Merge remote-tracking branch 'gum/master'

krebs/3modules/makefu/default.nix

@@ -26,6 +26,31 @@ with import <stockholm/lib>;
         };
       };
     };
+    studio = rec {
+      cores = 4;
+      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio";
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.227.163";
+          ip6.addr  = "42:e23f:ae0e:ea25:72ff:4ab8:9bd9:38a6";
+          aliases = [
+            "studio.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti
+            cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk
+            GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI
+            jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1
+            78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu
+            8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+    };
+
     fileleech = rec {
       cores = 4;
       ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
@@ -449,6 +474,7 @@ with import <stockholm/lib>;
       nets = rec {
         internet = {
           ip4.addr = "188.68.40.19";
+          ip6.addr = "2a03:4000:17:2df::1";
           aliases = [
             "gum.i"
           ];

makefu/1systems/gum.nix

@@ -4,8 +4,11 @@ with import <stockholm/lib>;
 let
   external-mac = "3a:66:48:8e:82:b2";
   external-ip = config.krebs.build.host.nets.internet.ip4.addr;
+  external-ip6 = config.krebs.build.host.nets.internet.ip6.addr;
   external-gw = "188.68.40.1";
+  external-gw6 = "fe80::1";
   external-netmask = 22;
+  external-netmask6 = 64;
   internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
   main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
 in {
@@ -14,7 +17,7 @@ in {
        <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
       ../2configs/headless.nix
       ../2configs/fs/single-partition-ext4.nix
-      ../2configs/smart-monitor.nix
+      # ../2configs/smart-monitor.nix
       ../2configs/git/cgit-retiolum.nix
       ../2configs/backup.nix
       # ../2configs/mattermost-docker.nix
@@ -55,7 +58,6 @@ in {
       # ../2configs/logging/central-logging-client.nix
 
   ];
-  services.smartd.devices = [ { device = main-disk;} ];
   makefu.dl-dir = "/var/download";
 
 
@@ -134,6 +136,11 @@ in {
       address = external-ip;
       prefixLength = external-netmask;
     }];
+    interfaces.et0.ip6 = [{
+      address = external-ip6;
+      prefixLength = external-netmask6;
+    }];
+    defaultGateway6 = external-gw6;
     defaultGateway = external-gw;
     nameservers = [ "8.8.8.8" ];
   };

makefu/1systems/studio.nix

@@ -0,0 +1,75 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    ../.
+    ../2configs/vncserver.nix
+    ../2configs/vim.nix
+    ../2configs/disable_v6.nix
+    ../2configs/jack-on-pulse.nix
+    ../2configs/gui/studio.nix
+
+  ];
+  makefu.gui.user = "user"; # we use an extra user
+  krebs = {
+    enable = true;
+    tinc.retiolum.enable = true;
+    build.host = config.krebs.hosts.studio;
+  };
+  networking.firewall.allowedTCPPorts = [ 655 ];
+  networking.firewall.allowedUDPPorts = [ 655 ];
+
+
+  environment.systemPackages = with pkgs;[
+    # audio foo
+    ## pulseaudio
+    pavucontrol
+    paprefs
+    pamixer
+
+    # extra alsa tools
+    alsa-hdspconf
+    alsa-hdspmixer
+    alsa-hdsploader
+
+    # recording
+    darkice
+    (mumble.override { jackSupport = true; })
+
+    # browsing
+    firefox
+    chromium
+  ];
+
+
+  nixpkgs.config.allowUnfree = true;
+  fonts = {
+    enableCoreFonts = true;
+    enableFontDir = true;
+    enableGhostscriptFonts = true;
+    fonts = [ ];
+  };
+  # ingos favorite display manager
+
+
+  # hardware
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/sda";
+
+  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/0aeda516-230e-4c54-9e27-13515c2f3f21";
+    fsType = "ext4";
+  };
+
+  swapDevices = [ { device = "/dev/disk/by-uuid/1914af67-5a8f-41d3-a1c2-211c39605da9"; } ];
+  users.users.user = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "audio" ];
+    uid = 1000;
+    openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
+  };
+}

makefu/1systems/tsp.nix

@@ -7,7 +7,7 @@
   imports =
     [ # Include the results of the hardware scan.
       ../.
-      ../2configs/base-gui.nix
+      ../2configs/gui/base.nix
       ../2configs/fs/sda-crypto-root.nix
       # hardware specifics are in here
       ../2configs/hw/tp-x200.nix #< imports tp-x2x0.nix

makefu/1systems/wbob.nix

@@ -1,20 +1,28 @@
 { config, pkgs, lib, ... }:
-let 
+let
   rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115";
   datadisk = "/dev/disk/by-id/ata-HGST_HTS721010A9E630_JR10006PH3A02F";
+  user = config.makefu.gui.user;
 in {
 
   imports =
     [ # Include the results of the hardware scan.
       ../.
       ../2configs/zsh-user.nix
-      ../2configs/base-gui.nix
       ../2configs/tools/core.nix
       ../2configs/tools/core-gui.nix
       ../2configs/tools/extra-gui.nix
       ../2configs/tools/media.nix
       ../2configs/virtualization.nix
       ../2configs/tinc/retiolum.nix
+      ../2configs/mqtt.nix
+      ../2configs/deployment/led-fader.nix
+      # ../2configs/gui/wbob-kiosk.nix
+
+      ../2configs/gui/studio.nix
+      ../2configs/audio/jack-on-pulse.nix
+      ../2configs/audio/realtime-audio.nix
+      ../2configs/vncserver.nix
     ];
 
   krebs = {
@@ -24,25 +32,10 @@ in {
 
   swapDevices = [ { device = "/var/swap"; } ];
 
-  services.xserver = {
-    layout = lib.mkForce "de";
-
-    windowManager = lib.mkForce {
-      awesome.enable = false;
-      default = "none";
-    };
-    desktopManager.xfce.enable = true;
-
-    # xrandrHeads = [ "HDMI1" "HDMI2" ];
-    # prevent screen from turning off, disable dpms
-    displayManager.sessionCommands = ''
-      xset s off -dpms
-      xrandr --output HDMI2 --right-of HDMI1
-    '';
-  };
 
   networking.firewall.allowedUDPPorts = [ 655 ];
   networking.firewall.allowedTCPPorts = [ 655 49152 ];
+  networking.firewall.trustedInterfaces = [ "enp0s25" ];
   #services.tinc.networks.siem = {
   #  name = "display";
   #  extraConfig = ''
@@ -85,7 +78,7 @@ in {
   # TODO: add crypto layer
   systemd.services."synergy-client" = {
     environment.DISPLAY = ":0";
-    serviceConfig.User = "makefu";
+    serviceConfig.User = user;
   };
 
   services.synergy = {

makefu/1systems/x.nix

@@ -38,6 +38,8 @@ with import <stockholm/lib>;
       # ../2configs/temp/sabnzbd.nix
 
 
+      # development
+      ../2configs/sources
 
       # Krebs
       # ../2configs/disable_v6.nix

makefu/2configs/audio/jack-on-pulse.nix

@@ -0,0 +1,45 @@
+{ config, pkgs, ... }:
+let
+  pulse = pkgs.pulseaudioFull;
+  user = config.makefu.gui.user;
+in
+{
+  sound.enable = true;
+  hardware.pulseaudio = {
+    enable = true;
+    package = pulse;
+  };
+
+  environment.systemPackages = with pkgs; [ jack2Full ];
+  # from http://anderspapitto.com/posts/2015-11-26-overtone-on-nixos-with-jack-and-pulseaudio.html
+
+  systemd.services = {
+    jackdbus = {
+      description = "Runs jack, and points pulseaudio at it";
+      serviceConfig = {
+        User = user;
+        Type = "oneshot";
+        ExecStart = pkgs.writeScript "start_jack.sh" ''
+          #! ${pkgs.bash}/bin/bash
+          . ${config.system.build.setEnvironment}
+          sleep 5 # wait for the gui to load
+
+          ${pkgs.jack2Full}/bin/jack_control start
+          sleep 3 # give some time for sources/sinks to be created
+
+          ${pulse}/bin/pacmd set-default-sink jack_out
+          ${pulse}/bin/pacmd set-default-source jack_in
+        '';
+        ExecStop = pkgs.writeScript "stop_jack.sh" ''
+          #! ${pkgs.bash}/bin/bash
+          . ${config.system.build.setEnvironment}
+
+          ${pkgs.jack2Full}/bin/jack_control stop
+        '';
+        RemainAfterExit = true;
+      };
+      after = [ "display-manager.service" "sound.target" ];
+      wantedBy = [ "multi-user.target" ];
+    };
+  };
+}

makefu/2configs/audio/realtime-audio.nix

@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+let
+  user = config.makefu.gui.user;
+in
+{
+  imports = [
+    ../sources/musnix.nix # populate musnix
+    <musnix>
+  ];
+  musnix.enable = true;
+  users.users."${user}".extraGroups = [ "audio" ];
+}

makefu/2configs/avahi.nix

@@ -0,0 +1,8 @@
+{ pkgs, ...}:
+{
+  services.avahi = {
+    enable = true;
+    wideArea = false;
+  };
+  environment.systemPackages = [ pkgs.avahi ];
+}

makefu/2configs/backup.nix

@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 with import <stockholm/lib>;
 let
   # preparation:
@@ -32,4 +32,7 @@ in {
     # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
     gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
   };
+  environment.systemPackages = [
+    pkgs.borgbackup
+  ];
 }

makefu/2configs/default.nix

@@ -22,7 +22,7 @@ with import <stockholm/lib>;
       user = config.krebs.users.makefu;
       source = let
           inherit (config.krebs.build) host user;
-          ref = "4fac473"; # unstable @ 2017-03-31 + command-not-found
+          ref = "0afb6d7"; # unstable @ 2017-05-09
       in {
         nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
           {

makefu/2configs/deployment/led-fader.nix

@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+  mq = "192.168.8.11";
+
+  pkg = pkgs.stdenv.mkDerivation {
+    name = "ampel-master";
+    src = pkgs.fetchgit {
+      url = "http://cgit.euer.krebsco.de/ampel";
+      rev = "07a6791de368e16cc0864d2676fd255eba522cee";
+      sha256 = "1jxjapvkfglvgapy7gjbr1nra3ay418nvz70bvypcmv7wc8d4h8q";
+    };
+    buildInputs = [
+      (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [
+        docopt
+        paho-mqtt
+      ]))
+    ];
+    installPhase = ''
+      install -m755 -D fade.py  $out/bin/fade.py
+      install -m755 -D ampel.py $out/bin/ampel
+      install -m755 -D times.json $out/share/times.json
+    '';
+  };
+in {
+  systemd.services.led-fader  = {
+    description = "Send led change to message queue";
+    environment = {
+      NIX_PATH = "/var/src";
+    };
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      # User = "nobody"; # need a user with permissions to run nix-shell
+      ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json";
+      PrivateTmp = true;
+    };
+  };
+}

makefu/2configs/git/cgit-retiolum.nix

@@ -19,6 +19,7 @@ let
       cgit.desc = "Build new Stockholm hosts";
     };
     cac-api = { };
+    ampel = { };
     init-stockholm = {
       cgit.desc = "Init stuff for stockholm";
     };

makefu/2configs/gui/base.nix

@@ -65,7 +65,7 @@ in
       cat |derp <<EOF
       XTerm*background: black
       XTerm*foreground: white
-      XTerm*FaceName  : xft:xos4 Terminus:pixelsize=14
+      XTerm*FaceName  : xft:xos4 Terminus:pixelsize=11
 
       URxvt*termName:         rxvt
       URxvt*saveLines:            10000
@@ -77,7 +77,7 @@ in
       URxvt.background: black
       URxvt.urgentOnBell: true
       URxvt.visualBell: false
-      URxvt.font : xft:xos4 Terminus:size=12
+      URxvt.font : xft:xos4 Terminus:size=11
 
 
       ! blue

makefu/2configs/gui/studio.nix

@@ -0,0 +1,22 @@
+{ config, lib, ... }:
+let
+  user = config.makefu.gui.user;
+in
+{
+  services.xserver.enable = true;
+  services.xserver.displayManager.sddm = {
+    enable = true;
+    autoLogin.enable = true;
+    autoLogin.user = user;
+  };
+  # services.xserver.windowMananger.default = "plasma5";
+  services.xserver.desktopManager = {
+    default = "plasma5";
+    plasma5.enable = true;
+  };
+
+  services.xserver.layout = "us";
+  services.xserver.xkbVariant = "altgr-intl";
+  services.xserver.xkbOptions = "ctrl:nocaps";
+
+}

makefu/2configs/gui/wbob-kiosk.nix

@@ -0,0 +1,23 @@
+{ lib, ... }:
+{
+
+  imports = [
+      ./base.nix
+  ];
+  services.xserver = {
+    layout = lib.mkForce "de";
+
+    windowManager = lib.mkForce {
+      awesome.enable = false;
+      default = "none";
+    };
+    desktopManager.xfce.enable = true;
+
+    # xrandrHeads = [ "HDMI1" "HDMI2" ];
+    # prevent screen from turning off, disable dpms
+    displayManager.sessionCommands = ''
+      xset s off -dpms
+      xrandr --output HDMI2 --right-of HDMI1
+    '';
+  };
+}

makefu/2configs/main-laptop.nix

@@ -11,7 +11,7 @@ let
   user = config.krebs.build.user.name;
 in {
   imports = [
-    ./base-gui.nix
+    ./gui/base.nix
     ./fetchWallpaper.nix
     ./zsh-user.nix
     ./tools/core.nix

makefu/2configs/sources/default.nix

@@ -0,0 +1,7 @@
+# the builder pc (my laptop) will also require the sources i use to deploy
+# other boxes
+{
+  imports = [
+    ./musnix.nix
+  ];
+}

makefu/2configs/sources/musnix.nix

@@ -0,0 +1,6 @@
+{
+  krebs.build.source.musnix.git = {
+    url = https://github.com/musnix/musnix.git;
+    ref = "37a8378";
+  };
+}

makefu/2configs/vncserver.nix

@@ -0,0 +1,62 @@
+{config,lib,pkgs, ...}:
+with lib;
+let
+  pwfile = (toString <secrets>)+ "/vnc-password"; # create with `vncpasswd`
+  pwtmp = "/tmp/vnc-password";
+  # nixos-unstable tigervnc is currently broken :\
+  package = (import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-17.03.tar.gz) {}).pkgs.tigervnc;
+  user = config.makefu.gui.user;
+  vnc_port = 5900;
+  web_port = 6080;
+in {
+  networking.firewall.allowedTCPPorts = [ 80 vnc_port web_port ];
+  systemd.services = {
+    terminal-server = {
+      description = "VNC Terminal Server";
+      after = [ "display-manager.service"  "graphical.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        User = user;
+        Restart = "always";
+        ExecStartPre = pkgs.writeDash "terminal-pre" ''
+          sleep 5
+          install -m0700 -o ${user} ${pwfile} ${pwtmp}
+        '';
+        ExecStart = "${package}/bin/x0vncserver -display :0 -rfbport ${toString vnc_port} -passwordfile ${pwtmp}";
+        PermissionsStartOnly = true;
+        PrivateTmp = true;
+      };
+    };
+    terminal-web = {
+      description = "noVNC Web Server";
+      after = [ "terminal-server.service"  "graphical.target" "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        User = "nobody";
+        ExecStart = "${pkgs.novnc}/bin/launch-novnc.sh --listen ${toString web_port} --vnc localhost:${toString vnc_port}";
+				PrivateTmp = true;
+      };
+    };
+  };
+  services.nginx.enable = true;
+  services.nginx.virtualHosts._.locations = {
+    "/" = {
+      root = "${pkgs.novnc}";
+      index = "vnc_auto.html";
+    };
+    "/websockify" = {
+      proxyPass = "http://127.0.0.1:6080/";
+      extraConfig = ''
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        # VNC connection timeout
+        proxy_read_timeout 61s;
+
+        # Disable cache
+        proxy_buffering off;
+      '';
+    };
+  };
+}

makefu/3modules/server-config.nix

@@ -6,5 +6,10 @@ with import <stockholm/lib>;
 		type = types.str;
 		description = "Primary interface of the server";
 	};
+  options.makefu.gui.user = lib.mkOption {
+		type = types.str;
+		description = "GUI user";
+    default = config.krebs.build.user.name;
+	};
 }
 

makefu/3modules/taskserver.nix

@@ -41,8 +41,8 @@ let
         Type = "simple";
         ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}";
         WorkingDirectory = cfg.workingDir;
-        PrivateTmp = true;
-        InaccessibleDirectories = "/home /boot /opt /mnt /media";
+        # PrivateTmp = true;
+        # InaccessibleDirectories = "/home /boot /opt /mnt /media";
         User = "taskd";
       };
     };

makefu/5pkgs/alsa-tools/default.nix

@@ -1,4 +1,4 @@
-{stdenv,alsaToolTarget,fetchurl, alsaLib, ncurses, fltk13, gtk}:
+{stdenv,alsaToolTarget,fetchurl, alsaLib, ncurses, fltk13, gtk3}:
 
 stdenv.mkDerivation rec {
   name = "alsa-${alsaToolTarget}-${version}";
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
     sha256 = "1lgvyb81md25s9ciswpdsbibmx9s030kvyylf0673w3kbamz1awl";
   };
   sourceRoot = "${alsaToolsName}/${alsaToolTarget}/";
-  buildInputs = [ alsaLib fltk13 gtk ncurses ];
+  buildInputs = [ alsaLib fltk13 gtk3 ncurses ];
 
   meta = {
     homepage = http://www.alsa-project.org/;

makefu/5pkgs/novnc/default.nix

@@ -0,0 +1,41 @@
+{ stdenv, fetchurl, pkgs }:
+# source: https://github.com/hyphon81/Nixtack/blob/master/noVNC/noVNC.nix
+let
+in
+
+stdenv.mkDerivation rec {
+  name = "novnc-${version}";
+  version = "0.6.2";
+
+  src = fetchurl {
+    url = "https://github.com/novnc/noVNC/archive/v${version}.tar.gz";
+    sha256 = "16ygbdzdmnfg9a26d9il4a6fr16qmq0ix9imfbpzl0drfbj7z8kh";
+  };
+  p = stdenv.lib.makeBinPath [ pkgs.nettools pkgs.python27Packages.websockify
+                               pkgs.coreutils pkgs.which pkgs.procps ];
+  # TODO: propagatedBuildInputs does not seem to work with shell scripts
+  patchPhase = ''
+    sed -i '1aset -efu\nexport PATH=${p}\n' utils/launch.sh
+  '';
+  installPhase = ''
+    mkdir -p $out/bin
+    cp utils/launch.sh $out/bin/launch-novnc.sh
+    chmod +x $out/bin/launch-novnc.sh
+    mkdir -p $out/images
+    cp -r images/* $out/images/
+    mkdir -p $out/include
+    cp -r include/* $out/include/
+    cp favicon.ico $out
+    cp vnc.html $out
+    cp vnc_auto.html $out
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = http://novnc.com/info.html;
+    repositories.git = git://github.com/novnc/noVNC.git;
+    description = ''
+      A HTML5 VNC Client
+    '';
+    license = licenses.mpl20;
+  };
+}

makefu/5pkgs/shackie/default.nix

@@ -0,0 +1,33 @@
+{ pkgs, fetchFromGitHub, ... }:
+with pkgs.python3Packages;
+let
+  asyncio-irc = buildPythonPackage rec {
+      name = "asyncio-irc-${version}";
+      version = "2016-09-02";
+      src = fetchFromGitHub {
+        owner = "watchtower";
+        repo = "asyncirc";
+        rev = "5384d19";
+        sha256 = "0xgzdvp0ig0im7r3vbqd3a9rzac0lkk2mvf7y4fw56p8k61df8nv";
+      };
+      propagatedBuildInputs = [ blinker ];
+  };
+in
+buildPythonPackage rec {
+    name = "shackie-${version}";
+    version = "2017-04-24";
+    propagatedBuildInputs = [
+      asyncio-irc
+      beautifulsoup4
+      lxml
+      pytz
+      redis
+      requests2
+    ];
+    src = fetchFromGitHub {
+      owner = "shackspace";
+      repo = "shackie";
+      rev = "e717ec7";
+      sha256 = "1ffbjm3x2xcyxl42hfsjs5xg1pm0xsprdi5if9zxa5ycqydmiw3l";
+    };
+}