Merge remote-tracking branches 'mors/master' and 'pnp/master'
This commit is contained in:
commit
bbcdef021a
@ -108,8 +108,8 @@ let
|
|||||||
|
|
||||||
# Implements environment.etc."zones/<zone-name>"
|
# Implements environment.etc."zones/<zone-name>"
|
||||||
environment.etc = let
|
environment.etc = let
|
||||||
stripEmptyLines = s: concatStringsSep "\n"
|
stripEmptyLines = s: (concatStringsSep "\n"
|
||||||
(remove "\n" (remove "" (splitString "\n" s)));
|
(remove "\n" (remove "" (splitString "\n" s)))) + "\n";
|
||||||
all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
|
all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
|
||||||
([cfg.zone-head-config] ++ combined-hosts);
|
([cfg.zone-head-config] ++ combined-hosts);
|
||||||
combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts );
|
combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts );
|
||||||
|
@ -33,7 +33,7 @@ let
|
|||||||
in {
|
in {
|
||||||
hosts = addNames {
|
hosts = addNames {
|
||||||
echelon = {
|
echelon = {
|
||||||
cores = 4;
|
cores = 2;
|
||||||
dc = "lass"; #dc = "cac";
|
dc = "lass"; #dc = "cac";
|
||||||
nets = rec {
|
nets = rec {
|
||||||
internet = {
|
internet = {
|
||||||
@ -66,6 +66,39 @@ in {
|
|||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
|
||||||
};
|
};
|
||||||
|
prism = {
|
||||||
|
cores = 4;
|
||||||
|
dc = "lass"; #dc = "cac";
|
||||||
|
nets = rec {
|
||||||
|
internet = {
|
||||||
|
addrs4 = ["213.239.205.240"];
|
||||||
|
aliases = [
|
||||||
|
"prism.internet"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
retiolum = {
|
||||||
|
via = internet;
|
||||||
|
addrs4 = ["10.243.0.103"];
|
||||||
|
addrs6 = ["42:0000:0000:0000:0000:0000:0000:15ab"];
|
||||||
|
aliases = [
|
||||||
|
"prism.retiolum"
|
||||||
|
"cgit.prism.retiolum"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
|
||||||
|
kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
|
||||||
|
JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
|
||||||
|
AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5
|
||||||
|
jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j
|
||||||
|
anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh.id_rsa>;
|
||||||
|
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
|
||||||
|
};
|
||||||
fastpoke = {
|
fastpoke = {
|
||||||
dc = "lass";
|
dc = "lass";
|
||||||
nets = rec {
|
nets = rec {
|
||||||
|
@ -164,6 +164,8 @@ with lib;
|
|||||||
dc = "makefu"; #dc = "cac";
|
dc = "makefu"; #dc = "cac";
|
||||||
extraZones = {
|
extraZones = {
|
||||||
"krebsco.de" = ''
|
"krebsco.de" = ''
|
||||||
|
euer IN A ${head nets.internet.addrs4}
|
||||||
|
wiki.euer IN A ${head nets.internet.addrs4}
|
||||||
wry IN A ${head nets.internet.addrs4}
|
wry IN A ${head nets.internet.addrs4}
|
||||||
io IN NS wry.krebsco.de.
|
io IN NS wry.krebsco.de.
|
||||||
graphs IN A ${head nets.internet.addrs4}
|
graphs IN A ${head nets.internet.addrs4}
|
||||||
@ -185,9 +187,14 @@ with lib;
|
|||||||
addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"];
|
addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"];
|
||||||
aliases = [
|
aliases = [
|
||||||
"graphs.wry.retiolum"
|
"graphs.wry.retiolum"
|
||||||
|
"graphs.retiolum"
|
||||||
"paste.wry.retiolum"
|
"paste.wry.retiolum"
|
||||||
"paste.retiolum"
|
"paste.retiolum"
|
||||||
"wry.retiolum"
|
"wry.retiolum"
|
||||||
|
"wiki.makefu.retiolum"
|
||||||
|
"wiki.wry.retiolum"
|
||||||
|
"blog.makefu.retiolum"
|
||||||
|
"blog.wry.retiolum"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
@ -207,14 +214,37 @@ with lib;
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
filepimp = rec {
|
||||||
|
cores = 1;
|
||||||
|
dc = "makefu"; #nas
|
||||||
|
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
addrs4 = ["10.243.153.102"];
|
||||||
|
addrs6 = ["42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"];
|
||||||
|
aliases = [
|
||||||
|
"filepimp.retiolum"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
|
||||||
|
BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
|
||||||
|
i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
|
||||||
|
09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
|
||||||
|
u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
|
||||||
|
OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
gum = rec {
|
gum = rec {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
dc = "online.net"; #root-server
|
dc = "online.net"; #root-server
|
||||||
|
|
||||||
extraZones = {
|
extraZones = {
|
||||||
"krebsco.de" = ''
|
"krebsco.de" = ''
|
||||||
omo IN A ${head nets.internet.addrs4}
|
share.euer IN A ${head nets.internet.addrs4}
|
||||||
euer IN A ${head nets.internet.addrs4}
|
|
||||||
gum IN A ${head nets.internet.addrs4}
|
gum IN A ${head nets.internet.addrs4}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -95,8 +95,12 @@ let
|
|||||||
|
|
||||||
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
|
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
mkdir -p "${internal_dir}" "${external_dir}"
|
||||||
if ! test -e "${cfg.workingDir}/internal/index.html"; then
|
if ! test -e "${cfg.workingDir}/internal/index.html"; then
|
||||||
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/" "${internal_dir}"
|
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}"
|
||||||
|
fi
|
||||||
|
if ! test -e "${cfg.workingDir}/external/index.html"; then
|
||||||
|
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}"
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
@ -118,7 +122,6 @@ let
|
|||||||
users.extraUsers.tinc_graphs = {
|
users.extraUsers.tinc_graphs = {
|
||||||
uid = 3925439960; #genid tinc_graphs
|
uid = 3925439960; #genid tinc_graphs
|
||||||
home = "/var/spool/tinc_graphs";
|
home = "/var/spool/tinc_graphs";
|
||||||
createHome = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
krebs.nginx.servers = mkIf cfg.nginx.enable {
|
krebs.nginx.servers = mkIf cfg.nginx.enable {
|
||||||
|
@ -56,6 +56,13 @@ let
|
|||||||
https://nixos.org/channels/nixos-unstable/git-revision
|
https://nixos.org/channels/nixos-unstable/git-revision
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
verbose = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
verbose output of urlwatch
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
urlsFile = toFile "urls" (concatStringsSep "\n" cfg.urls);
|
urlsFile = toFile "urls" (concatStringsSep "\n" cfg.urls);
|
||||||
@ -106,7 +113,7 @@ let
|
|||||||
|
|
||||||
cd /tmp
|
cd /tmp
|
||||||
|
|
||||||
urlwatch -e --urls="$urlsFile" > changes 2>&1 || :
|
urlwatch -e ${optionalString cfg.verbose "-v"} --urls="$urlsFile" > changes || :
|
||||||
|
|
||||||
if test -s changes; then
|
if test -s changes; then
|
||||||
date=$(date -R)
|
date=$(date -R)
|
||||||
|
@ -11,12 +11,28 @@ prepare() {(
|
|||||||
;;
|
;;
|
||||||
centos)
|
centos)
|
||||||
case $VERSION_ID in
|
case $VERSION_ID in
|
||||||
|
6)
|
||||||
|
prepare_centos "$@"
|
||||||
|
exit
|
||||||
|
;;
|
||||||
7)
|
7)
|
||||||
prepare_centos "$@"
|
prepare_centos "$@"
|
||||||
exit
|
exit
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
;;
|
;;
|
||||||
|
debian)
|
||||||
|
case $VERSION_ID in
|
||||||
|
7)
|
||||||
|
prepare_debian "$@"
|
||||||
|
exit
|
||||||
|
;;
|
||||||
|
8)
|
||||||
|
prepare_debian "$@"
|
||||||
|
exit
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
elif test -e /etc/centos-release; then
|
elif test -e /etc/centos-release; then
|
||||||
case $(cat /etc/centos-release) in
|
case $(cat /etc/centos-release) in
|
||||||
@ -31,6 +47,7 @@ prepare() {(
|
|||||||
)}
|
)}
|
||||||
|
|
||||||
prepare_arch() {
|
prepare_arch() {
|
||||||
|
pacman -Sy
|
||||||
type bzip2 2>/dev/null || pacman -S --noconfirm bzip2
|
type bzip2 2>/dev/null || pacman -S --noconfirm bzip2
|
||||||
type git 2>/dev/null || pacman -S --noconfirm git
|
type git 2>/dev/null || pacman -S --noconfirm git
|
||||||
type rsync 2>/dev/null || pacman -S --noconfirm rsync
|
type rsync 2>/dev/null || pacman -S --noconfirm rsync
|
||||||
@ -44,6 +61,14 @@ prepare_centos() {
|
|||||||
prepare_common
|
prepare_common
|
||||||
}
|
}
|
||||||
|
|
||||||
|
prepare_debian() {
|
||||||
|
apt-get update
|
||||||
|
type bzip2 2>/dev/null || apt-get install bzip2
|
||||||
|
type git 2>/dev/null || apt-get install git
|
||||||
|
type rsync 2>/dev/null || apt-get install rsync
|
||||||
|
prepare_common
|
||||||
|
}
|
||||||
|
|
||||||
prepare_common() {
|
prepare_common() {
|
||||||
|
|
||||||
if ! getent group nixbld >/dev/null; then
|
if ! getent group nixbld >/dev/null; then
|
||||||
|
22
krebs/5pkgs/bepasty-client-cli/default.nix
Normal file
22
krebs/5pkgs/bepasty-client-cli/default.nix
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
{ lib, pkgs, pythonPackages, fetchurl, ... }:
|
||||||
|
|
||||||
|
with pythonPackages; buildPythonPackage rec {
|
||||||
|
name = "bepasty-client-cli-${version}";
|
||||||
|
version = "0.3.0";
|
||||||
|
propagatedBuildInputs = [
|
||||||
|
python_magic
|
||||||
|
click
|
||||||
|
requests2
|
||||||
|
];
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
url = "https://pypi.python.org/packages/source/b/bepasty-client-cli/bepasty-client-cli-${version}.tar.gz";
|
||||||
|
sha256 = "002kcplyfnmr5pn2ywdfilss0rmbm8wcdzz8hzp03ksy2zr4sdbw";
|
||||||
|
};
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
homepage = https://github.com/bepasty/bepasty-client-cli;
|
||||||
|
description = "CLI client for bepasty-server";
|
||||||
|
license = lib.licenses.bsd2;
|
||||||
|
};
|
||||||
|
}
|
15
krebs/5pkgs/collectd-connect-time/default.nix
Normal file
15
krebs/5pkgs/collectd-connect-time/default.nix
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
{lib, pkgs, pythonPackages, fetchurl, ... }:
|
||||||
|
|
||||||
|
pythonPackages.buildPythonPackage rec {
|
||||||
|
name = "collectd-connect-time-${version}";
|
||||||
|
version = "0.3.0";
|
||||||
|
src = fetchurl {
|
||||||
|
url = "https://pypi.python.org/packages/source/c/collectd-connect-time/collectd-connect-time-${version}.tar.gz";
|
||||||
|
sha256 = "0vvrf9py9bwc8hk3scxwg4x2j8jlp2qva0mv4q8d9m4b4mk99c95";
|
||||||
|
};
|
||||||
|
meta = {
|
||||||
|
homepage = https://pypi.python.org/pypi/collectd-connect-time/;
|
||||||
|
description = "TCP Connection time plugin for collectd";
|
||||||
|
license = lib.licenses.wtfpl;
|
||||||
|
};
|
||||||
|
}
|
7
krebs/5pkgs/krebspaste/default.nix
Normal file
7
krebs/5pkgs/krebspaste/default.nix
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
{ writeScriptBin, pkgs }:
|
||||||
|
|
||||||
|
# TODO: use `wrapProgram --add-flags` instead?
|
||||||
|
writeScriptBin "krebspaste" ''
|
||||||
|
#! /bin/sh
|
||||||
|
exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
|
||||||
|
''
|
@ -2,14 +2,14 @@
|
|||||||
|
|
||||||
python3Packages.buildPythonPackage rec {
|
python3Packages.buildPythonPackage rec {
|
||||||
name = "tinc_graphs-${version}";
|
name = "tinc_graphs-${version}";
|
||||||
version = "0.3.6";
|
version = "0.3.9";
|
||||||
propagatedBuildInputs = with pkgs;[
|
propagatedBuildInputs = with pkgs;[
|
||||||
python3Packages.pygeoip
|
python3Packages.pygeoip
|
||||||
## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
|
## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
|
||||||
];
|
];
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz";
|
url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz";
|
||||||
sha256 = "0ghdx9aaipmppvc2b6cgks4nxw6zsb0fhjrmnisbx7rz0vjvzc74";
|
sha256 = "0hjmkiclvyjb3707285x4b8mk5aqjcvh383hvkad1h7p1n61qrfx";
|
||||||
};
|
};
|
||||||
preFixup = with pkgs;''
|
preFixup = with pkgs;''
|
||||||
wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin"
|
wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin"
|
43
krebs/5pkgs/translate-shell/default.nix
Normal file
43
krebs/5pkgs/translate-shell/default.nix
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
{stdenv, fetchurl,pkgs,... }:
|
||||||
|
let
|
||||||
|
s =
|
||||||
|
rec {
|
||||||
|
baseName="translate-shell";
|
||||||
|
version="0.9.0.9";
|
||||||
|
name="${baseName}-${version}";
|
||||||
|
url=https://github.com/soimort/translate-shell/archive/v0.9.0.9.tar.gz;
|
||||||
|
sha256="1269j4yr9dr1d8c5kmysbzfplbgdg8apqnzs5w57d29sd7gz2i34";
|
||||||
|
};
|
||||||
|
searchpath = with pkgs; stdenv.lib.makeSearchPath "bin" [
|
||||||
|
fribidi
|
||||||
|
gawk
|
||||||
|
bash
|
||||||
|
curl
|
||||||
|
less
|
||||||
|
];
|
||||||
|
buildInputs = [
|
||||||
|
pkgs.makeWrapper
|
||||||
|
];
|
||||||
|
in
|
||||||
|
stdenv.mkDerivation {
|
||||||
|
inherit (s) name version;
|
||||||
|
inherit buildInputs;
|
||||||
|
src = fetchurl {
|
||||||
|
inherit (s) url sha256;
|
||||||
|
};
|
||||||
|
# TODO: maybe mplayer
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/bin
|
||||||
|
make PREFIX=$out install
|
||||||
|
wrapProgram $out/bin/trans --suffix PATH : "${searchpath}"
|
||||||
|
'';
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
inherit (s) version;
|
||||||
|
description = ''translate using google api'';
|
||||||
|
license = stdenv.lib.licenses.free;
|
||||||
|
maintainers = [stdenv.lib.maintainers.makefu];
|
||||||
|
platforms = stdenv.lib.platforms.linux ;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -2,7 +2,6 @@ Address= 195.154.108.70
|
|||||||
Address= 195.154.108.70 53
|
Address= 195.154.108.70 53
|
||||||
Subnet = 10.243.0.211
|
Subnet = 10.243.0.211
|
||||||
Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
|
Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
|
||||||
Aliases = paste
|
|
||||||
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
|
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
|
||||||
|
12
krebs/Zhosts/prism
Normal file
12
krebs/Zhosts/prism
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
Address = 213.239.205.240
|
||||||
|
Subnet = 10.243.0.103
|
||||||
|
Subnet = 42:0000:0000:0000:0000:0000:0000:15ab
|
||||||
|
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
|
||||||
|
kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
|
||||||
|
JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
|
||||||
|
AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5
|
||||||
|
jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j
|
||||||
|
anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
@ -47,6 +47,23 @@ in {
|
|||||||
{ predicate = "-i retiolum -p udp --dport 53"; target = "ACCEPT"; }
|
{ predicate = "-i retiolum -p udp --dport 53"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
users.extraUsers = {
|
||||||
|
satan = {
|
||||||
|
name = "satan";
|
||||||
|
uid = 1338;
|
||||||
|
home = "/home/satan";
|
||||||
|
group = "users";
|
||||||
|
createHome = true;
|
||||||
|
useDefaultShell = true;
|
||||||
|
extraGroups = [
|
||||||
|
];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.echelon;
|
krebs.build.host = config.krebs.hosts.echelon;
|
||||||
|
@ -156,6 +156,7 @@
|
|||||||
get
|
get
|
||||||
genid
|
genid
|
||||||
teamspeak_client
|
teamspeak_client
|
||||||
|
hashPassword
|
||||||
];
|
];
|
||||||
|
|
||||||
#TODO: fix this shit
|
#TODO: fix this shit
|
||||||
|
93
lass/1systems/prism.nix
Normal file
93
lass/1systems/prism.nix
Normal file
@ -0,0 +1,93 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (lib) head;
|
||||||
|
|
||||||
|
ip = (head config.krebs.build.host.nets.internet.addrs4);
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
../2configs/base.nix
|
||||||
|
../2configs/downloading.nix
|
||||||
|
../2configs/git.nix
|
||||||
|
../2configs/ts3.nix
|
||||||
|
{
|
||||||
|
users.extraGroups = {
|
||||||
|
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
|
||||||
|
# Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
|
||||||
|
# Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
|
||||||
|
# Docs: man:tmpfiles.d(5)
|
||||||
|
# man:systemd-tmpfiles(8)
|
||||||
|
# Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
|
||||||
|
# Main PID: 19272 (code=exited, status=1/FAILURE)
|
||||||
|
#
|
||||||
|
# Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
|
||||||
|
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
|
||||||
|
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
|
||||||
|
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
|
||||||
|
# Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
|
||||||
|
# Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
|
||||||
|
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
|
||||||
|
# warning: error(s) occured while switching to the new configuration
|
||||||
|
lock.gid = 10001;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
networking.interfaces.et0.ip4 = [
|
||||||
|
{
|
||||||
|
address = ip;
|
||||||
|
prefixLength = 24;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
networking.defaultGateway = "213.239.205.225";
|
||||||
|
networking.nameservers = [
|
||||||
|
"8.8.8.8"
|
||||||
|
];
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
|
||||||
|
'';
|
||||||
|
|
||||||
|
}
|
||||||
|
{
|
||||||
|
#boot.loader.gummiboot.enable = true;
|
||||||
|
#boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
boot.loader.grub = {
|
||||||
|
devices = [
|
||||||
|
"/dev/sda"
|
||||||
|
"/dev/sdb"
|
||||||
|
];
|
||||||
|
splashImage = null;
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [
|
||||||
|
"ata_piix"
|
||||||
|
"vmw_pvscsi"
|
||||||
|
];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/pool/nix";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/download" = {
|
||||||
|
device = "/dev/pool/download";
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
||||||
|
{
|
||||||
|
sound.enable = false;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
#workaround for server dying after 6-7h
|
||||||
|
boot.kernelPackages = pkgs.linuxPackages_4_2;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
krebs.build.host = config.krebs.hosts.prism;
|
||||||
|
}
|
@ -15,8 +15,8 @@ with lib;
|
|||||||
{
|
{
|
||||||
users.extraUsers = {
|
users.extraUsers = {
|
||||||
root = {
|
root = {
|
||||||
openssh.authorizedKeys.keys = map readFile [
|
openssh.authorizedKeys.keys = [
|
||||||
../../krebs/Zpubkeys/lass.ssh.pub
|
config.krebs.users.lass.pubkey
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
mainUser = {
|
mainUser = {
|
||||||
@ -27,11 +27,9 @@ with lib;
|
|||||||
createHome = true;
|
createHome = true;
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
extraGroups = [
|
extraGroups = [
|
||||||
"audio"
|
|
||||||
"wheel"
|
|
||||||
];
|
];
|
||||||
openssh.authorizedKeys.keys = map readFile [
|
openssh.authorizedKeys.keys = [
|
||||||
../../krebs/Zpubkeys/lass.ssh.pub
|
config.krebs.users.lass.pubkey
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -50,7 +48,7 @@ with lib;
|
|||||||
source = {
|
source = {
|
||||||
git.nixpkgs = {
|
git.nixpkgs = {
|
||||||
url = https://github.com/Lassulus/nixpkgs;
|
url = https://github.com/Lassulus/nixpkgs;
|
||||||
rev = "33bdc011f5360288cd10b9fda90da2950442b2ab";
|
rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
|
||||||
};
|
};
|
||||||
dir.secrets = {
|
dir.secrets = {
|
||||||
host = config.krebs.hosts.mors;
|
host = config.krebs.hosts.mors;
|
||||||
|
@ -8,6 +8,8 @@ in {
|
|||||||
./urxvt.nix
|
./urxvt.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
users.extraUsers.mainUser.extraGroups = [ "audio" ];
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
virtualisation.libvirtd.enable = true;
|
virtualisation.libvirtd.enable = true;
|
||||||
|
@ -1,6 +1,10 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
rpc-password = import <secrets/transmission-pw.nix>;
|
||||||
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
../3modules/folderPerms.nix
|
../3modules/folderPerms.nix
|
||||||
];
|
];
|
||||||
@ -10,9 +14,13 @@
|
|||||||
name = "download";
|
name = "download";
|
||||||
home = "/var/download";
|
home = "/var/download";
|
||||||
createHome = true;
|
createHome = true;
|
||||||
|
useDefaultShell = true;
|
||||||
extraGroups = [
|
extraGroups = [
|
||||||
"download"
|
"download"
|
||||||
];
|
];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
config.krebs.users.lass.pubkey
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
transmission = {
|
transmission = {
|
||||||
@ -41,8 +49,8 @@
|
|||||||
rpc-authentication-required = true;
|
rpc-authentication-required = true;
|
||||||
rpc-whitelist-enabled = false;
|
rpc-whitelist-enabled = false;
|
||||||
rpc-username = "download";
|
rpc-username = "download";
|
||||||
#add rpc-password in secrets
|
inherit rpc-password;
|
||||||
rpc-password = "test123";
|
peer-port = 51413;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -50,6 +58,8 @@
|
|||||||
enable = true;
|
enable = true;
|
||||||
tables.filter.INPUT.rules = [
|
tables.filter.INPUT.rules = [
|
||||||
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
|
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -33,6 +33,8 @@ let
|
|||||||
web-routes-wai-custom = {};
|
web-routes-wai-custom = {};
|
||||||
go = {};
|
go = {};
|
||||||
newsbot-js = {};
|
newsbot-js = {};
|
||||||
|
kimsufi-check = {};
|
||||||
|
realwallpaper = {};
|
||||||
};
|
};
|
||||||
|
|
||||||
restricted-repos = mapAttrs make-restricted-repo (
|
restricted-repos = mapAttrs make-restricted-repo (
|
||||||
|
@ -16,7 +16,7 @@
|
|||||||
enable = true;
|
enable = true;
|
||||||
hosts = ../../krebs/Zhosts;
|
hosts = ../../krebs/Zhosts;
|
||||||
connectTo = [
|
connectTo = [
|
||||||
"fastpoke"
|
"prism"
|
||||||
"cloudkrebs"
|
"cloudkrebs"
|
||||||
"echelon"
|
"echelon"
|
||||||
"pigstarter"
|
"pigstarter"
|
||||||
|
19
lass/2configs/ts3.nix
Normal file
19
lass/2configs/ts3.nix
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
{ config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.teamspeak3 = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
#voice port
|
||||||
|
{ predicate = "-p tcp --dport 9987"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p udp --dport 9987"; target = "ACCEPT"; }
|
||||||
|
##file transfer port
|
||||||
|
#{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; }
|
||||||
|
#{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; }
|
||||||
|
##query port
|
||||||
|
#{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; }
|
||||||
|
#{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
}
|
38
makefu/1systems/filepimp.nix
Normal file
38
makefu/1systems/filepimp.nix
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ # Include the results of the hardware scan.
|
||||||
|
../2configs/default.nix
|
||||||
|
../2configs/fs/vm-single-partition.nix
|
||||||
|
../2configs/fs/single-partition-ext4.nix
|
||||||
|
../2configs/tinc-basic-retiolum.nix
|
||||||
|
];
|
||||||
|
krebs.build.host = config.krebs.hosts.filepimp;
|
||||||
|
|
||||||
|
# AMD N54L
|
||||||
|
boot = {
|
||||||
|
loader.grub.device = "/dev/sda";
|
||||||
|
|
||||||
|
initrd.availableKernelModules = [
|
||||||
|
"usb_storage"
|
||||||
|
"ahci"
|
||||||
|
"xhci_hcd"
|
||||||
|
"ata_piix"
|
||||||
|
"uhci_hcd"
|
||||||
|
"ehci_pci"
|
||||||
|
];
|
||||||
|
|
||||||
|
kernelModules = [ ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
};
|
||||||
|
|
||||||
|
hardware.enableAllFirmware = true;
|
||||||
|
hardware.cpu.amd.updateMicrocode = true;
|
||||||
|
|
||||||
|
networking.firewall.allowPing = true;
|
||||||
|
}
|
38
makefu/1systems/gum.nix
Normal file
38
makefu/1systems/gum.nix
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||||
|
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
# TODO: copy this config or move to krebs
|
||||||
|
../2configs/tinc-basic-retiolum.nix
|
||||||
|
../2configs/headless.nix
|
||||||
|
# ../2configs/iodined.nix
|
||||||
|
|
||||||
|
# Reaktor
|
||||||
|
../2configs/Reaktor/simpleExtend.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
krebs.build.host = config.krebs.hosts.gum;
|
||||||
|
|
||||||
|
krebs.Reaktor.enable = true;
|
||||||
|
|
||||||
|
# prepare graphs
|
||||||
|
krebs.nginx.enable = true;
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
firewall.allowPing = true;
|
||||||
|
firewall.allowedTCPPorts = [ 80 443 655 ];
|
||||||
|
firewall.allowedUDPPorts = [ 655 ];
|
||||||
|
interfaces.enp2s1.ip4 = [{
|
||||||
|
address = external-ip;
|
||||||
|
prefixLength = 24;
|
||||||
|
}];
|
||||||
|
defaultGateway = "195.154.108.1";
|
||||||
|
nameservers = [ "8.8.8.8" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# based on ../../tv/2configs/CAC-Developer-2.nix
|
||||||
|
}
|
@ -8,11 +8,12 @@
|
|||||||
imports =
|
imports =
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
# Base
|
# Base
|
||||||
../2configs/base.nix
|
|
||||||
../2configs/base-sources.nix
|
|
||||||
../2configs/tinc-basic-retiolum.nix
|
../2configs/tinc-basic-retiolum.nix
|
||||||
|
../2configs/headless.nix
|
||||||
|
|
||||||
# HW/FS
|
# HW/FS
|
||||||
|
|
||||||
|
# enables virtio kernel modules in initrd
|
||||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||||
../2configs/fs/vm-single-partition.nix
|
../2configs/fs/vm-single-partition.nix
|
||||||
|
|
||||||
@ -32,6 +33,8 @@
|
|||||||
|
|
||||||
# ../2configs/graphite-standalone.nix
|
# ../2configs/graphite-standalone.nix
|
||||||
];
|
];
|
||||||
|
krebs.urlwatch.verbose = true;
|
||||||
|
|
||||||
krebs.Reaktor.enable = true;
|
krebs.Reaktor.enable = true;
|
||||||
krebs.Reaktor.debug = true;
|
krebs.Reaktor.debug = true;
|
||||||
krebs.Reaktor.nickname = "Reaktor|bot";
|
krebs.Reaktor.nickname = "Reaktor|bot";
|
||||||
@ -40,8 +43,6 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.pnp;
|
krebs.build.host = config.krebs.hosts.pnp;
|
||||||
krebs.build.user = config.krebs.users.makefu;
|
|
||||||
krebs.build.target = "root@pnp";
|
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
||||||
|
|
||||||
|
@ -6,12 +6,8 @@
|
|||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
../2configs/base.nix
|
|
||||||
../2configs/main-laptop.nix #< base-gui
|
../2configs/main-laptop.nix #< base-gui
|
||||||
|
|
||||||
# configures sources
|
|
||||||
../2configs/base-sources.nix
|
|
||||||
|
|
||||||
# Krebs
|
# Krebs
|
||||||
../2configs/tinc-basic-retiolum.nix
|
../2configs/tinc-basic-retiolum.nix
|
||||||
#../2configs/disable_v6.nix
|
#../2configs/disable_v6.nix
|
||||||
@ -23,7 +19,8 @@
|
|||||||
../2configs/exim-retiolum.nix
|
../2configs/exim-retiolum.nix
|
||||||
../2configs/mail-client.nix
|
../2configs/mail-client.nix
|
||||||
#../2configs/virtualization.nix
|
#../2configs/virtualization.nix
|
||||||
../2configs/virtualization-virtualbox.nix
|
../2configs/virtualization.nix
|
||||||
|
#../2configs/virtualization-virtualbox.nix
|
||||||
../2configs/wwan.nix
|
../2configs/wwan.nix
|
||||||
|
|
||||||
# services
|
# services
|
||||||
@ -34,16 +31,19 @@
|
|||||||
../2configs/hw/tp-x220.nix
|
../2configs/hw/tp-x220.nix
|
||||||
# mount points
|
# mount points
|
||||||
../2configs/fs/sda-crypto-root-home.nix
|
../2configs/fs/sda-crypto-root-home.nix
|
||||||
|
# ../2configs/mediawiki.nix
|
||||||
|
#../2configs/wordpress.nix
|
||||||
];
|
];
|
||||||
krebs.Reaktor.enable = true;
|
#krebs.Reaktor.enable = true;
|
||||||
krebs.Reaktor.debug = true;
|
#krebs.Reaktor.nickname = "makefu|r";
|
||||||
krebs.Reaktor.nickname = "makefu|r";
|
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.pornocauster;
|
krebs.build.host = config.krebs.hosts.pornocauster;
|
||||||
krebs.build.user = config.krebs.users.makefu;
|
|
||||||
krebs.build.target = "root@pornocauster";
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs;[ get ];
|
environment.systemPackages = with pkgs;[
|
||||||
|
get
|
||||||
|
virtmanager
|
||||||
|
gnome3.dconf
|
||||||
|
];
|
||||||
|
|
||||||
services.logind.extraConfig = "HandleLidSwitch=ignore";
|
services.logind.extraConfig = "HandleLidSwitch=ignore";
|
||||||
# configure pulseAudio to provide a HDMI sink as well
|
# configure pulseAudio to provide a HDMI sink as well
|
||||||
|
@ -8,26 +8,9 @@
|
|||||||
imports =
|
imports =
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||||
../2configs/base.nix
|
|
||||||
../2configs/cgit-retiolum.nix
|
../2configs/cgit-retiolum.nix
|
||||||
];
|
];
|
||||||
krebs.build.host = config.krebs.hosts.repunit;
|
krebs.build.host = config.krebs.hosts.repunit;
|
||||||
krebs.build.user = config.krebs.users.makefu;
|
|
||||||
krebs.build.target = "root@repunit";
|
|
||||||
|
|
||||||
krebs.build.deps = {
|
|
||||||
nixpkgs = {
|
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
|
||||||
#url = https://github.com/makefu/nixpkgs;
|
|
||||||
rev = "13576925552b1d0751498fdda22e91a055a1ff6c";
|
|
||||||
};
|
|
||||||
secrets = {
|
|
||||||
url = "/home/makefu/secrets/${config.krebs.build.host.name}";
|
|
||||||
};
|
|
||||||
stockholm = {
|
|
||||||
url = toString ../..;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.version = 2;
|
boot.loader.grub.version = 2;
|
||||||
|
@ -6,7 +6,6 @@
|
|||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
../2configs/base.nix
|
|
||||||
../2configs/base-gui.nix
|
../2configs/base-gui.nix
|
||||||
../2configs/tinc-basic-retiolum.nix
|
../2configs/tinc-basic-retiolum.nix
|
||||||
../2configs/fs/sda-crypto-root.nix
|
../2configs/fs/sda-crypto-root.nix
|
||||||
@ -21,19 +20,9 @@
|
|||||||
];
|
];
|
||||||
# not working in vm
|
# not working in vm
|
||||||
krebs.build.host = config.krebs.hosts.tsp;
|
krebs.build.host = config.krebs.hosts.tsp;
|
||||||
krebs.build.user = config.krebs.users.makefu;
|
|
||||||
krebs.build.target = "root@tsp";
|
|
||||||
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
25
|
25
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.deps = {
|
|
||||||
nixpkgs = {
|
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
|
||||||
#url = https://github.com/makefu/nixpkgs;
|
|
||||||
rev = "13576925552b1d0751498fdda22e91a055a1ff6c";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
@ -8,9 +8,10 @@ let
|
|||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
# TODO: copy this config or move to krebs
|
# TODO: copy this config or move to krebs
|
||||||
../../tv/2configs/CAC-CentOS-7-64bit.nix
|
../../tv/2configs/hw/CAC.nix
|
||||||
../2configs/base.nix
|
../../tv/2configs/fs/CAC-CentOS-7-64bit.nix
|
||||||
../2configs/unstable-sources.nix
|
../2configs/unstable-sources.nix
|
||||||
|
../2configs/headless.nix
|
||||||
../2configs/tinc-basic-retiolum.nix
|
../2configs/tinc-basic-retiolum.nix
|
||||||
|
|
||||||
../2configs/bepasty-dual.nix
|
../2configs/bepasty-dual.nix
|
||||||
@ -19,15 +20,16 @@ in {
|
|||||||
|
|
||||||
# Reaktor
|
# Reaktor
|
||||||
../2configs/Reaktor/simpleExtend.nix
|
../2configs/Reaktor/simpleExtend.nix
|
||||||
|
|
||||||
|
# other nginx
|
||||||
|
../2configs/nginx/euer.wiki.nix
|
||||||
|
../2configs/nginx/euer.blog.nix
|
||||||
|
|
||||||
|
# collectd
|
||||||
|
../2configs/collectd/collectd-base.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build = {
|
krebs.build.host = config.krebs.hosts.wry;
|
||||||
user = config.krebs.users.makefu;
|
|
||||||
target = "root@wry";
|
|
||||||
host = config.krebs.hosts.wry;
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
krebs.Reaktor.enable = true;
|
krebs.Reaktor.enable = true;
|
||||||
|
|
||||||
@ -47,7 +49,7 @@ in {
|
|||||||
# TODO: remove hard-coded hostname
|
# TODO: remove hard-coded hostname
|
||||||
complete = {
|
complete = {
|
||||||
listen = [ "${internal-ip}:80" ];
|
listen = [ "${internal-ip}:80" ];
|
||||||
server-names = [ "graphs.wry" ];
|
server-names = [ "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ];
|
||||||
};
|
};
|
||||||
anonymous = {
|
anonymous = {
|
||||||
listen = [ "${external-ip}:80" ] ;
|
listen = [ "${external-ip}:80" ] ;
|
||||||
@ -55,9 +57,11 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
firewall.allowPing = true;
|
firewall.allowPing = true;
|
||||||
firewall.allowedTCPPorts = [ 53 80 443 ];
|
firewall.allowedTCPPorts = [ 53 80 443 ];
|
||||||
|
firewall.allowedUDPPorts = [ 655 ];
|
||||||
interfaces.enp2s1.ip4 = [{
|
interfaces.enp2s1.ip4 = [{
|
||||||
address = external-ip;
|
address = external-ip;
|
||||||
prefixLength = 24;
|
prefixLength = 24;
|
||||||
@ -66,7 +70,5 @@ in {
|
|||||||
nameservers = [ "8.8.8.8" ];
|
nameservers = [ "8.8.8.8" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = [ pkgs.translate-shell ];
|
||||||
# based on ../../tv/2configs/CAC-Developer-2.nix
|
|
||||||
sound.enable = false;
|
|
||||||
}
|
}
|
||||||
|
@ -1,20 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
krebs.build.source = {
|
|
||||||
git.nixpkgs = {
|
|
||||||
#url = https://github.com/NixOS/nixpkgs;
|
|
||||||
url = https://github.com/makefu/nixpkgs;
|
|
||||||
rev = "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picked iodine
|
|
||||||
};
|
|
||||||
|
|
||||||
dir.secrets = {
|
|
||||||
host = config.krebs.hosts.pornocauster;
|
|
||||||
path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
|
|
||||||
};
|
|
||||||
dir.stockholm = {
|
|
||||||
host = config.krebs.hosts.pornocauster;
|
|
||||||
path = toString ../.. ;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -11,7 +11,11 @@
|
|||||||
# bepasty-secret.nix <- contains single string
|
# bepasty-secret.nix <- contains single string
|
||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
{
|
let
|
||||||
|
sec = toString <secrets>;
|
||||||
|
# secKey is nothing worth protecting on a local machine
|
||||||
|
secKey = import <secrets/bepasty-secret.nix>;
|
||||||
|
in {
|
||||||
|
|
||||||
krebs.nginx.enable = mkDefault true;
|
krebs.nginx.enable = mkDefault true;
|
||||||
krebs.bepasty = {
|
krebs.bepasty = {
|
||||||
@ -24,7 +28,7 @@ with lib;
|
|||||||
server-names = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
|
server-names = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
|
||||||
};
|
};
|
||||||
defaultPermissions = "admin,list,create,read,delete";
|
defaultPermissions = "admin,list,create,read,delete";
|
||||||
secretKey = import <secrets/bepasty-secret.nix>;
|
secretKey = secKey;
|
||||||
};
|
};
|
||||||
|
|
||||||
external = {
|
external = {
|
||||||
@ -33,8 +37,8 @@ with lib;
|
|||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
ssl_session_cache shared:SSL:1m;
|
ssl_session_cache shared:SSL:1m;
|
||||||
ssl_session_timeout 10m;
|
ssl_session_timeout 10m;
|
||||||
ssl_certificate /root/secrets/wildcard.krebsco.de.crt;
|
ssl_certificate ${sec}/wildcard.krebsco.de.crt;
|
||||||
ssl_certificate_key /root/secrets/wildcard.krebsco.de.key;
|
ssl_certificate_key ${sec}/wildcard.krebsco.de.key;
|
||||||
ssl_verify_client off;
|
ssl_verify_client off;
|
||||||
proxy_ssl_session_reuse off;
|
proxy_ssl_session_reuse off;
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
@ -45,7 +49,7 @@ with lib;
|
|||||||
}'';
|
}'';
|
||||||
};
|
};
|
||||||
defaultPermissions = "read";
|
defaultPermissions = "read";
|
||||||
secretKey = import <secrets/bepasty-secret.nix>;
|
secretKey = secKey;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
42
makefu/2configs/collectd/collectd-base.nix
Normal file
42
makefu/2configs/collectd/collectd-base.nix
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
# graphite-web on port 8080
|
||||||
|
# carbon cache on port 2003 (tcp/udp)
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
connect-time-cfg = with pkgs; writeText "collectd-connect-time.cfg" ''
|
||||||
|
LoadPlugin python
|
||||||
|
<Plugin python>
|
||||||
|
ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/"
|
||||||
|
Import "collectd_connect_time"
|
||||||
|
<Module collectd_connect_time>
|
||||||
|
target "wry.retiolum" "localhost" "google.com"
|
||||||
|
interval 30
|
||||||
|
</Module>
|
||||||
|
</Plugin>
|
||||||
|
'';
|
||||||
|
graphite-cfg = pkgs.writeText "collectd-graphite-cfg" ''
|
||||||
|
LoadPlugin write_graphite
|
||||||
|
<Plugin "write_graphite">
|
||||||
|
<Carbon>
|
||||||
|
Host "heidi.retiolum"
|
||||||
|
Port "2003"
|
||||||
|
Prefix "retiolum."
|
||||||
|
EscapeCharacter "_"
|
||||||
|
StoreRates false
|
||||||
|
AlwaysAppendDS false
|
||||||
|
</Carbon>
|
||||||
|
</Plugin>
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
imports = [ ];
|
||||||
|
|
||||||
|
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
|
||||||
|
collectd = pkgs.collectd.override { python= pkgs.python; };
|
||||||
|
};
|
||||||
|
services.collectd = {
|
||||||
|
enable = true;
|
||||||
|
include = [ (toString connect-time-cfg) (toString graphite-cfg) ];
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
@ -2,6 +2,8 @@
|
|||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
|
system.stateVersion = "15.09";
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
{
|
{
|
||||||
users.extraUsers =
|
users.extraUsers =
|
||||||
@ -10,10 +12,36 @@ with lib;
|
|||||||
}
|
}
|
||||||
./vim.nix
|
./vim.nix
|
||||||
];
|
];
|
||||||
krebs.enable = true;
|
|
||||||
krebs.search-domain = "retiolum";
|
|
||||||
|
|
||||||
|
|
||||||
|
krebs = {
|
||||||
|
enable = true;
|
||||||
|
search-domain = "retiolum";
|
||||||
|
build = {
|
||||||
|
target = mkDefault "root@${config.krebs.build.host.name}";
|
||||||
|
user = config.krebs.users.makefu;
|
||||||
|
source = {
|
||||||
|
git.nixpkgs = {
|
||||||
|
#url = https://github.com/NixOS/nixpkgs;
|
||||||
|
url = mkDefault https://github.com/makefu/nixpkgs;
|
||||||
|
rev = mkDefault "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picking
|
||||||
|
target-path = "/var/src/nixpkgs";
|
||||||
|
};
|
||||||
|
|
||||||
|
dir.secrets = {
|
||||||
|
host = config.krebs.hosts.pornocauster;
|
||||||
|
path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
|
||||||
|
};
|
||||||
|
|
||||||
|
dir.stockholm = {
|
||||||
|
host = config.krebs.hosts.pornocauster;
|
||||||
|
path = "/home/makefu/stockholm" ;
|
||||||
|
target-path = "/var/src/stockholm";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
users.extraUsers = {
|
users.extraUsers = {
|
||||||
root = {
|
root = {
|
||||||
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
||||||
@ -56,7 +84,6 @@ with lib;
|
|||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
jq
|
jq
|
||||||
git
|
git
|
||||||
vim
|
|
||||||
gnumake
|
gnumake
|
||||||
rxvt_unicode.terminfo
|
rxvt_unicode.terminfo
|
||||||
htop
|
htop
|
@ -18,6 +18,4 @@ with lib;
|
|||||||
|
|
||||||
hardware.enableAllFirmware = true;
|
hardware.enableAllFirmware = true;
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
hardware.cpu.amd.updateMicrocode = true;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -6,8 +6,8 @@
|
|||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
boot = {
|
boot = {
|
||||||
loader.grub.enable =true;
|
loader.grub.enable = true;
|
||||||
loader.grub.version =2;
|
loader.grub.version = 2;
|
||||||
loader.grub.device = "/dev/sda";
|
loader.grub.device = "/dev/sda";
|
||||||
|
|
||||||
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
|
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
|
||||||
|
10
makefu/2configs/fs/single-partition-ext4.nix
Normal file
10
makefu/2configs/fs/single-partition-ext4.nix
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
{config, ...}:
|
||||||
|
{
|
||||||
|
boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true;
|
||||||
|
boot.loader.grub.version = 2;
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-label/nixos";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
}
|
@ -3,18 +3,9 @@
|
|||||||
# vda1 ext4 (label nixos) -> only root partition
|
# vda1 ext4 (label nixos) -> only root partition
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
boot.loader.grub.enable = true;
|
imports = [
|
||||||
boot.loader.grub.version = 2;
|
./single-partition-ext4.nix
|
||||||
|
];
|
||||||
boot.loader.grub.device = "/dev/vda";
|
boot.loader.grub.device = "/dev/vda";
|
||||||
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/disk/by-label/nixos";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
hardware.enableAllFirmware = true;
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
hardware.cpu.amd.updateMicrocode = true;
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
4
makefu/2configs/headless.nix
Normal file
4
makefu/2configs/headless.nix
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
{lib,... }:
|
||||||
|
{
|
||||||
|
sound.enable = lib.mkForce false;
|
||||||
|
}
|
@ -8,6 +8,8 @@ with lib;
|
|||||||
hardware.enableAllFirmware = true;
|
hardware.enableAllFirmware = true;
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
hardware.cpu.intel.updateMicrocode = true;
|
||||||
|
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
zramSwap.numDevices = 2;
|
zramSwap.numDevices = 2;
|
||||||
|
|
||||||
|
56
makefu/2configs/nginx/euer.blog.nix
Normal file
56
makefu/2configs/nginx/euer.blog.nix
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
sec = toString <secrets>;
|
||||||
|
ssl_cert = "${sec}/wildcard.krebsco.de.crt";
|
||||||
|
ssl_key = "${sec}/wildcard.krebsco.de.key";
|
||||||
|
hostname = config.krebs.build.host.name;
|
||||||
|
user = config.services.nginx.user;
|
||||||
|
group = config.services.nginx.group;
|
||||||
|
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||||
|
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
||||||
|
base-dir = "/var/www/blog.euer";
|
||||||
|
in {
|
||||||
|
# Prepare Blog directory
|
||||||
|
systemd.services.prepare-euer-blog = {
|
||||||
|
wantedBy = [ "local-fs.target" ];
|
||||||
|
before = [ "nginx.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
# do nothing if the base dir already exists
|
||||||
|
ExecStart = pkgs.writeScript "prepare-euer-blog-service" ''
|
||||||
|
#!/bin/sh
|
||||||
|
if ! test -d "${base-dir}" ;then
|
||||||
|
mkdir -p "${base-dir}"
|
||||||
|
chown ${user}:${group} "${base-dir}"
|
||||||
|
chmod 700 "${base-dir}"
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = "yes";
|
||||||
|
TimeoutSec = "0";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.nginx = {
|
||||||
|
enable = mkDefault true;
|
||||||
|
servers = {
|
||||||
|
euer-blog = {
|
||||||
|
listen = [ "${external-ip}:80" "${external-ip}:443 ssl"
|
||||||
|
"${internal-ip}:80" "${internal-ip}:443 ssl" ];
|
||||||
|
server-names = [ "euer.krebsco.de" "blog.euer.krebsco.de" "blog.${hostname}" ];
|
||||||
|
extraConfig = ''
|
||||||
|
gzip on;
|
||||||
|
gzip_buffers 4 32k;
|
||||||
|
gzip_types text/plain application/x-javascript text/css;
|
||||||
|
ssl_certificate ${ssl_cert};
|
||||||
|
ssl_certificate_key ${ssl_key};
|
||||||
|
default_type text/plain;
|
||||||
|
'';
|
||||||
|
locations = singleton (nameValuePair "/" ''
|
||||||
|
root ${base-dir};
|
||||||
|
'');
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
118
makefu/2configs/nginx/euer.wiki.nix
Normal file
118
makefu/2configs/nginx/euer.wiki.nix
Normal file
@ -0,0 +1,118 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
sec = toString <secrets>;
|
||||||
|
ssl_cert = "${sec}/wildcard.krebsco.de.crt";
|
||||||
|
ssl_key = "${sec}/wildcard.krebsco.de.key";
|
||||||
|
user = config.services.nginx.user;
|
||||||
|
group = config.services.nginx.group;
|
||||||
|
fpm-socket = "/var/run/php5-fpm.sock";
|
||||||
|
hostname = config.krebs.build.host.name;
|
||||||
|
tw-upload = pkgs.tw-upload-plugin;
|
||||||
|
base-dir = "/var/www/wiki.euer";
|
||||||
|
base-cfg = "${base-dir}/twconf.ini";
|
||||||
|
wiki-dir = "${base-dir}/store/";
|
||||||
|
backup-dir = "${base-dir}/backup/";
|
||||||
|
# contains:
|
||||||
|
# user1 = pass1
|
||||||
|
# userN = passN
|
||||||
|
tw-pass-file = "${sec}/tw-pass.ini";
|
||||||
|
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||||
|
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
||||||
|
in {
|
||||||
|
services.phpfpm = {
|
||||||
|
# phpfpm does not have an enable option
|
||||||
|
poolConfigs = {
|
||||||
|
euer-wiki = ''
|
||||||
|
user = ${user}
|
||||||
|
group = ${group}
|
||||||
|
listen = ${fpm-socket}
|
||||||
|
listen.owner = ${user}
|
||||||
|
listen.group = ${group}
|
||||||
|
env[twconf] = ${base-cfg};
|
||||||
|
pm = dynamic
|
||||||
|
pm.max_children = 5
|
||||||
|
pm.start_servers = 2
|
||||||
|
pm.min_spare_servers = 1
|
||||||
|
pm.max_spare_servers = 3
|
||||||
|
chdir = /
|
||||||
|
# errors to journal
|
||||||
|
php_admin_value[error_log] = 'stderr'
|
||||||
|
php_admin_flag[log_errors] = on
|
||||||
|
catch_workers_output = yes
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.prepare-tw = {
|
||||||
|
wantedBy = [ "local-fs.target" ];
|
||||||
|
before = [ "phpfpm.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = pkgs.writeScript "prepare-tw-service" ''
|
||||||
|
#!/bin/sh
|
||||||
|
if ! test -d "${base-dir}" ;then
|
||||||
|
mkdir -p "${wiki-dir}" "${backup-dir}"
|
||||||
|
|
||||||
|
# write the base configuration
|
||||||
|
cat > "${base-cfg}" <<EOF
|
||||||
|
[users]
|
||||||
|
$(cat "${tw-pass-file}")
|
||||||
|
[directories]
|
||||||
|
backupdir = ${backup-dir}
|
||||||
|
savedir = ${wiki-dir}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
chown -R ${user}:${group} "${base-dir}"
|
||||||
|
chmod 700 -R "${base-dir}"
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = "yes";
|
||||||
|
TimeoutSec = "0";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.nginx = {
|
||||||
|
enable = mkDefault true;
|
||||||
|
servers = {
|
||||||
|
euer-wiki = {
|
||||||
|
listen = [ "${external-ip}:80" "${external-ip}:443 ssl"
|
||||||
|
"${internal-ip}:80" "${internal-ip}:443 ssl" ];
|
||||||
|
server-names = [
|
||||||
|
"wiki.euer.krebsco.de"
|
||||||
|
"wiki.makefu.retiolum"
|
||||||
|
"wiki.makefu"
|
||||||
|
];
|
||||||
|
extraConfig = ''
|
||||||
|
gzip on;
|
||||||
|
gzip_buffers 4 32k;
|
||||||
|
gzip_types text/plain application/x-javascript text/css;
|
||||||
|
ssl_certificate ${ssl_cert};
|
||||||
|
ssl_certificate_key ${ssl_key};
|
||||||
|
default_type text/plain;
|
||||||
|
|
||||||
|
if ($scheme = http){
|
||||||
|
return 301 https://$server_name$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
'';
|
||||||
|
locations = [
|
||||||
|
(nameValuePair "/" ''
|
||||||
|
root ${wiki-dir};
|
||||||
|
expires -1;
|
||||||
|
autoindex on;
|
||||||
|
'')
|
||||||
|
(nameValuePair "/store.php" ''
|
||||||
|
root ${tw-upload};
|
||||||
|
client_max_body_size 200M;
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
fastcgi_pass unix:${fpm-socket};
|
||||||
|
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||||
|
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -1,19 +1,8 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
_:
|
||||||
|
|
||||||
{
|
{
|
||||||
krebs.build.source = {
|
krebs.build.source.git.nixpkgs = {
|
||||||
git.nixpkgs = {
|
|
||||||
url = https://github.com/makefu/nixpkgs;
|
url = https://github.com/makefu/nixpkgs;
|
||||||
rev = "984d33884d63d404ff2da76920b8bc8b15471552";
|
rev = "15b5bbfbd1c8a55e7d9e05dd9058dc102fac04fe"; # cherry-picked collectd
|
||||||
};
|
};
|
||||||
|
|
||||||
dir.secrets = {
|
|
||||||
host = config.krebs.hosts.pornocauster;
|
|
||||||
path = "/home/makefu/secrets/${config.krebs.build.host.name}/";
|
|
||||||
};
|
|
||||||
dir.stockholm = {
|
|
||||||
host = config.krebs.hosts.pornocauster;
|
|
||||||
path = toString ../.. ;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
@ -10,6 +10,8 @@
|
|||||||
https://api.github.com/repos/ovh/python-ovh/tags
|
https://api.github.com/repos/ovh/python-ovh/tags
|
||||||
https://api.github.com/repos/embray/d2to1/tags
|
https://api.github.com/repos/embray/d2to1/tags
|
||||||
http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release
|
http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release
|
||||||
|
https://pypi.python.org/simple/bepasty/
|
||||||
|
https://pypi.python.org/simple/xstatic/
|
||||||
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -7,6 +7,6 @@ in
|
|||||||
alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";};
|
alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";};
|
||||||
alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
|
alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
|
||||||
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
|
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
|
||||||
tinc_graphs = callPackage ./tinc_graphs {};
|
|
||||||
awesomecfg = callPackage ./awesomecfg {};
|
awesomecfg = callPackage ./awesomecfg {};
|
||||||
|
tw-upload-plugin = callPackage ./tw-upload-plugin {};
|
||||||
}
|
}
|
||||||
|
8
makefu/5pkgs/tw-upload-plugin/default.nix
Normal file
8
makefu/5pkgs/tw-upload-plugin/default.nix
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
{pkgs}:
|
||||||
|
|
||||||
|
pkgs.fetchFromGitHub {
|
||||||
|
owner = "makefu";
|
||||||
|
repo = "tw-upload-plugin";
|
||||||
|
rev = "a00aac";
|
||||||
|
sha256 = "0kazqs24kzjxqzr33kg1jbfx8xyvmrnrdxh6g27kgkgbl1d2qknh";
|
||||||
|
}
|
@ -5,6 +5,7 @@ with lib;
|
|||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||||
|
../2configs/collectd-base.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.wolf;
|
krebs.build.host = config.krebs.hosts.wolf;
|
||||||
@ -26,7 +27,7 @@ with lib;
|
|||||||
krebs.build.source = {
|
krebs.build.source = {
|
||||||
git.nixpkgs = {
|
git.nixpkgs = {
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
url = https://github.com/NixOS/nixpkgs;
|
||||||
rev = "e916273209560b302ab231606babf5ce1c481f08";
|
rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
|
||||||
};
|
};
|
||||||
dir.secrets = {
|
dir.secrets = {
|
||||||
host = config.krebs.current.host;
|
host = config.krebs.current.host;
|
||||||
|
41
shared/2configs/collectd-base.nix
Normal file
41
shared/2configs/collectd-base.nix
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
# TODO: krebs.collectd.plugins
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
connect-time-cfg = with pkgs; writeText "collectd-connect-time.conf" ''
|
||||||
|
LoadPlugin python
|
||||||
|
<Plugin python>
|
||||||
|
ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/"
|
||||||
|
Import "collectd_connect_time"
|
||||||
|
<Module collectd_connect_time>
|
||||||
|
target "localhost:22" "google.com" "google.de" "gum.retiolum:22" "gum.krebsco.de" "heidi.shack:22" "10.42.0.1:22" "heise.de" "t-online.de"
|
||||||
|
interval 10
|
||||||
|
</Module>
|
||||||
|
</Plugin>
|
||||||
|
'';
|
||||||
|
graphite-cfg = pkgs.writeText "collectd-graphite.conf" ''
|
||||||
|
LoadPlugin write_graphite
|
||||||
|
<Plugin "write_graphite">
|
||||||
|
<Carbon>
|
||||||
|
Host "heidi.shack"
|
||||||
|
Port "2003"
|
||||||
|
Prefix "retiolum."
|
||||||
|
EscapeCharacter "_"
|
||||||
|
StoreRates false
|
||||||
|
AlwaysAppendDS false
|
||||||
|
</Carbon>
|
||||||
|
</Plugin>
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
imports = [ ];
|
||||||
|
|
||||||
|
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
|
||||||
|
collectd = pkgs.collectd.override { python= pkgs.python; };
|
||||||
|
};
|
||||||
|
services.collectd = {
|
||||||
|
enable = true;
|
||||||
|
include = [ (toString connect-time-cfg) (toString graphite-cfg) ];
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user