Mic92
/
stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'orange/master'

This commit is contained in:
tv 2023-08-01 12:14:30 +02:00
parent 5d1b0675cf 6e63efa364
commit 7be9bfdc55
668 changed files with 202 additions and 25913 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
kartei/krebs/default.nix
View File

@ -233,29 +233,6 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY";
syncthing.id = "DK5CEE2-PNUXYCE-Q42H2HP-623GART-B7KS4VK-HU2RBGQ-EK6QPUP-HUL3PAR";
};
arcadeomat = {
ci = true;
nets = {
retiolum = {
ip4.addr = "10.243.77.67";
aliases = [
"arcadeomat.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAzpXyEATt8+ElxPq650/fkboEC9RvTWqN6UIAl/R4Zu+uDhAZ2ekb
HBjoSbRxu/0w2I37nwWUhEOemxGm4PXCgWrtO0jeRF4nVNYu3ZBppA3vuVALUWq7
apxRUEL9FdsWQlXGo4PVd20dGaDTi8M/Ggo755MStVTY0rRLluxyPq6VAa015sNg
4NOFuWm0NDn4e+qrahTCTiSjbCU8rWixm0GktV40kdg0QAiFbEcRhuXF1s9/yojk
7JT/nFg6LELjWUSSNZnioj5oSfVbThDRelIld9VaAKBAZZ5/zy6T2XSeDfoepytH
8aw6itEuTCy1M1DTiTG+12SPPw+ubG+NqQIDAQAB
-----END RSA PUBLIC KEY-----
Ed25519PublicKey = n/HMlgTTyLa0fcXqSBO/G6sVOUYh2yZ5PfU4vLI9CJO
'';
};
};
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOu6EVN3928qWiWszqBUzOjeQJRvFozTBl4xAhBP/Ymc";
};
wolf = {
ci = true;
nets = {

1
kartei/lass/blue.nix
View File

@ -1,5 +1,6 @@
{ r6, w6, ... }:
{
ci = false;
nets = {
retiolum = {
ip4.addr = "10.243.0.77";

13
kartei/makefu/default.nix
View File

@ -9,6 +9,7 @@
hostDefaults = hostName: host: foldl' recursiveUpdate {} [
{
ci = false;
owner = config.krebs.users.makefu;
}
# Retiolum defaults
@ -60,13 +61,11 @@
in {
hosts = mapAttrs hostDefaults {
cake = rec {
ci = false;
nets = {
retiolum.ip4.addr = "10.243.136.236";
};
};
crapi = rec { # raspi1
ci = false;
nets = {
retiolum.ip4.addr = "10.243.136.237";
};
@ -83,25 +82,21 @@ in {
};
studio = rec {
ci = false;
nets = {
retiolum.ip4.addr = "10.243.227.163";
};
};
fileleech = rec {
ci = false;
nets = {
retiolum.ip4.addr = "10.243.113.98";
};
};
tsp = {
ci = true;
nets = {
retiolum.ip4.addr = "10.243.0.212";
};
};
x = {
ci = true;
syncthing.id = "OA36OF6-JEFCUJQ-OEYVTMH-DPCACQI-3AJRE5G-BFVMOUG-RPYJQE3-4ZCUWA5";
nets = {
retiolum.ip4.addr = "10.243.0.91";
@ -113,14 +108,12 @@ in {
};
filepimp = rec {
ci = false;
nets = {
retiolum.ip4.addr = "10.243.153.102";
};
};
omo = rec {
ci = true;
syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK";
nets = {
wiregrill = {
@ -143,7 +136,6 @@ in {
};
};
wbob = rec {
ci = true;
nets = {
retiolum = {
ip4.addr = "10.243.214.15";
@ -163,7 +155,6 @@ in {
};
latte = rec {
ci = true;
extraZones = {
"krebsco.de" = ''
latte.euer IN A ${nets.internet.ip4.addr}
@ -201,7 +192,6 @@ in {
};
};
gum = rec {
ci = true;
extraZones = {
"krebsco.de" = ''
rss.euer IN A ${nets.internet.ip4.addr}
@ -305,7 +295,6 @@ in {
};
sdev = rec {
ci = true;
nets = {
retiolum.ip4.addr = "10.243.83.237";
};

2
kartei/xkey/default.nix
View File

@ -92,7 +92,7 @@ in
nets = {
retiolum = {
ip4.addr = "10.243.161.1";
aliases = [ "sicily.xkey.r" "mukke.r" ];
aliases = [ "sicily.xkey.r" "mukke.r" "bie.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg

82
krebs/1systems/arcadeomat/config.nix
View File

@ -1,82 +0,0 @@
{ config,lib, pkgs, ... }:
let
shack-ip = config.krebs.build.host.nets.shack.ip4.addr;
ext-if = "et0";
external-mac = "52:54:b0:0b:af:fe";
mainUser = "krebs";
in
{
imports = [
./hw.nix
../../../krebs
../../../krebs/2configs
#../../../krebs/2configs/binary-cache/nixos.nix
#../../../krebs/2configs/binary-cache/prism.nix
../../../krebs/2configs/shack/ssh-keys.nix
../../../krebs/2configs/save-diskspace.nix
../../../krebs/2configs/shack/prometheus/node.nix
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)
# local discovery in shackspace
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
krebs.tinc.retiolum.extraConfig = "TCPOnly = yes";
#networking = {
# firewall.enable = false;
# firewall.allowedTCPPorts = [ 8088 8086 8083 ];
# interfaces."${ext-if}".ipv4.addresses = [
# {
# address = shack-ip;
# prefixLength = 20;
# }
# ];
# defaultGateway = "10.42.0.1";
# nameservers = [ "10.42.0.100" "10.42.0.200" ];
#};
#####################
# uninteresting stuff
#####################
krebs.build.host = config.krebs.hosts.arcadeomat;
users.users."${mainUser}" = {
uid = 9001;
extraGroups = [ "audio" "video" ];
isNormalUser = true;
};
time.timeZone = "Europe/Berlin";
# avahi
services.avahi = {
enable = true;
wideArea = false;
};
environment.systemPackages = with pkgs;[ glxinfo sdlmame ];
nixpkgs.config.allowUnfree = true;
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_340;
boot.kernelPackages = pkgs.linuxPackages_5_4;
services.xserver = {
videoDrivers = [ "nvidia" ];
enable = true;
windowManager = {
awesome.enable = true;
awesome.noArgb = true;
awesome.luaModules = [ pkgs.luaPackages.vicious ];
};
displayManager.defaultSession = lib.mkDefault "none+awesome";
displayManager.autoLogin = {
enable = true;
user = mainUser;
};
};
}

25
krebs/1systems/arcadeomat/hw.nix
View File

@ -1,25 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/0aae456e-0548-4917-a282-11d5d4e403cf";
fsType = "ext4";
};
swapDevices = [ ];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.copyKernels = true;
}

91
krebs/2configs/agenda.html Normal file
View File

@ -0,0 +1,91 @@
<!DOCTYPE html>
<html>
<head>
<title>Agenda</title>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<style>
html {
font-family: monospace;
}
dt {
float: left;
clear: left;
width: 30px;
text-align: right;
font-weight: bold;
}
dd {
margin: 0 0 0 40px;
padding: 0 0 0.5em 0;
}
.date {
color: grey;
font-style: italic;
}
</style>
</head>
<body>
<dl id="agenda"></dl>
<script>
const urlSearchParams = new URLSearchParams(window.location.search);
const params = Object.fromEntries(urlSearchParams.entries());
if (params.hasOwnProperty("style")) {
const cssUrls = params["style"].split(" ").filter((x) => x.length > 0);
for (const cssUrl of cssUrls)
fetch(cssUrl)
.then((response) =>
response.text().then((css) => {
const title = document.getElementsByTagName("head")[0];
const style = document.createElement("style");
style.appendChild(document.createTextNode(css));
title.appendChild(style);
})
)
.catch(console.log);
}
fetch("/agenda.json")
.then((response) => {
response.json().then((agenda) => {
const dl = document.getElementById("agenda");
for (const agendaItem of agenda) {
if (agendaItem.status !== "pending") continue;
// task warrior date format to ISO
const entryDate = agendaItem.entry.replace(
/(\d{4})(\d{2})(\d{2})T(\d{2})(\d{2})(\d{2})Z/,
"$1-$2-$3T$4:$5:$6Z"
);
const dt = document.createElement("dt");
dt.className = "id";
dt.appendChild(document.createTextNode(agendaItem.id.toString()));
dl.appendChild(dt);
const spanDate = document.createElement("span");
spanDate.className = "date";
spanDate.title = new Date(entryDate).toString();
spanDate.appendChild(document.createTextNode(entryDate));
const link = document.createElement("a");
link.href = "http://wiki.r/agenda/" + encodeURIComponent(agendaItem.description.replaceAll("/", "\u29F8")); // we use big solidus instead of slash because gollum will create directories
link.appendChild(document.createTextNode(agendaItem.description));
const dd = document.createElement("dd");
dd.className = "description";
dd.appendChild(link);
dd.appendChild(document.createTextNode(" "));
dd.appendChild(spanDate);
dl.appendChild(dd);
}
});
})
.then((data) => console.log(data));
</script>
</body>
</html>

152
krebs/2configs/reaktor2.nix
View File

@ -28,7 +28,7 @@ let
amt=$2
unit=$3
printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file
${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
${pkgs.hledger}/bin/hledger -f "$state_file" bal -N -O csv \
| ${pkgs.coreutils}/bin/tail +2 \
| ${pkgs.miller}/bin/mlr --icsv --opprint cat \
| ${pkgs.gnugrep}/bin/grep "$_from"
@ -483,113 +483,49 @@ in {
''}'';
};
services.nginx = {
virtualHosts."agenda.r" = {
serverAliases = [ "kri.r" ];
locations."= /index.html".extraConfig = ''
alias ${pkgs.writeText "agenda.html" ''
<!DOCTYPE html>
<html>
<head>
<title>Agenda</title>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<style>
html {
font-family: monospace;
}
services.nginx.virtualHosts."agenda.r" = {
serverAliases = [ "kri.r" ];
locations."= /index.html".extraConfig = ''
alias ./agenda.html;
'';
locations."/agenda.json".extraConfig = ''
proxy_set_header Host $host;
proxy_pass http://localhost:8009;
'';
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
'';
};
dt {
float: left;
clear: left;
width: 30px;
text-align: right;
font-weight: bold;
}
dd {
margin: 0 0 0 40px;
padding: 0 0 0.5em 0;
}
.date {
color: grey;
font-style: italic;
}
</style>
</head>
<body>
<dl id="agenda"></dl>
<script>
const urlSearchParams = new URLSearchParams(window.location.search);
const params = Object.fromEntries(urlSearchParams.entries());
if (params.hasOwnProperty("style")) {
const cssUrls = params["style"].split(" ").filter((x) => x.length > 0);
for (const cssUrl of cssUrls)
fetch(cssUrl)
.then((response) =>
response.text().then((css) => {
const title = document.getElementsByTagName("head")[0];
const style = document.createElement("style");
style.appendChild(document.createTextNode(css));
title.appendChild(style);
})
)
.catch(console.log);
}
fetch("/agenda.json")
.then((response) => {
response.json().then((agenda) => {
const dl = document.getElementById("agenda");
for (const agendaItem of agenda) {
if (agendaItem.status !== "pending") continue;
// task warrior date format to ISO
const entryDate = agendaItem.entry.replace(
/(\d{4})(\d{2})(\d{2})T(\d{2})(\d{2})(\d{2})Z/,
"$1-$2-$3T$4:$5:$6Z"
);
const dt = document.createElement("dt");
dt.className = "id";
dt.appendChild(document.createTextNode(agendaItem.id.toString()));
dl.appendChild(dt);
const spanDate = document.createElement("span");
spanDate.className = "date";
spanDate.title = new Date(entryDate).toString();
spanDate.appendChild(document.createTextNode(entryDate));
const link = document.createElement("a");
link.href = "http://wiki.r/agenda/" + encodeURIComponent(agendaItem.description.replaceAll("/", "\u29F8")); // we use big solidus instead of slash because gollum will create directories
link.appendChild(document.createTextNode(agendaItem.description));
const dd = document.createElement("dd");
dd.className = "description";
dd.appendChild(link);
dd.appendChild(document.createTextNode(" "));
dd.appendChild(spanDate);
dl.appendChild(dd);
}
});
})
.then((data) => console.log(data));
</script>
</body>
</html>
''};
'';
locations."/agenda.json".extraConfig = ''
proxy_set_header Host $host;
proxy_pass http://localhost:8009;
'';
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
'';
krebs.htgen.bedger = {
port = 8011;
user = {
name = "reaktor2";
home = stateDir;
};
script = ''. ${pkgs.writers.writeDash "bedger" ''
case "$Method" in
"GET")
printf 'HTTP/1.1 200 OK\r\n'
printf 'Connection: close\r\n'
printf '\r\n'
${pkgs.hledger}/bin/hledger -f ${stateDir}/ledger bal -N -O json
exit
;;
esac
''}'';
};
services.nginx.virtualHosts."hotdog.r" = {
locations."/bedger.json".extraConfig = ''
proxy_set_header Host $host;
proxy_pass http://localhost:8011;
'';
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
'';
};
systemd.services.reaktor2-r.serviceConfig.DynamicUser = mkForce false;
@ -597,7 +533,7 @@ in {
krebs.reaktor2 = {
hackint = {
hostname = "irc.hackint.org";
nick = "reaktor2|krebs";
nick = "reaktor";
plugins = [
{
plugin = "register";
@ -617,7 +553,7 @@ in {
port = "6697";
};
r = {
nick = "reaktor2|krebs";
nick = "reaktor";
sendDelaySec = null;
plugins = [
{

12
krebs/5pkgs/simple/htgen-paste/src/htgen-paste
View File

@ -22,7 +22,17 @@ case "$Method $abs_path" in
printf 'Connection: close\r\n'
printf 'Content-Length: %d\r\n' $(wc -c < $item)
printf '\r\n'
cat $item
cat "$item"
exit
fi
;;
"DELETE /"[0-9a-z]*)
if item=$(find_item ${abs_path#/}); then
printf 'HTTP/1.1 200 OK\r\n'
printf 'Server: %s\r\n' "$Server"
printf 'Connection: close\r\n'
printf '\r\n'
rm "$item"
exit
fi
;;

2
krebs/5pkgs/simple/realwallpaper/default.nix
View File

@ -275,7 +275,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" ''
} ./get_constellations.py} ${pkgs.fetchurl {
url = "https://raw.githubusercontent.com/ofrohn/d3-celestial/d2e20e104b86429d90ac8227a5b021262b45d75a/data/constellations.lines.json";
sha256 = "0g71fdrnxvxd6pcqvihj2q9iaynrl7px45kzw6qm1kymynz6ckr9";
}} > constellations.arcs
}} > constellations.arcs || : # seems like astropy doesn't want to convert from icrs to itrs anymore
xplanet --num_times 1 --geometry $xplanet_out_size \
--output xplanet-krebs-stars-output.png --projection merc \

9
krebs/nixpkgs-unstable.json
View File

@ -1,9 +1,10 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "b12803b6d90e2e583429bb79b859ca53c348b39a",
"date": "2023-07-24T08:16:24+02:00",
"path": "/nix/store/786lhas0jmp3nihbb28pbp7sm1sjzsy7-nixpkgs",
"sha256": "1l9sa8hd242xrb2j18mj4f62f3cw0bf5pafp58gdl0jkl61dpapr",
"rev": "2a9d660ff0f7ffde9d73be328ee6e6f10ef66b28",
"date": "2023-07-28T14:55:37+02:00",
"path": "/nix/store/38nmp3rkbjic5dm6g9qp4ldwi7pr602p-nixpkgs",
"sha256": "0c2x3bcal4kyxgf6i408622zqvxamz986h11z8zjvd7gc8y4wxn7",
"hash": "sha256-x3ZOPGLvtC0/+iFAg9Kvqm/8hTAIkGjc634SqtgaXTA=",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,

9
krebs/nixpkgs.json
View File

@ -1,9 +1,10 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "98da3dd0de6660d4abed7bb74e748694bd803413",
"date": "2023-07-12T12:54:32+08:00",
"path": "/nix/store/h9ncvz7aq1aqhjmxngnnhwaw359prh2g-nixpkgs",
"sha256": "0qzflsmxfgqz07jlx7njfsq752n1la8a6007mmx7rvqspp30g6j1",
"rev": "48e82fe1b1c863ee26a33ce9bd39621d2ada0a33",
"date": "2023-07-28T18:34:19+03:00",
"path": "/nix/store/pgqfg8ip3lv0lr6mpwh558npz3c1wwcr-nixpkgs",
"sha256": "0d7na9ygda2r7gs3gbixd9gvcxgdv84993cilkj86bcwbpbg4vp5",
"hash": "sha256-5W7y1l2cLYPkpJGNlAja7XW2X2o9rjf0O1mo9nxS9jQ=",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,

98
lass/1systems/yellow/config.nix
View File

@ -1,5 +1,6 @@
{ config, lib, pkgs, ... }: let
vpnIp = "85.202.81.161";
vpnPort = 1637;
torrentport = 56709; # port forwarded in airvpn webinterface
in {
imports = [
<stockholm/lass>
@ -18,99 +19,22 @@ in {
networking.useHostResolvConf = false;
networking.useNetworkd = true;
services.openvpn.servers.nordvpn.config = ''
client
dev tun
proto udp
remote ${vpnIp} 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 15
ping-timer-rem
reneg-sec 0
comp-lzo no
remote-cert-tls server
auth-user-pass ${toString <secrets/nordvpn.txt>}
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ
MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2
MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV
BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF
kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr
XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU
eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV
skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu
MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA
37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR
hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s
Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy
WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6
MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST
LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG
SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g
nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/
k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S
DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/
pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo
k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp
+RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd
NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa
wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC
VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S
PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA==
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
e685bdaf659a25a200e2b9e39e51ff03
0fc72cf1ce07232bd8b2be5e6c670143
f51e937e670eee09d4f2ea5a6e4e6996
5db852c275351b86fc4ca892d78ae002
d6f70d029bd79c4d1c26cf14e9588033
cf639f8a74809f29f72b9d58f9b8f5fe
fc7938eade40e9fed6cb92184abb2cc1
0eb1a296df243b251df0643d53724cdb
5a92a1d6cb817804c4a9319b57d53be5
80815bcfcb2df55018cc83fc43bc7ff8
2d51f9b88364776ee9d12fc85cc7ea5b
9741c4f598c485316db066d52db4540e
212e1518a9bd4828219e24b20d88f598
a196c9de96012090e333519ae18d3509
9427e7b372d348d352dc4c85e18cd4b9
3f8a56ddb2e64eb67adfc9b337157ff4
-----END OpenVPN Static key V1-----
</tls-auth>
'';
networking.wg-quick.interfaces.airvpn.configFile = "/var/src/secrets/airvpn.conf";
services.transmission.settings.peer-port = torrentport;
# only allow traffic through openvpn
krebs.iptables = {
enable = true;
tables.filter.INPUT.rules = [
{ predicate = "-i airvpn -p tcp --dport ${toString torrentport}"; target = "ACCEPT"; }
{ predicate = "-i airvpn -p udp --dport ${toString torrentport}"; target = "ACCEPT"; }
];
tables.filter.OUTPUT = {
policy = "DROP";
rules = [
{ predicate = "-o lo"; target = "ACCEPT"; }
{ v6 = false; predicate = "-d ${vpnIp}/32"; target = "ACCEPT"; }
{ predicate = "-o tun0"; target = "ACCEPT"; }
{ predicate = "-p udp --dport ${toString vpnPort}"; target = "ACCEPT"; }
{ predicate = "-o airvpn"; target = "ACCEPT"; }
{ predicate = "-o retiolum"; target = "ACCEPT"; }
{ v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; }
{ v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; }

12
lass/2configs/zsh.nix
View File

@ -51,6 +51,18 @@
#enable automatic rehashing of $PATH
zstyle ':completion:*' rehash true
# fancy mv which interactively gets the second argument if not given
function mv() {
if [[ "$#" -ne 1 ]] || [[ ! -e "$1" ]]; then
command mv -v "$@"
return
fi
newfilename="$1"
vared newfilename
command mv -v -- "$1" "$newfilename"
}
#beautiful colors
eval $(dircolors -b ${pkgs.fetchFromGitHub {
owner = "trapd00r";

0
makefu/0tests/data/secrets/airdcpp-makefu.pw
View File

3
makefu/0tests/data/secrets/auth.nix
View File

@ -1,3 +0,0 @@
{
user = "password";
}

1
makefu/0tests/data/secrets/bepasty-secret.nix
View File

@ -1 +0,0 @@
"derp"

1
makefu/0tests/data/secrets/bgt_cyberwar_hidden_service/hostname
View File

@ -1 +0,0 @@
dickbutt2342.onion

4
makefu/0tests/data/secrets/bureautomation/citadel.nix
View File

@ -1,4 +0,0 @@
{
MATRIX_TOKEN="a";
MATRIX_ID="b";
}

1
makefu/0tests/data/secrets/daemon-pw
View File

@ -1 +0,0 @@
""

1
makefu/0tests/data/secrets/dl.euer.krebsco.de-auth.nix
View File

@ -1 +0,0 @@
{}

2
makefu/0tests/data/secrets/dl.gum-auth.nix
View File

@ -1,2 +0,0 @@
{
}

0
makefu/0tests/data/secrets/ebk-notify.yml
View File

1
makefu/0tests/data/secrets/extra-hosts.nix
View File

@ -1 +0,0 @@
""

5
makefu/0tests/data/secrets/grafana_security.nix
View File

@ -1,5 +0,0 @@
{
adminUser = "dick";
adminPassword = "butt";
}

5
makefu/0tests/data/secrets/ham/nextcloud-calendar
View File

@ -1,5 +0,0 @@
{
username = "bob";
password = "rob";
}

1
makefu/0tests/data/secrets/hashedPasswords.nix
View File

@ -1 +0,0 @@
{}

0
makefu/0tests/data/secrets/hass/adbkey
View File

1
makefu/0tests/data/secrets/hass/citadel-bot.json
View File

@ -1 +0,0 @@
{}

0
makefu/0tests/data/secrets/hass/darksky.apikey
View File

1
makefu/0tests/data/secrets/hass/router.nix
View File

@ -1 +0,0 @@
""

5
makefu/0tests/data/secrets/hass/telegram-bot.json
View File

@ -1,5 +0,0 @@
{
"platform": "polling",
"api_key": "1:A",
"allowed_chat_ids": [ 0, 1 ]
}

4
makefu/0tests/data/secrets/hass/tile.nix
View File

@ -1,4 +0,0 @@
{
username = "lol";
password = "wut";
}

0
makefu/0tests/data/secrets/hass/voicerss.apikey
View File

0
makefu/0tests/data/secrets/hetzner.smb
View File

0
makefu/0tests/data/secrets/id_nixBuild
View File

1
makefu/0tests/data/secrets/iodinepw.nix
View File

@ -1 +0,0 @@
"derp"

4
makefu/0tests/data/secrets/kibana-auth.nix
View File

@ -1,4 +0,0 @@
{
"dick" = "butt";
}

0
makefu/0tests/data/secrets/krebshub.pw
View File

0
makefu/0tests/data/secrets/lego-binaergewitter
View File

1
makefu/0tests/data/secrets/mediawikibot-config.json
View File

@ -1 +0,0 @@
{}

0
makefu/0tests/data/secrets/mqtt/hass
View File

0
makefu/0tests/data/secrets/mqtt/sensor
View File

0
makefu/0tests/data/secrets/mqtt/stats
View File

0
makefu/0tests/data/secrets/mysql_rootPassword
View File

0
makefu/0tests/data/secrets/netdata-stream.conf
View File

0
makefu/0tests/data/secrets/nixos-community
View File

1
makefu/0tests/data/secrets/nsupdate-cache.nix
View File

@ -1 +0,0 @@
"derp"

1
makefu/0tests/data/secrets/nsupdate-data.nix
View File

@ -1 +0,0 @@
{ "lol" = "wut"; }

1
makefu/0tests/data/secrets/nsupdate-hub.nix
View File

@ -1 +0,0 @@
{ "lol" = "wut"; }

3
makefu/0tests/data/secrets/nsupdate-search.nix
View File

@ -1,3 +0,0 @@
{
"dick.nsupdate.info" = "butt";
}

4
makefu/0tests/data/secrets/photoprism.nix
View File

@ -1,4 +0,0 @@
{
db.username = "photoprism";
db.password = "photoprism";
}

0
makefu/0tests/data/secrets/retiolum-ci.rsa_key.priv
View File

0
makefu/0tests/data/secrets/retiolum.rsa_key.priv
View File

0
makefu/0tests/data/secrets/retiolum.rsa_key.pub
View File

0
makefu/0tests/data/secrets/sambacred
View File

1
makefu/0tests/data/secrets/shackspace-gitlab-ci-token.nix
View File

@ -1 +0,0 @@
"lol"

6
makefu/0tests/data/secrets/signal/messenger.nix
View File

@ -1,6 +0,0 @@
{
number = "+1dotdotdot";
home = "group.ABCDE";
felix = "group.ABCDE";
}

0
makefu/0tests/data/secrets/ssh.id_ed25519
View File

0
makefu/0tests/data/secrets/ssh.makefu.id_rsa
View File

0
makefu/0tests/data/secrets/ssh.makefu.id_rsa.pub
View File

0
makefu/0tests/data/secrets/ssh_host_ed25519_key
View File

0
makefu/0tests/data/secrets/ssh_host_rsa_key
View File

0
makefu/0tests/data/secrets/syncthing.cert
View File

0
makefu/0tests/data/secrets/syncthing.key
View File

0
makefu/0tests/data/secrets/tinc.krebsco.de.crt
View File

0
makefu/0tests/data/secrets/tinc.krebsco.de.key
View File

2
makefu/0tests/data/secrets/tonie.env
View File

@ -1,2 +0,0 @@
TONIE_AUDIO_MATCH_USER=
TONIE_AUDIO_MATCH_PASS=

0
makefu/0tests/data/secrets/tw-pass.ini
View File

0
makefu/0tests/data/secrets/uhub.sql
View File

1
makefu/0tests/data/secrets/wbobPassword.nix
View File

@ -1 +0,0 @@
"$6$lol"

0
makefu/0tests/data/secrets/wildcard.krebsco.de.crt
View File

0
makefu/0tests/data/secrets/wildcard.krebsco.de.key
View File

6
makefu/0tests/data/secrets/zigbee2mqtt.nix
View File

@ -1,6 +0,0 @@
{
mqtt.password = "hass";
mqtt.username = "hass";
zigbee.network_key = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ];
}

0
makefu/0tests/data/wg-thierry.key
View File

38
makefu/1systems/cake/config.nix
View File

@ -1,38 +0,0 @@
{ config, lib, pkgs, ... }:
let
primaryInterface = "eth0";
in {
imports = [
<stockholm/makefu>
./hardware-config.nix
<stockholm/makefu/2configs/home-manager>
<stockholm/makefu/2configs/home/3dprint.nix>
#./hardware-config.nix
{ environment.systemPackages = with pkgs;[ rsync screen curl git tmux picocom mosh ];}
# <stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/binary-cache/nixos.nix>
#<stockholm/makefu/2configs/support-nixos.nix>
# <stockholm/makefu/2configs/homeautomation/default.nix>
# <stockholm/makefu/2configs/homeautomation/google-muell.nix>
# <stockholm/makefu/2configs/hw/pseyecam.nix>
# configure your hw:
# <stockholm/makefu/2configs/save-diskspace.nix>
# directly use the alsa device instead of attaching to pulse
<stockholm/makefu/2configs/audio/respeaker.nix>
<stockholm/makefu/2configs/home/rhasspy/default.nix>
<stockholm/makefu/2configs/home/rhasspy/led-control.nix>
];
krebs = {
enable = true;
tinc.retiolum.enable = true;
build.host = config.krebs.hosts.cake;
};
# ensure disk usage is limited
services.journald.extraConfig = "Storage=volatile";
networking.firewall.trustedInterfaces = [ primaryInterface ];
documentation.info.enable = false;
documentation.man.enable = false;
documentation.nixos.enable = false;
}

15
makefu/1systems/cake/hardware-config.nix
View File

@ -1,15 +0,0 @@
{ pkgs, lib, ... }:
{
environment.systemPackages = [ pkgs.libraspberrypi ];
imports = [ <nixos-hardware/raspberry-pi/4> ];
boot.kernelPackages = pkgs.linuxPackages_rpi4;
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "noatime" ];
};
};
hardware.raspberry-pi."4".fkms-3d.enable = true;
hardware.raspberry-pi."4".audio.enable = true;
}

6
makefu/1systems/cake/source.nix
View File

@ -1,6 +0,0 @@
{
name="cake";
full = true;
home-manager = true;
hw = true;
}

4
makefu/1systems/crapi/README
View File

@ -1,4 +0,0 @@
1. flash arm6 image from https://www.cs.helsinki.fi/u/tmtynkky/nixos-arm/installer/ to sdcard
2. passwd; systemctl start sshd; mkdir /var/src ; touch /var/src/.populate
3. "environment.systemPackages = [ pkgs.rsync pkgs.git ];" in /etc/nixos/configuration.nix
5. nixos-rebuild switch --fast --option binary-caches http://nixos-arm.dezgeg.me/channel --option binary-cache-public-keys nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%

15
makefu/1systems/crapi/config.nix
View File

@ -1,15 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports = [
<stockholm/makefu>
./hardware-config.nix
<stockholm/makefu/2configs>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/save-diskspace.nix>
];
krebs.build.host = config.krebs.hosts.crapi;
services.openssh.enable = true;
}

39
makefu/1systems/crapi/hardware-config.nix
View File

@ -1,39 +0,0 @@
{ pkgs, lib, ... }:
{
#raspi1
boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ];
boot.loader.grub.enable = false;
boot.loader.raspberryPi.enable = true;
boot.loader.raspberryPi.version = 1;
boot.loader.raspberryPi.uboot.enable = true;
boot.loader.raspberryPi.uboot.configurationLimit = 1;
boot.loader.generationsDir.enable = lib.mkDefault false;
hardware.enableRedistributableFirmware = true;
boot.cleanTmpDir = true;
environment.systemPackages = [ pkgs.raspberrypi-tools ];
boot.kernelPackages = pkgs.linuxPackages_rpi;
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT";
fsType = "vfat";
};
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
system.activationScripts.create-swap = ''
if [ ! -e /swapfile ]; then
fallocate -l 2G /swapfile
mkswap /swapfile
chmod 600 /swapfile
fi
'';
swapDevices = [ { device = "/swapfile"; size = 4096; } ];
}

3
makefu/1systems/crapi/source.nix
View File

@ -1,3 +0,0 @@
{
arm6 = true;
}

76
makefu/1systems/darth/config.nix
View File

@ -1,76 +0,0 @@
{ config, pkgs, lib, ... }:
with import <stockholm/lib>;
let
# all the good stuff resides in /data
byid = dev: "/dev/disk/by-id/" + dev;
rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN";
bootPart = rootDisk + "-part1";
rootPart = rootDisk + "-part2";
allDisks = [ rootDisk ]; # auxDisk
in {
imports = [
<stockholm/makefu>
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
<stockholm/makefu/2configs/sshd-totp.nix>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>
# <stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/nsupdate-data.nix>
<stockholm/makefu/2configs/share/anon-ftp.nix>
# lan party
<stockholm/makefu/2configs/lanparty/lancache.nix>
<stockholm/makefu/2configs/lanparty/lancache-dns.nix>
<stockholm/makefu/2configs/lanparty/samba.nix>
<stockholm/makefu/2configs/lanparty/mumble-server.nix>
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
];
#networking.firewall.enable = false;
makefu.server.primary-itf = "enp0s25";
# krebs.hidden-ssh.enable = true;
boot.kernelModules = [ "coretemp" "f71882fg" ];
hardware.enableRedistributableFirmware = true;
nixpkgs.config.allowUnfree = true;
networking = {
wireless.enable = true;
firewall = {
allowPing = true;
logRefusedConnections = false;
# trustedInterfaces = [ "eno1" ];
allowedUDPPorts = [ 80 655 1655 67 ];
allowedTCPPorts = [ 80 655 1655 ];
};
# fallback connection to the internal virtual network
# interfaces.virbr3.ip4 = [{
# address = "10.8.8.2";
# prefixLength = 24;
# }];
};
# TODO smartd omo darth gum all-in-one
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
boot.loader.grub.device = rootDisk;
boot.initrd.luks.devices = [
{ name = "luksroot";
device = rootPart;
allowDiscards = true;
keyFileSize = 4096;
keyFile = "/dev/sdb";
}
];
krebs.build.host = config.krebs.hosts.darth;
}

3
makefu/1systems/darth/source.nix
View File

@ -1,3 +0,0 @@
{
name="darth";
}

40
makefu/1systems/drop/config.nix
View File

@ -1,40 +0,0 @@
{ config, pkgs, ... }:
let
external-ip = "45.55.145.62";
default-gw = "45.55.128.1";
prefixLength = 18;
in {
imports = [
<stockholm/makefu>
<stockholm/makefu/2configs/hw/CAC.nix>
<stockholm/makefu/2configs/save-diskspace.nix>
<stockholm/makefu/2configs/torrent.nix>
];
krebs = {
enable = true;
tinc.retiolum.enable = true;
build.host = config.krebs.hosts.drop;
};
boot.loader.grub.device = "/dev/vda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ];
fileSystems."/" = {
device = "/dev/vda1";
fsType = "ext4";
};
networking = {
firewall = {
allowPing = true;
logRefusedConnections = false;
allowedTCPPorts = [ ];
allowedUDPPorts = [ 655 ];
};
interfaces.enp0s3.ipv4.addresses = [{
address = external-ip;
inherit prefixLength;
}];
defaultGateway = default-gw;
nameservers = [ "8.8.8.8" ];
};
}

4
makefu/1systems/drop/source.nix
View File

@ -1,4 +0,0 @@
{
name="drop";
torrent = true;
}

174
makefu/1systems/fileleech/config.nix
View File

@ -1,174 +0,0 @@
{ config, pkgs, lib, ... }:
let
toMapper = id: "/media/crypt${builtins.toString id}";
byid = dev: "/dev/disk/by-id/" + dev;
keyFile = byid "usb-Intuix_DiskOnKey_09A07360336198F8-0:0";
rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
rootPartition = rootDisk + "-part3";
dataDisks = let
idpart = dev: byid dev + "-part1";
in [
{ name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";}
{ name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";}
{ name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";}
{ name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";}
{ name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";}
{ name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";}
{ name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";}
{ name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity
];
disks = [ { name = "luksroot"; device = rootPartition; } ] ++ dataDisks;
in {
imports = [
<stockholm/makefu>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/disable_v6.nix>
<stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
#<stockholm/makefu/2configs/elchos/irc-token.nix>
# <stockholm/makefu/2configs/elchos/log.nix>
# <stockholm/makefu/2configs/elchos/search.nix>
# <stockholm/makefu/2configs/elchos/stats.nix>
];
systemd.services.grafana.serviceConfig.LimitNOFILE=10032;
systemd.services.graphiteApi.serviceConfig.LimitNOFILE=10032;
systemd.services.carbonCache.serviceConfig.LimitNOFILE=10032;
makefu.server.primary-itf = "enp8s0f0";
krebs = {
enable = true;
build.host = config.krebs.hosts.fileleech;
};
# git clone https://github.com/makefu/docker-pyload
# docker build .
# docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P docker-pyload
virtualisation.docker.enable = true; # for pyload
networking.firewall.allowPing = true;
networking.firewall.logRefusedConnections = false;
networking.firewall.allowedTCPPorts = [
51412 # torrent
8112 # rutorrent-web
8113 # pyload
8080 # sabnzbd
9090 # sabnzbd-ssl
655 # tinc
21 # ftp
];
services.nginx.virtualHosts._download = {
default = true;
root = config.makefu.dl-dir;
extraConfig = ''
autoindex on;
'';
basicAuth = import <secrets/kibana-auth.nix>;
};
networking.firewall.allowedUDPPorts = [
655 # tinc
51412 # torrent
];
services.vsftpd.enable = true;
services.vsftpd.localUsers = true;
services.vsftpd.userlist = [ "download" ];
services.vsftpd.userlistEnable = true;
# services.vsftpd.chrootlocalUser = true;
services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
# TODO use users.motd and pam.services.sshd.showMotd
services.openssh.extraConfig = let banner = pkgs.writeText "openssh-banner" ''
Services:
ssh://download@fileleech - ssh via filebitch
ftp://download@fileleech - access to ${config.makefu.dl-dir}
http://fileleech:8112 - rutorrent
http://fileleech:8113 - pyload
https://fileleech:9090 - sabnzb
''; in "Banner ${banner}";
boot.initrd.luks = {
devices = let
usbkey = name: device: {
inherit name device keyFile;
keyFileSize = 4096;
allowDiscards = true;
};
in builtins.map (x: usbkey x.name x.device) disks;
};
environment.systemPackages = with pkgs;[ mergerfs ];
fileSystems = let
cryptMount = name:
{ "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
in cryptMount "crypt0"
// cryptMount "crypt1"
// cryptMount "crypt2"
// cryptMount "crypt3"
// cryptMount "crypt4"
// cryptMount "crypt5"
// cryptMount "crypt6"
// cryptMount "crypt7"
# this entry sometimes creates issues
// { "/media/cryptX" = {
device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 4 5 6 ]);
fsType = "mergerfs";
noCheck = true;
options = [ "defaults" "nofail" "allow_other" "nonempty" ]; };
}
;
makefu.dl-dir = "/media/cryptX";
users.users.download = {
useDefaultShell = true;
# name = "download";
# createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.makefu.pubkey
config.krebs.users.lass.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClaVl9Fwp4wdGLeTZdfy5MpJf+hM6fpL1k6UmtYXWgVYU7tgmStdlpLlbyMQspoFRtT7/76n4kPwCmM0c82xNXaJJMuWa98pwMp+bAwSSdOGAP/vjfzL/TUAX+Xtrw6ehF7r1O+zqw/E/bWt6UezKj08wDLWjByzdDQwslJV6lrGek4mmYRdgmHHeZ1oG89ePEZJZOM6jcZqv0AfIj0NID3ir9Z0kz9uSSXb1279Qt4953mfjs5xwhtc1B7vrxJ3qtTZUsBoAkUkLeulUEIjkfn60wvDGu/66GP5ZClXyk2gck/ZNmtFYrQoqx9EtF1KK02cC17A0nfRySQy5BnfWn root@filebitch"
];
};
makefu.snapraid = {
enable = true;
disks = map toMapper [ 0 1 2 3 4 5 6 ];
parity = toMapper 7;
};
networking.nameservers = [ "8.8.8.8" ];
# SPF
networking.defaultGateway = "151.217.176.1";
networking.interfaces.enp6s0f0.ipv4.addresses = [{
address = "151.217.178.63";
prefixLength = 22;
}];
# Gigabit
networking.interfaces.enp8s0f1.ipv4.addresses = [{
address = "192.168.126.1";
prefixLength = 24;
}];
#interfaces.enp6s0f1.ip4 = [{
# address = external-ip;
# prefixLength = 22;
#}];
boot.loader.grub.device = rootDisk;
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "aacraid" "usb_storage" "usbhid" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# http://blog.hackathon.de/using-unsupported-sfp-modules-with-linux.html
boot.extraModprobeConfig = ''
options ixgbe allow_unsupported_sfp=1
'';
}

4
makefu/1systems/fileleech/source.nix
View File

@ -1,4 +0,0 @@
{
name = "fileleech";
torrent = true;
}

22
makefu/1systems/filepimp/config.nix
View File

@ -1,22 +0,0 @@
{ config, pkgs, lib, ... }:
# nix-shell -p wol --run 'wol C8:CB:B8:CF:E4:DC --passwd=CA-FE-BA-BE-13-37'
let
itf = config.makefu.server.primary-itf;
in {
imports =
[ # Include the results of the hardware scan.
./hw.nix
<stockholm/makefu>
<stockholm/makefu/2configs/home-manager>
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
<stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/filepimp-share.nix>
];
krebs.build.host = config.krebs.hosts.filepimp;
networking.firewall.trustedInterfaces = [ itf ];
networking.interfaces.${itf}.wakeOnLan.enable = true;
}

83
makefu/1systems/filepimp/hw.nix
View File

@ -1,83 +0,0 @@
{ config, pkgs, lib, ... }:
let
byid = dev: "/dev/disk/by-id/" + dev;
part1 = disk: disk + "-part1";
rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890";
primary-interface = "enp3s0"; # c8:cb:b8:cf:e4:dc
# N54L Chassis:
# ____________________
# |______FRONT_______|
# | [ ]|
# | [ d1 d0 d3 d4 ]|
# |___[_____________]|
jDisk1 = byid "ata-ST4000DM000-1F2168_Z3040NEA";
# transfer to omo
jDisk0 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
jDisk2 = byid "ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E0621363";
jDisk3 = byid "ata-TOSHIBA_MD04ACA400_156GK89OFSBA";
allDisks = [ rootDisk jDisk0 jDisk1 jDisk2 jDisk3 ];
in {
boot = {
loader.grub.device = rootDisk;
initrd.availableKernelModules = [
"ahci"
"ohci_pci"
"ehci_pci"
"pata_atiixp"
"usb_storage"
"usbhid"
];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
makefu.server.primary-itf = primary-interface;
hardware.enableRedistributableFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
zramSwap.enable = true;
makefu.snapraid = let
toMedia = name: "/media/" + name;
in {
enable = true;
# todo combine creation when enabling the mount point
disks = map toMedia [
"j0"
"j1"
"j2"
];
parity = toMedia "par0";
};
# TODO: refactor, copy-paste from omo
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
powerManagement.powerUpCommands = lib.concatStrings (map (disk: ''
${pkgs.hdparm}/sbin/hdparm -S 100 ${disk}
${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
${pkgs.hdparm}/sbin/hdparm -y ${disk}
'') allDisks);
fileSystems = let
xfsmount = name: dev:
{ "/media/${name}" = {
device = dev; fsType = "xfs";
options = [ "nofail" ];
}; };
tomedia = id: "/media/${id}";
in
(xfsmount "j0" (part1 jDisk0)) //
(xfsmount "j1" (part1 jDisk1)) //
(xfsmount "j2" (part1 jDisk2)) //
(xfsmount "par0" (part1 jDisk3)) //
{ "/media/jX" = {
device = (lib.concatMapStringsSep ":" (d: (tomedia d)) ["j0" "j1" "j2" ]);
fsType = "mergerfs";
noCheck = true;
options = [ "defaults" "allow_other" "nofail" "nonempty" ];
};
};
environment.systemPackages = [ pkgs.mergerfs ];
}

4
makefu/1systems/filepimp/source.nix
View File

@ -1,4 +0,0 @@
{
name="filepimp";
home-manager = true;
}

25
makefu/1systems/firecracker/config.nix
View File

@ -1,25 +0,0 @@
{ config, lib, pkgs, ... }:
let
primaryInterface = "eth0";
in {
imports = [
<stockholm/makefu>
./hardware-config.nix
# <stockholm/makefu/2configs/tools/core.nix>
{ environment.systemPackages = with pkgs;[ rsync screen curl git ];}
<stockholm/makefu/2configs/binary-cache/nixos.nix>
#<stockholm/makefu/2configs/support-nixos.nix>
# configure your hw:
# <stockholm/makefu/2configs/save-diskspace.nix>
];
krebs = {
enable = true;
tinc.retiolum.enable = true;
build.host = config.krebs.hosts.firecracker;
};
networking.firewall.trustedInterfaces = [ primaryInterface ];
documentation.info.enable = false;
documentation.man.enable = false;
services.nixosManual.enable = false;
sound.enable = false;
}

30
makefu/1systems/firecracker/hardware-config.nix
View File

@ -1,30 +0,0 @@
{ pkgs, lib, ... }:
{
boot.kernelParams = lib.mkForce ["console=ttyS2,1500000n8" "earlycon=uart8250,mmio32,0xff1a0000" "earlyprintk"];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.generic-extlinux-compatible.configurationLimit = 1;
boot.loader.generationsDir.enable = lib.mkDefault false;
boot.supportedFilesystems = lib.mkForce [ "vfat" ];
boot.tmpOnTmpfs = lib.mkForce false;
boot.cleanTmpDir = true;
hardware.enableRedistributableFirmware = true;
## wifi not working, will be fixed with https://github.com/NixOS/nixpkgs/pull/53747
boot.kernelPackages = pkgs.linuxPackages_latest;
networking.wireless.enable = true;
# File systems configuration for using the installer's partition layout
swapDevices = [ { device = "/var/swap"; size = 4096; } ];
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT";
fsType = "vfat";
};
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
}

4
makefu/1systems/firecracker/source.nix
View File

@ -1,4 +0,0 @@
{
name="cake";
full = true;
}

261
makefu/1systems/gum/config.nix
View File

@ -1,261 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
ext-if = config.makefu.server.primary-itf;
allDisks = [ "/dev/sda" "/dev/sdb" ];
in {
imports = [
<stockholm/makefu>
./hetznercloud
{
# wait for mount
systemd.services.rtorrent.wantedBy = lib.mkForce [];
systemd.services.phpfpm-nextcloud.wantedBy = lib.mkForce [];
systemd.services.samba-smbd.wantedBy = lib.mkForce [];
}
{
users.users.lass = {
uid = 19002;
isNormalUser = true;
createHome = true;
useDefaultShell = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
makefu.pubkey
];
};
}
<stockholm/makefu/2configs/nur.nix>
<stockholm/makefu/2configs/support-nixos.nix>
<stockholm/makefu/2configs/nix-community/supervision.nix>
<stockholm/makefu/2configs/home-manager>
<stockholm/makefu/2configs/home-manager/cli.nix>
# <stockholm/makefu/2configs/stats/client.nix>
<stockholm/makefu/2configs/share>
<stockholm/makefu/2configs/share/hetzner-client.nix>
# <stockholm/makefu/2configs/stats/netdata-server.nix>
<stockholm/makefu/2configs/headless.nix>
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
# Tools
<stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/sec.nix>
#<stockholm/makefu/2configs/tools/desktop.nix>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/mosh.nix>
<stockholm/makefu/2configs/storj/forward-port.nix>
# <stockholm/makefu/2configs/gui/xpra.nix>
# networking
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
#<stockholm/makefu/2configs/dnscrypt/server.nix>
# <stockholm/makefu/2configs/iodined.nix>
# <stockholm/makefu/2configs/backup.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
{ # bonus retiolum config for connecting more hosts
krebs.tinc.retiolum = {
#extraConfig = lib.mkForce ''
# ListenAddress = ${external-ip} 53
# ListenAddress = ${external-ip} 655
# ListenAddress = ${external-ip} 21031
# StrictSubnets = yes
# LocalDiscovery = no
#'';
connectTo = [
"prism" "ni" "enklave" "eve" "dishfire"
];
};
networking.firewall = {
allowedTCPPorts =
[
53
655
21031
];
allowedUDPPorts =
[
53
655
21031
];
};
}
# ci
# <stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
### systemdUltras ###
<stockholm/makefu/2configs/systemdultras/ircbot.nix>
###### Shack #####
# <stockholm/makefu/2configs/shack/events-publisher>
# <stockholm/makefu/2configs/shack/gitlab-runner>
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/remote-build/aarch64-community.nix>
<stockholm/makefu/2configs/taskd.nix>
# services
<stockholm/makefu/2configs/bitlbee.nix> # postgres backend
# <stockholm/makefu/2configs/sabnzbd.nix>
# <stockholm/makefu/2configs/mail/mail.euer.nix>
{ krebs.exim.enable = mkDefault true; }
<stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
# sharing
<stockholm/makefu/2configs/share/gum.nix> # samba sahre
<stockholm/makefu/2configs/torrent/rtorrent.nix>
# <stockholm/makefu/2configs/sickbeard>
{ nixpkgs.config.allowUnfree = true; }
#<stockholm/makefu/2configs/retroshare.nix>
## <stockholm/makefu/2configs/ipfs.nix>
#<stockholm/makefu/2configs/syncthing.nix>
# <stockholm/makefu/2configs/sync>
# <stockholm/makefu/2configs/opentracker.nix>
## network
# <stockholm/makefu/2configs/vpn/openvpn-server.nix>
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
<stockholm/makefu/2configs/binary-cache/server.nix>
{ makefu.backup.server.repo = "/var/backup/borg"; }
<stockholm/makefu/2configs/backup/server.nix>
<stockholm/makefu/2configs/backup/state.nix>
<stockholm/makefu/2configs/wireguard/server.nix>
<stockholm/makefu/2configs/wireguard/wiregrill.nix>
{ # recent changes mediawiki bot
networking.firewall.allowedUDPPorts = [ 5005 5006 ];
}
# Removed until move: no extra mails
# <stockholm/makefu/2configs/urlwatch>
# Removed until move: avoid letsencrypt ban
### Web
<stockholm/makefu/2configs/bitwarden.nix> # postgres backend
<stockholm/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix> # postgres backend
<stockholm/makefu/2configs/deployment/rss/ratt.nix>
<stockholm/makefu/2configs/deployment/ntfysh.nix>
<stockholm/makefu/2configs/deployment/owncloud.nix> #postgres backend
### Moving owncloud data dir to /media/cloud/nextcloud-data
{
users.users.nextcloud.extraGroups = [ "download" ];
# nextcloud-setup fails as it cannot set permissions for nextcloud
systemd.services.nextcloud-setup.serviceConfig.SuccessExitStatus = "0 1";
systemd.tmpfiles.rules = [
"L /var/lib/nextcloud/data - - - - /media/cloud/nextcloud-data"
"L /var/backup - - - - /media/cloud/gum-backup"
];
#fileSystems."/var/lib/nextcloud/data" = {
# device = "/media/cloud/nextcloud-data";
# options = [ "bind" ];
#};
#fileSystems."/var/backup" = {
# device = "/media/cloud/gum-backup";
# options = [ "bind" ];
#};
}
<stockholm/makefu/2configs/nginx/dl.euer.krebsco.de.nix>
#<stockholm/makefu/2configs/nginx/euer.test.nix>
<stockholm/makefu/2configs/nginx/euer.mon.nix>
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
<stockholm/makefu/2configs/nginx/euer.blog.nix>
<stockholm/makefu/2configs/nginx/music.euer.nix>
## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
#<stockholm/makefu/2configs/nginx/public_html.nix>
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
# <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
# <stockholm/makefu/2configs/nginx/iso.euer.nix>
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
# <stockholm/makefu/2configs/deployment/graphs.nix>
#<stockholm/makefu/2configs/deployment/owncloud.nix>
# <stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix>
#<stockholm/makefu/2configs/deployment/feed.euer.krebsco.de>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
<stockholm/makefu/2configs/deployment/gecloudpad>
#<stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
<stockholm/makefu/2configs/deployment/mediengewitter.de.nix>
<stockholm/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix>
# <stockholm/makefu/2configs/deployment/systemdultras-rss.nix>
<stockholm/makefu/2configs/shiori.nix>
#<stockholm/makefu/2configs/workadventure>
<stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
<stockholm/makefu/2configs/bgt/hidden_service.nix>
<stockholm/makefu/2configs/bgt/backup.nix>
# <stockholm/makefu/2configs/bgt/social-to-irc.nix>
# <stockholm/makefu/2configs/logging/client.nix>
# sharing
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
{ krebs.airdcpp.dcpp.shares = {
download.path = config.makefu.dl-dir + "/finished";
sorted.path = config.makefu.dl-dir + "/sorted";
};
}
<stockholm/makefu/2configs/dcpp/hub.nix>
## Temporary:
# <stockholm/makefu/2configs/temp/rst-issue.nix>
# <stockholm/makefu/2configs/virtualisation/docker.nix>
#<stockholm/makefu/2configs/virtualisation/libvirt.nix>
# krebs infrastructure services
# <stockholm/makefu/2configs/stats/server.nix>
];
# makefu.dl-dir = "/var/download";
makefu.dl-dir = "/media/cloud/download/finished";
services.openssh.hostKeys = lib.mkForce [
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
{ path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
###### stable
security.acme.certs."cgit.euer.krebsco.de" = {
email = "letsencrypt@syntax-fehler.de";
webroot = "/var/lib/acme/acme-challenge";
group = "nginx";
};
services.nginx.virtualHosts."cgit" = {
serverAliases = [ "cgit.euer.krebsco.de" ];
addSSL = true;
sslCertificate = "/var/lib/acme/cgit.euer.krebsco.de/fullchain.pem";
sslCertificateKey = "/var/lib/acme/cgit.euer.krebsco.de/key.pem";
locations."/.well-known/acme-challenge".extraConfig = ''
root /var/lib/acme/acme-challenge;
'';
};
krebs.build.host = config.krebs.hosts.gum;
# Network
networking = {
firewall = {
allowedTCPPorts = [
80 443
28967 # storj
];
allowPing = true;
logRefusedConnections = false;
};
nameservers = [ "8.8.8.8" ];
};
users.users.makefu.extraGroups = [ "download" "nginx" ];
state = [ "/home/makefu/.weechat" ];
}

116
makefu/1systems/gum/hetzner/default.nix
View File

@ -1,116 +0,0 @@
{ config, ... }:
let
external-mac = "50:46:5d:9f:63:6b";
main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS";
sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS";
external-gw = "144.76.26.225";
# single partition, label "nixos"
# cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate
# static
external-ip = "144.76.26.247";
external-ip6 = "2a01:4f8:191:12f6::2";
external-gw6 = "fe80::1";
external-netmask = 27;
external-netmask6 = 64;
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
ext-if = "et0"; # gets renamed on the fly
in {
imports = [
<stockholm/makefu/2configs/smart-monitor.nix>
{ services.smartd.devices = builtins.map (x: { device = x; }) allDisks; }
];
makefu.server.primary-itf = ext-if;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
'';
networking = {
interfaces."${ext-if}" = {
ipv4.addresses = [{
address = external-ip;
prefixLength = external-netmask;
}];
ipv6.addresses = [{
address = external-ip6;
prefixLength = external-netmask6;
}];
};
defaultGateway6 = { address = external-gw6; interface = ext-if; };
defaultGateway = external-gw;
};
boot.kernelParams = [ ];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.devices = [ main-disk ];
boot.initrd.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" ];
boot.initrd.availableKernelModules = [
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
];
boot.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" "kvm-intel" ];
hardware.enableRedistributableFirmware = true;
fileSystems."/" = {
device = "/dev/nixos/root";
fsType = "ext4";
};
fileSystems."/var/lib" = {
device = "/dev/nixos/lib";
fsType = "ext4";
};
fileSystems."/var/log" = {
device = "/dev/nixos/log";
fsType = "ext4";
};
fileSystems."/var/download" = {
device = "/dev/nixos/download";
fsType = "ext4";
};
fileSystems."/var/www/binaergewitter" = {
device = "/dev/nixos/binaergewitter";
fsType = "ext4";
options = [ "nofail" ];
};
fileSystems."/var/lib/nextcloud/data" = {
device = "/dev/nixos/nextcloud";
fsType = "ext4";
options = [ "nofail" ];
};
fileSystems."/var/lib/borgbackup" = {
device = "/dev/nixos/backup";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/sda2";
fsType = "vfat";
};
# parted -s -a optimal "$disk" \
# mklabel gpt \
# mkpart no-fs 0 1024KiB \
# set 1 bios_grub on \
# mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
# mkpart primary 1025MiB 100%
# parted -s -a optimal "/dev/sdb" \
# mklabel gpt \
# mkpart primary 1M 100%
#mkfs.vfat /dev/sda2
#pvcreate /dev/sda3
#pvcreate /dev/sdb1
#vgcreate nixos /dev/sda3 /dev/sdb1
#lvcreate -L 120G -m 1 -n root nixos
#lvcreate -L 50G -m 1 -n lib nixos
#lvcreate -L 100G -n download nixos
#lvcreate -L 100G -n backup nixos
#mkfs.ext4 /dev/mapper/nixos-root
#mkfs.ext4 /dev/mapper/nixos-lib
#mkfs.ext4 /dev/mapper/nixos-download
#mkfs.ext4 /dev/mapper/nixos-borgbackup
#mount /dev/mapper/nixos-root /mnt
#mkdir /mnt/boot
#mount /dev/sda2 /mnt/boot
#mkdir -p /mnt/var/src
#touch /mnt/var/src/.populate
}

50
makefu/1systems/gum/hetznercloud/default.nix
View File

@ -1,50 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ ./network.nix
(modulesPath + "/profiles/qemu-guest.nix")
];
# Disk
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "rpool/root";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "rpool/home";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "rpool/nix";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/sda1";
fsType = "vfat";
};
swapDevices = [ ];
boot.loader.grub.device = "/dev/sda";
networking.hostId = "3150697b"; # required for zfs use
boot.tmpOnTmpfs = true;
boot.supportedFilesystems = [ "zfs" ];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.copyKernels = true;
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
boot.kernelParams = [
"boot.shell_on_fail"
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
];
}

13
makefu/1systems/gum/hetznercloud/doit
View File

@ -1,13 +0,0 @@
ROOT_DEVICE=/dev/sda2
NIXOS_BOOT=/dev/sda1
zpool create -o ashift=12 -o altroot=/mnt rpool $ROOT_DEVICE
zfs create -o mountpoint=legacy rpool/root
zfs create -o mountpoint=legacy rpool/home
zfs create -o mountpoint=legacy rpool/nix
mount -t zfs rpool/root /mnt
mkdir /mnt/{home,nix,boot}
mount -t zfs rpool/home /mnt/home
mount -t zfs rpool/nix /mnt/nix
mount $NIXOS_BOOT /mnt/boot/

36
makefu/1systems/gum/hetznercloud/network.nix
View File

@ -1,36 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
let
external-mac = "96:00:01:24:33:f4";
external-gw = "172.31.1.1";
external-ip = "142.132.189.140";
external-ip6 = "2a01:4f8:1c17:5cdf::2";
external-gw6 = "fe80::1";
external-netmask = 32;
external-netmask6 = 64;
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
ext-if = "et0"; # gets renamed on the fly
in
{
makefu.server.primary-itf = ext-if;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
'';
networking = {
enableIPv6 = true;
nat.enableIPv6 = true;
interfaces."${ext-if}" = {
useDHCP = true;
ipv6.addresses = [{
address = external-ip6;
prefixLength = external-netmask6;
}];
};
#ipv4.addresses = [{
# address = external-ip;
# prefixLength = external-netmask;
#}];
defaultGateway6 = { address = external-gw6; interface = ext-if; };
#defaultGateway = external-gw;
nameservers = [ "1.1.1.1" ];
};
}

6
makefu/1systems/gum/hetznercloud/sfdisk.part
View File

@ -1,6 +0,0 @@
label: gpt
device: /dev/sda
unit: sectors
1 : size=524288 type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
4 : size=4096 type=21686148-6449-6E6F-744E-656564454649
2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4

Some files were not shown because too many files have changed in this diff Show More