Merge remote-tracking branch 'gum/master'

krebs/5pkgs/krebszones/default.nix

@@ -1,5 +1,10 @@
 { lib, pkgs,python3Packages,fetchurl, ... }:
 
+# TODO: Prepare a diff of future and current
+## ovh-zone export krebsco.de --config ~/secrets/krebs/cfg.json |sed 's/[ ]\+/ /g' | sort current
+## sed 's/[ ]\+/ /g'/etc/zones/krebsco.de | sort > future
+## diff future.sorted current.sorted
+
 python3Packages.buildPythonPackage rec {
   name = "krebszones-${version}";
   version = "0.4.4";

makefu/1systems/gum.nix

@@ -21,7 +21,7 @@ in {
 
   ];
 
-
+  services.smartd.devices = [ { device = "/dev/sda";} ];
   nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
 
   ###### stable
@@ -32,6 +32,9 @@ in {
     ListenAddress = ${external-ip} 655
     ListenAddress = ${external-ip} 21031
   '';
+  krebs.nginx.servers.cgit.server-names = [
+    "cgit.euer.krebsco.de"
+  ];
 
   # Chat
   environment.systemPackages = with pkgs;[

makefu/1systems/omo.nix

@@ -27,10 +27,21 @@ in {
       ../2configs/exim-retiolum.nix
       ../2configs/smart-monitor.nix
       ../2configs/mail-client.nix
+      ../2configs/share-user-sftp.nix
+      ../2configs/nginx/omo-share.nix
       ../3modules
     ];
+  # services.openssh.allowSFTP = false;
   krebs.build.host = config.krebs.hosts.omo;
+  krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
+
+  # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
+  services.sabnzbd.enable = true;
+  systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+
+  # HDD Array stuff
   services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
+
   makefu.snapraid = let
     toMapper = id: "/media/crypt${builtins.toString id}";
   in {
@@ -38,7 +49,6 @@ in {
     disks = map toMapper [ 0 1 ];
     parity = toMapper 2;
   };
-  # AMD E350
   fileSystems = let
     cryptMount = name:
       { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
@@ -56,6 +66,7 @@ in {
       ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
       ${pkgs.hdparm}/sbin/hdparm -y ${disk}
     '') allDisks);
+
   boot = {
     initrd.luks = {
       devices = let
@@ -87,10 +98,14 @@ in {
   };
 
   networking.firewall.allowedUDPPorts = [ 655 ];
+  # 8080: sabnzbd
+  networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
+
   hardware.enableAllFirmware = true;
   hardware.cpu.amd.updateMicrocode = true;
 
-  #zramSwap.enable = true;
+  zramSwap.enable = true;
   zramSwap.numDevices = 2;
 
+
 }

makefu/1systems/pornocauster.nix

@@ -35,12 +35,14 @@
       # ../2configs/mediawiki.nix
       #../2configs/wordpress.nix
     ];
+  hardware.sane.enable = true;
+  hardware.sane.extraBackends = [ pkgs.samsungUnifiedLinuxDriver ];
   nixpkgs.config.packageOverrides = pkgs: {
     tinc = pkgs.tinc_pre;
   };
 
   krebs.Reaktor = {
-    enable = true;
+    enable = false;
     nickname = "makefu|r";
     plugins = with pkgs.ReaktorPlugins; [ nixos-version random-emoji ];
   };
@@ -59,6 +61,7 @@
   hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" ''
     ${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"}
     load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"'';
+  networking.firewall.enable = false;
   networking.firewall.allowedTCPPorts = [
     25
   ];

makefu/2configs/default.nix

@@ -13,7 +13,7 @@ with lib;
     ./vim.nix
   ];
 
-
+  nixpkgs.config.allowUnfreePredicate =  (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
   krebs = {
     enable = true;
     search-domain = "retiolum";
@@ -65,7 +65,12 @@ with lib;
   time.timeZone = "Europe/Berlin";
   #nix.maxJobs = 1;
 
-  programs.ssh.startAgent = false;
+  programs.ssh = {
+    startAgent = false;
+    extraConfig = ''
+      UseRoaming no
+    '';
+  };
   services.openssh.enable = true;
   nix.useChroot = true;
 

makefu/2configs/hw/tp-x2x0.nix

@@ -24,5 +24,12 @@ with lib;
   services.tlp.enable = true;
   services.tlp.extraConfig = ''
   START_CHARGE_THRESH_BAT0=80
+
+  CPU_SCALING_GOVERNOR_ON_AC=performance
+  CPU_SCALING_GOVERNOR_ON_BAT=ondemand
+  CPU_MIN_PERF_ON_AC=0
+  CPU_MAX_PERF_ON_AC=100
+  CPU_MIN_PERF_ON_BAT=0
+  CPU_MAX_PERF_ON_BAT=30
   '';
 }

makefu/2configs/nginx/omo-share.nix

@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  hostname = config.krebs.build.host.name;
+  # TODO local-ip from the nets config
+  local-ip = "192.168.1.11";
+  # local-ip = head config.krebs.build.host.nets.retiolum.addrs4;
+in {
+  krebs.nginx = {
+    enable = mkDefault true;
+    servers = {
+      omo-share = {
+        listen = [ "${local-ip}:80" ];
+        locations = singleton (nameValuePair "/" ''
+          autoindex on;
+          root /media;
+          limit_rate_after 100m;
+          limit_rate 5m;
+          mp4_buffer_size     4M;
+          mp4_max_buffer_size 10M;
+          allow all;
+          access_log off;
+          keepalive_timeout  65;
+          keepalive_requests 200;
+          reset_timedout_connection on;
+          sendfile on;
+          tcp_nopush on;
+          gzip off;
+        '');
+      };
+    };
+  };
+}

makefu/2configs/share-user-sftp.nix

@@ -0,0 +1,21 @@
+{ config, ... }:
+
+{
+  users.users = {
+    share = {
+      uid = 9002;
+      home = "/var/empty";
+      openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
+    };
+  };
+  # we will use internal-sftp to make uncomplicated Chroot work
+  services.openssh.extraConfig = ''
+    Match User share
+      ChrootDirectory /media
+      ForceCommand internal-sftp
+      AllowTcpForwarding no
+      PermitTunnel no
+      X11Forwarding no
+    Match All
+  '';
+}

makefu/2configs/smart-monitor.nix

@@ -3,6 +3,7 @@
   krebs.exim-retiolum.enable = lib.mkDefault true;
   services.smartd = {
     enable = true;
+    autodetect = false;
     notifications = {
       mail = {
         enable = true;
@@ -12,8 +13,6 @@
     # short daily, long weekly, check on boot
     defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
 
-    devices = lib.mkDefault [{
-      device = "/dev/sda";
-    }];
+    devices = lib.mkDefault [ ];
   };
 }

makefu/2configs/vim.nix

@@ -122,7 +122,7 @@ in {
       vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
       vimrcConfig.vam.pluginDictionaries = [
         { names = [ "undotree"
-          "YouCompleteMe"
+          # "YouCompleteMe"
           "vim-better-whitespace" ]; }
         { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
       ];

makefu/2configs/virtualization.nix

@@ -5,4 +5,5 @@ let
 in {
   virtualisation.libvirtd.enable = true;
   users.extraUsers.${mainUser.name}.extraGroups = [ "libvirtd" ];
+  networking.firewall.checkReversePath = false; # TODO: unsolved issue in nixpkgs:#9067 [bug]
 }

makefu/2configs/wwan.nix

@@ -1,33 +1,9 @@
-{ config, lib, pkgs, ... }:
+_:
 
-#usage: $ wvdial
-
-let
-  mainUser = config.krebs.build.user;
-in {
-  environment.systemPackages = with pkgs;[
-    wvdial
-  ];
-
-  environment.shellAliases = {
-    umts = "sudo wvdial netzclub";
+{
+  imports = [ ../3modules ];
+  makefu.umts = {
+    enable = true;
+    modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01";
   };
-
-  # configure for NETZCLUB
-  environment.wvdial.dialerDefaults = ''
-    Phone = *99***1#
-    Dial Command = ATDT
-    Modem = /dev/ttyACM0
-    Baud = 460800
-    Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
-    Init2 = ATZ
-    Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
-    ISDN = 0
-    Modem Type = Analog Modem
-    Username = netzclub
-    Password = netzclub
-    Stupid Mode = 1
-    Idle Seconds = 0'';
-
-  users.extraUsers.${mainUser.name}.extraGroups = [ "dialout" ];
 }

makefu/2configs/zsh-user.nix

@@ -19,8 +19,7 @@ in
       bindkey -e
       # shift-tab
       bindkey '^[[Z' reverse-menu-complete
-
-      autoload -U compinit && compinit
+      bindkey "\e[3~" delete-char
       zstyle ':completion:*' menu select
 
       # load gpg-agent

makefu/3modules/default.nix

@@ -3,6 +3,7 @@ _:
 {
   imports = [
     ./snapraid.nix
+    ./umts.nix
   ];
 }
 

makefu/3modules/umts.nix

@@ -0,0 +1,76 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  # TODO: currently it is only netzclub
+  umts-bin = pkgs.writeScriptBin "umts" ''
+    #!/bin/sh
+    set -euf
+    systemctl start umts
+    trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT
+    echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
+    journalctl -xfu umts
+  '';
+
+  wvdial-defaults = ''
+    Phone = *99***1#
+    Dial Command = ATDT
+    Modem = ${cfg.modem-device}
+    Baud = 460800
+    Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
+    Init2 = ATZ
+    Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
+    ISDN = 0
+    Modem Type = Analog Modem
+    Username = netzclub
+    Password = netzclub
+    Stupid Mode = 1
+    Idle Seconds = 0'';
+
+  cfg = config.makefu.umts;
+
+  out = {
+    options.makefu.umts = api;
+    config = mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "umts";
+
+    modem-device = mkOption {
+      default = "/dev/ttyUSB0";
+      type = types.str;
+      description = ''
+        path to modem device, use <filename>/dev/serial/by-id/...</filename>
+        to avoid race conditions.
+      '';
+    };
+  };
+
+  imp = {
+    environment.shellAliases = {
+      umts = "sudo ${umts-bin}/bin/umts";
+    };
+    environment.systemPackages = [ ];
+
+    environment.wvdial.dialerDefaults = wvdial-defaults;
+
+    systemd.targets.network-umts = {
+      description = "System is running on UMTS";
+      unitConfig.StopWhenUnneeded = true;
+    };
+
+    systemd.services.umts = {
+      description = "UMTS wvdial Service";
+      before = [ "network-umts.target" ];
+
+      serviceConfig = {
+        Type = "simple";
+        Restart = "always";
+        RestartSec = "4s";
+        ExecStart = "${pkgs.wvdial}/bin/wvdial -n";
+      };
+    };
+  };
+in out

shared/1systems/test-minimal-deploy.nix

@@ -5,7 +5,7 @@
     build.user = config.krebs.users.shared;
     build.host = config.krebs.hosts.test-all-krebs-modules;
   };
-  # just get the system running
+  # just get the system to eval in nixos without errors
   boot.loader.grub.devices = ["/dev/sda"];
   fileSystems."/" = {
     device = "/dev/lol";