Merge remote-tracking branch 'origin/master'
This commit is contained in:
commit
8834d1a9ff
@ -13,10 +13,7 @@ import <nixpkgs/nixos/lib/eval-config.nix> {
|
|||||||
(attrNames (filterAttrs (_: eq "directory") (readDir (<stockholm> + "/${ns}/1systems"))))
|
(attrNames (filterAttrs (_: eq "directory") (readDir (<stockholm> + "/${ns}/1systems"))))
|
||||||
(name: let
|
(name: let
|
||||||
config = import (<stockholm> + "/${ns}/1systems/${name}/config.nix");
|
config = import (<stockholm> + "/${ns}/1systems/${name}/config.nix");
|
||||||
source = import (<stockholm> + "/${ns}/1systems/${name}/source.nix");
|
|
||||||
in import <nixpkgs/nixos/lib/eval-config.nix> {
|
in import <nixpkgs/nixos/lib/eval-config.nix> {
|
||||||
modules = [ config ];
|
modules = [ config ];
|
||||||
} // {
|
|
||||||
inherit source;
|
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -1,4 +0,0 @@
|
|||||||
import <stockholm/jeschli/source.nix> {
|
|
||||||
name = "bolide";
|
|
||||||
secure = true;
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
import <stockholm/jeschli/source.nix> {
|
|
||||||
name = "brauerei";
|
|
||||||
secure = true;
|
|
||||||
}
|
|
@ -1,3 +0,0 @@
|
|||||||
import <stockholm/jeschli/source.nix> {
|
|
||||||
name = "enklave";
|
|
||||||
}
|
|
Binary file not shown.
@ -1,4 +0,0 @@
|
|||||||
import <stockholm/jeschli/source.nix> {
|
|
||||||
name = "reagenzglas";
|
|
||||||
secure = true;
|
|
||||||
}
|
|
@ -1,26 +0,0 @@
|
|||||||
with import <stockholm/lib>;
|
|
||||||
host@{ name, secure ? false, override ? {} }: let
|
|
||||||
builder = if getEnv "dummy_secrets" == "true"
|
|
||||||
then "buildbot"
|
|
||||||
else "jeschli";
|
|
||||||
_file = <stockholm> + "/jeschli/1systems/${name}/source.nix";
|
|
||||||
pkgs = import <nixpkgs> {
|
|
||||||
overlays = map import [
|
|
||||||
<stockholm/krebs/5pkgs>
|
|
||||||
<stockholm/submodules/nix-writers/pkgs>
|
|
||||||
];
|
|
||||||
};
|
|
||||||
in
|
|
||||||
evalSource (toString _file) [
|
|
||||||
{
|
|
||||||
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
|
|
||||||
nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
|
|
||||||
secrets.file = getAttr builder {
|
|
||||||
buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>;
|
|
||||||
jeschli = "${getEnv "HOME"}/secrets/${name}";
|
|
||||||
};
|
|
||||||
stockholm.file = toString <stockholm>;
|
|
||||||
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
|
|
||||||
}
|
|
||||||
override
|
|
||||||
]
|
|
@ -44,11 +44,6 @@ let
|
|||||||
exec >&2
|
exec >&2
|
||||||
source=${pkgs.writeJSON "source.json" populate-source}
|
source=${pkgs.writeJSON "source.json" populate-source}
|
||||||
LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source"
|
LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source"
|
||||||
# TODO: make deploy work
|
|
||||||
#LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \
|
|
||||||
# --force-populate \
|
|
||||||
# --source=${./data/test-source.nix} \
|
|
||||||
# --system=server \
|
|
||||||
'';
|
'';
|
||||||
minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> {
|
minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> {
|
||||||
modules = [
|
modules = [
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
import <stockholm/krebs/source.nix> {
|
|
||||||
name = "hotdog";
|
|
||||||
}
|
|
@ -1,13 +0,0 @@
|
|||||||
with import <stockholm/lib>;
|
|
||||||
let
|
|
||||||
pkgs = import <nixpkgs> {};
|
|
||||||
nixpkgs = builtins.fetchTarball {
|
|
||||||
url = https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz;
|
|
||||||
};
|
|
||||||
in import <stockholm/krebs/source.nix> {
|
|
||||||
name = "onebutton";
|
|
||||||
override.nixpkgs = mkForce {
|
|
||||||
file = toString nixpkgs;
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
@ -1,3 +0,0 @@
|
|||||||
import <stockholm/krebs/source.nix> {
|
|
||||||
name = "puyak";
|
|
||||||
}
|
|
@ -1,3 +0,0 @@
|
|||||||
import <stockholm/krebs/source.nix> {
|
|
||||||
name = "test-all-krebs-modules";
|
|
||||||
}
|
|
@ -1,3 +0,0 @@
|
|||||||
import <stockholm/krebs/source.nix> {
|
|
||||||
name = "test-arch";
|
|
||||||
}
|
|
@ -1,3 +0,0 @@
|
|||||||
import <stockholm/krebs/source.nix> {
|
|
||||||
name = "test-centos6";
|
|
||||||
}
|
|
@ -1,3 +0,0 @@
|
|||||||
import <stockholm/krebs/source.nix> {
|
|
||||||
name = "test-centos7";
|
|
||||||
}
|
|
@ -1,3 +0,0 @@
|
|||||||
import <stockholm/krebs/source.nix> {
|
|
||||||
name = "test-failing";
|
|
||||||
}
|
|
@ -1,3 +0,0 @@
|
|||||||
import <stockholm/krebs/source.nix> {
|
|
||||||
name = "test-minimal-deploy";
|
|
||||||
}
|
|
@ -1,3 +0,0 @@
|
|||||||
import <stockholm/krebs/source.nix> {
|
|
||||||
name = "wolf";
|
|
||||||
}
|
|
@ -1,47 +1,11 @@
|
|||||||
{ config, pkgs, ... }: with import <stockholm/lib>;
|
{ config, ... }: with import <stockholm/lib>;
|
||||||
|
|
||||||
let
|
|
||||||
|
|
||||||
hostname = config.networking.hostName;
|
|
||||||
|
|
||||||
sourceRepos = [
|
|
||||||
"http://cgit.enklave.r/stockholm"
|
|
||||||
"http://cgit.gum.r/stockholm"
|
|
||||||
"http://cgit.hotdog.r/stockholm"
|
|
||||||
"http://cgit.ni.r/stockholm"
|
|
||||||
"http://cgit.prism.r/stockholm"
|
|
||||||
];
|
|
||||||
|
|
||||||
# usage: build USER HOST
|
|
||||||
# This executable is meant to be run with <stockholm> as working directory.
|
|
||||||
# USER is expected to be a subdirectory of the working directory.
|
|
||||||
build = pkgs.writeDash "build" ''
|
|
||||||
set -efu
|
|
||||||
|
|
||||||
user=$1
|
|
||||||
host=$2
|
|
||||||
|
|
||||||
result=$(nix-build \
|
|
||||||
--argstr name "$host" \
|
|
||||||
--argstr target "$HOME"/stockholm-build \
|
|
||||||
--attr test \
|
|
||||||
--no-build-output \
|
|
||||||
--no-out-link \
|
|
||||||
--show-trace \
|
|
||||||
"$user"/krops.nix \
|
|
||||||
)
|
|
||||||
|
|
||||||
exec "$result"
|
|
||||||
'';
|
|
||||||
|
|
||||||
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts.build = {
|
virtualHosts.build = {
|
||||||
serverAliases = [ "build.${hostname}.r" ];
|
serverAliases = [ "build.${config.networking.hostName}.r" ];
|
||||||
locations."/".extraConfig = ''
|
locations."/".extraConfig = ''
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
@ -49,155 +13,28 @@ in
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
krebs.ci = {
|
||||||
krebs.buildbot.master = {
|
|
||||||
slaves = {
|
|
||||||
testslave = "lasspass";
|
|
||||||
};
|
|
||||||
change_source.stockholm = concatMapStrings (repo: ''
|
|
||||||
cs.append(
|
|
||||||
changes.GitPoller(
|
|
||||||
"${repo}",
|
|
||||||
workdir='stockholm${elemAt(splitString "." repo) 1}', branches=True,
|
|
||||||
project='stockholm',
|
|
||||||
pollinterval=10
|
|
||||||
)
|
|
||||||
)
|
|
||||||
'') sourceRepos;
|
|
||||||
scheduler = {
|
|
||||||
auto-scheduler = ''
|
|
||||||
sched.append(
|
|
||||||
schedulers.SingleBranchScheduler(
|
|
||||||
change_filter=util.ChangeFilter(branch_re=".*"),
|
|
||||||
treeStableTimer=60,
|
|
||||||
name="build-all-branches",
|
|
||||||
builderNames=[
|
|
||||||
"hosts",
|
|
||||||
]
|
|
||||||
)
|
|
||||||
)
|
|
||||||
'';
|
|
||||||
force-scheduler = ''
|
|
||||||
sched.append(
|
|
||||||
schedulers.ForceScheduler(
|
|
||||||
name="hosts",
|
|
||||||
builderNames=[
|
|
||||||
"hosts",
|
|
||||||
]
|
|
||||||
)
|
|
||||||
)
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
builder_pre = ''
|
|
||||||
# prepare grab_repo step for stockholm
|
|
||||||
grab_repo = steps.Git(
|
|
||||||
repourl=util.Property('repository', 'http://cgit.hotdog.r/stockholm'),
|
|
||||||
mode='full',
|
|
||||||
submodules=True,
|
|
||||||
)
|
|
||||||
'';
|
|
||||||
builder = {
|
|
||||||
hosts = ''
|
|
||||||
from buildbot import interfaces
|
|
||||||
from buildbot.steps.shell import ShellCommand
|
|
||||||
|
|
||||||
class StepToStartMoreSteps(ShellCommand):
|
|
||||||
def __init__(self, **kwargs):
|
|
||||||
ShellCommand.__init__(self, **kwargs)
|
|
||||||
|
|
||||||
def addBuildSteps(self, steps_factories):
|
|
||||||
for sf in steps_factories:
|
|
||||||
step = interfaces.IBuildStepFactory(sf).buildStep()
|
|
||||||
step.setBuild(self.build)
|
|
||||||
step.setBuildSlave(self.build.slavebuilder.slave)
|
|
||||||
step_status = self.build.build_status.addStepWithName(step.name)
|
|
||||||
step.setStepStatus(step_status)
|
|
||||||
self.build.steps.append(step)
|
|
||||||
|
|
||||||
def start(self):
|
|
||||||
props = self.build.getProperties()
|
|
||||||
hosts = json.loads(props.getProperty('hosts_json'))
|
|
||||||
for host in hosts:
|
|
||||||
user = hosts[host]['owner']
|
|
||||||
|
|
||||||
self.addBuildSteps([steps.ShellCommand(
|
|
||||||
name=str(host),
|
|
||||||
env={
|
|
||||||
"NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src",
|
|
||||||
"NIX_REMOTE": "daemon",
|
|
||||||
},
|
|
||||||
command=[
|
|
||||||
"${build}", user, host
|
|
||||||
],
|
|
||||||
timeout=90001,
|
|
||||||
workdir='build', # TODO figure out why we need this?
|
|
||||||
)])
|
|
||||||
|
|
||||||
ShellCommand.start(self)
|
|
||||||
|
|
||||||
|
|
||||||
f = util.BuildFactory()
|
|
||||||
f.addStep(grab_repo)
|
|
||||||
|
|
||||||
f.addStep(steps.SetPropertyFromCommand(
|
|
||||||
env={
|
|
||||||
"NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src",
|
|
||||||
"NIX_REMOTE": "daemon",
|
|
||||||
},
|
|
||||||
name="get_hosts",
|
|
||||||
command=["nix-instantiate", "--json", "--strict", "--eval", "-E", """
|
|
||||||
with import <nixpkgs> {};
|
|
||||||
let
|
|
||||||
eval-config = cfg:
|
|
||||||
import <nixpkgs/nixos/lib/eval-config.nix> {
|
|
||||||
modules = [
|
|
||||||
(import cfg)
|
|
||||||
];
|
|
||||||
}
|
|
||||||
;
|
|
||||||
|
|
||||||
system = eval-config ./krebs/1systems/hotdog/config.nix; # TODO put a better config here
|
|
||||||
|
|
||||||
ci-systems = lib.filterAttrs (_: v: v.ci) system.config.krebs.hosts;
|
|
||||||
|
|
||||||
filtered-attrs = lib.mapAttrs ( n: v: {
|
|
||||||
owner = v.owner.name;
|
|
||||||
}) ci-systems;
|
|
||||||
|
|
||||||
in filtered-attrs
|
|
||||||
"""],
|
|
||||||
property="hosts_json"
|
|
||||||
))
|
|
||||||
f.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here
|
|
||||||
|
|
||||||
bu.append(
|
|
||||||
util.BuilderConfig(
|
|
||||||
name="hosts",
|
|
||||||
slavenames=slavenames,
|
|
||||||
factory=f
|
|
||||||
)
|
|
||||||
)
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
enable = true;
|
enable = true;
|
||||||
web.enable = true;
|
repos = {
|
||||||
irc = {
|
disko.urls = [
|
||||||
enable = true;
|
"http://cgit.gum.r/disko"
|
||||||
nick = "build|${hostname}";
|
"http://cgit.hotdog.r/disko"
|
||||||
server = "irc.r";
|
"http://cgit.ni.r/disko"
|
||||||
channels = [ "noise" "xxx" ];
|
"http://cgit.prism.r/disko"
|
||||||
allowForce = true;
|
];
|
||||||
|
nix_writers.urls = [
|
||||||
|
"http://cgit.hotdog.r/nix-writers"
|
||||||
|
"http://cgit.ni.r/nix-writers"
|
||||||
|
"http://cgit.prism.r/nix-writers"
|
||||||
|
"https://git.ingolf-wagner.de/krebs/nix-writers.git"
|
||||||
|
];
|
||||||
|
stockholm.urls = [
|
||||||
|
"http://cgit.enklave.r/stockholm"
|
||||||
|
"http://cgit.gum.r/stockholm"
|
||||||
|
"http://cgit.hotdog.r/stockholm"
|
||||||
|
"http://cgit.ni.r/stockholm"
|
||||||
|
"http://cgit.prism.r/stockholm"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
extraConfig = ''
|
|
||||||
c['buildbotURL'] = "http://build.${hostname}.r/"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
krebs.buildbot.slave = {
|
|
||||||
enable = true;
|
|
||||||
masterhost = "localhost";
|
|
||||||
username = "testslave";
|
|
||||||
password = "lasspass";
|
|
||||||
packages = with pkgs; [ gnumake jq nix populate gnutar lzma gzip ];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -49,6 +49,7 @@ with import <stockholm/lib>;
|
|||||||
users.mutableUsers = false;
|
users.mutableUsers = false;
|
||||||
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
||||||
# TODO
|
# TODO
|
||||||
|
config.krebs.users.jeschli-brauerei.pubkey
|
||||||
config.krebs.users.lass.pubkey
|
config.krebs.users.lass.pubkey
|
||||||
config.krebs.users.lass-mors.pubkey
|
config.krebs.users.lass-mors.pubkey
|
||||||
config.krebs.users.makefu.pubkey
|
config.krebs.users.makefu.pubkey
|
||||||
|
@ -10,6 +10,7 @@ with import <stockholm/lib>;
|
|||||||
];
|
];
|
||||||
extraEnviron = {
|
extraEnviron = {
|
||||||
REAKTOR_HOST = "irc.freenode.org";
|
REAKTOR_HOST = "irc.freenode.org";
|
||||||
|
REAKTOR_NICKSERV_PASSWORD = "/var/lib/Reaktor/reaktor_nickserv_password";
|
||||||
};
|
};
|
||||||
plugins = with pkgs.ReaktorPlugins; [
|
plugins = with pkgs.ReaktorPlugins; [
|
||||||
sed-plugin
|
sed-plugin
|
||||||
@ -21,4 +22,9 @@ with import <stockholm/lib>;
|
|||||||
(attrValues (todo "agenda"))
|
(attrValues (todo "agenda"))
|
||||||
;
|
;
|
||||||
};
|
};
|
||||||
|
krebs.secret.files.nix-serve-key = {
|
||||||
|
path = "/var/lib/Reaktor/reaktor_nickserv_password";
|
||||||
|
owner.name = "Reaktor";
|
||||||
|
source-path = toString <secrets> + "/reaktor_nickserv_password";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
@ -4,7 +4,7 @@ with import <stockholm/lib>;
|
|||||||
{
|
{
|
||||||
krebs.Reaktor.retiolum = {
|
krebs.Reaktor.retiolum = {
|
||||||
nickname = "Reaktor|lass";
|
nickname = "Reaktor|lass";
|
||||||
channels = [ "#xxx" ];
|
channels = [ "#noise" "#xxx" ];
|
||||||
extraEnviron = {
|
extraEnviron = {
|
||||||
REAKTOR_HOST = "irc.r";
|
REAKTOR_HOST = "irc.r";
|
||||||
};
|
};
|
||||||
|
@ -122,6 +122,7 @@ let
|
|||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
environment = {
|
environment = {
|
||||||
GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
|
PYTHONPATH = "${pkgs.Reaktor}/lib/python3.6/site-packages";
|
||||||
REAKTOR_NICKNAME = botcfg.nickname;
|
REAKTOR_NICKNAME = botcfg.nickname;
|
||||||
REAKTOR_DEBUG = (if botcfg.debug then "True" else "False");
|
REAKTOR_DEBUG = (if botcfg.debug then "True" else "False");
|
||||||
REAKTOR_CHANNELS = lib.concatStringsSep "," botcfg.channels;
|
REAKTOR_CHANNELS = lib.concatStringsSep "," botcfg.channels;
|
||||||
|
@ -53,7 +53,7 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
system.activationScripts.announce-activation = ''
|
system.activationScripts.announce-activation = stringAfter [ "etc" ] ''
|
||||||
${announce-activation}
|
${announce-activation}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -82,6 +82,7 @@ let
|
|||||||
irc = words.IRC("${cfg.irc.server}", "${cfg.irc.nick}",
|
irc = words.IRC("${cfg.irc.server}", "${cfg.irc.nick}",
|
||||||
channels=${builtins.toJSON cfg.irc.channels},
|
channels=${builtins.toJSON cfg.irc.channels},
|
||||||
notify_events={
|
notify_events={
|
||||||
|
'started': 1,
|
||||||
'success': 1,
|
'success': 1,
|
||||||
'failure': 1,
|
'failure': 1,
|
||||||
'exception': 1,
|
'exception': 1,
|
||||||
|
@ -160,8 +160,6 @@ let
|
|||||||
# TODO: maybe also prepare buildbot.tac?
|
# TODO: maybe also prepare buildbot.tac?
|
||||||
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
|
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
|
||||||
set -efux
|
set -efux
|
||||||
#remove garbage from old versions
|
|
||||||
rm -rf ${workdir}
|
|
||||||
mkdir -p ${workdir}/info
|
mkdir -p ${workdir}/info
|
||||||
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
|
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
|
||||||
echo ${contact} > ${workdir}/info/admin
|
echo ${contact} > ${workdir}/info/admin
|
||||||
|
@ -26,8 +26,8 @@ let
|
|||||||
|
|
||||||
hostname = config.networking.hostName;
|
hostname = config.networking.hostName;
|
||||||
getJobs = pkgs.writeDash "get_jobs" ''
|
getJobs = pkgs.writeDash "get_jobs" ''
|
||||||
nix-build --no-out-link ./ci.nix 2>&1 > /dev/null
|
nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null
|
||||||
nix-instantiate --eval --strict --json ./ci.nix
|
nix-instantiate --quiet -Q --eval --strict --json ./ci.nix
|
||||||
'';
|
'';
|
||||||
|
|
||||||
imp = {
|
imp = {
|
||||||
@ -53,9 +53,12 @@ let
|
|||||||
nameValuePair name ''
|
nameValuePair name ''
|
||||||
sched.append(
|
sched.append(
|
||||||
schedulers.SingleBranchScheduler(
|
schedulers.SingleBranchScheduler(
|
||||||
change_filter=util.ChangeFilter(branch_re=".*"),
|
change_filter=util.ChangeFilter(
|
||||||
|
branch_re=".*",
|
||||||
|
project='${name}',
|
||||||
|
),
|
||||||
treeStableTimer=60,
|
treeStableTimer=60,
|
||||||
name="build-all-branches",
|
name="${name}-all-branches",
|
||||||
builderNames=[
|
builderNames=[
|
||||||
"${name}",
|
"${name}",
|
||||||
]
|
]
|
||||||
@ -97,6 +100,10 @@ let
|
|||||||
command=[
|
command=[
|
||||||
new_steps[new_step]
|
new_steps[new_step]
|
||||||
],
|
],
|
||||||
|
env={
|
||||||
|
"NIX_REMOTE": "daemon",
|
||||||
|
"NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
|
||||||
|
},
|
||||||
timeout=90001,
|
timeout=90001,
|
||||||
workdir='build', # TODO figure out why we need this?
|
workdir='build', # TODO figure out why we need this?
|
||||||
)])
|
)])
|
||||||
@ -121,7 +128,7 @@ let
|
|||||||
},
|
},
|
||||||
name="get_steps",
|
name="get_steps",
|
||||||
command=["${getJobs}"],
|
command=["${getJobs}"],
|
||||||
property="steps_json"
|
extract_fn=lambda rc, stdout, stderr: { 'steps_json': stdout },
|
||||||
))
|
))
|
||||||
f_${name}.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here
|
f_${name}.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here
|
||||||
|
|
||||||
@ -141,7 +148,7 @@ let
|
|||||||
enable = true;
|
enable = true;
|
||||||
nick = "build|${hostname}";
|
nick = "build|${hostname}";
|
||||||
server = "irc.r";
|
server = "irc.r";
|
||||||
channels = [ "noise" ];
|
channels = [ "xxx" "noise" ];
|
||||||
allowForce = true;
|
allowForce = true;
|
||||||
};
|
};
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
@ -182,6 +182,11 @@ let
|
|||||||
to = concatMapStringsSep "," (getAttr "mail") (toList to);
|
to = concatMapStringsSep "," (getAttr "mail") (toList to);
|
||||||
};
|
};
|
||||||
in mapAttrsToList format (with config.krebs.users; let
|
in mapAttrsToList format (with config.krebs.users; let
|
||||||
|
brain-ml = [
|
||||||
|
lass
|
||||||
|
makefu
|
||||||
|
tv
|
||||||
|
];
|
||||||
eloop-ml = spam-ml ++ [ ciko ];
|
eloop-ml = spam-ml ++ [ ciko ];
|
||||||
spam-ml = [
|
spam-ml = [
|
||||||
lass
|
lass
|
||||||
@ -191,6 +196,7 @@ let
|
|||||||
ciko.mail = "ciko@slash16.net";
|
ciko.mail = "ciko@slash16.net";
|
||||||
in {
|
in {
|
||||||
"anmeldung@eloop.org" = eloop-ml;
|
"anmeldung@eloop.org" = eloop-ml;
|
||||||
|
"brain@krebsco.de" = brain-ml;
|
||||||
"cfp@eloop.org" = eloop-ml;
|
"cfp@eloop.org" = eloop-ml;
|
||||||
"kontakt@eloop.org" = eloop-ml;
|
"kontakt@eloop.org" = eloop-ml;
|
||||||
"root@eloop.org" = eloop-ml;
|
"root@eloop.org" = eloop-ml;
|
||||||
|
@ -129,6 +129,8 @@ in {
|
|||||||
"graphite.shack"
|
"graphite.shack"
|
||||||
"acng.shack"
|
"acng.shack"
|
||||||
"drivedroid.shack"
|
"drivedroid.shack"
|
||||||
|
"mobile.lounge.mpd.shack"
|
||||||
|
"lounge.mpd.wolf.shack"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
retiolum = {
|
retiolum = {
|
||||||
@ -138,6 +140,7 @@ in {
|
|||||||
"wolf.r"
|
"wolf.r"
|
||||||
"build.wolf.r"
|
"build.wolf.r"
|
||||||
"cgit.wolf.r"
|
"cgit.wolf.r"
|
||||||
|
"lounge.mpd.wolf.r"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
@ -1,7 +1,9 @@
|
|||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
|
## generate keys with:
|
||||||
|
# tinc generate-keys
|
||||||
|
# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
|
||||||
{
|
{
|
||||||
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
|
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
|
||||||
cake = rec {
|
cake = rec {
|
||||||
@ -29,6 +31,32 @@ with import <stockholm/lib>;
|
|||||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake";
|
||||||
};
|
};
|
||||||
|
crapi = rec { # raspi1
|
||||||
|
cores = 1;
|
||||||
|
ci = false;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.136.237";
|
||||||
|
ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee2";
|
||||||
|
aliases = [
|
||||||
|
"crapi.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66
|
||||||
|
OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L
|
||||||
|
R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk
|
||||||
|
OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME
|
||||||
|
di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl
|
||||||
|
bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi";
|
||||||
|
};
|
||||||
drop = rec {
|
drop = rec {
|
||||||
ci = true;
|
ci = true;
|
||||||
cores = 1;
|
cores = 1;
|
||||||
@ -298,6 +326,13 @@ with import <stockholm/lib>;
|
|||||||
-----END RSA PUBLIC KEY-----
|
-----END RSA PUBLIC KEY-----
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
#wiregrill = {
|
||||||
|
# ip6.addr = "42:4200:0000:0000:0000:0000:0000:a4db";
|
||||||
|
# aliases = [
|
||||||
|
# "x.w"
|
||||||
|
# ];
|
||||||
|
# wireguard.pubkey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
|
||||||
|
#};
|
||||||
};
|
};
|
||||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x";
|
||||||
@ -457,8 +492,6 @@ with import <stockholm/lib>;
|
|||||||
ip6.addr = "42:f9f0::10";
|
ip6.addr = "42:f9f0::10";
|
||||||
aliases = [
|
aliases = [
|
||||||
"omo.r"
|
"omo.r"
|
||||||
"logs.makefu.r"
|
|
||||||
"stats.makefu.r"
|
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
@ -525,7 +558,9 @@ with import <stockholm/lib>;
|
|||||||
"krebsco.de" = ''
|
"krebsco.de" = ''
|
||||||
cache.euer IN A ${nets.internet.ip4.addr}
|
cache.euer IN A ${nets.internet.ip4.addr}
|
||||||
cache.gum IN A ${nets.internet.ip4.addr}
|
cache.gum IN A ${nets.internet.ip4.addr}
|
||||||
|
graph IN A ${nets.internet.ip4.addr}
|
||||||
gold IN A ${nets.internet.ip4.addr}
|
gold IN A ${nets.internet.ip4.addr}
|
||||||
|
iso.euer IN A ${nets.internet.ip4.addr}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
cores = 8;
|
cores = 8;
|
||||||
@ -537,13 +572,24 @@ with import <stockholm/lib>;
|
|||||||
"nextgum.i"
|
"nextgum.i"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
#wiregrill = {
|
||||||
|
# via = internet;
|
||||||
|
# ip6.addr = "42:4200:0000:0000:0000:0000:0000:70d3";
|
||||||
|
# aliases = [
|
||||||
|
# "gum.w"
|
||||||
|
# ];
|
||||||
|
# wireguard.pubkey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
|
||||||
|
#};
|
||||||
retiolum = {
|
retiolum = {
|
||||||
via = internet;
|
via = internet;
|
||||||
ip4.addr = "10.243.0.213";
|
ip4.addr = "10.243.0.213";
|
||||||
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3";
|
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3";
|
||||||
aliases = [
|
aliases = [
|
||||||
"nextgum.r"
|
"nextgum.r"
|
||||||
|
"graph.r"
|
||||||
"cache.gum.r"
|
"cache.gum.r"
|
||||||
|
"logs.makefu.r"
|
||||||
|
"stats.makefu.r"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
@ -579,7 +625,6 @@ with import <stockholm/lib>;
|
|||||||
boot.euer IN A ${nets.internet.ip4.addr}
|
boot.euer IN A ${nets.internet.ip4.addr}
|
||||||
wiki.euer IN A ${nets.internet.ip4.addr}
|
wiki.euer IN A ${nets.internet.ip4.addr}
|
||||||
mon.euer IN A ${nets.internet.ip4.addr}
|
mon.euer IN A ${nets.internet.ip4.addr}
|
||||||
graph IN A ${nets.internet.ip4.addr}
|
|
||||||
ghook IN A ${nets.internet.ip4.addr}
|
ghook IN A ${nets.internet.ip4.addr}
|
||||||
dockerhub IN A ${nets.internet.ip4.addr}
|
dockerhub IN A ${nets.internet.ip4.addr}
|
||||||
photostore IN A ${nets.internet.ip4.addr}
|
photostore IN A ${nets.internet.ip4.addr}
|
||||||
@ -604,7 +649,6 @@ with import <stockholm/lib>;
|
|||||||
"o.gum.r"
|
"o.gum.r"
|
||||||
"tracker.makefu.r"
|
"tracker.makefu.r"
|
||||||
|
|
||||||
"graph.r"
|
|
||||||
"search.makefu.r"
|
"search.makefu.r"
|
||||||
"wiki.makefu.r"
|
"wiki.makefu.r"
|
||||||
"wiki.gum.r"
|
"wiki.gum.r"
|
||||||
|
@ -58,7 +58,7 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
config.activate = let
|
config.activate = let
|
||||||
src = pkgs.execve config.name {
|
src = pkgs.exec config.name {
|
||||||
inherit (config) envp filename;
|
inherit (config) envp filename;
|
||||||
};
|
};
|
||||||
dst = "${wrapperDir}/${config.name}";
|
dst = "${wrapperDir}/${config.name}";
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
{ lib, pkgs,python3Packages,fetchurl, ... }:
|
{ lib, pkgs, python3Packages, fetchFromGitHub, ... }:
|
||||||
|
|
||||||
python3Packages.buildPythonPackage rec {
|
python3Packages.buildPythonPackage rec {
|
||||||
name = "Reaktor-${version}";
|
name = "Reaktor-${version}";
|
||||||
version = "0.5.1";
|
version = "0.6.0";
|
||||||
|
|
||||||
doCheck = false;
|
doCheck = false;
|
||||||
|
|
||||||
@ -10,9 +10,11 @@ python3Packages.buildPythonPackage rec {
|
|||||||
python3Packages.docopt
|
python3Packages.docopt
|
||||||
python3Packages.requests
|
python3Packages.requests
|
||||||
];
|
];
|
||||||
src = fetchurl {
|
src = fetchFromGitHub {
|
||||||
url = "https://pypi.python.org/packages/source/R/Reaktor/Reaktor-${version}.tar.gz";
|
owner = "krebs";
|
||||||
sha256 = "0dn9r0cyxi1sji2pnybsrc4hhaaq7hmf235nlgkrxqlsdb7y6n6n";
|
repo = "Reaktor";
|
||||||
|
rev = version;
|
||||||
|
sha256 = "0nsnv1rixmlg5wkb74b4f5bycb42b9rp4b14hijh558hbsa1b9am";
|
||||||
};
|
};
|
||||||
meta = {
|
meta = {
|
||||||
homepage = http://krebsco.de/;
|
homepage = http://krebsco.de/;
|
||||||
|
@ -120,7 +120,7 @@ rec {
|
|||||||
url-title = (buildSimpleReaktorPlugin "url-title" {
|
url-title = (buildSimpleReaktorPlugin "url-title" {
|
||||||
pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$";
|
pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$";
|
||||||
path = with pkgs; [ curl perl ];
|
path = with pkgs; [ curl perl ];
|
||||||
script = pkgs.writePython3 "url-title" [ "beautifulsoup4" "lxml" ] ''
|
script = pkgs.writePython3 "url-title" { deps = with pkgs.python3Packages; [ beautifulsoup4 lxml ]; } ''
|
||||||
import cgi
|
import cgi
|
||||||
import sys
|
import sys
|
||||||
import urllib.request
|
import urllib.request
|
||||||
|
@ -8,9 +8,19 @@ import shelve
|
|||||||
from os import environ
|
from os import environ
|
||||||
from os.path import join
|
from os.path import join
|
||||||
from sys import argv
|
from sys import argv
|
||||||
|
from time import sleep
|
||||||
import re
|
import re
|
||||||
|
|
||||||
d = shelve.open(join(environ['state_dir'], 'sed-plugin.shelve'), writeback=True)
|
# try to open the shelve file until it succeeds
|
||||||
|
while True:
|
||||||
|
try:
|
||||||
|
d = shelve.open(
|
||||||
|
join(environ['state_dir'], 'sed-plugin.shelve'),
|
||||||
|
writeback=True
|
||||||
|
)
|
||||||
|
break
|
||||||
|
except: # noqa: E722
|
||||||
|
sleep(0.2)
|
||||||
usr = environ['_from']
|
usr = environ['_from']
|
||||||
|
|
||||||
|
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
python2Packages.buildPythonApplication rec {
|
python2Packages.buildPythonApplication rec {
|
||||||
name = "buildbot-classic-${version}";
|
name = "buildbot-classic-${version}";
|
||||||
version = "0.8.17";
|
version = "0.8.18";
|
||||||
namePrefix = "";
|
namePrefix = "";
|
||||||
patches = [];
|
patches = [];
|
||||||
|
|
||||||
@ -10,7 +10,7 @@ python2Packages.buildPythonApplication rec {
|
|||||||
owner = "krebs";
|
owner = "krebs";
|
||||||
repo = "buildbot-classic";
|
repo = "buildbot-classic";
|
||||||
rev = version;
|
rev = version;
|
||||||
sha256 = "0yn0n37rs2bhz9q0simnvyzz5sfrpqhbdm6pdj6qk7sab4y6xbq8";
|
sha256 = "0b4y3n9zd2gdy8xwk1vpvs4n9fbg72vi8mx4ydgijwngcmdqkjmq";
|
||||||
};
|
};
|
||||||
postUnpack = "sourceRoot=\${sourceRoot}/master";
|
postUnpack = "sourceRoot=\${sourceRoot}/master";
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ writeDashBin, bepasty-client-cli }:
|
{ writeDashBin, bepasty-client-cli }:
|
||||||
|
|
||||||
# TODO use `execve` instead?
|
# TODO use `pkgs.exec` instead?
|
||||||
writeDashBin "krebspaste" ''
|
writeDashBin "krebspaste" ''
|
||||||
exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" | sed '$ s/$/\/+inline/g'
|
exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" | sed '$ s/$/\/+inline/g'
|
||||||
''
|
''
|
||||||
|
@ -1,230 +0,0 @@
|
|||||||
{ pkgs }: let
|
|
||||||
|
|
||||||
stockholm-dir = ../../../..;
|
|
||||||
|
|
||||||
lib = import (stockholm-dir + "/lib");
|
|
||||||
|
|
||||||
#
|
|
||||||
# high level commands
|
|
||||||
#
|
|
||||||
|
|
||||||
cmds.deploy = pkgs.withGetopt {
|
|
||||||
force-populate = { default = /* sh */ "false"; switch = true; };
|
|
||||||
quiet = { default = /* sh */ "false"; switch = true; };
|
|
||||||
source_file = {
|
|
||||||
default = /* sh */ "$user/1systems/$system/source.nix";
|
|
||||||
long = "source";
|
|
||||||
};
|
|
||||||
system = {};
|
|
||||||
target.default = /* sh */ "$system";
|
|
||||||
user.default = /* sh */ "$LOGNAME";
|
|
||||||
} (opts: pkgs.writeDash "stockholm.deploy" ''
|
|
||||||
set -efu
|
|
||||||
|
|
||||||
. ${init.env}
|
|
||||||
. ${init.proxy "deploy" opts}
|
|
||||||
|
|
||||||
# Use system's nixos-rebuild, which is not self-contained
|
|
||||||
export PATH=/run/current-system/sw/bin
|
|
||||||
exec ${utils.with-whatsupnix} \
|
|
||||||
nixos-rebuild switch \
|
|
||||||
--show-trace \
|
|
||||||
-I "$target_path"
|
|
||||||
'');
|
|
||||||
|
|
||||||
cmds.get-version = pkgs.writeDash "get-version" ''
|
|
||||||
set -efu
|
|
||||||
hostname=''${HOSTNAME-$(${pkgs.nettools}/bin/hostname)}
|
|
||||||
version=git.$(${pkgs.git}/bin/git describe --always --dirty)
|
|
||||||
case $version in (*-dirty)
|
|
||||||
version=$version@$hostname
|
|
||||||
esac
|
|
||||||
date=$(${pkgs.coreutils}/bin/date +%y.%m)
|
|
||||||
echo "$date.$version"
|
|
||||||
'';
|
|
||||||
|
|
||||||
cmds.install = pkgs.withGetopt {
|
|
||||||
force-populate = { default = /* sh */ "false"; switch = true; };
|
|
||||||
quiet = { default = /* sh */ "false"; switch = true; };
|
|
||||||
source_file = {
|
|
||||||
default = /* sh */ "$user/1systems/$system/source.nix";
|
|
||||||
long = "source";
|
|
||||||
};
|
|
||||||
system = {};
|
|
||||||
target = {};
|
|
||||||
user.default = /* sh */ "$LOGNAME";
|
|
||||||
} (opts: pkgs.writeBash "stockholm.install" ''
|
|
||||||
set -efu
|
|
||||||
|
|
||||||
. ${init.env}
|
|
||||||
|
|
||||||
if \test "''${using_proxy-}" != true; then
|
|
||||||
${pkgs.openssh}/bin/ssh \
|
|
||||||
-o StrictHostKeyChecking=no \
|
|
||||||
-o UserKnownHostsFile=/dev/null \
|
|
||||||
"$target_user@$target_host" -p "$target_port" \
|
|
||||||
env target_path=$(${pkgs.quote}/bin/quote "$target_path") \
|
|
||||||
sh -s prepare \
|
|
||||||
< ${stockholm-dir + "/krebs/4lib/infest/prepare.sh"}
|
|
||||||
# TODO inline prepare.sh?
|
|
||||||
fi
|
|
||||||
|
|
||||||
. ${init.proxy "install" opts}
|
|
||||||
|
|
||||||
# these variables get defined by nix-shell (i.e. nix-build) from
|
|
||||||
# XDG_RUNTIME_DIR and reference the wrong directory (/run/user/0),
|
|
||||||
# which only exists on / and not at /mnt.
|
|
||||||
export NIX_BUILD_TOP=/tmp
|
|
||||||
export TEMPDIR=/tmp
|
|
||||||
export TEMP=/tmp
|
|
||||||
export TMPDIR=/tmp
|
|
||||||
export TMP=/tmp
|
|
||||||
export XDG_RUNTIME_DIR=/tmp
|
|
||||||
|
|
||||||
export NIXOS_CONFIG="$target_path/nixos-config"
|
|
||||||
|
|
||||||
cd
|
|
||||||
exec nixos-install
|
|
||||||
'');
|
|
||||||
|
|
||||||
cmds.test = pkgs.withGetopt {
|
|
||||||
force-populate = { default = /* sh */ "false"; switch = true; };
|
|
||||||
quiet = { default = /* sh */ "false"; switch = true; };
|
|
||||||
source_file = {
|
|
||||||
default = /* sh */ "$user/1systems/$system/source.nix";
|
|
||||||
long = "source";
|
|
||||||
};
|
|
||||||
system = {};
|
|
||||||
target = {};
|
|
||||||
user.default = /* sh */ "$LOGNAME";
|
|
||||||
} (opts: pkgs.writeDash "stockholm.test" /* sh */ ''
|
|
||||||
set -efu
|
|
||||||
|
|
||||||
export dummy_secrets=true
|
|
||||||
|
|
||||||
. ${init.env}
|
|
||||||
. ${init.proxy "test" opts}
|
|
||||||
|
|
||||||
exec ${utils.build} config.system.build.toplevel
|
|
||||||
'');
|
|
||||||
|
|
||||||
#
|
|
||||||
# low level commands
|
|
||||||
#
|
|
||||||
|
|
||||||
# usage: get-source SOURCE_FILE
|
|
||||||
cmds.get-source = pkgs.writeDash "stockholm.get-source" ''
|
|
||||||
set -efu
|
|
||||||
exec ${pkgs.nix}/bin/nix-instantiate \
|
|
||||||
--eval \
|
|
||||||
--json \
|
|
||||||
--readonly-mode \
|
|
||||||
--show-trace \
|
|
||||||
--strict \
|
|
||||||
"$1"
|
|
||||||
'';
|
|
||||||
|
|
||||||
# usage: parse-target [--default=TARGET] TARGET
|
|
||||||
# TARGET = [USER@]HOST[:PORT][/PATH]
|
|
||||||
cmds.parse-target = pkgs.withGetopt {
|
|
||||||
default_target = {
|
|
||||||
long = "default";
|
|
||||||
short = "d";
|
|
||||||
};
|
|
||||||
} (opts: pkgs.writeDash "stockholm.parse-target" ''
|
|
||||||
set -efu
|
|
||||||
target=$1; shift
|
|
||||||
for arg; do echo "$0: bad argument: $arg" >&2; done
|
|
||||||
if \test $# != 0; then exit 2; fi
|
|
||||||
exec ${pkgs.jq}/bin/jq \
|
|
||||||
-enr \
|
|
||||||
--arg default_target "$default_target" \
|
|
||||||
--arg target "$target" \
|
|
||||||
-f ${pkgs.writeText "stockholm.parse-target.jq" ''
|
|
||||||
def parse: match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | {
|
|
||||||
user: .captures[0].string,
|
|
||||||
host: .captures[1].string,
|
|
||||||
port: .captures[2].string,
|
|
||||||
path: .captures[3].string,
|
|
||||||
};
|
|
||||||
def sanitize: with_entries(select(.value != null));
|
|
||||||
($default_target | parse) + ($target | parse | sanitize) |
|
|
||||||
. + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) }
|
|
||||||
''}
|
|
||||||
'');
|
|
||||||
|
|
||||||
init.env = pkgs.writeText "init.env" /* sh */ ''
|
|
||||||
|
|
||||||
export HOSTNAME="$(${pkgs.nettools}/bin/hostname)"
|
|
||||||
|
|
||||||
export quiet
|
|
||||||
export system
|
|
||||||
export target
|
|
||||||
export user
|
|
||||||
|
|
||||||
default_target=root@$system:22/var/src
|
|
||||||
|
|
||||||
export target_object="$(
|
|
||||||
${cmds.parse-target} "$target" -d "$default_target"
|
|
||||||
)"
|
|
||||||
export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)"
|
|
||||||
export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)"
|
|
||||||
export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)"
|
|
||||||
export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)"
|
|
||||||
export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)"
|
|
||||||
'';
|
|
||||||
|
|
||||||
init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ ''
|
|
||||||
if \test "''${using_proxy-}" != true; then
|
|
||||||
|
|
||||||
source=$(${cmds.get-source} "$source_file")
|
|
||||||
qualified_target=$target_user@$target_host:$target_port$target_path
|
|
||||||
if \test "$force_populate" = true; then
|
|
||||||
echo "$source" | ${pkgs.populate}/bin/populate --force "$qualified_target"
|
|
||||||
else
|
|
||||||
echo "$source" | ${pkgs.populate}/bin/populate "$qualified_target"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if \test "$target_local" != true; then
|
|
||||||
exec ${pkgs.openssh}/bin/ssh \
|
|
||||||
"$target_user@$target_host" -p "$target_port" \
|
|
||||||
cd "$target_path/stockholm" \; \
|
|
||||||
NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \
|
|
||||||
nix-shell --run "$(${pkgs.quote}/bin/quote "
|
|
||||||
${lib.concatStringsSep " " (lib.mapAttrsToList
|
|
||||||
(name: opt: /* sh */
|
|
||||||
"${opt.varname}=\$(${pkgs.quote}/bin/quote ${opt.ref})")
|
|
||||||
opts
|
|
||||||
)} \
|
|
||||||
using_proxy=true \
|
|
||||||
${lib.shell.escape command} \
|
|
||||||
$WITHGETOPT_ORIG_ARGS \
|
|
||||||
")"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
|
|
||||||
utils.build = pkgs.writeDash "utils.build" ''
|
|
||||||
set -efu
|
|
||||||
${utils.with-whatsupnix} \
|
|
||||||
${pkgs.nix}/bin/nix-build \
|
|
||||||
--no-out-link \
|
|
||||||
--show-trace \
|
|
||||||
-E "with import <stockholm>; $1" \
|
|
||||||
-I "$target_path" \
|
|
||||||
'';
|
|
||||||
|
|
||||||
utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" ''
|
|
||||||
set -efu
|
|
||||||
if \test "$quiet" = true; then
|
|
||||||
"$@" -Q 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix
|
|
||||||
else
|
|
||||||
exec "$@"
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
|
|
||||||
in
|
|
||||||
|
|
||||||
pkgs.write "stockholm" (lib.mapAttrs' (name: link:
|
|
||||||
lib.nameValuePair "/bin/${name}" { inherit link; }
|
|
||||||
) cmds)
|
|
49
krebs/5pkgs/simple/syncthing-device-id.nix
Normal file
49
krebs/5pkgs/simple/syncthing-device-id.nix
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
{ openssl, writePython2Bin }:
|
||||||
|
|
||||||
|
writePython2Bin "syncthing-device-id" {
|
||||||
|
flakeIgnore = [
|
||||||
|
"E226"
|
||||||
|
"E302"
|
||||||
|
"E305"
|
||||||
|
"E501"
|
||||||
|
"F401"
|
||||||
|
];
|
||||||
|
} /* python */ ''
|
||||||
|
import base64
|
||||||
|
import hashlib
|
||||||
|
import subprocess
|
||||||
|
import sys
|
||||||
|
|
||||||
|
B32ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'
|
||||||
|
|
||||||
|
def luhn_checksum(data, alphabet=B32ALPHABET):
|
||||||
|
n = len(alphabet)
|
||||||
|
number = tuple(alphabet.index(i) for i in reversed(data))
|
||||||
|
result = (sum(number[::2]) +
|
||||||
|
sum(sum(divmod(i * 2, n)) for i in number[1::2])) % n
|
||||||
|
return alphabet[-result]
|
||||||
|
|
||||||
|
def main(incert):
|
||||||
|
der_data = subprocess.check_output([
|
||||||
|
'${openssl}/bin/openssl',
|
||||||
|
'x509',
|
||||||
|
'-outform',
|
||||||
|
'DER',
|
||||||
|
], stdin=incert)
|
||||||
|
data_hash = hashlib.sha256(der_data)
|
||||||
|
b32_hash = base64.b32encode(data_hash.digest()).decode('ascii')
|
||||||
|
|
||||||
|
result = b32_hash.upper().rstrip('=')
|
||||||
|
blocks = [result[pos:pos+13] for pos in range(0, len(result), 13)]
|
||||||
|
result = '''.join(block + luhn_checksum(block) for block in blocks)
|
||||||
|
|
||||||
|
blocks = [result[pos:pos+7] for pos in range(0, len(result), 7)]
|
||||||
|
print('-'.join(blocks))
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
import argparse
|
||||||
|
parser = argparse.ArgumentParser(description='Generate syncthing ID from certificate')
|
||||||
|
parser.add_argument('incert', type=argparse.FileType('rb'), help='Certificate path')
|
||||||
|
args = parser.parse_args()
|
||||||
|
main(**vars(args))
|
||||||
|
''
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
krops = builtins.fetchGit {
|
krops = builtins.fetchGit {
|
||||||
url = https://cgit.krebsco.de/krops/;
|
url = https://cgit.krebsco.de/krops/;
|
||||||
rev = "4e466eaf05861b47365c5ef46a31a188b70f3615";
|
rev = "c46166d407c7d246112f13346621a3fbdb25889e";
|
||||||
};
|
};
|
||||||
|
|
||||||
lib = import "${krops}/lib";
|
lib = import "${krops}/lib";
|
||||||
@ -18,7 +18,7 @@
|
|||||||
stockholm.file = toString ../.;
|
stockholm.file = toString ../.;
|
||||||
stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" ''
|
stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" ''
|
||||||
set -efu
|
set -efu
|
||||||
cd $HOME/stockholm
|
cd ${lib.escapeShellArg krebs-source.stockholm.file}
|
||||||
V=$(${pkgs.coreutils}/bin/date +%y.%m)
|
V=$(${pkgs.coreutils}/bin/date +%y.%m)
|
||||||
if test -d .git; then
|
if test -d .git; then
|
||||||
V=$V.git.$(${pkgs.git}/bin/git describe --always --dirty)
|
V=$V.git.$(${pkgs.git}/bin/git describe --always --dirty)
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs-channels",
|
"url": "https://github.com/NixOS/nixpkgs-channels",
|
||||||
"rev": "a37638d46706610d12c9747614fd1b8f8d35ad48",
|
"rev": "d16a7abceb72aac85e0deb8c45fbcb7127baf628",
|
||||||
"date": "2018-08-30T21:03:26+02:00",
|
"date": "2018-09-20T18:31:51-05:00",
|
||||||
"sha256": "0rsdkk4z7pkqr2mw0pq7i6fkqs7gbi5kral3c8smm9bw104sn8v7",
|
"sha256": "0byf6rlwwy70v2sdfmv7mnwd0kvxmlq0pi8ijghg0mcfhcqibgh7",
|
||||||
"fetchSubmodules": true
|
"fetchSubmodules": true
|
||||||
}
|
}
|
||||||
|
@ -1,29 +0,0 @@
|
|||||||
with import <stockholm/lib>;
|
|
||||||
host@{ name, secure ? false, override ? {} }: let
|
|
||||||
builder = if getEnv "dummy_secrets" == "true"
|
|
||||||
then "buildbot"
|
|
||||||
else "krebs";
|
|
||||||
_file = <stockholm> + "/krebs/1systems/${name}/source.nix";
|
|
||||||
pkgs = import <nixpkgs> {
|
|
||||||
overlays = map import [
|
|
||||||
<stockholm/krebs/5pkgs>
|
|
||||||
<stockholm/submodules/nix-writers/pkgs>
|
|
||||||
];
|
|
||||||
};
|
|
||||||
in
|
|
||||||
evalSource (toString _file) [
|
|
||||||
{
|
|
||||||
nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
|
|
||||||
secrets = getAttr builder {
|
|
||||||
buildbot.file = toString <stockholm/krebs/0tests/data/secrets>;
|
|
||||||
krebs.pass = {
|
|
||||||
dir = "${getEnv "HOME"}/brain";
|
|
||||||
name = "krebs-secrets/${name}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
stockholm.file = toString <stockholm>;
|
|
||||||
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
|
|
||||||
nixpkgs = (import ./krops.nix { name = ""; }).krebs-source.nixpkgs;
|
|
||||||
}
|
|
||||||
override
|
|
||||||
]
|
|
@ -1,4 +0,0 @@
|
|||||||
import <stockholm/lass/source.nix> {
|
|
||||||
name = "blue";
|
|
||||||
secure = true;
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
import <stockholm/lass/source.nix> {
|
|
||||||
name = "cabal";
|
|
||||||
secure = true;
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
import <stockholm/lass/source.nix> {
|
|
||||||
name = "daedalus";
|
|
||||||
secure = true;
|
|
||||||
}
|
|
@ -16,6 +16,7 @@
|
|||||||
<stockholm/lass/2configs/bitcoin.nix>
|
<stockholm/lass/2configs/bitcoin.nix>
|
||||||
<stockholm/lass/2configs/backup.nix>
|
<stockholm/lass/2configs/backup.nix>
|
||||||
<stockholm/lass/2configs/wine.nix>
|
<stockholm/lass/2configs/wine.nix>
|
||||||
|
<stockholm/lass/2configs/blue-host.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.icarus;
|
krebs.build.host = config.krebs.hosts.icarus;
|
||||||
|
@ -1,4 +0,0 @@
|
|||||||
import <stockholm/lass/source.nix> {
|
|
||||||
name = "icarus";
|
|
||||||
secure = true;
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
import <stockholm/lass/source.nix> {
|
|
||||||
name = "littleT";
|
|
||||||
secure = true;
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
import <stockholm/lass/source.nix> {
|
|
||||||
name = "mors";
|
|
||||||
secure = true;
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
with import <stockholm/lib>;
|
|
||||||
import <stockholm/lass/source.nix> {
|
|
||||||
name = "prism";
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
import <stockholm/lass/source.nix> {
|
|
||||||
name = "red";
|
|
||||||
secure = true;
|
|
||||||
}
|
|
@ -1,3 +0,0 @@
|
|||||||
import <stockholm/lass/source.nix> {
|
|
||||||
name = "shodan";
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
import <stockholm/lass/source.nix> {
|
|
||||||
name = "skynet";
|
|
||||||
secure = true;
|
|
||||||
}
|
|
@ -1,3 +0,0 @@
|
|||||||
import <stockholm/lass/source.nix> {
|
|
||||||
name = "uriel";
|
|
||||||
}
|
|
@ -1,5 +0,0 @@
|
|||||||
with import <stockholm/lib>;
|
|
||||||
import <stockholm/lass/source.nix> {
|
|
||||||
name = "xerxes";
|
|
||||||
secure = true;
|
|
||||||
}
|
|
@ -11,6 +11,8 @@ with (import <stockholm/lib>);
|
|||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
ag
|
ag
|
||||||
|
brain
|
||||||
|
dic
|
||||||
nmap
|
nmap
|
||||||
git-preview
|
git-preview
|
||||||
];
|
];
|
||||||
|
@ -34,6 +34,10 @@ let
|
|||||||
rules = concatMap make-rules (attrValues repos);
|
rules = concatMap make-rules (attrValues repos);
|
||||||
|
|
||||||
public-repos = mapAttrs make-public-repo {
|
public-repos = mapAttrs make-public-repo {
|
||||||
|
Reaktor = {
|
||||||
|
cgit.desc = "Reaktor IRC bot";
|
||||||
|
cgit.section = "software";
|
||||||
|
};
|
||||||
buildbot-classic = {
|
buildbot-classic = {
|
||||||
cgit.desc = "fork of buildbot";
|
cgit.desc = "fork of buildbot";
|
||||||
cgit.section = "software";
|
cgit.section = "software";
|
||||||
@ -54,6 +58,10 @@ let
|
|||||||
cgit.desc = "take a rss feed and a timeout and print it to stdout";
|
cgit.desc = "take a rss feed and a timeout and print it to stdout";
|
||||||
cgit.section = "software";
|
cgit.section = "software";
|
||||||
};
|
};
|
||||||
|
nix-writers = {
|
||||||
|
cgit.desc = "high level writers for nix";
|
||||||
|
cgit.section = "software";
|
||||||
|
};
|
||||||
nixpkgs = {
|
nixpkgs = {
|
||||||
cgit.desc = "nixpkgs fork";
|
cgit.desc = "nixpkgs fork";
|
||||||
cgit.section = "configuration";
|
cgit.section = "configuration";
|
||||||
|
@ -131,6 +131,30 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.radio-recent = let
|
||||||
|
recentlyPlayed = pkgs.writeDash "recentlyPlayed" ''
|
||||||
|
LIMIT=1000 #how many tracks to keep in the history
|
||||||
|
HISTORY_FILE=/tmp/played
|
||||||
|
while :; do
|
||||||
|
${pkgs.mpc_cli}/bin/mpc idle player > /dev/null
|
||||||
|
${pkgs.mpc_cli}/bin/mpc current -f %file%
|
||||||
|
done | while read track; do
|
||||||
|
echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE"
|
||||||
|
echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE"
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
description = "radio recently played";
|
||||||
|
after = [ "mpd.service" "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
restartIfChanged = true;
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = recentlyPlayed;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
krebs.Reaktor.playlist = {
|
krebs.Reaktor.playlist = {
|
||||||
nickname = "the_playlist|r";
|
nickname = "the_playlist|r";
|
||||||
channels = [
|
channels = [
|
||||||
@ -157,27 +181,40 @@ in {
|
|||||||
})
|
})
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let
|
services.nginx = {
|
||||||
html = pkgs.writeText "index.html" ''
|
enable = true;
|
||||||
<!DOCTYPE html>
|
virtualHosts."radio.lassul.us" = {
|
||||||
<html lang="en">
|
forceSSL = true;
|
||||||
<head>
|
enableACME = true;
|
||||||
<meta charset="utf-8">
|
locations."/".extraConfig = ''
|
||||||
<title>lassulus playlist</title>
|
proxy_pass http://localhost:8000;
|
||||||
</head>
|
'';
|
||||||
<body>
|
locations."/recent".extraConfig = ''
|
||||||
<div style="display:inline-block;margin:0px;padding:0px;overflow:hidden">
|
alias /tmp/played;
|
||||||
<iframe src="https://kiwiirc.com/client/irc.freenode.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
|
'';
|
||||||
</div>
|
};
|
||||||
<div style="position:absolute;bottom:1px;display:inline-block;background-color:red;">
|
virtualHosts."lassul.us".locations."/the_playlist".extraConfig = let
|
||||||
<audio controls autoplay="autoplay"><source src="http://lassul.us:8000/radio.ogg" type="audio/ogg">Your browser does not support the audio element.</audio>
|
html = pkgs.writeText "index.html" ''
|
||||||
</div>
|
<!DOCTYPE html>
|
||||||
<!-- page content -->
|
<html lang="en">
|
||||||
</body>
|
<head>
|
||||||
</html>
|
<meta charset="utf-8">
|
||||||
|
<title>lassulus playlist</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div style="display:inline-block;margin:0px;padding:0px;overflow:hidden">
|
||||||
|
<iframe src="https://kiwiirc.com/client/irc.freenode.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
|
||||||
|
</div>
|
||||||
|
<div style="position:absolute;bottom:1px;display:inline-block;background-color:red;">
|
||||||
|
<audio controls autoplay="autoplay"><source src="http://lassul.us:8000/radio.ogg" type="audio/ogg">Your browser does not support the audio element.</audio>
|
||||||
|
</div>
|
||||||
|
<!-- page content -->
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
'';
|
||||||
|
in ''
|
||||||
|
default_type "text/html";
|
||||||
|
alias ${html};
|
||||||
'';
|
'';
|
||||||
in ''
|
};
|
||||||
default_type "text/html";
|
|
||||||
alias ${html};
|
|
||||||
'';
|
|
||||||
}
|
}
|
||||||
|
@ -65,7 +65,7 @@ with import <stockholm/lib>;
|
|||||||
})
|
})
|
||||||
(buildSimpleReaktorPlugin "random-unicorn-porn" {
|
(buildSimpleReaktorPlugin "random-unicorn-porn" {
|
||||||
pattern = "^!rup$$";
|
pattern = "^!rup$$";
|
||||||
script = pkgs.writePython2 "rup" [] ''
|
script = pkgs.writePython2 "rup" {} ''
|
||||||
t1 = """
|
t1 = """
|
||||||
_.
|
_.
|
||||||
;=',_ ()
|
;=',_ ()
|
||||||
|
@ -91,7 +91,7 @@ in {
|
|||||||
script = pkgs.writeBash "test" ''
|
script = pkgs.writeBash "test" ''
|
||||||
echo "hello world"
|
echo "hello world"
|
||||||
'';
|
'';
|
||||||
#script = pkgs.execve "ddate-wrapper" {
|
#script = pkgs.exec "ddate-wrapper" {
|
||||||
# filename = "${pkgs.ddate}/bin/ddate";
|
# filename = "${pkgs.ddate}/bin/ddate";
|
||||||
# argv = [];
|
# argv = [];
|
||||||
#};
|
#};
|
||||||
|
@ -1,29 +0,0 @@
|
|||||||
with import <stockholm/lib>;
|
|
||||||
host@{ name, secure ? false, override ? {} }: let
|
|
||||||
builder = if getEnv "dummy_secrets" == "true"
|
|
||||||
then "buildbot"
|
|
||||||
else "lass";
|
|
||||||
_file = <stockholm> + "/lass/1systems/${name}/source.nix";
|
|
||||||
pkgs = import <nixpkgs> {
|
|
||||||
overlays = map import [
|
|
||||||
<stockholm/krebs/5pkgs>
|
|
||||||
<stockholm/submodules/nix-writers/pkgs>
|
|
||||||
];
|
|
||||||
};
|
|
||||||
in
|
|
||||||
evalSource (toString _file) [
|
|
||||||
{
|
|
||||||
nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
|
|
||||||
nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
|
|
||||||
secrets = getAttr builder {
|
|
||||||
buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;
|
|
||||||
lass.pass = {
|
|
||||||
dir = "${getEnv "HOME"}/.password-store";
|
|
||||||
name = "hosts/${name}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
stockholm.file = toString <stockholm>;
|
|
||||||
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
|
|
||||||
}
|
|
||||||
override
|
|
||||||
]
|
|
0
makefu/0tests/data/secrets/mqtt/hass
Normal file
0
makefu/0tests/data/secrets/mqtt/hass
Normal file
0
makefu/0tests/data/secrets/mqtt/sensor
Normal file
0
makefu/0tests/data/secrets/mqtt/sensor
Normal file
0
makefu/0tests/data/secrets/mqtt/stats
Normal file
0
makefu/0tests/data/secrets/mqtt/stats
Normal file
4
makefu/1systems/crapi/README
Normal file
4
makefu/1systems/crapi/README
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
1. flash arm6 image from https://www.cs.helsinki.fi/u/tmtynkky/nixos-arm/installer/ to sdcard
|
||||||
|
2. passwd; systemctl start sshd; mkdir /var/src ; touch /var/src/.populate
|
||||||
|
3. "environment.systemPackages = [ pkgs.rsync pkgs.git ];" in /etc/nixos/configuration.nix
|
||||||
|
5. nixos-rebuild switch --fast --option binary-caches http://nixos-arm.dezgeg.me/channel --option binary-cache-public-keys nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%
|
46
makefu/1systems/crapi/config.nix
Normal file
46
makefu/1systems/crapi/config.nix
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
# :l <nixpkgs>
|
||||||
|
# builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; })
|
||||||
|
imports = [
|
||||||
|
<stockholm/makefu>
|
||||||
|
<stockholm/makefu/2configs>
|
||||||
|
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||||
|
<stockholm/makefu/2configs/save-diskspace.nix>
|
||||||
|
|
||||||
|
];
|
||||||
|
krebs.build.host = config.krebs.hosts.crapi;
|
||||||
|
# NixOS wants to enable GRUB by default
|
||||||
|
boot.loader.grub.enable = false;
|
||||||
|
|
||||||
|
# Enables the generation of /boot/extlinux/extlinux.conf
|
||||||
|
boot.loader.generic-extlinux-compatible.enable = true;
|
||||||
|
|
||||||
|
boot.kernelPackages = pkgs.linuxPackages_rpi;
|
||||||
|
|
||||||
|
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
|
||||||
|
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
|
||||||
|
|
||||||
|
fileSystems = {
|
||||||
|
"/boot" = {
|
||||||
|
device = "/dev/disk/by-label/NIXOS_BOOT";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/disk/by-label/NIXOS_SD";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
system.activationScripts.create-swap = ''
|
||||||
|
if [ ! -e /swapfile ]; then
|
||||||
|
fallocate -l 2G /swapfile
|
||||||
|
mkswap /swapfile
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
swapDevices = [ { device = "/swapfile"; size = 2048; } ];
|
||||||
|
|
||||||
|
nix.package = lib.mkForce pkgs.nixStable;
|
||||||
|
services.openssh.enable = true;
|
||||||
|
|
||||||
|
}
|
3
makefu/1systems/crapi/source.nix
Normal file
3
makefu/1systems/crapi/source.nix
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
{
|
||||||
|
arm6 = true;
|
||||||
|
}
|
@ -74,14 +74,8 @@ in {
|
|||||||
<stockholm/makefu/2configs/syncthing.nix>
|
<stockholm/makefu/2configs/syncthing.nix>
|
||||||
|
|
||||||
# <stockholm/makefu/2configs/opentracker.nix>
|
# <stockholm/makefu/2configs/opentracker.nix>
|
||||||
<stockholm/makefu/2configs/hub.nix>
|
<stockholm/makefu/2configs/dcpp/hub.nix>
|
||||||
{ # ncdc
|
<stockholm/makefu/2configs/dcpp/client.nix>
|
||||||
environment.systemPackages = [ pkgs.ncdc ];
|
|
||||||
networking.firewall = {
|
|
||||||
allowedUDPPorts = [ 51411 ];
|
|
||||||
allowedTCPPorts = [ 51411 ];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/stats/client.nix>
|
<stockholm/makefu/2configs/stats/client.nix>
|
||||||
# <stockholm/makefu/2configs/logging/client.nix>
|
# <stockholm/makefu/2configs/logging/client.nix>
|
||||||
@ -103,55 +97,7 @@ in {
|
|||||||
# locations."/".proxyPass = "http://localhost:5000";
|
# locations."/".proxyPass = "http://localhost:5000";
|
||||||
# };
|
# };
|
||||||
#}
|
#}
|
||||||
{ # wireguard server
|
<stockholm/makefu/2configs/wireguard/server.nix>
|
||||||
|
|
||||||
# opkg install wireguard luci-proto-wireguard
|
|
||||||
|
|
||||||
# TODO: networking.nat
|
|
||||||
|
|
||||||
# boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
|
||||||
# conf.all.proxy_arp =1
|
|
||||||
networking.firewall = {
|
|
||||||
allowedUDPPorts = [ 51820 ];
|
|
||||||
extraCommands = ''
|
|
||||||
iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.wireguard.interfaces.wg0 = {
|
|
||||||
ips = [ "10.244.0.1/24" ];
|
|
||||||
listenPort = 51820;
|
|
||||||
privateKeyFile = (toString <secrets>) + "/wireguard.key";
|
|
||||||
allowedIPsAsRoutes = true;
|
|
||||||
peers = [
|
|
||||||
{
|
|
||||||
# x
|
|
||||||
allowedIPs = [ "10.244.0.2/32" ];
|
|
||||||
publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# vbob
|
|
||||||
allowedIPs = [ "10.244.0.3/32" ];
|
|
||||||
publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# x-test
|
|
||||||
allowedIPs = [ "10.244.0.4/32" ];
|
|
||||||
publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# work-router
|
|
||||||
allowedIPs = [ "10.244.0.5/32" ];
|
|
||||||
publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# workr
|
|
||||||
allowedIPs = [ "10.244.0.6/32" ];
|
|
||||||
publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{ # iperf3
|
{ # iperf3
|
||||||
networking.firewall.allowedUDPPorts = [ 5201 ];
|
networking.firewall.allowedUDPPorts = [ 5201 ];
|
||||||
networking.firewall.allowedTCPPorts = [ 5201 ];
|
networking.firewall.allowedTCPPorts = [ 5201 ];
|
||||||
|
23
makefu/1systems/hardware/tsp-disk.json
Normal file
23
makefu/1systems/hardware/tsp-disk.json
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
{
|
||||||
|
"type": "devices",
|
||||||
|
"content": {
|
||||||
|
"sda": {
|
||||||
|
"type": "table",
|
||||||
|
"format": "msdos",
|
||||||
|
"partitions": [
|
||||||
|
{ "type": "partition",
|
||||||
|
"part-type": "primary",
|
||||||
|
"start": "1M",
|
||||||
|
"end": "100%",
|
||||||
|
"bootable": true,
|
||||||
|
"content": {
|
||||||
|
"type": "filesystem",
|
||||||
|
"format": "ext4",
|
||||||
|
"mountpoint": "/"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -11,6 +11,7 @@ with import <stockholm/lib>;
|
|||||||
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
|
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
|
||||||
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
|
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
|
||||||
krebs.build.host = config.krebs.hosts.iso;
|
krebs.build.host = config.krebs.hosts.iso;
|
||||||
|
isoImage.isoBaseName = lib.mkForce "stockholm";
|
||||||
krebs.hidden-ssh.enable = true;
|
krebs.hidden-ssh.enable = true;
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
aria2
|
aria2
|
||||||
|
@ -4,55 +4,23 @@
|
|||||||
|
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
let
|
let
|
||||||
toMapper = id: "/media/crypt${builtins.toString id}";
|
primaryInterface = config.makefu.server.primary-itf;
|
||||||
byid = dev: "/dev/disk/by-id/" + dev;
|
|
||||||
keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0";
|
|
||||||
rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904";
|
|
||||||
rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2";
|
|
||||||
primaryInterface = "enp2s0";
|
|
||||||
firetv = "192.168.1.238";
|
|
||||||
# cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
|
|
||||||
# cryptsetup luksAddKey $dev tmpkey
|
|
||||||
# cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096
|
|
||||||
# mkfs.xfs /dev/mapper/crypt0 -L crypt0
|
|
||||||
|
|
||||||
# omo Chassis:
|
|
||||||
# __FRONT_
|
|
||||||
# |* d0 |
|
|
||||||
# | |
|
|
||||||
# |* d1 |
|
|
||||||
# | |
|
|
||||||
# |* d3 |
|
|
||||||
# | |
|
|
||||||
# |* |
|
|
||||||
# |* d2 |
|
|
||||||
# | * |
|
|
||||||
# | * |
|
|
||||||
# |_______|
|
|
||||||
# cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
|
|
||||||
cryptDisk0 = byid "ata-ST8000DM004-2CX188_ZCT01PLV";
|
|
||||||
cryptDisk1 = byid "ata-TP02000GB_TPW151006050068";
|
|
||||||
cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
|
|
||||||
cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4";
|
|
||||||
# cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
|
|
||||||
# all physical disks
|
|
||||||
|
|
||||||
# TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
|
|
||||||
dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ];
|
|
||||||
allDisks = [ rootDisk ] ++ dataDisks;
|
|
||||||
in {
|
in {
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
|
#./hw/omo.nix
|
||||||
|
./hw/tsp.nix
|
||||||
<stockholm/makefu>
|
<stockholm/makefu>
|
||||||
# TODO: unlock home partition via ssh
|
|
||||||
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
|
|
||||||
<stockholm/makefu/2configs/zsh-user.nix>
|
<stockholm/makefu/2configs/zsh-user.nix>
|
||||||
<stockholm/makefu/2configs/backup.nix>
|
<stockholm/makefu/2configs/backup.nix>
|
||||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
<stockholm/makefu/2configs/exim-retiolum.nix>
|
||||||
<stockholm/makefu/2configs/smart-monitor.nix>
|
# <stockholm/makefu/2configs/smart-monitor.nix>
|
||||||
<stockholm/makefu/2configs/mail-client.nix>
|
<stockholm/makefu/2configs/mail-client.nix>
|
||||||
<stockholm/makefu/2configs/mosh.nix>
|
<stockholm/makefu/2configs/mosh.nix>
|
||||||
|
<stockholm/makefu/2configs/tools/core.nix>
|
||||||
|
<stockholm/makefu/2configs/tools/desktop.nix>
|
||||||
<stockholm/makefu/2configs/tools/mobility.nix>
|
<stockholm/makefu/2configs/tools/mobility.nix>
|
||||||
|
{ environment.systemPackages = [ pkgs.esniper ]; }
|
||||||
# <stockholm/makefu/2configs/disable_v6.nix>
|
# <stockholm/makefu/2configs/disable_v6.nix>
|
||||||
#<stockholm/makefu/2configs/graphite-standalone.nix>
|
#<stockholm/makefu/2configs/graphite-standalone.nix>
|
||||||
#<stockholm/makefu/2configs/share-user-sftp.nix>
|
#<stockholm/makefu/2configs/share-user-sftp.nix>
|
||||||
@ -68,16 +36,17 @@ in {
|
|||||||
# logs to influx
|
# logs to influx
|
||||||
<stockholm/makefu/2configs/stats/external/aralast.nix>
|
<stockholm/makefu/2configs/stats/external/aralast.nix>
|
||||||
<stockholm/makefu/2configs/stats/telegraf>
|
<stockholm/makefu/2configs/stats/telegraf>
|
||||||
<stockholm/makefu/2configs/stats/telegraf/europastats.nix>
|
# <stockholm/makefu/2configs/stats/telegraf/europastats.nix>
|
||||||
|
<stockholm/makefu/2configs/stats/telegraf/hamstats.nix>
|
||||||
<stockholm/makefu/2configs/stats/arafetch.nix>
|
<stockholm/makefu/2configs/stats/arafetch.nix>
|
||||||
|
|
||||||
# services
|
# services
|
||||||
<stockholm/makefu/2configs/syncthing.nix>
|
<stockholm/makefu/2configs/syncthing.nix>
|
||||||
<stockholm/makefu/2configs/mqtt.nix>
|
|
||||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
<stockholm/makefu/2configs/remote-build/slave.nix>
|
||||||
<stockholm/makefu/2configs/deployment/google-muell.nix>
|
<stockholm/makefu/2configs/deployment/google-muell.nix>
|
||||||
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
<stockholm/makefu/2configs/virtualisation/docker.nix>
|
||||||
<stockholm/makefu/2configs/bluetooth-mpd.nix>
|
<stockholm/makefu/2configs/bluetooth-mpd.nix>
|
||||||
|
<stockholm/makefu/2configs/deployment/homeautomation>
|
||||||
{
|
{
|
||||||
hardware.pulseaudio.systemWide = true;
|
hardware.pulseaudio.systemWide = true;
|
||||||
makefu.mpd.musicDirectory = "/media/cryptX/music";
|
makefu.mpd.musicDirectory = "/media/cryptX/music";
|
||||||
@ -99,75 +68,10 @@ in {
|
|||||||
|
|
||||||
# Temporary:
|
# Temporary:
|
||||||
# <stockholm/makefu/2configs/temp/rst-issue.nix>
|
# <stockholm/makefu/2configs/temp/rst-issue.nix>
|
||||||
{ # ncdc
|
|
||||||
environment.systemPackages = [ pkgs.ncdc ];
|
|
||||||
networking.firewall = {
|
|
||||||
allowedUDPPorts = [ 51411 ];
|
|
||||||
allowedTCPPorts = [ 51411 ];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
systemd.services.firetv = {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
serviceConfig = {
|
|
||||||
User = "nobody";
|
|
||||||
ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
nixpkgs.config.permittedInsecurePackages = [
|
|
||||||
"homeassistant-0.65.5"
|
|
||||||
];
|
|
||||||
services.home-assistant = {
|
|
||||||
config = {
|
|
||||||
homeassistant = {
|
|
||||||
name = "Home"; time_zone = "Europe/Berlin";
|
|
||||||
latitude = "48.7687";
|
|
||||||
longitude = "9.2478";
|
|
||||||
};
|
|
||||||
media_player = [
|
|
||||||
{ platform = "kodi";
|
|
||||||
host = firetv;
|
|
||||||
}
|
|
||||||
{ platform = "firetv";
|
|
||||||
# assumes python-firetv running
|
|
||||||
}
|
|
||||||
];
|
|
||||||
sensor = [
|
|
||||||
{ platform = "luftdaten";
|
|
||||||
name = "Ditzingen";
|
|
||||||
sensorid = "663";
|
|
||||||
monitored_conditions = [ "P1" "P2" ];
|
|
||||||
}
|
|
||||||
# https://www.home-assistant.io/cookbook/automation_for_rainy_days/
|
|
||||||
{ platform = "darksky";
|
|
||||||
api_key = "c73619e6ea79e553a585be06aacf3679";
|
|
||||||
language = "de";
|
|
||||||
monitored_conditions = [ "summary" "icon"
|
|
||||||
"nearest_storm_distance" "precip_probability"
|
|
||||||
"precip_intensity"
|
|
||||||
"temperature" # "temperature_high" "temperature_low"
|
|
||||||
"hourly_summary"
|
|
||||||
"uv_index" ];
|
|
||||||
units = "si" ;
|
|
||||||
update_interval = {
|
|
||||||
days = 0;
|
|
||||||
hours = 0;
|
|
||||||
minutes = 10;
|
|
||||||
seconds = 0;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
frontend = { };
|
|
||||||
http = { };
|
|
||||||
};
|
|
||||||
enable = true;
|
|
||||||
#configDir = "/var/lib/hass";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
makefu.full-populate = true;
|
makefu.full-populate = true;
|
||||||
makefu.server.primary-itf = primaryInterface;
|
krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) {
|
||||||
krebs.rtorrent = {
|
|
||||||
downloadDir = lib.mkForce "/media/cryptX/torrent";
|
downloadDir = lib.mkForce "/media/cryptX/torrent";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
upload_rate = 200
|
upload_rate = 200
|
||||||
@ -178,18 +82,6 @@ in {
|
|||||||
members = [ "makefu" "misa" ];
|
members = [ "makefu" "misa" ];
|
||||||
};
|
};
|
||||||
networking.firewall.trustedInterfaces = [ primaryInterface ];
|
networking.firewall.trustedInterfaces = [ primaryInterface ];
|
||||||
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
|
|
||||||
# tcp:80 - nginx for sharing files
|
|
||||||
# tcp:655 udp:655 - tinc
|
|
||||||
# tcp:8111 - graphite
|
|
||||||
# tcp:8112 - pyload
|
|
||||||
# tcp:9090 - sabnzbd
|
|
||||||
# tcp:9200 - elasticsearch
|
|
||||||
# tcp:5601 - kibana
|
|
||||||
networking.firewall.allowedUDPPorts = [ 655 ];
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 8112 9200 9090 ];
|
|
||||||
|
|
||||||
# services.openssh.allowSFTP = false;
|
|
||||||
|
|
||||||
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
|
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
|
||||||
services.sabnzbd.enable = true;
|
services.sabnzbd.enable = true;
|
||||||
@ -199,90 +91,11 @@ in {
|
|||||||
enable = true;
|
enable = true;
|
||||||
servedir = "/media/cryptX/emu/ps3";
|
servedir = "/media/cryptX/emu/ps3";
|
||||||
};
|
};
|
||||||
# HDD Array stuff
|
|
||||||
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
|
||||||
|
|
||||||
makefu.snapraid = {
|
|
||||||
enable = true;
|
|
||||||
# TODO: 3 is not protected
|
|
||||||
disks = map toMapper [ 0 1 ];
|
|
||||||
parity = toMapper 2;
|
|
||||||
};
|
|
||||||
|
|
||||||
# TODO create folders in /media
|
|
||||||
system.activationScripts.createCryptFolders = ''
|
|
||||||
${lib.concatMapStringsSep "\n"
|
|
||||||
(d: "install -m 755 -d " + (toMapper d) )
|
|
||||||
[ 0 1 2 "X" ]}
|
|
||||||
'';
|
|
||||||
environment.systemPackages = with pkgs;[
|
|
||||||
mergerfs # hard requirement for mount
|
|
||||||
wol # wake up filepimp
|
|
||||||
f3
|
|
||||||
];
|
|
||||||
fileSystems = let
|
|
||||||
cryptMount = name:
|
|
||||||
{ "/media/${name}" = {
|
|
||||||
device = "/dev/mapper/${name}"; fsType = "xfs";
|
|
||||||
options = [ "nofail" ];
|
|
||||||
};};
|
|
||||||
in cryptMount "crypt0"
|
|
||||||
// cryptMount "crypt1"
|
|
||||||
// cryptMount "crypt2"
|
|
||||||
// cryptMount "crypt3"
|
|
||||||
// { "/media/cryptX" = {
|
|
||||||
device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 ]);
|
|
||||||
fsType = "mergerfs";
|
|
||||||
noCheck = true;
|
|
||||||
options = [ "defaults" "allow_other" "nofail" "nonempty" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
powerManagement.powerUpCommands = lib.concatStrings (map (disk: ''
|
|
||||||
${pkgs.hdparm}/sbin/hdparm -S 100 ${disk}
|
|
||||||
${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
|
|
||||||
${pkgs.hdparm}/sbin/hdparm -y ${disk}
|
|
||||||
'') allDisks);
|
|
||||||
|
|
||||||
# crypto unlocking
|
|
||||||
boot = {
|
|
||||||
initrd.luks = {
|
|
||||||
devices = let
|
|
||||||
usbkey = name: device: {
|
|
||||||
inherit name device keyFile;
|
|
||||||
keyFileSize = 4096;
|
|
||||||
allowDiscards = true;
|
|
||||||
};
|
|
||||||
in [
|
|
||||||
(usbkey "luksroot" rootPartition)
|
|
||||||
(usbkey "crypt0" cryptDisk0)
|
|
||||||
(usbkey "crypt1" cryptDisk1)
|
|
||||||
(usbkey "crypt2" cryptDisk2)
|
|
||||||
(usbkey "crypt3" cryptDisk3)
|
|
||||||
];
|
|
||||||
};
|
|
||||||
loader.grub.device = lib.mkForce rootDisk;
|
|
||||||
|
|
||||||
initrd.availableKernelModules = [
|
|
||||||
"ahci"
|
|
||||||
"ohci_pci"
|
|
||||||
"ehci_pci"
|
|
||||||
"pata_atiixp"
|
|
||||||
"firewire_ohci"
|
|
||||||
"usb_storage"
|
|
||||||
"usbhid"
|
|
||||||
];
|
|
||||||
|
|
||||||
kernelModules = [ "kvm-intel" ];
|
|
||||||
extraModulePackages = [ ];
|
|
||||||
};
|
|
||||||
users.users.misa = {
|
users.users.misa = {
|
||||||
uid = 9002;
|
uid = 9002;
|
||||||
name = "misa";
|
name = "misa";
|
||||||
};
|
};
|
||||||
# hardware.enableAllFirmware = true;
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
hardware.cpu.intel.updateMicrocode = true;
|
|
||||||
|
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
|
|
||||||
@ -290,23 +103,23 @@ in {
|
|||||||
nickname = "Reaktor|shack";
|
nickname = "Reaktor|shack";
|
||||||
workdir = "/var/lib/Reaktor/shack";
|
workdir = "/var/lib/Reaktor/shack";
|
||||||
channels = [ "#shackspace" ];
|
channels = [ "#shackspace" ];
|
||||||
plugins = with pkgs.ReaktorPlugins;[
|
plugins = with pkgs.ReaktorPlugins;
|
||||||
shack-correct
|
[ shack-correct
|
||||||
# stockholm-issue
|
# stockholm-issue
|
||||||
sed-plugin
|
sed-plugin
|
||||||
random-emoji ];
|
random-emoji ];
|
||||||
};
|
};
|
||||||
krebs.Reaktor.reaktor-bgt = {
|
krebs.Reaktor.reaktor-bgt = {
|
||||||
nickname = "Reaktor|bgt";
|
nickname = "Reaktor|bgt";
|
||||||
workdir = "/var/lib/Reaktor/bgt";
|
workdir = "/var/lib/Reaktor/bgt";
|
||||||
channels = [ "#binaergewitter" ];
|
channels = [ "#binaergewitter" ];
|
||||||
plugins = with pkgs.ReaktorPlugins;[
|
plugins = with pkgs.ReaktorPlugins;
|
||||||
titlebot
|
[ titlebot
|
||||||
# stockholm-issue
|
# stockholm-issue
|
||||||
nixos-version
|
nixos-version
|
||||||
shack-correct
|
shack-correct
|
||||||
sed-plugin
|
sed-plugin
|
||||||
random-emoji ];
|
random-emoji ];
|
||||||
};
|
};
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.omo;
|
krebs.build.host = config.krebs.hosts.omo;
|
||||||
|
117
makefu/1systems/omo/hw/omo.nix
Normal file
117
makefu/1systems/omo/hw/omo.nix
Normal file
@ -0,0 +1,117 @@
|
|||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
toMapper = id: "/media/crypt${builtins.toString id}";
|
||||||
|
byid = dev: "/dev/disk/by-id/" + dev;
|
||||||
|
keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0";
|
||||||
|
rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904";
|
||||||
|
rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2";
|
||||||
|
primaryInterface = "enp2s0";
|
||||||
|
# cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
|
||||||
|
# cryptsetup luksAddKey $dev tmpkey
|
||||||
|
# cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096
|
||||||
|
# mkfs.xfs /dev/mapper/crypt0 -L crypt0
|
||||||
|
|
||||||
|
# omo Chassis:
|
||||||
|
# __FRONT_
|
||||||
|
# |* d0 |
|
||||||
|
# | |
|
||||||
|
# |* d1 |
|
||||||
|
# | |
|
||||||
|
# |* d3 |
|
||||||
|
# | |
|
||||||
|
# |* |
|
||||||
|
# |* d2 |
|
||||||
|
# | * |
|
||||||
|
# | * |
|
||||||
|
# |_______|
|
||||||
|
# cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
|
||||||
|
cryptDisk0 = byid "ata-ST8000DM004-2CX188_ZCT01PLV";
|
||||||
|
cryptDisk1 = byid "ata-TP02000GB_TPW151006050068";
|
||||||
|
cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
|
||||||
|
cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4";
|
||||||
|
# cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
|
||||||
|
# all physical disks
|
||||||
|
|
||||||
|
# TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
|
||||||
|
dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ];
|
||||||
|
allDisks = [ rootDisk ] ++ dataDisks;
|
||||||
|
in {
|
||||||
|
imports =
|
||||||
|
[ # TODO: unlock home partition via ssh
|
||||||
|
<stockholm/makefu/2configs/fs/sda-crypto-root.nix> ];
|
||||||
|
makefu.server.primary-itf = primaryInterface;
|
||||||
|
system.activationScripts.createCryptFolders = ''
|
||||||
|
${lib.concatMapStringsSep "\n"
|
||||||
|
(d: "install -m 755 -d " + (toMapper d) )
|
||||||
|
[ 0 1 2 "X" ]}
|
||||||
|
'';
|
||||||
|
|
||||||
|
makefu.snapraid = {
|
||||||
|
enable = true;
|
||||||
|
# TODO: 3 is not protected
|
||||||
|
disks = map toMapper [ 0 1 ];
|
||||||
|
parity = toMapper 2;
|
||||||
|
};
|
||||||
|
fileSystems = let
|
||||||
|
cryptMount = name:
|
||||||
|
{ "/media/${name}" = {
|
||||||
|
device = "/dev/mapper/${name}"; fsType = "xfs";
|
||||||
|
options = [ "nofail" ];
|
||||||
|
};};
|
||||||
|
in cryptMount "crypt0"
|
||||||
|
// cryptMount "crypt1"
|
||||||
|
// cryptMount "crypt2"
|
||||||
|
// cryptMount "crypt3"
|
||||||
|
// { "/media/cryptX" = {
|
||||||
|
device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 ]);
|
||||||
|
fsType = "mergerfs";
|
||||||
|
noCheck = true;
|
||||||
|
options = [ "defaults" "allow_other" "nofail" "nonempty" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
powerManagement.powerUpCommands = lib.concatStrings (map (disk: ''
|
||||||
|
${pkgs.hdparm}/sbin/hdparm -S 100 ${disk}
|
||||||
|
${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
|
||||||
|
${pkgs.hdparm}/sbin/hdparm -y ${disk}
|
||||||
|
'') allDisks);
|
||||||
|
|
||||||
|
# crypto unlocking
|
||||||
|
boot = {
|
||||||
|
initrd.luks = {
|
||||||
|
devices = let
|
||||||
|
usbkey = name: device: {
|
||||||
|
inherit name device keyFile;
|
||||||
|
keyFileSize = 4096;
|
||||||
|
allowDiscards = true;
|
||||||
|
};
|
||||||
|
in [
|
||||||
|
(usbkey "luksroot" rootPartition)
|
||||||
|
(usbkey "crypt0" cryptDisk0)
|
||||||
|
(usbkey "crypt1" cryptDisk1)
|
||||||
|
(usbkey "crypt2" cryptDisk2)
|
||||||
|
(usbkey "crypt3" cryptDisk3)
|
||||||
|
];
|
||||||
|
};
|
||||||
|
loader.grub.device = lib.mkForce rootDisk;
|
||||||
|
|
||||||
|
initrd.availableKernelModules = [
|
||||||
|
"ahci"
|
||||||
|
"ohci_pci"
|
||||||
|
"ehci_pci"
|
||||||
|
"pata_atiixp"
|
||||||
|
"firewire_ohci"
|
||||||
|
"usb_storage"
|
||||||
|
"usbhid"
|
||||||
|
];
|
||||||
|
|
||||||
|
kernelModules = [ "kvm-intel" ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
};
|
||||||
|
environment.systemPackages = with pkgs;[
|
||||||
|
mergerfs # hard requirement for mount
|
||||||
|
];
|
||||||
|
hardware.enableRedistributableFirmware = true;
|
||||||
|
hardware.cpu.intel.updateMicrocode = true;
|
||||||
|
}
|
||||||
|
|
11
makefu/1systems/omo/hw/tsp-tools.nix
Normal file
11
makefu/1systems/omo/hw/tsp-tools.nix
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
let
|
||||||
|
disko = import (builtins.fetchGit {
|
||||||
|
url = https://cgit.lassul.us/disko/;
|
||||||
|
rev = "9c9b62e15e4ac11d4379e66b974f1389daf939fe";
|
||||||
|
});
|
||||||
|
|
||||||
|
cfg = builtins.fromJSON (builtins.readFile ../../hardware/tsp-disk.json);
|
||||||
|
in ''
|
||||||
|
${disko.create cfg}
|
||||||
|
${disko.mount cfg}
|
||||||
|
''
|
41
makefu/1systems/omo/hw/tsp.nix
Normal file
41
makefu/1systems/omo/hw/tsp.nix
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
with builtins;
|
||||||
|
let
|
||||||
|
disko = import (builtins.fetchGit {
|
||||||
|
url = https://cgit.lassul.us/disko/;
|
||||||
|
rev = "9c9b62e15e4ac11d4379e66b974f1389daf939fe";
|
||||||
|
});
|
||||||
|
cfg = fromJSON (readFile ../../hardware/tsp-disk.json);
|
||||||
|
# primaryInterface = "enp1s0";
|
||||||
|
primaryInterface = "wlp2s0";
|
||||||
|
rootDisk = "/dev/sda"; # TODO same as disko uses
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
(disko.config cfg)
|
||||||
|
];
|
||||||
|
makefu.server.primary-itf = primaryInterface;
|
||||||
|
boot = {
|
||||||
|
loader.grub.device = rootDisk;
|
||||||
|
|
||||||
|
initrd.availableKernelModules = [
|
||||||
|
"ahci"
|
||||||
|
"ohci_pci"
|
||||||
|
"ehci_pci"
|
||||||
|
"pata_atiixp"
|
||||||
|
"firewire_ohci"
|
||||||
|
"usb_storage"
|
||||||
|
"usbhid"
|
||||||
|
];
|
||||||
|
|
||||||
|
kernelModules = [ "kvm-intel" ];
|
||||||
|
};
|
||||||
|
networking.wireless.enable = true;
|
||||||
|
hardware.enableRedistributableFirmware = true;
|
||||||
|
hardware.cpu.intel.updateMicrocode = true;
|
||||||
|
services.logind.lidSwitch = "ignore";
|
||||||
|
services.logind.lidSwitchDocked = "ignore";
|
||||||
|
services.logind.extraConfig = ''
|
||||||
|
HandleSuspendKey = ignore
|
||||||
|
'';
|
||||||
|
powerManagement.enable = false;
|
||||||
|
}
|
@ -6,13 +6,13 @@
|
|||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
<stockholm/makefu>
|
<stockholm/makefu>
|
||||||
|
|
||||||
# <stockholm/makefu/2configs/hw/vbox-guest.nix>
|
<stockholm/makefu/2configs/hw/vbox-guest.nix>
|
||||||
{ # until virtualbox-image is fixed
|
#{ # until virtualbox-image is fixed
|
||||||
imports = [
|
# imports = [
|
||||||
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
# <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
||||||
];
|
# ];
|
||||||
boot.loader.grub.device = "/dev/sda";
|
# boot.loader.grub.device = lib.mkForce "/dev/sda";
|
||||||
}
|
#}
|
||||||
<stockholm/makefu/2configs/main-laptop.nix>
|
<stockholm/makefu/2configs/main-laptop.nix>
|
||||||
# <secrets/extra-hosts.nix>
|
# <secrets/extra-hosts.nix>
|
||||||
|
|
||||||
|
49
makefu/1systems/shack-autoinstall/config.nix
Normal file
49
makefu/1systems/shack-autoinstall/config.nix
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
let
|
||||||
|
disk = "/dev/sda";
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
<stockholm/makefu>
|
||||||
|
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
|
||||||
|
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
|
||||||
|
<stockholm/makefu/2configs/tools/core.nix>
|
||||||
|
];
|
||||||
|
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
|
||||||
|
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
|
||||||
|
krebs.build.host = config.krebs.hosts.iso;
|
||||||
|
krebs.hidden-ssh.enable = true;
|
||||||
|
|
||||||
|
environment.extraInit = ''
|
||||||
|
EDITOR=vim
|
||||||
|
'';
|
||||||
|
# iso-specific
|
||||||
|
boot.kernelParams = [ "copytoram" ];
|
||||||
|
|
||||||
|
|
||||||
|
environment.systemPackages = [
|
||||||
|
pkgs.parted
|
||||||
|
( pkgs.writeScriptBin "shack-install" ''
|
||||||
|
#! /bin/sh
|
||||||
|
echo "go ahead and try NIX_PATH=/root/.nix-defexpr/channels/ nixos-install"
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
|
||||||
|
systemd.services.wpa_supplicant.wantedBy = lib.mkForce [ "multi-user.target" ];
|
||||||
|
|
||||||
|
networking.wireless = {
|
||||||
|
enable = true;
|
||||||
|
networks.shack.psk = "welcome2shack";
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
hostKeys = [
|
||||||
|
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
# enable ssh in the iso boot process
|
||||||
|
systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
|
||||||
|
}
|
5
makefu/1systems/shack-autoinstall/grub-partition.sh
Normal file
5
makefu/1systems/shack-autoinstall/grub-partition.sh
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
set -euf
|
||||||
|
parted -s ${disk} mklabel msdos
|
||||||
|
parted -s ${disk} -- mkpart primary linux-swap 1M 4096M
|
||||||
|
parted -s ${disk} -- mkpart primary ext2 4096M 100%
|
231
makefu/1systems/shack-autoinstall/shack-config.nix
Normal file
231
makefu/1systems/shack-autoinstall/shack-config.nix
Normal file
@ -0,0 +1,231 @@
|
|||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./hardware-configuration.nix
|
||||||
|
# TODO:
|
||||||
|
];
|
||||||
|
|
||||||
|
# shacks-specific
|
||||||
|
networking.wireless = {
|
||||||
|
enable = true;
|
||||||
|
networks.shack.psk = "181471eb97eb23f12c6871227bc4a7b13c8f6af56dcc0d0e8b71f4d7a510cb4e";
|
||||||
|
};
|
||||||
|
networking.hostName = "shackbook";
|
||||||
|
|
||||||
|
boot.tmpOnTmpfs = true;
|
||||||
|
|
||||||
|
users.users.shack = {
|
||||||
|
createHome = true;
|
||||||
|
useDefaultShell = true;
|
||||||
|
home = "/home/shack";
|
||||||
|
uid = 9001;
|
||||||
|
packages = with pkgs;[
|
||||||
|
chromium
|
||||||
|
firefox
|
||||||
|
];
|
||||||
|
extraGroups = [ "audio" "wheel" ];
|
||||||
|
hashedPassword = "$6$KIxlQTLEnKl7cwC$LrmbwZ64Mlm7zqUUZ0EObPJMES3C0mQ6Sw7ynTuXzUo7d9EWg/k5XCGkDHMFvL/Pz19Awcv0knHB1j3dHT6fh/" ;
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.variables = let
|
||||||
|
ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
|
in {
|
||||||
|
EDITOR = lib.mkForce "vim";
|
||||||
|
CURL_CA_BUNDLE = ca-bundle;
|
||||||
|
GIT_SSL_CAINFO = ca-bundle;
|
||||||
|
SSL_CERT_FILE = ca-bundle;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.printing = {
|
||||||
|
enable = true;
|
||||||
|
# TODO: shack-printer
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs;[
|
||||||
|
parted
|
||||||
|
ddrescue
|
||||||
|
tmux
|
||||||
|
jq git gnumake htop rxvt_unicode.terminfo
|
||||||
|
(pkgs.vim_configurable.customize {
|
||||||
|
name = "vim";
|
||||||
|
vimrcConfig.customRC = ''
|
||||||
|
set nocompatible
|
||||||
|
syntax on
|
||||||
|
set list
|
||||||
|
set listchars=tab:▸\
|
||||||
|
"set list listchars=tab:>-,trail:.,extends:>
|
||||||
|
|
||||||
|
filetype off
|
||||||
|
filetype plugin indent on
|
||||||
|
|
||||||
|
colorscheme darkblue
|
||||||
|
set background=dark
|
||||||
|
|
||||||
|
set number
|
||||||
|
set relativenumber
|
||||||
|
set mouse=a
|
||||||
|
set ignorecase
|
||||||
|
set incsearch
|
||||||
|
set wildignore=*.o,*.obj,*.bak,*.exe,*.os
|
||||||
|
set textwidth=79
|
||||||
|
set shiftwidth=2
|
||||||
|
set expandtab
|
||||||
|
set softtabstop=2
|
||||||
|
set shiftround
|
||||||
|
set smarttab
|
||||||
|
set tabstop=2
|
||||||
|
set et
|
||||||
|
set autoindent
|
||||||
|
set backspace=indent,eol,start
|
||||||
|
|
||||||
|
|
||||||
|
inoremap <F1> <ESC>
|
||||||
|
nnoremap <F1> <ESC>
|
||||||
|
vnoremap <F1> <ESC>
|
||||||
|
|
||||||
|
nnoremap <F5> :UndotreeToggle<CR>
|
||||||
|
set undodir =~/.vim/undo
|
||||||
|
set undofile
|
||||||
|
"maximum number of changes that can be undone
|
||||||
|
set undolevels=1000000
|
||||||
|
"maximum number lines to save for undo on a buffer reload
|
||||||
|
set undoreload=10000000
|
||||||
|
|
||||||
|
nnoremap <F2> :set invpaste paste?<CR>
|
||||||
|
set pastetoggle=<F2>
|
||||||
|
set showmode
|
||||||
|
|
||||||
|
set showmatch
|
||||||
|
set matchtime=3
|
||||||
|
set hlsearch
|
||||||
|
|
||||||
|
autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red
|
||||||
|
|
||||||
|
|
||||||
|
" save on focus lost
|
||||||
|
au FocusLost * :wa
|
||||||
|
|
||||||
|
autocmd BufRead *.json set filetype=json
|
||||||
|
au BufNewFile,BufRead *.mustache set syntax=mustache
|
||||||
|
|
||||||
|
cnoremap SudoWrite w !sudo tee > /dev/null %
|
||||||
|
|
||||||
|
" create Backup/tmp/undo dirs
|
||||||
|
set backupdir=~/.vim/backup
|
||||||
|
set directory=~/.vim/tmp
|
||||||
|
|
||||||
|
function! InitBackupDir()
|
||||||
|
let l:parent = $HOME . '/.vim/'
|
||||||
|
let l:backup = l:parent . 'backup/'
|
||||||
|
let l:tmpdir = l:parent . 'tmp/'
|
||||||
|
let l:undodir= l:parent . 'undo/'
|
||||||
|
|
||||||
|
|
||||||
|
if !isdirectory(l:parent)
|
||||||
|
call mkdir(l:parent)
|
||||||
|
endif
|
||||||
|
if !isdirectory(l:backup)
|
||||||
|
call mkdir(l:backup)
|
||||||
|
endif
|
||||||
|
if !isdirectory(l:tmpdir)
|
||||||
|
call mkdir(l:tmpdir)
|
||||||
|
endif
|
||||||
|
if !isdirectory(l:undodir)
|
||||||
|
call mkdir(l:undodir)
|
||||||
|
endif
|
||||||
|
endfunction
|
||||||
|
call InitBackupDir()
|
||||||
|
|
||||||
|
augroup Binary
|
||||||
|
" edit binaries in xxd-output, xxd is part of vim
|
||||||
|
au!
|
||||||
|
au BufReadPre *.bin let &bin=1
|
||||||
|
au BufReadPost *.bin if &bin | %!xxd
|
||||||
|
au BufReadPost *.bin set ft=xxd | endif
|
||||||
|
au BufWritePre *.bin if &bin | %!xxd -r
|
||||||
|
au BufWritePre *.bin endif
|
||||||
|
au BufWritePost *.bin if &bin | %!xxd
|
||||||
|
au BufWritePost *.bin set nomod | endif
|
||||||
|
augroup END
|
||||||
|
'';
|
||||||
|
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins;
|
||||||
|
vimrcConfig.vam.pluginDictionaries = [
|
||||||
|
{ names = [ "undotree" ]; }
|
||||||
|
# vim-nix handles indentation better but does not perform sanity
|
||||||
|
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
|
||||||
|
];
|
||||||
|
})
|
||||||
|
|
||||||
|
];
|
||||||
|
programs.bash = {
|
||||||
|
enableCompletion = true;
|
||||||
|
interactiveShellInit = ''
|
||||||
|
HISTCONTROL='erasedups:ignorespace'
|
||||||
|
HISTSIZE=900001
|
||||||
|
HISTFILESIZE=$HISTSIZE
|
||||||
|
shopt -s checkhash
|
||||||
|
shopt -s histappend histreedit histverify
|
||||||
|
shopt -s no_empty_cmd_completion
|
||||||
|
PS1='\[\e[1;32m\]\w\[\e[0m\] '
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
services.journald.extraConfig = ''
|
||||||
|
SystemMaxUse=1G
|
||||||
|
RuntimeMaxUse=128M
|
||||||
|
'';
|
||||||
|
nix = {
|
||||||
|
package = pkgs.nixUnstable;
|
||||||
|
optimise.automatic = true;
|
||||||
|
useSandbox = true;
|
||||||
|
gc.automatic = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
system.autoUpgrade.enable = true;
|
||||||
|
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.version = 2;
|
||||||
|
boot.loader.grub.device = "/dev/sda";
|
||||||
|
fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
|
||||||
|
|
||||||
|
|
||||||
|
# gui and stuff
|
||||||
|
i18n = {
|
||||||
|
consoleFont = "Lat2-Terminus16";
|
||||||
|
consoleKeyMap = "us";
|
||||||
|
defaultLocale = "en_US.UTF-8";
|
||||||
|
};
|
||||||
|
|
||||||
|
fonts = {
|
||||||
|
enableFontDir = true;
|
||||||
|
enableGhostscriptFonts = true;
|
||||||
|
fonts = [ pkgs.terminus_font ];
|
||||||
|
};
|
||||||
|
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
services.timesyncd.enable = true;
|
||||||
|
|
||||||
|
|
||||||
|
# GUI
|
||||||
|
hardware.pulseaudio.enable = true;
|
||||||
|
services.xserver = {
|
||||||
|
enable = true;
|
||||||
|
displayManager.auto.enable = true;
|
||||||
|
displayManager.auto.user = "shack";
|
||||||
|
|
||||||
|
desktopManager.xfce.enable = true;
|
||||||
|
|
||||||
|
layout = "us";
|
||||||
|
xkbVariant = "altgr-intl";
|
||||||
|
xkbOptions = "ctrl:nocaps, eurosign:e";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
hostKeys = [
|
||||||
|
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
24
makefu/1systems/shack-autoinstall/uefi-partition.sh
Normal file
24
makefu/1systems/shack-autoinstall/uefi-partition.sh
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
set -euf
|
||||||
|
p(){
|
||||||
|
parted -s ${disk} -- $@
|
||||||
|
}
|
||||||
|
p mklabel gpt
|
||||||
|
p mkpart primary fat32 1M 551M
|
||||||
|
p set 1 boot on
|
||||||
|
p mkpart primary linux-swap 51M 4647M
|
||||||
|
p mkpart primary ext2 4647M 100%
|
||||||
|
udevadm settle
|
||||||
|
mkfs.fat -nboot -F32 /dev/sda1
|
||||||
|
|
||||||
|
udevadm settle
|
||||||
|
mkswap ${disk}2 -L swap
|
||||||
|
swapon -L swap
|
||||||
|
mkfs.ext4 -L nixos ${disk}3
|
||||||
|
mount LABEL=nixos /mnt
|
||||||
|
mkdir /mnt/boot
|
||||||
|
mount LABEL=boot /mnt/boot
|
||||||
|
|
||||||
|
mkdir -p /mnt/etc/nixos
|
||||||
|
cp ${./shack-config.nix} /mnt/etc/nixos/configuration.nix
|
||||||
|
nixos-generate-config --root /mnt
|
@ -8,57 +8,32 @@
|
|||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
<stockholm/makefu>
|
<stockholm/makefu>
|
||||||
<stockholm/makefu/2configs/main-laptop.nix>
|
<stockholm/makefu/2configs/main-laptop.nix>
|
||||||
<stockholm/makefu/2configs/tools/all.nix>
|
# <stockholm/makefu/2configs/tools/all.nix>
|
||||||
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
|
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
||||||
# hardware specifics are in here
|
# hardware specifics are in here
|
||||||
# imports tp-x2x0.nix
|
# imports tp-x2x0.nix
|
||||||
# <stockholm/makefu/2configs/hw/tp-x200.nix>
|
<stockholm/makefu/2configs/hw/tp-x230.nix>
|
||||||
|
<stockholm/makefu/2configs/hw/bluetooth.nix>
|
||||||
|
<stockholm/makefu/2configs/hw/network-manager.nix>
|
||||||
|
|
||||||
# <stockholm/makefu/2configs/rad1o.nix>
|
# <stockholm/makefu/2configs/rad1o.nix>
|
||||||
|
|
||||||
<stockholm/makefu/2configs/zsh-user.nix>
|
<stockholm/makefu/2configs/zsh-user.nix>
|
||||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
<stockholm/makefu/2configs/exim-retiolum.nix>
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||||
|
|
||||||
|
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||||
|
{
|
||||||
|
programs.adb.enable = true;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
# not working in vm
|
|
||||||
krebs.build.host = config.krebs.hosts.tsp;
|
krebs.build.host = config.krebs.hosts.tsp;
|
||||||
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
|
boot.loader.grub.device = "/dev/sda";
|
||||||
boot.loader.grub.copyKernels = true;
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
25
|
25
|
||||||
];
|
];
|
||||||
|
|
||||||
# acer aspire
|
|
||||||
networking.wireless.enable = lib.mkDefault true;
|
|
||||||
|
|
||||||
services.xserver.synaptics.enable = true;
|
|
||||||
|
|
||||||
hardware.enableAllFirmware = true;
|
hardware.enableAllFirmware = true;
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
hardware.cpu.intel.updateMicrocode = true;
|
|
||||||
|
|
||||||
zramSwap.enable = true;
|
|
||||||
zramSwap.numDevices = 2;
|
|
||||||
|
|
||||||
services.tlp.enable = true;
|
|
||||||
services.tlp.extraConfig = ''
|
|
||||||
# BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
|
|
||||||
START_CHARGE_THRESH_BAT0=67
|
|
||||||
STOP_CHARGE_THRESH_BAT0=100
|
|
||||||
|
|
||||||
|
|
||||||
CPU_SCALING_GOVERNOR_ON_AC=performance
|
|
||||||
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
|
|
||||||
CPU_MIN_PERF_ON_AC=0
|
|
||||||
CPU_MAX_PERF_ON_AC=100
|
|
||||||
CPU_MIN_PERF_ON_BAT=0
|
|
||||||
CPU_MAX_PERF_ON_BAT=30
|
|
||||||
'';
|
|
||||||
|
|
||||||
powerManagement.resumeCommands = ''
|
|
||||||
${pkgs.rfkill}/bin/rfkill unblock all
|
|
||||||
'';
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,14 +1,16 @@
|
|||||||
#
|
#
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
with import <stockholm/lib>;
|
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[ # base
|
[ # base
|
||||||
<stockholm/makefu>
|
<stockholm/makefu>
|
||||||
<stockholm/makefu/2configs/nur.nix>
|
<stockholm/makefu/2configs/nur.nix>
|
||||||
|
<stockholm/makefu/2configs/home-manager>
|
||||||
|
<stockholm/makefu/2configs/home-manager/desktop.nix>
|
||||||
|
<stockholm/makefu/2configs/home-manager/cli.nix>
|
||||||
|
<stockholm/makefu/2configs/home-manager/mail.nix>
|
||||||
<stockholm/makefu/2configs/main-laptop.nix>
|
<stockholm/makefu/2configs/main-laptop.nix>
|
||||||
<stockholm/makefu/2configs/extra-fonts.nix>
|
<stockholm/makefu/2configs/extra-fonts.nix>
|
||||||
<stockholm/makefu/2configs/tools/all.nix>
|
<stockholm/makefu/2configs/tools/all.nix>
|
||||||
@ -43,6 +45,7 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/makefu/2configs/mail-client.nix>
|
<stockholm/makefu/2configs/mail-client.nix>
|
||||||
<stockholm/makefu/2configs/printer.nix>
|
<stockholm/makefu/2configs/printer.nix>
|
||||||
<stockholm/makefu/2configs/task-client.nix>
|
<stockholm/makefu/2configs/task-client.nix>
|
||||||
|
# <stockholm/makefu/2configs/syncthing.nix>
|
||||||
|
|
||||||
# Virtualization
|
# Virtualization
|
||||||
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
|
||||||
@ -149,4 +152,6 @@ with import <stockholm/lib>;
|
|||||||
"/home/makefu/backup/borgun"
|
"/home/makefu/backup/borgun"
|
||||||
"/home/makefu/.mail/"
|
"/home/makefu/.mail/"
|
||||||
];
|
];
|
||||||
|
services.syncthing.user = lib.mkForce "makefu";
|
||||||
|
services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
|
||||||
}
|
}
|
||||||
|
@ -6,5 +6,6 @@
|
|||||||
unstable = true;
|
unstable = true;
|
||||||
mic92 = true;
|
mic92 = true;
|
||||||
clever_kexec = true;
|
clever_kexec = true;
|
||||||
|
home-manager = true;
|
||||||
# torrent = true;
|
# torrent = true;
|
||||||
}
|
}
|
||||||
|
9
makefu/2configs/dcpp/client.nix
Normal file
9
makefu/2configs/dcpp/client.nix
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
{ # ncdc
|
||||||
|
environment.systemPackages = [ pkgs.ncdc ];
|
||||||
|
networking.firewall = {
|
||||||
|
allowedUDPPorts = [ 51411 ];
|
||||||
|
allowedTCPPorts = [ 51411 ];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -30,6 +30,7 @@ let
|
|||||||
|
|
||||||
'') dict)}
|
'') dict)}
|
||||||
'';
|
'';
|
||||||
|
uhubDir = "/var/lib/uhub";
|
||||||
|
|
||||||
in {
|
in {
|
||||||
users.extraUsers = singleton {
|
users.extraUsers = singleton {
|
||||||
@ -65,22 +66,31 @@ in {
|
|||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
PermissionsStartOnly = true;
|
PermissionsStartOnly = true;
|
||||||
ExecStartPre = pkgs.writeDash "uhub-pre" ''
|
ExecStartPre = pkgs.writeDash "uhub-pre" ''
|
||||||
cp ${toString <secrets/wildcard.krebsco.de.crt>} /tmp/uhub.crt
|
cp -f ${toString <secrets/wildcard.krebsco.de.crt>} ${uhubDir}/uhub.crt
|
||||||
cp ${toString <secrets/wildcard.krebsco.de.key>} /tmp/uhub.key
|
cp -f ${toString <secrets/wildcard.krebsco.de.key>} ${uhubDir}/uhub.key
|
||||||
cp ${toString <secrets/uhub.sql>} /tmp/uhub.sql
|
if test -d ${uhubDir};then
|
||||||
chown uhub /tmp/*
|
echo "Directory ${uhubDir} already exists, skipping db init"
|
||||||
|
else
|
||||||
|
echo "Copying sql user db"
|
||||||
|
cp ${toString <secrets/uhub.sql>} ${uhubDir}/uhub.sql
|
||||||
|
fi
|
||||||
|
chown -R uhub ${uhubDir}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
};
|
};
|
||||||
|
users.users.uhub = {
|
||||||
|
home = uhubDir;
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
services.uhub = {
|
services.uhub = {
|
||||||
enable = true;
|
enable = true;
|
||||||
port = 1511;
|
port = 1511;
|
||||||
enableTLS = true;
|
enableTLS = true;
|
||||||
hubConfig = ''
|
hubConfig = ''
|
||||||
hub_name = "krebshub"
|
hub_name = "krebshub"
|
||||||
tls_certificate = /tmp/uhub.crt
|
tls_certificate = ${uhubDir}/uhub.crt
|
||||||
tls_private_key = /tmp/uhub.key
|
tls_private_key = ${uhubDir}/uhub.key
|
||||||
registered_users_only = true
|
registered_users_only = true
|
||||||
'';
|
'';
|
||||||
plugins = {
|
plugins = {
|
||||||
welcome = {
|
welcome = {
|
||||||
@ -93,7 +103,7 @@ in {
|
|||||||
};
|
};
|
||||||
authSqlite = {
|
authSqlite = {
|
||||||
enable = true;
|
enable = true;
|
||||||
file = "/tmp/uhub.sql";
|
file = "${uhubDir}/uhub.sql";
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
@ -1,48 +1,43 @@
|
|||||||
{ pkgs, lib, ... }:
|
{ pkgs, lib, ... }:
|
||||||
let
|
let
|
||||||
tasmota_plug = name: topic: {
|
tasmota_plug = name: topic:
|
||||||
platform = "mqtt";
|
{ platform = "mqtt";
|
||||||
inherit name;
|
inherit name;
|
||||||
state_topic = "/bam/${topic}/stat/POWER";
|
state_topic = "/bam/${topic}/stat/POWER1";
|
||||||
command_topic = "/bam/${topic}/cmnd/POWER";
|
command_topic = "/bam/${topic}/cmnd/POWER1";
|
||||||
availability_topic = "/bam/${topic}/tele/LWT";
|
availability_topic = "/bam/${topic}/tele/LWT";
|
||||||
qos = 1;
|
payload_on= "ON";
|
||||||
payload_on= "ON";
|
payload_off= "OFF";
|
||||||
payload_off= "OFF";
|
payload_available= "Online";
|
||||||
payload_available= "Online";
|
payload_not_available= "Offline";
|
||||||
payload_not_available= "Offline";
|
};
|
||||||
retain= false;
|
|
||||||
};
|
|
||||||
espeasy_dht22 = name: [
|
espeasy_dht22 = name: [
|
||||||
{
|
{ platform = "mqtt";
|
||||||
platform = "mqtt";
|
name = "${name} DHT22 Temperature";
|
||||||
device_class = "temperature";
|
device_class = "temperature";
|
||||||
state_topic = "/bam/${name}/dht22/Temperature";
|
state_topic = "/bam/${name}/dht22/Temperature";
|
||||||
availability_topic = "/bam/${name}/status/LWT";
|
availability_topic = "/bam/${name}/tele/LWT";
|
||||||
payload_available = "Connected";
|
payload_available = "Online";
|
||||||
payload_not_available = "Connection Lost";
|
payload_not_available = "Offline";
|
||||||
}
|
}
|
||||||
{
|
{ platform = "mqtt";
|
||||||
platform = "mqtt";
|
device_class = "humidity";
|
||||||
device_class = "humidity";
|
name = "${name} DHT22 Humidity";
|
||||||
state_topic = "/bam/${name}/dht22/Temperature";
|
state_topic = "/bam/${name}/dht22/Humidity";
|
||||||
unit_of_measurement = "C";
|
availability_topic = "/bam/${name}/tele/LWT";
|
||||||
availability_topic = "/bam/${name}/status/LWT";
|
payload_available = "Online";
|
||||||
payload_available = "Connected";
|
payload_not_available = "Offline";
|
||||||
payload_not_available = "Connection Lost";
|
}];
|
||||||
}];
|
espeasy_ds18 = name:
|
||||||
espeasy_ds18 = name: [
|
{ platform = "mqtt";
|
||||||
{
|
name = "${name} DS18 Temperature";
|
||||||
platform = "mqtt";
|
state_topic = "/bam/${name}/ds18/Temperature";
|
||||||
device_class = "temperature";
|
availability_topic = "/bam/${name}/tele/LWT";
|
||||||
state_topic = "/bam/${name}/ds18/Temperature";
|
payload_available = "Online";
|
||||||
availability_topic = "/bam/${name}/status/LWT";
|
payload_not_available = "Offline";
|
||||||
payload_available = "Connected";
|
};
|
||||||
payload_not_available = "Connection Lost";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
in {
|
in {
|
||||||
|
networking.firewall.allowedTCPPorts = [ 8123 ];
|
||||||
nixpkgs.config.permittedInsecurePackages = [
|
nixpkgs.config.permittedInsecurePackages = [
|
||||||
"homeassistant-0.65.5"
|
"homeassistant-0.65.5"
|
||||||
];
|
];
|
||||||
@ -81,18 +76,19 @@ in {
|
|||||||
(tasmota_plug "Pluggy" "plug4")
|
(tasmota_plug "Pluggy" "plug4")
|
||||||
];
|
];
|
||||||
binary_sensor = [
|
binary_sensor = [
|
||||||
{ # esp_easy
|
{ platform = "mqtt";
|
||||||
platform = "mqtt";
|
|
||||||
device_class = "motion";
|
device_class = "motion";
|
||||||
|
name = "Motion";
|
||||||
state_topic = "/bam/easy2/movement/Switch";
|
state_topic = "/bam/easy2/movement/Switch";
|
||||||
payload_on = "1";
|
payload_on = "1";
|
||||||
payload_off = "0";
|
payload_off = "0";
|
||||||
availability_topic = "/bam/easy2/status/LWT";
|
availability_topic = "/bam/easy2/tele/LWT";
|
||||||
payload_available = "Connected";
|
payload_available = "Online";
|
||||||
payload_not_available = "Connection Lost";
|
payload_not_available = "Offline";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
sensor =
|
sensor =
|
||||||
|
(espeasy_dht22 "easy1") ++
|
||||||
(espeasy_dht22 "easy2") ++
|
(espeasy_dht22 "easy2") ++
|
||||||
[ (espeasy_ds18 "easy3" )
|
[ (espeasy_ds18 "easy3" )
|
||||||
{ platform = "luftdaten";
|
{ platform = "luftdaten";
|
||||||
|
@ -5,7 +5,10 @@ let
|
|||||||
home = "/var/lib/ampel";
|
home = "/var/lib/ampel";
|
||||||
sec = "${toString <secrets>}/google-muell.json";
|
sec = "${toString <secrets>}/google-muell.json";
|
||||||
ampelsec = "${home}/google-muell.json";
|
ampelsec = "${home}/google-muell.json";
|
||||||
esp = "192.168.1.23";
|
cred = "${toString <secrets>}/google-muell-creds.json";
|
||||||
|
# TODO: generate this credential file locally
|
||||||
|
ampelcred = "${home}/google-muell-creds.json";
|
||||||
|
esp = "192.168.8.204";
|
||||||
sleepval = "1800";
|
sleepval = "1800";
|
||||||
in {
|
in {
|
||||||
users.users.ampel = {
|
users.users.ampel = {
|
||||||
@ -21,10 +24,10 @@ in {
|
|||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = "ampel";
|
User = "ampel";
|
||||||
ExecStartPre = pkgs.writeDash "copy-ampel-secrets" ''
|
ExecStartPre = pkgs.writeDash "copy-ampel-secrets" ''
|
||||||
cp ${sec} ${ampelsec}
|
install -m600 -o ampel ${sec} ${ampelsec}
|
||||||
chown ampel ${ampelsec}
|
install -m600 -o ampel ${cred} ${ampelcred}
|
||||||
'';
|
'';
|
||||||
ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}";
|
ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}";
|
||||||
PermissionsStartOnly = true;
|
PermissionsStartOnly = true;
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
RestartSec = 10;
|
RestartSec = 10;
|
||||||
|
141
makefu/2configs/deployment/homeautomation/default.nix
Normal file
141
makefu/2configs/deployment/homeautomation/default.nix
Normal file
@ -0,0 +1,141 @@
|
|||||||
|
{ pkgs, config, ... }:
|
||||||
|
|
||||||
|
# Ideas:
|
||||||
|
## wake-on-lan server
|
||||||
|
##
|
||||||
|
let
|
||||||
|
firetv = "192.168.1.238";
|
||||||
|
tasmota_plug = name: topic:
|
||||||
|
{ platform = "mqtt";
|
||||||
|
inherit name;
|
||||||
|
state_topic = "/ham/${topic}/stat/POWER1";
|
||||||
|
command_topic = "/ham/${topic}/cmnd/POWER1";
|
||||||
|
availability_topic = "/ham/${topic}/tele/LWT";
|
||||||
|
payload_on= "ON";
|
||||||
|
payload_off= "OFF";
|
||||||
|
payload_available= "Online";
|
||||||
|
payload_not_available= "Offline";
|
||||||
|
};
|
||||||
|
tasmota_bme = name: topic:
|
||||||
|
[ { platform = "mqtt";
|
||||||
|
name = "${name} Temperatur";
|
||||||
|
state_topic = "/ham/${topic}/tele/SENSOR";
|
||||||
|
value_template = "{{ value_json.BME280.Temperature }}";
|
||||||
|
unit_of_measurement = "°C";
|
||||||
|
}
|
||||||
|
{ platform = "mqtt";
|
||||||
|
name = "${name} Luftfeuchtigkeit";
|
||||||
|
state_topic = "/ham/${topic}/tele/SENSOR";
|
||||||
|
value_template = "{{ value_json.BME280.Humidity }}";
|
||||||
|
unit_of_measurement = "%";
|
||||||
|
}
|
||||||
|
{ platform = "mqtt";
|
||||||
|
name = "${name} Luftdruck";
|
||||||
|
state_topic = "/ham/${topic}/tele/SENSOR";
|
||||||
|
value_template = "{{ value_json.BME280.Pressure }}";
|
||||||
|
unit_of_measurement = "hPa";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
./mqtt.nix
|
||||||
|
];
|
||||||
|
systemd.services.firetv = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
User = "nobody";
|
||||||
|
ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
nixpkgs.config.permittedInsecurePackages = [
|
||||||
|
"homeassistant-0.65.5"
|
||||||
|
];
|
||||||
|
services.home-assistant = {
|
||||||
|
config = {
|
||||||
|
homeassistant = {
|
||||||
|
name = "Home"; time_zone = "Europe/Berlin";
|
||||||
|
latitude = "48.7687";
|
||||||
|
longitude = "9.2478";
|
||||||
|
elevation = 247;
|
||||||
|
};
|
||||||
|
discovery = {};
|
||||||
|
conversation = {};
|
||||||
|
history = {};
|
||||||
|
logbook = {};
|
||||||
|
tts = [
|
||||||
|
{ platform = "google";}
|
||||||
|
];
|
||||||
|
sun.elevation = 247;
|
||||||
|
recorder = {};
|
||||||
|
media_player = [
|
||||||
|
{ platform = "kodi";
|
||||||
|
host = firetv;
|
||||||
|
}
|
||||||
|
{ platform = "firetv";
|
||||||
|
# assumes python-firetv running
|
||||||
|
}
|
||||||
|
];
|
||||||
|
mqtt = {
|
||||||
|
broker = "localhost";
|
||||||
|
port = 1883;
|
||||||
|
client_id = "home-assistant";
|
||||||
|
username = "hass";
|
||||||
|
password = builtins.readFile <secrets/mqtt/hass>;
|
||||||
|
keepalive = 60;
|
||||||
|
protocol = 3.1;
|
||||||
|
birth_message = {
|
||||||
|
topic = "/ham/hass/tele/LWT";
|
||||||
|
payload = "Online";
|
||||||
|
qos = 1;
|
||||||
|
retain = true;
|
||||||
|
};
|
||||||
|
will_message = {
|
||||||
|
topic = "/ham/hass/tele/LWT";
|
||||||
|
payload = "Offline";
|
||||||
|
qos = 1;
|
||||||
|
retain = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
sensor = [
|
||||||
|
{ platform = "speedtest";
|
||||||
|
monitored_conditions = [ "ping" "download" "upload" ];
|
||||||
|
}
|
||||||
|
{ platform = "luftdaten";
|
||||||
|
name = "Ditzingen";
|
||||||
|
sensorid = "663";
|
||||||
|
monitored_conditions = [ "P1" "P2" ];
|
||||||
|
}
|
||||||
|
# https://www.home-assistant.io/cookbook/automation_for_rainy_days/
|
||||||
|
{ platform = "darksky";
|
||||||
|
api_key = "c73619e6ea79e553a585be06aacf3679";
|
||||||
|
language = "de";
|
||||||
|
monitored_conditions = [ "summary" "icon"
|
||||||
|
"nearest_storm_distance" "precip_probability"
|
||||||
|
"precip_intensity"
|
||||||
|
"temperature" # "temperature_high" "temperature_low"
|
||||||
|
"hourly_summary"
|
||||||
|
"uv_index" ];
|
||||||
|
units = "si" ;
|
||||||
|
update_interval = {
|
||||||
|
days = 0;
|
||||||
|
hours = 0;
|
||||||
|
minutes = 10;
|
||||||
|
seconds = 0;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
] ++ (tasmota_bme "Schlafzimmer" "schlafzimmer");
|
||||||
|
frontend = { };
|
||||||
|
#group = [
|
||||||
|
# { default_view = { view = "yes"; entities = [
|
||||||
|
# "sensor.luftdaten"
|
||||||
|
# ]}
|
||||||
|
#];
|
||||||
|
http = { };
|
||||||
|
switch = [
|
||||||
|
(tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer")
|
||||||
|
];
|
||||||
|
};
|
||||||
|
enable = true;
|
||||||
|
#configDir = "/var/lib/hass";
|
||||||
|
};
|
||||||
|
}
|
24
makefu/2configs/deployment/homeautomation/mqtt.nix
Normal file
24
makefu/2configs/deployment/homeautomation/mqtt.nix
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
{ pkgs, config, ... }:
|
||||||
|
{
|
||||||
|
services.mosquitto = {
|
||||||
|
enable = true;
|
||||||
|
host = "0.0.0.0";
|
||||||
|
allowAnonymous = false;
|
||||||
|
checkPasswords = true;
|
||||||
|
# see <host>/mosquitto
|
||||||
|
users.sensor = {
|
||||||
|
hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg==";
|
||||||
|
acl = [ "topic readwrite #" ];
|
||||||
|
};
|
||||||
|
users.hass = {
|
||||||
|
hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA==";
|
||||||
|
acl = [ "topic readwrite #" ];
|
||||||
|
};
|
||||||
|
users.stats = {
|
||||||
|
hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA==";
|
||||||
|
acl = [ "topic read #" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
environment.systemPackages = [ pkgs.mosquitto ];
|
||||||
|
# port open via trusted interface
|
||||||
|
}
|
@ -1,5 +1,7 @@
|
|||||||
{config, ...}:
|
{config, ...}:
|
||||||
{
|
{
|
||||||
|
# fdisk /dev/sda
|
||||||
|
# mkfs.ext4 -L nixos /dev/sda1
|
||||||
boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true;
|
boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true;
|
||||||
boot.loader.grub.version = 2;
|
boot.loader.grub.version = 2;
|
||||||
|
|
||||||
|
@ -31,6 +31,7 @@ let
|
|||||||
ampel = { };
|
ampel = { };
|
||||||
europastats = { };
|
europastats = { };
|
||||||
arafetch = { };
|
arafetch = { };
|
||||||
|
disko = { };
|
||||||
init-stockholm = {
|
init-stockholm = {
|
||||||
cgit.desc = "Init stuff for stockholm";
|
cgit.desc = "Init stuff for stockholm";
|
||||||
};
|
};
|
||||||
|
12
makefu/2configs/home-manager/cli.nix
Normal file
12
makefu/2configs/home-manager/cli.nix
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
{
|
||||||
|
home-manager.users.makefu = {
|
||||||
|
services.gpg-agent = {
|
||||||
|
defaultCacheTtl = 900;
|
||||||
|
maxCacheTtl = 7200;
|
||||||
|
defaultCacheTtlSsh = 3600;
|
||||||
|
maxCacheTtlSsh = 86400;
|
||||||
|
enableSshSupport = true;
|
||||||
|
};
|
||||||
|
programs.fzf.enable = true; # alt-c
|
||||||
|
};
|
||||||
|
}
|
7
makefu/2configs/home-manager/default.nix
Normal file
7
makefu/2configs/home-manager/default.nix
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
{
|
||||||
|
imports = [
|
||||||
|
<home-manager/nixos>
|
||||||
|
];
|
||||||
|
home-manager.users.makefu = {
|
||||||
|
};
|
||||||
|
}
|
31
makefu/2configs/home-manager/desktop.nix
Normal file
31
makefu/2configs/home-manager/desktop.nix
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
{pkgs, ... }: {
|
||||||
|
home-manager.users.makefu = {
|
||||||
|
programs.browserpass = { browsers = [ "firefox" ] ; enable = true; };
|
||||||
|
services.network-manager-applet.enable = true;
|
||||||
|
services.blueman-applet.enable = true;
|
||||||
|
services.pasystray.enable = true;
|
||||||
|
|
||||||
|
systemd.user.services.network-manager-applet.Service.Environment = ''
|
||||||
|
XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
|
||||||
|
'';
|
||||||
|
systemd.user.services.clipit = {
|
||||||
|
Unit = {
|
||||||
|
Description = "clipboard manager";
|
||||||
|
After = [ "graphical-session-pre.target" ];
|
||||||
|
PartOf = [ "graphical-session.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
Install = {
|
||||||
|
WantedBy = [ "graphical-session.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
Service = {
|
||||||
|
Environment = ''
|
||||||
|
XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
|
||||||
|
'';
|
||||||
|
ExecStart = "${pkgs.clipit}/bin/clipit";
|
||||||
|
Restart = "on-abort";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
46
makefu/2configs/home-manager/mail.nix
Normal file
46
makefu/2configs/home-manager/mail.nix
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
{
|
||||||
|
home-manager.users.makefu = {
|
||||||
|
accounts.email.accounts.syntaxfehler = {
|
||||||
|
address = "felix.richter@syntax-fehler.de";
|
||||||
|
userName = "Felix.Richter@syntax-fehler.de";
|
||||||
|
imap = {
|
||||||
|
host = "syntax-fehler.de";
|
||||||
|
tls = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
smtp = {
|
||||||
|
host = "syntax-fehler.de";
|
||||||
|
tls = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
msmtp.enable = true;
|
||||||
|
notmuch.enable = true;
|
||||||
|
offlineimap = {
|
||||||
|
enable = true;
|
||||||
|
postSyncHookCommand = "notmuch new";
|
||||||
|
extraConfig.remote = {
|
||||||
|
holdconnectionopen = true;
|
||||||
|
idlefolders = "['INBOX']";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
primary = true;
|
||||||
|
realName = "Felix Richter";
|
||||||
|
passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.mail/syntax-fehler.gpg";
|
||||||
|
};
|
||||||
|
programs.offlineimap.enable = true;
|
||||||
|
programs.offlineimap.extraConfig = {
|
||||||
|
mbnames = {
|
||||||
|
filename = "~/.mutt/muttrc.mailboxes";
|
||||||
|
header = "'mailboxes '";
|
||||||
|
peritem = "'+%(accountname)s/%(foldername)s'";
|
||||||
|
sep = "' '";
|
||||||
|
footer = "'\\n'";
|
||||||
|
};
|
||||||
|
general = {
|
||||||
|
ui = "TTY.TTYUI";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -29,11 +29,14 @@
|
|||||||
# presumably a2dp Sink
|
# presumably a2dp Sink
|
||||||
# Enable profile:
|
# Enable profile:
|
||||||
## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink
|
## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink
|
||||||
hardware.bluetooth.extraConfig = '';
|
|
||||||
[general]
|
|
||||||
Enable=Source,Sink,Media,Socket
|
|
||||||
'';
|
|
||||||
|
|
||||||
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
|
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
|
||||||
hardware.bluetooth.enable = true;
|
hardware.bluetooth = {
|
||||||
|
enable = true;
|
||||||
|
powerOnBoot = false;
|
||||||
|
extraConfig = ''
|
||||||
|
[general]
|
||||||
|
Enable=Source,Sink,Media,Socket
|
||||||
|
'';
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
47
makefu/2configs/mail/mail.euer.nix
Normal file
47
makefu/2configs/mail/mail.euer.nix
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
(builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.1.4/nixos-mailserver-v2.1.4.tar.gz")
|
||||||
|
];
|
||||||
|
|
||||||
|
mailserver = {
|
||||||
|
enable = true;
|
||||||
|
fqdn = "euer.eloop.org";
|
||||||
|
domains = [ "euer.eloop.org" ];
|
||||||
|
loginAccounts = {
|
||||||
|
"makefu@euer.eloop.org" = {
|
||||||
|
hashedPassword = "$6$5gFFAPnI/c/EHIx$3aHj64p5SX./C.MPb.eBmyLDRdWS1yaoV0s9r3Yexw4UO9URdUkBDgqT7F0Mjgt6.gyYaJ5E50h0Yg7iHtLWI/";
|
||||||
|
aliases = [ "root@euer.eloop.org" ];
|
||||||
|
catchAll = [ "euer.eloop.org" ];
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
certificateScheme = 3;
|
||||||
|
|
||||||
|
# Enable IMAP and POP3
|
||||||
|
enableImap = true;
|
||||||
|
enablePop3 = false;
|
||||||
|
enableImapSsl = true;
|
||||||
|
enablePop3Ssl = false;
|
||||||
|
|
||||||
|
# Enable the ManageSieve protocol
|
||||||
|
enableManageSieve = true;
|
||||||
|
|
||||||
|
virusScanning = false;
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
services.dovecot2.extraConfig = ''
|
||||||
|
ssl_dh = </var/lib/dhparams/dovecot.pem
|
||||||
|
'';
|
||||||
|
# workaround for DH creation
|
||||||
|
# security.dhparams = {
|
||||||
|
# enable = true;
|
||||||
|
# params = {
|
||||||
|
# dovecot = 2048;
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
# systemd.services.dovecot2.requires = [ "dhparams-gen-dovecot.service" ];
|
||||||
|
# systemd.services.dovecot2.after = [ "dhparams-gen-dovecot.service" ];
|
||||||
|
}
|
||||||
|
|
@ -4,6 +4,7 @@
|
|||||||
enable = true;
|
enable = true;
|
||||||
host = "0.0.0.0";
|
host = "0.0.0.0";
|
||||||
users = {};
|
users = {};
|
||||||
|
# TODO: secure that shit
|
||||||
allowAnonymous = true;
|
allowAnonymous = true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -10,7 +10,12 @@ let
|
|||||||
in {
|
in {
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = mkDefault true;
|
enable = mkDefault true;
|
||||||
virtualHosts."mon.euer.krebsco.de" = {
|
virtualHosts."mon.euer.krebsco.de" = let
|
||||||
|
# flesh_wrap
|
||||||
|
authFile = pkgs.writeText "influx.conf" ''
|
||||||
|
user:$apr1$ZG9oQCum$FhtIe/cl3jf8Sa4zq/BWd1
|
||||||
|
'';
|
||||||
|
in {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
@ -21,6 +26,17 @@ in {
|
|||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
locations."/influxdb/" = {
|
||||||
|
proxyPass = "http://wbob.r:8086/";
|
||||||
|
extraConfig = ''
|
||||||
|
auth_basic "Needs Autherization to visit";
|
||||||
|
auth_basic_user_file ${authFile};
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_redirect off;
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
43
makefu/2configs/nginx/iso.euer.nix
Normal file
43
makefu/2configs/nginx/iso.euer.nix
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
let
|
||||||
|
system = builtins.currentSystem; #we can also build for other platforms
|
||||||
|
iso = (import <nixpkgs/nixos/lib/eval-config.nix>
|
||||||
|
{ inherit system;
|
||||||
|
modules = [ ../../1systems/iso/config.nix ]; }
|
||||||
|
|
||||||
|
);
|
||||||
|
image = iso.config.system.build.isoImage;
|
||||||
|
name = iso.config.isoImage.isoName;
|
||||||
|
|
||||||
|
drivedroid-cfg = builtins.toJSON [{
|
||||||
|
id = "stockholm";
|
||||||
|
imageUrl = http://krebsco.de/krebs-v2.png;
|
||||||
|
name = "stockholm";
|
||||||
|
tags = [ "hybrid" ];
|
||||||
|
url = http://krebsco.de;
|
||||||
|
releases = [
|
||||||
|
{ version = iso.config.system.nixos.label;
|
||||||
|
url = "/stockholm.iso";
|
||||||
|
arch = system; }
|
||||||
|
];
|
||||||
|
# size = TODO;
|
||||||
|
}];
|
||||||
|
web = pkgs.linkFarm "web" [{
|
||||||
|
name = "drivedroid.json";
|
||||||
|
path = pkgs.writeText "drivedroid.json" drivedroid-cfg; }
|
||||||
|
{ name = "stockholm.iso";
|
||||||
|
path = "${image}/iso/${name}"; }
|
||||||
|
];
|
||||||
|
in
|
||||||
|
{
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts = {
|
||||||
|
"iso.euer.krebsco.de" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
root = web;
|
||||||
|
locations."/".index = "drivedroid.json";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -3,7 +3,7 @@
|
|||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = lib.mkDefault true;
|
enable = lib.mkDefault true;
|
||||||
virtualHosts."misa-felix-hochzeit.ml" = {
|
virtualHosts."misa-felix-hochzeit.ml" = {
|
||||||
serverAliases = [ "www.misa-felix-hochzeit.ml" "misa-felix.ml" "www.misa-felix.ml" ];
|
serverAliases = [ "misa-felix.ml" "www.misa-felix.ml" ];
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations = {
|
locations = {
|
||||||
|
@ -1,11 +1,10 @@
|
|||||||
{
|
{config,...}:{
|
||||||
nix.trustedUsers = [ "nixBuild" ];
|
nix.trustedUsers = [ "nixBuild" ];
|
||||||
users.users.nixBuild = {
|
users.users.nixBuild = {
|
||||||
name = "nixBuild";
|
name = "nixBuild";
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
# TODO: put this somewhere else
|
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild"
|
config.krebs.users.buildbotSlave.pubkey
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user