Merge remote-tracking branch 'cloudkrebs/master'
This commit is contained in:
commit
96f4248b65
@ -14,6 +14,7 @@ let
|
||||
./iptables.nix
|
||||
./nginx.nix
|
||||
./Reaktor.nix
|
||||
./realwallpaper.nix
|
||||
./retiolum.nix
|
||||
./urlwatch.nix
|
||||
];
|
||||
|
@ -34,9 +34,11 @@ with import ../../4lib { inherit lib; };
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
|
||||
};
|
||||
fastpoke = {
|
||||
dc = "lass"; #dc = "cac";
|
||||
dc = "lass";
|
||||
nets = rec {
|
||||
internet = {
|
||||
addrs4 = ["193.22.164.36"];
|
||||
@ -95,6 +97,8 @@ with import ../../4lib { inherit lib; };
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7oYx7Lbkc0wPYNp92LQF93DCtxsGzOkVD91FJQzVZl";
|
||||
};
|
||||
uriel = {
|
||||
cores = 1;
|
||||
@ -119,6 +123,8 @@ with import ../../4lib { inherit lib; };
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBryIo/Waw8SWvlQ0+5I+Bd/dJgcMd6iPXtELS6gQXoc";
|
||||
secure = true;
|
||||
};
|
||||
mors = {
|
||||
@ -145,6 +151,8 @@ with import ../../4lib { inherit lib; };
|
||||
};
|
||||
};
|
||||
secure = true;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
|
||||
};
|
||||
|
||||
};
|
||||
|
@ -8,12 +8,10 @@ let
|
||||
mkIf
|
||||
;
|
||||
|
||||
lpkgs = import ../5pkgs { inherit pkgs; };
|
||||
|
||||
cfg = config.lass.realwallpaper;
|
||||
cfg = config.krebs.realwallpaper;
|
||||
|
||||
out = {
|
||||
options.lass.realwallpaper = api;
|
||||
options.krebs.realwallpaper = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
@ -57,13 +55,13 @@ let
|
||||
imp = {
|
||||
systemd.timers.realwallpaper = {
|
||||
description = "real wallpaper generator timer";
|
||||
wantedBy = [ "timers.target" ];
|
||||
|
||||
timerConfig = cfg.timerConfig;
|
||||
};
|
||||
|
||||
systemd.services.realwallpaper = {
|
||||
description = "real wallpaper generator";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
path = with pkgs; [
|
||||
@ -85,7 +83,7 @@ let
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = "${lpkgs.realwallpaper}/realwallpaper.sh";
|
||||
ExecStart = "${pkgs.realwallpaper}/realwallpaper.sh";
|
||||
User = "realwallpaper";
|
||||
};
|
||||
};
|
@ -21,7 +21,9 @@ rec {
|
||||
nq = callPackage ./nq {};
|
||||
posix-array = callPackage ./posix-array {};
|
||||
pssh = callPackage ./pssh {};
|
||||
passwdqc-utils = callPackage ./passwdqc-utils {};
|
||||
Reaktor = callPackage ./Reaktor {};
|
||||
realwallpaper = callPackage ./realwallpaper.nix {};
|
||||
youtube-tools = callPackage ./youtube-tools {};
|
||||
|
||||
execve = name: { filename, argv, envp ? {}, destination ? "" }:
|
||||
|
27
krebs/5pkgs/passwdqc-utils/default.nix
Normal file
27
krebs/5pkgs/passwdqc-utils/default.nix
Normal file
@ -0,0 +1,27 @@
|
||||
{stdenv,pam,fetchurl,...}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "passwdqc-utils-${version}";
|
||||
version = "1.3.0";
|
||||
buildInputs = [ pam ];
|
||||
src = fetchurl {
|
||||
url = "http://www.openwall.com/passwdqc/passwdqc-${version}.tar.gz";
|
||||
sha256 = "0l3zbrp4pvah0dz33m48aqlz9nx663cc1fqhnlwr0p853b10la93";
|
||||
};
|
||||
buildTargets = "utils";
|
||||
installFlags= [ "BINDIR=$(out)/bin"
|
||||
"CONFDIR=$(out)/etc"
|
||||
"SHARED_LIBDIR=$(out)/lib"
|
||||
"DEVEL_LIBDIR=$(out)/lib"
|
||||
"SECUREDIR=$(out)/lib/security"
|
||||
"INCLUDEDIR=$(out)/include"
|
||||
"MANDIR=$(out)/man"];
|
||||
installTargets = "install_lib install_utils";
|
||||
|
||||
meta = {
|
||||
description = "passwdqc utils (pwqgen,pwqcheck) and library";
|
||||
license = stdenv.lib.licenses.bsd3;
|
||||
maintainers = [ stdenv.lib.maintainers.makefu ];
|
||||
patforms = stdenv.lib.platforms.linux; # more installFlags must be set for Darwin,Solaris
|
||||
};
|
||||
}
|
@ -13,6 +13,10 @@ in {
|
||||
../2configs/retiolum.nix
|
||||
../2configs/realwallpaper-server.nix
|
||||
../2configs/privoxy-retiolum.nix
|
||||
../2configs/git.nix
|
||||
../2configs/redis.nix
|
||||
../2configs/go.nix
|
||||
../2configs/ircd.nix
|
||||
{
|
||||
networking.interfaces.enp2s1.ip4 = [
|
||||
{
|
||||
@ -43,6 +47,6 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
networking.hostName = "echelon";
|
||||
networking.hostName = config.krebs.build.host.name;
|
||||
|
||||
}
|
||||
|
@ -24,6 +24,7 @@
|
||||
../2configs/bitlbee.nix
|
||||
../2configs/firefoxPatched.nix
|
||||
../2configs/realwallpaper.nix
|
||||
../2configs/skype.nix
|
||||
];
|
||||
|
||||
krebs.build = {
|
||||
|
@ -28,14 +28,14 @@ in {
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
||||
powertop
|
||||
sxiv
|
||||
much
|
||||
|
||||
#window manager stuff
|
||||
haskellPackages.xmobar
|
||||
haskellPackages.yeganesh
|
||||
dmenu2
|
||||
xlibs.fontschumachermisc
|
||||
|
||||
sxiv
|
||||
];
|
||||
|
||||
fonts.fonts = [
|
||||
|
@ -31,6 +31,7 @@ let
|
||||
};
|
||||
wai-middleware-time = {};
|
||||
web-routes-wai-custom = {};
|
||||
go = {};
|
||||
};
|
||||
|
||||
restricted-repos = mapAttrs make-restricted-repo (
|
||||
@ -51,7 +52,7 @@ let
|
||||
nick = config.krebs.build.host.name;
|
||||
channel = "#retiolum";
|
||||
server = "cd.retiolum";
|
||||
verbose = config.krebs.build.host.name == "cloudkrebs";
|
||||
verbose = config.krebs.build.host.name == "echelon";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
16
lass/2configs/go.nix
Normal file
16
lass/2configs/go.nix
Normal file
@ -0,0 +1,16 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../3modules/go.nix
|
||||
];
|
||||
environment.systemPackages = [
|
||||
pkgs.go
|
||||
];
|
||||
lass.go = {
|
||||
enable = true;
|
||||
};
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 1337"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
@ -1,12 +1,15 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 6667"; target = "ACCEPT"; }
|
||||
];
|
||||
config.services.charybdis = {
|
||||
enable = true;
|
||||
config = ''
|
||||
serverinfo {
|
||||
name = "ire.irc.retiolum";
|
||||
sid = "4z3";
|
||||
name = "${config.krebs.build.host.name}.irc.retiolum";
|
||||
sid = "1as";
|
||||
description = "miep!";
|
||||
network_name = "irc.retiolum";
|
||||
network_desc = "Retiolum IRC Network";
|
||||
|
@ -1,9 +1,5 @@
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../3modules/realwallpaper.nix
|
||||
];
|
||||
|
||||
lass.realwallpaper.enable = true;
|
||||
krebs.realwallpaper.enable = true;
|
||||
}
|
||||
|
8
lass/2configs/redis.nix
Normal file
8
lass/2configs/redis.nix
Normal file
@ -0,0 +1,8 @@
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
config.services.redis = {
|
||||
enable = true;
|
||||
bind = "127.0.0.1";
|
||||
};
|
||||
}
|
30
lass/2configs/skype.nix
Normal file
30
lass/2configs/skype.nix
Normal file
@ -0,0 +1,30 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
|
||||
in {
|
||||
imports = [
|
||||
../3modules/per-user.nix
|
||||
];
|
||||
|
||||
users.extraUsers = {
|
||||
skype = {
|
||||
name = "skype";
|
||||
uid = 2259819492; #genid skype
|
||||
description = "user for running skype";
|
||||
home = "/home/skype";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [ "audio" "video" ];
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
|
||||
lass.per-user.skype.packages = [
|
||||
pkgs.skype
|
||||
];
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(skype) NOPASSWD: ALL
|
||||
'';
|
||||
}
|
@ -3,6 +3,5 @@ _:
|
||||
{
|
||||
imports = [
|
||||
./xresources.nix
|
||||
./realwallpaper.nix
|
||||
];
|
||||
}
|
||||
|
61
lass/3modules/go.nix
Normal file
61
lass/3modules/go.nix
Normal file
@ -0,0 +1,61 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with builtins;
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.lass.go;
|
||||
|
||||
out = {
|
||||
options.lass.go = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkEnableOption "Enable go url shortener";
|
||||
port = mkOption {
|
||||
type = types.str;
|
||||
default = "1337";
|
||||
description = "on which port go should run on";
|
||||
};
|
||||
redisKeyPrefix = mkOption {
|
||||
type = types.str;
|
||||
default = "go:";
|
||||
description = "change the Redis key prefix which defaults to `go:`";
|
||||
};
|
||||
};
|
||||
|
||||
imp = {
|
||||
users.extraUsers.go = {
|
||||
name = "go";
|
||||
uid = 42774411; #genid go
|
||||
description = "go url shortener user";
|
||||
home = "/var/lib/go";
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
systemd.services.go = {
|
||||
description = "go url shortener";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
path = with pkgs; [
|
||||
go
|
||||
];
|
||||
|
||||
environment = {
|
||||
PORT = cfg.port;
|
||||
REDIS_KEY_PREFIX = cfg.redisKeyPrefix;
|
||||
};
|
||||
|
||||
restartIfChanged = true;
|
||||
|
||||
serviceConfig = {
|
||||
User = "go";
|
||||
Restart = "always";
|
||||
ExecStart = "${pkgs.go}/bin/go";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
in out
|
@ -13,5 +13,5 @@ rec {
|
||||
ublock = callPackage ./firefoxPlugins/ublock.nix {};
|
||||
vimperator = callPackage ./firefoxPlugins/vimperator.nix {};
|
||||
};
|
||||
realwallpaper = callPackage ./realwallpaper.nix {};
|
||||
go = callPackage ./go/default.nix {};
|
||||
}
|
||||
|
59
lass/5pkgs/go/default.nix
Normal file
59
lass/5pkgs/go/default.nix
Normal file
@ -0,0 +1,59 @@
|
||||
{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodePackages, nodejs }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
np = nodePackages.override {
|
||||
generated = ./packages.nix;
|
||||
self = np;
|
||||
};
|
||||
|
||||
node_env = buildEnv {
|
||||
name = "node_env";
|
||||
paths = [
|
||||
np.redis
|
||||
np."formidable"
|
||||
];
|
||||
pathsToLink = [ "/lib" ];
|
||||
ignoreCollisions = true;
|
||||
};
|
||||
|
||||
in nodePackages.buildNodePackage {
|
||||
name = "go";
|
||||
|
||||
src = fetchgit {
|
||||
url = "http://cgit.echelon/go/";
|
||||
rev = "05d02740e0adbb36cc461323647f0c1e7f493156";
|
||||
sha256 = "6015c9a93317375ae8099c7ab982df0aa93a59ec2b48972e253887bb6ca0004f";
|
||||
};
|
||||
|
||||
phases = [
|
||||
"unpackPhase"
|
||||
"installPhase"
|
||||
];
|
||||
|
||||
deps = (filter (v: nixType v == "derivation") (attrValues np));
|
||||
|
||||
buildInputs = [
|
||||
nodejs
|
||||
nodePackages.redis
|
||||
np.formidable
|
||||
makeWrapper
|
||||
];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
|
||||
cp index.js $out/
|
||||
cat > $out/go << EOF
|
||||
${nodejs}/bin/node $out/index.js
|
||||
EOF
|
||||
chmod +x $out/go
|
||||
|
||||
wrapProgram $out/go \
|
||||
--prefix NODE_PATH : ${node_env}/lib/node_modules
|
||||
|
||||
ln -s $out/go /$out/bin/go
|
||||
'';
|
||||
|
||||
}
|
44
lass/5pkgs/go/packages.nix
Normal file
44
lass/5pkgs/go/packages.nix
Normal file
@ -0,0 +1,44 @@
|
||||
{ self, fetchurl, fetchgit ? null, lib }:
|
||||
|
||||
{
|
||||
by-spec."formidable"."*" =
|
||||
self.by-version."formidable"."1.0.17";
|
||||
by-version."formidable"."1.0.17" = self.buildNodePackage {
|
||||
name = "formidable-1.0.17";
|
||||
version = "1.0.17";
|
||||
bin = false;
|
||||
src = fetchurl {
|
||||
url = "http://registry.npmjs.org/formidable/-/formidable-1.0.17.tgz";
|
||||
name = "formidable-1.0.17.tgz";
|
||||
sha1 = "ef5491490f9433b705faa77249c99029ae348559";
|
||||
};
|
||||
deps = {
|
||||
};
|
||||
optionalDependencies = {
|
||||
};
|
||||
peerDependencies = [];
|
||||
os = [ ];
|
||||
cpu = [ ];
|
||||
};
|
||||
"formidable" = self.by-version."formidable"."1.0.17";
|
||||
by-spec."redis"."*" =
|
||||
self.by-version."redis"."2.1.0";
|
||||
by-version."redis"."2.1.0" = self.buildNodePackage {
|
||||
name = "redis-2.1.0";
|
||||
version = "2.1.0";
|
||||
bin = false;
|
||||
src = fetchurl {
|
||||
url = "http://registry.npmjs.org/redis/-/redis-2.1.0.tgz";
|
||||
name = "redis-2.1.0.tgz";
|
||||
sha1 = "38acb208f90750250f9451219b73ff08ae907f94";
|
||||
};
|
||||
deps = {
|
||||
};
|
||||
optionalDependencies = {
|
||||
};
|
||||
peerDependencies = [];
|
||||
os = [ ];
|
||||
cpu = [ ];
|
||||
};
|
||||
"redis" = self.by-version."redis"."2.1.0";
|
||||
}
|
@ -23,7 +23,9 @@
|
||||
## \/ are only plugins, must enable Reaktor explicitly
|
||||
../2configs/Reaktor/stockholmLentil.nix
|
||||
../2configs/Reaktor/simpleExtend.nix
|
||||
../2configs/Reaktor/random-emoji.nix
|
||||
../2configs/Reaktor/titlebot.nix
|
||||
../2configs/Reaktor/shack-correct.nix
|
||||
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/urlwatch.nix
|
||||
@ -34,7 +36,7 @@
|
||||
krebs.Reaktor.debug = true;
|
||||
krebs.Reaktor.nickname = "Reaktor|bot";
|
||||
krebs.Reaktor.extraEnviron = {
|
||||
REAKTOR_CHANNELS = "#krebs,#binaergewitter";
|
||||
REAKTOR_CHANNELS = "#krebs,#binaergewitter,#shackspace";
|
||||
};
|
||||
|
||||
krebs.build.host = config.krebs.hosts.pnp;
|
||||
|
@ -42,7 +42,7 @@
|
||||
krebs.build.user = config.krebs.users.makefu;
|
||||
krebs.build.target = "root@pornocauster";
|
||||
|
||||
|
||||
environment.systemPackages = with pkgs;[ get];
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
25
|
||||
];
|
||||
|
@ -32,8 +32,8 @@ in {
|
||||
makefu.tinc_graphs.enable = true;
|
||||
makefu.tinc_graphs.krebsNginx = {
|
||||
enable = true;
|
||||
hostnames_complete = [ "graphs.wry" "graphs.wry.retiolum" ];
|
||||
# TODO: remove hard-coded path
|
||||
# TODO: remove hard-coded hostname
|
||||
hostnames_complete = [ "graphs.wry" ];
|
||||
hostnames_anonymous = [ "graphs.krebsco.de" ];
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [80];
|
||||
|
25
makefu/2configs/Reaktor/random-emoji.nix
Normal file
25
makefu/2configs/Reaktor/random-emoji.nix
Normal file
@ -0,0 +1,25 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs;
|
||||
let
|
||||
rpkg = pkgs.substituteAll( {
|
||||
name="random-emoji";
|
||||
dir= "bin";
|
||||
isExecutable=true;
|
||||
src= ./random-emoji.sh;
|
||||
});
|
||||
rpkg-path = lib.makeSearchPath "bin" (with pkgs; [
|
||||
coreutils
|
||||
gnused
|
||||
gnugrep
|
||||
curl]);
|
||||
in {
|
||||
# TODO: make origin a variable, <- module is generic enough to handle different origins, not only stockholm
|
||||
krebs.Reaktor.extraConfig = ''
|
||||
public_commands.insert(0,{
|
||||
'capname' : "emoji",
|
||||
'pattern' : indirect_pattern.format("emoji"),
|
||||
'argv' : ["${rpkg}/bin/random-emoji"],
|
||||
'env' : { 'PATH':'${rpkg-path}' } })
|
||||
'';
|
||||
}
|
5
makefu/2configs/Reaktor/random-emoji.sh
Normal file
5
makefu/2configs/Reaktor/random-emoji.sh
Normal file
@ -0,0 +1,5 @@
|
||||
#!/bin/sh
|
||||
curl http://emojicons.com/random -s | \
|
||||
grep data-text | \
|
||||
sed -n 's/.*>\(.*\)<\/textarea>/\1/p' | \
|
||||
head -n 1
|
20
makefu/2configs/Reaktor/shack-correct.nix
Normal file
20
makefu/2configs/Reaktor/shack-correct.nix
Normal file
@ -0,0 +1,20 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs;
|
||||
let
|
||||
script = pkgs.substituteAll ( {
|
||||
name="shack-correct";
|
||||
isExecutable=true;
|
||||
dir = "";
|
||||
src = ./shack-correct.sh;
|
||||
});
|
||||
in {
|
||||
krebs.Reaktor.extraConfig = ''
|
||||
public_commands.insert(0,{
|
||||
'capname' : "shack-correct",
|
||||
'pattern' : '^(?P<args>.*Shack.*)$$',
|
||||
'argv' : ["${script}"],
|
||||
'env' : { }})
|
||||
'';
|
||||
}
|
||||
|
6
makefu/2configs/Reaktor/shack-correct.sh
Normal file
6
makefu/2configs/Reaktor/shack-correct.sh
Normal file
@ -0,0 +1,6 @@
|
||||
#! /bin/sh
|
||||
set -eu
|
||||
printf "Sie meinten wohl \""
|
||||
echo -n $@ | sed 's/Shack/shack/g'
|
||||
echo "\""
|
||||
echo "${_from}--"
|
@ -29,6 +29,7 @@ let
|
||||
hooks = {
|
||||
post-receive = git.irc-announce {
|
||||
nick = config.networking.hostName;
|
||||
verbose = config.krebs.build.host.name == "pnp";
|
||||
channel = "#retiolum";
|
||||
# TODO remove the hardcoded hostname
|
||||
server = "cd.retiolum";
|
||||
|
@ -24,21 +24,22 @@ let
|
||||
# configure krebs nginx to serve the new graphs
|
||||
enable = mkEnableOption "tinc_graphs nginx";
|
||||
|
||||
hostnames_complete = {
|
||||
hostnames_complete = mkOption {
|
||||
#TODO: this is not a secure way to serve these graphs,better listen to
|
||||
# the correct interface, krebs.nginx does not support this yet
|
||||
|
||||
type = with types; listOf str;
|
||||
description = "hostname which serves complete graphs";
|
||||
default = config.krebs.build.host.name;
|
||||
default = [ "graphs.${config.krebs.build.host.name}" ];
|
||||
};
|
||||
|
||||
hostnames_anonymous = {
|
||||
hostnames_anonymous = mkOption {
|
||||
type = with types; listOf str;
|
||||
description = ''
|
||||
hostname which serves anonymous graphs
|
||||
must be different from hostname_complete
|
||||
'';
|
||||
default = [ "anongraphs.${config.krebs.build.host.name}" ];
|
||||
};
|
||||
};
|
||||
|
||||
@ -63,29 +64,38 @@ let
|
||||
environment.systemPackages = [ pkgs.tinc_graphs];
|
||||
systemd.timers.tinc_graphs = {
|
||||
description = "Build Tinc Graphs via via timer";
|
||||
|
||||
wantedBy = [ "timers.target"];
|
||||
timerConfig = cfg.timerConfig;
|
||||
};
|
||||
systemd.services.tinc_graphs = {
|
||||
description = "Build Tinc Graphs";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
environment = {
|
||||
EXTERNAL_FOLDER = external_dir;
|
||||
INTERNAL_FOLDER = internal_dir;
|
||||
GEODB = cfg.geodbPath;
|
||||
TINC_HOSTPATH=config.krebs.retiolum.hosts;
|
||||
};
|
||||
|
||||
restartIfChanged = true;
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
|
||||
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
|
||||
#!/bin/sh
|
||||
mkdir -p "${external_dir}" "${internal_dir}"
|
||||
'';
|
||||
|
||||
ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
|
||||
User = "root"; # tinc cannot be queried as user,
|
||||
|
||||
ExecStartPost = pkgs.writeScript "tinc_graphs-post" ''
|
||||
#!/bin/sh
|
||||
# TODO: this may break if workingDir is set to something stupid
|
||||
# this is needed because homedir is created with 700
|
||||
chmod 755 "${cfg.workingDir}"
|
||||
'';
|
||||
|
||||
User = "root"; # tinc cannot be queried as user,
|
||||
# seems to be a tinc-pre issue
|
||||
privateTmp = true;
|
||||
};
|
||||
@ -93,7 +103,7 @@ let
|
||||
|
||||
users.extraUsers.tinc_graphs = {
|
||||
uid = 3925439960; #genid tinc_graphs
|
||||
home = "/var/cache/tinc_graphs";
|
||||
home = "/var/spool/tinc_graphs";
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
@ -102,15 +112,16 @@ let
|
||||
server-names = cfg.krebsNginx.hostnames_complete;
|
||||
locations = [
|
||||
(nameValuePair "/" ''
|
||||
autoindex on;
|
||||
root ${internal_dir};
|
||||
'')
|
||||
];
|
||||
};
|
||||
tinc_graphs_anonymous = {
|
||||
server-names = cfg.krebsNginx.hostnames_anonymous;
|
||||
#server-names = [ "dick" ];
|
||||
locations = [
|
||||
(nameValuePair "/" ''
|
||||
autoindex on;
|
||||
root ${external_dir};
|
||||
'')
|
||||
];
|
||||
|
@ -2,14 +2,14 @@
|
||||
|
||||
python3Packages.buildPythonPackage rec {
|
||||
name = "tinc_graphs-${version}";
|
||||
version = "0.2.9";
|
||||
version = "0.2.12";
|
||||
propagatedBuildInputs = with pkgs;[
|
||||
python3Packages.pygeoip
|
||||
## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
|
||||
];
|
||||
src = fetchurl {
|
||||
url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz";
|
||||
sha256 = "0fm063qhjlb8g1xahwcqqrd2dxgd38wwi55rhl1k5chr7zajsqfz";
|
||||
sha256 = "03jxvxahpcbpnz4668x32b629dwaaz5jcjkyaijm0zzpgcn4cbgp";
|
||||
};
|
||||
preFixup = with pkgs;''
|
||||
wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin"
|
||||
|
Loading…
Reference in New Issue
Block a user