diff options
author | tv <tv@krebsco.de> | 2017-04-12 09:24:46 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2017-04-12 09:24:46 +0200 |
commit | 0248fce6be6705de4a6beab0f2a9336550df9d18 (patch) | |
tree | 6865e194d5df1f9f77a03da06192d5034f97cacf | |
parent | 75f43655d379a7aeed58b9cb423759b8a3696a9a (diff) | |
parent | 9224e9c4c8432ce8d7788592b9d25cfc29440ee6 (diff) |
Merge remote-tracking branch 'prism/makefu'
25 files changed, 239 insertions, 127 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index f336c966f..d24cea1a2 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -20,6 +20,7 @@ let ./github-hosts-sync.nix ./git.nix ./go.nix + ./htgen.nix ./iptables.nix ./kapacitor.nix ./monit.nix diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix new file mode 100644 index 000000000..0dddca6c8 --- /dev/null +++ b/krebs/3modules/htgen.nix @@ -0,0 +1,68 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + cfg = config.krebs.htgen; + + out = { + options.krebs.htgen = api; + config = imp; + }; + + api = mkOption { + default = {}; + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + enable = mkEnableOption "krebs.htgen-${config.name}"; + + name = mkOption { + type = types.username; + default = config._module.args.name; + }; + + port = mkOption { + type = types.uint; + }; + + script = mkOption { + type = types.str; + }; + user = mkOption { + type = types.user; + default = { + name = "htgen-${config.name}"; + home = "/var/lib/htgen-${config.name}"; + }; + }; + }; + })); + }; + imp = { + + systemd.services = mapAttrs' (name: htgen: + nameValuePair "htgen-${name}" { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + environment = { + HTGEN_PORT = toString htgen.port; + HTGEN_SCRIPT = htgen.script; + }; + serviceConfig = { + SyslogIdentifier = "htgen"; + User = htgen.user.name; + PrivateTmp = true; + Restart = "always"; + ExecStart = "${pkgs.htgen}/bin/htgen --serve"; + }; + } + ) cfg; + + users.users = mapAttrs' (name: htgen: + nameValuePair htgen.user.name { + inherit (htgen.user) home name uid; + createHome = true; + } + ) cfg; + + }; +in out diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 489f62b65..8e5927f9d 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -285,12 +285,9 @@ with import <stockholm/lib>; cores = 1; extraZones = { "krebsco.de" = '' - euer IN A ${nets.internet.ip4.addr} - wiki.euer IN A ${nets.internet.ip4.addr} - wry IN A ${nets.internet.ip4.addr} - io IN NS wry.krebsco.de. - graphs IN A ${nets.internet.ip4.addr} - tinc IN A ${nets.internet.ip4.addr} + wry IN A ${nets.internet.ip4.addr} + io IN NS wry.krebsco.de. + tinc IN A ${nets.internet.ip4.addr} ''; }; nets = rec { @@ -307,13 +304,8 @@ with import <stockholm/lib>; ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad"; aliases = [ "graphs.wry.retiolum" - "graphs.r" "graphs.retiolum" "paste.wry.retiolum" "wry.r" "wry.retiolum" - "wiki.makefu.retiolum" - "wiki.wry.retiolum" - "blog.makefu.retiolum" - "blog.wry.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -452,6 +444,9 @@ with import <stockholm/lib>; cgit.euer IN A ${nets.internet.ip4.addr} o.euer IN A ${nets.internet.ip4.addr} dl.euer IN A ${nets.internet.ip4.addr} + euer IN A ${nets.internet.ip4.addr} + wiki.euer IN A ${nets.internet.ip4.addr} + graphs IN A ${nets.internet.ip4.addr} ''; }; nets = rec { @@ -464,7 +459,7 @@ with import <stockholm/lib>; retiolum = { via = internet; ip4.addr = "10.243.0.211"; - ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2"; + # ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2"; aliases = [ "gum.r" "gum.retiolum" @@ -473,6 +468,12 @@ with import <stockholm/lib>; "o.gum.retiolum" "tracker.makefu.r" "tracker.makefu.retiolum" + + "graphs.r" "graphs.retiolum" + "wiki.makefu.retiolum" + "wiki.wry.retiolum" + "blog.makefu.retiolum" + "blog.wry.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/5pkgs/apt-cacher-ng/default.nix b/krebs/5pkgs/apt-cacher-ng/default.nix index 53736dcfb..e3986713b 100644 --- a/krebs/5pkgs/apt-cacher-ng/default.nix +++ b/krebs/5pkgs/apt-cacher-ng/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "apt-cacher-ng-${version}"; - version = "0.9.3.2"; + version = "2"; src = fetchurl { url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz"; - sha256 = "1bvng9mwrggvc93q2alj0x72i56wifnjs2dsycr17mapsv0f2gnc"; + sha256 = "0bkc3012vinridl5ch46pwnxjalymx4wf6nxax64nm7bdkcj9azf"; }; NIX_LDFLAGS = "-lpthread"; diff --git a/krebs/5pkgs/htgen/default.nix b/krebs/5pkgs/htgen/default.nix new file mode 100644 index 000000000..f9dfeb3d1 --- /dev/null +++ b/krebs/5pkgs/htgen/default.nix @@ -0,0 +1,28 @@ +{ bash, coreutils, gnused, stdenv, fetchgit, ucspi-tcp }: +with import <stockholm/lib>; +let + version = "1.1"; +in stdenv.mkDerivation { + name = "htgen-${version}"; + + src = fetchgit { + url = "http://cgit.krebsco.de/htgen"; + rev = "refs/tags/v${version}"; + sha256 = "1zxj0fv9vdrqyl3x2hgq7a6xdlzpclf93akygysrzsqk9wjapp4z"; + }; + + installPhase = '' + mkdir -p $out/bin + { + echo '#! ${bash}/bin/bash' + echo 'export PATH=${makeBinPath [ + ucspi-tcp + coreutils + gnused + ]}''${PATH+":$PATH"}' + cat htgen + } > $out/bin/htgen + chmod +x $out/bin/htgen + cp -r examples $out + ''; +} diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 710eb9461..be08d0ec1 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -32,10 +32,13 @@ let public-repos = mapAttrs make-public-repo { stockholm = { cgit.desc = "take all the computers hostage, they'll love you!"; + cgit.section = "configuration"; }; - kimsufi-check = {}; } // mapAttrs make-public-repo-silent { - the_playlist = {}; + the_playlist = { + cgit.desc = "Good Music collection + tools"; + cgit.section = "art"; + }; }; restricted-repos = mapAttrs make-restricted-repo ( diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index dfea637ed..74e508549 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -10,6 +10,7 @@ let public = true; name = mkDefault "${name}"; cgit.desc = mkDefault "mirror for ${name}"; + cgit.section = mkDefault "mirror"; hooks = mkIf announce (mkDefault { post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index daecdcd2f..fde3f7c2b 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -120,6 +120,7 @@ in { sender_domains = [ "jla-trading.com" "ubikmedia.eu" + "ubikmedia.de" ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 910493026..c39997ebf 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -29,9 +29,12 @@ in { ../2configs/deployment/owncloud.nix ../2configs/nginx/share-download.nix ../2configs/nginx/euer.test.nix + ../2configs/nginx/euer.wiki.nix + ../2configs/nginx/euer.blog.nix ../2configs/nginx/public_html.nix ../2configs/nginx/update.connector.one.nix ../2configs/deployment/mycube.connector.one.nix + ../2configs/deployment/graphs.nix # ../2configs/opentracker.nix ../2configs/logging/central-stats-client.nix diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index a6a336fed..99303b604 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -43,7 +43,6 @@ in { # TODO: unlock home partition via ssh ../2configs/fs/sda-crypto-root.nix ../2configs/zsh-user.nix - ../2configs/urlwatch.nix ../2configs/backup.nix ../2configs/exim-retiolum.nix ../2configs/smart-monitor.nix @@ -182,5 +181,17 @@ in { zramSwap.enable = true; + krebs.Reaktor.reaktor = { + nickname = "Reaktor|bot"; + channels = [ "#krebs" "#shackspace" "#binaergewitter" ]; + plugins = with pkgs.ReaktorPlugins;[ + titlebot + # stockholm-issue + nixos-version + shack-correct + sed-plugin + random-emoji ]; + }; + krebs.build.host = config.krebs.hosts.omo; } diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 2457ab92e..a5c4d3cca 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -19,8 +19,6 @@ in { ../2configs/backup.nix # other nginx - ../2configs/nginx/euer.wiki.nix - ../2configs/nginx/euer.blog.nix # ../2configs/nginx/euer.test.nix # collectd @@ -33,46 +31,9 @@ in { krebs.build.host = config.krebs.hosts.wry; - krebs.Reaktor.reaktor = { - nickname = "Reaktor|bot"; - channels = [ "#krebs" "#shackspace" "#binaergewitter" ]; - plugins = with pkgs.ReaktorPlugins;[ - titlebot - # stockholm-issue - nixos-version - shack-correct - sed-plugin - random-emoji ]; - }; - # prepare graphs services.nginx.enable = true; krebs.retiolum-bootstrap.enable = true; - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${external-ip}" ) { - return 403; - } - ''; - krebs.tinc_graphs = { - enable = true; - nginx = { - enable = true; - # TODO: remove hard-coded hostname - complete = { - extraConfig = '' - if ( $server_addr = "${external-ip}" ) { - return 403; - } - ''; - serverAliases = [ "graphs.retiolum" "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ]; - }; - anonymous = { - enableSSL = true; - forceSSL = true; - enableACME = true; - }; - }; - }; networking = { firewall = { diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 9666f50ff..9cedc04a8 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -8,6 +8,7 @@ [ # base ../. ../2configs/main-laptop.nix + ../2configs/extra-fonts.nix ../2configs/tools/all.nix ../2configs/laptop-backup.nix ../2configs/dnscrypt.nix @@ -46,7 +47,7 @@ ../2configs/mail-client.nix ../2configs/printer.nix ../2configs/virtualization.nix - # ../2configs/virtualization-virtualbox.nix + ../2configs/virtualization-virtualbox.nix ../2configs/wwan.nix ../2configs/rad1o.nix diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix index 280dc1df4..9ed890326 100644 --- a/makefu/2configs/backup.nix +++ b/makefu/2configs/backup.nix @@ -29,7 +29,7 @@ let }; in { krebs.backup.plans = { - wry-to-omo_root = defaultPull config.krebs.hosts.wry "/"; + # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/"; gum-to-omo_root = defaultPull config.krebs.hosts.gum "/"; }; } diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 43b37cd8c..ba4c551b3 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -41,7 +41,7 @@ in fonts = { enableCoreFonts = true; enableFontDir = true; - enableGhostscriptFonts = false; + enableGhostscriptFonts = true; fonts = [ pkgs.terminus_font ]; }; @@ -62,7 +62,7 @@ in cat |derp <<EOF XTerm*background: black XTerm*foreground: white - XTerm*FaceName : Terminus:pixelsize=14 + XTerm*FaceName : xft:xos4 Terminus:pixelsize=14 URxvt*termName: rxvt URxvt*saveLines: 10000 @@ -74,7 +74,8 @@ in URxvt.background: black URxvt.urgentOnBell: true URxvt.visualBell: false - URxvt.font : xft:Terminus + URxvt.font : xft:xos4 Terminus:size=12 + ! blue URxvt*color4: #268bd2 diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix index 936aaf004..ecf5f8a38 100644 --- a/makefu/2configs/bepasty-dual.nix +++ b/makefu/2configs/bepasty-dual.nix @@ -14,7 +14,7 @@ with import <stockholm/lib>; let sec = toString <secrets>; # secKey is nothing worth protecting on a local machine - secKey = import <secrets/bepasty-secret.nix>; + secKey = "${secrets}/bepasty-secret"; acmepath = "/var/lib/acme/"; acmechall = acmepath + "/challenges/"; ext-dom = "paste.krebsco.de" ; @@ -31,7 +31,7 @@ in { serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; }; defaultPermissions = "admin,list,create,read,delete"; - secretKey = secKey; + secretKeyFile = secKey; }; "${ext-dom}" = { @@ -41,7 +41,7 @@ in { enableACME = true; }; defaultPermissions = "read"; - secretKey = secKey; + secretKeyFile = secKey; }; }; }; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 1ad7f0710..7b2e6b617 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,7 +22,7 @@ with import <stockholm/lib>; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "53a2baa"; # unstable @ 2017-02-28 + ref = "2982661"; # unstable @ 2017-03-31 + cups-dymo + snapraid-11.1 in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix new file mode 100644 index 000000000..35a724f6a --- /dev/null +++ b/makefu/2configs/deployment/graphs.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + hn = config.krebs.build.host.name; +in { + krebs.bepasty.servers."paste.r".nginx.extraConfig = '' + if ( $server_addr = "${external-ip}" ) { + return 403; + } + ''; + krebs.tinc_graphs = { + enable = true; + nginx = { + enable = true; + # TODO: remove hard-coded hostname + complete = { + extraConfig = '' + if ( $server_addr = "${external-ip}" ) { + return 403; + } + ''; + serverAliases = [ + "graphs.r" "graphs.retiolum" + "graphs.${hn}" "graphs.${hn}.retiolum" + ]; + }; + anonymous = { + enableSSL = true; + forceSSL = true; + enableACME = true; + }; + }; + }; +} diff --git a/makefu/2configs/extra-fonts.nix b/makefu/2configs/extra-fonts.nix new file mode 100644 index 000000000..7b3a5f197 --- /dev/null +++ b/makefu/2configs/extra-fonts.nix @@ -0,0 +1,14 @@ + { pkgs, ... }: + { + fonts = { + enableFontDir = true; + enableGhostscriptFonts = true; + fonts = with pkgs; [ + inconsolata # monospaced + ubuntu_font_family # Ubuntu fonts + unifont # some international languages + dejavu_fonts + terminus_font + ]; + }; + } diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index 7c7b00abc..509ed512d 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -5,7 +5,7 @@ enable = true; drivers = [ pkgs.samsungUnifiedLinuxDriver - pkgs.dymo-cups-drivers + pkgs.cups-dymo ]; }; diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index 20eb031a1..d1dcec657 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -9,7 +9,7 @@ ## nixpkgs maintenance https://api.github.com/repos/ovh/python-ovh/tags https://api.github.com/repos/embray/d2to1/tags - http://git.sysphere.org/vicious/log/?qt=grep&q=Next+release + https://api.github.com/repos/Mic92/vicious/tags https://pypi.python.org/simple/bepasty/ https://pypi.python.org/simple/xstatic/ http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ @@ -19,6 +19,7 @@ https://api.github.com/repos/embray/d2to1/tags https://api.github.com/repos/dorimanx/exfat-nofuse/commits https://api.github.com/repos/dorimanx/exfat-nofuse/tags + https://api.github.com/repos/radare/radare2/tags ]; }; } diff --git a/makefu/5pkgs/awesomecfg/default.nix b/makefu/5pkgs/awesomecfg/default.nix index c2276887e..b94b6fa54 100644 --- a/makefu/5pkgs/awesomecfg/default.nix +++ b/makefu/5pkgs/awesomecfg/default.nix @@ -1,6 +1,7 @@ _: { + # TODO: requires in path: amixer, xlock, xbacklight full = ./full.cfg; kiosk = ./kiosk.lua; } diff --git a/makefu/5pkgs/dymo-cups-drivers/default.nix b/makefu/5pkgs/dymo-cups-drivers/default.nix deleted file mode 100644 index d47bae6dd..000000000 --- a/makefu/5pkgs/dymo-cups-drivers/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ stdenv, lib, pkgs, fetchurl, cups, ... }: - -stdenv.mkDerivation rec { - name = "dymo-cups-drivers-${version}"; - version = "1.4.0"; - src = fetchurl { - url = "http://download.dymo.com/dymo/Software/Download%20Drivers/Linux/Download/${name}.tar.gz"; - sha256 = "0wagsrz3q7yrkzb5ws0m5faq68rqnqfap9p98sgk5jl6x7krf1y6"; - }; - buildInputs = [ cups ]; - makeFlags = [ "cupsfilterdir=$(out)/lib/cups/filter" "cupsmodeldir=$(out)/share/cups/model" ]; - - # acd_cli gets dumped in bin and gets overwritten by fixupPhase - meta = { - description = "Dymo printer drivers"; - }; -} diff --git a/makefu/5pkgs/taskserver/default.nix b/makefu/5pkgs/taskserver/default.nix deleted file mode 100644 index a1502b4d6..000000000 --- a/makefu/5pkgs/taskserver/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ stdenv, fetchurl, cmake, libuuid, gnutls, makeWrapper }: - -stdenv.mkDerivation rec { - name = "taskserver-${version}"; - version = "1.1.0"; - - enableParallelBuilding = true; - - src = fetchurl { - url = "http://www.taskwarrior.org/download/taskd-${version}.tar.gz"; - sha256 = "1d110q9vw8g5syzihxymik7hd27z1592wkpz55kya6lphzk8i13v"; - }; - - patchPhase = '' - pkipath=$out/share/taskd/pki - mkdir -p $pkipath - cp -r pki/* $pkipath - echo "patching paths in pki/generate" - sed -i "s#^\.#$pkipath#" $pkipath/generate - for f in $pkipath/generate* ;do - i=$(basename $f) - echo patching $i - sed -i \ - -e 's/which/type -p/g' \ - -e 's#^\. ./vars#if test -e ./vars;then . ./vars; else echo "cannot find ./vars - copy the template from '$pkipath'/vars into the working directory";exit 1; fi#' $f - - echo wrapping $i - makeWrapper $pkipath/$i $out/bin/taskd-pki-$i \ - --prefix PATH : ${gnutls}/bin/ - done - ''; - - buildInputs = [ makeWrapper ]; - nativeBuildInputs = [ cmake libuuid gnutls ]; - - meta = { - description = "Server for synchronising Taskwarrior clients"; - homepage = http://taskwarrior.org; - license = stdenv.lib.licenses.mit; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ matthiasbeyer makefu ]; - }; -} diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index b0b822780..722a08812 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -15,6 +15,7 @@ in ../2configs/cgit-mirror.nix ../2configs/repo-sync.nix ../2configs/graphite.nix + ../2configs/share-shack.nix ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) diff --git a/shared/2configs/share-shack.nix b/shared/2configs/share-shack.nix new file mode 100644 index 000000000..247b9ee7d --- /dev/null +++ b/shared/2configs/share-shack.nix @@ -0,0 +1,38 @@ +{config, ... }:{ + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + group = "share"; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + + networking.firewall.allowedTCPPorts = [ + 139 445 # samba + ]; + + networking.firewall.allowedUDPPorts = [ + 137 138 + ]; + services.samba = { + enable = true; + shares = { + share-home = { + path = "/home/share/"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} |