Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'gum/master'

Browse Source
This commit is contained in:
lassulus 2017-12-31 03:02:48 +01:00
commit f2fe825333
16 changed files with 157 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh
View File

@ -2,5 +2,5 @@
set -eu set -eu
printf "Sie meinten wohl \"" printf "Sie meinten wohl \""
echo -n $@ | sed 's/Shack/shack/g' echo -n $@ | sed 's/Shack/shack/g'
echo "\"" echo "\" check out https://wiki.shackspace.de/project/logo_and_ci#name_ci"
echo "${_from}--" echo "${_from}--"

4
krebs/5pkgs/simple/fortclientsslvpn/default.nix
View File

@ -12,8 +12,8 @@ stdenv.mkDerivation rec {
src = fetchurl { src = fetchurl {
# archive.org mirror: # archive.org mirror:
# https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz url = https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz;
url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz; # url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz;
sha256 = "19clnf9rgrnwazlpah8zz5kvz6kc8lxawrgmksx25k5ywflmbcrr"; sha256 = "19clnf9rgrnwazlpah8zz5kvz6kc8lxawrgmksx25k5ywflmbcrr";
}; };
phases = [ "unpackPhase" "buildPhase" "installPhase" "fixupPhase" ]; phases = [ "unpackPhase" "buildPhase" "installPhase" "fixupPhase" ];

31
makefu/1systems/fileleech/config.nix
View File

@ -25,13 +25,13 @@ in {
<stockholm/makefu> <stockholm/makefu>
<stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/disable_v6.nix> <stockholm/makefu/2configs/disable_v6.nix>
# <stockholm/makefu/2configs/torrent.nix> <stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/fs/sda-crypto-root.nix> <stockholm/makefu/2configs/fs/sda-crypto-root.nix>
#<stockholm/makefu/2configs/elchos/irc-token.nix> #<stockholm/makefu/2configs/elchos/irc-token.nix>
<stockholm/makefu/2configs/elchos/log.nix> # <stockholm/makefu/2configs/elchos/log.nix>
<stockholm/makefu/2configs/elchos/search.nix> # <stockholm/makefu/2configs/elchos/search.nix>
<stockholm/makefu/2configs/elchos/stats.nix> # <stockholm/makefu/2configs/elchos/stats.nix>
]; ];
systemd.services.grafana.serviceConfig.LimitNOFILE=10032; systemd.services.grafana.serviceConfig.LimitNOFILE=10032;
@ -60,7 +60,7 @@ in {
]; ];
services.nginx.virtualHosts._download = { services.nginx.virtualHosts._download = {
default = true; default = true;
root = "/media/cryptX"; root = config.makefu.dl-dir;
extraConfig = '' extraConfig = ''
autoindex on; autoindex on;
''; '';
@ -80,10 +80,11 @@ in {
services.sabnzbd.enable = true; services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
# TODO use users.motd and pam.services.sshd.showMotd
services.openssh.extraConfig = let banner = pkgs.writeText "openssh-banner" '' services.openssh.extraConfig = let banner = pkgs.writeText "openssh-banner" ''
Services: Services:
ssh://download@fileleech - ssh via filebitch.shack ssh://download@fileleech - ssh via filebitch
ftp://download@fileleech - access to /media/cryptX ftp://download@fileleech - access to ${config.makefu.dl-dir}
http://fileleech:8112 - rutorrent http://fileleech:8112 - rutorrent
http://fileleech:8113 - pyload http://fileleech:8113 - pyload
https://fileleech:9090 - sabnzb https://fileleech:9090 - sabnzb
@ -121,10 +122,10 @@ in {
} }
; ;
makefu.dl-dir = "/media/cryptX";
users.users.download = { users.users.download = {
useDefaultShell = true; useDefaultShell = true;
# name = "download"; # name = "download";
home = "/media/cryptX/";
# createHome = true; # createHome = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
config.krebs.users.makefu.pubkey config.krebs.users.makefu.pubkey
@ -142,15 +143,19 @@ in {
parity = toMapper 7; parity = toMapper 7;
}; };
networking.nameservers = [ "8.8.8.8" ]; networking.nameservers = [ "8.8.8.8" ];
#networking.interfaces.enp6s0f0.ip4 = [{ # SPF
# address = "151.217.173.20"; networking.defaultGateway = "151.217.176.1";
# prefixLength = 22; networking.interfaces.enp6s0f0.ip4 = [{
#}]; address = "151.217.178.63";
#networking.defaultGateway = "151.217.172.1"; prefixLength = 22;
}];
# Gigabit
networking.interfaces.enp8s0f1.ip4 = [{ networking.interfaces.enp8s0f1.ip4 = [{
address = "192.168.126.1"; address = "192.168.126.1";
prefixLength = 24; prefixLength = 24;
}]; }];
#interfaces.enp6s0f1.ip4 = [{ #interfaces.enp6s0f1.ip4 = [{
# address = external-ip; # address = external-ip;
# prefixLength = 22; # prefixLength = 22;

25
makefu/1systems/gum/config.nix
View File

@ -48,9 +48,15 @@ in {
<stockholm/makefu/2configs/share/gum.nix> <stockholm/makefu/2configs/share/gum.nix>
# <stockholm/makefu/2configs/sabnzbd.nix> # <stockholm/makefu/2configs/sabnzbd.nix>
<stockholm/makefu/2configs/torrent.nix> <stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/iodined.nix> <stockholm/makefu/2configs/mosh.nix>
# network
<stockholm/makefu/2configs/vpn/openvpn-server.nix> <stockholm/makefu/2configs/vpn/openvpn-server.nix>
<stockholm/makefu/2configs/vpn/vpnws/server.nix>
<stockholm/makefu/2configs/dnscrypt/server.nix> <stockholm/makefu/2configs/dnscrypt/server.nix>
<stockholm/makefu/2configs/iodined.nix>
# buildbot
<stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/remote-build/slave.nix>
## Web ## Web
@ -103,15 +109,16 @@ in {
#} #}
{ # wireguard server { # wireguard server
networking.firewall.allowedUDPPorts = [ 51820 ]; networking.firewall.allowedUDPPorts = [ 51820 ];
#networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {
# ips = [ "10.244.0.1/24" ]; ips = [ "10.244.0.1/24" ];
# privateKeyFile = (toString <secrets>) + "/wireguard.key"; privateKeyFile = (toString <secrets>) + "/wireguard.key";
# allowedIPsAsRoutes = true; allowedIPsAsRoutes = true;
# peers = [{ peers = [{
# allowedIPs = [ "0.0.0.0/0" "::/0" ]; # allowedIPs = [ "0.0.0.0/0" "::/0" ];
# publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; allowedIPs = [ "10.244.0.2/32" ];
# }]; publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
#}; }];
};
} }
]; ];

1
makefu/1systems/omo/config.nix
View File

@ -47,6 +47,7 @@ in {
<stockholm/makefu/2configs/exim-retiolum.nix> <stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/smart-monitor.nix> <stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/mail-client.nix> <stockholm/makefu/2configs/mail-client.nix>
<stockholm/makefu/2configs/mosh.nix>
# <stockholm/makefu/2configs/disable_v6.nix> # <stockholm/makefu/2configs/disable_v6.nix>
#<stockholm/makefu/2configs/graphite-standalone.nix> #<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix> #<stockholm/makefu/2configs/share-user-sftp.nix>

64
makefu/1systems/vbob/config.nix
View File

@ -3,37 +3,57 @@
krebs.build.host = config.krebs.hosts.vbob; krebs.build.host = config.krebs.hosts.vbob;
makefu.awesome.modkey = "Mod1"; makefu.awesome.modkey = "Mod1";
imports = imports =
[ # Include the results of the hardware scan. [
<stockholm/makefu> <stockholm/makefu>
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>) {
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>) imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
boot.loader.grub.device = "/dev/vda";
}
# {
# imports = [
# <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
# ];
# virtualbox.baseImageSize = 35 * 1024;
# fileSystems."/media/share" = {
# fsType = "vboxsf";
# device = "share";
# options = [ "rw" "uid=9001" "gid=9001" ];
# };
# }
# {
# imports = [
# <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
# ];
# fileSystems."/nix" = {
# device ="/dev/disk/by-label/nixstore";
# fsType = "ext4";
# };
# }
# base gui # base gui
<stockholm/makefu/2configs/main-laptop.nix> # <stockholm/makefu/2configs/main-laptop.nix>
# <stockholm/makefu/2configs/tools/core-gui.nix>
<stockholm/makefu/2configs/zsh-user.nix>
# security # security
<stockholm/makefu/2configs/sshd-totp.nix> <stockholm/makefu/2configs/sshd-totp.nix>
# Tools # Tools
<stockholm/makefu/2configs/tools/core.nix> <stockholm/makefu/2configs/tools/core.nix>
<stockholm/makefu/2configs/tools/core-gui.nix>
<stockholm/makefu/2configs/tools/dev.nix> <stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/extra-gui.nix> # <stockholm/makefu/2configs/tools/extra-gui.nix>
<stockholm/makefu/2configs/tools/sec.nix> # <stockholm/makefu/2configs/tools/sec.nix>
# environment # environment
<stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/audio/jack-on-pulse.nix>
<stockholm/makefu/2configs/audio/realtime-audio.nix>
]; ];
networking.extraHosts = import (toString <secrets/extra-hosts.nix>); networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
fileSystems."/nix" = {
device ="/dev/disk/by-label/nixstore";
fsType = "ext4";
};
# allow vbob to deploy self # allow vbob to deploy self
users.extraUsers = { users.extraUsers = {
@ -45,9 +65,13 @@
environment.shellAliases = { environment.shellAliases = {
forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn"; forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
}; };
# TODO: for forticleintsslpn
# ln -s /r/current-system/sw/bin/pppd /usr/sbin/pppd system.activationScripts.prepare-fortclientvpnssl = ''
# ln -s /r/current-system/sw/bin/tail /usr/bin/tail # TODO: for forticlientsslpn
mkdir -p /usr/{s,}bin
ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd
ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail
'';
environment.systemPackages = with pkgs;[ environment.systemPackages = with pkgs;[
fortclientsslvpn ppp xclip fortclientsslvpn ppp xclip
get get
@ -55,7 +79,6 @@
# docker # docker
#devpi-web #devpi-web
#devpi-client #devpi-client
debmirror
ansible ansible
]; ];
# virtualisation.docker.enable = true; # virtualisation.docker.enable = true;
@ -67,10 +90,5 @@
8010 8010
]; ];
fileSystems."/media/share" = {
fsType = "vboxsf";
device = "share";
options = [ "rw" "uid=9001" "gid=9001" ];
};
} }

2
makefu/1systems/vbob/source.nix
View File

@ -1,4 +1,4 @@
import <stockholm/makefu/source.nix> { import <stockholm/makefu/source.nix> {
name="vbob"; name="vbob";
musnix = true; # musnix = true;
} }

3
makefu/1systems/wbob/config.nix
View File

@ -32,10 +32,13 @@ in {
<stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/share/wbob.nix> <stockholm/makefu/2configs/share/wbob.nix>
# Sensors
<stockholm/makefu/2configs/stats/telegraf> <stockholm/makefu/2configs/stats/telegraf>
<stockholm/makefu/2configs/deployment/led-fader.nix> <stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/stats/external/aralast.nix> <stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix> <stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
<stockholm/makefu/2configs/deployment/bureautomation> <stockholm/makefu/2configs/deployment/bureautomation>
(let (let
collectd-port = 25826; collectd-port = 25826;

1
makefu/1systems/x/config.nix
View File

@ -60,7 +60,6 @@ with import <stockholm/lib>;
# Hardware # Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix> <stockholm/makefu/2configs/hw/tp-x230.nix>
<stockholm/makefu/2configs/hw/rtl8812au.nix> <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/exfat-nofuse.nix>
<stockholm/makefu/2configs/hw/wwan.nix> <stockholm/makefu/2configs/hw/wwan.nix>
# <stockholm/makefu/2configs/hw/stk1160.nix> # <stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/rad1o.nix> # <stockholm/makefu/2configs/rad1o.nix>

5
makefu/2configs/hw/tp-x2x0.nix
View File

@ -5,6 +5,11 @@ with import <stockholm/lib>;
imports = [ imports = [
./tpm.nix ./tpm.nix
]; ];
boot.kernelModules = [
"kvm-intel"
];
networking.wireless.enable = lib.mkDefault true; networking.wireless.enable = lib.mkDefault true;
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;

3
makefu/2configs/mosh.nix Normal file
View File

@ -0,0 +1,3 @@
{
programs.mosh.enable = true;
}

34
makefu/2configs/stats/telegraf/airsensor.nix
View File

@ -1,6 +1,31 @@
{ pkgs, ...}: { pkgs, ...}:
let
{ genTopic = name: topic: tags: {
servers = [ "tcp://localhost:1883" ];
qos = 0;
connection_timeout = "30s";
topics = [ topic ];
tags = tags;
persistent_session = false;
name_override = name;
data_format = "value";
data_type = "float";
};
bamStat = stat: # Temperature or Humidity
host: # easy{1-4}
sensor: # dht11, dht22, ds18
(genTopic stat
"/bam/${host}/${sensor}/${stat}"
{"host" = host;
"scope" = "bam";
"sensor" = sensor;
} );
dht22 = host: [(bamStat "Temperature" host "dht22")
(bamStat "Humidity" host "dht22")];
dht11 = host: [(bamStat "Temperature" host "dht11")
(bamStat "Humidity" host "dht11")];
ds18 = host: [(bamStat "Temperature" host "ds18")];
in {
services.udev.extraRules = '' services.udev.extraRules = ''
SUBSYSTEMS=="usb", ATTRS{product}=="iAQ Stick", GROUP="input" SUBSYSTEMS=="usb", ATTRS{product}=="iAQ Stick", GROUP="input"
''; '';
@ -16,4 +41,9 @@
tags.unit="VOC"; tags.unit="VOC";
} }
]; ];
services.telegraf.extraConfig.inputs.mqtt_consumer =
(dht22 "easy1")
++ (dht22 "easy2")
++ (dht11 "easy3")
++ (ds18 "easy3");
} }

2
makefu/2configs/tools/dev.nix
View File

@ -21,5 +21,7 @@
gen-oath-safe gen-oath-safe
cdrtools cdrtools
stockholm stockholm
# git-related
tig
]; ];
} }

1
makefu/2configs/tools/mobility.nix
View File

@ -2,6 +2,7 @@
{ {
users.users.makefu.packages = with pkgs;[ users.users.makefu.packages = with pkgs;[
go-mtpfs go-mtpfs
mosh
]; ];
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];

13
makefu/2configs/torrent.nix
View File

@ -8,13 +8,13 @@ let
peer-port = 51412; peer-port = 51412;
web-port = 8112; web-port = 8112;
daemon-port = 58846; daemon-port = 58846;
dl-dir = config.makefu.dl-dir; torrent-dir = config.makefu.dl-dir;
in { in {
users.users = { users.users = {
download = { download = {
name = "download"; name = "download";
home = dl-dir; home = torrent-dir;
uid = mkDefault (genid "download"); uid = mkDefault (genid "download");
createHome = true; createHome = true;
useDefaultShell = true; useDefaultShell = true;
@ -26,9 +26,9 @@ in {
# todo: race condition, do this after download user has been created # todo: race condition, do this after download user has been created
system.activationScripts."download-dir-chmod" = '' system.activationScripts."download-dir-chmod" = ''
for i in finished watch torrents; do for i in finished watch torrents; do
mkdir -p "${dl-dir}/$i" mkdir -p "${torrent-dir}/$i"
chown download:download "${dl-dir}/$i" chown download:download "${torrent-dir}/$i"
chmod 770 "${dl-dir}/$i" chmod 770 "${torrent-dir}/$i"
done done
''; '';
@ -54,9 +54,8 @@ in {
rutorrent.enable = true; rutorrent.enable = true;
enableXMLRPC = true; enableXMLRPC = true;
listenPort = peer-port; listenPort = peer-port;
downloadDir = dl-dir + "/finished"; workDir = torrent-dir;
# dump old torrents into watch folder to have them re-added # dump old torrents into watch folder to have them re-added
watchDir = dl-dir +"/watch";
}; };
networking.firewall.extraCommands = '' networking.firewall.extraCommands = ''

2
makefu/5pkgs/vpn-ws/default.nix
View File

@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
owner = "unbit"; owner = "unbit";
repo = "vpn-ws"; repo = "vpn-ws";
rev = version; rev = version;
sha256 = "068vzrpzgksadb31khancnpkgzhdcr6kh6k9wgm77q68skwl3w0k"; sha256 = "0k7338xxvg1k988zz3nb681nsqmfiik9bnkk7jmxjz7j0wfwq8nj";
}; };
patchPhase = '' patchPhase = ''