
|
||||
name = "ejabberd-deps-${version}";
|
||||
|
||||
inherit src;
|
||||
|
||||
configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ];
|
||||
|
||||
nativeBuildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ];
|
||||
|
||||
GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
makeFlags = [ "deps" ];
|
||||
|
||||
phases = [ "unpackPhase" "configurePhase" "buildPhase" "installPhase" ];
|
||||
|
||||
installPhase = ''
|
||||
for i in deps/*; do
|
||||
( cd $i
|
||||
git reset --hard
|
||||
git clean -ffdx
|
||||
git describe --always --tags > .rev
|
||||
rm -rf .git
|
||||
)
|
||||
done
|
||||
rm deps/.got
|
||||
|
||||
cp -r deps $out
|
||||
'';
|
||||
|
||||
outputHashMode = "recursive";
|
||||
outputHashAlgo = "sha256";
|
||||
outputHash = "1v3h0c7kfifb6wsfxyv5j1wc7rlxbb7r0pgd4s340wiyxnllzzhk";
|
||||
};
|
||||
|
||||
configureFlags =
|
||||
[ (lib.enableFeature withMysql "mysql")
|
||||
(lib.enableFeature withPgsql "pgsql")
|
||||
(lib.enableFeature withSqlite "sqlite")
|
||||
(lib.enableFeature withPam "pam")
|
||||
(lib.enableFeature withZlib "zlib")
|
||||
(lib.enableFeature withRiak "riak")
|
||||
(lib.enableFeature withElixir "elixir")
|
||||
(lib.enableFeature withIconv "iconv")
|
||||
(lib.enableFeature withTools "tools")
|
||||
(lib.enableFeature withRedis "redis")
|
||||
] ++ lib.optional withSqlite "--with-sqlite3=${sqlite.dev}";
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
patches = [
|
||||
./ejabberdctl.patch
|
||||
];
|
||||
|
||||
preBuild = ''
|
||||
cp -r $deps deps
|
||||
chmod -R +w deps
|
||||
patchShebangs deps
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
sed -i \
|
||||
-e '2iexport PATH=${ctlpath}:$PATH' \
|
||||
-e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \
|
||||
-e 's,\(^ *JOT=\).*,\1,' \
|
||||
-e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \
|
||||
$out/sbin/ejabberdctl
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Open-source XMPP application server written in Erlang";
|
||||
license = licenses.gpl2;
|
||||
homepage = http://www.ejabberd.im;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ sander abbradar ];
|
||||
broken = withElixir;
|
||||
};
|
||||
}
|
@ -1,32 +0,0 @@
|
||||
--- a/ejabberdctl.template 1970-01-01 01:00:01.000000000 +0100
|
||||
+++ b/ejabberdctl.template 2018-04-24 23:06:54.127715441 +0200
|
||||
@@ -42,19 +42,18 @@
|
||||
esac
|
||||
|
||||
# parse command line parameters
|
||||
-for arg; do
|
||||
- case $arg in
|
||||
- -n|--node) ERLANG_NODE_ARG=$2; shift;;
|
||||
- -s|--spool) SPOOL_DIR=$2; shift;;
|
||||
- -l|--logs) LOGS_DIR=$2; shift;;
|
||||
- -f|--config) EJABBERD_CONFIG_PATH=$2; shift;;
|
||||
- -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift;;
|
||||
- -d|--config-dir) ETC_DIR=$2; shift;;
|
||||
- -t|--no-timeout) NO_TIMEOUT="--no-timeout";;
|
||||
- --) :;;
|
||||
+while test $# -gt 0; do
|
||||
+ case $1 in
|
||||
+ -n|--node) ERLANG_NODE_ARG=$2; shift 2;;
|
||||
+ -s|--spool) SPOOL_DIR=$2; shift 2;;
|
||||
+ -l|--logs) LOGS_DIR=$2; shift 2;;
|
||||
+ -f|--config) EJABBERD_CONFIG_PATH=$2; shift 2;;
|
||||
+ -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift 2;;
|
||||
+ -d|--config-dir) ETC_DIR=$2; shift 2;;
|
||||
+ -t|--no-timeout) NO_TIMEOUT="--no-timeout"; shift 1;;
|
||||
+ # --) :;; what is this for?
|
||||
*) break;;
|
||||
esac
|
||||
- shift
|
||||
done
|
||||
|
||||
# define ejabberd variables if not already defined from the command line
|
@ -1,24 +0,0 @@
|
||||
{ stdenv, fetchgit, xplanet, imagemagick, curl, file }:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
name = "realwallpaper";
|
||||
|
||||
src = fetchgit {
|
||||
url = https://github.com/Lassulus/realwallpaper;
|
||||
rev = "e0563289c2ab592b669ce4549fc40130246e9d79";
|
||||
sha256 = "1zgk8ips2d686216h203w62wrw7zy9z0lrndx9f8z6f1vpvjcmqc";
|
||||
};
|
||||
|
||||
phases = [
|
||||
"unpackPhase"
|
||||
"installPhase"
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out
|
||||
cp realwallpaper.sh $out/realwallpaper.sh
|
||||
'';
|
||||
}
|
@ -1,12 +1,14 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
|
||||
imports = [
|
||||
./3modules
|
||||
{
|
||||
nixpkgs.config.packageOverrides =
|
||||
import ../submodules/nix-writers/pkgs pkgs;
|
||||
}
|
||||
];
|
||||
nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
|
||||
|
||||
nixpkgs = {
|
||||
overlays = [
|
||||
(import ./5pkgs)
|
||||
(import ../submodules/nix-writers/pkgs)
|
||||
];
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -7,15 +7,27 @@
|
||||
# TODO document why pkgs should be used like this
|
||||
pkgs = import "${krops}/pkgs" {};
|
||||
|
||||
krebs-source = {
|
||||
nixpkgs.git = {
|
||||
ref = (lib.importJSON ./nixpkgs.json).rev;
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
krebs-source = { test ? false }: rec {
|
||||
nixpkgs = if test then {
|
||||
file = {
|
||||
path = toString (pkgs.fetchFromGitHub {
|
||||
owner = "nixos";
|
||||
repo = "nixpkgs";
|
||||
rev = (lib.importJSON ./nixpkgs.json).rev;
|
||||
sha256 = (lib.importJSON ./nixpkgs.json).sha256;
|
||||
});
|
||||
useChecksum = true;
|
||||
};
|
||||
} else {
|
||||
git = {
|
||||
ref = (lib.importJSON ./nixpkgs.json).rev;
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
};
|
||||
};
|
||||
stockholm.file = toString ../.;
|
||||
stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" ''
|
||||
set -efu
|
||||
cd ${lib.escapeShellArg krebs-source.stockholm.file}
|
||||
cd ${lib.escapeShellArg stockholm.file}
|
||||
V=$(${pkgs.coreutils}/bin/date +%y.%m)
|
||||
if test -d .git; then
|
||||
V=$V.git.$(${pkgs.git}/bin/git describe --always --dirty)
|
||||
@ -28,21 +40,17 @@
|
||||
};
|
||||
|
||||
source ={ test }: lib.evalSource [
|
||||
krebs-source
|
||||
(krebs-source { test = test; })
|
||||
{
|
||||
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
|
||||
secrets =
|
||||
if test
|
||||
then {
|
||||
file = toString <stockholm/krebs/0tests/data/secrets>;
|
||||
}
|
||||
else {
|
||||
pass = {
|
||||
dir = "${lib.getEnv "HOME"}/brain";
|
||||
name = "krebs-secrets/${name}";
|
||||
};
|
||||
}
|
||||
;
|
||||
secrets = if test then {
|
||||
file = toString <stockholm/krebs/0tests/data/secrets>;
|
||||
} else {
|
||||
pass = {
|
||||
dir = "${lib.getEnv "HOME"}/brain";
|
||||
name = "krebs-secrets/${name}";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs-channels",
|
||||
"rev": "bf7930d582bcf7953c3b87e649858f3f1873eb9c",
|
||||
"date": "2018-11-04T19:36:25+01:00",
|
||||
"sha256": "0nvn6g0pxp0glqjg985qxs7ash0cmcdc80h8jxxk6z4pnr3f2n1m",
|
||||
"rev": "5d4a1a3897e2d674522bcb3aa0026c9e32d8fd7c",
|
||||
"date": "2018-11-24T00:40:22-05:00",
|
||||
"sha256": "19kryzx9a6x68mpyxks3dajraf92hkbnw1zf952k73s2k4qw9jlq",
|
||||
"fetchSubmodules": false
|
||||
}
|
||||
|
@ -36,10 +36,10 @@ with import <stockholm/lib>;
|
||||
# TODO write function for proxy_pass (ssl/nonssl)
|
||||
|
||||
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; }
|
||||
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.179"; target = "ACCEPT"; }
|
||||
];
|
||||
krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||
{ v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; }
|
||||
{ v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
@ -57,13 +57,6 @@ with import <stockholm/lib>;
|
||||
config.krebs.users.makefu.pubkey
|
||||
];
|
||||
};
|
||||
users.users.nin = {
|
||||
uid = genid "nin";
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.nin.pubkey
|
||||
];
|
||||
};
|
||||
users.extraUsers.dritter = {
|
||||
uid = genid "dritter";
|
||||
isNormalUser = true;
|
||||
@ -109,26 +102,6 @@ with import <stockholm/lib>;
|
||||
localAddress = "10.233.2.2";
|
||||
};
|
||||
}
|
||||
{
|
||||
#onondaga
|
||||
systemd.services."container@onondaga".reloadIfChanged = mkForce false;
|
||||
containers.onondaga = {
|
||||
config = { ... }: {
|
||||
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.nin.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = true;
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.5";
|
||||
localAddress = "10.233.2.6";
|
||||
};
|
||||
}
|
||||
<stockholm/lass/2configs/exim-smarthost.nix>
|
||||
<stockholm/lass/2configs/ts3.nix>
|
||||
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
||||
@ -137,7 +110,6 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass/2configs/iodined.nix>
|
||||
<stockholm/lass/2configs/paste.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
<stockholm/lass/2configs/reaktor-coders.nix>
|
||||
<stockholm/lass/2configs/ciko.nix>
|
||||
<stockholm/lass/2configs/container-networking.nix>
|
||||
<stockholm/lass/2configs/monitoring/prometheus-server.nix>
|
||||
|
@ -14,16 +14,16 @@
|
||||
};
|
||||
};
|
||||
# TODO use this network config
|
||||
#networking.interfaces.et0.ipv4.addresses = [
|
||||
# {
|
||||
# address = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
# prefixLength = 27;
|
||||
# }
|
||||
# {
|
||||
# address = "46.4.114.243";
|
||||
# prefixLength = 27;
|
||||
# }
|
||||
#];
|
||||
networking.interfaces.eth0.ipv4.addresses = [
|
||||
{
|
||||
address = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
prefixLength = 27;
|
||||
}
|
||||
{
|
||||
address = "46.4.114.243";
|
||||
prefixLength = 27;
|
||||
}
|
||||
];
|
||||
#networking.defaultGateway = "46.4.114.225";
|
||||
#networking.nameservers = [
|
||||
# "8.8.8.8"
|
||||
|
11
lass/1systems/blue/source.nix
Normal file
11
lass/1systems/blue/source.nix
Normal file
@ -0,0 +1,11 @@
|
||||
{ lib, pkgs, ... }:
|
||||
{
|
||||
nixpkgs = lib.mkForce {
|
||||
file = toString (pkgs.fetchFromGitHub {
|
||||
owner = "nixos";
|
||||
repo = "nixpkgs";
|
||||
rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
|
||||
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
|
||||
});
|
||||
};
|
||||
}
|
@ -1,16 +0,0 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
|
||||
<stockholm/lass/2configs/mouse.nix>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
<stockholm/lass/2configs/baseX.nix>
|
||||
<stockholm/lass/2configs/AP.nix>
|
||||
<stockholm/lass/2configs/blue-host.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.cabal;
|
||||
}
|
@ -1,12 +0,0 @@
|
||||
{
|
||||
imports = [
|
||||
./config.nix
|
||||
<stockholm/lass/2configs/hw/x220.nix>
|
||||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
||||
];
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0"
|
||||
'';
|
||||
}
|
@ -25,9 +25,5 @@
|
||||
macchanger
|
||||
dpass
|
||||
];
|
||||
services.redshift = {
|
||||
enable = true;
|
||||
provider = "geoclue2";
|
||||
};
|
||||
programs.adb.enable = true;
|
||||
}
|
||||
|
@ -33,6 +33,7 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass/2configs/rtl-sdr.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
<stockholm/lass/2configs/print.nix>
|
||||
<stockholm/lass/2configs/blue-host.nix>
|
||||
{
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
#risk of rain
|
||||
@ -101,6 +102,7 @@ with import <stockholm/lib>;
|
||||
urban
|
||||
mk_sql_pair
|
||||
remmina
|
||||
transmission
|
||||
|
||||
iodine
|
||||
|
||||
@ -147,10 +149,6 @@ with import <stockholm/lib>;
|
||||
programs.adb.enable = true;
|
||||
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
|
||||
virtualisation.docker.enable = true;
|
||||
services.redshift = {
|
||||
enable = true;
|
||||
provider = "geoclue2";
|
||||
};
|
||||
|
||||
lass.restic = genAttrs [
|
||||
"daedalus"
|
||||
|
@ -57,13 +57,6 @@ with import <stockholm/lib>;
|
||||
config.krebs.users.makefu.pubkey
|
||||
];
|
||||
};
|
||||
users.users.nin = {
|
||||
uid = genid "nin";
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.nin.pubkey
|
||||
];
|
||||
};
|
||||
users.extraUsers.dritter = {
|
||||
uid = genid "dritter";
|
||||
isNormalUser = true;
|
||||
@ -119,7 +112,6 @@ with import <stockholm/lib>;
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.nin.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = true;
|
||||
@ -215,7 +207,6 @@ with import <stockholm/lib>;
|
||||
RandomizedDelaySec = "2min";
|
||||
};
|
||||
}
|
||||
<stockholm/lass/2configs/downloading.nix>
|
||||
<stockholm/lass/2configs/minecraft.nix>
|
||||
{
|
||||
services.taskserver = {
|
||||
@ -346,11 +337,64 @@ with import <stockholm/lib>;
|
||||
];
|
||||
|
||||
}
|
||||
{
|
||||
systemd.services."container@yellow".reloadIfChanged = mkForce false;
|
||||
containers.yellow = {
|
||||
config = { ... }: {
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = false;
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.13";
|
||||
localAddress = "10.233.2.14";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = ''
|
||||
if ($scheme != "https") {
|
||||
rewrite ^ https://$host$uri permanent;
|
||||
}
|
||||
auth_basic "Restricted Content";
|
||||
auth_basic_user_file ${pkgs.writeText "transmission-user-pass" ''
|
||||
krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
|
||||
''};
|
||||
proxy_pass http://10.233.2.14:9091;
|
||||
'';
|
||||
|
||||
users.groups.download = {};
|
||||
users.users = {
|
||||
download = {
|
||||
createHome = true;
|
||||
group = "download";
|
||||
name = "download";
|
||||
home = "/var/download";
|
||||
useDefaultShell = true;
|
||||
openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||
lass.pubkey
|
||||
lass-shodan.pubkey
|
||||
lass-icarus.pubkey
|
||||
lass-daedalus.pubkey
|
||||
lass-helios.pubkey
|
||||
makefu.pubkey
|
||||
wine-mors.pubkey
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
system.activationScripts.downloadFolder = ''
|
||||
mkdir -p /var/download
|
||||
chmod 775 /var/download
|
||||
ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || :
|
||||
chown download: /var/download/finished
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.prism;
|
||||
# workaround because grub store paths are broken
|
||||
boot.copyKernels = true;
|
||||
services.earlyoom = {
|
||||
enable = true;
|
||||
freeMemThreshold = 5;
|
||||
|
@ -1,77 +1,61 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
|
||||
imports = [
|
||||
./config.nix
|
||||
{
|
||||
boot.kernelParams = [ "net.ifnames=0" ];
|
||||
networking = {
|
||||
defaultGateway = "46.4.114.225";
|
||||
# Use google's public DNS server
|
||||
nameservers = [ "8.8.8.8" ];
|
||||
interfaces.eth0 = {
|
||||
ipAddress = "46.4.114.247";
|
||||
prefixLength = 27;
|
||||
};
|
||||
};
|
||||
# TODO use this network config
|
||||
#networking.interfaces.et0.ipv4.addresses = [
|
||||
# {
|
||||
# address = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
# prefixLength = 27;
|
||||
# }
|
||||
# {
|
||||
# address = "46.4.114.243";
|
||||
# prefixLength = 27;
|
||||
# }
|
||||
#];
|
||||
#networking.defaultGateway = "46.4.114.225";
|
||||
#networking.nameservers = [
|
||||
# "8.8.8.8"
|
||||
#];
|
||||
#services.udev.extraRules = ''
|
||||
# SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0"
|
||||
#'';
|
||||
}
|
||||
{
|
||||
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
|
||||
|
||||
networking.hostId = "fb4173ea";
|
||||
boot.loader.grub = {
|
||||
devices = [
|
||||
"/dev/sda"
|
||||
"/dev/sdb"
|
||||
];
|
||||
splashImage = null;
|
||||
};
|
||||
|
||||
boot.initrd.availableKernelModules = [
|
||||
"ata_piix"
|
||||
"vmw_pvscsi"
|
||||
"ahci" "sd_mod"
|
||||
];
|
||||
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
|
||||
sound.enable = false;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "rpool/root/nixos";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/home" = {
|
||||
device = "rpool/home";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/b67c3370-1597-4ce8-8a46-e257ca32150d";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
}
|
||||
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "rpool/root/nixos";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/d155d6ff-8e89-4876-a9e7-d1b7ba6a4804";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/srv/http" = {
|
||||
device = "tank/srv-http";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/download" = {
|
||||
device = "tank/download";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/containers" = {
|
||||
device = "tank/containers";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/home" = {
|
||||
device = "tank/home";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
nix.maxJobs = lib.mkDefault 8;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
|
||||
|
||||
boot.kernelParams = [ "net.ifnames=0" ];
|
||||
networking = {
|
||||
hostId = "2283aaae";
|
||||
defaultGateway = "95.216.1.129";
|
||||
# Use google's public DNS server
|
||||
nameservers = [ "8.8.8.8" ];
|
||||
interfaces.eth0 = {
|
||||
ipAddress = "95.216.1.150";
|
||||
prefixLength = 26;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -16,6 +16,7 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass/2configs/wine.nix>
|
||||
<stockholm/lass/2configs/bitcoin.nix>
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
<stockholm/lass/2configs/blue-host.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.shodan;
|
||||
|
@ -5,42 +5,36 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass>
|
||||
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
#<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||
<stockholm/lass/2configs/blue-host.nix>
|
||||
<stockholm/lass/2configs/power-action.nix>
|
||||
{
|
||||
# discordius config
|
||||
services.xserver.enable = true;
|
||||
services.xserver.desktopManager.xfce.enable = true;
|
||||
|
||||
users.users.discordius = {
|
||||
uid = genid "discordius";
|
||||
home = "/home/discordius";
|
||||
group = "users";
|
||||
createHome = true;
|
||||
uid = genid "diskordius";
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"networkmanager"
|
||||
];
|
||||
useDefaultShell = true;
|
||||
};
|
||||
networking.networkmanager.enable = true;
|
||||
networking.wireless.enable = mkForce false;
|
||||
environment.systemPackages = with pkgs; [
|
||||
google-chrome
|
||||
];
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
pavucontrol
|
||||
firefox
|
||||
hexchat
|
||||
networkmanagerapplet
|
||||
];
|
||||
services.xserver.desktopManager.gnome3 = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.skynet;
|
||||
|
||||
networking.wireless.enable = false;
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
services.logind.extraConfig = ''
|
||||
HandleLidSwitch=ignore
|
||||
'';
|
||||
|
@ -1,10 +1,27 @@
|
||||
{
|
||||
imports = [
|
||||
./config.nix
|
||||
<stockholm/lass/2configs/hw/x220.nix>
|
||||
<stockholm/lass/2configs/boot/stock-x220.nix>
|
||||
<stockholm/krebs/2configs/hw/x220.nix>
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.efiSupport = true;
|
||||
boot.loader.grub.efiInstallAsRemovable = true;
|
||||
boot.loader.grub.device = "nodev";
|
||||
|
||||
networking.hostId = "06442b9a";
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "rpool/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/0876-B308";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0"
|
||||
|
140
lass/1systems/yellow/config.nix
Normal file
140
lass/1systems/yellow/config.nix
Normal file
@ -0,0 +1,140 @@
|
||||
with import <stockholm/lib>;
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.yellow;
|
||||
|
||||
system.activationScripts.downloadFolder = ''
|
||||
mkdir -p /var/download
|
||||
chown download:download /var/download
|
||||
chmod 775 /var/download
|
||||
'';
|
||||
|
||||
users.users.download = { uid = genid "download"; };
|
||||
users.groups.download.members = [ "transmission" ];
|
||||
users.users.transmission.group = mkForce "download";
|
||||
|
||||
systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ];
|
||||
services.transmission = {
|
||||
enable = true;
|
||||
settings = {
|
||||
download-dir = "/var/download/finished";
|
||||
incomplete-dir = "/var/download/incoming";
|
||||
incomplete-dir-enable = true;
|
||||
umask = "002";
|
||||
rpc-whitelist-enabled = false;
|
||||
rpc-host-whitelist-enabled = false;
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."yellow.r".locations."/dl".extraConfig = ''
|
||||
autoindex on;
|
||||
alias /var/download/finished;
|
||||
'';
|
||||
};
|
||||
|
||||
krebs.iptables = {
|
||||
enable = true;
|
||||
tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
|
||||
];
|
||||
};
|
||||
|
||||
services.openvpn.servers.nordvpn.config = ''
|
||||
client
|
||||
dev tun
|
||||
proto udp
|
||||
remote 82.102.16.229 1194
|
||||
resolv-retry infinite
|
||||
remote-random
|
||||
nobind
|
||||
tun-mtu 1500
|
||||
tun-mtu-extra 32
|
||||
mssfix 1450
|
||||
persist-key
|
||||
persist-tun
|
||||
ping 15
|
||||
ping-restart 0
|
||||
ping-timer-rem
|
||||
reneg-sec 0
|
||||
comp-lzo no
|
||||
|
||||
explicit-exit-notify 3
|
||||
|
||||
remote-cert-tls server
|
||||
|
||||
#mute 10000
|
||||
auth-user-pass ${toString <secrets/nordvpn.txt>}
|
||||
|
||||
verb 3
|
||||
pull
|
||||
fast-io
|
||||
cipher AES-256-CBC
|
||||
auth SHA512
|
||||
|
||||
<ca>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
|
||||
VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH
|
||||
Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw
|
||||
bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y
|
||||
ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG
|
||||
A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT
|
||||
B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2
|
||||
cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v
|
||||
cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG
|
||||
UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny
|
||||
mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X
|
||||
+D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT
|
||||
ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI
|
||||
583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA
|
||||
VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT
|
||||
Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh
|
||||
MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ
|
||||
MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy
|
||||
Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW
|
||||
EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG
|
||||
SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ
|
||||
e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW
|
||||
//DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB
|
||||
wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB
|
||||
KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p
|
||||
lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9
|
||||
-----END CERTIFICATE-----
|
||||
</ca>
|
||||
key-direction 1
|
||||
<tls-auth>
|
||||
#
|
||||
# 2048 bit OpenVPN static key
|
||||
#
|
||||
-----BEGIN OpenVPN Static key V1-----
|
||||
49b2f54c6ee58d2d97331681bb577d55
|
||||
054f56d92b743c31e80b684de0388702
|
||||
ad3bf51088cd88f3fac7eb0729f2263c
|
||||
51d82a6eb7e2ed4ae6dfa65b1ac764d0
|
||||
b9dedf1379c1b29b36396d64cb6fd6b2
|
||||
e61f869f9a13001dadc02db171f04c4d
|
||||
c46d1132c1f31709e7b54a6eabae3ea8
|
||||
fbd2681363c185f4cb1be5aa42a27c31
|
||||
21db7b2187fd11c1acf224a0d5a44466
|
||||
b4b5a3cc34ec0227fe40007e8b379654
|
||||
f1e8e2b63c6b46ee7ab6f1bd82f57837
|
||||
92c209e8f25bc9ed493cb5c1d891ae72
|
||||
7f54f4693c5b20f136ca23e639fd8ea0
|
||||
865b4e22dd2af43e13e6b075f12427b2
|
||||
08af9ffd09c56baa694165f57fe2697a
|
||||
3377fa34aebcba587c79941d83deaf45
|
||||
-----END OpenVPN Static key V1-----
|
||||
</tls-auth>
|
||||
'';
|
||||
}
|
8
lass/1systems/yellow/physical.nix
Normal file
8
lass/1systems/yellow/physical.nix
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
imports = [
|
||||
./config.nix
|
||||
];
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
environment.variables.NIX_REMOTE = "daemon";
|
||||
}
|
@ -126,6 +126,12 @@ in {
|
||||
restartIfChanged = false;
|
||||
};
|
||||
|
||||
nixpkgs.config.packageOverrides = super: {
|
||||
dmenu = pkgs.writeDashBin "dmenu" ''
|
||||
${pkgs.fzfmenu}/bin/fzfmenu "$@"
|
||||
'';
|
||||
};
|
||||
|
||||
krebs.xresources.enable = true;
|
||||
lass.screenlock.enable = true;
|
||||
}
|
||||
|
@ -25,6 +25,14 @@
|
||||
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
||||
'';
|
||||
};
|
||||
virtualHosts."cache.krebsco.de" = {
|
||||
forceSSL = true;
|
||||
serverAliases = [ "cache.lassul.us" ];
|
||||
enableACME = true;
|
||||
locations."/".extraConfig = ''
|
||||
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -1,23 +1,115 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
all_hosts = [
|
||||
"icarus"
|
||||
"shodan"
|
||||
"daedalus"
|
||||
"skynet"
|
||||
"prism"
|
||||
];
|
||||
remote_hosts = filter (h: h != config.networking.hostName) all_hosts;
|
||||
|
||||
{
|
||||
in {
|
||||
imports = [
|
||||
<stockholm/lass/2configs/container-networking.nix>
|
||||
{ #hack for already defined
|
||||
systemd.services."container@blue".reloadIfChanged = mkForce false;
|
||||
systemd.services."container@blue".preStart = ''
|
||||
${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
|
||||
'';
|
||||
systemd.services."container@blue".preStop = ''
|
||||
/run/wrappers/bin/fusermount -u /var/lib/containers/blue
|
||||
'';
|
||||
}
|
||||
];
|
||||
systemd.services."container@blue".reloadIfChanged = mkForce false;
|
||||
|
||||
system.activationScripts.containerPermissions = ''
|
||||
mkdir -p /var/lib/containers
|
||||
chmod 711 /var/lib/containers
|
||||
'';
|
||||
|
||||
containers.blue = {
|
||||
config = { ... }: {
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
environment.systemPackages = [
|
||||
pkgs.git
|
||||
pkgs.rxvt_unicode.terminfo
|
||||
];
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = true;
|
||||
autoStart = false;
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.9";
|
||||
localAddress = "10.233.2.10";
|
||||
};
|
||||
|
||||
|
||||
systemd.services = builtins.listToAttrs (map (host:
|
||||
let
|
||||
in nameValuePair "sync-blue-${host}" {
|
||||
bindsTo = [ "container@blue.service" ];
|
||||
wantedBy = [ "container@blue.service" ];
|
||||
# ssh needed for rsync
|
||||
path = [ pkgs.openssh ];
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
RestartSec = 10;
|
||||
ExecStart = pkgs.writeDash "sync-blue-${host}" ''
|
||||
set -efu
|
||||
#make sure blue is running
|
||||
/run/wrappers/bin/ping -c1 blue.r > /dev/null
|
||||
|
||||
#make sure the container is unlocked
|
||||
${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue'
|
||||
|
||||
#make sure our target is reachable
|
||||
${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null
|
||||
|
||||
#start sync
|
||||
${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" ''
|
||||
settings {
|
||||
nodaemon = true,
|
||||
inotifyMode = "CloseWrite or Modify",
|
||||
}
|
||||
sync {
|
||||
default.rsyncssh,
|
||||
source = "/var/lib/containers/.blue",
|
||||
host = "${host}.r",
|
||||
targetdir = "/var/lib/containers/.blue",
|
||||
rsync = {
|
||||
archive = true,
|
||||
owner = true,
|
||||
group = true,
|
||||
};
|
||||
ssh = {
|
||||
binary = "${pkgs.openssh}/bin/ssh";
|
||||
identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa",
|
||||
},
|
||||
}
|
||||
''}
|
||||
'';
|
||||
};
|
||||
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
|
||||
}
|
||||
) remote_hosts);
|
||||
|
||||
environment.systemPackages = [
|
||||
(pkgs.writeDashBin "start-blue" ''
|
||||
set -ef
|
||||
if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then
|
||||
${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue
|
||||
fi
|
||||
nixos-container start blue
|
||||
nixos-container run blue -- nixos-rebuild -I /var/src dry-build
|
||||
if ping -c1 blue.r >/dev/null; then
|
||||
echo 'blue is already running. bailing out'
|
||||
exit 23
|
||||
fi
|
||||
nixos-container run blue -- nixos-rebuild -I /var/src switch
|
||||
'')
|
||||
];
|
||||
}
|
||||
|
@ -15,6 +15,7 @@ with (import <stockholm/lib>);
|
||||
dic
|
||||
nmap
|
||||
git-preview
|
||||
l-gen-secrets
|
||||
];
|
||||
|
||||
services.tor.enable = true;
|
||||
|
@ -19,5 +19,9 @@ with import <stockholm/lib>;
|
||||
"slash16.net"
|
||||
];
|
||||
};
|
||||
|
||||
system.activationScripts.user-shadow = ''
|
||||
${pkgs.coreutils}/bin/chmod +x /home/ciko
|
||||
'';
|
||||
}
|
||||
|
||||
|
@ -1,65 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
users.extraUsers = {
|
||||
download = {
|
||||
name = "download";
|
||||
home = "/var/download";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
extraGroups = [
|
||||
"download"
|
||||
];
|
||||
openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||
lass.pubkey
|
||||
lass-shodan.pubkey
|
||||
lass-icarus.pubkey
|
||||
lass-daedalus.pubkey
|
||||
lass-helios.pubkey
|
||||
makefu.pubkey
|
||||
wine-mors.pubkey
|
||||
];
|
||||
};
|
||||
|
||||
transmission = {
|
||||
extraGroups = [
|
||||
"download"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
users.extraGroups = {
|
||||
download = {
|
||||
members = [
|
||||
"download"
|
||||
"transmission"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
krebs.rtorrent = {
|
||||
enable = true;
|
||||
web = {
|
||||
enable = true;
|
||||
port = 9091;
|
||||
basicAuth = import <secrets/torrent-auth>;
|
||||
};
|
||||
rutorrent.enable = true;
|
||||
enableXMLRPC = true;
|
||||
listenPort = 51413;
|
||||
downloadDir = "/var/download/finished";
|
||||
# dump old torrents into watch folder to have them re-added
|
||||
watchDir = "/var/download/watch";
|
||||
};
|
||||
|
||||
krebs.iptables = {
|
||||
enable = true;
|
||||
tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
|
||||
];
|
||||
};
|
||||
}
|
@ -90,6 +90,10 @@ with import <stockholm/lib>;
|
||||
{ from = "afra@lassul.us"; to = lass.mail; }
|
||||
{ from = "ksp@lassul.us"; to = lass.mail; }
|
||||
{ from = "ccc@lassul.us"; to = lass.mail; }
|
||||
{ from = "neocron@lassul.us"; to = lass.mail; }
|
||||
{ from = "osmocom@lassul.us"; to = lass.mail; }
|
||||
{ from = "lesswrong@lassul.us"; to = lass.mail; }
|
||||
{ from = "nordvpn@lassul.us"; to = lass.mail; }
|
||||
];
|
||||
system-aliases = [
|
||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||
|
@ -6,8 +6,7 @@ in {
|
||||
krebs.fetchWallpaper = {
|
||||
enable = true;
|
||||
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
|
||||
url = "prism/realwallpaper-sat-krebs.png";
|
||||
maxTime = 10;
|
||||
url = "prism/realwallpaper-krebs.png";
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -75,6 +75,8 @@ in {
|
||||
packages = with pkgs; [
|
||||
ftb
|
||||
minecraft
|
||||
steam-run
|
||||
dolphinEmu
|
||||
];
|
||||
};
|
||||
};
|
||||
|
@ -21,6 +21,10 @@ let
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
|
||||
];
|
||||
|
||||
system.activationScripts.spool-chmod = ''
|
||||
${pkgs.coreutils}/bin/chmod +x /var/spool
|
||||
'';
|
||||
};
|
||||
|
||||
cgit-clear-cache = pkgs.cgit-clear-cache.override {
|
||||
|
@ -31,6 +31,7 @@ let
|
||||
'';
|
||||
|
||||
mailboxes = {
|
||||
afra = [ "to:afra@afra-berlin.de" ];
|
||||
c-base = [ "to:c-base.org" ];
|
||||
coins = [
|
||||
"to:btce@lassul.us"
|
||||
@ -46,12 +47,15 @@ let
|
||||
];
|
||||
dezentrale = [ "to:dezentrale.space" ];
|
||||
dhl = [ "to:dhl@lassul.us" ];
|
||||
dn42 = [ "to:dn42@lists.nox.tf" ];
|
||||
eloop = [ "to:eloop.org" ];
|
||||
github = [ "to:github@lassul.us" ];
|
||||
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
|
||||
india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ];
|
||||
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
|
||||
lugs = [ "to:lugs@lug-s.org" ];
|
||||
nix-devel = [ "to:nix-devel@googlegroups.com" ];
|
||||
meetup = [ "to:meetup@lassul.us" ];
|
||||
nix = [ "to:nix-devel@googlegroups.com" "to:nix@lassul.us" ];
|
||||
patreon = [ "to:patreon@lassul.us" ];
|
||||
paypal = [ "to:paypal@lassul.us" ];
|
||||
ptl = [ "to:ptl@posttenebraslab.ch" ];
|
||||
@ -170,6 +174,16 @@ let
|
||||
macro pager a "<modify-labels>-archive\n" # tag as Archived
|
||||
|
||||
|
||||
bind index U noop
|
||||
bind index u noop
|
||||
bind pager U noop
|
||||
bind pager u noop
|
||||
macro index U "<modify-labels>+unread\n"
|
||||
macro index u "<modify-labels>-unread\n"
|
||||
macro pager U "<modify-labels>+unread\n"
|
||||
macro pager u "<modify-labels>-unread\n"
|
||||
|
||||
|
||||
bind index t noop
|
||||
bind pager t noop
|
||||
macro index t "<modify-labels>" # tag as Archived
|
||||
|
@ -177,7 +177,8 @@
|
||||
addr = "0.0.0.0";
|
||||
domain = "grafana.example.com";
|
||||
rootUrl = "https://grafana.example.com/";
|
||||
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
|
||||
auth.anonymous.enable = true;
|
||||
auth.anonymous.org_role = "Admin";
|
||||
};
|
||||
};
|
||||
services.logstash = {
|
||||
|
@ -60,10 +60,25 @@ in {
|
||||
group = "radio";
|
||||
musicDirectory = "/home/radio/the_playlist/music";
|
||||
extraConfig = ''
|
||||
audio_output {
|
||||
type "shout"
|
||||
encoding "lame"
|
||||
name "the_playlist_mp3"
|
||||
host "localhost"
|
||||
port "8000"
|
||||
mount "/radio.mp3"
|
||||
password "${source-password}"
|
||||
bitrate "128"
|
||||
|
||||
format "44100:16:2"
|
||||
|
||||
user "source"
|
||||
genre "good music"
|
||||
}
|
||||
audio_output {
|
||||
type "shout"
|
||||
encoding "ogg"
|
||||
name "the_playlist"
|
||||
name "the_playlist_ogg"
|
||||
host "localhost"
|
||||
port "8000"
|
||||
mount "/radio.ogg"
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, lib, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
hostname = config.krebs.build.host.name;
|
||||
@ -9,6 +9,9 @@ let
|
||||
in {
|
||||
krebs.realwallpaper.enable = true;
|
||||
|
||||
system.activationScripts.user-shadow = ''
|
||||
${pkgs.coreutils}/bin/chmod +x /var/realwallpaper
|
||||
'';
|
||||
services.nginx.virtualHosts.wallpaper = {
|
||||
extraConfig = ''
|
||||
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
|
||||
@ -22,10 +25,7 @@ in {
|
||||
locations."/realwallpaper.png".extraConfig = ''
|
||||
root /var/realwallpaper/;
|
||||
'';
|
||||
locations."/realwallpaper-sat.png".extraConfig = ''
|
||||
root /var/realwallpaper/;
|
||||
'';
|
||||
locations."/realwallpaper-sat-krebs.png".extraConfig = ''
|
||||
locations."/realwallpaper-krebs.png".extraConfig = ''
|
||||
root /var/realwallpaper/;
|
||||
'';
|
||||
};
|
||||
|
@ -139,6 +139,13 @@ in {
|
||||
ssl_key = "/var/lib/acme/lassul.us/key.pem";
|
||||
};
|
||||
|
||||
users.users.xanf = {
|
||||
uid = genid_uint31 "xanf";
|
||||
home = "/home/xanf";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
users.users.domsen = {
|
||||
uid = genid_uint31 "domsen";
|
||||
description = "maintenance acc for domsen";
|
||||
|
@ -1,70 +0,0 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
inherit (import <stockholm/lib>)
|
||||
genid
|
||||
head
|
||||
;
|
||||
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
|
||||
servePage
|
||||
serveWordpress
|
||||
;
|
||||
|
||||
msmtprc = pkgs.writeText "msmtprc" ''
|
||||
account default
|
||||
host localhost
|
||||
'';
|
||||
|
||||
sendmail = pkgs.writeDash "msmtp" ''
|
||||
exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@"
|
||||
'';
|
||||
|
||||
in {
|
||||
|
||||
services.nginx.enable = true;
|
||||
|
||||
imports = [
|
||||
./default.nix
|
||||
./sqlBackup.nix
|
||||
|
||||
(serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ])
|
||||
|
||||
(serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ])
|
||||
|
||||
(serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ])
|
||||
|
||||
(servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ])
|
||||
|
||||
(serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ])
|
||||
|
||||
(serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ])
|
||||
|
||||
(serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ])
|
||||
];
|
||||
|
||||
lass.mysqlBackup.config.all.databases = [
|
||||
"eastuttgart_de"
|
||||
"radical_dreamers_de"
|
||||
"spielwaren_kern_de"
|
||||
"ttf_kleinaspach_de"
|
||||
];
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.fritz.pubkey
|
||||
];
|
||||
|
||||
users.users.goldbarrendiebstahl = {
|
||||
home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de";
|
||||
uid = genid "goldbarrendiebstahl";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.fritz.pubkey
|
||||
];
|
||||
};
|
||||
|
||||
services.phpfpm.phpOptions = ''
|
||||
sendmail_path = ${sendmail} -t
|
||||
'';
|
||||
}
|
@ -66,22 +66,6 @@ in {
|
||||
locations."/tinc".extraConfig = ''
|
||||
alias ${config.krebs.tinc_graphs.workingDir}/external;
|
||||
'';
|
||||
locations."/urlaubyay2018".extraConfig = ''
|
||||
autoindex on;
|
||||
alias /srv/http/lassul.us-media/india2018;
|
||||
auth_basic "Restricted Content";
|
||||
auth_basic_user_file ${pkgs.writeText "pics-user-pass" ''
|
||||
paolo:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0
|
||||
''};
|
||||
'';
|
||||
locations."/heilstadt".extraConfig = ''
|
||||
autoindex on;
|
||||
alias /srv/http/lassul.us-media/grabowsee2018;
|
||||
auth_basic "Restricted Content";
|
||||
auth_basic_user_file ${pkgs.writeText "pics-user-pass" ''
|
||||
c-base:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0
|
||||
''};
|
||||
'';
|
||||
locations."/krebspage".extraConfig = ''
|
||||
default_type "text/html";
|
||||
alias ${pkgs.krebspage}/index.html;
|
||||
|
@ -11,7 +11,6 @@
|
||||
enable = true;
|
||||
dataDir = "/var/mysql";
|
||||
package = pkgs.mariadb;
|
||||
rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
|
||||
};
|
||||
|
||||
systemd.services.mysql = {
|
||||
|
@ -87,7 +87,6 @@ in /* yaml */ ''
|
||||
mod_configure: {}
|
||||
mod_disco: {}
|
||||
mod_echo: {}
|
||||
mod_irc: {}
|
||||
mod_bosh: {}
|
||||
mod_last: {}
|
||||
mod_offline:
|
||||
@ -96,9 +95,9 @@ in /* yaml */ ''
|
||||
mod_privacy: {}
|
||||
mod_private: {}
|
||||
mod_register:
|
||||
access_from: deny
|
||||
access_from: allow
|
||||
access: register
|
||||
ip_access: trusted_network
|
||||
# ip_access: trusted_network
|
||||
registration_watchers: ${toJSON config.registration_watchers}
|
||||
mod_roster: {}
|
||||
mod_shared_roster: {}
|
||||
|
@ -25,6 +25,8 @@ import Control.Monad.Extra (whenJustM)
|
||||
import Data.List (isInfixOf)
|
||||
import Data.Monoid (Endo)
|
||||
import System.Environment (getArgs, lookupEnv)
|
||||
import System.Exit (exitFailure)
|
||||
import System.IO (hPutStrLn, stderr)
|
||||
import System.Posix.Process (executeFile)
|
||||
import XMonad.Actions.CopyWindow (copy, kill1)
|
||||
import XMonad.Actions.CycleWS (toggleWS)
|
||||
@ -36,7 +38,7 @@ import XMonad.Hooks.EwmhDesktops (ewmh)
|
||||
import XMonad.Hooks.FloatNext (floatNext)
|
||||
import XMonad.Hooks.FloatNext (floatNextHook)
|
||||
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
|
||||
import XMonad.Hooks.Place (placeHook, smart)
|
||||
import XMonad.Hooks.ManageHelpers (composeOne, doCenterFloat, (-?>))
|
||||
import XMonad.Hooks.UrgencyHook (focusUrgent)
|
||||
import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
|
||||
import XMonad.Layout.FixedColumn (FixedColumn(..))
|
||||
@ -49,7 +51,7 @@ import XMonad.Util.EZConfig (additionalKeysP)
|
||||
import XMonad.Util.NamedWindows (getName)
|
||||
import XMonad.Util.Run (safeSpawn)
|
||||
|
||||
import XMonad.Stockholm.Shutdown (handleShutdownEvent, sendShutdownEvent)
|
||||
import XMonad.Stockholm.Shutdown (newShutdownEventHandler, shutdown)
|
||||
import XMonad.Stockholm.Pager (defaultWindowColors, pager, MatchMethod(MatchPrefix), PagerConfig(..))
|
||||
|
||||
data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show)
|
||||
@ -69,18 +71,20 @@ myFont = "-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"
|
||||
|
||||
main :: IO ()
|
||||
main = getArgs >>= \case
|
||||
["--shutdown"] -> sendShutdownEvent
|
||||
_ -> main'
|
||||
[] -> main'
|
||||
["--shutdown"] -> shutdown
|
||||
args -> hPutStrLn stderr ("bad arguments: " <> show args) >> exitFailure
|
||||
|
||||
main' :: IO ()
|
||||
main' = do
|
||||
handleShutdownEvent <- newShutdownEventHandler
|
||||
xmonad $ ewmh
|
||||
$ withUrgencyHook LibNotifyUrgencyHook
|
||||
$ def
|
||||
{ terminal = myTerm
|
||||
, modMask = mod4Mask
|
||||
, layoutHook = smartBorders $ myLayoutHook
|
||||
, manageHook = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks
|
||||
, manageHook = floatHooks <+> floatNextHook
|
||||
, startupHook =
|
||||
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
|
||||
(\path -> forkFile path [] Nothing)
|
||||
@ -95,13 +99,12 @@ myLayoutHook = defLayout
|
||||
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat)
|
||||
|
||||
floatHooks :: Query (Endo WindowSet)
|
||||
floatHooks = composeAll . concat $
|
||||
[ [ title =? t --> doFloat | t <- myTitleFloats]
|
||||
, [ className =? c --> doFloat | c <- myClassFloats ] ]
|
||||
where
|
||||
myTitleFloats = []
|
||||
myClassFloats = ["Pinentry"] -- for gpg passphrase entry
|
||||
|
||||
floatHooks = composeOne
|
||||
[ className =? "Pinentry" -?> doCenterFloat
|
||||
, title =? "fzfmenu" -?> doCenterFloat
|
||||
, title =? "glxgears" -?> doCenterFloat
|
||||
, resource =? "Dialog" -?> doFloat
|
||||
]
|
||||
|
||||
myKeyMap :: [([Char], X ())]
|
||||
myKeyMap =
|
||||
@ -110,6 +113,7 @@ myKeyMap =
|
||||
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
|
||||
, ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type")
|
||||
, ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type")
|
||||
, ("M4-z", spawn "${pkgs.emot-menu}/bin/emoticons")
|
||||
|
||||
, ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle")
|
||||
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
|
||||
@ -159,6 +163,9 @@ myKeyMap =
|
||||
, ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
|
||||
, ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
|
||||
|
||||
, ("M4-<F9>", spawn "${pkgs.redshift}/bin/redshift -O 4000 -g 0.9:0.8:0.8")
|
||||
, ("M4-<F10>", spawn "${pkgs.redshift}/bin/redshift -x")
|
||||
|
||||
, ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
|
||||
|
||||
, ("M4-s", spawn "${pkgs.knav}/bin/knav")
|
||||
|
31
lass/5pkgs/emot-menu/default.nix
Normal file
31
lass/5pkgs/emot-menu/default.nix
Normal file
@ -0,0 +1,31 @@
|
||||
{ coreutils, dmenu, gnused, writeDashBin, writeText, xdotool }: let
|
||||
|
||||
emoticons = writeText "emoticons" ''
|
||||
¯\(°_o)/¯ | dunno lol shrug dlol
|
||||
¯\_(ツ)_/¯ | dunno lol shrug dlol
|
||||
( ͡° ͜ʖ ͡°) | lenny
|
||||
¯\_( ͡° ͜ʖ ͡°)_/¯ | lenny shrug dlol
|
||||
( ゚д゚) | aaah sad noo
|
||||
ヽ(^o^)丿 | hi yay hello
|
||||
(^o^; | ups hehe
|
||||
(^∇^) | yay
|
||||
┗(`皿´)┛ | angry argh
|
||||
ヾ(^_^) byebye!! | bye
|
||||
<(^.^<) <(^.^)> (>^.^)> (7^.^)7 (>^.^<) | dance
|
||||
(-.-)Zzz... | sleep
|
||||
(∩╹□╹∩) | oh noes woot
|
||||
™ | tm
|
||||
ζ | zeta
|
||||
(╯°□°)╯ ┻━┻ | table flip
|
||||
(」゜ロ゜)」 | why woot
|
||||
'';
|
||||
|
||||
in
|
||||
writeDashBin "emoticons" ''
|
||||
set -efu
|
||||
|
||||
data=$(${coreutils}/bin/cat ${emoticons})
|
||||
emoticon=$(echo "$data" | ${dmenu}/bin/dmenu | ${gnused}/bin/sed 's/ | .*//')
|
||||
${xdotool}/bin/xdotool type -- "$emoticon"
|
||||
exit 0
|
||||
''
|
45
lass/5pkgs/fzfmenu/default.nix
Normal file
45
lass/5pkgs/fzfmenu/default.nix
Normal file
@ -0,0 +1,45 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
pkgs.writeDashBin "fzfmenu" ''
|
||||
set -efu
|
||||
PROMPT=">"
|
||||
for i in "$@"
|
||||
do
|
||||
case $i in
|
||||
-p)
|
||||
PROMPT="$2"
|
||||
shift
|
||||
shift
|
||||
break
|
||||
;;
|
||||
-l)
|
||||
# no reason to filter number of lines
|
||||
LINES="$2"
|
||||
shift
|
||||
shift
|
||||
break
|
||||
;;
|
||||
-i)
|
||||
# we do this anyway
|
||||
shift
|
||||
break
|
||||
;;
|
||||
*)
|
||||
echo "Unknown option $1" >&2
|
||||
shift
|
||||
;;
|
||||
esac
|
||||
done
|
||||
INPUT=$(${pkgs.coreutils}/bin/cat)
|
||||
OUTPUT="$(${pkgs.coreutils}/bin/mktemp)"
|
||||
${pkgs.rxvt_unicode}/bin/urxvt \
|
||||
-name fzfmenu -title fzfmenu \
|
||||
-e ${pkgs.dash}/bin/dash -c \
|
||||
"echo \"$INPUT\" | ${pkgs.fzf}/bin/fzf \
|
||||
--history=/dev/null \
|
||||
--no-sort \
|
||||
--prompt=\"$PROMPT\" \
|
||||
> \"$OUTPUT\"" 2>/dev/null
|
||||
${pkgs.coreutils}/bin/cat "$OUTPUT"
|
||||
${pkgs.coreutils}/bin/rm "$OUTPUT"
|
||||
''
|
@ -5,8 +5,14 @@
|
||||
pkgs
|
||||
;
|
||||
|
||||
host-source = if lib.pathExists (./. + "/1systems/${name}/source.nix") then
|
||||
import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs; }
|
||||
else
|
||||
{}
|
||||
;
|
||||
|
||||
source = { test }: lib.evalSource [
|
||||
krebs-source
|
||||
(krebs-source { test = test; })
|
||||
{
|
||||
nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
|
||||
secrets = if test then {
|
||||
@ -18,15 +24,24 @@
|
||||
};
|
||||
};
|
||||
}
|
||||
host-source
|
||||
];
|
||||
|
||||
in {
|
||||
|
||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
|
||||
deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
|
||||
source = source { test = false; };
|
||||
inherit target;
|
||||
};
|
||||
|
||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate)
|
||||
populate = { target, force ? false }: pkgs.populate {
|
||||
inherit force;
|
||||
source = source { test = false; };
|
||||
target = lib.mkTarget target;
|
||||
};
|
||||
|
||||
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
|
||||
test = { target }: pkgs.krops.writeTest "${name}-test" {
|
||||
force = true;
|
||||
|
@ -5,6 +5,7 @@ let
|
||||
evalSource = import ./eval-source.nix;
|
||||
|
||||
git = import ./git.nix { inherit lib; };
|
||||
krops = import ../submodules/krops/lib;
|
||||
shell = import ./shell.nix { inherit lib; };
|
||||
types = nixpkgs-lib.types // import ./types.nix { inherit lib; };
|
||||
|
||||
@ -12,8 +13,9 @@ let
|
||||
ne = x: y: x != y;
|
||||
mod = x: y: x - y * (x / y);
|
||||
|
||||
genid = import ./genid.nix { inherit lib; };
|
||||
genid_uint31 = x: ((lib.genid x) + 16777216) / 2;
|
||||
genid = lib.genid_uint32; # TODO remove
|
||||
genid_uint31 = x: ((lib.genid_uint32 x) + 16777216) / 2;
|
||||
genid_uint32 = import ./genid.nix { inherit lib; };
|
||||
|
||||
lpad = n: c: s:
|
||||
if lib.stringLength s < n
|
||||
@ -44,6 +46,23 @@ let
|
||||
|
||||
indent = replaceChars ["\n"] ["\n "];
|
||||
|
||||
mapNixDir = f: x: {
|
||||
list = foldl' mergeAttrs {} (map (mapNixDir1 f) x);
|
||||
path = mapNixDir1 f x;
|
||||
}.${typeOf x};
|
||||
|
||||
mapNixDir1 = f: dirPath:
|
||||
listToAttrs
|
||||
(map
|
||||
(relPath: let
|
||||
name = removeSuffix ".nix" relPath;
|
||||
path = dirPath + "/${relPath}";
|
||||
in
|
||||
nameValuePair name (f path))
|
||||
(filter
|
||||
(name: name != "default.nix" && !hasPrefix "." name)
|
||||
(attrNames (readDir dirPath))));
|
||||
|
||||
# https://tools.ietf.org/html/rfc5952
|
||||
normalize-ip6-addr =
|
||||
let
|
||||
|
@ -3,7 +3,7 @@
|
||||
let
|
||||
inherit (lib)
|
||||
all any attrNames concatMapStringsSep concatStringsSep const filter flip
|
||||
genid hasSuffix head isInt isString length mergeOneOption mkOption
|
||||
genid_uint31 hasSuffix head isInt isString length mergeOneOption mkOption
|
||||
mkOptionType optional optionalAttrs optionals range splitString
|
||||
stringLength substring test testString typeOf;
|
||||
inherit (lib.types)
|
||||
@ -365,7 +365,7 @@ rec {
|
||||
};
|
||||
uid = mkOption {
|
||||
type = int;
|
||||
default = genid config.name;
|
||||
default = genid_uint31 config.name;
|
||||
};
|
||||
};
|
||||
});
|
||||
@ -377,7 +377,7 @@ rec {
|
||||
};
|
||||
gid = mkOption {
|
||||
type = int;
|
||||
default = genid config.name;
|
||||
default = genid_uint31 config.name;
|
||||
};
|
||||
};
|
||||
});
|
||||
|
0
makefu/0tests/data/secrets/hass/darksky.apikey
Normal file
0
makefu/0tests/data/secrets/hass/darksky.apikey
Normal file
@ -8,16 +8,21 @@ in {
|
||||
imports = [
|
||||
<stockholm/makefu>
|
||||
./hardware-config.nix
|
||||
{
|
||||
users.users.lass = {
|
||||
uid = 9002;
|
||||
isNormalUser = true;
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||
lass.pubkey
|
||||
makefu.pubkey
|
||||
];
|
||||
};
|
||||
}
|
||||
<stockholm/makefu/2configs/headless.nix>
|
||||
# <stockholm/makefu/2configs/smart-monitor.nix>
|
||||
|
||||
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
|
||||
<stockholm/makefu/2configs/backup.nix>
|
||||
# <stockholm/makefu/2configs/mattermost-docker.nix>
|
||||
# <stockholm/makefu/2configs/disable_v6.nix>
|
||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
|
||||
# Security
|
||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||
|
||||
@ -26,83 +31,90 @@ in {
|
||||
<stockholm/makefu/2configs/tools/dev.nix>
|
||||
<stockholm/makefu/2configs/tools/sec.nix>
|
||||
<stockholm/makefu/2configs/zsh-user.nix>
|
||||
<stockholm/makefu/2configs/mosh.nix>
|
||||
# <stockholm/makefu/2configs/gui/xpra.nix>
|
||||
|
||||
# networking
|
||||
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
|
||||
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
|
||||
#<stockholm/makefu/2configs/dnscrypt/server.nix>
|
||||
<stockholm/makefu/2configs/iodined.nix>
|
||||
# <stockholm/makefu/2configs/backup.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
|
||||
# ci
|
||||
# <stockholm/makefu/2configs/exim-retiolum.nix>
|
||||
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
|
||||
<stockholm/makefu/2configs/shack/gitlab-runner>
|
||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
||||
<stockholm/makefu/2configs/taskd.nix>
|
||||
|
||||
# services
|
||||
<stockholm/makefu/2configs/share/gum.nix>
|
||||
# <stockholm/makefu/2configs/sabnzbd.nix>
|
||||
<stockholm/makefu/2configs/torrent.nix>
|
||||
<stockholm/makefu/2configs/mosh.nix>
|
||||
# <stockholm/makefu/2configs/retroshare.nix>
|
||||
<stockholm/makefu/2configs/sabnzbd.nix>
|
||||
<stockholm/makefu/2configs/mail/mail.euer.nix>
|
||||
|
||||
# network
|
||||
# sharing
|
||||
<stockholm/makefu/2configs/share/gum.nix>
|
||||
<stockholm/makefu/2configs/torrent.nix>
|
||||
#<stockholm/makefu/2configs/retroshare.nix>
|
||||
## <stockholm/makefu/2configs/ipfs.nix>
|
||||
#<stockholm/makefu/2configs/syncthing.nix>
|
||||
{ # ncdc
|
||||
environment.systemPackages = [ pkgs.ncdc ];
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [ 51411 ];
|
||||
allowedTCPPorts = [ 51411 ];
|
||||
};
|
||||
}
|
||||
# <stockholm/makefu/2configs/opentracker.nix>
|
||||
|
||||
## network
|
||||
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
|
||||
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
|
||||
<stockholm/makefu/2configs/dnscrypt/server.nix>
|
||||
<stockholm/makefu/2configs/binary-cache/server.nix>
|
||||
<stockholm/makefu/2configs/backup/server.nix>
|
||||
<stockholm/makefu/2configs/iodined.nix>
|
||||
<stockholm/makefu/2configs/bitlbee.nix>
|
||||
<stockholm/makefu/2configs/wireguard/server.nix>
|
||||
|
||||
# buildbot
|
||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
||||
|
||||
## Web
|
||||
<stockholm/makefu/2configs/nginx/share-download.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.test.nix>
|
||||
# Removed until move: no extra mails
|
||||
<stockholm/makefu/2configs/urlwatch>
|
||||
# Removed until move: avoid letsencrypt ban
|
||||
### Web
|
||||
#<stockholm/makefu/2configs/nginx/share-download.nix>
|
||||
#<stockholm/makefu/2configs/nginx/euer.test.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.mon.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
|
||||
<stockholm/makefu/2configs/nginx/euer.blog.nix>
|
||||
# <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
|
||||
<stockholm/makefu/2configs/nginx/public_html.nix>
|
||||
<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
||||
## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
|
||||
#<stockholm/makefu/2configs/nginx/public_html.nix>
|
||||
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
||||
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
|
||||
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
|
||||
<stockholm/makefu/2configs/nginx/iso.euer.nix>
|
||||
<stockholm/makefu/2configs/shack/events-publisher>
|
||||
|
||||
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
|
||||
# <stockholm/makefu/2configs/deployment/graphs.nix>
|
||||
<stockholm/makefu/2configs/deployment/graphs.nix>
|
||||
<stockholm/makefu/2configs/deployment/owncloud.nix>
|
||||
<stockholm/makefu/2configs/deployment/boot-euer.nix>
|
||||
<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
|
||||
|
||||
{
|
||||
services.taskserver.enable = true;
|
||||
services.taskserver.fqdn = config.krebs.build.host.name;
|
||||
services.taskserver.listenHost = "::";
|
||||
services.taskserver.organisations.home.users = [ "makefu" ];
|
||||
networking.firewall.extraCommands = ''
|
||||
iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
|
||||
ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
|
||||
'';
|
||||
}
|
||||
# <stockholm/makefu/2configs/ipfs.nix>
|
||||
<stockholm/makefu/2configs/syncthing.nix>
|
||||
|
||||
# <stockholm/makefu/2configs/opentracker.nix>
|
||||
<stockholm/makefu/2configs/dcpp/hub.nix>
|
||||
<stockholm/makefu/2configs/dcpp/client.nix>
|
||||
|
||||
<stockholm/makefu/2configs/stats/client.nix>
|
||||
# <stockholm/makefu/2configs/logging/client.nix>
|
||||
|
||||
# Temporary:
|
||||
# sharing
|
||||
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
||||
<stockholm/makefu/2configs/dcpp/hub.nix>
|
||||
|
||||
## Temporary:
|
||||
# <stockholm/makefu/2configs/temp/rst-issue.nix>
|
||||
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
||||
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
||||
|
||||
#{
|
||||
# services.dockerRegistry.enable = true;
|
||||
# networking.firewall.allowedTCPPorts = [ 8443 ];
|
||||
|
||||
# services.nginx.virtualHosts."euer.krebsco.de" = {
|
||||
# forceSSL = true;
|
||||
# enableACME = true;
|
||||
# extraConfig = ''
|
||||
# client_max_body_size 1000M;
|
||||
# '';
|
||||
# locations."/".proxyPass = "http://localhost:5000";
|
||||
# };
|
||||
#}
|
||||
<stockholm/makefu/2configs/wireguard/server.nix>
|
||||
{ # iperf3
|
||||
networking.firewall.allowedUDPPorts = [ 5201 ];
|
||||
networking.firewall.allowedTCPPorts = [ 5201 ];
|
||||
}
|
||||
|
||||
# krebs infrastructure services
|
||||
<stockholm/makefu/2configs/stats/server.nix>
|
||||
];
|
||||
makefu.dl-dir = "/var/download";
|
||||
|
||||
@ -120,9 +132,7 @@ in {
|
||||
ListenAddress = ${external-ip} 21031
|
||||
'';
|
||||
connectTo = [
|
||||
"muhbaasu" "tahoe" "flap" "wry"
|
||||
"ni"
|
||||
"fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
|
||||
"prism" "ni" "enklave" "dishfire" "echelon" "hotdog"
|
||||
];
|
||||
};
|
||||
|
||||
@ -137,10 +147,11 @@ in {
|
||||
environment.systemPackages = with pkgs;[
|
||||
weechat
|
||||
bepasty-client-cli
|
||||
get
|
||||
tmux
|
||||
];
|
||||
|
||||
# Hardware
|
||||
|
||||
# Network
|
||||
networking = {
|
||||
firewall = {
|
||||
@ -179,4 +190,5 @@ in {
|
||||
};
|
||||
users.users.makefu.extraGroups = [ "download" "nginx" ];
|
||||
boot.tmpOnTmpfs = true;
|
||||
state = [ "/home/makefu/.weechat" ];
|
||||
}
|
||||
|
@ -1,26 +1,24 @@
|
||||
{ config, ... }:
|
||||
let
|
||||
external-mac = "2a:c5:6e:d2:fc:7f";
|
||||
main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
|
||||
external-gw = "185.194.140.1";
|
||||
external-mac = "50:46:5d:9f:63:6b";
|
||||
main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
|
||||
sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
|
||||
external-gw = "144.76.26.225";
|
||||
# single partition, label "nixos"
|
||||
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
|
||||
|
||||
|
||||
# static
|
||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
external-ip6 = config.krebs.build.host.nets.internet.ip6.addr;
|
||||
external-ip = "144.76.26.247";
|
||||
external-ip6 = "2a01:4f8:191:12f6::2";
|
||||
external-gw6 = "fe80::1";
|
||||
external-netmask = 22;
|
||||
external-netmask = 27;
|
||||
external-netmask6 = 64;
|
||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
ext-if = "et0"; # gets renamed on the fly
|
||||
in {
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
||||
];
|
||||
|
||||
makefu.server.primary-itf = ext-if;
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
|
||||
@ -40,7 +38,62 @@ in {
|
||||
defaultGateway = external-gw;
|
||||
};
|
||||
boot.kernelParams = [ ];
|
||||
boot.loader.grub.device = main-disk;
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.devices = [ main-disk ];
|
||||
boot.initrd.kernelModules = [ "dm-raid" ];
|
||||
boot.initrd.availableKernelModules = [
|
||||
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
|
||||
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
|
||||
];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
fileSystems."/" = {
|
||||
device = "/dev/mapper/nixos-root";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/lib" = {
|
||||
device = "/dev/mapper/nixos-lib";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/download" = {
|
||||
device = "/dev/mapper/nixos-download";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/lib/borgbackup" = {
|
||||
device = "/dev/mapper/nixos-backup";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/sda2";
|
||||
fsType = "vfat";
|
||||
};
|
||||
# parted -s -a optimal "$disk" \
|
||||
# mklabel gpt \
|
||||
# mkpart no-fs 0 1024KiB \
|
||||
# set 1 bios_grub on \
|
||||
# mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
|
||||
# mkpart primary 1025MiB 100%
|
||||
# parted -s -a optimal "/dev/sdb" \
|
||||
# mklabel gpt \
|
||||
# mkpart primary 1M 100%
|
||||
|
||||
#mkfs.vfat /dev/sda2
|
||||
#pvcreate /dev/sda3
|
||||
#pvcreate /dev/sdb1
|
||||
#vgcreate nixos /dev/sda3 /dev/sdb1
|
||||
#lvcreate -L 120G -m 1 -n root nixos
|
||||
#lvcreate -L 50G -m 1 -n lib nixos
|
||||
#lvcreate -L 100G -n download nixos
|
||||
#lvcreate -L 100G -n backup nixos
|
||||
#mkfs.ext4 /dev/mapper/nixos-root
|
||||
#mkfs.ext4 /dev/mapper/nixos-lib
|
||||
#mkfs.ext4 /dev/mapper/nixos-download
|
||||
#mkfs.ext4 /dev/mapper/nixos-borgbackup
|
||||
#mount /dev/mapper/nixos-root /mnt
|
||||
#mkdir /mnt/boot
|
||||
#mount /dev/sda2 /mnt/boot
|
||||
#mkdir -p /mnt/var/src
|
||||
#touch /mnt/var/src/.populate
|
||||
|
||||
}
|
||||
|
11
makefu/1systems/gum/rescue.txt
Normal file
11
makefu/1systems/gum/rescue.txt
Normal file
@ -0,0 +1,11 @@
|
||||
mount /dev/mapper/nixos-root /mnt
|
||||
mount /dev/sda2 /mnt/boot
|
||||
|
||||
chroot-prepare /mnt
|
||||
chroot /mnt /bin/sh
|
||||
|
||||
journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub)
|
||||
|
||||
export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin
|
||||
/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate
|
||||
/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin/nixos-rebuild
|
@ -1,5 +1,5 @@
|
||||
{
|
||||
name="gum";
|
||||
name="nextgum";
|
||||
torrent = true;
|
||||
clever_kexec = true;
|
||||
}
|
||||
|
@ -1,253 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
ext-if = config.makefu.server.primary-itf;
|
||||
in {
|
||||
imports = [
|
||||
<stockholm/makefu>
|
||||
./hardware-config.nix
|
||||
./transfer-config.nix
|
||||
<stockholm/makefu/2configs/headless.nix>
|
||||
# <stockholm/makefu/2configs/smart-monitor.nix>
|
||||
|
||||
# Security
|
||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||
|
||||
# Tools
|
||||
<stockholm/makefu/2configs/tools/core.nix>
|
||||
<stockholm/makefu/2configs/tools/dev.nix>
|
||||
<stockholm/makefu/2configs/tools/sec.nix>
|
||||
<stockholm/makefu/2configs/zsh-user.nix>
|
||||
<stockholm/makefu/2configs/mosh.nix>
|
||||
<stockholm/makefu/2configs/gui/xpra.nix>
|
||||
|
||||
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
|
||||
<stockholm/makefu/2configs/backup.nix>
|
||||
# <stockholm/makefu/2configs/exim-retiolum.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
|
||||
# services
|
||||
<stockholm/makefu/2configs/sabnzbd.nix>
|
||||
<stockholm/makefu/2configs/mail/mail.euer.nix>
|
||||
|
||||
# sharing
|
||||
<stockholm/makefu/2configs/share/gum.nix>
|
||||
<stockholm/makefu/2configs/torrent.nix>
|
||||
#<stockholm/makefu/2configs/retroshare.nix>
|
||||
## <stockholm/makefu/2configs/ipfs.nix>
|
||||
#<stockholm/makefu/2configs/syncthing.nix>
|
||||
{ # ncdc
|
||||
environment.systemPackages = [ pkgs.ncdc ];
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [ 51411 ];
|
||||
allowedTCPPorts = [ 51411 ];
|
||||
};
|
||||
}
|
||||
# <stockholm/makefu/2configs/opentracker.nix>
|
||||
|
||||
## network
|
||||
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
|
||||
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
|
||||
<stockholm/makefu/2configs/dnscrypt/server.nix>
|
||||
<stockholm/makefu/2configs/binary-cache/server.nix>
|
||||
<stockholm/makefu/2configs/iodined.nix>
|
||||
<stockholm/makefu/2configs/bitlbee.nix>
|
||||
|
||||
## buildbot
|
||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
||||
|
||||
# Removed until move: no extra mails
|
||||
<stockholm/makefu/2configs/urlwatch>
|
||||
# Removed until move: avoid double-update of domain
|
||||
# <stockholm/makefu/2configs/hub.nix>
|
||||
# Removed until move: avoid letsencrypt ban
|
||||
### Web
|
||||
#<stockholm/makefu/2configs/nginx/share-download.nix>
|
||||
#<stockholm/makefu/2configs/nginx/euer.test.nix>
|
||||
#<stockholm/makefu/2configs/nginx/euer.mon.nix>
|
||||
#<stockholm/makefu/2configs/nginx/euer.wiki.nix>
|
||||
#<stockholm/makefu/2configs/nginx/euer.blog.nix>
|
||||
## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
|
||||
#<stockholm/makefu/2configs/nginx/public_html.nix>
|
||||
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
||||
#<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
|
||||
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
|
||||
<stockholm/makefu/2configs/nginx/iso.euer.nix>
|
||||
<stockholm/makefu/2configs/deployment/events-publisher>
|
||||
|
||||
#<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
|
||||
#<stockholm/makefu/2configs/deployment/graphs.nix>
|
||||
#<stockholm/makefu/2configs/deployment/owncloud.nix>
|
||||
#<stockholm/makefu/2configs/deployment/boot-euer.nix>
|
||||
#<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
|
||||
|
||||
{
|
||||
services.taskserver.enable = true;
|
||||
services.taskserver.fqdn = config.krebs.build.host.name;
|
||||
services.taskserver.listenHost = "::";
|
||||
services.taskserver.organisations.home.users = [ "makefu" ];
|
||||
networking.firewall.extraCommands = ''
|
||||
iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
|
||||
ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT
|
||||
'';
|
||||
}
|
||||
|
||||
|
||||
<stockholm/makefu/2configs/stats/client.nix>
|
||||
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
||||
# <stockholm/makefu/2configs/logging/client.nix>
|
||||
|
||||
## Temporary:
|
||||
# <stockholm/makefu/2configs/temp/rst-issue.nix>
|
||||
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
||||
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
||||
|
||||
#{
|
||||
# services.dockerRegistry.enable = true;
|
||||
# networking.firewall.allowedTCPPorts = [ 8443 ];
|
||||
|
||||
# services.nginx.virtualHosts."euer.krebsco.de" = {
|
||||
# forceSSL = true;
|
||||
# enableACME = true;
|
||||
# extraConfig = ''
|
||||
# client_max_body_size 1000M;
|
||||
# '';
|
||||
# locations."/".proxyPass = "http://localhost:5000";
|
||||
# };
|
||||
#}
|
||||
{ # wireguard server
|
||||
|
||||
# opkg install wireguard luci-proto-wireguard
|
||||
|
||||
# TODO: networking.nat
|
||||
|
||||
# boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
# conf.all.proxy_arp =1
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [ 51820 ];
|
||||
extraCommands = ''
|
||||
iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
|
||||
'';
|
||||
};
|
||||
|
||||
networking.wireguard.interfaces.wg0 = {
|
||||
ips = [ "10.244.0.1/24" ];
|
||||
listenPort = 51820;
|
||||
privateKeyFile = (toString <secrets>) + "/wireguard.key";
|
||||
allowedIPsAsRoutes = true;
|
||||
peers = [
|
||||
{
|
||||
# x
|
||||
allowedIPs = [ "10.244.0.2/32" ];
|
||||
publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
|
||||
}
|
||||
{
|
||||
# vbob
|
||||
allowedIPs = [ "10.244.0.3/32" ];
|
||||
publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
|
||||
}
|
||||
{
|
||||
# x-test
|
||||
allowedIPs = [ "10.244.0.4/32" ];
|
||||
publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
|
||||
}
|
||||
{
|
||||
# work-router
|
||||
allowedIPs = [ "10.244.0.5/32" ];
|
||||
publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
|
||||
}
|
||||
{
|
||||
# workr
|
||||
allowedIPs = [ "10.244.0.6/32" ];
|
||||
publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
{ # iperf3
|
||||
networking.firewall.allowedUDPPorts = [ 5201 ];
|
||||
networking.firewall.allowedTCPPorts = [ 5201 ];
|
||||
}
|
||||
|
||||
# krebs infrastructure services
|
||||
<stockholm/makefu/2configs/stats/server.nix>
|
||||
];
|
||||
makefu.dl-dir = "/var/download";
|
||||
|
||||
services.openssh.hostKeys = [
|
||||
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
|
||||
{ path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
|
||||
###### stable
|
||||
services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
|
||||
krebs.build.host = config.krebs.hosts.gum;
|
||||
|
||||
krebs.tinc.retiolum = {
|
||||
extraConfig = ''
|
||||
ListenAddress = ${external-ip} 53
|
||||
ListenAddress = ${external-ip} 655
|
||||
ListenAddress = ${external-ip} 21031
|
||||
'';
|
||||
connectTo = [
|
||||
"muhbaasu" "tahoe" "flap" "wry"
|
||||
"ni"
|
||||
"fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
# access
|
||||
users.users = {
|
||||
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
|
||||
makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ];
|
||||
};
|
||||
|
||||
# Chat
|
||||
environment.systemPackages = with pkgs;[
|
||||
weechat
|
||||
bepasty-client-cli
|
||||
tmux
|
||||
];
|
||||
|
||||
# Hardware
|
||||
|
||||
# Network
|
||||
networking = {
|
||||
firewall = {
|
||||
allowPing = true;
|
||||
logRefusedConnections = false;
|
||||
allowedTCPPorts = [
|
||||
# smtp
|
||||
25
|
||||
# http
|
||||
80 443
|
||||
# httptunnel
|
||||
8080 8443
|
||||
# tinc
|
||||
655
|
||||
# tinc-shack
|
||||
21032
|
||||
# tinc-retiolum
|
||||
21031
|
||||
# taskserver
|
||||
53589
|
||||
# temp vnc
|
||||
18001
|
||||
# temp reverseshell
|
||||
31337
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
# tinc
|
||||
655 53
|
||||
# tinc-retiolum
|
||||
21031
|
||||
# tinc-shack
|
||||
21032
|
||||
];
|
||||
};
|
||||
nameservers = [ "8.8.8.8" ];
|
||||
};
|
||||
users.users.makefu.extraGroups = [ "download" "nginx" ];
|
||||
boot.tmpOnTmpfs = true;
|
||||
}
|
@ -1,99 +0,0 @@
|
||||
{ config, ... }:
|
||||
let
|
||||
external-mac = "50:46:5d:9f:63:6b";
|
||||
main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
|
||||
sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
|
||||
external-gw = "144.76.26.225";
|
||||
# single partition, label "nixos"
|
||||
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
|
||||
|
||||
|
||||
# static
|
||||
external-ip = "144.76.26.247";
|
||||
external-ip6 = "2a01:4f8:191:12f6::2";
|
||||
external-gw6 = "fe80::1";
|
||||
external-netmask = 27;
|
||||
external-netmask6 = 64;
|
||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
ext-if = "et0"; # gets renamed on the fly
|
||||
in {
|
||||
imports = [
|
||||
];
|
||||
makefu.server.primary-itf = ext-if;
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
|
||||
'';
|
||||
networking = {
|
||||
interfaces."${ext-if}" = {
|
||||
ipv4.addresses = [{
|
||||
address = external-ip;
|
||||
prefixLength = external-netmask;
|
||||
}];
|
||||
ipv6.addresses = [{
|
||||
address = external-ip6;
|
||||
prefixLength = external-netmask6;
|
||||
}];
|
||||
};
|
||||
defaultGateway6 = external-gw6;
|
||||
defaultGateway = external-gw;
|
||||
};
|
||||
boot.kernelParams = [ ];
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.devices = [ main-disk ];
|
||||
boot.initrd.kernelModules = [ "dm-raid" ];
|
||||
boot.initrd.availableKernelModules = [
|
||||
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
|
||||
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
|
||||
];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
fileSystems."/" = {
|
||||
device = "/dev/mapper/nixos-root";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/lib" = {
|
||||
device = "/dev/mapper/nixos-lib";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/download" = {
|
||||
device = "/dev/mapper/nixos-download";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/lib/borgbackup" = {
|
||||
device = "/dev/mapper/nixos-backup";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/sda2";
|
||||
fsType = "vfat";
|
||||
};
|
||||
# parted -s -a optimal "$disk" \
|
||||
# mklabel gpt \
|
||||
# mkpart no-fs 0 1024KiB \
|
||||
# set 1 bios_grub on \
|
||||
# mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
|
||||
# mkpart primary 1025MiB 100%
|
||||
# parted -s -a optimal "/dev/sdb" \
|
||||
# mklabel gpt \
|
||||
# mkpart primary 1M 100%
|
||||
|
||||
#mkfs.vfat /dev/sda2
|
||||
#pvcreate /dev/sda3
|
||||
#pvcreate /dev/sdb1
|
||||
#vgcreate nixos /dev/sda3 /dev/sdb1
|
||||
#lvcreate -L 120G -m 1 -n root nixos
|
||||
#lvcreate -L 50G -m 1 -n lib nixos
|
||||
#lvcreate -L 100G -n download nixos
|
||||
#lvcreate -L 100G -n backup nixos
|
||||
#mkfs.ext4 /dev/mapper/nixos-root
|
||||
#mkfs.ext4 /dev/mapper/nixos-lib
|
||||
#mkfs.ext4 /dev/mapper/nixos-download
|
||||
#mkfs.ext4 /dev/mapper/nixos-borgbackup
|
||||
#mount /dev/mapper/nixos-root /mnt
|
||||
#mkdir /mnt/boot
|
||||
#mount /dev/sda2 /mnt/boot
|
||||
#mkdir -p /mnt/var/src
|
||||
#touch /mnt/var/src/.populate
|
||||
|
||||
}
|
@ -1,5 +0,0 @@
|
||||
{
|
||||
name="nextgum";
|
||||
torrent = true;
|
||||
clever_kexec = true;
|
||||
}
|
@ -1,7 +0,0 @@
|
||||
{ config, lib, ... }:
|
||||
# configuration which is only required for the time of the transfer
|
||||
{
|
||||
krebs.tinc.retiolum.connectTo = [ "gum" ];
|
||||
krebs.build.host = lib.mkForce config.krebs.hosts.nextgum;
|
||||
}
|
||||
|
@ -8,11 +8,11 @@ let
|
||||
in {
|
||||
imports =
|
||||
[
|
||||
#./hw/omo.nix
|
||||
./hw/tsp.nix
|
||||
./hw/omo.nix
|
||||
#./hw/tsp.nix
|
||||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/zsh-user.nix>
|
||||
<stockholm/makefu/2configs/backup.nix>
|
||||
<stockholm/makefu/2configs/backup/state.nix>
|
||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
||||
# <stockholm/makefu/2configs/smart-monitor.nix>
|
||||
<stockholm/makefu/2configs/mail-client.nix>
|
||||
@ -25,6 +25,22 @@ in {
|
||||
#<stockholm/makefu/2configs/graphite-standalone.nix>
|
||||
#<stockholm/makefu/2configs/share-user-sftp.nix>
|
||||
<stockholm/makefu/2configs/share/omo.nix>
|
||||
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
||||
{ krebs.airdcpp.dcpp.shares = let
|
||||
d = path: "/media/cryptX/${path}";
|
||||
in {
|
||||
emu.path = d "emu";
|
||||
audiobooks.path = lib.mkForce (d "audiobooks");
|
||||
incoming.path = lib.mkForce (d "torrent");
|
||||
anime.path = d "anime";
|
||||
};
|
||||
krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp";
|
||||
}
|
||||
{
|
||||
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
|
||||
#services.sabnzbd.enable = true;
|
||||
#systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
}
|
||||
# <stockholm/makefu/2configs/share/omo-timemachine.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
|
||||
@ -41,12 +57,30 @@ in {
|
||||
<stockholm/makefu/2configs/stats/arafetch.nix>
|
||||
|
||||
# services
|
||||
<stockholm/makefu/2configs/syncthing.nix>
|
||||
{
|
||||
services.nginx.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
}
|
||||
# <stockholm/makefu/2configs/syncthing.nix>
|
||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
||||
<stockholm/makefu/2configs/deployment/google-muell.nix>
|
||||
# TODO:
|
||||
# <stockholm/makefu/2configs/deployment/google-muell.nix>
|
||||
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
||||
<stockholm/makefu/2configs/bluetooth-mpd.nix>
|
||||
|
||||
{
|
||||
# Risikoübernahme
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"homeassistant-0.77.2"
|
||||
];
|
||||
}
|
||||
<stockholm/makefu/2configs/deployment/homeautomation>
|
||||
{
|
||||
makefu.ps3netsrv = {
|
||||
enable = true;
|
||||
servedir = "/media/cryptX/emu/ps3";
|
||||
};
|
||||
}
|
||||
{
|
||||
hardware.pulseaudio.systemWide = true;
|
||||
makefu.mpd.musicDirectory = "/media/cryptX/music";
|
||||
@ -71,10 +105,11 @@ in {
|
||||
|
||||
];
|
||||
makefu.full-populate = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) {
|
||||
downloadDir = lib.mkForce "/media/cryptX/torrent";
|
||||
extraConfig = ''
|
||||
upload_rate = 200
|
||||
upload_rate = 500
|
||||
'';
|
||||
};
|
||||
users.groups.share = {
|
||||
@ -83,14 +118,7 @@ in {
|
||||
};
|
||||
networking.firewall.trustedInterfaces = [ primaryInterface ];
|
||||
|
||||
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
|
||||
services.sabnzbd.enable = true;
|
||||
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
makefu.ps3netsrv = {
|
||||
enable = true;
|
||||
servedir = "/media/cryptX/emu/ps3";
|
||||
};
|
||||
|
||||
users.users.misa = {
|
||||
uid = 9002;
|
||||
|
@ -11,10 +11,10 @@ in {
|
||||
<stockholm/makefu>
|
||||
<stockholm/makefu/2configs/zsh-user.nix>
|
||||
<stockholm/makefu/2configs/tools/core.nix>
|
||||
<stockholm/makefu/2configs/disable_v6.nix>
|
||||
# <stockholm/makefu/2configs/tools/core-gui.nix>
|
||||
# <stockholm/makefu/2configs/tools/extra-gui.nix>
|
||||
# <stockholm/makefu/2configs/tools/media.nix>
|
||||
# <stockholm/makefu/2configs/disable_v6.nix>
|
||||
<stockholm/makefu/2configs/tools/core-gui.nix>
|
||||
<stockholm/makefu/2configs/tools/extra-gui.nix>
|
||||
<stockholm/makefu/2configs/tools/media.nix>
|
||||
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
<stockholm/makefu/2configs/mqtt.nix>
|
||||
@ -33,9 +33,6 @@ in {
|
||||
|
||||
<stockholm/makefu/2configs/share/wbob.nix>
|
||||
<stockholm/makefu/2configs/bluetooth-mpd.nix>
|
||||
{
|
||||
users.users.makefu.extraGroups = [ "pulse" ];
|
||||
}
|
||||
|
||||
# Sensors
|
||||
<stockholm/makefu/2configs/stats/telegraf>
|
||||
@ -46,10 +43,16 @@ in {
|
||||
<stockholm/makefu/2configs/deployment/led-fader.nix>
|
||||
<stockholm/makefu/2configs/hw/mceusb.nix>
|
||||
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
|
||||
{ environment.systemPackages = [ pkgs.vlc ]; }
|
||||
|
||||
|
||||
|
||||
{
|
||||
# Risikoübernahme
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"homeassistant-0.77.2"
|
||||
];
|
||||
}
|
||||
<stockholm/makefu/2configs/deployment/bureautomation>
|
||||
<stockholm/makefu/2configs/deployment/bureautomation/mpd.nix>
|
||||
<stockholm/makefu/2configs/deployment/bureautomation/hass.nix>
|
||||
(let
|
||||
collectd-port = 25826;
|
||||
@ -174,20 +177,4 @@ in {
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
|
||||
# DualHead on NUC
|
||||
# TODO: update synergy package with these extras (username)
|
||||
# TODO: add crypto layer
|
||||
systemd.services."synergy-client" = {
|
||||
environment.DISPLAY = ":0";
|
||||
serviceConfig.User = user;
|
||||
};
|
||||
|
||||
services.synergy = {
|
||||
client = {
|
||||
enable = true;
|
||||
screenName = "wbob";
|
||||
serverAddress = "x.r";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -15,7 +15,7 @@
|
||||
<stockholm/makefu/2configs/extra-fonts.nix>
|
||||
<stockholm/makefu/2configs/tools/all.nix>
|
||||
|
||||
<stockholm/makefu/2configs/laptop-backup.nix>
|
||||
<stockholm/makefu/2configs/backup/state.nix>
|
||||
# <stockholm/makefu/2configs/dnscrypt/client.nix>
|
||||
<stockholm/makefu/2configs/avahi.nix>
|
||||
|
||||
@ -74,6 +74,7 @@
|
||||
<stockholm/makefu/2configs/hw/network-manager.nix>
|
||||
<stockholm/makefu/2configs/hw/stk1160.nix>
|
||||
<stockholm/makefu/2configs/hw/irtoy.nix>
|
||||
<stockholm/makefu/2configs/hw/switch.nix>
|
||||
<stockholm/makefu/2configs/hw/bluetooth.nix>
|
||||
# <stockholm/makefu/2configs/hw/rad1o.nix>
|
||||
<stockholm/makefu/2configs/hw/smartcard.nix>
|
||||
@ -83,11 +84,11 @@
|
||||
|
||||
# Security
|
||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||
{
|
||||
programs.adb.enable = true;
|
||||
}
|
||||
{ programs.adb.enable = true; }
|
||||
# temporary
|
||||
{ services.redis.enable = true; }
|
||||
<stockholm/makefu/2configs/pyload.nix>
|
||||
# <stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
||||
# <stockholm/makefu/2configs/nginx/rompr.nix>
|
||||
# <stockholm/makefu/2configs/lanparty/lancache.nix>
|
||||
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
|
||||
@ -121,13 +122,11 @@
|
||||
];
|
||||
|
||||
makefu.server.primary-itf = "wlp3s0";
|
||||
makefu.full-populate = true;
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
# configure pulseAudio to provide a HDMI sink as well
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
|
||||
networking.firewall.allowedUDPPorts = [ 665 26061 ];
|
||||
networking.firewall.trustedInterfaces = [ "vboxnet0" ];
|
||||
|
||||
@ -144,14 +143,25 @@
|
||||
# avoid full boot dir
|
||||
boot.loader.grub.configurationLimit = 3;
|
||||
|
||||
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
|
||||
environment.systemPackages = [ pkgs.passwdqc-utils ];
|
||||
|
||||
# environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; };
|
||||
state = [
|
||||
"/home/makefu/stockholm"
|
||||
"/home/makefu/backup/borgun"
|
||||
"/home/makefu/.mail/"
|
||||
"/home/makefu/.ssh/"
|
||||
"/home/makefu/.zsh_history"
|
||||
"/home/makefu/.bash_history"
|
||||
"/home/makefu/.zshrc"
|
||||
"/home/makefu/bin"
|
||||
"/home/makefu/.gnupg"
|
||||
"/home/makefu/.imapfilter"
|
||||
"/home/makefu/.mutt"
|
||||
"/home/makefu/docs"
|
||||
"/home/makefu/.password-store"
|
||||
"/home/makefu/.secrets-pass"
|
||||
"/home/makefu/autosync/Database.kdb"
|
||||
];
|
||||
|
||||
services.syncthing.user = lib.mkForce "makefu";
|
||||
services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
|
||||
}
|
||||
|
@ -1,52 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
# preparation:
|
||||
# mkdir -p defaultBackupDir/host.name/src
|
||||
# as root on omo:
|
||||
# ssh-copy-id root@src
|
||||
startAt = "0,6,12,18:00";
|
||||
defaultBackupServer = config.krebs.hosts.omo;
|
||||
defaultBackupDir = "/home/backup";
|
||||
defaultPull = host: src: {
|
||||
method = "pull";
|
||||
src = {
|
||||
inherit host;
|
||||
path = src;
|
||||
};
|
||||
dst = {
|
||||
host = defaultBackupServer;
|
||||
path = "${defaultBackupDir}/${host.name}${src}";
|
||||
};
|
||||
startAt = "0,6,12,18:00";
|
||||
snapshots = {
|
||||
hourly = { format = "%Y-%m-%dT%H"; retain = 4; };
|
||||
daily = { format = "%Y-%m-%d"; retain = 7; };
|
||||
weekly = { format = "%YW%W"; retain = 4; };
|
||||
monthly = { format = "%Y-%m"; retain = 12; };
|
||||
yearly = { format = "%Y"; };
|
||||
};
|
||||
};
|
||||
in {
|
||||
krebs.backup.plans = {
|
||||
# wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
|
||||
gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
|
||||
gum-dl-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/download" )//
|
||||
{
|
||||
dst.path = "/media/cryptX/backup/gum/var-download";
|
||||
dst.host = defaultBackupServer;
|
||||
startAt = "19:00";
|
||||
};
|
||||
gum-owncloud-to-omo_external = (defaultPull config.krebs.hosts.gum "/var/www/o.euer.krebsco.de" )//
|
||||
{
|
||||
dst.path = "/media/cryptX/backup/gum/var-www-o.euer.krebsco.de";
|
||||
dst.host = defaultBackupServer;
|
||||
|
||||
startAt = "05:00";
|
||||
};
|
||||
# wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/";
|
||||
};
|
||||
environment.systemPackages = [
|
||||
pkgs.borgbackup
|
||||
];
|
||||
}
|
11
makefu/2configs/backup/server.nix
Normal file
11
makefu/2configs/backup/server.nix
Normal file
@ -0,0 +1,11 @@
|
||||
{lib, ... }:
|
||||
let
|
||||
hosts = lib.mapAttrsToList (f: _: lib.removeSuffix ".pub" f) (builtins.readDir ./ssh );
|
||||
in {
|
||||
# TODO: for all enabled machines
|
||||
services.borgbackup.repos = lib.genAttrs hosts (host: {
|
||||
authorizedKeys = [ (builtins.readFile (./ssh + "/${host}.pub") ) ];
|
||||
path = "/var/lib/borgbackup/${host}";
|
||||
user = "borg-${host}";
|
||||
}) ;
|
||||
}
|
1
makefu/2configs/backup/ssh/gum.pub
Normal file
1
makefu/2configs/backup/ssh/gum.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCJe7DQkKbL58pL78ImO+nVI/aaNFP8Zyqgo8EbNhW makefu@x
|
1
makefu/2configs/backup/ssh/nextgum.pub
Normal file
1
makefu/2configs/backup/ssh/nextgum.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x
|
1
makefu/2configs/backup/ssh/omo.pub
Normal file
1
makefu/2configs/backup/ssh/omo.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtA3XzpjByYQ9uSHQr0dkNUyi6nROjwv1S2IQtUu4pi makefu@x
|
1
makefu/2configs/backup/ssh/x.pub
Normal file
1
makefu/2configs/backup/ssh/x.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfhUv9twYbO7tUe2r2LOXEMNxW14GO3Q0RTkUWeMxw makefu@x
|
25
makefu/2configs/backup/state.nix
Normal file
25
makefu/2configs/backup/state.nix
Normal file
@ -0,0 +1,25 @@
|
||||
{ config, ... }:
|
||||
# back up all state
|
||||
let
|
||||
sec = toString <secrets>;
|
||||
sshkey = sec + "/borg.priv";
|
||||
phrase = sec + "/borg.pw";
|
||||
in
|
||||
{
|
||||
services.borgbackup.jobs.state = {
|
||||
repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:.";
|
||||
paths = config.state;
|
||||
encryption = {
|
||||
mode = "repokey";
|
||||
passCommand = "cat ${phrase}";
|
||||
};
|
||||
environment.BORG_RSH = "ssh -i ${sshkey}";
|
||||
prune.keep =
|
||||
{ daily = 7;
|
||||
weekly = 4;
|
||||
monthly = -1; # Keep at least one archive for each month
|
||||
};
|
||||
compression = "auto,lzma";
|
||||
startAt = "daily";
|
||||
};
|
||||
}
|
@ -32,6 +32,11 @@ in {
|
||||
"paste.${config.krebs.build.host.name}"
|
||||
"paste.r"
|
||||
];
|
||||
extraConfig = ''
|
||||
if ( $server_addr = "${external-ip}" ) {
|
||||
return 403;
|
||||
}
|
||||
'';
|
||||
};
|
||||
defaultPermissions = "admin,list,create,read,delete";
|
||||
secretKeyFile = secKey;
|
||||
|
@ -57,6 +57,8 @@ in {
|
||||
load-module module-filter-heuristics
|
||||
load-module module-filter-apply
|
||||
load-module module-switch-on-connect
|
||||
load-module module-equalizer-sink
|
||||
load-module module-dbus-protocol
|
||||
#load-module module-bluez5-device
|
||||
#load-module module-bluez5-discover
|
||||
'';
|
||||
|
@ -44,5 +44,6 @@
|
||||
|
||||
'';
|
||||
};
|
||||
|
||||
state = map (f: "${config.krebs.airdcpp.stateDir}/${f}")
|
||||
[ "Favorites.xml" "DCPlusPlus.xml" "WebServer.xml" "Recents.xml" "IgnoredUsers.xml" ];
|
||||
}
|
||||
|
@ -11,6 +11,11 @@ let
|
||||
payload_available= "Online";
|
||||
payload_not_available= "Offline";
|
||||
};
|
||||
tasmota_stecki = name: topic:
|
||||
( tasmota_plug name topic) //
|
||||
{ state_topic = "/bam/${topic}/stat/POWER";
|
||||
command_topic = "/bam/${topic}/cmnd/POWER";
|
||||
};
|
||||
espeasy_dht22 = name: [
|
||||
{ platform = "mqtt";
|
||||
name = "${name} DHT22 Temperature";
|
||||
@ -38,9 +43,6 @@ let
|
||||
};
|
||||
in {
|
||||
networking.firewall.allowedTCPPorts = [ 8123 ];
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"homeassistant-0.65.5"
|
||||
];
|
||||
|
||||
services.home-assistant = {
|
||||
enable = true;
|
||||
@ -48,6 +50,9 @@ in {
|
||||
homeassistant = {
|
||||
name = "Bureautomation";
|
||||
time_zone = "Europe/Berlin";
|
||||
latitude = "48.8265";
|
||||
longitude = "9.0676";
|
||||
elevation = 303;
|
||||
};
|
||||
|
||||
mqtt = {
|
||||
@ -72,7 +77,7 @@ in {
|
||||
switch = [
|
||||
(tasmota_plug "Bauarbeiterlampe" "plug")
|
||||
(tasmota_plug "Blitzdings" "plug2")
|
||||
(tasmota_plug "Fernseher" "plug3")
|
||||
(tasmota_stecki "Fernseher" "fernseher")
|
||||
(tasmota_plug "Pluggy" "plug4")
|
||||
];
|
||||
binary_sensor = [
|
||||
@ -96,26 +101,140 @@ in {
|
||||
sensorid = "5341";
|
||||
monitored_conditions = [ "P1" "P2" ];
|
||||
}
|
||||
{ platform = "influxdb";
|
||||
queries = [
|
||||
{ name = "mean value of feinstaub P1";
|
||||
where = '' "node" = 'esp8266-1355142' '';
|
||||
measurement = "feinstaub";
|
||||
database = "telegraf";
|
||||
field = "P1";
|
||||
}
|
||||
{ name = "mean value of feinstaub P2";
|
||||
where = '' "node" = 'esp8266-1355142' '';
|
||||
measurement = "feinstaub";
|
||||
database = "telegraf";
|
||||
field = "P2";
|
||||
}
|
||||
];
|
||||
|
||||
{ platform = "darksky";
|
||||
api_key = lib.removeSuffix "\n"
|
||||
(builtins.readFile <secrets/hass/darksky.apikey>);
|
||||
language = "de";
|
||||
monitored_conditions = [ "summary" "icon"
|
||||
"nearest_storm_distance" "precip_probability"
|
||||
"precip_intensity"
|
||||
"temperature" # "temperature_high" "temperature_low"
|
||||
"apparent_temperature"
|
||||
"hourly_summary" # next 24 hours text
|
||||
"minutely_summary"
|
||||
"humidity"
|
||||
"pressure"
|
||||
"uv_index" ];
|
||||
units = "si" ;
|
||||
update_interval = {
|
||||
days = 0;
|
||||
hours = 0;
|
||||
minutes = 30;
|
||||
seconds = 0;
|
||||
};
|
||||
}
|
||||
#{ platform = "influxdb";
|
||||
# queries = [
|
||||
# { name = "mean value of feinstaub P1";
|
||||
# where = '' "node" = 'esp8266-1355142' '';
|
||||
# measurement = "feinstaub";
|
||||
# database = "telegraf";
|
||||
# field = "P1";
|
||||
# }
|
||||
# { name = "mean value of feinstaub P2";
|
||||
# where = '' "node" = 'esp8266-1355142' '';
|
||||
# measurement = "feinstaub";
|
||||
# database = "telegraf";
|
||||
# field = "P2";
|
||||
# }
|
||||
# ];
|
||||
#}
|
||||
];
|
||||
camera = [
|
||||
{ name = "Baumarkt";
|
||||
platform = "generic";
|
||||
still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt
|
||||
}
|
||||
{ name = "Autobahn Heilbronn";
|
||||
platform = "generic";
|
||||
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ;
|
||||
}
|
||||
{ name = "Autobahn Singen";
|
||||
platform = "generic";
|
||||
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ;
|
||||
}
|
||||
];
|
||||
frontend = { };
|
||||
http = { };
|
||||
feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
|
||||
conversation = {};
|
||||
history = {};
|
||||
logbook = {};
|
||||
tts = [ { platform = "google";} ];
|
||||
recorder = {};
|
||||
group =
|
||||
{ default_view =
|
||||
{ view = "yes";
|
||||
entities = [
|
||||
"group.sensors"
|
||||
"group.outside"
|
||||
"group.switches"
|
||||
"group.automation"
|
||||
"group.camera"
|
||||
];
|
||||
};
|
||||
automation = [
|
||||
"automation.turn_off_fernseher_10_minutes_after_last_movement"
|
||||
];
|
||||
switches = [
|
||||
"switch.bauarbeiterlampe"
|
||||
"switch.blitzdings"
|
||||
"switch.fernseher"
|
||||
"switch.pluggy"
|
||||
];
|
||||
camera = [
|
||||
"camera.Baumarkt"
|
||||
"camera.Autobahn_Heilbronn"
|
||||
"camera.Autobahn_Singen"
|
||||
];
|
||||
sensors = [
|
||||
"binary_sensor.motion"
|
||||
"sensor.easy2_dht22_humidity"
|
||||
"sensor.easy2_dht22_temperature"
|
||||
];
|
||||
outside = [
|
||||
"sensor.ditzingen_pm10"
|
||||
"sensor.ditzingen_pm25"
|
||||
"sensor.dark_sky_temperature"
|
||||
"sensor.dark_sky_humidity"
|
||||
"sensor.dark_sky_pressure"
|
||||
"sensor.dark_sky_hourly_summary"
|
||||
"sensor.dark_sky_minutely_summary"
|
||||
];
|
||||
};
|
||||
# only for automation
|
||||
# feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
|
||||
automation = [
|
||||
{ alias = "Turn on Fernseher on movement";
|
||||
trigger = {
|
||||
platform = "state";
|
||||
entity_id = "binary_sensor.motion";
|
||||
to = "on";
|
||||
};
|
||||
action = {
|
||||
service= "homeassistant.turn_on";
|
||||
entity_id= "switch.fernseher";
|
||||
};
|
||||
}
|
||||
{ alias = "Turn off Fernseher 10 minutes after last movement";
|
||||
trigger = {
|
||||
platform = "state";
|
||||
entity_id = "binary_sensor.motion";
|
||||
to = "off";
|
||||
for.minutes = 10;
|
||||
};
|
||||
action = {
|
||||
service= "homeassistant.turn_off";
|
||||
entity_id= "switch.fernseher";
|
||||
};
|
||||
condition = [{
|
||||
condition = "time";
|
||||
before = "06:30:00"; #only turn off between 6:30 and 18:00
|
||||
after = "18:00:00";
|
||||
weekday = [ "mon" "tue" "wed" "thu" "fri" ];
|
||||
}];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -1,67 +0,0 @@
|
||||
{ pkgs, lib, ... }:
|
||||
let
|
||||
firetv = "192.168.1.238";
|
||||
in {
|
||||
systemd.services.firetv = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
User = "nobody";
|
||||
ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
|
||||
};
|
||||
};
|
||||
services.home-assistant = {
|
||||
#panel_iframe:
|
||||
#configurator:
|
||||
# title: Configurator
|
||||
# icon: mdi:wrench
|
||||
# url: http://hassio.local:3218
|
||||
# sensor:
|
||||
# - platform: random
|
||||
enable = true;
|
||||
config = {
|
||||
homeassistant = {
|
||||
name = "Bureautomation";
|
||||
time_zone = "Europe/Berlin";
|
||||
};
|
||||
panel_iframe = {
|
||||
euer_blog = {
|
||||
title = "Euer Blog";
|
||||
icon = "mdi:wrench";
|
||||
url = "https://euer.krebsco.de";
|
||||
};
|
||||
};
|
||||
media_player = [
|
||||
{ platform = "kodi";
|
||||
host = firetv;
|
||||
}
|
||||
{ platform = "firetv";
|
||||
# assumes python-firetv running
|
||||
}
|
||||
];
|
||||
sensor = [
|
||||
{
|
||||
platform = "luftdaten";
|
||||
name = "Shack 1";
|
||||
sensorid = "50";
|
||||
monitored_conditions = [ "P1" "P2" ];
|
||||
}
|
||||
{
|
||||
platform = "luftdaten";
|
||||
name = "Shack 2";
|
||||
sensorid = "658";
|
||||
monitored_conditions = [ "P1" "P2" ];
|
||||
}
|
||||
{
|
||||
platform = "luftdaten";
|
||||
name = "Ditzingen";
|
||||
sensorid = "5341";
|
||||
monitored_conditions = [ "P1" "P2" ];
|
||||
}
|
||||
{ platform = "random"; }
|
||||
];
|
||||
frontend = { };
|
||||
http = { };
|
||||
feedreader.urls = [ "https://nixos.org/blogs.xml" ];
|
||||
};
|
||||
};
|
||||
}
|
9
makefu/2configs/deployment/bureautomation/mpd.nix
Normal file
9
makefu/2configs/deployment/bureautomation/mpd.nix
Normal file
@ -0,0 +1,9 @@
|
||||
{lib,pkgs, ... }:
|
||||
|
||||
{
|
||||
systemd.services."ympd-wbob" = {
|
||||
description = "mpd ";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host localhost --port 6600 --webport 8866 --user nobody";
|
||||
};
|
||||
}
|
@ -6,11 +6,6 @@ let
|
||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
hn = config.krebs.build.host.name;
|
||||
in {
|
||||
krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
|
||||
if ( $server_addr = "${external-ip}" ) {
|
||||
return 403;
|
||||
}
|
||||
'';
|
||||
krebs.tinc_graphs = {
|
||||
enable = true;
|
||||
nginx = {
|
||||
|
@ -1,9 +1,60 @@
|
||||
{ pkgs, config, ... }:
|
||||
{ pkgs, lib, config, ... }:
|
||||
|
||||
# Ideas:
|
||||
## wake-on-lan server
|
||||
##
|
||||
let
|
||||
tasmota_rgb = name: topic:
|
||||
# LED WS2812b
|
||||
# effect_state_topic: "stat/led/Scheme"
|
||||
# effect_command_topic: "cmnd/led/Scheme"
|
||||
# effect_value_template: "{{ value_json.Scheme }}"
|
||||
{ platform = "mqtt";
|
||||
inherit name;
|
||||
retain = false;
|
||||
qos = 1;
|
||||
optimistic = false;
|
||||
# state
|
||||
# TODO: currently broken, will not use the custom state topic
|
||||
#state_topic = "/ham/${topic}/stat/POWER";
|
||||
state_topic = "/ham/${topic}/stat/POWER";
|
||||
command_topic = "/ham/${topic}/cmnd/POWER";
|
||||
availability_topic = "/ham/${topic}/tele/LWT";
|
||||
payload_on= "ON";
|
||||
payload_off= "OFF";
|
||||
payload_available= "Online";
|
||||
payload_not_available= "Offline";
|
||||
# brightness
|
||||
brightness_state_topic = "/ham/${topic}/stat/Dimmer";
|
||||
brightness_command_topic = "/ham/${topic}/cmnd/Dimmer";
|
||||
brightness_value_template = "{{ value_json.Dimmer }}";
|
||||
brightness_scale = 100;
|
||||
# color
|
||||
rgb_state_topic = "/ham/${topic}/stat/Color";
|
||||
rgb_command_topic = "/ham/${topic}/cmnd/Color2";
|
||||
rgb_command_mode = "hex";
|
||||
rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
|
||||
# effects
|
||||
effect_state_topic = "/ham/${topic}/stat/Scheme";
|
||||
effect_command_topic = "/ham/${topic}/cmnd/Scheme";
|
||||
effect_value_template = "{{ value_json.Scheme }}";
|
||||
effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ];
|
||||
};
|
||||
# switchmode 1 - also toggle power
|
||||
# switchtopic flurlicht
|
||||
tasmota_motion = name: topic:
|
||||
{ platform = "mqtt";
|
||||
device_class = "motion";
|
||||
inherit name;
|
||||
# TODO: currently broken, will not use the custom state topic
|
||||
state_topic = "/ham/${topic}/stat/POWER";
|
||||
payload_on = "ON";
|
||||
payload_off = "OFF";
|
||||
availability_topic = "/ham/${topic}/tele/LWT";
|
||||
payload_available = "Online";
|
||||
payload_not_available = "Offline";
|
||||
};
|
||||
|
||||
firetv = "192.168.1.238";
|
||||
tasmota_plug = name: topic:
|
||||
{ platform = "mqtt";
|
||||
@ -36,20 +87,31 @@ let
|
||||
unit_of_measurement = "hPa";
|
||||
}
|
||||
];
|
||||
tasmota_am2301 = name: topic:
|
||||
[ { platform = "mqtt";
|
||||
name = "${name} Temperatur";
|
||||
state_topic = "/ham/${topic}/tele/SENSOR";
|
||||
value_template = "{{ value_json.AM2301.Temperature }}";
|
||||
unit_of_measurement = "°C";
|
||||
}
|
||||
{ platform = "mqtt";
|
||||
name = "${name} Luftfeuchtigkeit";
|
||||
state_topic = "/ham/${topic}/tele/SENSOR";
|
||||
value_template = "{{ value_json.AM2301.Humidity }}";
|
||||
unit_of_measurement = "%";
|
||||
}
|
||||
];
|
||||
in {
|
||||
imports = [
|
||||
./mqtt.nix
|
||||
];
|
||||
systemd.services.firetv = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
User = "nobody";
|
||||
ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
|
||||
};
|
||||
};
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"homeassistant-0.65.5"
|
||||
];
|
||||
#systemd.services.firetv = {
|
||||
# wantedBy = [ "multi-user.target" ];
|
||||
# serviceConfig = {
|
||||
# User = "nobody";
|
||||
# ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
|
||||
# };
|
||||
#};
|
||||
services.home-assistant = {
|
||||
config = {
|
||||
homeassistant = {
|
||||
@ -58,7 +120,7 @@ in {
|
||||
longitude = "9.2478";
|
||||
elevation = 247;
|
||||
};
|
||||
discovery = {};
|
||||
#discovery = {};
|
||||
conversation = {};
|
||||
history = {};
|
||||
logbook = {};
|
||||
@ -71,16 +133,16 @@ in {
|
||||
{ platform = "kodi";
|
||||
host = firetv;
|
||||
}
|
||||
{ platform = "firetv";
|
||||
# assumes python-firetv running
|
||||
}
|
||||
#{ platform = "firetv";
|
||||
# # assumes python-firetv running
|
||||
#}
|
||||
];
|
||||
mqtt = {
|
||||
broker = "localhost";
|
||||
port = 1883;
|
||||
client_id = "home-assistant";
|
||||
username = "hass";
|
||||
password = builtins.readFile <secrets/mqtt/hass>;
|
||||
password = lib.removeSuffix "\n" (builtins.readFile <secrets/mqtt/hass>);
|
||||
keepalive = 60;
|
||||
protocol = 3.1;
|
||||
birth_message = {
|
||||
@ -96,43 +158,100 @@ in {
|
||||
retain = true;
|
||||
};
|
||||
};
|
||||
binary_sensor = [
|
||||
(tasmota_motion "Flur Bewegung" "flurlicht")
|
||||
];
|
||||
sensor = [
|
||||
{ platform = "speedtest";
|
||||
monitored_conditions = [ "ping" "download" "upload" ];
|
||||
}
|
||||
# broken
|
||||
#{ platform = "speedtest";
|
||||
# monitored_conditions = [ "ping" "download" "upload" ];
|
||||
#}
|
||||
{ platform = "luftdaten";
|
||||
name = "Ditzingen";
|
||||
name = "Wangen";
|
||||
sensorid = "663";
|
||||
monitored_conditions = [ "P1" "P2" ];
|
||||
}
|
||||
# https://www.home-assistant.io/cookbook/automation_for_rainy_days/
|
||||
{ platform = "darksky";
|
||||
api_key = "c73619e6ea79e553a585be06aacf3679";
|
||||
api_key = lib.removeSuffix "\n"
|
||||
(builtins.readFile <secrets/hass/darksky.apikey>);
|
||||
language = "de";
|
||||
monitored_conditions = [ "summary" "icon"
|
||||
"nearest_storm_distance" "precip_probability"
|
||||
"precip_intensity"
|
||||
"temperature" # "temperature_high" "temperature_low"
|
||||
"temperature"
|
||||
"apparent_temperature"
|
||||
"hourly_summary"
|
||||
"humidity"
|
||||
"pressure"
|
||||
"uv_index" ];
|
||||
units = "si" ;
|
||||
update_interval = {
|
||||
days = 0;
|
||||
hours = 0;
|
||||
minutes = 10;
|
||||
minutes = 30;
|
||||
seconds = 0;
|
||||
};
|
||||
}
|
||||
] ++ (tasmota_bme "Schlafzimmer" "schlafzimmer");
|
||||
]
|
||||
++ (tasmota_bme "Schlafzimmer" "schlafzimmer")
|
||||
++ (tasmota_am2301 "Arbeitszimmer" "arbeitszimmer");
|
||||
frontend = { };
|
||||
#group = [
|
||||
# { default_view = { view = "yes"; entities = [
|
||||
# "sensor.luftdaten"
|
||||
# ]}
|
||||
#];
|
||||
group =
|
||||
{ default_view =
|
||||
{ view = "yes";
|
||||
entities = [
|
||||
"group.flur"
|
||||
"group.schlafzimmer"
|
||||
"group.draussen"
|
||||
"group.wohnzimmer"
|
||||
"group.arbeitszimmer"
|
||||
];
|
||||
};
|
||||
flur = [
|
||||
"light.flurlicht"
|
||||
"binary_sensor.flur_bewegung"
|
||||
];
|
||||
wohnzimmer = [
|
||||
"media_player.kodi"
|
||||
];
|
||||
draussen = [
|
||||
"sensor.dark_sky_temperature"
|
||||
"sensor.dark_sky_hourly_summary"
|
||||
"sensor.wangen_pm10"
|
||||
"sensor.wangen_pm25"
|
||||
];
|
||||
schlafzimmer = [
|
||||
"sensor.schlafzimmer_temperatur"
|
||||
"sensor.schlafzimmer_luftdruck"
|
||||
"sensor.schlafzimmer_luftfeuchtigkeit"
|
||||
"switch.lichterkette_schlafzimmer"
|
||||
];
|
||||
arbeitszimmer = [
|
||||
"switch.strom_staubsauger"
|
||||
"sensor.arbeitszimmer_temperatur"
|
||||
"sensor.arbeitszimmer_luftfeuchtigkeit"
|
||||
];
|
||||
};
|
||||
http = { };
|
||||
switch = [
|
||||
(tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer")
|
||||
(tasmota_plug "Strom Staubsauger" "arbeitszimmer")
|
||||
];
|
||||
light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ];
|
||||
automation = [
|
||||
{ alias = "Staubsauger Strom aus nach 6h";
|
||||
trigger = {
|
||||
platform = "state";
|
||||
entity_id = "switch.strom_staubsauger";
|
||||
to = "on";
|
||||
for.hours = 6;
|
||||
};
|
||||
action = {
|
||||
service= "homeassistant.turn_off";
|
||||
entity_id= "switch.strom_staubsauger";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
enable = true;
|
||||
|
@ -8,7 +8,7 @@
|
||||
timerConfig = {
|
||||
OnCalendar = "*:0/30";
|
||||
};
|
||||
url = "http://prism.r/realwallpaper-sat-krebs.png";
|
||||
url = "http://prism.r/realwallpaper-krebs.png";
|
||||
};
|
||||
|
||||
}
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user