From c47c07d4274dfcf2cfe82bc087e2eace2a4b62b3 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Jan 2016 03:37:38 +0100 Subject: [PATCH 01/12] ma 1 omo: add sabnzbd; --- makefu/1systems/omo.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index e19205a95..3daa74cf2 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -30,7 +30,14 @@ in { ../3modules ]; krebs.build.host = config.krebs.hosts.omo; + + # copy config from to /var/lib/sabnzbd/ + services.sabnzbd.enable = true; + systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + + # HDD Array stuff services.smartd.devices = builtins.map (x: { device = x; }) allDisks; + makefu.snapraid = let toMapper = id: "/media/crypt${builtins.toString id}"; in { @@ -38,7 +45,6 @@ in { disks = map toMapper [ 0 1 ]; parity = toMapper 2; }; - # AMD E350 fileSystems = let cryptMount = name: { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; @@ -56,6 +62,7 @@ in { ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} ${pkgs.hdparm}/sbin/hdparm -y ${disk} '') allDisks); + boot = { initrd.luks = { devices = let @@ -87,10 +94,13 @@ in { }; networking.firewall.allowedUDPPorts = [ 655 ]; + # 8080: sabnzbd + networking.firewall.allowedTCPPorts = [ 655 8080 ]; + hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; - #zramSwap.enable = true; + zramSwap.enable = true; zramSwap.numDevices = 2; } From f678d7e083c596e06057b8037dc1c321842ce838 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 13 Jan 2016 23:20:40 +0100 Subject: [PATCH 02/12] ma 2 zsh-user: compinit is being automatically --- makefu/2configs/hw/tp-x2x0.nix | 7 +++++++ makefu/2configs/zsh-user.nix | 3 +-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 047895ce6..ebc72a06e 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -24,5 +24,12 @@ with lib; services.tlp.enable = true; services.tlp.extraConfig = '' START_CHARGE_THRESH_BAT0=80 + + CPU_SCALING_GOVERNOR_ON_AC=performance + CPU_SCALING_GOVERNOR_ON_BAT=ondemand + CPU_MIN_PERF_ON_AC=0 + CPU_MAX_PERF_ON_AC=100 + CPU_MIN_PERF_ON_BAT=0 + CPU_MAX_PERF_ON_BAT=30 ''; } diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 1b1762418..f79f258f3 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -19,8 +19,7 @@ in bindkey -e # shift-tab bindkey '^[[Z' reverse-menu-complete - - autoload -U compinit && compinit + bindkey "\e[3~" delete-char zstyle ':completion:*' menu select # load gpg-agent From e0b71680b0da8a12d2fcc54cff25a71d5a408075 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 14 Jan 2016 11:15:20 +0100 Subject: [PATCH 03/12] ma 2 virtualization: add firewall exception for checkReversePath --- makefu/2configs/virtualization.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/virtualization.nix b/makefu/2configs/virtualization.nix index b3f8c8284..b90467ab8 100644 --- a/makefu/2configs/virtualization.nix +++ b/makefu/2configs/virtualization.nix @@ -5,4 +5,5 @@ let in { virtualisation.libvirtd.enable = true; users.extraUsers.${mainUser.name}.extraGroups = [ "libvirtd" ]; + networking.firewall.checkReversePath = false; # TODO: unsolved issue in nixpkgs:#9067 [bug] } From 1e845f7b765c4039f7541fb3542ba2bf76bb323c Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 14 Jan 2016 12:42:52 +0100 Subject: [PATCH 04/12] ma 1 omo: use sftp share --- makefu/1systems/omo.nix | 4 ++++ makefu/2configs/share-user-sftp.nix | 21 +++++++++++++++++++++ makefu/2configs/smart-monitor.nix | 4 +--- 3 files changed, 26 insertions(+), 3 deletions(-) create mode 100644 makefu/2configs/share-user-sftp.nix diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 3daa74cf2..2a657995c 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -27,9 +27,12 @@ in { ../2configs/exim-retiolum.nix ../2configs/smart-monitor.nix ../2configs/mail-client.nix + ../2configs/share-user-sftp.nix ../3modules ]; + # services.openssh.allowSFTP = false; krebs.build.host = config.krebs.hosts.omo; + # copy config from to /var/lib/sabnzbd/ services.sabnzbd.enable = true; @@ -103,4 +106,5 @@ in { zramSwap.enable = true; zramSwap.numDevices = 2; + } diff --git a/makefu/2configs/share-user-sftp.nix b/makefu/2configs/share-user-sftp.nix new file mode 100644 index 000000000..2c93143ec --- /dev/null +++ b/makefu/2configs/share-user-sftp.nix @@ -0,0 +1,21 @@ +{ config, ... }: + +{ + users.users = { + share = { + uid = 9002; + home = "/var/empty"; + openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; + }; + }; + # we will use internal-sftp to make uncomplicated Chroot work + services.openssh.extraConfig = '' + Match User share + ChrootDirectory /media + ForceCommand internal-sftp + AllowTcpForwarding no + PermitTunnel no + X11Forwarding no + Match All + ''; +} diff --git a/makefu/2configs/smart-monitor.nix b/makefu/2configs/smart-monitor.nix index 9b0290a9b..a37969d3d 100644 --- a/makefu/2configs/smart-monitor.nix +++ b/makefu/2configs/smart-monitor.nix @@ -12,8 +12,6 @@ # short daily, long weekly, check on boot defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)"; - devices = lib.mkDefault [{ - device = "/dev/sda"; - }]; + devices = lib.mkDefault [ ]; }; } From 1d18ada0773443fddd22ddce04373da782b034a7 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 14 Jan 2016 12:43:59 +0100 Subject: [PATCH 05/12] ma 3 umts: init --- makefu/1systems/pornocauster.nix | 5 ++- makefu/2configs/wwan.nix | 36 +++------------ makefu/3modules/default.nix | 1 + makefu/3modules/umts.nix | 76 ++++++++++++++++++++++++++++++++ 4 files changed, 87 insertions(+), 31 deletions(-) create mode 100644 makefu/3modules/umts.nix diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 690e26b36..d7fa8edc5 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -35,12 +35,14 @@ # ../2configs/mediawiki.nix #../2configs/wordpress.nix ]; + hardware.sane.enable = true; + hardware.sane.extraBackends = [ pkgs.samsungUnifiedLinuxDriver ]; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; krebs.Reaktor = { - enable = true; + enable = false; nickname = "makefu|r"; plugins = with pkgs.ReaktorPlugins; [ nixos-version random-emoji ]; }; @@ -59,6 +61,7 @@ hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" '' ${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"} load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"''; + networking.firewall.enable = false; networking.firewall.allowedTCPPorts = [ 25 ]; diff --git a/makefu/2configs/wwan.nix b/makefu/2configs/wwan.nix index 29a610ac6..1e76cd28a 100644 --- a/makefu/2configs/wwan.nix +++ b/makefu/2configs/wwan.nix @@ -1,33 +1,9 @@ -{ config, lib, pkgs, ... }: +_: -#usage: $ wvdial - -let - mainUser = config.krebs.build.user; -in { - environment.systemPackages = with pkgs;[ - wvdial - ]; - - environment.shellAliases = { - umts = "sudo wvdial netzclub"; +{ + imports = [ ../3modules ]; + makefu.umts = { + enable = true; + modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01"; }; - - # configure for NETZCLUB - environment.wvdial.dialerDefaults = '' - Phone = *99***1# - Dial Command = ATDT - Modem = /dev/ttyACM0 - Baud = 460800 - Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 - Init2 = ATZ - Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 - ISDN = 0 - Modem Type = Analog Modem - Username = netzclub - Password = netzclub - Stupid Mode = 1 - Idle Seconds = 0''; - - users.extraUsers.${mainUser.name}.extraGroups = [ "dialout" ]; } diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 218c9138e..f007a8418 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -3,6 +3,7 @@ _: { imports = [ ./snapraid.nix + ./umts.nix ]; } diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix new file mode 100644 index 000000000..d7be45f62 --- /dev/null +++ b/makefu/3modules/umts.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + # TODO: currently it is only netzclub + umts-bin = pkgs.writeScriptBin "umts" '' + #!/bin/sh + set -euf + systemctl start umts + trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT + echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf + journalctl -xfu umts + ''; + + wvdial-defaults = '' + Phone = *99***1# + Dial Command = ATDT + Modem = ${cfg.modem-device} + Baud = 460800 + Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + Init2 = ATZ + Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 + ISDN = 0 + Modem Type = Analog Modem + Username = netzclub + Password = netzclub + Stupid Mode = 1 + Idle Seconds = 0''; + + cfg = config.makefu.umts; + + out = { + options.makefu.umts = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "umts"; + + modem-device = mkOption { + default = "/dev/ttyUSB0"; + type = types.str; + description = '' + path to modem device, use /dev/serial/by-id/... + to avoid race conditions. + ''; + }; + }; + + imp = { + environment.shellAliases = { + umts = "sudo ${umts-bin}/bin/umts"; + }; + environment.systemPackages = [ ]; + + environment.wvdial.dialerDefaults = wvdial-defaults; + + systemd.targets.network-umts = { + description = "System is running on UMTS"; + unitConfig.StopWhenUnneeded = true; + }; + + systemd.services.umts = { + description = "UMTS wvdial Service"; + before = [ "network-umts.target" ]; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + RestartSec = "4s"; + ExecStart = "${pkgs.wvdial}/bin/wvdial -n"; + }; + }; + }; +in out From 7a0480e5fe2b0b0762e56caa1878f7ada8cb76e1 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 14 Jan 2016 17:30:02 +0100 Subject: [PATCH 06/12] ma 1 minimal: cosmetics --- shared/1systems/test-minimal-deploy.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/1systems/test-minimal-deploy.nix b/shared/1systems/test-minimal-deploy.nix index ddd96f6b5..309e28950 100644 --- a/shared/1systems/test-minimal-deploy.nix +++ b/shared/1systems/test-minimal-deploy.nix @@ -5,7 +5,7 @@ build.user = config.krebs.users.shared; build.host = config.krebs.hosts.test-all-krebs-modules; }; - # just get the system running + # just get the system to eval in nixos without errors boot.loader.grub.devices = ["/dev/sda"]; fileSystems."/" = { device = "/dev/lol"; From 2ef651f78d0b8e2bf19f9bdbbfa982a0a5991c22 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 16 Jan 2016 01:30:37 +0100 Subject: [PATCH 07/12] ma 2 default: useroaming no, omo: provide share --- makefu/1systems/omo.nix | 4 ++-- makefu/2configs/default.nix | 7 +++++- makefu/2configs/nginx/omo-share.nix | 34 +++++++++++++++++++++++++++++ 3 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 makefu/2configs/nginx/omo-share.nix diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 2a657995c..e11665fbc 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -28,11 +28,11 @@ in { ../2configs/smart-monitor.nix ../2configs/mail-client.nix ../2configs/share-user-sftp.nix + ../2configs/nginx/omo-share.nix ../3modules ]; # services.openssh.allowSFTP = false; krebs.build.host = config.krebs.hosts.omo; - # copy config from to /var/lib/sabnzbd/ services.sabnzbd.enable = true; @@ -98,7 +98,7 @@ in { networking.firewall.allowedUDPPorts = [ 655 ]; # 8080: sabnzbd - networking.firewall.allowedTCPPorts = [ 655 8080 ]; + networking.firewall.allowedTCPPorts = [ 80 655 8080 ]; hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 7593eaff7..7771e24d4 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -65,7 +65,12 @@ with lib; time.timeZone = "Europe/Berlin"; #nix.maxJobs = 1; - programs.ssh.startAgent = false; + programs.ssh = { + startAgent = false; + extraConfig = '' + UseRoaming no + ''; + }; services.openssh.enable = true; nix.useChroot = true; diff --git a/makefu/2configs/nginx/omo-share.nix b/makefu/2configs/nginx/omo-share.nix new file mode 100644 index 000000000..ce85e0442 --- /dev/null +++ b/makefu/2configs/nginx/omo-share.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + hostname = config.krebs.build.host.name; + # TODO local-ip from the nets config + local-ip = "192.168.1.11"; + # local-ip = head config.krebs.build.host.nets.retiolum.addrs4; +in { + krebs.nginx = { + enable = mkDefault true; + servers = { + omo-share = { + listen = [ "${local-ip}:80" ]; + locations = singleton (nameValuePair "/" '' + autoindex on; + root /media; + limit_rate_after 100m; + limit_rate 5m; + mp4_buffer_size 4M; + mp4_max_buffer_size 10M; + allow all; + access_log off; + keepalive_timeout 65; + keepalive_requests 200; + reset_timedout_connection on; + sendfile on; + tcp_nopush on; + gzip off; + ''); + }; + }; + }; +} From ce10f57b3be0042ccf01ed2605ef9911537552cf Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 17 Jan 2016 00:30:00 +0100 Subject: [PATCH 08/12] k 5 krebszones: add todo/doc --- krebs/5pkgs/krebszones/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/krebs/5pkgs/krebszones/default.nix b/krebs/5pkgs/krebszones/default.nix index f6fd672dc..9230192bd 100644 --- a/krebs/5pkgs/krebszones/default.nix +++ b/krebs/5pkgs/krebszones/default.nix @@ -1,5 +1,10 @@ { lib, pkgs,python3Packages,fetchurl, ... }: +# TODO: Prepare a diff of future and current +## ovh-zone export krebsco.de --config ~/secrets/krebs/cfg.json |sed 's/[ ]\+/ /g' | sort current +## sed 's/[ ]\+/ /g'/etc/zones/krebsco.de | sort > future +## diff future.sorted current.sorted + python3Packages.buildPythonPackage rec { name = "krebszones-${version}"; version = "0.4.4"; From f42d23f69bb84186b5218cfa49e1321a80acc293 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 17 Jan 2016 00:40:06 +0100 Subject: [PATCH 09/12] ma 2 smart-monitor: disable autodetection --- makefu/1systems/gum.nix | 5 ++++- makefu/2configs/smart-monitor.nix | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 1907424ec..ac7524506 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -21,7 +21,7 @@ in { ]; - + services.smartd.devices = [ { device = "/dev/sda";} ]; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; ###### stable @@ -32,6 +32,9 @@ in { ListenAddress = ${external-ip} 655 ListenAddress = ${external-ip} 21031 ''; + krebs.nginx.servers.cgit.server-names = [ + "cgit.euer.krebsco.de" + ]; # Chat environment.systemPackages = with pkgs;[ diff --git a/makefu/2configs/smart-monitor.nix b/makefu/2configs/smart-monitor.nix index a37969d3d..daf3aad01 100644 --- a/makefu/2configs/smart-monitor.nix +++ b/makefu/2configs/smart-monitor.nix @@ -3,6 +3,7 @@ krebs.exim-retiolum.enable = lib.mkDefault true; services.smartd = { enable = true; + autodetect = false; notifications = { mail = { enable = true; From 908149206b4680c951487d9ddded6636b35cd4d9 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 17 Jan 2016 00:40:26 +0100 Subject: [PATCH 10/12] ma 1 omo: bump to unstable@2016-01-13 --- makefu/1systems/omo.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index e11665fbc..552af4e4f 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -33,6 +33,7 @@ in { ]; # services.openssh.allowSFTP = false; krebs.build.host = config.krebs.hosts.omo; + krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; # copy config from to /var/lib/sabnzbd/ services.sabnzbd.enable = true; From 769b939e8d74ad3d6358ccebc1ed356c3ba3f219 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 17 Jan 2016 00:41:02 +0100 Subject: [PATCH 11/12] ma 2 vim: disable youcompleteme, install breaks --- makefu/2configs/vim.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/vim.nix b/makefu/2configs/vim.nix index 02a46d22a..227d73c81 100644 --- a/makefu/2configs/vim.nix +++ b/makefu/2configs/vim.nix @@ -122,7 +122,7 @@ in { vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; vimrcConfig.vam.pluginDictionaries = [ { names = [ "undotree" - "YouCompleteMe" + # "YouCompleteMe" "vim-better-whitespace" ]; } { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } ]; From de891cf43181d28cbc9526993df4e55022d230da Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 17 Jan 2016 00:46:28 +0100 Subject: [PATCH 12/12] ma 2 default: whitelist unrar from unfree --- makefu/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 7771e24d4..ec1100582 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -13,7 +13,7 @@ with lib; ./vim.nix ]; - + nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); krebs = { enable = true; search-domain = "retiolum";