Merge remote-tracking branch 'prism/master'

This commit is contained in:
tv 2019-04-19 16:39:05 +02:00
commit d825d2db87
13 changed files with 116 additions and 139 deletions

View File

@ -10,7 +10,7 @@ let
addresses = peer.addresses;
}) cfg.peers;
folders = map (folder: {
folders = mapAttrsToList ( _: folder: {
inherit (folder) path id type;
devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
rescanIntervalS = folder.rescanInterval;
@ -81,17 +81,18 @@ in
};
folders = mkOption {
default = [];
type = types.listOf (types.submodule ({ config, ... }: {
default = {};
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
path = mkOption {
type = types.absolute-pathname;
default = config._module.args.name;
};
id = mkOption {
type = types.str;
default = config.path;
default = config._module.args.name;
};
peers = mkOption {

View File

@ -49,12 +49,15 @@ with import <stockholm/lib>;
];
}
{
krebs.syncthing.folders = [
{ id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" "prism" ]; }
];
lass.ensure-permissions = [
{ folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
];
krebs.syncthing.folders."the_playlist" = {
path = "/home/lass/tmp/the_playlist";
peers = [ "mors" "phone" "prism" ];
};
krebs.permown."/home/lass/tmp/the_playlist" = {
owner = "lass";
group = "syncthing";
umask = "0007";
};
}
{
lass.umts = {

View File

@ -20,13 +20,12 @@ with import <stockholm/lib>;
}
];
lass.ensure-permissions = [
{ folder = "/var/lib/sync-containers"; owner = "root"; group = "syncthing"; }
];
krebs.syncthing.folders = [
{ path = "/var/lib/sync-containers"; peers = [ "icarus" "skynet" "littleT" "shodan" ]; }
];
krebs.syncthing.folders."/var/lib/sync-containers".peers = [ "icarus" "skynet" "littleT" "shodan" ];
krebs.permown."/var/lib/sync-containers" = {
owner = "root";
group = "syncthing";
umask = "0007";
};
system.activationScripts.containerPermissions = ''
mkdir -p /var/lib/containers

View File

@ -10,7 +10,7 @@ let
source-password = import <secrets/icecast-source-pw>;
add_random = pkgs.writeDashBin "add_random" ''
${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls | shuf -n1)"
${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls the_playlist/music | grep '\.ogg$' | shuf -n1)"
'';
skip_track = pkgs.writeDashBin "skip_track" ''
@ -57,7 +57,7 @@ in {
services.mpd = {
enable = true;
group = "radio";
musicDirectory = "/home/radio/the_playlist/music";
musicDirectory = "/home/radio/music";
extraConfig = ''
log_level "default"
auto_update "yes"
@ -248,10 +248,13 @@ in {
alias ${html};
'';
};
krebs.syncthing.folders = [
{ id = "the_playlist"; path = "/home/radio/music/the_playlist"; peers = [ "mors" "phone" "prism" ]; }
];
lass.ensure-permissions = [
{ folder = "/home/radio/music/the_playlist"; owner = "radio"; group = "syncthing"; }
];
krebs.syncthing.folders."the_playlist" = {
path = "/home/radio/music/the_playlist";
peers = [ "mors" "phone" "prism" ];
};
krebs.permown."/home/radio/music/the_playlist" = {
owner = "radio";
group = "syncthing";
umask = "0002";
};
}

View File

@ -1,8 +1,11 @@
{
krebs.syncthing.folders = [
{ id = "decsync"; path = "/home/lass/decsync"; peers = [ "mors" "blue" "green" "phone" ]; }
];
lass.ensure-permissions = [
{ folder = "/home/lass/decsync"; owner = "lass"; group = "syncthing"; }
];
krebs.syncthing.folders.decsync = {
path = "/home/lass/decsync";
peers = [ "mors" "blue" "green" "phone" ];
};
krebs.permown."/home/lass/decsync" = {
owner = "lass";
group = "syncthing";
umask = "0007";
};
}

View File

@ -1,8 +1,8 @@
{
krebs.syncthing.folders = [
{ path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; }
];
lass.ensure-permissions = [
{ folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; }
];
krebs.syncthing.folders."/home/lass/.weechat".peers = [ "blue" "green" "mors" ];
krebs.permown."/home/lass/.weechat" = {
owner = "lass";
group = "syncthing";
umask = "0007";
};
}

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
{ config, pkgs, ... }: with import <stockholm/lib>; let
peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
in {
services.syncthing = {
enable = true;
group = "syncthing";
@ -14,17 +14,17 @@ with import <stockholm/lib>;
enable = true;
cert = toString <secrets/syncthing.cert>;
key = toString <secrets/syncthing.key>;
peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
folders = [
{ path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism" "shodan" ]; }
];
peers = peers;
folders."/home/lass/sync".peers = attrNames peers;
};
system.activationScripts.syncthing-home = ''
${pkgs.coreutils}/bin/chmod a+x /home/lass
'';
lass.ensure-permissions = [
{ folder = "/home/lass/sync"; owner = "lass"; group = "syncthing"; }
];
krebs.permown."/home/lass/sync" = {
owner = "lass";
group = "syncthing";
umask = "0007";
};
}

View File

@ -3,7 +3,6 @@ _:
imports = [
./dnsmasq.nix
./ejabberd
./ensure-permissions.nix
./folderPerms.nix
./hosts.nix
./mysql-backup.nix

View File

@ -1,66 +0,0 @@
{ config, pkgs, ... }: with import <stockholm/lib>;
let
cfg = config.lass.ensure-permissions;
in
{
options.lass.ensure-permissions = mkOption {
default = [];
type = types.listOf (types.submodule ({
options = {
folder = mkOption {
type = types.absolute-pathname;
};
owner = mkOption {
# TODO user type
type = types.str;
default = "root";
};
group = mkOption {
# TODO group type
type = types.str;
default = "root";
};
permission = mkOption {
# TODO permission type
type = types.str;
default = "u+rw,g+rw";
};
};
}));
};
config = mkIf (cfg != []) {
system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: ''
${pkgs.coreutils}/bin/mkdir -p ${plan.folder}
${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder}
${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder}
'') cfg;
systemd.services =
listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Restart = "always";
RestartSec = 10;
ExecStart = pkgs.writeDash "ensure-perms" ''
${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \
| while IFS= read -r FILE; do
${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null
${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null
done
'';
};
}) cfg)
;
};
}

View File

@ -6,13 +6,13 @@
[ # Include the results of the hardware scan.
<stockholm/makefu>
<stockholm/makefu/2configs/hw/vbox-guest.nix>
#{ # until virtualbox-image is fixed
# imports = [
# <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
# ];
# boot.loader.grub.device = lib.mkForce "/dev/sda";
#}
# <stockholm/makefu/2configs/hw/vbox-guest.nix> # broken since 2019-04-18
{ # until virtualbox-image is fixed
imports = [
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
];
boot.loader.grub.device = lib.mkForce "/dev/sda";
}
<stockholm/makefu/2configs/main-laptop.nix>
# <secrets/extra-hosts.nix>

View File

@ -11,9 +11,13 @@
<stockholm/makefu/2configs/home-manager/desktop.nix>
<stockholm/makefu/2configs/home-manager/cli.nix>
<stockholm/makefu/2configs/home-manager/mail.nix>
<stockholm/makefu/2configs/home-manager/taskwarrior.nix>
<stockholm/makefu/2configs/main-laptop.nix>
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
{ programs.adb.enable = true; }
<stockholm/makefu/2configs/dict.nix>
#<stockholm/makefu/3modules/netboot_server.nix>
#{
@ -23,7 +27,14 @@
# };
#}
# Restore:
# systemctl cat borgbackup-job-state
# export BORG_PASSCOMMAND BORG_REPO BORG_RSH
# borg list "$BORG_REPO"
# mount newroot somewhere && cd somewhere
# borg extract "$BORG_REPO::x-state-2019-04-17T01:41:51" --progress # < extract to cwd
<stockholm/makefu/2configs/backup/state.nix>
# <stockholm/makefu/2configs/dnscrypt/client.nix>
<stockholm/makefu/2configs/avahi.nix>
<stockholm/makefu/2configs/support-nixos.nix>
@ -46,19 +57,18 @@
# Krebs
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/share/gum-client.nix>
# <stockholm/makefu/2configs/share/gum-client.nix>
# applications
<stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/mail-client.nix>
<stockholm/makefu/2configs/printer.nix>
<stockholm/makefu/2configs/task-client.nix>
# <stockholm/makefu/2configs/syncthing.nix>
# Virtualization
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
# <stockholm/makefu/2configs/virtualisation/libvirt.nix>
# <stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/virtualisation/virtualbox.nix>
#{
# networking.firewall.allowedTCPPorts = [ 8080 ];
@ -71,35 +81,43 @@
# Services
<stockholm/makefu/2configs/git/brain-retiolum.nix>
<stockholm/makefu/2configs/tor.nix>
<stockholm/makefu/2configs/vpn/vpngate.nix>
# <stockholm/makefu/2configs/vpn/vpngate.nix>
# <stockholm/makefu/2configs/buildbot-standalone.nix>
<stockholm/makefu/2configs/remote-build/aarch64-community.nix>
<stockholm/makefu/2configs/remote-build/gum.nix>
{ nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; }
# <stockholm/makefu/2configs/remote-build/gum.nix>
# { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; }
<stockholm/makefu/2configs/binary-cache/gum.nix>
<stockholm/makefu/2configs/binary-cache/lass.nix>
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
<stockholm/makefu/2configs/hw/mceusb.nix>
<stockholm/makefu/2configs/hw/malduino_elite.nix>
# <stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/hw/tpm.nix>
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
<stockholm/makefu/2configs/hw/stk1160.nix>
<stockholm/makefu/2configs/hw/irtoy.nix>
# <stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/hw/irtoy.nix>
# <stockholm/makefu/2configs/hw/malduino_elite.nix>
<stockholm/makefu/2configs/hw/switch.nix>
<stockholm/makefu/2configs/hw/bluetooth.nix>
# <stockholm/makefu/2configs/hw/rad1o.nix>
<stockholm/makefu/2configs/hw/smartcard.nix>
{
services.upower.enable = true;
users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ];
}
# Filesystem
<stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
{ programs.adb.enable = true; }
# temporary
{ services.redis.enable = true; }
<stockholm/makefu/2configs/pyload.nix>
# { services.redis.enable = true; }
# <stockholm/makefu/2configs/pyload.nix>
# <stockholm/makefu/2configs/dcpp/airdcpp.nix>
# <stockholm/makefu/2configs/nginx/rompr.nix>
# <stockholm/makefu/2configs/lanparty/lancache.nix>
@ -136,6 +154,9 @@
makefu.server.primary-itf = "wlp3s0";
nixpkgs.config.allowUnfree = true;
nixpkgs.config.oraclejdk.accept_license = true;
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
@ -163,7 +184,6 @@
"/home/makefu/.ssh/"
"/home/makefu/.zsh_history"
"/home/makefu/.bash_history"
"/home/makefu/.zshrc"
"/home/makefu/bin"
"/home/makefu/.gnupg"
"/home/makefu/.imapfilter"
@ -171,6 +191,7 @@
"/home/makefu/docs"
"/home/makefu/.password-store"
"/home/makefu/.secrets-pass"
"/home/makefu/.config/syncthing"
];
services.syncthing.user = lib.mkForce "makefu";

View File

@ -0,0 +1,13 @@
{ config, ... }:
{
nix = {
binaryCaches = [
"https://cache.euer.krebsco.de/"
];
binaryCachePublicKeys = [
"gum:iIXIFlCAotib+MgI3V/i3HMlFXiVYOT/jfP0y54Zuvg="
];
};
}

View File

@ -19,9 +19,10 @@
};
services.nginx = {
enable = true;
virtualHosts.nix-serve = {
serverAliases = [ "cache.gum.r"
"cache.euer.krebsco.de"
virtualHosts."cache.euer.krebsco.de" = {
forceSSL = true;
enableACME = true;
serverAliases = [ # "cache.gum.r"
"cache.gum.krebsco.de"
];
locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";