Merge branch 'master' into 20.09
This commit is contained in:
commit
edf61887ab
0
krebs/0tests/data/secrets/initrd/host_ecdsa.pub
Normal file
0
krebs/0tests/data/secrets/initrd/host_ecdsa.pub
Normal file
0
krebs/0tests/data/secrets/initrd/host_ecdsa_key
Normal file
0
krebs/0tests/data/secrets/initrd/host_ecdsa_key
Normal file
0
krebs/0tests/data/secrets/initrd/hostname
Normal file
0
krebs/0tests/data/secrets/initrd/hostname
Normal file
@ -7,19 +7,104 @@
|
||||
<stockholm/krebs/2configs/secret-passwords.nix>
|
||||
<stockholm/krebs/2configs/hw/x220.nix>
|
||||
|
||||
|
||||
## initrd unlocking
|
||||
# (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase'
|
||||
<stockholm/krebs/2configs/tor/initrd.nix>
|
||||
|
||||
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
||||
<stockholm/krebs/2configs/binary-cache/prism.nix>
|
||||
<stockholm/krebs/2configs/go.nix>
|
||||
<stockholm/krebs/2configs/ircd.nix>
|
||||
<stockholm/krebs/2configs/news.nix>
|
||||
<stockholm/krebs/2configs/news-spam.nix>
|
||||
|
||||
### shackspace
|
||||
# handle the worlddomination map via coap
|
||||
<stockholm/krebs/2configs/shack/worlddomination.nix>
|
||||
<stockholm/krebs/2configs/shack/ssh-keys.nix>
|
||||
|
||||
# drivedroid.shack for shackphone
|
||||
<stockholm/krebs/2configs/shack/drivedroid.nix>
|
||||
# <stockholm/krebs/2configs/shack/nix-cacher.nix>
|
||||
|
||||
# Say if muell will be collected
|
||||
<stockholm/krebs/2configs/shack/muell_caller.nix>
|
||||
# provide muellshack api: muell.shack
|
||||
<stockholm/krebs/2configs/shack/muellshack.nix>
|
||||
# send mail if muell was not handled
|
||||
<stockholm/krebs/2configs/shack/muell_mail.nix>
|
||||
|
||||
# provide light control api
|
||||
<stockholm/krebs/2configs/shack/node-light.nix> # light.shack lounge.light.shack power.light.shack openhab.shack lightapi.shack
|
||||
# light.shack web-ui
|
||||
<stockholm/krebs/2configs/shack/light.shack.nix> #light.shack
|
||||
|
||||
# powerraw usb serial to mqtt and raw socket
|
||||
<stockholm/krebs/2configs/shack/powerraw.nix> # powerraw.shack standby.shack
|
||||
# send power stats to s3
|
||||
<stockholm/krebs/2configs/shack/s3-power.nix> # powerraw.shack must be available
|
||||
|
||||
|
||||
{ # do not log to /var/spool/log
|
||||
services.nginx.appendHttpConfig = ''
|
||||
map $request_method $loggable {
|
||||
default 1;
|
||||
GET 0;
|
||||
}
|
||||
log_format vhost '$host $remote_addr - $remote_user '
|
||||
'[$time_local] "$request" $status '
|
||||
'$body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent"';
|
||||
error_log stderr;
|
||||
access_log syslog:server=unix:/dev/log vhost;
|
||||
'';
|
||||
services.journald.rateLimitBurst = 10000;
|
||||
}
|
||||
|
||||
# create samba share for anonymous usage with the laser and 3d printer pc
|
||||
<stockholm/krebs/2configs/shack/share.nix>
|
||||
|
||||
# mobile.lounge.mpd.shack
|
||||
<stockholm/krebs/2configs/shack/mobile.mpd.nix>
|
||||
|
||||
# hass.shack
|
||||
<stockholm/krebs/2configs/shack/glados>
|
||||
|
||||
# connect to git.shackspace.de as group runner for rz
|
||||
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
|
||||
|
||||
# Statistics collection and visualization
|
||||
# <stockholm/krebs/2configs/shack/graphite.nix> # graphiteApi is broken and unused(hopefully)
|
||||
## Collect data from mqtt.shack and store in graphite database
|
||||
<stockholm/krebs/2configs/shack/mqtt_sub.nix>
|
||||
## Collect radioactive data and put into graphite
|
||||
<stockholm/krebs/2configs/shack/radioactive.nix>
|
||||
## mqtt.shack
|
||||
<stockholm/krebs/2configs/shack/mqtt.nix>
|
||||
## influx.shack
|
||||
<stockholm/krebs/2configs/shack/influx.nix>
|
||||
|
||||
## Collect local statistics via collectd and send to collectd
|
||||
<stockholm/krebs/2configs/stats/shack-client.nix>
|
||||
<stockholm/krebs/2configs/stats/shack-debugging.nix>
|
||||
|
||||
## netbox.shack: Netbox is disabled as nobody seems to be using it anyway
|
||||
# <stockholm/krebs/2configs/shack/netbox.nix>
|
||||
|
||||
# grafana.shack
|
||||
<stockholm/krebs/2configs/shack/grafana.nix>
|
||||
|
||||
# shackdns.shack
|
||||
# replacement for leases.shack and shackles.shack
|
||||
<stockholm/krebs/2configs/shack/shackDNS.nix>
|
||||
|
||||
# monitoring: prometheus.shack
|
||||
<stockholm/krebs/2configs/shack/prometheus/node.nix>
|
||||
<stockholm/krebs/2configs/shack/prometheus/server.nix>
|
||||
<stockholm/krebs/2configs/shack/prometheus/blackbox.nix>
|
||||
<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
|
||||
<stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix>
|
||||
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
|
||||
|
||||
## Collect local statistics via collectd and send to collectd
|
||||
<stockholm/krebs/2configs/stats/shack-client.nix>
|
||||
|
@ -14,85 +14,15 @@ in
|
||||
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
||||
<stockholm/krebs/2configs/binary-cache/prism.nix>
|
||||
|
||||
# handle the worlddomination map via coap
|
||||
<stockholm/krebs/2configs/shack/worlddomination.nix>
|
||||
<stockholm/krebs/2configs/shack/ssh-keys.nix>
|
||||
#### shackspace services
|
||||
<stockholm/krebs/2configs/shack/share.nix> # wolf.shack
|
||||
|
||||
# drivedroid.shack for shackphone
|
||||
<stockholm/krebs/2configs/shack/drivedroid.nix>
|
||||
# <stockholm/krebs/2configs/shack/nix-cacher.nix>
|
||||
# Say if muell will be collected
|
||||
<stockholm/krebs/2configs/shack/muell_caller.nix>
|
||||
# provide muellshack api
|
||||
<stockholm/krebs/2configs/shack/muellshack.nix>
|
||||
# provide light control api
|
||||
<stockholm/krebs/2configs/shack/node-light.nix>
|
||||
# light.shack web-ui
|
||||
<stockholm/krebs/2configs/shack/light.shack.nix>
|
||||
# send mail if muell was not handled
|
||||
<stockholm/krebs/2configs/shack/muell_mail.nix>
|
||||
# send mail if muell was not handled
|
||||
<stockholm/krebs/2configs/shack/s3-power.nix>
|
||||
# powerraw usb serial to mqtt and raw socket
|
||||
<stockholm/krebs/2configs/shack/powerraw.nix>
|
||||
|
||||
{ # do not log to /var/spool/log
|
||||
services.nginx.appendHttpConfig = ''
|
||||
map $request_method $loggable {
|
||||
default 1;
|
||||
GET 0;
|
||||
}
|
||||
log_format vhost '$host $remote_addr - $remote_user '
|
||||
'[$time_local] "$request" $status '
|
||||
'$body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent"';
|
||||
error_log stderr;
|
||||
access_log syslog:server=unix:/dev/log vhost;
|
||||
'';
|
||||
services.journald.rateLimitBurst = 10000;
|
||||
}
|
||||
|
||||
# create samba share for anonymous usage with the laser and 3d printer pc
|
||||
<stockholm/krebs/2configs/shack/share.nix>
|
||||
|
||||
# mobile.lounge.mpd.shack
|
||||
<stockholm/krebs/2configs/shack/mobile.mpd.nix>
|
||||
|
||||
# hass.shack
|
||||
<stockholm/krebs/2configs/shack/glados>
|
||||
|
||||
# connect to git.shackspace.de as group runner for rz
|
||||
# gitlab runner
|
||||
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
|
||||
|
||||
# Statistics collection and visualization
|
||||
# <stockholm/krebs/2configs/shack/graphite.nix> # graphiteApi is broken and unused(hopefully)
|
||||
## Collect data from mqtt.shack and store in graphite database
|
||||
<stockholm/krebs/2configs/shack/mqtt_sub.nix>
|
||||
## Collect radioactive data and put into graphite
|
||||
<stockholm/krebs/2configs/shack/radioactive.nix>
|
||||
## mqtt.shack
|
||||
<stockholm/krebs/2configs/shack/mqtt.nix>
|
||||
## influx.shack
|
||||
<stockholm/krebs/2configs/shack/influx.nix>
|
||||
|
||||
## Collect local statistics via collectd and send to collectd
|
||||
<stockholm/krebs/2configs/stats/shack-client.nix>
|
||||
<stockholm/krebs/2configs/stats/shack-debugging.nix>
|
||||
|
||||
<stockholm/krebs/2configs/shack/netbox.nix>
|
||||
# prometheus.shack
|
||||
#<stockholm/krebs/2configs/shack/prometheus/server.nix>
|
||||
<stockholm/krebs/2configs/shack/prometheus/node.nix>
|
||||
#<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
|
||||
# grafana.shack
|
||||
<stockholm/krebs/2configs/shack/grafana.nix>
|
||||
|
||||
# shackdns.shack
|
||||
# replacement for leases.shack and shackles.shack
|
||||
<stockholm/krebs/2configs/shack/shackDNS.nix>
|
||||
|
||||
# misc
|
||||
<stockholm/krebs/2configs/shack/ssh-keys.nix>
|
||||
<stockholm/krebs/2configs/save-diskspace.nix>
|
||||
<stockholm/krebs/2configs/shack/prometheus/node.nix>
|
||||
|
||||
];
|
||||
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
||||
|
@ -37,6 +37,9 @@
|
||||
# for legacy systems
|
||||
client min protocol = NT1
|
||||
server min protocol = NT1
|
||||
workgroup = WORKGROUP
|
||||
server string = ${config.networking.hostName}
|
||||
netbios name = ${config.networking.hostName}
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
50
krebs/2configs/tor/initrd.nix
Normal file
50
krebs/2configs/tor/initrd.nix
Normal file
@ -0,0 +1,50 @@
|
||||
{config, pkgs, ... }:
|
||||
## unlock command:
|
||||
# (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase'
|
||||
{
|
||||
boot.initrd.network.enable = true;
|
||||
boot.initrd.network.ssh = {
|
||||
enable = true;
|
||||
port = 22;
|
||||
authorizedKeys = [
|
||||
config.krebs.users.jeschli-brauerei.pubkey
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.lass-mors.pubkey
|
||||
config.krebs.users.makefu.pubkey
|
||||
config.krebs.users.tv.pubkey
|
||||
];
|
||||
hostECDSAKey = <secrets/initrd/host_ecdsa_key>;
|
||||
};
|
||||
boot.initrd.availableKernelModules = [ "e1000e" ];
|
||||
|
||||
boot.initrd.secrets = {
|
||||
"/etc/tor/onion/bootup" = <secrets/initrd>;
|
||||
};
|
||||
|
||||
boot.initrd.extraUtilsCommands = ''
|
||||
copy_bin_and_libs ${pkgs.tor}/bin/tor
|
||||
'';
|
||||
|
||||
# start tor during boot process
|
||||
boot.initrd.network.postCommands = let
|
||||
torRc = (pkgs.writeText "tor.rc" ''
|
||||
DataDirectory /etc/tor
|
||||
SOCKSPort 127.0.0.1:9050 IsolateDestAddr
|
||||
SOCKSPort 127.0.0.1:9063
|
||||
HiddenServiceDir /etc/tor/onion/bootup
|
||||
HiddenServicePort 22 127.0.0.1:22
|
||||
'');
|
||||
in ''
|
||||
echo "tor: preparing onion folder"
|
||||
# have to do this otherwise tor does not want to start
|
||||
chmod -R 700 /etc/tor
|
||||
|
||||
echo "make sure localhost is up"
|
||||
ip a a 127.0.0.1/8 dev lo
|
||||
ip link set lo up
|
||||
|
||||
echo "tor: starting tor"
|
||||
tor -f ${torRc} --verify-config
|
||||
tor -f ${torRc} &
|
||||
'';
|
||||
}
|
@ -47,6 +47,7 @@ in {
|
||||
# <stockholm/makefu/2configs/legacy_only.nix>
|
||||
|
||||
<stockholm/makefu/2configs/share/omo.nix>
|
||||
<stockholm/makefu/2configs/share/gum-client.nix>
|
||||
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
|
||||
{ krebs.airdcpp.dcpp.shares = let
|
||||
d = path: "/media/cryptX/${path}";
|
||||
|
@ -12,6 +12,9 @@
|
||||
WorkingDirectory = "/var/lib/kalauerbot";
|
||||
ExecStart = "${pkgs.kalauerbot}/bin/kalauerbot";
|
||||
PrivateTmp = true;
|
||||
|
||||
Restart = "always";
|
||||
RuntimeMaxSec = "12h";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
7
makefu/2configs/hw/droidcam.nix
Normal file
7
makefu/2configs/hw/droidcam.nix
Normal file
@ -0,0 +1,7 @@
|
||||
{ pkgs, config, ... }:
|
||||
{
|
||||
boot.extraModprobeConfig = "options v4l2loopback_dc width=640 height=480";
|
||||
boot.extraModulePackages = [
|
||||
(pkgs.callPackage ../../5pkgs/v4l2loopback-dc { kernel = config.boot.kernelPackages.kernel; })
|
||||
];
|
||||
}
|
@ -81,4 +81,5 @@
|
||||
"net.ipv6.conf.all.use_tempaddr" = 2;
|
||||
"net.ipv6.conf.default.use_tempaddr" = 2;
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -21,16 +21,20 @@ in {
|
||||
hardware.sane = {
|
||||
enable = true;
|
||||
extraBackends = [ ];
|
||||
netConf =
|
||||
# drucker.lan SCX-3205W
|
||||
''
|
||||
192.168.1.6''
|
||||
# uhrenkind.shack magicolor 1690mf
|
||||
+ ''
|
||||
10.42.20.30'';
|
||||
|
||||
# $ scanimage -p --format=jpg --mode=Gray --source="Automatic Document Feeder" -v --batch="lol%d.jpg" --resolution=150
|
||||
|
||||
# requires 'sane-extra', scan via:
|
||||
#extraConfig."magicolor" = ''
|
||||
# net 10.42.20.30 0x2098
|
||||
#''; # 10.42.20.30: uhrenkind.shack magicolor 1690mf
|
||||
extraConfig."xerox_mfp" = ''
|
||||
tcp 192.168.1.5
|
||||
''; #home printer SCX-3205W
|
||||
extraConfig."magicolor" = ''
|
||||
net 10.42.20.30 0x2098
|
||||
''; # 10.42.20.30: uhrenkind.shack magicolor 1690mf
|
||||
};
|
||||
state = [ "/var/lib/cups" ];
|
||||
}
|
||||
|
@ -10,6 +10,14 @@
|
||||
system = "x86_64-linux";
|
||||
supportedFeatures = [ ];
|
||||
}
|
||||
{
|
||||
hostName = "gum.krebsco.de";
|
||||
maxJobs = 8;
|
||||
sshKey = toString <secrets/id_nixBuild>;
|
||||
sshUser = "nixBuild";
|
||||
system = "armv6l-linux";
|
||||
supportedFeatures = [ ];
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
|
@ -82,6 +82,9 @@ in {
|
||||
printing = bsd
|
||||
printcap name = /dev/null
|
||||
disable spoolss = yes
|
||||
workgroup = WORKGROUP
|
||||
server string = ${config.networking.hostName}
|
||||
netbios name = ${config.networking.hostName}
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
@ -34,6 +34,9 @@ in {
|
||||
https://pypi.python.org/simple/pyserial/
|
||||
https://pypi.python.org/simple/semantic_version/
|
||||
# weird shit
|
||||
{ url = "https://www.zigbee2mqtt.io/information/supported_adapters.html";
|
||||
filter = "html2text";
|
||||
}
|
||||
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
|
||||
https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
|
||||
|
||||
|
@ -54,4 +54,10 @@ in { # wireguard server
|
||||
}
|
||||
];
|
||||
};
|
||||
# TODO: this issue is related to the router which connects to the host but is
|
||||
# unable to re-connect once restarted
|
||||
systemd.services.wireguard-wg0.serviceConfig = {
|
||||
Restart = "always";
|
||||
RuntimeMaxSec = "12h";
|
||||
};
|
||||
}
|
||||
|
55
makefu/5pkgs/droidcam/default.nix
Normal file
55
makefu/5pkgs/droidcam/default.nix
Normal file
@ -0,0 +1,55 @@
|
||||
{ stdenv, fetchFromGitHub
|
||||
, pkg-config
|
||||
, alsaLib
|
||||
, libjpeg_turbo
|
||||
, ffmpeg
|
||||
, libusbmuxd
|
||||
, speex
|
||||
, gtk3
|
||||
, libappindicator-gtk3
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "droidcam";
|
||||
version = "1.6";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "aramg";
|
||||
repo = "droidcam";
|
||||
rev = "v${version}";
|
||||
sha256 = "1d9qpnmqa3pfwsrpjnxdz76ipk4w37bbxyrazchh4vslnfc886fx";
|
||||
};
|
||||
|
||||
sourceRoot = "source/linux";
|
||||
|
||||
nativeBuildInputs = [ pkg-config ];
|
||||
buildInputs = [
|
||||
alsaLib
|
||||
libjpeg_turbo
|
||||
ffmpeg
|
||||
libusbmuxd
|
||||
speex
|
||||
gtk3
|
||||
libappindicator-gtk3
|
||||
];
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
make JPEG_DIR="" JPEG_INCLUDE="" JPEG_LIB="" JPEG="$(pkg-config --libs --cflags libturbojpeg)"
|
||||
'';
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
install -Dm755 "droidcam" "$out/bin/droidcam"
|
||||
install -Dm755 "droidcam-cli" "$out/bin/droidcam-cli"
|
||||
install -Dm644 icon2.png "$out/share/pixmaps/droidcam.png"
|
||||
install -Dm644 README.md "$out/share/licenses/droidcam/LICENSE"
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A kernel module to create V4L2 loopback devices";
|
||||
homepage = "https://github.com/aramg/droidcam";
|
||||
license = licenses.gpl2;
|
||||
maintainers = [ maintainers.makefu ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
14
makefu/5pkgs/kalauerbot/badsync.patch
Normal file
14
makefu/5pkgs/kalauerbot/badsync.patch
Normal file
@ -0,0 +1,14 @@
|
||||
diff --git a/matrix_client/client.py b/matrix_client/client.py
|
||||
index af0e08f..f848c4f 100644
|
||||
--- a/matrix_client/client.py
|
||||
+++ b/matrix_client/client.py
|
||||
@@ -471,7 +471,7 @@ class MatrixClient(object):
|
||||
self._sync(timeout_ms)
|
||||
|
||||
def listen_forever(self, timeout_ms=30000, exception_handler=None,
|
||||
- bad_sync_timeout=5):
|
||||
+ bad_sync_timeout=61):
|
||||
""" Keep listening for events forever.
|
||||
|
||||
Args:
|
||||
|
@ -8,7 +8,12 @@ rev = "08d98aa";
|
||||
sha256 = "017hh61smgq4zsxd10brgwmykwgwabgllxjs31xayvs1hnqmkv2v";
|
||||
};
|
||||
propagatedBuildInputs = with python3.pkgs;[
|
||||
(callPackage ./python-matrixbot.nix {})
|
||||
(callPackage ./python-matrixbot.nix {
|
||||
matrix-client = (stdenv.lib.overrideDerivation matrix-client (self: {
|
||||
patches = [ ./badsync.patch ];
|
||||
}));
|
||||
})
|
||||
|
||||
(stdenv.lib.overrideDerivation googletrans (self: {
|
||||
patches = [ ./translate.patch ];
|
||||
}))
|
||||
|
36
makefu/5pkgs/v4l2loopback-dc/default.nix
Normal file
36
makefu/5pkgs/v4l2loopback-dc/default.nix
Normal file
@ -0,0 +1,36 @@
|
||||
{ stdenv, fetchFromGitHub, kernel, kmod }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "v4l2loopback-dc-${version}-${kernel.version}";
|
||||
version = "1.6";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "aramg";
|
||||
repo = "droidcam";
|
||||
rev = "v${version}";
|
||||
sha256 = "1d9qpnmqa3pfwsrpjnxdz76ipk4w37bbxyrazchh4vslnfc886fx";
|
||||
};
|
||||
|
||||
sourceRoot = "source/linux/v4l2loopback";
|
||||
|
||||
buildTargets = "v4l2loopback-dc";
|
||||
hardeningDisable = [ "pic" ];
|
||||
|
||||
nativeBuildInputs = kernel.moduleBuildDependencies;
|
||||
buildInputs = [ kmod ];
|
||||
|
||||
|
||||
makeFlags = [
|
||||
"KERNELRELEASE=${kernel.modDirVersion}"
|
||||
"KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
|
||||
"INSTALL_MOD_PATH=$(out)"
|
||||
];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A kernel module to create V4L2 loopback devices";
|
||||
homepage = "https://github.com/aramg/droidcam";
|
||||
license = licenses.gpl2;
|
||||
maintainers = [ maintainers.makefu ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user