summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2019-04-19 16:39:05 +0200
committertv <tv@krebsco.de>2019-04-19 16:39:05 +0200
commitd825d2db8796a0d19f22eba240a2e49213cf01e2 (patch)
treeb7104f1b790ae0446fd44b1aad4c22f1c425af6d
parent5fbe320b9173b1ef0725a79548f34f967ad16130 (diff)
parent6c719f03c1a5533b43957d3039b4aed5f5bd8b42 (diff)
Merge remote-tracking branch 'prism/master'
-rw-r--r--krebs/3modules/syncthing.nix9
-rw-r--r--lass/1systems/mors/config.nix15
-rw-r--r--lass/2configs/green-host.nix13
-rw-r--r--lass/2configs/radio.nix19
-rw-r--r--lass/2configs/sync/decsync.nix15
-rw-r--r--lass/2configs/sync/weechat.nix12
-rw-r--r--lass/2configs/syncthing.nix20
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/ensure-permissions.nix66
-rw-r--r--makefu/1systems/sdev/config.nix14
-rw-r--r--makefu/1systems/x/config.nix51
-rw-r--r--makefu/2configs/binary-cache/gum.nix13
-rw-r--r--makefu/2configs/binary-cache/server.nix7
13 files changed, 116 insertions, 139 deletions
diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index bfbac1db9..897ba1e7f 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -10,7 +10,7 @@ let
addresses = peer.addresses;
}) cfg.peers;
- folders = map (folder: {
+ folders = mapAttrsToList ( _: folder: {
inherit (folder) path id type;
devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
rescanIntervalS = folder.rescanInterval;
@@ -81,17 +81,18 @@ in
};
folders = mkOption {
- default = [];
- type = types.listOf (types.submodule ({ config, ... }: {
+ default = {};
+ type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
path = mkOption {
type = types.absolute-pathname;
+ default = config._module.args.name;
};
id = mkOption {
type = types.str;
- default = config.path;
+ default = config._module.args.name;
};
peers = mkOption {
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 7e183f40f..f911b79d6 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -49,12 +49,15 @@ with import <stockholm/lib>;
];
}
{
- krebs.syncthing.folders = [
- { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" "prism" ]; }
- ];
- lass.ensure-permissions = [
- { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
- ];
+ krebs.syncthing.folders."the_playlist" = {
+ path = "/home/lass/tmp/the_playlist";
+ peers = [ "mors" "phone" "prism" ];
+ };
+ krebs.permown."/home/lass/tmp/the_playlist" = {
+ owner = "lass";
+ group = "syncthing";
+ umask = "0007";
+ };
}
{
lass.umts = {
diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix
index 860d7c113..1421eede7 100644
--- a/lass/2configs/green-host.nix
+++ b/lass/2configs/green-host.nix
@@ -20,13 +20,12 @@ with import <stockholm/lib>;
}
];
- lass.ensure-permissions = [
- { folder = "/var/lib/sync-containers"; owner = "root"; group = "syncthing"; }
- ];
-
- krebs.syncthing.folders = [
- { path = "/var/lib/sync-containers"; peers = [ "icarus" "skynet" "littleT" "shodan" ]; }
- ];
+ krebs.syncthing.folders."/var/lib/sync-containers".peers = [ "icarus" "skynet" "littleT" "shodan" ];
+ krebs.permown."/var/lib/sync-containers" = {
+ owner = "root";
+ group = "syncthing";
+ umask = "0007";
+ };
system.activationScripts.containerPermissions = ''
mkdir -p /var/lib/containers
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index d67d970f8..88899c554 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -10,7 +10,7 @@ let
source-password = import <secrets/icecast-source-pw>;
add_random = pkgs.writeDashBin "add_random" ''
- ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls | shuf -n1)"
+ ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls the_playlist/music | grep '\.ogg$' | shuf -n1)"
'';
skip_track = pkgs.writeDashBin "skip_track" ''
@@ -57,7 +57,7 @@ in {
services.mpd = {
enable = true;
group = "radio";
- musicDirectory = "/home/radio/the_playlist/music";
+ musicDirectory = "/home/radio/music";
extraConfig = ''
log_level "default"
auto_update "yes"
@@ -248,10 +248,13 @@ in {
alias ${html};
'';
};
- krebs.syncthing.folders = [
- { id = "the_playlist"; path = "/home/radio/music/the_playlist"; peers = [ "mors" "phone" "prism" ]; }
- ];
- lass.ensure-permissions = [
- { folder = "/home/radio/music/the_playlist"; owner = "radio"; group = "syncthing"; }
- ];
+ krebs.syncthing.folders."the_playlist" = {
+ path = "/home/radio/music/the_playlist";
+ peers = [ "mors" "phone" "prism" ];
+ };
+ krebs.permown."/home/radio/music/the_playlist" = {
+ owner = "radio";
+ group = "syncthing";
+ umask = "0002";
+ };
}
diff --git a/lass/2configs/sync/decsync.nix b/lass/2configs/sync/decsync.nix
index 94569c94d..c3f6511c2 100644
--- a/lass/2configs/sync/decsync.nix
+++ b/lass/2configs/sync/decsync.nix
@@ -1,8 +1,11 @@
{
- krebs.syncthing.folders = [
- { id = "decsync"; path = "/home/lass/decsync"; peers = [ "mors" "blue" "green" "phone" ]; }
- ];
- lass.ensure-permissions = [
- { folder = "/home/lass/decsync"; owner = "lass"; group = "syncthing"; }
- ];
+ krebs.syncthing.folders.decsync = {
+ path = "/home/lass/decsync";
+ peers = [ "mors" "blue" "green" "phone" ];
+ };
+ krebs.permown."/home/lass/decsync" = {
+ owner = "lass";
+ group = "syncthing";
+ umask = "0007";
+ };
}
diff --git a/lass/2configs/sync/weechat.nix b/lass/2configs/sync/weechat.nix
index d10177b1d..30c7b262b 100644
--- a/lass/2configs/sync/weechat.nix
+++ b/lass/2configs/sync/weechat.nix
@@ -1,8 +1,8 @@
{
- krebs.syncthing.folders = [
- { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; }
- ];
- lass.ensure-permissions = [
- { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; }
- ];
+ krebs.syncthing.folders."/home/lass/.weechat".peers = [ "blue" "green" "mors" ];
+ krebs.permown."/home/lass/.weechat" = {
+ owner = "lass";
+ group = "syncthing";
+ umask = "0007";
+ };
}
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
index fc10b2cb4..48f2625c1 100644
--- a/lass/2configs/syncthing.nix
+++ b/lass/2configs/syncthing.nix
@@ -1,6 +1,6 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-{
+{ config, pkgs, ... }: with import <stockholm/lib>; let
+ peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
+in {
services.syncthing = {
enable = true;
group = "syncthing";
@@ -14,17 +14,17 @@ with import <stockholm/lib>;
enable = true;
cert = toString <secrets/syncthing.cert>;
key = toString <secrets/syncthing.key>;
- peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
- folders = [
- { path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism" "shodan" ]; }
- ];
+ peers = peers;
+ folders."/home/lass/sync".peers = attrNames peers;
};
system.activationScripts.syncthing-home = ''
${pkgs.coreutils}/bin/chmod a+x /home/lass
'';
- lass.ensure-permissions = [
- { folder = "/home/lass/sync"; owner = "lass"; group = "syncthing"; }
- ];
+ krebs.permown."/home/lass/sync" = {
+ owner = "lass";
+ group = "syncthing";
+ umask = "0007";
+ };
}
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 59043aeb1..613c7c8ac 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -3,7 +3,6 @@ _:
imports = [
./dnsmasq.nix
./ejabberd
- ./ensure-permissions.nix
./folderPerms.nix
./hosts.nix
./mysql-backup.nix
diff --git a/lass/3modules/ensure-permissions.nix b/lass/3modules/ensure-permissions.nix
deleted file mode 100644
index 36edc1127..000000000
--- a/lass/3modules/ensure-permissions.nix
+++ /dev/null
@@ -1,66 +0,0 @@
-{ config, pkgs, ... }: with import <stockholm/lib>;
-
-let
-
- cfg = config.lass.ensure-permissions;
-
-in
-
-{
- options.lass.ensure-permissions = mkOption {
- default = [];
- type = types.listOf (types.submodule ({
- options = {
-
- folder = mkOption {
- type = types.absolute-pathname;
- };
-
- owner = mkOption {
- # TODO user type
- type = types.str;
- default = "root";
- };
-
- group = mkOption {
- # TODO group type
- type = types.str;
- default = "root";
- };
-
- permission = mkOption {
- # TODO permission type
- type = types.str;
- default = "u+rw,g+rw";
- };
-
- };
- }));
- };
-
- config = mkIf (cfg != []) {
-
- system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: ''
- ${pkgs.coreutils}/bin/mkdir -p ${plan.folder}
- ${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder}
- ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder}
- '') cfg;
- systemd.services =
- listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" {
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- Restart = "always";
- RestartSec = 10;
- ExecStart = pkgs.writeDash "ensure-perms" ''
- ${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \
- | while IFS= read -r FILE; do
- ${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null
- ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null
- done
- '';
- };
- }) cfg)
- ;
-
- };
-}
diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix
index 2f289d500..66f822c02 100644
--- a/makefu/1systems/sdev/config.nix
+++ b/makefu/1systems/sdev/config.nix
@@ -6,13 +6,13 @@
[ # Include the results of the hardware scan.
<stockholm/makefu>
- <stockholm/makefu/2configs/hw/vbox-guest.nix>
- #{ # until virtualbox-image is fixed
- # imports = [
- # <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
- # ];
- # boot.loader.grub.device = lib.mkForce "/dev/sda";
- #}
+ # <stockholm/makefu/2configs/hw/vbox-guest.nix> # broken since 2019-04-18
+ { # until virtualbox-image is fixed
+ imports = [
+ <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
+ ];
+ boot.loader.grub.device = lib.mkForce "/dev/sda";
+ }
<stockholm/makefu/2configs/main-laptop.nix>
# <secrets/extra-hosts.nix>
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index de55e9e89..3c5e50c4b 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -11,9 +11,13 @@
<stockholm/makefu/2configs/home-manager/desktop.nix>
<stockholm/makefu/2configs/home-manager/cli.nix>
<stockholm/makefu/2configs/home-manager/mail.nix>
+ <stockholm/makefu/2configs/home-manager/taskwarrior.nix>
+
<stockholm/makefu/2configs/main-laptop.nix>
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
+ { programs.adb.enable = true; }
+
<stockholm/makefu/2configs/dict.nix>
#<stockholm/makefu/3modules/netboot_server.nix>
#{
@@ -23,7 +27,14 @@
# };
#}
+ # Restore:
+ # systemctl cat borgbackup-job-state
+ # export BORG_PASSCOMMAND BORG_REPO BORG_RSH
+ # borg list "$BORG_REPO"
+ # mount newroot somewhere && cd somewhere
+ # borg extract "$BORG_REPO::x-state-2019-04-17T01:41:51" --progress # < extract to cwd
<stockholm/makefu/2configs/backup/state.nix>
+
# <stockholm/makefu/2configs/dnscrypt/client.nix>
<stockholm/makefu/2configs/avahi.nix>
<stockholm/makefu/2configs/support-nixos.nix>
@@ -46,19 +57,18 @@
# Krebs
<stockholm/makefu/2configs/tinc/retiolum.nix>
- <stockholm/makefu/2configs/share/gum-client.nix>
+ # <stockholm/makefu/2configs/share/gum-client.nix>
# applications
<stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/mail-client.nix>
<stockholm/makefu/2configs/printer.nix>
- <stockholm/makefu/2configs/task-client.nix>
# <stockholm/makefu/2configs/syncthing.nix>
# Virtualization
- <stockholm/makefu/2configs/virtualisation/libvirt.nix>
- <stockholm/makefu/2configs/virtualisation/docker.nix>
+ # <stockholm/makefu/2configs/virtualisation/libvirt.nix>
+ # <stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/virtualisation/virtualbox.nix>
#{
# networking.firewall.allowedTCPPorts = [ 8080 ];
@@ -71,35 +81,43 @@
# Services
<stockholm/makefu/2configs/git/brain-retiolum.nix>
<stockholm/makefu/2configs/tor.nix>
- <stockholm/makefu/2configs/vpn/vpngate.nix>
+ # <stockholm/makefu/2configs/vpn/vpngate.nix>
# <stockholm/makefu/2configs/buildbot-standalone.nix>
<stockholm/makefu/2configs/remote-build/aarch64-community.nix>
- <stockholm/makefu/2configs/remote-build/gum.nix>
- { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; }
+ # <stockholm/makefu/2configs/remote-build/gum.nix>
+ # { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; }
+
+ <stockholm/makefu/2configs/binary-cache/gum.nix>
+ <stockholm/makefu/2configs/binary-cache/lass.nix>
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
- <stockholm/makefu/2configs/hw/mceusb.nix>
- <stockholm/makefu/2configs/hw/malduino_elite.nix>
+ # <stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/hw/tpm.nix>
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
- <stockholm/makefu/2configs/hw/stk1160.nix>
- <stockholm/makefu/2configs/hw/irtoy.nix>
+ # <stockholm/makefu/2configs/hw/stk1160.nix>
+ # <stockholm/makefu/2configs/hw/irtoy.nix>
+ # <stockholm/makefu/2configs/hw/malduino_elite.nix>
<stockholm/makefu/2configs/hw/switch.nix>
<stockholm/makefu/2configs/hw/bluetooth.nix>
# <stockholm/makefu/2configs/hw/rad1o.nix>
<stockholm/makefu/2configs/hw/smartcard.nix>
+ {
+ services.upower.enable = true;
+ users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ];
+ }
+
# Filesystem
<stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
- { programs.adb.enable = true; }
+
# temporary
- { services.redis.enable = true; }
- <stockholm/makefu/2configs/pyload.nix>
+ # { services.redis.enable = true; }
+ # <stockholm/makefu/2configs/pyload.nix>
# <stockholm/makefu/2configs/dcpp/airdcpp.nix>
# <stockholm/makefu/2configs/nginx/rompr.nix>
# <stockholm/makefu/2configs/lanparty/lancache.nix>
@@ -136,6 +154,9 @@
makefu.server.primary-itf = "wlp3s0";
nixpkgs.config.allowUnfree = true;
+ nixpkgs.config.oraclejdk.accept_license = true;
+
+
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
@@ -163,7 +184,6 @@
"/home/makefu/.ssh/"
"/home/makefu/.zsh_history"
"/home/makefu/.bash_history"
- "/home/makefu/.zshrc"
"/home/makefu/bin"
"/home/makefu/.gnupg"
"/home/makefu/.imapfilter"
@@ -171,6 +191,7 @@
"/home/makefu/docs"
"/home/makefu/.password-store"
"/home/makefu/.secrets-pass"
+ "/home/makefu/.config/syncthing"
];
services.syncthing.user = lib.mkForce "makefu";
diff --git a/makefu/2configs/binary-cache/gum.nix b/makefu/2configs/binary-cache/gum.nix
new file mode 100644
index 000000000..fc54bd917
--- /dev/null
+++ b/makefu/2configs/binary-cache/gum.nix
@@ -0,0 +1,13 @@
+
+{ config, ... }:
+
+{
+ nix = {
+ binaryCaches = [
+ "https://cache.euer.krebsco.de/"
+ ];
+ binaryCachePublicKeys = [
+ "gum:iIXIFlCAotib+MgI3V/i3HMlFXiVYOT/jfP0y54Zuvg="
+ ];
+ };
+}
diff --git a/makefu/2configs/binary-cache/server.nix b/makefu/2configs/binary-cache/server.nix
index ad6256830..c8f68c84d 100644
--- a/makefu/2configs/binary-cache/server.nix
+++ b/makefu/2configs/binary-cache/server.nix
@@ -19,9 +19,10 @@
};
services.nginx = {
enable = true;
- virtualHosts.nix-serve = {
- serverAliases = [ "cache.gum.r"
- "cache.euer.krebsco.de"
+ virtualHosts."cache.euer.krebsco.de" = {
+ forceSSL = true;
+ enableACME = true;
+ serverAliases = [ # "cache.gum.r"
"cache.gum.krebsco.de"
];
locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";