diff options
author | lassulus <lass@blue.r> | 2018-08-09 17:23:53 +0200 |
---|---|---|
committer | lassulus <lass@blue.r> | 2018-08-09 17:23:53 +0200 |
commit | 2bf24eae616997e52a16fff96b4485ee7c619f8d (patch) | |
tree | cbb3aab9f8fa2f4da28e5a01b16129263b1fa0cb | |
parent | f9d96d13de74ed6acbde92778af88f94f04081bd (diff) | |
parent | 6368507f02eb4e267c7fdab73e4c3cec5ee5827f (diff) |
Merge remote-tracking branch 'gum/master'
22 files changed, 202 insertions, 52 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index c5404f96d..9630d7a7f 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -336,7 +336,6 @@ with import <stockholm/lib>; "krebsco.de" = '' euer IN MX 1 aspmx.l.google.com. nixos.unstable IN CNAME krebscode.github.io. - gold IN A ${nets.internet.ip4.addr} boot IN A ${nets.internet.ip4.addr} ''; }; @@ -522,6 +521,13 @@ with import <stockholm/lib>; }; nextgum = rec { ci = true; + extraZones = { + "krebsco.de" = '' + cache.euer IN A ${nets.internet.ip4.addr} + cache.gum IN A ${nets.internet.ip4.addr} + gold IN A ${nets.internet.ip4.addr} + ''; + }; cores = 8; nets = rec { internet = { @@ -537,6 +543,7 @@ with import <stockholm/lib>; ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3"; aliases = [ "nextgum.r" + "cache.gum.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index b7ef824b5..09e552010 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -29,7 +29,7 @@ let ''} ${optionalString (cfg.watchDir != null) '' - schedule = watch_directory,5,5,load_start=${cfg.watchDir}/*.torrent + directory.watch.added = "${cfg.watchDir}", load.start_verbose ''} directory = ${cfg.downloadDir} diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix index 93171d23a..9761546e7 100644 --- a/makefu/1systems/nextgum/config.nix +++ b/makefu/1systems/nextgum/config.nix @@ -49,6 +49,7 @@ in { <stockholm/makefu/2configs/vpn/openvpn-server.nix> # <stockholm/makefu/2configs/vpn/vpnws/server.nix> <stockholm/makefu/2configs/dnscrypt/server.nix> + <stockholm/makefu/2configs/binary-cache/server.nix> <stockholm/makefu/2configs/iodined.nix> ## buildbot @@ -69,6 +70,8 @@ in { #<stockholm/makefu/2configs/nginx/public_html.nix> #<stockholm/makefu/2configs/nginx/update.connector.one.nix> #<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix> + <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix> + <stockholm/makefu/2configs/deployment/events-publisher> #<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> #<stockholm/makefu/2configs/deployment/graphs.nix> diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix index 36fea6544..944210701 100644 --- a/makefu/1systems/nextgum/hardware-config.nix +++ b/makefu/1systems/nextgum/hardware-config.nix @@ -45,12 +45,20 @@ in { "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" "xhci_pci" "ehci_pci" "ahci" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = [ "kvm-intel" "dm-raid" "dm_thin_pool" ]; hardware.enableRedistributableFirmware = true; fileSystems."/" = { device = "/dev/mapper/nixos-root"; fsType = "ext4"; }; + fileSystems."/var/lib" = { + device = "/dev/mapper/nixos-lib"; + fsType = "ext4"; + }; + fileSystems."/var/download" = { + device = "/dev/mapper/nixos-download"; + fsType = "ext4"; + }; fileSystems."/boot" = { device = "/dev/sda2"; fsType = "vfat"; @@ -69,7 +77,9 @@ in { #pvcreate /dev/sda3 #pvcreate /dev/sdb1 #vgcreate nixos /dev/sda3 /dev/sdb1 - #lvcreate -L 120G -n root nixos + #lvcreate -L 120G -m 1 -n root nixos + #lvcreate -L 50G -m 1 -n lib nixos + #lvcreate -L 50G -n download nixos #mkfs.ext4 /dev/mapper/nixos-root #mount /dev/mapper/nixos-root /mnt #mkdir /mnt/boot diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 7c81a2015..c7301e52b 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -39,11 +39,15 @@ in { # Sensors <stockholm/makefu/2configs/stats/telegraf> - <stockholm/makefu/2configs/deployment/led-fader.nix> - <stockholm/makefu/2configs/stats/external/aralast.nix> <stockholm/makefu/2configs/stats/telegraf/airsensor.nix> - # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix> + <stockholm/makefu/2configs/stats/telegraf/europastats.nix> + <stockholm/makefu/2configs/stats/external/aralast.nix> + <stockholm/makefu/2configs/stats/arafetch.nix> + <stockholm/makefu/2configs/deployment/led-fader.nix> <stockholm/makefu/2configs/hw/mceusb.nix> + # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix> + + <stockholm/makefu/2configs/deployment/bureautomation> (let diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 451689f91..e5b481ab6 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -8,6 +8,7 @@ with import <stockholm/lib>; imports = [ # base <stockholm/makefu> + <stockholm/makefu/2configs/nur.nix> <stockholm/makefu/2configs/main-laptop.nix> <stockholm/makefu/2configs/extra-fonts.nix> <stockholm/makefu/2configs/tools/all.nix> @@ -54,7 +55,6 @@ with import <stockholm/lib>; internalInterfaces = [ "vboxnet0" ]; }; } - # Services <stockholm/makefu/2configs/git/brain-retiolum.nix> <stockholm/makefu/2configs/tor.nix> @@ -64,6 +64,7 @@ with import <stockholm/lib>; # Hardware <stockholm/makefu/2configs/hw/tp-x230.nix> + <stockholm/makefu/2configs/hw/mceusb.nix> # <stockholm/makefu/2configs/hw/tpm.nix> # <stockholm/makefu/2configs/hw/rtl8812au.nix> <stockholm/makefu/2configs/hw/network-manager.nix> @@ -125,7 +126,7 @@ with import <stockholm/lib>; krebs.build.host = config.krebs.hosts.x; - krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ]; + krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" "nextgum" ]; networking.extraHosts = '' 192.168.1.11 omo.local @@ -133,6 +134,8 @@ with import <stockholm/lib>; ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; + # avoid full boot dir + boot.loader.grub.configurationLimit = 3; environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; nixpkgs.overlays = [ (import <python/overlay.nix>) ]; diff --git a/makefu/2configs/binary-cache/server.nix b/makefu/2configs/binary-cache/server.nix new file mode 100644 index 000000000..ad6256830 --- /dev/null +++ b/makefu/2configs/binary-cache/server.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ...}: + +{ + # generate private key with: + # nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub + services.nix-serve = { + enable = true; + secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + }; + + systemd.services.nix-serve = { + requires = ["secret.service"]; + after = ["secret.service"]; + }; + krebs.secret.files.nix-serve-key = { + path = "/run/secret/nix-serve.key"; + owner.name = "nix-serve"; + source-path = toString <secrets> + "/nix-serve.key"; + }; + services.nginx = { + enable = true; + virtualHosts.nix-serve = { + serverAliases = [ "cache.gum.r" + "cache.euer.krebsco.de" + "cache.gum.krebsco.de" + ]; + locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}"; + }; + }; +} + diff --git a/makefu/2configs/deployment/events-publisher/default.nix b/makefu/2configs/deployment/events-publisher/default.nix new file mode 100644 index 000000000..db8502c6e --- /dev/null +++ b/makefu/2configs/deployment/events-publisher/default.nix @@ -0,0 +1,48 @@ +{ pkgs, ... }: +with import <stockholm/lib>; +let + shack-announce = pkgs.callPackage (builtins.fetchTarball { + url = "https://github.com/makefu/events-publisher/archive/15fbe5cc6ac9617a08a042870795f9e879d9952a.tar.gz"; + sha256 = "1bqp1qdnwx5q1w468zbm57hmpjz3x8if3j29qrqcia0vzks1s37a"; + }) {} ; + home = "/var/lib/shackannounce"; + user = "shackannounce"; + creds = (toString <secrets>) + "/shack-announce.json"; +in +{ + users.users.${user}= { + uid = genid user; + inherit home; + createHome = true; + }; + systemd.services.shack-announce = { + description = "Announce shack events"; + startAt = "*:0/30"; + path = [ shack-announce ]; + serviceConfig = { + WorkingDirectory = home; + User = user; + PermissionsStartOnly = true; + ExecStartPre = pkgs.writeDash "shack-announce-pre" '' + set -eu + cp ${creds} creds.json + chown ${user} creds.json + ''; + ExecStart = pkgs.writeDash "shack-announce" '' + if test ! -e announce.state; then + echo "initializing state" + announce-daemon \ + --lol INFO \ + --creds creds.json \ + --state announce.state \ + --clean --init + fi + echo "Running announce" + announce-daemon \ + --lol INFO \ + --creds creds.json \ + --state announce.state + ''; + }; + }; +} diff --git a/makefu/2configs/hw/mceusb.nix b/makefu/2configs/hw/mceusb.nix index c1d6f5651..069e6e7eb 100644 --- a/makefu/2configs/hw/mceusb.nix +++ b/makefu/2configs/hw/mceusb.nix @@ -1,4 +1,4 @@ -{pkgs,...}:{ +{pkgs, lib, ...}:{ # Disable the MCE remote from acting like a keyboard. (We use lirc instead.) services.xserver.inputClassSections = ['' Identifier "MCE USB Keyboard mimic blacklist" @@ -6,13 +6,12 @@ MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)" Option "Ignore" "on" '']; - boot.kernelPackages = builtins.trace "Using linux kernel 4.16, not latest" pkgs.linuxPackages_4_16; - nixpkgs.config.packageOverrides = pkgs: { - linux_4_16 = pkgs.linux_4_16.override { - extraConfig = '' - LIRC y - ''; - }; + boot.kernelPatches = lib.singleton { + name = "enable-lirc"; + patch = null; + extraConfig = '' + LIRC y + ''; }; } diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix index d322c683d..ffc32e0cb 100644 --- a/makefu/2configs/hw/network-manager.nix +++ b/makefu/2configs/hw/network-manager.nix @@ -22,15 +22,9 @@ }; networking.networkmanager.enable = true; - # TODO: put somewhere else - services.xserver.displayManager.sessionCommands = '' - ${pkgs.clipit}/bin/clipit & - ${pkgs.networkmanagerapplet}/bin/nm-applet & - ''; - # nixOSUnstable -# networking.networkmanager.wifi = { -# powersave = true; -# scanRandMacAddress = true; -# }; + networking.networkmanager.wifi = { + powersave = true; + scanRandMacAddress = true; + }; } diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix index 4ac639a25..735cb4c17 100644 --- a/makefu/2configs/hw/stk1160.nix +++ b/makefu/2configs/hw/stk1160.nix @@ -1,13 +1,12 @@ { pkgs, lib, ... }: { - # TODO: un-pin linuxPackages somehow - nixpkgs.config.packageOverrides = pkgs: { - linux_4_14 = pkgs.linux_4_14.override { - extraConfig = '' - MEDIA_ANALOG_TV_SUPPORT y - VIDEO_STK1160_COMMON m - VIDEO_STK1160 m - ''; - }; + boot.kernelPatches = lib.singleton { + name = "enable-stk1160"; + patch = null; + extraConfig = '' + MEDIA_ANALOG_TV_SUPPORT y + VIDEO_STK1160_COMMON m + VIDEO_STK1160 m + ''; }; } diff --git a/makefu/2configs/nginx/gold.krebsco.de.nix b/makefu/2configs/nginx/gold.krebsco.de.nix new file mode 100644 index 000000000..083c0f8d7 --- /dev/null +++ b/makefu/2configs/nginx/gold.krebsco.de.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + gold = pkgs.fetchFromGitHub { + owner = "krebs"; + repo = "krebsgold"; + rev = "15f7a74"; + sha256= "1ya9xgg640k3hbl63022sfm44c1si2mxch8jkxindmwg4pa1y4ly"; + }; +in { + + services.nginx = { + enable = mkDefault true; + virtualHosts = { + "gold.krebsco.de" = { + enableACME = true; + forceSSL = true; + root = toString gold + "/html"; + }; + }; + }; +} + diff --git a/makefu/2configs/nur.nix b/makefu/2configs/nur.nix new file mode 100644 index 000000000..dda00063a --- /dev/null +++ b/makefu/2configs/nur.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }:{ + nixpkgs.config.packageOverrides = pkgs: { + nur = pkgs.callPackage (import (builtins.fetchGit { + url = "https://github.com/nix-community/NUR"; + })) {}; + }; +} diff --git a/makefu/2configs/task-client.nix b/makefu/2configs/task-client.nix index 330616f4a..470193d6c 100644 --- a/makefu/2configs/task-client.nix +++ b/makefu/2configs/task-client.nix @@ -1,6 +1,6 @@ { pkgs, ... }: { - krebs.per-user.makefu.packages = [ + users.users.makefu.packages = [ pkgs.taskwarrior ]; diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix index 898bae10d..1e85da53c 100644 --- a/makefu/2configs/tools/core-gui.nix +++ b/makefu/2configs/tools/core-gui.nix @@ -1,10 +1,10 @@ { pkgs, ... }: { - krebs.per-user.makefu.packages = with pkgs; [ + users.users.makefu.packages = with pkgs; [ chromium - clipit feh + clipit firefox keepassx pcmanfm diff --git a/makefu/2configs/tools/desktop.nix b/makefu/2configs/tools/desktop.nix index 1fe03e111..bb14c3eb5 100644 --- a/makefu/2configs/tools/desktop.nix +++ b/makefu/2configs/tools/desktop.nix @@ -4,8 +4,10 @@ users.users.makefu.packages = with pkgs; [ taskwarrior pass + gopass mutt weechat tmux ]; + } diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index e25290297..ae97edd54 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { - krebs.per-user.makefu.packages = with pkgs;[ + users.users.makefu.packages = with pkgs;[ # media gimp inkscape diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index 4de2b545e..35faaa29f 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { - krebs.per-user.makefu.packages = with pkgs; [ + users.users.makefu.packages = with pkgs; [ kodi streamripper youtube-dl diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix index 3dc02937d..17a980ef7 100644 --- a/makefu/2configs/tools/sec.nix +++ b/makefu/2configs/tools/sec.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { - krebs.per-user.makefu.packages = with pkgs; [ + users.users.makefu.packages = with pkgs; [ aria2 # mitmproxy pythonPackages.binwalk-full diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix index a076479c2..3df0ddbfe 100644 --- a/makefu/2configs/torrent.nix +++ b/makefu/2configs/torrent.nix @@ -8,13 +8,13 @@ let peer-port = 51412; web-port = 8112; daemon-port = 58846; - torrent-dir = config.makefu.dl-dir; + base-dir = config.makefu.dl-dir; in { users.users = { download = { name = "download"; - home = torrent-dir; + home = base-dir; uid = mkDefault (genid "download"); createHome = true; useDefaultShell = true; @@ -25,10 +25,12 @@ in { # todo: race condition, do this after download user has been created system.activationScripts."download-dir-chmod" = '' - for i in finished watch torrents; do - mkdir -p "${torrent-dir}/$i" - chown download:download "${torrent-dir}/$i" - chmod 770 "${torrent-dir}/$i" + for i in finished watch; do + if test ! -d $i;then + mkdir -p "${base-dir}/$i" + chown rtorrent:download "${base-dir}/$i" + chmod 775 "${base-dir}/$i" + fi done ''; @@ -42,6 +44,7 @@ in { "nginx" ]; }; + rtorrent.members = [ "download" ]; }; krebs.rtorrent = { @@ -54,7 +57,8 @@ in { rutorrent.enable = true; enableXMLRPC = true; listenPort = peer-port; - workDir = torrent-dir; + downloadDir = base-dir + "/finished"; + watchDir = base-dir + "/watch"; # dump old torrents into watch folder to have them re-added }; diff --git a/makefu/5pkgs/awesomecfg/default.nix b/makefu/5pkgs/awesomecfg/default.nix index e5f62e910..486c0ddf6 100644 --- a/makefu/5pkgs/awesomecfg/default.nix +++ b/makefu/5pkgs/awesomecfg/default.nix @@ -2,7 +2,10 @@ , lib , alsaUtils , xbacklight -, modkey?"Mod4" +, networkmanagerapplet +, blueman +, clipit +, modkey ? "Mod4" , locker? "${pkgs.xlock}/bin/xlock -mode blank" , ... }: @@ -10,7 +13,7 @@ # replace: @alsaUtils@ @xlockmore@ @xbacklight@ @modkey@ full = lib.makeOverridable pkgs.substituteAll { name = "awesome_full_config"; - inherit alsaUtils locker xbacklight modkey; + inherit alsaUtils locker xbacklight modkey networkmanagerapplet blueman clipit; isExecutable = false; src = ./full.cfg; }; diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index e49a88697..12d357913 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -568,6 +568,18 @@ local os = { -- }}} - +-- {{{ autostart +do + local cmds = + { + "@networkmanagerapplet@/bin/nm-applet", + "@blueman@/bin/blueman-applet", + "@clipit@/bin/clipit" + } + + for _,i in pairs(cmds) do + awful.util.spawn(i) + end +end -- }}} |