From b0829854211bc23c98247fb9cd2e22b70616f217 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 21 Apr 2018 20:52:46 +0200 Subject: [PATCH 1/9] ma source: use .pass --- makefu/source.nix | 51 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 37 insertions(+), 14 deletions(-) diff --git a/makefu/source.nix b/makefu/source.nix index bcdb66a66..40aeac8b6 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -1,14 +1,16 @@ with import ; host@{ name, override ? {} -, secure ? false -, full ? false -, torrent ? false -, hw ? false -, musnix ? false -, python ? false -, unstable ? false #unstable channel checked out -, mic92 ? false +, secure ? false +, full ? false +, torrent ? false +, hw ? false +, musnix ? false +, python ? false +, unstable ? false #unstable channel checked out +, mic92 ? false +, nms ? false +, clever_kexec ?false }: let builder = if getEnv "dummy_secrets" == "true" @@ -42,11 +44,15 @@ in file = "/home/makefu/store/${ref}"; }; - secrets.file = getAttr builder { - buildbot = toString ; - makefu = "/home/makefu/secrets/${name}"; + secrets = getAttr builder { + buildbot.file = toString ; + makefu.pass = { + inherit name; + dir = "${getEnv "HOME"}/.secrets-pass"; + }; }; + stockholm.file = toString ; stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; } @@ -72,9 +78,12 @@ in }) (mkIf ( torrent ) { - torrent-secrets.file = getAttr builder { - buildbot = toString ; - makefu = "/home/makefu/secrets/torrent" ; + torrent-secrets = getAttr builder { + buildbot.file = toString ; + makefu.pass = { + name = "torrent"; + dir = "${getEnv "HOME"}/.secrets-pass"; + }; }; }) @@ -92,5 +101,19 @@ in }; }) + (mkIf ( nms ) { + nms.git = { + url = https://github.com/r-raymond/nixos-mailserver; + ref = "v2.1.2"; + }; + }) + + (mkIf ( clever_kexec ) { + clever_kexec.git = { + url = https://github.com/cleverca22/nix-tests; + ref = "5a670de7f2decfaafc95c34ffeb0f1896662f3d7"; + }; + }) + override ] From 309124175425cb7abd6dad166f485ae832435562 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 25 Apr 2018 14:50:06 +0200 Subject: [PATCH 2/9] ma gum.r: expose euer.mon --- makefu/1systems/gum/config.nix | 1 + makefu/2configs/nginx/euer.mon.nix | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 makefu/2configs/nginx/euer.mon.nix diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 578e4add8..9b6d9d571 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -62,6 +62,7 @@ in { ## Web + # diff --git a/makefu/2configs/nginx/euer.mon.nix b/makefu/2configs/nginx/euer.mon.nix new file mode 100644 index 000000000..c5a7e68af --- /dev/null +++ b/makefu/2configs/nginx/euer.mon.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + hostname = config.krebs.build.host.name; + user = config.services.nginx.user; + group = config.services.nginx.group; + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; +in { + services.nginx = { + enable = mkDefault true; + virtualHosts."mon.euer.krebsco.de" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://wbob.r:3000/"; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ''; + }; + }; + }; +} From 0ea7fd530f5b0b74ebff8b352283a7b399e9a109 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:41:03 +0200 Subject: [PATCH 3/9] ma core-gui: rip flash on firefox --- makefu/2configs/tools/core-gui.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix index 2f80b08c9..898bae10d 100644 --- a/makefu/2configs/tools/core-gui.nix +++ b/makefu/2configs/tools/core-gui.nix @@ -1,10 +1,6 @@ { pkgs, ... }: { - nixpkgs.config.firefox = { - enableAdobeFlash = true; - }; - krebs.per-user.makefu.packages = with pkgs; [ chromium clipit From 49193180cb66b35dc95ab34003c739af575adc77 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:41:54 +0200 Subject: [PATCH 4/9] ma network-manager: wanted by multi-user --- makefu/2configs/hw/network-manager.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix index 7e29849b1..d322c683d 100644 --- a/makefu/2configs/hw/network-manager.nix +++ b/makefu/2configs/hw/network-manager.nix @@ -11,9 +11,8 @@ systemd.services.modemmanager = { description = "ModemManager"; - after = [ "network-manager.service" ]; bindsTo = [ "network-manager.service" ]; - wantedBy = [ "network-manager.service" ]; + wantedBy = [ "network-manager.service" "multi-user.target" ]; serviceConfig = { ExecStart = "${pkgs.modemmanager}/bin/ModemManager"; PrivateTmp = true; From 82d5bca54179221759eb59f5bf10975b5261b1e3 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:43:22 +0200 Subject: [PATCH 5/9] ma onebutton.r: remove noXlibs --- krebs/1systems/onebutton/config.nix | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix index c634d73ce..dca00a206 100644 --- a/krebs/1systems/onebutton/config.nix +++ b/krebs/1systems/onebutton/config.nix @@ -1,33 +1,34 @@ { config, pkgs, lib, ... }: { + # :l + # builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; }) imports = [ - { # minimal disk usage - environment.noXlibs = true; + { # flag to rebuild everything yourself: + # environment.noXlibs = true; + + # minimal disk usage nix.gc.automatic = true; nix.gc.dates = "03:10"; - programs.info.enable = false; - programs.man.enable = false; - services.journald.extraConfig = "SystemMaxUse=50M"; + documentation.man.enable = false; + documentation.info.enable = false; services.nixosManual.enable = false; + services.journald.extraConfig = "SystemMaxUse=50M"; } ]; krebs.build.host = config.krebs.hosts.onebutton; # NixOS wants to enable GRUB by default boot.loader.grub.enable = false; + # Enables the generation of /boot/extlinux/extlinux.conf boot.loader.generic-extlinux-compatible.enable = true; - # !!! If your board is a Raspberry Pi 1, select this: boot.kernelPackages = pkgs.linuxPackages_rpi; nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ]; nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ]; - # !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough. - # boot.kernelParams = ["cma=32M"]; - fileSystems = { "/boot" = { device = "/dev/disk/by-label/NIXOS_BOOT"; @@ -41,4 +42,7 @@ swapDevices = [ { device = "/swapfile"; size = 1024; } ]; services.openssh.enable = true; + + networking.wireless.enable = true; + hardware.enableRedistributableFirmware = true; } From 45377068c0bfbb009b7cbe41dbca97dd44c9c955 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:43:59 +0200 Subject: [PATCH 6/9] k worlddomination: deploy africa --- krebs/2configs/shack/worlddomination.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index 838c1958e..44176a341 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -75,6 +75,7 @@ let }; wdpath = "/usr/worlddomination/wd.lst"; esphost = "10.42.24.7"; # esp8266 + afrihost = "10.42.25.201"; # africa timeout = 10; # minutes in { systemd.services.worlddomination = { @@ -88,4 +89,16 @@ in { PermissionsStartOnly = true; }; }; + + systemd.services.worlddomination-africa = { + description = "run worlddomination africa"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; # TODO separate user + ExecStart = "${pkg}/bin/push-led ${afrihost} ${pkg}/${wdpath} loop ${toString timeout}"; + Restart = "always"; + PrivateTmp = true; + PermissionsStartOnly = true; + }; + }; } From 4f4c06d9f9494e627f67d73e13b3cf5003d4caeb Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:46:46 +0200 Subject: [PATCH 7/9] ma gum: deploy kexec --- makefu/1systems/gum/source.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix index b3ce743ca..e3ca472e4 100644 --- a/makefu/1systems/gum/source.nix +++ b/makefu/1systems/gum/source.nix @@ -1,4 +1,5 @@ import { name="gum"; torrent = true; + clever_kexec = true; } From e26634bb487a37553d12fc4335a8c1f278cbcf93 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:48:31 +0200 Subject: [PATCH 8/9] ma wbob.r: allow port 3000 --- makefu/1systems/wbob/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 42f3bddb1..3cf3274f9 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -52,9 +52,10 @@ in { db = "collectd_db"; logging-interface = "enp0s25"; in { + networking.firewall.allowedTCPPorts = [ 3000 ]; + services.grafana.enable = true; services.grafana.addr = "0.0.0.0"; - services.influxdb.enable = true; services.influxdb.extraConfig = { meta.hostname = config.krebs.build.host.name; From dd71e3f657fb8680a83a47cc2e9bc7a0478240be Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:49:02 +0200 Subject: [PATCH 9/9] ma omo.r: re-enable torrent --- makefu/1systems/omo/config.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index bed6ae9fd..a85d5f5ce 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -50,6 +50,7 @@ in { + # # # @@ -85,7 +86,7 @@ in { # - # + # # @@ -100,7 +101,7 @@ in { makefu.full-populate = true; makefu.server.primary-itf = primaryInterface; krebs.rtorrent = { - downloadDir = lib.mkForce "/media/crypt0/torrent"; + downloadDir = lib.mkForce "/media/cryptX/torrent"; extraConfig = '' upload_rate = 200 '';