Merge remote-tracking branch 'gum/master'

2018-04-21 13:03:18 +02:00 · 2018-04-21 13:03:18 +02:00 · d7320041b8
commit d7320041b8
parent 92f7e3e12b ee30fc920e
18 changed files with 155 additions and 50 deletions
--- a/krebs/1systems/onebutton/config.nix
+++ b/krebs/1systems/onebutton/config.nix
@ -0,0 +1,32 @@
+{ config, pkgs, lib, ... }:
+{
+  imports = [
+    <stockholm/krebs>
+  ];
+  # NixOS wants to enable GRUB by default
+  boot.loader.grub.enable = false;
+  # Enables the generation of /boot/extlinux/extlinux.conf
+  boot.loader.generic-extlinux-compatible.enable = true;
+
+  # !!! If your board is a Raspberry Pi 1, select this:
+  boot.kernelPackages = pkgs.linuxPackages_rpi;
+
+  nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
+  nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
+
+  # !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
+  # boot.kernelParams = ["cma=32M"];
+
+  fileSystems = {
+    "/boot" = {
+      device = "/dev/disk/by-label/NIXOS_BOOT";
+      fsType = "vfat";
+    };
+    "/" = {
+      device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+    };
+  };
+
+  swapDevices = [ { device = "/swapfile"; size = 1024; } ];
+}
--- a/krebs/1systems/onebutton/source.nix
+++ b/krebs/1systems/onebutton/source.nix
@ -0,0 +1,11 @@
+let
+  pkgs = import <nixpkgs> {};
+in import <stockholm/krebs/source.nix> {
+  name = "onebutton";
+  nixpkgs.file = pkgs.fetchFromGitHub {
+    owner = "nixos";
+    repo = "nixpkgs-channels";
+    rev = "6c064e6b"; # only binary cache for unstable arm6
+    sha256 = "0ssaaaaaaaaaaaawkgjk8c75mvhgn5z7g1dkb78r8vrih9428bb8";
+  };
+}
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@ -64,8 +64,10 @@ in {
      <stockholm/makefu/2configs/nginx/euer.test.nix>
      <stockholm/makefu/2configs/nginx/euer.wiki.nix>
      <stockholm/makefu/2configs/nginx/euer.blog.nix>
+      # <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
      <stockholm/makefu/2configs/nginx/public_html.nix>
      <stockholm/makefu/2configs/nginx/update.connector.one.nix>
+      <stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>

      <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
      <stockholm/makefu/2configs/deployment/graphs.nix>
@ -222,6 +224,8 @@ in {
          25
          # http
          80 443
+          # httptunnel
+          8080 8443
          # tinc
          655
          # tinc-shack
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@ -33,6 +33,9 @@ in {

      <stockholm/makefu/2configs/share/wbob.nix>
      <stockholm/makefu/2configs/bluetooth-mpd.nix>
+      {
+        users.users.makefu.extraGroups = [ "pulse" ];
+      }

      # Sensors
      <stockholm/makefu/2configs/stats/telegraf>
@ -121,6 +124,7 @@ in {
  networking.firewall.allowedTCPPorts = [
    655
    8081 #smokeping
+    8086 #influx
    49152
  ];
  networking.firewall.trustedInterfaces = [ "enp0s25" ];
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@ -141,15 +141,6 @@ with import <stockholm/lib>;
        # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
        hardware.bluetooth.enable = true;
      }
-      { # auto-mounting
-        services.udisks2.enable = true;
-        services.devmon.enable = true;
-        # services.gnome3.gvfs.enable = true;
-        users.users.makefu.packages = with pkgs;[
-          gvfs pcmanfm lxmenu-data
-        ];
-        environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
-      }

    ];

@ -170,6 +161,7 @@ with import <stockholm/lib>;

  networking.extraHosts = ''
    192.168.1.11  omo.local
+    80.92.65.53 www.wifionice.de wifionice.de
  '';
  # hard dependency because otherwise the device will not be unlocked
  boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
--- a/makefu/2configs/bluetooth-mpd.nix
+++ b/makefu/2configs/bluetooth-mpd.nix
@ -34,7 +34,7 @@ in {
    hardware.pulseaudio = {
      enable = true;
      package = pkgs.pulseaudioFull;
-  # systemWide = true;
+      # systemWide = true;
      support32Bit = true;
      zeroconf.discovery.enable = true;
      zeroconf.publish.enable = true;
@ -42,12 +42,13 @@ in {
        enable = true;
        # PULSE_SERVER=192.168.1.11 pavucontrol
        anonymousClients.allowAll = true;
+        anonymousClients.allowedIpRanges =  [ "127.0.0.1" "192.168.0.0/16" ];
      };
      configFile = pkgs.writeText "default.pa" ''
        load-module module-udev-detect
        load-module module-bluetooth-policy
        load-module module-bluetooth-discover
-        load-module module-native-protocol-unix
+        load-module module-native-protocol-unix auth-anonymous=1
        load-module module-always-sink
        load-module module-console-kit
        load-module module-systemd-login
@ -56,13 +57,15 @@ in {
        load-module module-filter-heuristics
        load-module module-filter-apply
        load-module module-switch-on-connect
+        #load-module module-bluez5-device
+        #load-module module-bluez5-discover
      '';
    };
-  # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
+    # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
    hardware.bluetooth.enable = true;
-  #hardware.bluetooth.extraConfig = ''
-  #  [general]
-  #  Enable=Source,Sink,Media,Socket
-  #'';
+    # environment.etc."bluetooth/audio.conf".text = ''
+    #   [General]
+    #   Enable = Source,Sink,Media,Socket
+    # '';
  };
 }
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@ -30,6 +30,7 @@ let
    euer_blog = { };
    ampel = { };
    europastats = { };
+    arafetch = { };
    init-stockholm = {
      cgit.desc = "Init stuff for stockholm";
    };
--- a/makefu/2configs/gui/automatic-diskmount.nix
+++ b/makefu/2configs/gui/automatic-diskmount.nix
@ -0,0 +1,44 @@
+{ pkgs, ... }:
+with import <stockholm/lib>; #genid
+{ # auto-mounting via polkit
+  services.udisks2.enable = true;
+## automount all disks:
+# services.devmon.enable = true;
+# services.gnome3.gvfs.enable = true;
+  users.groups.storage = {
+    gid = genid "storage";
+    members = [ "makefu" ];
+  };
+  users.users.makefu.packages = with pkgs;[
+    gvfs pcmanfm lxmenu-data
+  ];
+  environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
+
+## allow users in group "storage" to mount disk
+# https://github.com/coldfix/udiskie/wiki/Permissions
+  security.polkit.extraConfig =
+    ''
+    polkit.addRule(function(action, subject) {
+        var YES = polkit.Result.YES;
+        var permission = {
+        "org.freedesktop.udisks.filesystem-mount": YES,
+        "org.freedesktop.udisks.luks-unlock": YES,
+        "org.freedesktop.udisks.drive-eject": YES,
+        "org.freedesktop.udisks.drive-detach": YES,
+        "org.freedesktop.udisks2.filesystem-mount": YES,
+        "org.freedesktop.udisks2.encrypted-unlock": YES,
+        "org.freedesktop.udisks2.eject-media": YES,
+        "org.freedesktop.udisks2.power-off-drive": YES,
+        "org.freedesktop.udisks2.filesystem-mount-other-seat": YES,
+        "org.freedesktop.udisks2.filesystem-unmount-others": YES,
+        "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
+        "org.freedesktop.udisks2.eject-media-other-seat": YES,
+        "org.freedesktop.udisks2.power-off-drive-other-seat": YES
+        };
+        if (subject.isInGroup("storage")) {
+        return permission[action.id];
+        }
+    });
+  '';
+
+}
--- a/makefu/2configs/hydra/stockholm.nix
+++ b/makefu/2configs/hydra/stockholm.nix
@ -5,7 +5,6 @@
 {

  # TODO postgres backup
-  services.postgresql.enable = true;

  services.hydra = {
    enable = true;
--- a/makefu/2configs/main-laptop.nix
+++ b/makefu/2configs/main-laptop.nix
@ -16,6 +16,7 @@ in {
    ./zsh-user.nix
    ./tools/core.nix
    ./tools/core-gui.nix
+    ./gui/automatic-diskmount.nix
  ];

  users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ];
--- a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix
+++ b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix
@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+{
+  services.nginx = {
+    enable = lib.mkDefault true;
+    virtualHosts."misa-felix-hochzeit.ml" = {
+      serverAliases = [ "www.misa-felix-hochzeit.ml" "misa-felix.ml" "www.misa-felix.ml" ];
+      forceSSL = true;
+      enableACME = true;
+      locations = {
+        "/" = {
+          index = "index.html";
+          root =  "/var/www/misa-felix-hochzeit.ml";
+        };
+      };
+    };
+  };
+}
--- a/makefu/2configs/remote-build/master.nix
+++ b/makefu/2configs/remote-build/master.nix
@ -1,14 +0,0 @@
-{ pkgs, ...}:
-let
-  sshKey = (toString <secrets>) + "/id_nixBuild";
-in {
-  nix.distributedBuilds = true;
-  # TODO: iterate over krebs.hosts
-  nix.buildMachines = map ( hostName:
-  {   inherit hostName sshKey;
-      sshUser = "nixBuild";
-      system = "x86_64-linux";
-      maxJobs = 8;
-  }) [ "hotdog.r" ];
-  # puyak.r "wbob.r" "omo.r"  "gum.r" "latte.r"
-}
--- a/makefu/2configs/stats/arafetch.nix
+++ b/makefu/2configs/stats/arafetch.nix
@ -3,7 +3,7 @@ with import <stockholm/lib>;
 let
  pkg = with pkgs.python3Packages;buildPythonPackage rec {
    rev = "762d747";
-    name = "europastats-${rev}";
+    name = "arafetch-${rev}";
    propagatedBuildInputs = [
      requests
      docopt
@ -25,12 +25,25 @@ in {
  };

  systemd.services.arafetch = {
-    startAt = "Mon 09:15:00";
+    startAt = "Mon,Wed,Fri 09:15:00";
    wantedBy = [ "multi-user.target" ];
    environment = {
      OUTDIR = home;
    };
    path = [ pkg  pkgs.git pkgs.wget ];
-    script = "${pkg}/bin/weekrun";
+    serviceConfig = {
+      User = "arafetch";
+      WorkingDirectory = home;
+      PrivateTmp = true;
+      ExecStart = pkgs.writeDash "start-weekrun" ''
+        set -x
+        weekrun || echo "weekrun failed!"
+        find $OUTDIR/db -name \*.json | while read path;do
+          file=''${path##*/}
+          cantine=''${file%%.json}
+          ara2influx $path --cantine $cantine --host wbob.r
+        done
+      '';
+    };
  };
 }
--- a/makefu/2configs/urlwatch/default.nix
+++ b/makefu/2configs/urlwatch/default.nix
@ -25,7 +25,6 @@ in {
      # pypi
      https://pypi.python.org/simple/bepasty/
      https://pypi.python.org/simple/devpi-client/
-      https://pypi.python.org/simple/oslo.config/
      https://pypi.python.org/simple/sqlalchemy_migrate/
      https://pypi.python.org/simple/xstatic/
      https://pypi.python.org/simple/pyserial/
--- a/makefu/5pkgs/ampel/default.nix
+++ b/makefu/5pkgs/ampel/default.nix
@ -2,7 +2,7 @@

 with pkgs.python3Packages;buildPythonPackage rec {
  name = "ampel-${version}";
-  version = "0.2";
+  version = "0.2.1";

  propagatedBuildInputs = [
    docopt
@ -16,8 +16,8 @@ with pkgs.python3Packages;buildPythonPackage rec {

  src = pkgs.fetchgit {
      url = "http://cgit.euer.krebsco.de/ampel";
-      rev = "d8a0250";
-      sha256 = "0n36lc17ca5db6pl6dswdqd5w9f881rfqck9yc4w33a5qpsxj85f";
+      rev = "92321d7";
+      sha256 = "0mvpbpf1rx8sc589qjb73gl8z6fir2zs3gl3br1pbhg5jgn0ij4n";
  };
  meta = {
    homepage = http://cgit.euer.krebsco.de/ampel;
--- a/makefu/5pkgs/awesomecfg/full.cfg
+++ b/makefu/5pkgs/awesomecfg/full.cfg
@ -412,8 +412,7 @@ clientkeys = awful.util.table.join(
        end),
    awful.key({ modkey,           }, "m",
        function (c)
-            c.maximized_horizontal = not c.maximized_horizontal
-            c.maximized_vertical   = not c.maximized_vertical
+            c.maximized = not c.maximized
        end)
 )

--- a/makefu/5pkgs/devpi/default.nix
+++ b/makefu/5pkgs/devpi/default.nix
@ -16,16 +16,17 @@ let
  };
  devpi-web = pkgs.python3Packages.buildPythonPackage rec {
    name = "devpi-web";
-    version = "3.1.1";
+    version = "3.2.2";


    src = pkgs.fetchurl {
      url = "mirror://pypi/d/devpi-web/devpi-web-${version}.tar.gz";
-      sha256 = "0bvqv52jmasfm4sdyccwsgvk9a663d3grj7zjw8r9x7xm7l3svqv";
+      sha256 = "1mwg2fcw88rn47ypnhg5f4s1r066129z922113shyinwrwfddhay";
    };

-    propagatedBuildInputs = with pkgs.python3Packages;
-      [ pkgs.devpi-server pyramid_chameleon beautifulsoup4 defusedxml readme-renderer ];
+    propagatedBuildInputs = with pkgs.python3Packages; builtins.trace pkgs.devpi-server.version
+      [ pkgs.devpi-server pyramid_chameleon pygments docutils devpi-common
+      whoosh beautifulsoup4 defusedxml readme-renderer ];

    meta = {
      homepage = https://bitbucket.org/hpk42/devpi;
@ -37,6 +38,6 @@ let

 in {
  devpi-web =  pkgs.python3.buildEnv.override {
-      extraLibs = [ devpi-web devpi-server ];
-    };
+      extraLibs = [ devpi-web pkgs.devpi-server ];
+  };
 }
--- a/makefu/source.nix
+++ b/makefu/source.nix
@ -21,9 +21,8 @@ let
    ];
  };
  # TODO: automate updating of this ref + cherry-picks
-  ref = "6583793"; # nixos-17.09 @ 2018-03-07
-                   # + do_sqlite3 ruby: 55a952be5b5
-                   # + signal: 0f19beef3, 50ad913, 9449782, b7046ab2
+  ref = "a09afbfb8a4"; # nixos-18.03 @ 2018-04-04
+                       # + do_sqlite3 ruby: 55a952be5b5

 in
  evalSource (toString _file) [
@ -54,7 +53,7 @@ in
    (mkIf ( musnix ) {
      musnix.git = {
        url = https://github.com/musnix/musnix.git;
-        ref = "d8b989f";
+        ref = "master"; # follow the musnix channel, lets see how this works out
      };
    })