Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
d04fa53511
@ -1,10 +1,10 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
with import <stockholm/lib>; #genid
|
with import <stockholm/lib>; #genid
|
||||||
let
|
let
|
||||||
cfg = config.makefu.airdcpp;
|
cfg = config.krebs.airdcpp;
|
||||||
|
|
||||||
out = {
|
out = {
|
||||||
options.makefu.airdcpp = api;
|
options.krebs.airdcpp = api;
|
||||||
config = lib.mkIf cfg.enable imp;
|
config = lib.mkIf cfg.enable imp;
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -18,7 +18,7 @@ let
|
|||||||
|
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
user which will run udpt. if kept default a new user will be created
|
user which will run airdcpp. if kept default a new user will be created
|
||||||
'';
|
'';
|
||||||
type = str;
|
type = str;
|
||||||
default = "airdcpp";
|
default = "airdcpp";
|
||||||
@ -37,7 +37,54 @@ let
|
|||||||
type = str;
|
type = str;
|
||||||
default = "/var/lib/airdcpp";
|
default = "/var/lib/airdcpp";
|
||||||
};
|
};
|
||||||
|
hubs = mkOption {
|
||||||
|
type = attrsOf (submodule ( { config, ... }: {
|
||||||
|
options = {
|
||||||
|
Nick = mkOption {
|
||||||
|
description = ''
|
||||||
|
Nick Name for hub
|
||||||
|
'';
|
||||||
|
type = str;
|
||||||
|
default = cfg.Nick;
|
||||||
|
};
|
||||||
|
Password = mkOption {
|
||||||
|
description = ''
|
||||||
|
Password to be used
|
||||||
|
|
||||||
|
WARNING: will be stored in plain text in /nix/store
|
||||||
|
'';
|
||||||
|
type = str;
|
||||||
|
default = "";
|
||||||
|
apply = lib.removeSuffix "\n";
|
||||||
|
};
|
||||||
|
Server = mkOption {
|
||||||
|
description = ''
|
||||||
|
URL to the hub (must be provided)
|
||||||
|
'';
|
||||||
|
type = str;
|
||||||
|
};
|
||||||
|
AutoConnect = mkOption {
|
||||||
|
description = ''
|
||||||
|
automatically connect to the hub
|
||||||
|
'';
|
||||||
|
type = bool;
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}));
|
||||||
|
description = "hubs which should be configured via Favorites.xml,
|
||||||
|
Options are only used if no initial Favorites.xml file is provided and none exists";
|
||||||
|
default = {};
|
||||||
|
};
|
||||||
|
initialFavoritesConfigFile = mkOption {
|
||||||
|
description = ''
|
||||||
|
path inital Favorites.xml configuration if none exists
|
||||||
|
'';
|
||||||
|
type = nullOr path;
|
||||||
|
default = null;
|
||||||
|
};
|
||||||
dcpp = {
|
dcpp = {
|
||||||
|
# entries in DCPlusPlus.xml
|
||||||
Nick = mkOption {
|
Nick = mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
Nick Name for connection
|
Nick Name for connection
|
||||||
@ -70,6 +117,11 @@ let
|
|||||||
type = str;
|
type = str;
|
||||||
default = "100";
|
default = "100";
|
||||||
};
|
};
|
||||||
|
DownloadDirectory = mkOption {
|
||||||
|
description = "Directory, where new files will be saved into";
|
||||||
|
type = str;
|
||||||
|
default = "${cfg.stateDir}/Download";
|
||||||
|
};
|
||||||
shares = mkOption {
|
shares = mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
type = attrsOf (submodule ( { config, ... }: {
|
type = attrsOf (submodule ( { config, ... }: {
|
||||||
@ -117,6 +169,7 @@ let
|
|||||||
password = mkOption {
|
password = mkOption {
|
||||||
description = "password of user";
|
description = "password of user";
|
||||||
type = str;
|
type = str;
|
||||||
|
apply = lib.removeSuffix "\n";
|
||||||
};
|
};
|
||||||
permissions = mkOption {
|
permissions = mkOption {
|
||||||
description = "user permissions";
|
description = "user permissions";
|
||||||
@ -133,11 +186,6 @@ let
|
|||||||
genUsers = users: concatMapStringsSep "\n" (user:
|
genUsers = users: concatMapStringsSep "\n" (user:
|
||||||
''<WebUser Username="${user.name}" Password="${user.password}" LastLogin="0" Permissions="${user.permissions}"/>'' )
|
''<WebUser Username="${user.name}" Password="${user.password}" LastLogin="0" Permissions="${user.permissions}"/>'' )
|
||||||
(mapAttrsToList (name: val: val // { inherit name; }) users);
|
(mapAttrsToList (name: val: val // { inherit name; }) users);
|
||||||
genShares = shares: concatMapStringsSep "\n" (share:
|
|
||||||
''<Directory Virtual="stockholm" Incoming="${
|
|
||||||
if share.incoming then "1" else "0"
|
|
||||||
}" LastRefreshTime="0">${share.path}</Directory>'' )
|
|
||||||
(mapAttrsToList (name: val: val // { inherit name; }) shares);
|
|
||||||
webConfigFile = if (cfg.web.initialConfigFile == null) then builtins.trace "warning: airdcpp passwords are stored in plain text" pkgs.writeText "initial-config" ''
|
webConfigFile = if (cfg.web.initialConfigFile == null) then builtins.trace "warning: airdcpp passwords are stored in plain text" pkgs.writeText "initial-config" ''
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<WebServer>
|
<WebServer>
|
||||||
@ -149,16 +197,34 @@ let
|
|||||||
</WebUsers>
|
</WebUsers>
|
||||||
</WebServer>
|
</WebServer>
|
||||||
'' else cfg.web.initialConfigFile;
|
'' else cfg.web.initialConfigFile;
|
||||||
|
genHubs = hubs: concatMapStringsSep "\n" (hub:
|
||||||
|
''<Hub Name="${hub.name}" Connect="${
|
||||||
|
if hub.AutoConnect then "1" else "0"
|
||||||
|
}" Description="" Password="${hub.Password}" Server="${hub.Server}" ChatUserSplit="0" UserListState="1" HubFrameOrder="" HubFrameWidths="" HubFrameVisible="" Group="" Bottom="0" Top="0" Right="0" Left="0" Nick="${hub.Nick}"/>'' )
|
||||||
|
(mapAttrsToList (name: val: val // { inherit name; }) hubs);
|
||||||
|
favoritesConfigFile = if (cfg.initialFavoritesConfigFile == null) then
|
||||||
|
builtins.trace "warning: airdcpp hub passwords are stored in plain text" pkgs.writeText "initial-config" ''
|
||||||
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
|
<Favorites>
|
||||||
|
<Hubs>
|
||||||
|
${genHubs cfg.hubs}
|
||||||
|
</Hubs>
|
||||||
|
</Favorites>
|
||||||
|
'' else cfg.initialFavoritesConfigFile;
|
||||||
|
genShares = shares: concatMapStringsSep "\n" (share:
|
||||||
|
''<Directory Virtual="${share.name}" Incoming="${
|
||||||
|
if share.incoming then "1" else "0"
|
||||||
|
}" LastRefreshTime="0">${share.path}</Directory>'' )
|
||||||
|
(mapAttrsToList (name: val: val // { inherit name; }) shares);
|
||||||
dcppConfigFile = if (cfg.dcpp.initialConfigFile == null) then pkgs.writeText "initial-config" ''
|
dcppConfigFile = if (cfg.dcpp.initialConfigFile == null) then pkgs.writeText "initial-config" ''
|
||||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||||
<DCPlusPlus>
|
<DCPlusPlus>
|
||||||
<Settings>
|
<Settings>
|
||||||
<Nick type="string">${cfg.dcpp.Nick}</Nick>
|
<Nick type="string">${cfg.dcpp.Nick}</Nick>
|
||||||
<ConfigVersion type="string">${cfg.package.version}</ConfigVersion>
|
|
||||||
<InPort type="int">${toString cfg.dcpp.InPort}</InPort>
|
<InPort type="int">${toString cfg.dcpp.InPort}</InPort>
|
||||||
<UDPPort type="int">${toString cfg.dcpp.UDPPort}</UDPPort>
|
<UDPPort type="int">${toString cfg.dcpp.UDPPort}</UDPPort>
|
||||||
<TLSPort type="int">${toString cfg.dcpp.TLSPort}</TLSPort>
|
<TLSPort type="int">${toString cfg.dcpp.TLSPort}</TLSPort>
|
||||||
<ConfigBuildNumber type="int">0</ConfigBuildNumber>
|
<DownloadDirectory type="string">${cfg.dcpp.DownloadDirectory}</DownloadDirectory>
|
||||||
<AutoDetectIncomingConnection type="int">0</AutoDetectIncomingConnection>
|
<AutoDetectIncomingConnection type="int">0</AutoDetectIncomingConnection>
|
||||||
<NoIpOverride type="int">1</NoIpOverride>
|
<NoIpOverride type="int">1</NoIpOverride>
|
||||||
<WizardRunNew type="int">0</WizardRunNew>
|
<WizardRunNew type="int">0</WizardRunNew>
|
||||||
@ -187,6 +253,8 @@ let
|
|||||||
test -e $d || install -m700 -o${cfg.user} ${webConfigFile} $d
|
test -e $d || install -m700 -o${cfg.user} ${webConfigFile} $d
|
||||||
d=${cfg.stateDir}/DCPlusPlus.xml
|
d=${cfg.stateDir}/DCPlusPlus.xml
|
||||||
test -e $d || install -m700 -o${cfg.user} ${dcppConfigFile} $d
|
test -e $d || install -m700 -o${cfg.user} ${dcppConfigFile} $d
|
||||||
|
d=${cfg.stateDir}/Favorites.xml
|
||||||
|
test -e $d || install -m700 -o${cfg.user} ${favoritesConfigFile} $d
|
||||||
'';
|
'';
|
||||||
PermissionsStartOnly = true;
|
PermissionsStartOnly = true;
|
||||||
ExecStart = "${cfg.package}/bin/airdcppd -c=${cfg.stateDir} -p=${cfg.stateDir}/airdcpp.pid";
|
ExecStart = "${cfg.package}/bin/airdcppd -c=${cfg.stateDir} -p=${cfg.stateDir}/airdcpp.pid";
|
@ -6,6 +6,7 @@ let
|
|||||||
|
|
||||||
out = {
|
out = {
|
||||||
imports = [
|
imports = [
|
||||||
|
./airdcpp.nix
|
||||||
./announce-activation.nix
|
./announce-activation.nix
|
||||||
./apt-cacher-ng.nix
|
./apt-cacher-ng.nix
|
||||||
./backup.nix
|
./backup.nix
|
||||||
|
@ -4,7 +4,9 @@ with import <stockholm/lib>;
|
|||||||
## generate keys with:
|
## generate keys with:
|
||||||
# tinc generate-keys
|
# tinc generate-keys
|
||||||
# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
|
# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
|
||||||
{
|
let
|
||||||
|
pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
|
||||||
|
in {
|
||||||
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
|
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
|
||||||
cake = rec {
|
cake = rec {
|
||||||
cores = 4;
|
cores = 4;
|
||||||
@ -590,6 +592,8 @@ with import <stockholm/lib>;
|
|||||||
"cache.gum.r"
|
"cache.gum.r"
|
||||||
"logs.makefu.r"
|
"logs.makefu.r"
|
||||||
"stats.makefu.r"
|
"stats.makefu.r"
|
||||||
|
"backup.makefu.r"
|
||||||
|
"dcpp.nextgum.r"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
@ -654,6 +658,7 @@ with import <stockholm/lib>;
|
|||||||
"wiki.gum.r"
|
"wiki.gum.r"
|
||||||
"blog.makefu.r"
|
"blog.makefu.r"
|
||||||
"blog.gum.r"
|
"blog.gum.r"
|
||||||
|
"dcpp.gum.r"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
@ -1099,48 +1104,48 @@ with import <stockholm/lib>;
|
|||||||
users = rec {
|
users = rec {
|
||||||
makefu = {
|
makefu = {
|
||||||
mail = "makefu@x.r";
|
mail = "makefu@x.r";
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x";
|
pubkey = pub-for "makefu.x";
|
||||||
pgp.pubkeys.default = builtins.readFile ./pgp/default.asc;
|
pgp.pubkeys.default = builtins.readFile ./pgp/default.asc;
|
||||||
pgp.pubkeys.brain = builtins.readFile ./pgp/brain.asc;
|
pgp.pubkeys.brain = builtins.readFile ./pgp/brain.asc;
|
||||||
};
|
};
|
||||||
makefu-omo = {
|
makefu-omo = {
|
||||||
inherit (makefu) mail pgp;
|
inherit (makefu) mail pgp;
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch";
|
pubkey = pub-for "makefu.omo";
|
||||||
};
|
};
|
||||||
makefu-tsp = {
|
makefu-tsp = {
|
||||||
inherit (makefu) mail pgp;
|
inherit (makefu) mail pgp;
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp";
|
pubkey = pub-for "makefu.tsp";
|
||||||
};
|
};
|
||||||
makefu-vbob = {
|
makefu-vbob = {
|
||||||
inherit (makefu) mail pgp;
|
inherit (makefu) mail pgp;
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob";
|
pubkey = pub-for "makefu.vbob";
|
||||||
};
|
};
|
||||||
makefu-tempx = {
|
makefu-tempx = {
|
||||||
inherit (makefu) mail pgp;
|
inherit (makefu) mail pgp;
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum";
|
pubkey = pub-for "makefu.tempx";
|
||||||
};
|
};
|
||||||
makefu-android = {
|
makefu-android = {
|
||||||
inherit (makefu) mail pgp;
|
inherit (makefu) mail pgp;
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x";
|
pubkey = pub-for "makefu.android";
|
||||||
};
|
};
|
||||||
makefu-remote-builder = {
|
makefu-remote-builder = {
|
||||||
inherit (makefu) mail pgp;
|
inherit (makefu) mail pgp;
|
||||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild";
|
pubkey = pub-for "makefu.remote-builder";
|
||||||
};
|
};
|
||||||
makefu-bob = {
|
makefu-bob = {
|
||||||
inherit (makefu) mail pgp;
|
inherit (makefu) mail pgp;
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";
|
pubkey = pub-for "makefu.bob";
|
||||||
};
|
};
|
||||||
ciko = {
|
ciko = {
|
||||||
mail = "wieczorek.stefan@googlemail.com";
|
mail = "wieczorek.stefan@googlemail.com";
|
||||||
};
|
};
|
||||||
ulrich = {
|
ulrich = {
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de";
|
pubkey = pub-for "ulrich";
|
||||||
mail = "shackspace.de@myvdr.de";
|
mail = "shackspace.de@myvdr.de";
|
||||||
};
|
};
|
||||||
exco = {
|
exco = {
|
||||||
mail = "dickbutt@excogitation.de";
|
mail = "dickbutt@excogitation.de";
|
||||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de";
|
pubkey = pub-for "exco";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
1
krebs/3modules/makefu/ssh/exco.pub
Normal file
1
krebs/3modules/makefu/ssh/exco.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de
|
1
krebs/3modules/makefu/ssh/makefu.android.pub
Normal file
1
krebs/3modules/makefu/ssh/makefu.android.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x
|
1
krebs/3modules/makefu/ssh/makefu.bob.pub
Normal file
1
krebs/3modules/makefu/ssh/makefu.bob.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD
|
1
krebs/3modules/makefu/ssh/makefu.omo.pub
Normal file
1
krebs/3modules/makefu/ssh/makefu.omo.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch
|
1
krebs/3modules/makefu/ssh/makefu.remote-builder.pub
Normal file
1
krebs/3modules/makefu/ssh/makefu.remote-builder.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild
|
1
krebs/3modules/makefu/ssh/makefu.tempx.pub
Normal file
1
krebs/3modules/makefu/ssh/makefu.tempx.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum
|
1
krebs/3modules/makefu/ssh/makefu.tsp.pub
Normal file
1
krebs/3modules/makefu/ssh/makefu.tsp.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp
|
1
krebs/3modules/makefu/ssh/makefu.vbob.pub
Normal file
1
krebs/3modules/makefu/ssh/makefu.vbob.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob
|
1
krebs/3modules/makefu/ssh/makefu.x.pub
Normal file
1
krebs/3modules/makefu/ssh/makefu.x.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x
|
1
krebs/3modules/makefu/ssh/ulrich.pub
Normal file
1
krebs/3modules/makefu/ssh/ulrich.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de
|
@ -1,4 +1,4 @@
|
|||||||
{ stdenv, fetchurl
|
{ stdenv, fetchurl, makeWrapper, which
|
||||||
}:
|
}:
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "airdcpp-webclient-${version}";
|
name = "airdcpp-webclient-${version}";
|
||||||
@ -13,8 +13,9 @@ stdenv.mkDerivation rec {
|
|||||||
installPhase = ''
|
installPhase = ''
|
||||||
mkdir -p $out/{share,bin}
|
mkdir -p $out/{share,bin}
|
||||||
cp -r * $out/share
|
cp -r * $out/share
|
||||||
ln -s $out/share/airdcppd $out/bin/
|
makeWrapper $out/share/airdcppd $out/bin/airdcppd --prefix PATH ${which}/bin
|
||||||
'';
|
'';
|
||||||
|
nativeBuildInputs = [ makeWrapper ];
|
||||||
|
|
||||||
meta = with stdenv.lib; {
|
meta = with stdenv.lib; {
|
||||||
# to start it: airdcpp -p=<pid-file> -c=<config-store-path (must be writeable)> --configure
|
# to start it: airdcpp -p=<pid-file> -c=<config-store-path (must be writeable)> --configure
|
0
makefu/0tests/data/secrets/airdcpp-makefu.pw
Normal file
0
makefu/0tests/data/secrets/airdcpp-makefu.pw
Normal file
0
makefu/0tests/data/secrets/krebshub.pw
Normal file
0
makefu/0tests/data/secrets/krebshub.pw
Normal file
@ -25,11 +25,12 @@ in {
|
|||||||
|
|
||||||
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
|
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
|
||||||
<stockholm/makefu/2configs/backup.nix>
|
<stockholm/makefu/2configs/backup.nix>
|
||||||
<stockholm/makefu/2configs/exim-retiolum.nix>
|
# <stockholm/makefu/2configs/exim-retiolum.nix>
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||||
|
|
||||||
# services
|
# services
|
||||||
<stockholm/makefu/2configs/sabnzbd.nix>
|
<stockholm/makefu/2configs/sabnzbd.nix>
|
||||||
|
<stockholm/makefu/2configs/mail/mail.euer.nix>
|
||||||
|
|
||||||
# sharing
|
# sharing
|
||||||
<stockholm/makefu/2configs/share/gum.nix>
|
<stockholm/makefu/2configs/share/gum.nix>
|
||||||
@ -73,6 +74,7 @@ in {
|
|||||||
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
#<stockholm/makefu/2configs/nginx/update.connector.one.nix>
|
||||||
#<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
|
#<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
|
||||||
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
|
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
|
||||||
|
<stockholm/makefu/2configs/nginx/iso.euer.nix>
|
||||||
<stockholm/makefu/2configs/deployment/events-publisher>
|
<stockholm/makefu/2configs/deployment/events-publisher>
|
||||||
|
|
||||||
#<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
|
#<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
|
||||||
@ -94,6 +96,7 @@ in {
|
|||||||
|
|
||||||
|
|
||||||
<stockholm/makefu/2configs/stats/client.nix>
|
<stockholm/makefu/2configs/stats/client.nix>
|
||||||
|
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
||||||
# <stockholm/makefu/2configs/logging/client.nix>
|
# <stockholm/makefu/2configs/logging/client.nix>
|
||||||
|
|
||||||
## Temporary:
|
## Temporary:
|
||||||
|
@ -41,11 +41,12 @@ in {
|
|||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.version = 2;
|
boot.loader.grub.version = 2;
|
||||||
boot.loader.grub.devices = [ main-disk ];
|
boot.loader.grub.devices = [ main-disk ];
|
||||||
|
boot.initrd.kernelModules = [ "dm-raid" ];
|
||||||
boot.initrd.availableKernelModules = [
|
boot.initrd.availableKernelModules = [
|
||||||
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
|
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
|
||||||
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
|
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
|
||||||
];
|
];
|
||||||
boot.kernelModules = [ "kvm-intel" "dm-raid" "dm_thin_pool" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
hardware.enableRedistributableFirmware = true;
|
hardware.enableRedistributableFirmware = true;
|
||||||
fileSystems."/" = {
|
fileSystems."/" = {
|
||||||
device = "/dev/mapper/nixos-root";
|
device = "/dev/mapper/nixos-root";
|
||||||
@ -59,6 +60,10 @@ in {
|
|||||||
device = "/dev/mapper/nixos-download";
|
device = "/dev/mapper/nixos-download";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
fileSystems."/var/lib/borgbackup" = {
|
||||||
|
device = "/dev/mapper/nixos-backup";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
fileSystems."/boot" = {
|
fileSystems."/boot" = {
|
||||||
device = "/dev/sda2";
|
device = "/dev/sda2";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
@ -79,8 +84,12 @@ in {
|
|||||||
#vgcreate nixos /dev/sda3 /dev/sdb1
|
#vgcreate nixos /dev/sda3 /dev/sdb1
|
||||||
#lvcreate -L 120G -m 1 -n root nixos
|
#lvcreate -L 120G -m 1 -n root nixos
|
||||||
#lvcreate -L 50G -m 1 -n lib nixos
|
#lvcreate -L 50G -m 1 -n lib nixos
|
||||||
#lvcreate -L 50G -n download nixos
|
#lvcreate -L 100G -n download nixos
|
||||||
|
#lvcreate -L 100G -n backup nixos
|
||||||
#mkfs.ext4 /dev/mapper/nixos-root
|
#mkfs.ext4 /dev/mapper/nixos-root
|
||||||
|
#mkfs.ext4 /dev/mapper/nixos-lib
|
||||||
|
#mkfs.ext4 /dev/mapper/nixos-download
|
||||||
|
#mkfs.ext4 /dev/mapper/nixos-borgbackup
|
||||||
#mount /dev/mapper/nixos-root /mnt
|
#mount /dev/mapper/nixos-root /mnt
|
||||||
#mkdir /mnt/boot
|
#mkdir /mnt/boot
|
||||||
#mount /dev/sda2 /mnt/boot
|
#mount /dev/sda2 /mnt/boot
|
||||||
|
48
makefu/2configs/dcpp/airdcpp.nix
Normal file
48
makefu/2configs/dcpp/airdcpp.nix
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
krebs.airdcpp = {
|
||||||
|
enable = true;
|
||||||
|
extraGroups = [ "download" ];
|
||||||
|
web.port = 5600;
|
||||||
|
web.users.makefu.password = builtins.readFile <secrets/airdcpp-makefu.pw>; # watch out for newline!
|
||||||
|
hubs."krebshub" =
|
||||||
|
{ Nick = "makefu-${config.krebs.build.host.name}";
|
||||||
|
Password = builtins.readFile <secrets/krebshub.pw>;
|
||||||
|
Server = "adcs://hub.nsupdate.info:411";
|
||||||
|
AutoConnect = true;
|
||||||
|
};
|
||||||
|
dcpp = {
|
||||||
|
shares = {
|
||||||
|
# Incoming must be writeable!
|
||||||
|
incoming = { path = config.makefu.dl-dir + "/finished/dcpp"; incoming = true; };
|
||||||
|
audiobooks.path = config.makefu.dl-dir + "/finished/audiobooks";
|
||||||
|
};
|
||||||
|
Nick = "makefu";
|
||||||
|
DownloadSpeed = "1000";
|
||||||
|
UploadSpeed = "1000";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networking.firewall.allowedTCPPorts =
|
||||||
|
[ config.krebs.airdcpp.dcpp.InPort
|
||||||
|
config.krebs.airdcpp.dcpp.TLSPort
|
||||||
|
];
|
||||||
|
networking.firewall.allowedUDPPorts = [ config.krebs.airdcpp.dcpp.UDPPort ];
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."dcpp.${config.krebs.build.host.name}.r".locations."/" =
|
||||||
|
{ proxyPass = "http://localhost:${toString config.krebs.airdcpp.web.port}/";
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
gzip_types text/plain application/javascript;
|
||||||
|
|
||||||
|
# Proxy websockets
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
@ -10,14 +10,27 @@ with import <stockholm/lib>;
|
|||||||
}
|
}
|
||||||
./editor/vim.nix
|
./editor/vim.nix
|
||||||
./binary-cache/nixos.nix
|
./binary-cache/nixos.nix
|
||||||
|
./minimal.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# users are super important
|
||||||
|
users.users = {
|
||||||
|
root = {
|
||||||
|
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
||||||
|
};
|
||||||
|
makefu = {
|
||||||
|
uid = 9001;
|
||||||
|
group = "users";
|
||||||
|
home = "/home/makefu";
|
||||||
|
createHome = true;
|
||||||
|
useDefaultShell = true;
|
||||||
|
extraGroups = [ "wheel" ];
|
||||||
|
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
||||||
|
|
||||||
programs.command-not-found.enable = false;
|
|
||||||
|
|
||||||
nix.package = pkgs.nixUnstable;
|
|
||||||
|
|
||||||
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
|
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
|
||||||
krebs = {
|
krebs = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -27,90 +40,23 @@ with import <stockholm/lib>;
|
|||||||
build.user = config.krebs.users.makefu;
|
build.user = config.krebs.users.makefu;
|
||||||
};
|
};
|
||||||
|
|
||||||
users.extraUsers = {
|
|
||||||
root = {
|
|
||||||
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
|
||||||
};
|
|
||||||
makefu = {
|
|
||||||
uid = 9001;
|
|
||||||
group = "users";
|
|
||||||
home = "/home/makefu";
|
|
||||||
createHome = true;
|
|
||||||
useDefaultShell = true;
|
|
||||||
extraGroups = [
|
|
||||||
"wheel"
|
|
||||||
];
|
|
||||||
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.hostName = config.krebs.build.host.name;
|
|
||||||
nix.maxJobs = 2;
|
|
||||||
nix.buildCores = config.krebs.build.host.cores;
|
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
|
|
||||||
programs.ssh = {
|
|
||||||
startAgent = false;
|
|
||||||
};
|
|
||||||
services.openssh.enable = true;
|
|
||||||
nix.useSandbox = true;
|
|
||||||
|
|
||||||
users.mutableUsers = false;
|
|
||||||
|
|
||||||
boot.tmpOnTmpfs = true;
|
boot.tmpOnTmpfs = true;
|
||||||
|
|
||||||
networking.firewall.rejectPackets = true;
|
|
||||||
networking.firewall.allowPing = true;
|
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"d /tmp 1777 root root - -"
|
"d /tmp 1777 root root - -"
|
||||||
];
|
];
|
||||||
nix.nixPath = [ "/var/src" ];
|
|
||||||
environment.variables = let
|
|
||||||
ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
|
||||||
in {
|
|
||||||
NIX_PATH = mkForce "/var/src";
|
|
||||||
EDITOR = mkForce "vim";
|
|
||||||
CURL_CA_BUNDLE = ca-bundle;
|
|
||||||
GIT_SSL_CAINFO = ca-bundle;
|
|
||||||
SSL_CERT_FILE = ca-bundle;
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
jq
|
jq
|
||||||
git
|
git
|
||||||
get
|
|
||||||
gnumake
|
gnumake
|
||||||
rxvt_unicode.terminfo
|
rxvt_unicode.terminfo
|
||||||
htop
|
htop
|
||||||
];
|
];
|
||||||
|
|
||||||
programs.bash = {
|
programs.bash.enableCompletion = true;
|
||||||
enableCompletion = true;
|
|
||||||
interactiveShellInit = ''
|
|
||||||
HISTCONTROL='erasedups:ignorespace'
|
|
||||||
HISTSIZE=900001
|
|
||||||
HISTFILESIZE=$HISTSIZE
|
|
||||||
|
|
||||||
PYTHONSTARTUP="~/.pythonrc";
|
|
||||||
|
|
||||||
shopt -s checkhash
|
|
||||||
shopt -s histappend histreedit histverify
|
|
||||||
shopt -s no_empty_cmd_completion
|
|
||||||
'';
|
|
||||||
|
|
||||||
promptInit = ''
|
|
||||||
case $UID in
|
|
||||||
0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;;
|
|
||||||
9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;;
|
|
||||||
*) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;;
|
|
||||||
esac
|
|
||||||
if test -n "$SSH_CLIENT"; then
|
|
||||||
PS1='\[\033[35m\]\h'" $PS1"
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.shellAliases = {
|
environment.shellAliases = {
|
||||||
# TODO: see .aliases
|
# TODO: see .aliases
|
||||||
@ -126,12 +72,6 @@ with import <stockholm/lib>;
|
|||||||
tinc = pkgs.tinc_pre;
|
tinc = pkgs.tinc_pre;
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.timeServers = [
|
|
||||||
"pool.ntp.org"
|
|
||||||
"time.windows.com"
|
|
||||||
"time.apple.com"
|
|
||||||
"time.nist.gov"
|
|
||||||
];
|
|
||||||
|
|
||||||
nix.extraOptions = ''
|
nix.extraOptions = ''
|
||||||
auto-optimise-store = true
|
auto-optimise-store = true
|
||||||
@ -145,26 +85,5 @@ with import <stockholm/lib>;
|
|||||||
SystemMaxUse=1G
|
SystemMaxUse=1G
|
||||||
RuntimeMaxUse=128M
|
RuntimeMaxUse=128M
|
||||||
'';
|
'';
|
||||||
# Enable IPv6 Privacy Extensions
|
|
||||||
boot.kernel.sysctl = {
|
|
||||||
"net.ipv6.conf.all.use_tempaddr" = 2;
|
|
||||||
"net.ipv6.conf.default.use_tempaddr" = 2;
|
|
||||||
};
|
|
||||||
|
|
||||||
i18n = {
|
|
||||||
consoleKeyMap = "us";
|
|
||||||
defaultLocale = "en_US.UTF-8";
|
|
||||||
};
|
|
||||||
# suppress chrome autit event messages
|
|
||||||
security.audit = {
|
|
||||||
rules = [
|
|
||||||
"-a task,never"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
system.activationScripts.state = optionalString (config.state != []) ''
|
|
||||||
cat << EOF
|
|
||||||
This machine is burdened with state:
|
|
||||||
${concatMapStringsSep "\n" (d: "* ${d}") config.state}
|
|
||||||
EOF
|
|
||||||
'';
|
|
||||||
}
|
}
|
||||||
|
88
makefu/2configs/minimal.nix
Normal file
88
makefu/2configs/minimal.nix
Normal file
@ -0,0 +1,88 @@
|
|||||||
|
{ lib, pkgs, config, ... }:
|
||||||
|
# minimal subset of sane configuration for stockholm
|
||||||
|
{
|
||||||
|
# nobody needs this
|
||||||
|
programs.command-not-found.enable = false;
|
||||||
|
|
||||||
|
# the only true timezone (even after the the removal of DST)
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
networking.hostName = config.krebs.build.host.name;
|
||||||
|
nix.buildCores = config.krebs.build.host.cores;
|
||||||
|
|
||||||
|
# we use gpg if necessary (or nothing at all)
|
||||||
|
programs.ssh.startAgent = false;
|
||||||
|
|
||||||
|
# all boxes look the same
|
||||||
|
nix.useSandbox = true;
|
||||||
|
# we configure users via nix
|
||||||
|
users.mutableUsers = false;
|
||||||
|
|
||||||
|
# sane firewalling
|
||||||
|
networking.firewall.rejectPackets = true;
|
||||||
|
networking.firewall.allowPing = true;
|
||||||
|
|
||||||
|
# openssh all the way down
|
||||||
|
services.openssh.enable = true;
|
||||||
|
|
||||||
|
# we use stockholm via populate
|
||||||
|
nix.nixPath = [ "/var/src" ];
|
||||||
|
|
||||||
|
environment.variables = let
|
||||||
|
ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
|
in {
|
||||||
|
NIX_PATH = lib.mkForce "/var/src";
|
||||||
|
EDITOR = lib.mkForce "vim";
|
||||||
|
CURL_CA_BUNDLE = ca-bundle;
|
||||||
|
GIT_SSL_CAINFO = ca-bundle;
|
||||||
|
SSL_CERT_FILE = ca-bundle;
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.bash = {
|
||||||
|
interactiveShellInit = ''
|
||||||
|
HISTCONTROL='erasedups:ignorespace'
|
||||||
|
HISTSIZE=900001
|
||||||
|
HISTFILESIZE=$HISTSIZE
|
||||||
|
|
||||||
|
shopt -s checkhash
|
||||||
|
shopt -s histappend histreedit histverify
|
||||||
|
shopt -s no_empty_cmd_completion
|
||||||
|
'';
|
||||||
|
|
||||||
|
promptInit = ''
|
||||||
|
case $UID in
|
||||||
|
0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;;
|
||||||
|
9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;;
|
||||||
|
*) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;;
|
||||||
|
esac
|
||||||
|
if test -n "$SSH_CLIENT"; then
|
||||||
|
PS1='\[\033[35m\]\h'" $PS1"
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
# trust the cool guys
|
||||||
|
networking.timeServers = [
|
||||||
|
"pool.ntp.org"
|
||||||
|
"time.nist.gov"
|
||||||
|
];
|
||||||
|
|
||||||
|
# the only locale you will ever need
|
||||||
|
i18n = {
|
||||||
|
consoleKeyMap = "us";
|
||||||
|
defaultLocale = "en_US.UTF-8";
|
||||||
|
};
|
||||||
|
|
||||||
|
# suppress chrome autit event messages
|
||||||
|
security.audit = {
|
||||||
|
rules = [
|
||||||
|
"-a task,never"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Enable IPv6 Privacy Extensions
|
||||||
|
boot.kernel.sysctl = {
|
||||||
|
"net.ipv6.conf.all.use_tempaddr" = 2;
|
||||||
|
"net.ipv6.conf.default.use_tempaddr" = 2;
|
||||||
|
};
|
||||||
|
}
|
@ -2,17 +2,17 @@ _:
|
|||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./state.nix
|
|
||||||
./populate.nix
|
|
||||||
./awesome-extra.nix
|
./awesome-extra.nix
|
||||||
./deluge.nix
|
./deluge.nix
|
||||||
./forward-journal.nix
|
./forward-journal.nix
|
||||||
./opentracker.nix
|
./opentracker.nix
|
||||||
./ps3netsrv.nix
|
./ps3netsrv.nix
|
||||||
./logging-config.nix
|
./logging-config.nix
|
||||||
|
./populate.nix
|
||||||
./sane-extra.nix
|
./sane-extra.nix
|
||||||
./server-config.nix
|
./server-config.nix
|
||||||
./snapraid.nix
|
./snapraid.nix
|
||||||
|
./state.nix
|
||||||
./torrent.nix
|
./torrent.nix
|
||||||
./udpt.nix
|
./udpt.nix
|
||||||
];
|
];
|
||||||
|
@ -6,4 +6,11 @@
|
|||||||
description = "state which is currently scattered on the machine";
|
description = "state which is currently scattered on the machine";
|
||||||
default = [];
|
default = [];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
config.system.activationScripts.state = lib.optionalString (config.state != []) ''
|
||||||
|
cat << EOF
|
||||||
|
This machine is burdened with state:
|
||||||
|
${lib.concatMapStringsSep "\n" (d: "* ${d}") config.state}
|
||||||
|
EOF
|
||||||
|
'';
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user