Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2018-02-10 19:48:38 +01:00
commit f2aeaae4a4
15 changed files with 213 additions and 265 deletions

View File

@ -19,7 +19,7 @@ let
# __FRONT_
# |* d0 |
# | |
# |* d3 |
# |* d1 |
# | |
# |* d3 |
# | |
@ -68,6 +68,7 @@ in {
<stockholm/makefu/2configs/syncthing.nix>
<stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/deployment/google-muell.nix>
# security

View File

@ -18,7 +18,7 @@ in {
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/mqtt.nix>
# <stockholm/makefu/2configs/gui/wbob-kiosk.nix>
<stockholm/makefu/2configs/gui/wbob-kiosk.nix>
<stockholm/makefu/2configs/stats/client.nix>
@ -31,6 +31,63 @@ in {
# Services
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/share/wbob.nix>
(let
musicDirectory = "/data/music";
in {
services.mpd = {
enable = true;
inherit musicDirectory;
# dataDir = "/home/anders/.mpd";
network.listenAddress = "any";
extraConfig = ''
audio_output {
type "pulse"
name "Local MPD"
server "127.0.0.1"
}
'';
};
# open because of truestedInterfaces
# networking.firewall.allowedTCPPorts = [ 6600 4713 ];
services.samba.shares.music = {
path = musicDirectory;
"read only" = "no";
browseable = "yes";
"guest ok" = "yes";
};
sound.enable = true;
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
# systemWide = true;
support32Bit = true;
zeroconf.discovery.enable = true;
zeroconf.publish.enable = true;
tcp = {
enable = true;
anonymousClients.allowAll = true;
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.8.0/24" ];
};
configFile = pkgs.writeText "default.pa" ''
load-module module-udev-detect
load-module module-bluetooth-policy
load-module module-bluetooth-discover
load-module module-native-protocol-unix
load-module module-always-sink
load-module module-console-kit
load-module module-systemd-login
load-module module-intended-roles
load-module module-position-event-sounds
load-module module-filter-heuristics
load-module module-filter-apply
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
load-module module-switch-on-connect
'';
};
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true;
})
# Sensors
<stockholm/makefu/2configs/stats/telegraf>
@ -147,7 +204,10 @@ in {
boot.loader.grub.device = rootdisk;
hardware.cpu.intel.updateMicrocode = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.kernelModules = [ "kvm-intel"
"snd-seq" "snd-rawmidi"
];
fileSystems = {
"/" = {
device = rootdisk + "-part1";
@ -174,66 +234,4 @@ in {
serverAddress = "x.r";
};
};
security.wrappers.fping = {
source = "${pkgs.fping}/bin/fping";
setuid = true;
};
services.smokeping = {
enable = true;
targetConfig = ''
probe = FPing
menu = Top
title = Network Latency Grapher
remark = Welcome to this SmokePing website.
+ network
menu = Net latency
title = Network latency (ICMP pings)
++ google
probe = FPing
host = google.de
++ webde
probe = FPing
host = web.de
+ services
menu = Service latency
title = Service latency (DNS, HTTP)
++ HTTP
menu = HTTP latency
title = Service latency (HTTP)
+++ webdeping
probe = EchoPingHttp
host = web.de
+++ googwebping
probe = EchoPingHttp
host = google.de
#+++ webwww
#probe = Curl
#host = web.de
#+++ googwebwww
#probe = Curl
#host = google.de
'';
probeConfig = ''
+ FPing
binary = /run/wrappers/bin/fping
+ EchoPingHttp
pings = 5
url = /
#+ Curl
## probe-specific variables
#binary = ${pkgs.curl}/bin/curl
#step = 60
## a default for this target-specific variable
#urlformat = http://%host%/
'';
};
}

View File

@ -59,8 +59,9 @@ with import <stockholm/lib>;
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
# <stockholm/makefu/2configs/hw/tpm.nix>
<stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/wwan.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
<stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/rad1o.nix>
@ -82,13 +83,9 @@ with import <stockholm/lib>;
makefu.server.primary-itf = "wlp3s0";
makefu.full-populate = true;
makefu.umts.apn = "web.vodafone.de";
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [ pkgs.passwdqc-utils ];
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
@ -100,8 +97,15 @@ with import <stockholm/lib>;
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
networking.extraHosts = ''
192.168.1.11 omo.local
192.168.1.11 omo.local
'';
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
nix.package = pkgs.nixUnstable;
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ];
nixpkgs.overlays = [ (import <python/overlay.nix>) ];
# environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; };
}

View File

@ -0,0 +1,34 @@
{ config, lib, pkgs, buildPythonPackage, ... }:
with import <stockholm/lib>;
let
pkg = pkgs.ampel;
home = "/var/lib/ampel";
sec = "${toString <secrets>}/google-muell.json";
ampelsec = "${home}/google-muell.json";
esp = "192.168.1.23";
sleepval = "1800";
in {
users.users.ampel = {
uid = genid "ampel";
createHome = true;
isSystemUser = true;
inherit home;
};
systemd.services.google-muell-ampel = {
description = "Send led change to rgb cubes";
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "ampel";
ExecStartPre = pkgs.writeDash "copy-ampel-secrets" ''
cp ${sec} ${ampelsec}
chown ampel ${ampelsec}
'';
ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}";
PermissionsStartOnly = true;
Restart = "always";
RestartSec = 10;
PrivateTmp = true;
};
};
}

View File

@ -2,25 +2,7 @@
let
mq = "192.168.8.11";
pkg = pkgs.python3Packages.buildPythonPackage {
name = "ampel-master";
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel";
rev = "531741b";
sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c";
};
propagatedBuildInputs = with pkgs.python3Packages; [
docopt
paho-mqtt
requests
pytz
influxdb
httplib2
google_api_python_client
];
};
pkg = pkgs.ampel;
in {
systemd.services.led-fader = {
description = "Send led change to message queue";

View File

@ -48,13 +48,14 @@ in
fonts = [ pkgs.terminus_font ];
};
environment.systemPackages = with pkgs;[
pavucontrol
xlockmore
rxvt_unicode-with-plugins
firefox
];
users.extraUsers.${mainUser}.extraGroups = [ "audio" ];
users.users.${mainUser} = {
extraGroups = [ "audio" ];
packages = with pkgs;[
pavucontrol
xlockmore
rxvt_unicode-with-plugins
];
};
hardware.pulseaudio = {
enable = true;

View File

@ -1,11 +1,13 @@
{ lib, ... }:
{ pkgs, lib, ... }:
{
imports = [
./base.nix
];
users.users.makefu.packages = [ pkgs.chromium ];
services.xserver = {
layout = lib.mkForce "de";
xkbVariant = lib.mkForce "";
windowManager = lib.mkForce {
awesome.enable = false;
@ -16,7 +18,7 @@
# xrandrHeads = [ "HDMI1" "HDMI2" ];
# prevent screen from turning off, disable dpms
displayManager.sessionCommands = ''
xset s off -dpms
xset -display :0 s off -dpms
xrandr --output HDMI2 --right-of HDMI1
'';
};

View File

@ -0,0 +1,37 @@
{ pkgs, lib, ... }:
{
users.users.makefu = {
extraGroups = [ "networkmanager" ];
packages = with pkgs;[
networkmanagerapplet
gnome3.gnome_keyring gnome3.dconf
];
};
networking.wireless.enable = lib.mkForce false;
systemd.services.modemmanager = {
description = "ModemManager";
after = [ "network-manager.service" ];
bindsTo = [ "network-manager.service" ];
wantedBy = [ "network-manager.service" ];
serviceConfig = {
ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
PrivateTmp = true;
Restart = "always";
RestartSec = "5";
};
};
networking.networkmanager.enable = true;
# TODO: put somewhere else
services.xserver.displayManager.sessionCommands = ''
${pkgs.clipit}/bin/clipit &
${pkgs.networkmanagerapplet}/bin/nm-applet &
'';
# nixOSUnstable
# networking.networkmanager.wifi = {
# powersave = true;
# scanRandMacAddress = true;
# };
}

View File

@ -1,8 +0,0 @@
_:
{
makefu.umts = {
enable = true;
modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01";
};
}

View File

@ -14,8 +14,6 @@ _:
./snapraid.nix
./torrent.nix
./udpt.nix
./umts.nix
./wvdial.nix
];
}

View File

@ -1,84 +0,0 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
let
nixpkgs-1509 = import (pkgs.fetchFromGitHub {
owner = "NixOS"; repo = "nixpkgs-channels";
rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
}) {};
wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113
# TODO: currently it is only netzclub
umts-bin = pkgs.writeScriptBin "umts" ''
#!/bin/sh
set -euf
systemctl start umts
trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT
echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf
journalctl -xfu umts
'';
wvdial-defaults = ''
Phone = *99***1#
Dial Command = ATDT
Modem = ${cfg.modem-device}
Baud = 460800
Init1 = AT+CGDCONT=1,"IP","${config.makefu.umts.apn}","",0,0
Init2 = ATZ
Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ISDN = 0
Modem Type = Analog Modem
Username = netzclub
Password = netzclub
Stupid Mode = 1
Idle Seconds = 0'';
cfg = config.makefu.umts;
out = {
options.makefu.umts = api;
config = lib.mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "umts";
modem-device = mkOption {
default = "/dev/ttyUSB0";
type = types.str;
description = ''
path to modem device, use <filename>/dev/serial/by-id/...</filename>
to avoid race conditions.
'';
};
apn = mkOption {
default = "pinternet.interkom.de";
type = types.str;
description = ''
apn to use for dailing
'';
};
};
imp = {
environment.shellAliases = {
umts = "sudo ${umts-bin}/bin/umts";
};
environment.systemPackages = [ ];
environment.wvdial.dialerDefaults = wvdial-defaults;
systemd.services.umts = {
description = "UMTS wvdial Service";
serviceConfig = {
Type = "simple";
Restart = "always";
RestartSec = "10s";
ExecStart = "${wvdial}/bin/wvdial -n";
};
};
};
in out

View File

@ -1,71 +0,0 @@
# Global configuration for wvdial.
{ config, lib, pkgs, ... }:
with lib;
let
configFile = ''
[Dialer Defaults]
PPPD PATH = ${pkgs.ppp}/sbin/pppd
${config.environment.wvdial.dialerDefaults}
'';
cfg = config.environment.wvdial;
in
{
###### interface
options = {
environment.wvdial = {
dialerDefaults = mkOption {
default = "";
type = types.str;
example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"'';
description = ''
Contents of the "Dialer Defaults" section of
<filename>/etc/wvdial.conf</filename>.
'';
};
pppDefaults = mkOption {
default = ''
noipdefault
usepeerdns
defaultroute
persist
noauth
'';
type = types.str;
description = "Default ppp settings for wvdial.";
};
};
};
###### implementation
config = mkIf (cfg.dialerDefaults != "") {
environment = {
etc =
[
{ source = pkgs.writeText "wvdial.conf" configFile;
target = "wvdial.conf";
}
{ source = pkgs.writeText "wvdial" cfg.pppDefaults;
target = "ppp/peers/wvdial";
}
];
};
};
}

View File

@ -0,0 +1,27 @@
{ lib, pkgs, fetchFromGitHub, ... }:
with pkgs.python3Packages;buildPythonPackage rec {
name = "ampel-${version}";
version = "0.2";
propagatedBuildInputs = [
docopt
paho-mqtt
requests
pytz
influxdb
httplib2
google_api_python_client
];
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel";
rev = "d8a0250";
sha256 = "0n36lc17ca5db6pl6dswdqd5w9f881rfqck9yc4w33a5qpsxj85f";
};
meta = {
homepage = http://cgit.euer.krebsco.de/ampel;
description = "change colors of rgb cubes";
license = lib.licenses.asl20;
};
}

View File

@ -0,0 +1,27 @@
{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }:
stdenv.mkDerivation rec {
pname = "pfsshell";
version = "64f8c2";
name = "${pname}-${version}";
src = fetchFromGitHub {
owner = "makefu";
repo = "pfsshell";
rev = version;
sha256 = "01lbqf8s91p8id58xa16fp555i03vfycqvhv7qzpnrjy6yvp9dm8";
};
buildInputs = [ ];
makeFlags = [ ];
installPhase = ''
mkdir -p $out/bin
cp pfsshell $out/bin
'';
meta = {
homepage = https://github.com/uyjulian/pfsshell ;
description = "browse and transfer files to/from PFS filesystems";
};
}

View File

@ -13,7 +13,7 @@ let
then "buildbot"
else "makefu";
_file = <stockholm> + "/makefu/1systems/${name}/source.nix";
ref = "0f19bee"; # nixos-17.09 @ 2018-01-05
ref = "cd36b3d"; # nixos-17.09 @ 2018-02-06
# + do_sqlite3 ruby: 55a952be5b5
# + signal: 0f19beef3