diff --git a/makefu/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix similarity index 68% rename from makefu/3modules/airdcpp.nix rename to krebs/3modules/airdcpp.nix index 5250ee67a..1633840f7 100644 --- a/makefu/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -1,10 +1,10 @@ { config, lib, pkgs, ... }: with import ; #genid let - cfg = config.makefu.airdcpp; + cfg = config.krebs.airdcpp; out = { - options.makefu.airdcpp = api; + options.krebs.airdcpp = api; config = lib.mkIf cfg.enable imp; }; @@ -18,7 +18,7 @@ let user = mkOption { description = '' - user which will run udpt. if kept default a new user will be created + user which will run airdcpp. if kept default a new user will be created ''; type = str; default = "airdcpp"; @@ -37,7 +37,54 @@ let type = str; default = "/var/lib/airdcpp"; }; + hubs = mkOption { + type = attrsOf (submodule ( { config, ... }: { + options = { + Nick = mkOption { + description = '' + Nick Name for hub + ''; + type = str; + default = cfg.Nick; + }; + Password = mkOption { + description = '' + Password to be used + + WARNING: will be stored in plain text in /nix/store + ''; + type = str; + default = ""; + apply = lib.removeSuffix "\n"; + }; + Server = mkOption { + description = '' + URL to the hub (must be provided) + ''; + type = str; + }; + AutoConnect = mkOption { + description = '' + automatically connect to the hub + ''; + type = bool; + default = false; + }; + }; + })); + description = "hubs which should be configured via Favorites.xml, + Options are only used if no initial Favorites.xml file is provided and none exists"; + default = {}; + }; + initialFavoritesConfigFile = mkOption { + description = '' + path inital Favorites.xml configuration if none exists + ''; + type = nullOr path; + default = null; + }; dcpp = { + # entries in DCPlusPlus.xml Nick = mkOption { description = '' Nick Name for connection @@ -70,6 +117,11 @@ let type = str; default = "100"; }; + DownloadDirectory = mkOption { + description = "Directory, where new files will be saved into"; + type = str; + default = "${cfg.stateDir}/Download"; + }; shares = mkOption { default = {}; type = attrsOf (submodule ( { config, ... }: { @@ -117,6 +169,7 @@ let password = mkOption { description = "password of user"; type = str; + apply = lib.removeSuffix "\n"; }; permissions = mkOption { description = "user permissions"; @@ -133,11 +186,6 @@ let genUsers = users: concatMapStringsSep "\n" (user: '''' ) (mapAttrsToList (name: val: val // { inherit name; }) users); - genShares = shares: concatMapStringsSep "\n" (share: - ''${share.path}'' ) - (mapAttrsToList (name: val: val // { inherit name; }) shares); webConfigFile = if (cfg.web.initialConfigFile == null) then builtins.trace "warning: airdcpp passwords are stored in plain text" pkgs.writeText "initial-config" '' @@ -149,16 +197,34 @@ let '' else cfg.web.initialConfigFile; + genHubs = hubs: concatMapStringsSep "\n" (hub: + '''' ) + (mapAttrsToList (name: val: val // { inherit name; }) hubs); + favoritesConfigFile = if (cfg.initialFavoritesConfigFile == null) then + builtins.trace "warning: airdcpp hub passwords are stored in plain text" pkgs.writeText "initial-config" '' + + + + ${genHubs cfg.hubs} + + + '' else cfg.initialFavoritesConfigFile; + genShares = shares: concatMapStringsSep "\n" (share: + ''${share.path}'' ) + (mapAttrsToList (name: val: val // { inherit name; }) shares); dcppConfigFile = if (cfg.dcpp.initialConfigFile == null) then pkgs.writeText "initial-config" '' ${cfg.dcpp.Nick} - ${cfg.package.version} ${toString cfg.dcpp.InPort} ${toString cfg.dcpp.UDPPort} ${toString cfg.dcpp.TLSPort} - 0 + ${cfg.dcpp.DownloadDirectory} 0 1 0 @@ -187,6 +253,8 @@ let test -e $d || install -m700 -o${cfg.user} ${webConfigFile} $d d=${cfg.stateDir}/DCPlusPlus.xml test -e $d || install -m700 -o${cfg.user} ${dcppConfigFile} $d + d=${cfg.stateDir}/Favorites.xml + test -e $d || install -m700 -o${cfg.user} ${favoritesConfigFile} $d ''; PermissionsStartOnly = true; ExecStart = "${cfg.package}/bin/airdcppd -c=${cfg.stateDir} -p=${cfg.stateDir}/airdcpp.pid"; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 41b701cd0..6307649e3 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -6,6 +6,7 @@ let out = { imports = [ + ./airdcpp.nix ./announce-activation.nix ./apt-cacher-ng.nix ./backup.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 454f9bc65..e2152ea1a 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -4,7 +4,9 @@ with import ; ## generate keys with: # tinc generate-keys # ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host -{ +let + pub-for = name: builtins.readFile (./ssh + "/${name}.pub"); +in { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { cake = rec { cores = 4; @@ -590,6 +592,8 @@ with import ; "cache.gum.r" "logs.makefu.r" "stats.makefu.r" + "backup.makefu.r" + "dcpp.nextgum.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -654,6 +658,7 @@ with import ; "wiki.gum.r" "blog.makefu.r" "blog.gum.r" + "dcpp.gum.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -1099,48 +1104,48 @@ with import ; users = rec { makefu = { mail = "makefu@x.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x"; + pubkey = pub-for "makefu.x"; pgp.pubkeys.default = builtins.readFile ./pgp/default.asc; pgp.pubkeys.brain = builtins.readFile ./pgp/brain.asc; }; makefu-omo = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch"; + pubkey = pub-for "makefu.omo"; }; makefu-tsp = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp"; + pubkey = pub-for "makefu.tsp"; }; makefu-vbob = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob"; + pubkey = pub-for "makefu.vbob"; }; makefu-tempx = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum"; + pubkey = pub-for "makefu.tempx"; }; makefu-android = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x"; + pubkey = pub-for "makefu.android"; }; makefu-remote-builder = { inherit (makefu) mail pgp; - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild"; + pubkey = pub-for "makefu.remote-builder"; }; makefu-bob = { inherit (makefu) mail pgp; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD"; + pubkey = pub-for "makefu.bob"; }; ciko = { mail = "wieczorek.stefan@googlemail.com"; }; ulrich = { - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de"; + pubkey = pub-for "ulrich"; mail = "shackspace.de@myvdr.de"; }; exco = { mail = "dickbutt@excogitation.de"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de"; + pubkey = pub-for "exco"; }; }; } diff --git a/krebs/3modules/makefu/ssh/exco.pub b/krebs/3modules/makefu/ssh/exco.pub new file mode 100644 index 000000000..cab884c0c --- /dev/null +++ b/krebs/3modules/makefu/ssh/exco.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de diff --git a/krebs/3modules/makefu/ssh/makefu.android.pub b/krebs/3modules/makefu/ssh/makefu.android.pub new file mode 100644 index 000000000..2bef2442a --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.android.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x diff --git a/krebs/3modules/makefu/ssh/makefu.bob.pub b/krebs/3modules/makefu/ssh/makefu.bob.pub new file mode 100644 index 000000000..bc8718978 --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.bob.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD diff --git a/krebs/3modules/makefu/ssh/makefu.omo.pub b/krebs/3modules/makefu/ssh/makefu.omo.pub new file mode 100644 index 000000000..5567040fb --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.omo.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch diff --git a/krebs/3modules/makefu/ssh/makefu.remote-builder.pub b/krebs/3modules/makefu/ssh/makefu.remote-builder.pub new file mode 100644 index 000000000..ad49f380a --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.remote-builder.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild diff --git a/krebs/3modules/makefu/ssh/makefu.tempx.pub b/krebs/3modules/makefu/ssh/makefu.tempx.pub new file mode 100644 index 000000000..48d90040f --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.tempx.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum diff --git a/krebs/3modules/makefu/ssh/makefu.tsp.pub b/krebs/3modules/makefu/ssh/makefu.tsp.pub new file mode 100644 index 000000000..9a9c9b6f8 --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.tsp.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp diff --git a/krebs/3modules/makefu/ssh/makefu.vbob.pub b/krebs/3modules/makefu/ssh/makefu.vbob.pub new file mode 100644 index 000000000..c49714e24 --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.vbob.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob diff --git a/krebs/3modules/makefu/ssh/makefu.x.pub b/krebs/3modules/makefu/ssh/makefu.x.pub new file mode 100644 index 000000000..74b130f56 --- /dev/null +++ b/krebs/3modules/makefu/ssh/makefu.x.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x diff --git a/krebs/3modules/makefu/ssh/ulrich.pub b/krebs/3modules/makefu/ssh/ulrich.pub new file mode 100644 index 000000000..88313ee7c --- /dev/null +++ b/krebs/3modules/makefu/ssh/ulrich.pub @@ -0,0 +1 @@ +AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de diff --git a/makefu/5pkgs/airdcpp-webclient/default.nix b/krebs/5pkgs/simple/airdcpp-webclient/default.nix similarity index 82% rename from makefu/5pkgs/airdcpp-webclient/default.nix rename to krebs/5pkgs/simple/airdcpp-webclient/default.nix index 361a7da65..2bc6cdca9 100644 --- a/makefu/5pkgs/airdcpp-webclient/default.nix +++ b/krebs/5pkgs/simple/airdcpp-webclient/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl +{ stdenv, fetchurl, makeWrapper, which }: stdenv.mkDerivation rec { name = "airdcpp-webclient-${version}"; @@ -13,8 +13,9 @@ stdenv.mkDerivation rec { installPhase = '' mkdir -p $out/{share,bin} cp -r * $out/share - ln -s $out/share/airdcppd $out/bin/ + makeWrapper $out/share/airdcppd $out/bin/airdcppd --prefix PATH ${which}/bin ''; + nativeBuildInputs = [ makeWrapper ]; meta = with stdenv.lib; { # to start it: airdcpp -p= -c= --configure diff --git a/makefu/0tests/data/secrets/airdcpp-makefu.pw b/makefu/0tests/data/secrets/airdcpp-makefu.pw new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/0tests/data/secrets/krebshub.pw b/makefu/0tests/data/secrets/krebshub.pw new file mode 100644 index 000000000..e69de29bb diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix index db22cf9b8..64516fa98 100644 --- a/makefu/1systems/nextgum/config.nix +++ b/makefu/1systems/nextgum/config.nix @@ -25,11 +25,12 @@ in { - + # # services + # sharing @@ -73,6 +74,7 @@ in { # # + # @@ -94,6 +96,7 @@ in { + # ## Temporary: diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix index 944210701..bfe29b46c 100644 --- a/makefu/1systems/nextgum/hardware-config.nix +++ b/makefu/1systems/nextgum/hardware-config.nix @@ -41,11 +41,12 @@ in { boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.devices = [ main-disk ]; + boot.initrd.kernelModules = [ "dm-raid" ]; boot.initrd.availableKernelModules = [ "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" "xhci_pci" "ehci_pci" "ahci" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" "dm-raid" "dm_thin_pool" ]; + boot.kernelModules = [ "kvm-intel" ]; hardware.enableRedistributableFirmware = true; fileSystems."/" = { device = "/dev/mapper/nixos-root"; @@ -59,6 +60,10 @@ in { device = "/dev/mapper/nixos-download"; fsType = "ext4"; }; + fileSystems."/var/lib/borgbackup" = { + device = "/dev/mapper/nixos-backup"; + fsType = "ext4"; + }; fileSystems."/boot" = { device = "/dev/sda2"; fsType = "vfat"; @@ -79,8 +84,12 @@ in { #vgcreate nixos /dev/sda3 /dev/sdb1 #lvcreate -L 120G -m 1 -n root nixos #lvcreate -L 50G -m 1 -n lib nixos - #lvcreate -L 50G -n download nixos + #lvcreate -L 100G -n download nixos + #lvcreate -L 100G -n backup nixos #mkfs.ext4 /dev/mapper/nixos-root + #mkfs.ext4 /dev/mapper/nixos-lib + #mkfs.ext4 /dev/mapper/nixos-download + #mkfs.ext4 /dev/mapper/nixos-borgbackup #mount /dev/mapper/nixos-root /mnt #mkdir /mnt/boot #mount /dev/sda2 /mnt/boot diff --git a/makefu/2configs/dcpp/airdcpp.nix b/makefu/2configs/dcpp/airdcpp.nix new file mode 100644 index 000000000..fe05effd9 --- /dev/null +++ b/makefu/2configs/dcpp/airdcpp.nix @@ -0,0 +1,48 @@ +{ config, ... }: +{ + krebs.airdcpp = { + enable = true; + extraGroups = [ "download" ]; + web.port = 5600; + web.users.makefu.password = builtins.readFile ; # watch out for newline! + hubs."krebshub" = + { Nick = "makefu-${config.krebs.build.host.name}"; + Password = builtins.readFile ; + Server = "adcs://hub.nsupdate.info:411"; + AutoConnect = true; + }; + dcpp = { + shares = { + # Incoming must be writeable! + incoming = { path = config.makefu.dl-dir + "/finished/dcpp"; incoming = true; }; + audiobooks.path = config.makefu.dl-dir + "/finished/audiobooks"; + }; + Nick = "makefu"; + DownloadSpeed = "1000"; + UploadSpeed = "1000"; + }; + }; + networking.firewall.allowedTCPPorts = + [ config.krebs.airdcpp.dcpp.InPort + config.krebs.airdcpp.dcpp.TLSPort + ]; + networking.firewall.allowedUDPPorts = [ config.krebs.airdcpp.dcpp.UDPPort ]; + + services.nginx.virtualHosts."dcpp.${config.krebs.build.host.name}.r".locations."/" = + { proxyPass = "http://localhost:${toString config.krebs.airdcpp.web.port}/"; + + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + gzip_types text/plain application/javascript; + + # Proxy websockets + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + ''; + }; + +} diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 6192a92a5..61cba86d9 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -10,14 +10,27 @@ with import ; } ./editor/vim.nix ./binary-cache/nixos.nix + ./minimal.nix ]; + # users are super important + users.users = { + root = { + openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; + }; + makefu = { + uid = 9001; + group = "users"; + home = "/home/makefu"; + createHome = true; + useDefaultShell = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; + }; + }; + boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - programs.command-not-found.enable = false; - - nix.package = pkgs.nixUnstable; - nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); krebs = { enable = true; @@ -27,90 +40,23 @@ with import ; build.user = config.krebs.users.makefu; }; - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; - }; - makefu = { - uid = 9001; - group = "users"; - home = "/home/makefu"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "wheel" - ]; - openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; - }; - }; - networking.hostName = config.krebs.build.host.name; - nix.maxJobs = 2; - nix.buildCores = config.krebs.build.host.cores; - time.timeZone = "Europe/Berlin"; - - programs.ssh = { - startAgent = false; - }; - services.openssh.enable = true; - nix.useSandbox = true; - - users.mutableUsers = false; boot.tmpOnTmpfs = true; - - networking.firewall.rejectPackets = true; - networking.firewall.allowPing = true; - systemd.tmpfiles.rules = [ "d /tmp 1777 root root - -" ]; - nix.nixPath = [ "/var/src" ]; - environment.variables = let - ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - in { - NIX_PATH = mkForce "/var/src"; - EDITOR = mkForce "vim"; - CURL_CA_BUNDLE = ca-bundle; - GIT_SSL_CAINFO = ca-bundle; - SSL_CERT_FILE = ca-bundle; - }; environment.systemPackages = with pkgs; [ jq git - get gnumake rxvt_unicode.terminfo htop ]; - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE - - PYTHONSTARTUP="~/.pythonrc"; - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - ''; - - promptInit = '' - case $UID in - 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;; - 9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;; - *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;; - esac - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - fi - ''; - }; + programs.bash.enableCompletion = true; environment.shellAliases = { # TODO: see .aliases @@ -126,12 +72,6 @@ with import ; tinc = pkgs.tinc_pre; }; - networking.timeServers = [ - "pool.ntp.org" - "time.windows.com" - "time.apple.com" - "time.nist.gov" - ]; nix.extraOptions = '' auto-optimise-store = true @@ -145,26 +85,5 @@ with import ; SystemMaxUse=1G RuntimeMaxUse=128M ''; - # Enable IPv6 Privacy Extensions - boot.kernel.sysctl = { - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; - }; - i18n = { - consoleKeyMap = "us"; - defaultLocale = "en_US.UTF-8"; - }; - # suppress chrome autit event messages - security.audit = { - rules = [ - "-a task,never" - ]; - }; - system.activationScripts.state = optionalString (config.state != []) '' - cat << EOF - This machine is burdened with state: - ${concatMapStringsSep "\n" (d: "* ${d}") config.state} - EOF - ''; } diff --git a/makefu/2configs/minimal.nix b/makefu/2configs/minimal.nix new file mode 100644 index 000000000..d764e5624 --- /dev/null +++ b/makefu/2configs/minimal.nix @@ -0,0 +1,88 @@ +{ lib, pkgs, config, ... }: +# minimal subset of sane configuration for stockholm +{ + # nobody needs this + programs.command-not-found.enable = false; + + # the only true timezone (even after the the removal of DST) + time.timeZone = "Europe/Berlin"; + + networking.hostName = config.krebs.build.host.name; + nix.buildCores = config.krebs.build.host.cores; + + # we use gpg if necessary (or nothing at all) + programs.ssh.startAgent = false; + + # all boxes look the same + nix.useSandbox = true; + # we configure users via nix + users.mutableUsers = false; + + # sane firewalling + networking.firewall.rejectPackets = true; + networking.firewall.allowPing = true; + + # openssh all the way down + services.openssh.enable = true; + + # we use stockholm via populate + nix.nixPath = [ "/var/src" ]; + + environment.variables = let + ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + in { + NIX_PATH = lib.mkForce "/var/src"; + EDITOR = lib.mkForce "vim"; + CURL_CA_BUNDLE = ca-bundle; + GIT_SSL_CAINFO = ca-bundle; + SSL_CERT_FILE = ca-bundle; + }; + + programs.bash = { + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=900001 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + ''; + + promptInit = '' + case $UID in + 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;; + 9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;; + *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;; + esac + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + fi + ''; + }; + + # trust the cool guys + networking.timeServers = [ + "pool.ntp.org" + "time.nist.gov" + ]; + + # the only locale you will ever need + i18n = { + consoleKeyMap = "us"; + defaultLocale = "en_US.UTF-8"; + }; + + # suppress chrome autit event messages + security.audit = { + rules = [ + "-a task,never" + ]; + }; + + # Enable IPv6 Privacy Extensions + boot.kernel.sysctl = { + "net.ipv6.conf.all.use_tempaddr" = 2; + "net.ipv6.conf.default.use_tempaddr" = 2; + }; +} diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index f06ce3d53..7146174fb 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -2,17 +2,17 @@ _: { imports = [ - ./state.nix - ./populate.nix ./awesome-extra.nix ./deluge.nix ./forward-journal.nix ./opentracker.nix ./ps3netsrv.nix ./logging-config.nix + ./populate.nix ./sane-extra.nix ./server-config.nix ./snapraid.nix + ./state.nix ./torrent.nix ./udpt.nix ]; diff --git a/makefu/3modules/state.nix b/makefu/3modules/state.nix index 461b90152..a87f438fe 100644 --- a/makefu/3modules/state.nix +++ b/makefu/3modules/state.nix @@ -6,4 +6,11 @@ description = "state which is currently scattered on the machine"; default = []; }; + + config.system.activationScripts.state = lib.optionalString (config.state != []) '' + cat << EOF + This machine is burdened with state: + ${lib.concatMapStringsSep "\n" (d: "* ${d}") config.state} + EOF + ''; }