Merge remote-tracking branches 'mors/master' and 'pnp/master'
This commit is contained in:
commit
bbcdef021a
@ -108,8 +108,8 @@ let
|
||||
|
||||
# Implements environment.etc."zones/<zone-name>"
|
||||
environment.etc = let
|
||||
stripEmptyLines = s: concatStringsSep "\n"
|
||||
(remove "\n" (remove "" (splitString "\n" s)));
|
||||
stripEmptyLines = s: (concatStringsSep "\n"
|
||||
(remove "\n" (remove "" (splitString "\n" s)))) + "\n";
|
||||
all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
|
||||
([cfg.zone-head-config] ++ combined-hosts);
|
||||
combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts );
|
||||
|
@ -33,7 +33,7 @@ let
|
||||
in {
|
||||
hosts = addNames {
|
||||
echelon = {
|
||||
cores = 4;
|
||||
cores = 2;
|
||||
dc = "lass"; #dc = "cac";
|
||||
nets = rec {
|
||||
internet = {
|
||||
@ -66,6 +66,39 @@ in {
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
|
||||
};
|
||||
prism = {
|
||||
cores = 4;
|
||||
dc = "lass"; #dc = "cac";
|
||||
nets = rec {
|
||||
internet = {
|
||||
addrs4 = ["213.239.205.240"];
|
||||
aliases = [
|
||||
"prism.internet"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
addrs4 = ["10.243.0.103"];
|
||||
addrs6 = ["42:0000:0000:0000:0000:0000:0000:15ab"];
|
||||
aliases = [
|
||||
"prism.retiolum"
|
||||
"cgit.prism.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
|
||||
kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
|
||||
JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
|
||||
AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5
|
||||
jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j
|
||||
anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_rsa>;
|
||||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
|
||||
};
|
||||
fastpoke = {
|
||||
dc = "lass";
|
||||
nets = rec {
|
||||
|
@ -164,6 +164,8 @@ with lib;
|
||||
dc = "makefu"; #dc = "cac";
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
euer IN A ${head nets.internet.addrs4}
|
||||
wiki.euer IN A ${head nets.internet.addrs4}
|
||||
wry IN A ${head nets.internet.addrs4}
|
||||
io IN NS wry.krebsco.de.
|
||||
graphs IN A ${head nets.internet.addrs4}
|
||||
@ -185,9 +187,14 @@ with lib;
|
||||
addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"];
|
||||
aliases = [
|
||||
"graphs.wry.retiolum"
|
||||
"graphs.retiolum"
|
||||
"paste.wry.retiolum"
|
||||
"paste.retiolum"
|
||||
"wry.retiolum"
|
||||
"wiki.makefu.retiolum"
|
||||
"wiki.wry.retiolum"
|
||||
"blog.makefu.retiolum"
|
||||
"blog.wry.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
@ -207,14 +214,37 @@ with lib;
|
||||
};
|
||||
};
|
||||
};
|
||||
filepimp = rec {
|
||||
cores = 1;
|
||||
dc = "makefu"; #nas
|
||||
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.153.102"];
|
||||
addrs6 = ["42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"];
|
||||
aliases = [
|
||||
"filepimp.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
|
||||
BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
|
||||
i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
|
||||
09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
|
||||
u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
|
||||
OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
gum = rec {
|
||||
cores = 1;
|
||||
dc = "online.net"; #root-server
|
||||
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
omo IN A ${head nets.internet.addrs4}
|
||||
euer IN A ${head nets.internet.addrs4}
|
||||
share.euer IN A ${head nets.internet.addrs4}
|
||||
gum IN A ${head nets.internet.addrs4}
|
||||
'';
|
||||
};
|
||||
|
@ -95,8 +95,12 @@ let
|
||||
|
||||
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
|
||||
#!/bin/sh
|
||||
mkdir -p "${internal_dir}" "${external_dir}"
|
||||
if ! test -e "${cfg.workingDir}/internal/index.html"; then
|
||||
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/" "${internal_dir}"
|
||||
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}"
|
||||
fi
|
||||
if ! test -e "${cfg.workingDir}/external/index.html"; then
|
||||
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}"
|
||||
fi
|
||||
'';
|
||||
|
||||
@ -118,7 +122,6 @@ let
|
||||
users.extraUsers.tinc_graphs = {
|
||||
uid = 3925439960; #genid tinc_graphs
|
||||
home = "/var/spool/tinc_graphs";
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
krebs.nginx.servers = mkIf cfg.nginx.enable {
|
||||
|
@ -56,6 +56,13 @@ let
|
||||
https://nixos.org/channels/nixos-unstable/git-revision
|
||||
];
|
||||
};
|
||||
verbose = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
verbose output of urlwatch
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
urlsFile = toFile "urls" (concatStringsSep "\n" cfg.urls);
|
||||
@ -106,7 +113,7 @@ let
|
||||
|
||||
cd /tmp
|
||||
|
||||
urlwatch -e --urls="$urlsFile" > changes 2>&1 || :
|
||||
urlwatch -e ${optionalString cfg.verbose "-v"} --urls="$urlsFile" > changes || :
|
||||
|
||||
if test -s changes; then
|
||||
date=$(date -R)
|
||||
|
@ -11,12 +11,28 @@ prepare() {(
|
||||
;;
|
||||
centos)
|
||||
case $VERSION_ID in
|
||||
6)
|
||||
prepare_centos "$@"
|
||||
exit
|
||||
;;
|
||||
7)
|
||||
prepare_centos "$@"
|
||||
exit
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
debian)
|
||||
case $VERSION_ID in
|
||||
7)
|
||||
prepare_debian "$@"
|
||||
exit
|
||||
;;
|
||||
8)
|
||||
prepare_debian "$@"
|
||||
exit
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
elif test -e /etc/centos-release; then
|
||||
case $(cat /etc/centos-release) in
|
||||
@ -31,6 +47,7 @@ prepare() {(
|
||||
)}
|
||||
|
||||
prepare_arch() {
|
||||
pacman -Sy
|
||||
type bzip2 2>/dev/null || pacman -S --noconfirm bzip2
|
||||
type git 2>/dev/null || pacman -S --noconfirm git
|
||||
type rsync 2>/dev/null || pacman -S --noconfirm rsync
|
||||
@ -44,6 +61,14 @@ prepare_centos() {
|
||||
prepare_common
|
||||
}
|
||||
|
||||
prepare_debian() {
|
||||
apt-get update
|
||||
type bzip2 2>/dev/null || apt-get install bzip2
|
||||
type git 2>/dev/null || apt-get install git
|
||||
type rsync 2>/dev/null || apt-get install rsync
|
||||
prepare_common
|
||||
}
|
||||
|
||||
prepare_common() {
|
||||
|
||||
if ! getent group nixbld >/dev/null; then
|
||||
|
22
krebs/5pkgs/bepasty-client-cli/default.nix
Normal file
22
krebs/5pkgs/bepasty-client-cli/default.nix
Normal file
@ -0,0 +1,22 @@
|
||||
{ lib, pkgs, pythonPackages, fetchurl, ... }:
|
||||
|
||||
with pythonPackages; buildPythonPackage rec {
|
||||
name = "bepasty-client-cli-${version}";
|
||||
version = "0.3.0";
|
||||
propagatedBuildInputs = [
|
||||
python_magic
|
||||
click
|
||||
requests2
|
||||
];
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://pypi.python.org/packages/source/b/bepasty-client-cli/bepasty-client-cli-${version}.tar.gz";
|
||||
sha256 = "002kcplyfnmr5pn2ywdfilss0rmbm8wcdzz8hzp03ksy2zr4sdbw";
|
||||
};
|
||||
|
||||
meta = {
|
||||
homepage = https://github.com/bepasty/bepasty-client-cli;
|
||||
description = "CLI client for bepasty-server";
|
||||
license = lib.licenses.bsd2;
|
||||
};
|
||||
}
|
15
krebs/5pkgs/collectd-connect-time/default.nix
Normal file
15
krebs/5pkgs/collectd-connect-time/default.nix
Normal file
@ -0,0 +1,15 @@
|
||||
{lib, pkgs, pythonPackages, fetchurl, ... }:
|
||||
|
||||
pythonPackages.buildPythonPackage rec {
|
||||
name = "collectd-connect-time-${version}";
|
||||
version = "0.3.0";
|
||||
src = fetchurl {
|
||||
url = "https://pypi.python.org/packages/source/c/collectd-connect-time/collectd-connect-time-${version}.tar.gz";
|
||||
sha256 = "0vvrf9py9bwc8hk3scxwg4x2j8jlp2qva0mv4q8d9m4b4mk99c95";
|
||||
};
|
||||
meta = {
|
||||
homepage = https://pypi.python.org/pypi/collectd-connect-time/;
|
||||
description = "TCP Connection time plugin for collectd";
|
||||
license = lib.licenses.wtfpl;
|
||||
};
|
||||
}
|
7
krebs/5pkgs/krebspaste/default.nix
Normal file
7
krebs/5pkgs/krebspaste/default.nix
Normal file
@ -0,0 +1,7 @@
|
||||
{ writeScriptBin, pkgs }:
|
||||
|
||||
# TODO: use `wrapProgram --add-flags` instead?
|
||||
writeScriptBin "krebspaste" ''
|
||||
#! /bin/sh
|
||||
exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
|
||||
''
|
@ -2,14 +2,14 @@
|
||||
|
||||
python3Packages.buildPythonPackage rec {
|
||||
name = "tinc_graphs-${version}";
|
||||
version = "0.3.6";
|
||||
version = "0.3.9";
|
||||
propagatedBuildInputs = with pkgs;[
|
||||
python3Packages.pygeoip
|
||||
## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
|
||||
];
|
||||
src = fetchurl {
|
||||
url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz";
|
||||
sha256 = "0ghdx9aaipmppvc2b6cgks4nxw6zsb0fhjrmnisbx7rz0vjvzc74";
|
||||
sha256 = "0hjmkiclvyjb3707285x4b8mk5aqjcvh383hvkad1h7p1n61qrfx";
|
||||
};
|
||||
preFixup = with pkgs;''
|
||||
wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin"
|
43
krebs/5pkgs/translate-shell/default.nix
Normal file
43
krebs/5pkgs/translate-shell/default.nix
Normal file
@ -0,0 +1,43 @@
|
||||
{stdenv, fetchurl,pkgs,... }:
|
||||
let
|
||||
s =
|
||||
rec {
|
||||
baseName="translate-shell";
|
||||
version="0.9.0.9";
|
||||
name="${baseName}-${version}";
|
||||
url=https://github.com/soimort/translate-shell/archive/v0.9.0.9.tar.gz;
|
||||
sha256="1269j4yr9dr1d8c5kmysbzfplbgdg8apqnzs5w57d29sd7gz2i34";
|
||||
};
|
||||
searchpath = with pkgs; stdenv.lib.makeSearchPath "bin" [
|
||||
fribidi
|
||||
gawk
|
||||
bash
|
||||
curl
|
||||
less
|
||||
];
|
||||
buildInputs = [
|
||||
pkgs.makeWrapper
|
||||
];
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
inherit (s) name version;
|
||||
inherit buildInputs;
|
||||
src = fetchurl {
|
||||
inherit (s) url sha256;
|
||||
};
|
||||
# TODO: maybe mplayer
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
make PREFIX=$out install
|
||||
wrapProgram $out/bin/trans --suffix PATH : "${searchpath}"
|
||||
'';
|
||||
|
||||
meta = {
|
||||
inherit (s) version;
|
||||
description = ''translate using google api'';
|
||||
license = stdenv.lib.licenses.free;
|
||||
maintainers = [stdenv.lib.maintainers.makefu];
|
||||
platforms = stdenv.lib.platforms.linux ;
|
||||
};
|
||||
}
|
||||
|
@ -2,7 +2,6 @@ Address= 195.154.108.70
|
||||
Address= 195.154.108.70 53
|
||||
Subnet = 10.243.0.211
|
||||
Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
|
||||
Aliases = paste
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
|
||||
|
12
krebs/Zhosts/prism
Normal file
12
krebs/Zhosts/prism
Normal file
@ -0,0 +1,12 @@
|
||||
Address = 213.239.205.240
|
||||
Subnet = 10.243.0.103
|
||||
Subnet = 42:0000:0000:0000:0000:0000:0000:15ab
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
|
||||
kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
|
||||
JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
|
||||
AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5
|
||||
jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j
|
||||
anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
@ -47,6 +47,23 @@ in {
|
||||
{ predicate = "-i retiolum -p udp --dport 53"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
users.extraUsers = {
|
||||
satan = {
|
||||
name = "satan";
|
||||
uid = 1338;
|
||||
home = "/home/satan";
|
||||
group = "users";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
extraGroups = [
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.echelon;
|
||||
|
@ -156,6 +156,7 @@
|
||||
get
|
||||
genid
|
||||
teamspeak_client
|
||||
hashPassword
|
||||
];
|
||||
|
||||
#TODO: fix this shit
|
||||
|
93
lass/1systems/prism.nix
Normal file
93
lass/1systems/prism.nix
Normal file
@ -0,0 +1,93 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) head;
|
||||
|
||||
ip = (head config.krebs.build.host.nets.internet.addrs4);
|
||||
in {
|
||||
imports = [
|
||||
../2configs/base.nix
|
||||
../2configs/downloading.nix
|
||||
../2configs/git.nix
|
||||
../2configs/ts3.nix
|
||||
{
|
||||
users.extraGroups = {
|
||||
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
|
||||
# Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
|
||||
# Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
|
||||
# Docs: man:tmpfiles.d(5)
|
||||
# man:systemd-tmpfiles(8)
|
||||
# Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
|
||||
# Main PID: 19272 (code=exited, status=1/FAILURE)
|
||||
#
|
||||
# Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
|
||||
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
|
||||
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
|
||||
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
|
||||
# Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
|
||||
# Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
|
||||
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
|
||||
# warning: error(s) occured while switching to the new configuration
|
||||
lock.gid = 10001;
|
||||
};
|
||||
}
|
||||
{
|
||||
networking.interfaces.et0.ip4 = [
|
||||
{
|
||||
address = ip;
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
networking.defaultGateway = "213.239.205.225";
|
||||
networking.nameservers = [
|
||||
"8.8.8.8"
|
||||
];
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
|
||||
'';
|
||||
|
||||
}
|
||||
{
|
||||
#boot.loader.gummiboot.enable = true;
|
||||
#boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.grub = {
|
||||
devices = [
|
||||
"/dev/sda"
|
||||
"/dev/sdb"
|
||||
];
|
||||
splashImage = null;
|
||||
};
|
||||
|
||||
boot.initrd.availableKernelModules = [
|
||||
"ata_piix"
|
||||
"vmw_pvscsi"
|
||||
];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/pool/nix";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36";
|
||||
};
|
||||
|
||||
fileSystems."/var/download" = {
|
||||
device = "/dev/pool/download";
|
||||
};
|
||||
|
||||
}
|
||||
{
|
||||
sound.enable = false;
|
||||
}
|
||||
{
|
||||
#workaround for server dying after 6-7h
|
||||
boot.kernelPackages = pkgs.linuxPackages_4_2;
|
||||
}
|
||||
{
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
}
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.prism;
|
||||
}
|
@ -15,8 +15,8 @@ with lib;
|
||||
{
|
||||
users.extraUsers = {
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = map readFile [
|
||||
../../krebs/Zpubkeys/lass.ssh.pub
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
};
|
||||
mainUser = {
|
||||
@ -27,11 +27,9 @@ with lib;
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"wheel"
|
||||
];
|
||||
openssh.authorizedKeys.keys = map readFile [
|
||||
../../krebs/Zpubkeys/lass.ssh.pub
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
};
|
||||
};
|
||||
@ -50,7 +48,7 @@ with lib;
|
||||
source = {
|
||||
git.nixpkgs = {
|
||||
url = https://github.com/Lassulus/nixpkgs;
|
||||
rev = "33bdc011f5360288cd10b9fda90da2950442b2ab";
|
||||
rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
|
||||
};
|
||||
dir.secrets = {
|
||||
host = config.krebs.hosts.mors;
|
||||
|
@ -8,6 +8,8 @@ in {
|
||||
./urxvt.nix
|
||||
];
|
||||
|
||||
users.extraUsers.mainUser.extraGroups = [ "audio" ];
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
virtualisation.libvirtd.enable = true;
|
||||
|
@ -1,6 +1,10 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
with lib;
|
||||
|
||||
let
|
||||
rpc-password = import <secrets/transmission-pw.nix>;
|
||||
in {
|
||||
imports = [
|
||||
../3modules/folderPerms.nix
|
||||
];
|
||||
@ -10,9 +14,13 @@
|
||||
name = "download";
|
||||
home = "/var/download";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
extraGroups = [
|
||||
"download"
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
};
|
||||
|
||||
transmission = {
|
||||
@ -41,8 +49,8 @@
|
||||
rpc-authentication-required = true;
|
||||
rpc-whitelist-enabled = false;
|
||||
rpc-username = "download";
|
||||
#add rpc-password in secrets
|
||||
rpc-password = "test123";
|
||||
inherit rpc-password;
|
||||
peer-port = 51413;
|
||||
};
|
||||
};
|
||||
|
||||
@ -50,6 +58,8 @@
|
||||
enable = true;
|
||||
tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -33,6 +33,8 @@ let
|
||||
web-routes-wai-custom = {};
|
||||
go = {};
|
||||
newsbot-js = {};
|
||||
kimsufi-check = {};
|
||||
realwallpaper = {};
|
||||
};
|
||||
|
||||
restricted-repos = mapAttrs make-restricted-repo (
|
||||
|
@ -16,7 +16,7 @@
|
||||
enable = true;
|
||||
hosts = ../../krebs/Zhosts;
|
||||
connectTo = [
|
||||
"fastpoke"
|
||||
"prism"
|
||||
"cloudkrebs"
|
||||
"echelon"
|
||||
"pigstarter"
|
||||
|
19
lass/2configs/ts3.nix
Normal file
19
lass/2configs/ts3.nix
Normal file
@ -0,0 +1,19 @@
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
services.teamspeak3 = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
#voice port
|
||||
{ predicate = "-p tcp --dport 9987"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp --dport 9987"; target = "ACCEPT"; }
|
||||
##file transfer port
|
||||
#{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; }
|
||||
#{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; }
|
||||
##query port
|
||||
#{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; }
|
||||
#{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
38
makefu/1systems/filepimp.nix
Normal file
38
makefu/1systems/filepimp.nix
Normal file
@ -0,0 +1,38 @@
|
||||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
../2configs/default.nix
|
||||
../2configs/fs/vm-single-partition.nix
|
||||
../2configs/fs/single-partition-ext4.nix
|
||||
../2configs/tinc-basic-retiolum.nix
|
||||
];
|
||||
krebs.build.host = config.krebs.hosts.filepimp;
|
||||
|
||||
# AMD N54L
|
||||
boot = {
|
||||
loader.grub.device = "/dev/sda";
|
||||
|
||||
initrd.availableKernelModules = [
|
||||
"usb_storage"
|
||||
"ahci"
|
||||
"xhci_hcd"
|
||||
"ata_piix"
|
||||
"uhci_hcd"
|
||||
"ehci_pci"
|
||||
];
|
||||
|
||||
kernelModules = [ ];
|
||||
extraModulePackages = [ ];
|
||||
};
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
|
||||
networking.firewall.allowPing = true;
|
||||
}
|
38
makefu/1systems/gum.nix
Normal file
38
makefu/1systems/gum.nix
Normal file
@ -0,0 +1,38 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
||||
in {
|
||||
imports = [
|
||||
# TODO: copy this config or move to krebs
|
||||
../2configs/tinc-basic-retiolum.nix
|
||||
../2configs/headless.nix
|
||||
# ../2configs/iodined.nix
|
||||
|
||||
# Reaktor
|
||||
../2configs/Reaktor/simpleExtend.nix
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.gum;
|
||||
|
||||
krebs.Reaktor.enable = true;
|
||||
|
||||
# prepare graphs
|
||||
krebs.nginx.enable = true;
|
||||
|
||||
networking = {
|
||||
firewall.allowPing = true;
|
||||
firewall.allowedTCPPorts = [ 80 443 655 ];
|
||||
firewall.allowedUDPPorts = [ 655 ];
|
||||
interfaces.enp2s1.ip4 = [{
|
||||
address = external-ip;
|
||||
prefixLength = 24;
|
||||
}];
|
||||
defaultGateway = "195.154.108.1";
|
||||
nameservers = [ "8.8.8.8" ];
|
||||
};
|
||||
|
||||
# based on ../../tv/2configs/CAC-Developer-2.nix
|
||||
}
|
@ -8,11 +8,12 @@
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
# Base
|
||||
../2configs/base.nix
|
||||
../2configs/base-sources.nix
|
||||
../2configs/tinc-basic-retiolum.nix
|
||||
../2configs/headless.nix
|
||||
|
||||
# HW/FS
|
||||
|
||||
# enables virtio kernel modules in initrd
|
||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
../2configs/fs/vm-single-partition.nix
|
||||
|
||||
@ -32,6 +33,8 @@
|
||||
|
||||
# ../2configs/graphite-standalone.nix
|
||||
];
|
||||
krebs.urlwatch.verbose = true;
|
||||
|
||||
krebs.Reaktor.enable = true;
|
||||
krebs.Reaktor.debug = true;
|
||||
krebs.Reaktor.nickname = "Reaktor|bot";
|
||||
@ -40,8 +43,6 @@
|
||||
};
|
||||
|
||||
krebs.build.host = config.krebs.hosts.pnp;
|
||||
krebs.build.user = config.krebs.users.makefu;
|
||||
krebs.build.target = "root@pnp";
|
||||
|
||||
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
||||
|
||||
|
@ -6,12 +6,8 @@
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
../2configs/base.nix
|
||||
../2configs/main-laptop.nix #< base-gui
|
||||
|
||||
# configures sources
|
||||
../2configs/base-sources.nix
|
||||
|
||||
# Krebs
|
||||
../2configs/tinc-basic-retiolum.nix
|
||||
#../2configs/disable_v6.nix
|
||||
@ -23,7 +19,8 @@
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/mail-client.nix
|
||||
#../2configs/virtualization.nix
|
||||
../2configs/virtualization-virtualbox.nix
|
||||
../2configs/virtualization.nix
|
||||
#../2configs/virtualization-virtualbox.nix
|
||||
../2configs/wwan.nix
|
||||
|
||||
# services
|
||||
@ -34,16 +31,19 @@
|
||||
../2configs/hw/tp-x220.nix
|
||||
# mount points
|
||||
../2configs/fs/sda-crypto-root-home.nix
|
||||
# ../2configs/mediawiki.nix
|
||||
#../2configs/wordpress.nix
|
||||
];
|
||||
krebs.Reaktor.enable = true;
|
||||
krebs.Reaktor.debug = true;
|
||||
krebs.Reaktor.nickname = "makefu|r";
|
||||
#krebs.Reaktor.enable = true;
|
||||
#krebs.Reaktor.nickname = "makefu|r";
|
||||
|
||||
krebs.build.host = config.krebs.hosts.pornocauster;
|
||||
krebs.build.user = config.krebs.users.makefu;
|
||||
krebs.build.target = "root@pornocauster";
|
||||
|
||||
environment.systemPackages = with pkgs;[ get ];
|
||||
environment.systemPackages = with pkgs;[
|
||||
get
|
||||
virtmanager
|
||||
gnome3.dconf
|
||||
];
|
||||
|
||||
services.logind.extraConfig = "HandleLidSwitch=ignore";
|
||||
# configure pulseAudio to provide a HDMI sink as well
|
||||
|
@ -8,26 +8,9 @@
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
../2configs/base.nix
|
||||
../2configs/cgit-retiolum.nix
|
||||
];
|
||||
krebs.build.host = config.krebs.hosts.repunit;
|
||||
krebs.build.user = config.krebs.users.makefu;
|
||||
krebs.build.target = "root@repunit";
|
||||
|
||||
krebs.build.deps = {
|
||||
nixpkgs = {
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
#url = https://github.com/makefu/nixpkgs;
|
||||
rev = "13576925552b1d0751498fdda22e91a055a1ff6c";
|
||||
};
|
||||
secrets = {
|
||||
url = "/home/makefu/secrets/${config.krebs.build.host.name}";
|
||||
};
|
||||
stockholm = {
|
||||
url = toString ../..;
|
||||
};
|
||||
};
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
|
@ -6,7 +6,6 @@
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
../2configs/base.nix
|
||||
../2configs/base-gui.nix
|
||||
../2configs/tinc-basic-retiolum.nix
|
||||
../2configs/fs/sda-crypto-root.nix
|
||||
@ -21,19 +20,9 @@
|
||||
];
|
||||
# not working in vm
|
||||
krebs.build.host = config.krebs.hosts.tsp;
|
||||
krebs.build.user = config.krebs.users.makefu;
|
||||
krebs.build.target = "root@tsp";
|
||||
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
25
|
||||
];
|
||||
|
||||
krebs.build.deps = {
|
||||
nixpkgs = {
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
#url = https://github.com/makefu/nixpkgs;
|
||||
rev = "13576925552b1d0751498fdda22e91a055a1ff6c";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -8,9 +8,10 @@ let
|
||||
in {
|
||||
imports = [
|
||||
# TODO: copy this config or move to krebs
|
||||
../../tv/2configs/CAC-CentOS-7-64bit.nix
|
||||
../2configs/base.nix
|
||||
../../tv/2configs/hw/CAC.nix
|
||||
../../tv/2configs/fs/CAC-CentOS-7-64bit.nix
|
||||
../2configs/unstable-sources.nix
|
||||
../2configs/headless.nix
|
||||
../2configs/tinc-basic-retiolum.nix
|
||||
|
||||
../2configs/bepasty-dual.nix
|
||||
@ -19,15 +20,16 @@ in {
|
||||
|
||||
# Reaktor
|
||||
../2configs/Reaktor/simpleExtend.nix
|
||||
|
||||
# other nginx
|
||||
../2configs/nginx/euer.wiki.nix
|
||||
../2configs/nginx/euer.blog.nix
|
||||
|
||||
# collectd
|
||||
../2configs/collectd/collectd-base.nix
|
||||
];
|
||||
|
||||
krebs.build = {
|
||||
user = config.krebs.users.makefu;
|
||||
target = "root@wry";
|
||||
host = config.krebs.hosts.wry;
|
||||
};
|
||||
|
||||
|
||||
krebs.build.host = config.krebs.hosts.wry;
|
||||
|
||||
krebs.Reaktor.enable = true;
|
||||
|
||||
@ -47,7 +49,7 @@ in {
|
||||
# TODO: remove hard-coded hostname
|
||||
complete = {
|
||||
listen = [ "${internal-ip}:80" ];
|
||||
server-names = [ "graphs.wry" ];
|
||||
server-names = [ "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ];
|
||||
};
|
||||
anonymous = {
|
||||
listen = [ "${external-ip}:80" ] ;
|
||||
@ -55,9 +57,11 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
firewall.allowPing = true;
|
||||
firewall.allowedTCPPorts = [ 53 80 443 ];
|
||||
firewall.allowedUDPPorts = [ 655 ];
|
||||
interfaces.enp2s1.ip4 = [{
|
||||
address = external-ip;
|
||||
prefixLength = 24;
|
||||
@ -66,7 +70,5 @@ in {
|
||||
nameservers = [ "8.8.8.8" ];
|
||||
};
|
||||
|
||||
|
||||
# based on ../../tv/2configs/CAC-Developer-2.nix
|
||||
sound.enable = false;
|
||||
environment.systemPackages = [ pkgs.translate-shell ];
|
||||
}
|
||||
|
@ -1,20 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
krebs.build.source = {
|
||||
git.nixpkgs = {
|
||||
#url = https://github.com/NixOS/nixpkgs;
|
||||
url = https://github.com/makefu/nixpkgs;
|
||||
rev = "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picked iodine
|
||||
};
|
||||
|
||||
dir.secrets = {
|
||||
host = config.krebs.hosts.pornocauster;
|
||||
path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
|
||||
};
|
||||
dir.stockholm = {
|
||||
host = config.krebs.hosts.pornocauster;
|
||||
path = toString ../.. ;
|
||||
};
|
||||
};
|
||||
}
|
@ -11,7 +11,11 @@
|
||||
# bepasty-secret.nix <- contains single string
|
||||
|
||||
with lib;
|
||||
{
|
||||
let
|
||||
sec = toString <secrets>;
|
||||
# secKey is nothing worth protecting on a local machine
|
||||
secKey = import <secrets/bepasty-secret.nix>;
|
||||
in {
|
||||
|
||||
krebs.nginx.enable = mkDefault true;
|
||||
krebs.bepasty = {
|
||||
@ -24,7 +28,7 @@ with lib;
|
||||
server-names = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
|
||||
};
|
||||
defaultPermissions = "admin,list,create,read,delete";
|
||||
secretKey = import <secrets/bepasty-secret.nix>;
|
||||
secretKey = secKey;
|
||||
};
|
||||
|
||||
external = {
|
||||
@ -33,8 +37,8 @@ with lib;
|
||||
extraConfig = ''
|
||||
ssl_session_cache shared:SSL:1m;
|
||||
ssl_session_timeout 10m;
|
||||
ssl_certificate /root/secrets/wildcard.krebsco.de.crt;
|
||||
ssl_certificate_key /root/secrets/wildcard.krebsco.de.key;
|
||||
ssl_certificate ${sec}/wildcard.krebsco.de.crt;
|
||||
ssl_certificate_key ${sec}/wildcard.krebsco.de.key;
|
||||
ssl_verify_client off;
|
||||
proxy_ssl_session_reuse off;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
@ -45,7 +49,7 @@ with lib;
|
||||
}'';
|
||||
};
|
||||
defaultPermissions = "read";
|
||||
secretKey = import <secrets/bepasty-secret.nix>;
|
||||
secretKey = secKey;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
42
makefu/2configs/collectd/collectd-base.nix
Normal file
42
makefu/2configs/collectd/collectd-base.nix
Normal file
@ -0,0 +1,42 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
# graphite-web on port 8080
|
||||
# carbon cache on port 2003 (tcp/udp)
|
||||
with lib;
|
||||
let
|
||||
connect-time-cfg = with pkgs; writeText "collectd-connect-time.cfg" ''
|
||||
LoadPlugin python
|
||||
<Plugin python>
|
||||
ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/"
|
||||
Import "collectd_connect_time"
|
||||
<Module collectd_connect_time>
|
||||
target "wry.retiolum" "localhost" "google.com"
|
||||
interval 30
|
||||
</Module>
|
||||
</Plugin>
|
||||
'';
|
||||
graphite-cfg = pkgs.writeText "collectd-graphite-cfg" ''
|
||||
LoadPlugin write_graphite
|
||||
<Plugin "write_graphite">
|
||||
<Carbon>
|
||||
Host "heidi.retiolum"
|
||||
Port "2003"
|
||||
Prefix "retiolum."
|
||||
EscapeCharacter "_"
|
||||
StoreRates false
|
||||
AlwaysAppendDS false
|
||||
</Carbon>
|
||||
</Plugin>
|
||||
'';
|
||||
in {
|
||||
imports = [ ];
|
||||
|
||||
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
|
||||
collectd = pkgs.collectd.override { python= pkgs.python; };
|
||||
};
|
||||
services.collectd = {
|
||||
enable = true;
|
||||
include = [ (toString connect-time-cfg) (toString graphite-cfg) ];
|
||||
};
|
||||
|
||||
}
|
@ -2,6 +2,8 @@
|
||||
|
||||
with lib;
|
||||
{
|
||||
system.stateVersion = "15.09";
|
||||
|
||||
imports = [
|
||||
{
|
||||
users.extraUsers =
|
||||
@ -10,10 +12,36 @@ with lib;
|
||||
}
|
||||
./vim.nix
|
||||
];
|
||||
krebs.enable = true;
|
||||
krebs.search-domain = "retiolum";
|
||||
|
||||
|
||||
krebs = {
|
||||
enable = true;
|
||||
search-domain = "retiolum";
|
||||
build = {
|
||||
target = mkDefault "root@${config.krebs.build.host.name}";
|
||||
user = config.krebs.users.makefu;
|
||||
source = {
|
||||
git.nixpkgs = {
|
||||
#url = https://github.com/NixOS/nixpkgs;
|
||||
url = mkDefault https://github.com/makefu/nixpkgs;
|
||||
rev = mkDefault "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picking
|
||||
target-path = "/var/src/nixpkgs";
|
||||
};
|
||||
|
||||
dir.secrets = {
|
||||
host = config.krebs.hosts.pornocauster;
|
||||
path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
|
||||
};
|
||||
|
||||
dir.stockholm = {
|
||||
host = config.krebs.hosts.pornocauster;
|
||||
path = "/home/makefu/stockholm" ;
|
||||
target-path = "/var/src/stockholm";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
users.extraUsers = {
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
||||
@ -56,7 +84,6 @@ with lib;
|
||||
environment.systemPackages = with pkgs; [
|
||||
jq
|
||||
git
|
||||
vim
|
||||
gnumake
|
||||
rxvt_unicode.terminfo
|
||||
htop
|
@ -18,6 +18,4 @@ with lib;
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
|
||||
}
|
||||
|
@ -6,8 +6,8 @@
|
||||
with lib;
|
||||
{
|
||||
boot = {
|
||||
loader.grub.enable =true;
|
||||
loader.grub.version =2;
|
||||
loader.grub.enable = true;
|
||||
loader.grub.version = 2;
|
||||
loader.grub.device = "/dev/sda";
|
||||
|
||||
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
|
||||
|
10
makefu/2configs/fs/single-partition-ext4.nix
Normal file
10
makefu/2configs/fs/single-partition-ext4.nix
Normal file
@ -0,0 +1,10 @@
|
||||
{config, ...}:
|
||||
{
|
||||
boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true;
|
||||
boot.loader.grub.version = 2;
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "ext4";
|
||||
};
|
||||
}
|
@ -3,18 +3,9 @@
|
||||
# vda1 ext4 (label nixos) -> only root partition
|
||||
with lib;
|
||||
{
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
imports = [
|
||||
./single-partition-ext4.nix
|
||||
];
|
||||
boot.loader.grub.device = "/dev/vda";
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
|
||||
|
||||
}
|
||||
|
4
makefu/2configs/headless.nix
Normal file
4
makefu/2configs/headless.nix
Normal file
@ -0,0 +1,4 @@
|
||||
{lib,... }:
|
||||
{
|
||||
sound.enable = lib.mkForce false;
|
||||
}
|
@ -8,6 +8,8 @@ with lib;
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
|
||||
zramSwap.enable = true;
|
||||
zramSwap.numDevices = 2;
|
||||
|
||||
|
56
makefu/2configs/nginx/euer.blog.nix
Normal file
56
makefu/2configs/nginx/euer.blog.nix
Normal file
@ -0,0 +1,56 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
sec = toString <secrets>;
|
||||
ssl_cert = "${sec}/wildcard.krebsco.de.crt";
|
||||
ssl_key = "${sec}/wildcard.krebsco.de.key";
|
||||
hostname = config.krebs.build.host.name;
|
||||
user = config.services.nginx.user;
|
||||
group = config.services.nginx.group;
|
||||
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
||||
base-dir = "/var/www/blog.euer";
|
||||
in {
|
||||
# Prepare Blog directory
|
||||
systemd.services.prepare-euer-blog = {
|
||||
wantedBy = [ "local-fs.target" ];
|
||||
before = [ "nginx.service" ];
|
||||
serviceConfig = {
|
||||
# do nothing if the base dir already exists
|
||||
ExecStart = pkgs.writeScript "prepare-euer-blog-service" ''
|
||||
#!/bin/sh
|
||||
if ! test -d "${base-dir}" ;then
|
||||
mkdir -p "${base-dir}"
|
||||
chown ${user}:${group} "${base-dir}"
|
||||
chmod 700 "${base-dir}"
|
||||
fi
|
||||
'';
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = "yes";
|
||||
TimeoutSec = "0";
|
||||
};
|
||||
};
|
||||
|
||||
krebs.nginx = {
|
||||
enable = mkDefault true;
|
||||
servers = {
|
||||
euer-blog = {
|
||||
listen = [ "${external-ip}:80" "${external-ip}:443 ssl"
|
||||
"${internal-ip}:80" "${internal-ip}:443 ssl" ];
|
||||
server-names = [ "euer.krebsco.de" "blog.euer.krebsco.de" "blog.${hostname}" ];
|
||||
extraConfig = ''
|
||||
gzip on;
|
||||
gzip_buffers 4 32k;
|
||||
gzip_types text/plain application/x-javascript text/css;
|
||||
ssl_certificate ${ssl_cert};
|
||||
ssl_certificate_key ${ssl_key};
|
||||
default_type text/plain;
|
||||
'';
|
||||
locations = singleton (nameValuePair "/" ''
|
||||
root ${base-dir};
|
||||
'');
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
118
makefu/2configs/nginx/euer.wiki.nix
Normal file
118
makefu/2configs/nginx/euer.wiki.nix
Normal file
@ -0,0 +1,118 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
sec = toString <secrets>;
|
||||
ssl_cert = "${sec}/wildcard.krebsco.de.crt";
|
||||
ssl_key = "${sec}/wildcard.krebsco.de.key";
|
||||
user = config.services.nginx.user;
|
||||
group = config.services.nginx.group;
|
||||
fpm-socket = "/var/run/php5-fpm.sock";
|
||||
hostname = config.krebs.build.host.name;
|
||||
tw-upload = pkgs.tw-upload-plugin;
|
||||
base-dir = "/var/www/wiki.euer";
|
||||
base-cfg = "${base-dir}/twconf.ini";
|
||||
wiki-dir = "${base-dir}/store/";
|
||||
backup-dir = "${base-dir}/backup/";
|
||||
# contains:
|
||||
# user1 = pass1
|
||||
# userN = passN
|
||||
tw-pass-file = "${sec}/tw-pass.ini";
|
||||
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
||||
in {
|
||||
services.phpfpm = {
|
||||
# phpfpm does not have an enable option
|
||||
poolConfigs = {
|
||||
euer-wiki = ''
|
||||
user = ${user}
|
||||
group = ${group}
|
||||
listen = ${fpm-socket}
|
||||
listen.owner = ${user}
|
||||
listen.group = ${group}
|
||||
env[twconf] = ${base-cfg};
|
||||
pm = dynamic
|
||||
pm.max_children = 5
|
||||
pm.start_servers = 2
|
||||
pm.min_spare_servers = 1
|
||||
pm.max_spare_servers = 3
|
||||
chdir = /
|
||||
# errors to journal
|
||||
php_admin_value[error_log] = 'stderr'
|
||||
php_admin_flag[log_errors] = on
|
||||
catch_workers_output = yes
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.prepare-tw = {
|
||||
wantedBy = [ "local-fs.target" ];
|
||||
before = [ "phpfpm.service" ];
|
||||
serviceConfig = {
|
||||
ExecStart = pkgs.writeScript "prepare-tw-service" ''
|
||||
#!/bin/sh
|
||||
if ! test -d "${base-dir}" ;then
|
||||
mkdir -p "${wiki-dir}" "${backup-dir}"
|
||||
|
||||
# write the base configuration
|
||||
cat > "${base-cfg}" <<EOF
|
||||
[users]
|
||||
$(cat "${tw-pass-file}")
|
||||
[directories]
|
||||
backupdir = ${backup-dir}
|
||||
savedir = ${wiki-dir}
|
||||
EOF
|
||||
|
||||
chown -R ${user}:${group} "${base-dir}"
|
||||
chmod 700 -R "${base-dir}"
|
||||
fi
|
||||
'';
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = "yes";
|
||||
TimeoutSec = "0";
|
||||
};
|
||||
};
|
||||
|
||||
krebs.nginx = {
|
||||
enable = mkDefault true;
|
||||
servers = {
|
||||
euer-wiki = {
|
||||
listen = [ "${external-ip}:80" "${external-ip}:443 ssl"
|
||||
"${internal-ip}:80" "${internal-ip}:443 ssl" ];
|
||||
server-names = [
|
||||
"wiki.euer.krebsco.de"
|
||||
"wiki.makefu.retiolum"
|
||||
"wiki.makefu"
|
||||
];
|
||||
extraConfig = ''
|
||||
gzip on;
|
||||
gzip_buffers 4 32k;
|
||||
gzip_types text/plain application/x-javascript text/css;
|
||||
ssl_certificate ${ssl_cert};
|
||||
ssl_certificate_key ${ssl_key};
|
||||
default_type text/plain;
|
||||
|
||||
if ($scheme = http){
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
'';
|
||||
locations = [
|
||||
(nameValuePair "/" ''
|
||||
root ${wiki-dir};
|
||||
expires -1;
|
||||
autoindex on;
|
||||
'')
|
||||
(nameValuePair "/store.php" ''
|
||||
root ${tw-upload};
|
||||
client_max_body_size 200M;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:${fpm-socket};
|
||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||
'')
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -1,19 +1,8 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
_:
|
||||
|
||||
{
|
||||
krebs.build.source = {
|
||||
git.nixpkgs = {
|
||||
krebs.build.source.git.nixpkgs = {
|
||||
url = https://github.com/makefu/nixpkgs;
|
||||
rev = "984d33884d63d404ff2da76920b8bc8b15471552";
|
||||
rev = "15b5bbfbd1c8a55e7d9e05dd9058dc102fac04fe"; # cherry-picked collectd
|
||||
};
|
||||
|
||||
dir.secrets = {
|
||||
host = config.krebs.hosts.pornocauster;
|
||||
path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
|
||||
};
|
||||
dir.stockholm = {
|
||||
host = config.krebs.hosts.pornocauster;
|
||||
path = toString ../.. ;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -10,6 +10,8 @@
|
||||
https://api.github.com/repos/ovh/python-ovh/tags
|
||||
https://api.github.com/repos/embray/d2to1/tags
|
||||
http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release
|
||||
https://pypi.python.org/simple/bepasty/
|
||||
https://pypi.python.org/simple/xstatic/
|
||||
|
||||
];
|
||||
};
|
||||
|
@ -7,6 +7,6 @@ in
|
||||
alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";};
|
||||
alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
|
||||
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
|
||||
tinc_graphs = callPackage ./tinc_graphs {};
|
||||
awesomecfg = callPackage ./awesomecfg {};
|
||||
tw-upload-plugin = callPackage ./tw-upload-plugin {};
|
||||
}
|
||||
|
8
makefu/5pkgs/tw-upload-plugin/default.nix
Normal file
8
makefu/5pkgs/tw-upload-plugin/default.nix
Normal file
@ -0,0 +1,8 @@
|
||||
{pkgs}:
|
||||
|
||||
pkgs.fetchFromGitHub {
|
||||
owner = "makefu";
|
||||
repo = "tw-upload-plugin";
|
||||
rev = "a00aac";
|
||||
sha256 = "0kazqs24kzjxqzr33kg1jbfx8xyvmrnrdxh6g27kgkgbl1d2qknh";
|
||||
}
|
@ -5,6 +5,7 @@ with lib;
|
||||
{
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
../2configs/collectd-base.nix
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.wolf;
|
||||
@ -26,7 +27,7 @@ with lib;
|
||||
krebs.build.source = {
|
||||
git.nixpkgs = {
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
rev = "e916273209560b302ab231606babf5ce1c481f08";
|
||||
rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
|
||||
};
|
||||
dir.secrets = {
|
||||
host = config.krebs.current.host;
|
||||
|
41
shared/2configs/collectd-base.nix
Normal file
41
shared/2configs/collectd-base.nix
Normal file
@ -0,0 +1,41 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
# TODO: krebs.collectd.plugins
|
||||
with lib;
|
||||
let
|
||||
connect-time-cfg = with pkgs; writeText "collectd-connect-time.conf" ''
|
||||
LoadPlugin python
|
||||
<Plugin python>
|
||||
ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/"
|
||||
Import "collectd_connect_time"
|
||||
<Module collectd_connect_time>
|
||||
target "localhost:22" "google.com" "google.de" "gum.retiolum:22" "gum.krebsco.de" "heidi.shack:22" "10.42.0.1:22" "heise.de" "t-online.de"
|
||||
interval 10
|
||||
</Module>
|
||||
</Plugin>
|
||||
'';
|
||||
graphite-cfg = pkgs.writeText "collectd-graphite.conf" ''
|
||||
LoadPlugin write_graphite
|
||||
<Plugin "write_graphite">
|
||||
<Carbon>
|
||||
Host "heidi.shack"
|
||||
Port "2003"
|
||||
Prefix "retiolum."
|
||||
EscapeCharacter "_"
|
||||
StoreRates false
|
||||
AlwaysAppendDS false
|
||||
</Carbon>
|
||||
</Plugin>
|
||||
'';
|
||||
in {
|
||||
imports = [ ];
|
||||
|
||||
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
|
||||
collectd = pkgs.collectd.override { python= pkgs.python; };
|
||||
};
|
||||
services.collectd = {
|
||||
enable = true;
|
||||
include = [ (toString connect-time-cfg) (toString graphite-cfg) ];
|
||||
};
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user