diff options
author | tv <tv@krebsco.de> | 2019-04-19 16:39:05 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2019-04-19 16:39:05 +0200 |
commit | d825d2db8796a0d19f22eba240a2e49213cf01e2 (patch) | |
tree | b7104f1b790ae0446fd44b1aad4c22f1c425af6d | |
parent | 5fbe320b9173b1ef0725a79548f34f967ad16130 (diff) | |
parent | 6c719f03c1a5533b43957d3039b4aed5f5bd8b42 (diff) |
Merge remote-tracking branch 'prism/master'
-rw-r--r-- | krebs/3modules/syncthing.nix | 9 | ||||
-rw-r--r-- | lass/1systems/mors/config.nix | 15 | ||||
-rw-r--r-- | lass/2configs/green-host.nix | 13 | ||||
-rw-r--r-- | lass/2configs/radio.nix | 19 | ||||
-rw-r--r-- | lass/2configs/sync/decsync.nix | 15 | ||||
-rw-r--r-- | lass/2configs/sync/weechat.nix | 12 | ||||
-rw-r--r-- | lass/2configs/syncthing.nix | 20 | ||||
-rw-r--r-- | lass/3modules/default.nix | 1 | ||||
-rw-r--r-- | lass/3modules/ensure-permissions.nix | 66 | ||||
-rw-r--r-- | makefu/1systems/sdev/config.nix | 14 | ||||
-rw-r--r-- | makefu/1systems/x/config.nix | 51 | ||||
-rw-r--r-- | makefu/2configs/binary-cache/gum.nix | 13 | ||||
-rw-r--r-- | makefu/2configs/binary-cache/server.nix | 7 |
13 files changed, 116 insertions, 139 deletions
diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index bfbac1db9..897ba1e7f 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -10,7 +10,7 @@ let addresses = peer.addresses; }) cfg.peers; - folders = map (folder: { + folders = mapAttrsToList ( _: folder: { inherit (folder) path id type; devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers; rescanIntervalS = folder.rescanInterval; @@ -81,17 +81,18 @@ in }; folders = mkOption { - default = []; - type = types.listOf (types.submodule ({ config, ... }: { + default = {}; + type = types.attrsOf (types.submodule ({ config, ... }: { options = { path = mkOption { type = types.absolute-pathname; + default = config._module.args.name; }; id = mkOption { type = types.str; - default = config.path; + default = config._module.args.name; }; peers = mkOption { diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 7e183f40f..f911b79d6 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -49,12 +49,15 @@ with import <stockholm/lib>; ]; } { - krebs.syncthing.folders = [ - { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" "prism" ]; } - ]; - lass.ensure-permissions = [ - { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; } - ]; + krebs.syncthing.folders."the_playlist" = { + path = "/home/lass/tmp/the_playlist"; + peers = [ "mors" "phone" "prism" ]; + }; + krebs.permown."/home/lass/tmp/the_playlist" = { + owner = "lass"; + group = "syncthing"; + umask = "0007"; + }; } { lass.umts = { diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix index 860d7c113..1421eede7 100644 --- a/lass/2configs/green-host.nix +++ b/lass/2configs/green-host.nix @@ -20,13 +20,12 @@ with import <stockholm/lib>; } ]; - lass.ensure-permissions = [ - { folder = "/var/lib/sync-containers"; owner = "root"; group = "syncthing"; } - ]; - - krebs.syncthing.folders = [ - { path = "/var/lib/sync-containers"; peers = [ "icarus" "skynet" "littleT" "shodan" ]; } - ]; + krebs.syncthing.folders."/var/lib/sync-containers".peers = [ "icarus" "skynet" "littleT" "shodan" ]; + krebs.permown."/var/lib/sync-containers" = { + owner = "root"; + group = "syncthing"; + umask = "0007"; + }; system.activationScripts.containerPermissions = '' mkdir -p /var/lib/containers diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index d67d970f8..88899c554 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -10,7 +10,7 @@ let source-password = import <secrets/icecast-source-pw>; add_random = pkgs.writeDashBin "add_random" '' - ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls | shuf -n1)" + ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls the_playlist/music | grep '\.ogg$' | shuf -n1)" ''; skip_track = pkgs.writeDashBin "skip_track" '' @@ -57,7 +57,7 @@ in { services.mpd = { enable = true; group = "radio"; - musicDirectory = "/home/radio/the_playlist/music"; + musicDirectory = "/home/radio/music"; extraConfig = '' log_level "default" auto_update "yes" @@ -248,10 +248,13 @@ in { alias ${html}; ''; }; - krebs.syncthing.folders = [ - { id = "the_playlist"; path = "/home/radio/music/the_playlist"; peers = [ "mors" "phone" "prism" ]; } - ]; - lass.ensure-permissions = [ - { folder = "/home/radio/music/the_playlist"; owner = "radio"; group = "syncthing"; } - ]; + krebs.syncthing.folders."the_playlist" = { + path = "/home/radio/music/the_playlist"; + peers = [ "mors" "phone" "prism" ]; + }; + krebs.permown."/home/radio/music/the_playlist" = { + owner = "radio"; + group = "syncthing"; + umask = "0002"; + }; } diff --git a/lass/2configs/sync/decsync.nix b/lass/2configs/sync/decsync.nix index 94569c94d..c3f6511c2 100644 --- a/lass/2configs/sync/decsync.nix +++ b/lass/2configs/sync/decsync.nix @@ -1,8 +1,11 @@ { - krebs.syncthing.folders = [ - { id = "decsync"; path = "/home/lass/decsync"; peers = [ "mors" "blue" "green" "phone" ]; } - ]; - lass.ensure-permissions = [ - { folder = "/home/lass/decsync"; owner = "lass"; group = "syncthing"; } - ]; + krebs.syncthing.folders.decsync = { + path = "/home/lass/decsync"; + peers = [ "mors" "blue" "green" "phone" ]; + }; + krebs.permown."/home/lass/decsync" = { + owner = "lass"; + group = "syncthing"; + umask = "0007"; + }; } diff --git a/lass/2configs/sync/weechat.nix b/lass/2configs/sync/weechat.nix index d10177b1d..30c7b262b 100644 --- a/lass/2configs/sync/weechat.nix +++ b/lass/2configs/sync/weechat.nix @@ -1,8 +1,8 @@ { - krebs.syncthing.folders = [ - { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } - ]; - lass.ensure-permissions = [ - { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } - ]; + krebs.syncthing.folders."/home/lass/.weechat".peers = [ "blue" "green" "mors" ]; + krebs.permown."/home/lass/.weechat" = { + owner = "lass"; + group = "syncthing"; + umask = "0007"; + }; } diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index fc10b2cb4..48f2625c1 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -1,6 +1,6 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; -{ +{ config, pkgs, ... }: with import <stockholm/lib>; let + peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts); +in { services.syncthing = { enable = true; group = "syncthing"; @@ -14,17 +14,17 @@ with import <stockholm/lib>; enable = true; cert = toString <secrets/syncthing.cert>; key = toString <secrets/syncthing.key>; - peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts); - folders = [ - { path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism" "shodan" ]; } - ]; + peers = peers; + folders."/home/lass/sync".peers = attrNames peers; }; system.activationScripts.syncthing-home = '' ${pkgs.coreutils}/bin/chmod a+x /home/lass ''; - lass.ensure-permissions = [ - { folder = "/home/lass/sync"; owner = "lass"; group = "syncthing"; } - ]; + krebs.permown."/home/lass/sync" = { + owner = "lass"; + group = "syncthing"; + umask = "0007"; + }; } diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 59043aeb1..613c7c8ac 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -3,7 +3,6 @@ _: imports = [ ./dnsmasq.nix ./ejabberd - ./ensure-permissions.nix ./folderPerms.nix ./hosts.nix ./mysql-backup.nix diff --git a/lass/3modules/ensure-permissions.nix b/lass/3modules/ensure-permissions.nix deleted file mode 100644 index 36edc1127..000000000 --- a/lass/3modules/ensure-permissions.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ config, pkgs, ... }: with import <stockholm/lib>; - -let - - cfg = config.lass.ensure-permissions; - -in - -{ - options.lass.ensure-permissions = mkOption { - default = []; - type = types.listOf (types.submodule ({ - options = { - - folder = mkOption { - type = types.absolute-pathname; - }; - - owner = mkOption { - # TODO user type - type = types.str; - default = "root"; - }; - - group = mkOption { - # TODO group type - type = types.str; - default = "root"; - }; - - permission = mkOption { - # TODO permission type - type = types.str; - default = "u+rw,g+rw"; - }; - - }; - })); - }; - - config = mkIf (cfg != []) { - - system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: '' - ${pkgs.coreutils}/bin/mkdir -p ${plan.folder} - ${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder} - ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder} - '') cfg; - systemd.services = - listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Restart = "always"; - RestartSec = 10; - ExecStart = pkgs.writeDash "ensure-perms" '' - ${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \ - | while IFS= read -r FILE; do - ${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null - ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null - done - ''; - }; - }) cfg) - ; - - }; -} diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index 2f289d500..66f822c02 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -6,13 +6,13 @@ [ # Include the results of the hardware scan. <stockholm/makefu> - <stockholm/makefu/2configs/hw/vbox-guest.nix> - #{ # until virtualbox-image is fixed - # imports = [ - # <stockholm/makefu/2configs/fs/single-partition-ext4.nix> - # ]; - # boot.loader.grub.device = lib.mkForce "/dev/sda"; - #} + # <stockholm/makefu/2configs/hw/vbox-guest.nix> # broken since 2019-04-18 + { # until virtualbox-image is fixed + imports = [ + <stockholm/makefu/2configs/fs/single-partition-ext4.nix> + ]; + boot.loader.grub.device = lib.mkForce "/dev/sda"; + } <stockholm/makefu/2configs/main-laptop.nix> # <secrets/extra-hosts.nix> diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index de55e9e89..3c5e50c4b 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -11,9 +11,13 @@ <stockholm/makefu/2configs/home-manager/desktop.nix> <stockholm/makefu/2configs/home-manager/cli.nix> <stockholm/makefu/2configs/home-manager/mail.nix> + <stockholm/makefu/2configs/home-manager/taskwarrior.nix> + <stockholm/makefu/2configs/main-laptop.nix> <stockholm/makefu/2configs/extra-fonts.nix> <stockholm/makefu/2configs/tools/all.nix> + { programs.adb.enable = true; } + <stockholm/makefu/2configs/dict.nix> #<stockholm/makefu/3modules/netboot_server.nix> #{ @@ -23,7 +27,14 @@ # }; #} + # Restore: + # systemctl cat borgbackup-job-state + # export BORG_PASSCOMMAND BORG_REPO BORG_RSH + # borg list "$BORG_REPO" + # mount newroot somewhere && cd somewhere + # borg extract "$BORG_REPO::x-state-2019-04-17T01:41:51" --progress # < extract to cwd <stockholm/makefu/2configs/backup/state.nix> + # <stockholm/makefu/2configs/dnscrypt/client.nix> <stockholm/makefu/2configs/avahi.nix> <stockholm/makefu/2configs/support-nixos.nix> @@ -46,19 +57,18 @@ # Krebs <stockholm/makefu/2configs/tinc/retiolum.nix> - <stockholm/makefu/2configs/share/gum-client.nix> + # <stockholm/makefu/2configs/share/gum-client.nix> # applications <stockholm/makefu/2configs/exim-retiolum.nix> <stockholm/makefu/2configs/mail-client.nix> <stockholm/makefu/2configs/printer.nix> - <stockholm/makefu/2configs/task-client.nix> # <stockholm/makefu/2configs/syncthing.nix> # Virtualization - <stockholm/makefu/2configs/virtualisation/libvirt.nix> - <stockholm/makefu/2configs/virtualisation/docker.nix> + # <stockholm/makefu/2configs/virtualisation/libvirt.nix> + # <stockholm/makefu/2configs/virtualisation/docker.nix> <stockholm/makefu/2configs/virtualisation/virtualbox.nix> #{ # networking.firewall.allowedTCPPorts = [ 8080 ]; @@ -71,35 +81,43 @@ # Services <stockholm/makefu/2configs/git/brain-retiolum.nix> <stockholm/makefu/2configs/tor.nix> - <stockholm/makefu/2configs/vpn/vpngate.nix> + # <stockholm/makefu/2configs/vpn/vpngate.nix> # <stockholm/makefu/2configs/buildbot-standalone.nix> <stockholm/makefu/2configs/remote-build/aarch64-community.nix> - <stockholm/makefu/2configs/remote-build/gum.nix> - { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; } + # <stockholm/makefu/2configs/remote-build/gum.nix> + # { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; } + + <stockholm/makefu/2configs/binary-cache/gum.nix> + <stockholm/makefu/2configs/binary-cache/lass.nix> # Hardware <stockholm/makefu/2configs/hw/tp-x230.nix> - <stockholm/makefu/2configs/hw/mceusb.nix> - <stockholm/makefu/2configs/hw/malduino_elite.nix> + # <stockholm/makefu/2configs/hw/mceusb.nix> # <stockholm/makefu/2configs/hw/tpm.nix> # <stockholm/makefu/2configs/hw/rtl8812au.nix> <stockholm/makefu/2configs/hw/network-manager.nix> - <stockholm/makefu/2configs/hw/stk1160.nix> - <stockholm/makefu/2configs/hw/irtoy.nix> + # <stockholm/makefu/2configs/hw/stk1160.nix> + # <stockholm/makefu/2configs/hw/irtoy.nix> + # <stockholm/makefu/2configs/hw/malduino_elite.nix> <stockholm/makefu/2configs/hw/switch.nix> <stockholm/makefu/2configs/hw/bluetooth.nix> # <stockholm/makefu/2configs/hw/rad1o.nix> <stockholm/makefu/2configs/hw/smartcard.nix> + { + services.upower.enable = true; + users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ]; + } + # Filesystem <stockholm/makefu/2configs/fs/sda-crypto-root-home.nix> # Security <stockholm/makefu/2configs/sshd-totp.nix> - { programs.adb.enable = true; } + # temporary - { services.redis.enable = true; } - <stockholm/makefu/2configs/pyload.nix> + # { services.redis.enable = true; } + # <stockholm/makefu/2configs/pyload.nix> # <stockholm/makefu/2configs/dcpp/airdcpp.nix> # <stockholm/makefu/2configs/nginx/rompr.nix> # <stockholm/makefu/2configs/lanparty/lancache.nix> @@ -136,6 +154,9 @@ makefu.server.primary-itf = "wlp3s0"; nixpkgs.config.allowUnfree = true; + nixpkgs.config.oraclejdk.accept_license = true; + + # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; @@ -163,7 +184,6 @@ "/home/makefu/.ssh/" "/home/makefu/.zsh_history" "/home/makefu/.bash_history" - "/home/makefu/.zshrc" "/home/makefu/bin" "/home/makefu/.gnupg" "/home/makefu/.imapfilter" @@ -171,6 +191,7 @@ "/home/makefu/docs" "/home/makefu/.password-store" "/home/makefu/.secrets-pass" + "/home/makefu/.config/syncthing" ]; services.syncthing.user = lib.mkForce "makefu"; diff --git a/makefu/2configs/binary-cache/gum.nix b/makefu/2configs/binary-cache/gum.nix new file mode 100644 index 000000000..fc54bd917 --- /dev/null +++ b/makefu/2configs/binary-cache/gum.nix @@ -0,0 +1,13 @@ + +{ config, ... }: + +{ + nix = { + binaryCaches = [ + "https://cache.euer.krebsco.de/" + ]; + binaryCachePublicKeys = [ + "gum:iIXIFlCAotib+MgI3V/i3HMlFXiVYOT/jfP0y54Zuvg=" + ]; + }; +} diff --git a/makefu/2configs/binary-cache/server.nix b/makefu/2configs/binary-cache/server.nix index ad6256830..c8f68c84d 100644 --- a/makefu/2configs/binary-cache/server.nix +++ b/makefu/2configs/binary-cache/server.nix @@ -19,9 +19,10 @@ }; services.nginx = { enable = true; - virtualHosts.nix-serve = { - serverAliases = [ "cache.gum.r" - "cache.euer.krebsco.de" + virtualHosts."cache.euer.krebsco.de" = { + forceSSL = true; + enableACME = true; + serverAliases = [ # "cache.gum.r" "cache.gum.krebsco.de" ]; locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}"; |