Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
e2a922dd7d
@ -297,6 +297,30 @@ with lib;
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch";
|
||||
};
|
||||
wbob = rec {
|
||||
cores = 1;
|
||||
dc = "none";
|
||||
nets = {
|
||||
retiolm = {
|
||||
addrs4 = ["10.243.214.15/32"];
|
||||
addrs6 = ["42:5a02:2c30:c1b1:3f2e:7c19:2496:a732/128"];
|
||||
aliases = [
|
||||
"wbob.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
|
||||
QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
|
||||
cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
|
||||
khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
|
||||
rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
|
||||
TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
gum = rec {
|
||||
cores = 1;
|
||||
dc = "online.net"; #root-server
|
||||
|
@ -2,11 +2,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "apt-cacher-ng-${version}";
|
||||
version = "0.8.6";
|
||||
version = "0.8.8";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz";
|
||||
sha256 = "0044dfks8djl11fs28jj8894i4rq424xix3d3fkvzz2i6lnp8nr5";
|
||||
sha256 = "0n7yy4h8g7j0g94xngbywmfhrkg9xl3j2c4wzrjknfwvxmqgjivq";
|
||||
};
|
||||
|
||||
NIX_LDFLAGS = "-lpthread";
|
||||
|
@ -81,7 +81,7 @@ stdenv.mkDerivation rec {
|
||||
meta = {
|
||||
homepage = http://www.fortinet.com;
|
||||
description = "Forticlient SSL-VPN client";
|
||||
license = lib.licenses.nonfree;
|
||||
license = lib.licenses.unfree;
|
||||
maintainers = [ lib.maintainers.makefu ];
|
||||
};
|
||||
}
|
||||
|
@ -1,5 +1,10 @@
|
||||
{ lib, pkgs,python3Packages,fetchurl, ... }:
|
||||
|
||||
# TODO: Prepare a diff of future and current
|
||||
## ovh-zone export krebsco.de --config ~/secrets/krebs/cfg.json |sed 's/[ ]\+/ /g' | sort current
|
||||
## sed 's/[ ]\+/ /g'/etc/zones/krebsco.de | sort > future
|
||||
## diff future.sorted current.sorted
|
||||
|
||||
python3Packages.buildPythonPackage rec {
|
||||
name = "krebszones-${version}";
|
||||
version = "0.4.4";
|
||||
|
@ -28,7 +28,9 @@ stdenv.mkDerivation rec {
|
||||
cp ${src} $out/bin/${shortname}
|
||||
chmod +x $out/bin/${shortname}
|
||||
wrapProgram $out/bin/${shortname} \
|
||||
--prefix PATH : ${path}
|
||||
--prefix PATH : ${path} \
|
||||
--set SSL_CERT_FILE ${./panel.cloudatcost.com.crt} \
|
||||
--set REQUESTS_CA_BUNDLE ${./panel.cloudatcost.com.crt}
|
||||
'';
|
||||
meta = with stdenv.lib; {
|
||||
homepage = http://krebsco.de;
|
||||
|
@ -0,0 +1,88 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFWzCCBEOgAwIBAgIQXWIKGWRZf838+wW1zLdK0DANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UE
|
||||
BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
|
||||
A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlk
|
||||
YXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTEwMjMwMDAwMDBaFw0xODEwMjIyMzU5NTlaMF8x
|
||||
ITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEeMBwGA1UECxMVRXNzZW50aWFsU1NM
|
||||
IFdpbGRjYXJkMRowGAYDVQQDDBEqLmNsb3VkYXRjb3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
|
||||
ggEPADCCAQoCggEBAM9CyL8uUPoE3zYbvnwtUW69h0f+rkND1/Jsi15EEBFPQqiYCmPiSaJLn6JB
|
||||
Hri34t4lArGrPA6K01x18LJqFoYDy5ya37J8Bd4jF3cijWe/IQEWAw0r2ufhd4LTNMvEyJIECida
|
||||
LMhBxpORRdijmvEXCf9D0OEGBV3qfizcCH7+VPordCY3y9fwgbk0wAB1lAk29aRosK3gZJceu57Q
|
||||
YkEKjee6pZ473+xpCjaeTBUlPuGA95A2jPf8c+QSPegczOd9Hwo4JqAJSjTzzuHiSbEhd+8JIC/P
|
||||
6GYVOvwnNqCPuuXsoBy8xBQ8lHuZcWd5sh4MDRvm5YxVFhYN6kOgf1ECAwEAAaOCAd8wggHbMB8G
|
||||
A1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSC9dSGoIEPHBTUQJjOxxPg
|
||||
lhRLPDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
|
||||
KwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczov
|
||||
L3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDov
|
||||
L2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB
|
||||
LmNybDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNv
|
||||
bS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzAB
|
||||
hhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wLQYDVR0RBCYwJIIRKi5jbG91ZGF0Y29zdC5jb22C
|
||||
D2Nsb3VkYXRjb3N0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAPfUXBGDYOQnJuykm8I9cB2rBFVvt
|
||||
HgzKIM+SXRz/jRt4HN/fsQkq2mI8SUPigWbtrtL1yim0hHdTR4m6vn7eHqj8erjjEJy16OfyRwp8
|
||||
LfjjHvcPxAxiRcFdv+8Pu/o0umqtxmRn4enyAZWhqAp3TBjkJPkJgh/toJqGpE7dN1Jw1AF75rrA
|
||||
DXS8J5fcJYZQydJce+kacMHLh4C0Q37NgZKPfM+9jsygqY3Fhqh5GIt/CXNx2vlDPQP87QEtK7y7
|
||||
dCGd/MwrdKkUvOpsmqWiO1+02DesZSdIow/YW+8cUhPvYMqpM9zKbqVdRj3FJK56+/xNfNX5tiU1
|
||||
1VE7rIcEbw==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
|
||||
BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
|
||||
A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
|
||||
biBBdXRob3JpdHkwHhcNMTQwMjEyMDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMC
|
||||
R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
|
||||
ChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRp
|
||||
b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI7CAhnh
|
||||
oFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28ShbXcDow+G+eMGnD4LgYqbSRutA776S9uM
|
||||
IO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4Tg
|
||||
llfQcBhglo/uLQeTnaG6ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh
|
||||
7lgUq/51UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0nc13c
|
||||
RTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQYMBaAFLuvfgI9+qbx
|
||||
PISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz30O0Oija5zAOBgNVHQ8BAf8EBAMC
|
||||
AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYD
|
||||
VR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNv
|
||||
bW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
|
||||
AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRy
|
||||
dXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcN
|
||||
AQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx
|
||||
3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsI
|
||||
tG8kO3KdY3RYPBpsP0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdo
|
||||
ltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js
|
||||
9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxGV/Iz2tDIY+3GH5QFlkoa
|
||||
kdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBm
|
||||
GqW5prU5wfWYQ//u+aen/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODc
|
||||
QgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje
|
||||
3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf+AZx
|
||||
AeKCINT+b72x
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
|
||||
BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
|
||||
A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
|
||||
biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC
|
||||
R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
|
||||
ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB
|
||||
dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn
|
||||
dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ
|
||||
FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+
|
||||
5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG
|
||||
x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX
|
||||
2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL
|
||||
OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3
|
||||
sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C
|
||||
GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5
|
||||
WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
|
||||
FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
|
||||
DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt
|
||||
rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+
|
||||
nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg
|
||||
tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW
|
||||
sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp
|
||||
pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA
|
||||
zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq
|
||||
ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52
|
||||
7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I
|
||||
LaZRfyHBNVOFBkpdn627G190
|
||||
-----END CERTIFICATE-----
|
10
krebs/Zhosts/wbob
Normal file
10
krebs/Zhosts/wbob
Normal file
@ -0,0 +1,10 @@
|
||||
Subnet = 10.243.214.15/32
|
||||
Subnet = 42:5a02:2c30:c1b1:3f2e:7c19:2496:a732/128
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
|
||||
QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
|
||||
cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
|
||||
khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
|
||||
rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
|
||||
TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
@ -21,7 +21,7 @@ in {
|
||||
|
||||
];
|
||||
|
||||
|
||||
services.smartd.devices = [ { device = "/dev/sda";} ];
|
||||
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
||||
|
||||
###### stable
|
||||
@ -32,6 +32,9 @@ in {
|
||||
ListenAddress = ${external-ip} 655
|
||||
ListenAddress = ${external-ip} 21031
|
||||
'';
|
||||
krebs.nginx.servers.cgit.server-names = [
|
||||
"cgit.euer.krebsco.de"
|
||||
];
|
||||
|
||||
# Chat
|
||||
environment.systemPackages = with pkgs;[
|
||||
|
@ -27,10 +27,56 @@ in {
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/smart-monitor.nix
|
||||
../2configs/mail-client.nix
|
||||
../2configs/share-user-sftp.nix
|
||||
../2configs/nginx/omo-share.nix
|
||||
../3modules
|
||||
];
|
||||
krebs.build.host = config.krebs.hosts.omo;
|
||||
networking.firewall.trustedInterfaces = [ "enp3s0" ];
|
||||
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
|
||||
# tcp:80 - nginx for sharing files
|
||||
# tcp:655 udp:655 - tinc
|
||||
# tcp:8080 - sabnzbd
|
||||
networking.firewall.allowedUDPPorts = [ 655 ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
|
||||
|
||||
# services.openssh.allowSFTP = false;
|
||||
krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
|
||||
|
||||
# samba share /media/crypt1/share
|
||||
users.users.smbguest = {
|
||||
name = "smbguest";
|
||||
uid = config.ids.uids.smbguest;
|
||||
description = "smb guest user";
|
||||
home = "/var/empty";
|
||||
};
|
||||
services.samba = {
|
||||
enable = true;
|
||||
shares = {
|
||||
winshare = {
|
||||
path = "/media/crypt1/share";
|
||||
"read only" = "no";
|
||||
browseable = "yes";
|
||||
"guest ok" = "yes";
|
||||
};
|
||||
};
|
||||
extraConfig = ''
|
||||
guest account = smbguest
|
||||
map to guest = bad user
|
||||
# disable printing
|
||||
load printers = no
|
||||
printing = bsd
|
||||
printcap name = /dev/null
|
||||
disable spoolss = yes
|
||||
'';
|
||||
};
|
||||
|
||||
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
|
||||
services.sabnzbd.enable = true;
|
||||
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
# HDD Array stuff
|
||||
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
||||
|
||||
makefu.snapraid = let
|
||||
toMapper = id: "/media/crypt${builtins.toString id}";
|
||||
in {
|
||||
@ -38,7 +84,6 @@ in {
|
||||
disks = map toMapper [ 0 1 ];
|
||||
parity = toMapper 2;
|
||||
};
|
||||
# AMD E350
|
||||
fileSystems = let
|
||||
cryptMount = name:
|
||||
{ "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
|
||||
@ -56,6 +101,8 @@ in {
|
||||
${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
|
||||
${pkgs.hdparm}/sbin/hdparm -y ${disk}
|
||||
'') allDisks);
|
||||
|
||||
# crypto unlocking
|
||||
boot = {
|
||||
initrd.luks = {
|
||||
devices = let
|
||||
@ -86,11 +133,11 @@ in {
|
||||
extraModulePackages = [ ];
|
||||
};
|
||||
|
||||
networking.firewall.allowedUDPPorts = [ 655 ];
|
||||
hardware.enableAllFirmware = true;
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
|
||||
#zramSwap.enable = true;
|
||||
zramSwap.enable = true;
|
||||
zramSwap.numDevices = 2;
|
||||
|
||||
krebs.build.host = config.krebs.hosts.omo;
|
||||
}
|
||||
|
@ -35,12 +35,14 @@
|
||||
# ../2configs/mediawiki.nix
|
||||
#../2configs/wordpress.nix
|
||||
];
|
||||
hardware.sane.enable = true;
|
||||
hardware.sane.extraBackends = [ pkgs.samsungUnifiedLinuxDriver ];
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
tinc = pkgs.tinc_pre;
|
||||
};
|
||||
|
||||
krebs.Reaktor = {
|
||||
enable = true;
|
||||
enable = false;
|
||||
nickname = "makefu|r";
|
||||
plugins = with pkgs.ReaktorPlugins; [ nixos-version random-emoji ];
|
||||
};
|
||||
@ -59,6 +61,7 @@
|
||||
hardware.pulseaudio.configFile = pkgs.writeText "pulse-default-pa" ''
|
||||
${builtins.readFile "${config.hardware.pulseaudio.package}/etc/pulse/default.pa"}
|
||||
load-module module-alsa-sink device=hw:0,3 sink_properties=device.description="HDMIOutput" sink_name="HDMI"'';
|
||||
networking.firewall.enable = false;
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
25
|
||||
];
|
||||
|
@ -2,9 +2,7 @@
|
||||
#
|
||||
#
|
||||
{ lib, config, pkgs, ... }:
|
||||
let
|
||||
pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
|
||||
in {
|
||||
{
|
||||
krebs.build.host = config.krebs.hosts.vbob;
|
||||
krebs.build.target = "root@10.10.10.220";
|
||||
imports =
|
||||
@ -15,14 +13,13 @@ in {
|
||||
# environment
|
||||
|
||||
];
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
tinc = pkgs.tinc_pre;
|
||||
buildbot = pkgs-unst.buildbot;
|
||||
buildbot-slave = pkgs-unst.buildbot-slave;
|
||||
};
|
||||
|
||||
makefu.buildbot.master = {
|
||||
enable = true;
|
||||
enable = false;
|
||||
irc = {
|
||||
enable = true;
|
||||
server = "cd.retiolum";
|
||||
@ -30,8 +27,9 @@ in {
|
||||
allowForce = true;
|
||||
};
|
||||
};
|
||||
# services.logstash.enable = true;
|
||||
makefu.buildbot.slave = {
|
||||
enable = true;
|
||||
enable = false;
|
||||
masterhost = "localhost";
|
||||
username = "testslave";
|
||||
password = "krebspass";
|
||||
@ -41,8 +39,8 @@ in {
|
||||
|
||||
krebs.build.source.git.nixpkgs = {
|
||||
#url = https://github.com/nixos/nixpkgs;
|
||||
# HTTP Everywhere
|
||||
rev = "a3974e";
|
||||
# HTTP Everywhere + libredir
|
||||
rev = "8239ac6";
|
||||
};
|
||||
fileSystems."/nix" = {
|
||||
device ="/dev/disk/by-label/nixstore";
|
||||
@ -56,9 +54,12 @@ in {
|
||||
};
|
||||
};
|
||||
environment.systemPackages = with pkgs;[
|
||||
fortclientsslvpn
|
||||
buildbot
|
||||
buildbot-slave
|
||||
get
|
||||
genid
|
||||
logstash
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
|
19
makefu/1systems/wbob.nix
Normal file
19
makefu/1systems/wbob.nix
Normal file
@ -0,0 +1,19 @@
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
../2configs/main-laptop.nix
|
||||
];
|
||||
krebs = {
|
||||
enable = true;
|
||||
retiolum.enable = true;
|
||||
build.host = config.krebs.hosts.wbob;
|
||||
};
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
fileSystems."/" = {
|
||||
device = "/dev/sda1";
|
||||
fsType = "ext4";
|
||||
};
|
||||
}
|
@ -13,7 +13,7 @@ with lib;
|
||||
./vim.nix
|
||||
];
|
||||
|
||||
|
||||
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
|
||||
krebs = {
|
||||
enable = true;
|
||||
search-domain = "retiolum";
|
||||
@ -65,7 +65,12 @@ with lib;
|
||||
time.timeZone = "Europe/Berlin";
|
||||
#nix.maxJobs = 1;
|
||||
|
||||
programs.ssh.startAgent = false;
|
||||
programs.ssh = {
|
||||
startAgent = false;
|
||||
extraConfig = ''
|
||||
UseRoaming no
|
||||
'';
|
||||
};
|
||||
services.openssh.enable = true;
|
||||
nix.useChroot = true;
|
||||
|
||||
|
@ -16,6 +16,9 @@ let
|
||||
desc = "Tinc Advanced Graph Generation";
|
||||
};
|
||||
cac = { };
|
||||
init-stockholm = {
|
||||
desc = "Init stuff for stockholm";
|
||||
};
|
||||
};
|
||||
|
||||
priv-repos = mapAttrs make-priv-repo {
|
||||
|
@ -24,5 +24,12 @@ with lib;
|
||||
services.tlp.enable = true;
|
||||
services.tlp.extraConfig = ''
|
||||
START_CHARGE_THRESH_BAT0=80
|
||||
|
||||
CPU_SCALING_GOVERNOR_ON_AC=performance
|
||||
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
|
||||
CPU_MIN_PERF_ON_AC=0
|
||||
CPU_MAX_PERF_ON_AC=100
|
||||
CPU_MIN_PERF_ON_BAT=0
|
||||
CPU_MAX_PERF_ON_BAT=30
|
||||
'';
|
||||
}
|
||||
|
34
makefu/2configs/nginx/omo-share.nix
Normal file
34
makefu/2configs/nginx/omo-share.nix
Normal file
@ -0,0 +1,34 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
hostname = config.krebs.build.host.name;
|
||||
# TODO local-ip from the nets config
|
||||
local-ip = "192.168.1.11";
|
||||
# local-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
||||
in {
|
||||
krebs.nginx = {
|
||||
enable = mkDefault true;
|
||||
servers = {
|
||||
omo-share = {
|
||||
listen = [ "${local-ip}:80" ];
|
||||
locations = singleton (nameValuePair "/" ''
|
||||
autoindex on;
|
||||
root /media;
|
||||
limit_rate_after 100m;
|
||||
limit_rate 5m;
|
||||
mp4_buffer_size 4M;
|
||||
mp4_max_buffer_size 10M;
|
||||
allow all;
|
||||
access_log off;
|
||||
keepalive_timeout 65;
|
||||
keepalive_requests 200;
|
||||
reset_timedout_connection on;
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
gzip off;
|
||||
'');
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
21
makefu/2configs/share-user-sftp.nix
Normal file
21
makefu/2configs/share-user-sftp.nix
Normal file
@ -0,0 +1,21 @@
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
users.users = {
|
||||
share = {
|
||||
uid = 9002;
|
||||
home = "/var/empty";
|
||||
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
||||
};
|
||||
};
|
||||
# we will use internal-sftp to make uncomplicated Chroot work
|
||||
services.openssh.extraConfig = ''
|
||||
Match User share
|
||||
ChrootDirectory /media
|
||||
ForceCommand internal-sftp
|
||||
AllowTcpForwarding no
|
||||
PermitTunnel no
|
||||
X11Forwarding no
|
||||
Match All
|
||||
'';
|
||||
}
|
@ -3,6 +3,7 @@
|
||||
krebs.exim-retiolum.enable = lib.mkDefault true;
|
||||
services.smartd = {
|
||||
enable = true;
|
||||
autodetect = false;
|
||||
notifications = {
|
||||
mail = {
|
||||
enable = true;
|
||||
@ -12,8 +13,6 @@
|
||||
# short daily, long weekly, check on boot
|
||||
defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
|
||||
|
||||
devices = lib.mkDefault [{
|
||||
device = "/dev/sda";
|
||||
}];
|
||||
devices = lib.mkDefault [ ];
|
||||
};
|
||||
}
|
||||
|
@ -4,7 +4,6 @@ with lib;
|
||||
{
|
||||
krebs.retiolum = {
|
||||
enable = true;
|
||||
hosts = ../../krebs/Zhosts;
|
||||
connectTo = [
|
||||
"gum"
|
||||
"pigstarter"
|
||||
|
@ -29,6 +29,7 @@
|
||||
https://pypi.python.org/simple/bepasty/
|
||||
https://pypi.python.org/simple/xstatic/
|
||||
http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
|
||||
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
|
||||
];
|
||||
};
|
||||
}
|
||||
|
@ -122,7 +122,7 @@ in {
|
||||
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
|
||||
vimrcConfig.vam.pluginDictionaries = [
|
||||
{ names = [ "undotree"
|
||||
"YouCompleteMe"
|
||||
# "YouCompleteMe"
|
||||
"vim-better-whitespace" ]; }
|
||||
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
|
||||
];
|
||||
|
@ -5,4 +5,5 @@ let
|
||||
in {
|
||||
virtualisation.libvirtd.enable = true;
|
||||
users.extraUsers.${mainUser.name}.extraGroups = [ "libvirtd" ];
|
||||
networking.firewall.checkReversePath = false; # TODO: unsolved issue in nixpkgs:#9067 [bug]
|
||||
}
|
||||
|
@ -1,33 +1,9 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
_:
|
||||
|
||||
#usage: $ wvdial
|
||||
|
||||
let
|
||||
mainUser = config.krebs.build.user;
|
||||
in {
|
||||
environment.systemPackages = with pkgs;[
|
||||
wvdial
|
||||
];
|
||||
|
||||
environment.shellAliases = {
|
||||
umts = "sudo wvdial netzclub";
|
||||
{
|
||||
imports = [ ../3modules ];
|
||||
makefu.umts = {
|
||||
enable = true;
|
||||
modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01";
|
||||
};
|
||||
|
||||
# configure for NETZCLUB
|
||||
environment.wvdial.dialerDefaults = ''
|
||||
Phone = *99***1#
|
||||
Dial Command = ATDT
|
||||
Modem = /dev/ttyACM0
|
||||
Baud = 460800
|
||||
Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
|
||||
Init2 = ATZ
|
||||
Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
|
||||
ISDN = 0
|
||||
Modem Type = Analog Modem
|
||||
Username = netzclub
|
||||
Password = netzclub
|
||||
Stupid Mode = 1
|
||||
Idle Seconds = 0'';
|
||||
|
||||
users.extraUsers.${mainUser.name}.extraGroups = [ "dialout" ];
|
||||
}
|
||||
|
@ -19,8 +19,7 @@ in
|
||||
bindkey -e
|
||||
# shift-tab
|
||||
bindkey '^[[Z' reverse-menu-complete
|
||||
|
||||
autoload -U compinit && compinit
|
||||
bindkey "\e[3~" delete-char
|
||||
zstyle ':completion:*' menu select
|
||||
|
||||
# load gpg-agent
|
||||
|
@ -3,6 +3,7 @@ _:
|
||||
{
|
||||
imports = [
|
||||
./snapraid.nix
|
||||
./umts.nix
|
||||
];
|
||||
}
|
||||
|
||||
|
76
makefu/3modules/umts.nix
Normal file
76
makefu/3modules/umts.nix
Normal file
@ -0,0 +1,76 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
# TODO: currently it is only netzclub
|
||||
umts-bin = pkgs.writeScriptBin "umts" ''
|
||||
#!/bin/sh
|
||||
set -euf
|
||||
systemctl start umts
|
||||
trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT
|
||||
echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
|
||||
journalctl -xfu umts
|
||||
'';
|
||||
|
||||
wvdial-defaults = ''
|
||||
Phone = *99***1#
|
||||
Dial Command = ATDT
|
||||
Modem = ${cfg.modem-device}
|
||||
Baud = 460800
|
||||
Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
|
||||
Init2 = ATZ
|
||||
Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
|
||||
ISDN = 0
|
||||
Modem Type = Analog Modem
|
||||
Username = netzclub
|
||||
Password = netzclub
|
||||
Stupid Mode = 1
|
||||
Idle Seconds = 0'';
|
||||
|
||||
cfg = config.makefu.umts;
|
||||
|
||||
out = {
|
||||
options.makefu.umts = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkEnableOption "umts";
|
||||
|
||||
modem-device = mkOption {
|
||||
default = "/dev/ttyUSB0";
|
||||
type = types.str;
|
||||
description = ''
|
||||
path to modem device, use <filename>/dev/serial/by-id/...</filename>
|
||||
to avoid race conditions.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
imp = {
|
||||
environment.shellAliases = {
|
||||
umts = "sudo ${umts-bin}/bin/umts";
|
||||
};
|
||||
environment.systemPackages = [ ];
|
||||
|
||||
environment.wvdial.dialerDefaults = wvdial-defaults;
|
||||
|
||||
systemd.targets.network-umts = {
|
||||
description = "System is running on UMTS";
|
||||
unitConfig.StopWhenUnneeded = true;
|
||||
};
|
||||
|
||||
systemd.services.umts = {
|
||||
description = "UMTS wvdial Service";
|
||||
before = [ "network-umts.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
RestartSec = "4s";
|
||||
ExecStart = "${pkgs.wvdial}/bin/wvdial -n";
|
||||
};
|
||||
};
|
||||
};
|
||||
in out
|
@ -38,8 +38,6 @@ do
|
||||
end)
|
||||
end
|
||||
-- }}}
|
||||
volwidget = wibox.widget.textbox()
|
||||
vicious.register(volwidget, vicious.widgets.volume, " $1% ", 2, "Master")
|
||||
|
||||
-- {{{ Mails widget type
|
||||
local function worker(format,warg)
|
||||
@ -258,7 +256,6 @@ for s = 1, screen.count() do
|
||||
local right_layout = wibox.layout.fixed.horizontal()
|
||||
right_layout:add(mailwidget)
|
||||
if s == 1 then right_layout:add(wibox.widget.systray()) end
|
||||
right_layout:add(volwidget)
|
||||
right_layout:add(cpuwidget)
|
||||
right_layout:add(batwidget)
|
||||
right_layout:add(mytextclock)
|
||||
|
@ -5,7 +5,7 @@
|
||||
build.user = config.krebs.users.shared;
|
||||
build.host = config.krebs.hosts.test-all-krebs-modules;
|
||||
};
|
||||
# just get the system running
|
||||
# just get the system to eval in nixos without errors
|
||||
boot.loader.grub.devices = ["/dev/sda"];
|
||||
fileSystems."/" = {
|
||||
device = "/dev/lol";
|
||||
|
@ -12,10 +12,21 @@ in
|
||||
../2configs/shack-nix-cacher.nix
|
||||
../2configs/shack-drivedroid.nix
|
||||
../2configs/buildbot-standalone.nix
|
||||
../2configs/graphite.nix
|
||||
# ../2configs/graphite.nix
|
||||
];
|
||||
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
||||
# apt-cacher-ng in first place)
|
||||
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
addr = "0.0.0.0";
|
||||
extraOptions = { "AUTH_ANONYMOUS_ENABLED" = "true"; };
|
||||
users.allowSignUp = true;
|
||||
users.allowOrgCreate = true;
|
||||
users.autoAssignOrg = true;
|
||||
security = import <secrets/grafana_security.nix>;
|
||||
};
|
||||
|
||||
nix.binaryCaches = [ "http://localhost:3142/nixos" "https://cache.nixos.org" ];
|
||||
|
||||
networking = {
|
||||
|
@ -18,7 +18,7 @@ with lib;
|
||||
krebs.build.source = {
|
||||
git.nixpkgs = {
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
|
||||
rev = "d0e3cca";
|
||||
target-path = "/var/src/nixpkgs";
|
||||
};
|
||||
dir.secrets = {
|
||||
|
@ -1,11 +1,6 @@
|
||||
{ lib, config, pkgs, ... }:
|
||||
let
|
||||
pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
|
||||
in {
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
buildbot = pkgs-unst.buildbot;
|
||||
buildbot-slave = pkgs-unst.buildbot-slave;
|
||||
};
|
||||
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [ 8010 9989 ];
|
||||
krebs.buildbot.master = {
|
||||
secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ];
|
||||
@ -89,6 +84,7 @@ in {
|
||||
nix-instantiate --eval -A \
|
||||
users.shared.test-all-krebs-modules.system \
|
||||
-I stockholm=. \
|
||||
--show-trace \
|
||||
-I secrets=. '<stockholm>' \
|
||||
--argstr current-date lol \
|
||||
--argstr current-user-name shared \
|
||||
@ -101,6 +97,7 @@ in {
|
||||
users.shared.test-minimal-deploy.system \
|
||||
-I stockholm=. \
|
||||
-I secrets=. '<stockholm>' \
|
||||
--show-trace \
|
||||
--argstr current-date lol \
|
||||
--argstr current-user-name shared \
|
||||
--argstr current-host-name lol \
|
||||
|
Loading…
Reference in New Issue
Block a user