Merge branch 'master' into 20.09

This commit is contained in:
makefu 2020-11-16 21:39:22 +01:00
commit edf61887ab
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
22 changed files with 297 additions and 83 deletions

View File

@ -7,19 +7,104 @@
<stockholm/krebs/2configs/secret-passwords.nix>
<stockholm/krebs/2configs/hw/x220.nix>
## initrd unlocking
# (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase'
<stockholm/krebs/2configs/tor/initrd.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
<stockholm/krebs/2configs/go.nix>
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/news.nix>
<stockholm/krebs/2configs/news-spam.nix>
### shackspace
# handle the worlddomination map via coap
<stockholm/krebs/2configs/shack/worlddomination.nix>
<stockholm/krebs/2configs/shack/ssh-keys.nix>
# drivedroid.shack for shackphone
<stockholm/krebs/2configs/shack/drivedroid.nix>
# <stockholm/krebs/2configs/shack/nix-cacher.nix>
# Say if muell will be collected
<stockholm/krebs/2configs/shack/muell_caller.nix>
# provide muellshack api: muell.shack
<stockholm/krebs/2configs/shack/muellshack.nix>
# send mail if muell was not handled
<stockholm/krebs/2configs/shack/muell_mail.nix>
# provide light control api
<stockholm/krebs/2configs/shack/node-light.nix> # light.shack lounge.light.shack power.light.shack openhab.shack lightapi.shack
# light.shack web-ui
<stockholm/krebs/2configs/shack/light.shack.nix> #light.shack
# powerraw usb serial to mqtt and raw socket
<stockholm/krebs/2configs/shack/powerraw.nix> # powerraw.shack standby.shack
# send power stats to s3
<stockholm/krebs/2configs/shack/s3-power.nix> # powerraw.shack must be available
{ # do not log to /var/spool/log
services.nginx.appendHttpConfig = ''
map $request_method $loggable {
default 1;
GET 0;
}
log_format vhost '$host $remote_addr - $remote_user '
'[$time_local] "$request" $status '
'$body_bytes_sent "$http_referer" '
'"$http_user_agent"';
error_log stderr;
access_log syslog:server=unix:/dev/log vhost;
'';
services.journald.rateLimitBurst = 10000;
}
# create samba share for anonymous usage with the laser and 3d printer pc
<stockholm/krebs/2configs/shack/share.nix>
# mobile.lounge.mpd.shack
<stockholm/krebs/2configs/shack/mobile.mpd.nix>
# hass.shack
<stockholm/krebs/2configs/shack/glados>
# connect to git.shackspace.de as group runner for rz
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
# Statistics collection and visualization
# <stockholm/krebs/2configs/shack/graphite.nix> # graphiteApi is broken and unused(hopefully)
## Collect data from mqtt.shack and store in graphite database
<stockholm/krebs/2configs/shack/mqtt_sub.nix>
## Collect radioactive data and put into graphite
<stockholm/krebs/2configs/shack/radioactive.nix>
## mqtt.shack
<stockholm/krebs/2configs/shack/mqtt.nix>
## influx.shack
<stockholm/krebs/2configs/shack/influx.nix>
## Collect local statistics via collectd and send to collectd
<stockholm/krebs/2configs/stats/shack-client.nix>
<stockholm/krebs/2configs/stats/shack-debugging.nix>
## netbox.shack: Netbox is disabled as nobody seems to be using it anyway
# <stockholm/krebs/2configs/shack/netbox.nix>
# grafana.shack
<stockholm/krebs/2configs/shack/grafana.nix>
# shackdns.shack
# replacement for leases.shack and shackles.shack
<stockholm/krebs/2configs/shack/shackDNS.nix>
# monitoring: prometheus.shack
<stockholm/krebs/2configs/shack/prometheus/node.nix>
<stockholm/krebs/2configs/shack/prometheus/server.nix>
<stockholm/krebs/2configs/shack/prometheus/blackbox.nix>
<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
<stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix>
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
## Collect local statistics via collectd and send to collectd
<stockholm/krebs/2configs/stats/shack-client.nix>

View File

@ -14,85 +14,15 @@ in
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
# handle the worlddomination map via coap
<stockholm/krebs/2configs/shack/worlddomination.nix>
<stockholm/krebs/2configs/shack/ssh-keys.nix>
#### shackspace services
<stockholm/krebs/2configs/shack/share.nix> # wolf.shack
# drivedroid.shack for shackphone
<stockholm/krebs/2configs/shack/drivedroid.nix>
# <stockholm/krebs/2configs/shack/nix-cacher.nix>
# Say if muell will be collected
<stockholm/krebs/2configs/shack/muell_caller.nix>
# provide muellshack api
<stockholm/krebs/2configs/shack/muellshack.nix>
# provide light control api
<stockholm/krebs/2configs/shack/node-light.nix>
# light.shack web-ui
<stockholm/krebs/2configs/shack/light.shack.nix>
# send mail if muell was not handled
<stockholm/krebs/2configs/shack/muell_mail.nix>
# send mail if muell was not handled
<stockholm/krebs/2configs/shack/s3-power.nix>
# powerraw usb serial to mqtt and raw socket
<stockholm/krebs/2configs/shack/powerraw.nix>
{ # do not log to /var/spool/log
services.nginx.appendHttpConfig = ''
map $request_method $loggable {
default 1;
GET 0;
}
log_format vhost '$host $remote_addr - $remote_user '
'[$time_local] "$request" $status '
'$body_bytes_sent "$http_referer" '
'"$http_user_agent"';
error_log stderr;
access_log syslog:server=unix:/dev/log vhost;
'';
services.journald.rateLimitBurst = 10000;
}
# create samba share for anonymous usage with the laser and 3d printer pc
<stockholm/krebs/2configs/shack/share.nix>
# mobile.lounge.mpd.shack
<stockholm/krebs/2configs/shack/mobile.mpd.nix>
# hass.shack
<stockholm/krebs/2configs/shack/glados>
# connect to git.shackspace.de as group runner for rz
# gitlab runner
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
# Statistics collection and visualization
# <stockholm/krebs/2configs/shack/graphite.nix> # graphiteApi is broken and unused(hopefully)
## Collect data from mqtt.shack and store in graphite database
<stockholm/krebs/2configs/shack/mqtt_sub.nix>
## Collect radioactive data and put into graphite
<stockholm/krebs/2configs/shack/radioactive.nix>
## mqtt.shack
<stockholm/krebs/2configs/shack/mqtt.nix>
## influx.shack
<stockholm/krebs/2configs/shack/influx.nix>
## Collect local statistics via collectd and send to collectd
<stockholm/krebs/2configs/stats/shack-client.nix>
<stockholm/krebs/2configs/stats/shack-debugging.nix>
<stockholm/krebs/2configs/shack/netbox.nix>
# prometheus.shack
#<stockholm/krebs/2configs/shack/prometheus/server.nix>
<stockholm/krebs/2configs/shack/prometheus/node.nix>
#<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
# grafana.shack
<stockholm/krebs/2configs/shack/grafana.nix>
# shackdns.shack
# replacement for leases.shack and shackles.shack
<stockholm/krebs/2configs/shack/shackDNS.nix>
# misc
<stockholm/krebs/2configs/shack/ssh-keys.nix>
<stockholm/krebs/2configs/save-diskspace.nix>
<stockholm/krebs/2configs/shack/prometheus/node.nix>
];
# use your own binary cache, fallback use cache.nixos.org (which is used by

View File

@ -37,6 +37,9 @@
# for legacy systems
client min protocol = NT1
server min protocol = NT1
workgroup = WORKGROUP
server string = ${config.networking.hostName}
netbios name = ${config.networking.hostName}
'';
};
}

View File

@ -0,0 +1,50 @@
{config, pkgs, ... }:
## unlock command:
# (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase'
{
boot.initrd.network.enable = true;
boot.initrd.network.ssh = {
enable = true;
port = 22;
authorizedKeys = [
config.krebs.users.jeschli-brauerei.pubkey
config.krebs.users.lass.pubkey
config.krebs.users.lass-mors.pubkey
config.krebs.users.makefu.pubkey
config.krebs.users.tv.pubkey
];
hostECDSAKey = <secrets/initrd/host_ecdsa_key>;
};
boot.initrd.availableKernelModules = [ "e1000e" ];
boot.initrd.secrets = {
"/etc/tor/onion/bootup" = <secrets/initrd>;
};
boot.initrd.extraUtilsCommands = ''
copy_bin_and_libs ${pkgs.tor}/bin/tor
'';
# start tor during boot process
boot.initrd.network.postCommands = let
torRc = (pkgs.writeText "tor.rc" ''
DataDirectory /etc/tor
SOCKSPort 127.0.0.1:9050 IsolateDestAddr
SOCKSPort 127.0.0.1:9063
HiddenServiceDir /etc/tor/onion/bootup
HiddenServicePort 22 127.0.0.1:22
'');
in ''
echo "tor: preparing onion folder"
# have to do this otherwise tor does not want to start
chmod -R 700 /etc/tor
echo "make sure localhost is up"
ip a a 127.0.0.1/8 dev lo
ip link set lo up
echo "tor: starting tor"
tor -f ${torRc} --verify-config
tor -f ${torRc} &
'';
}

View File

@ -47,6 +47,7 @@ in {
# <stockholm/makefu/2configs/legacy_only.nix>
<stockholm/makefu/2configs/share/omo.nix>
<stockholm/makefu/2configs/share/gum-client.nix>
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
{ krebs.airdcpp.dcpp.shares = let
d = path: "/media/cryptX/${path}";

View File

@ -12,6 +12,9 @@
WorkingDirectory = "/var/lib/kalauerbot";
ExecStart = "${pkgs.kalauerbot}/bin/kalauerbot";
PrivateTmp = true;
Restart = "always";
RuntimeMaxSec = "12h";
};
};
}

View File

@ -0,0 +1,7 @@
{ pkgs, config, ... }:
{
boot.extraModprobeConfig = "options v4l2loopback_dc width=640 height=480";
boot.extraModulePackages = [
(pkgs.callPackage ../../5pkgs/v4l2loopback-dc { kernel = config.boot.kernelPackages.kernel; })
];
}

View File

@ -81,4 +81,5 @@
"net.ipv6.conf.all.use_tempaddr" = 2;
"net.ipv6.conf.default.use_tempaddr" = 2;
};
}

View File

@ -21,16 +21,20 @@ in {
hardware.sane = {
enable = true;
extraBackends = [ ];
netConf =
# drucker.lan SCX-3205W
''
192.168.1.6''
# uhrenkind.shack magicolor 1690mf
+ ''
10.42.20.30'';
# $ scanimage -p --format=jpg --mode=Gray --source="Automatic Document Feeder" -v --batch="lol%d.jpg" --resolution=150
# requires 'sane-extra', scan via:
#extraConfig."magicolor" = ''
# net 10.42.20.30 0x2098
#''; # 10.42.20.30: uhrenkind.shack magicolor 1690mf
extraConfig."xerox_mfp" = ''
tcp 192.168.1.5
''; #home printer SCX-3205W
extraConfig."magicolor" = ''
net 10.42.20.30 0x2098
''; # 10.42.20.30: uhrenkind.shack magicolor 1690mf
};
state = [ "/var/lib/cups" ];
}

View File

@ -10,6 +10,14 @@
system = "x86_64-linux";
supportedFeatures = [ ];
}
{
hostName = "gum.krebsco.de";
maxJobs = 8;
sshKey = toString <secrets/id_nixBuild>;
sshUser = "nixBuild";
system = "armv6l-linux";
supportedFeatures = [ ];
}
];
};
}

View File

@ -82,6 +82,9 @@ in {
printing = bsd
printcap name = /dev/null
disable spoolss = yes
workgroup = WORKGROUP
server string = ${config.networking.hostName}
netbios name = ${config.networking.hostName}
'';
};
}

View File

@ -34,6 +34,9 @@ in {
https://pypi.python.org/simple/pyserial/
https://pypi.python.org/simple/semantic_version/
# weird shit
{ url = "https://www.zigbee2mqtt.io/information/supported_adapters.html";
filter = "html2text";
}
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack

View File

@ -54,4 +54,10 @@ in { # wireguard server
}
];
};
# TODO: this issue is related to the router which connects to the host but is
# unable to re-connect once restarted
systemd.services.wireguard-wg0.serviceConfig = {
Restart = "always";
RuntimeMaxSec = "12h";
};
}

View File

@ -0,0 +1,55 @@
{ stdenv, fetchFromGitHub
, pkg-config
, alsaLib
, libjpeg_turbo
, ffmpeg
, libusbmuxd
, speex
, gtk3
, libappindicator-gtk3
}:
stdenv.mkDerivation rec {
pname = "droidcam";
version = "1.6";
src = fetchFromGitHub {
owner = "aramg";
repo = "droidcam";
rev = "v${version}";
sha256 = "1d9qpnmqa3pfwsrpjnxdz76ipk4w37bbxyrazchh4vslnfc886fx";
};
sourceRoot = "source/linux";
nativeBuildInputs = [ pkg-config ];
buildInputs = [
alsaLib
libjpeg_turbo
ffmpeg
libusbmuxd
speex
gtk3
libappindicator-gtk3
];
buildPhase = ''
runHook preBuild
make JPEG_DIR="" JPEG_INCLUDE="" JPEG_LIB="" JPEG="$(pkg-config --libs --cflags libturbojpeg)"
'';
installPhase = ''
runHook preInstall
install -Dm755 "droidcam" "$out/bin/droidcam"
install -Dm755 "droidcam-cli" "$out/bin/droidcam-cli"
install -Dm644 icon2.png "$out/share/pixmaps/droidcam.png"
install -Dm644 README.md "$out/share/licenses/droidcam/LICENSE"
'';
meta = with stdenv.lib; {
description = "A kernel module to create V4L2 loopback devices";
homepage = "https://github.com/aramg/droidcam";
license = licenses.gpl2;
maintainers = [ maintainers.makefu ];
platforms = platforms.linux;
};
}

View File

@ -0,0 +1,14 @@
diff --git a/matrix_client/client.py b/matrix_client/client.py
index af0e08f..f848c4f 100644
--- a/matrix_client/client.py
+++ b/matrix_client/client.py
@@ -471,7 +471,7 @@ class MatrixClient(object):
self._sync(timeout_ms)
def listen_forever(self, timeout_ms=30000, exception_handler=None,
- bad_sync_timeout=5):
+ bad_sync_timeout=61):
""" Keep listening for events forever.
Args:

View File

@ -8,7 +8,12 @@ rev = "08d98aa";
sha256 = "017hh61smgq4zsxd10brgwmykwgwabgllxjs31xayvs1hnqmkv2v";
};
propagatedBuildInputs = with python3.pkgs;[
(callPackage ./python-matrixbot.nix {})
(callPackage ./python-matrixbot.nix {
matrix-client = (stdenv.lib.overrideDerivation matrix-client (self: {
patches = [ ./badsync.patch ];
}));
})
(stdenv.lib.overrideDerivation googletrans (self: {
patches = [ ./translate.patch ];
}))

View File

@ -0,0 +1,36 @@
{ stdenv, fetchFromGitHub, kernel, kmod }:
stdenv.mkDerivation rec {
name = "v4l2loopback-dc-${version}-${kernel.version}";
version = "1.6";
src = fetchFromGitHub {
owner = "aramg";
repo = "droidcam";
rev = "v${version}";
sha256 = "1d9qpnmqa3pfwsrpjnxdz76ipk4w37bbxyrazchh4vslnfc886fx";
};
sourceRoot = "source/linux/v4l2loopback";
buildTargets = "v4l2loopback-dc";
hardeningDisable = [ "pic" ];
nativeBuildInputs = kernel.moduleBuildDependencies;
buildInputs = [ kmod ];
makeFlags = [
"KERNELRELEASE=${kernel.modDirVersion}"
"KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
"INSTALL_MOD_PATH=$(out)"
];
meta = with stdenv.lib; {
description = "A kernel module to create V4L2 loopback devices";
homepage = "https://github.com/aramg/droidcam";
license = licenses.gpl2;
maintainers = [ maintainers.makefu ];
platforms = platforms.linux;
};
}