Merge remote-tracking branch 'gum/master'

10 files changed, 97 insertions, 32 deletions

diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix
index c634d73ce..dca00a206 100644
--- a/krebs/1systems/onebutton/config.nix
+++ b/krebs/1systems/onebutton/config.nix
@@ -1,33 +1,34 @@
 { config, pkgs, lib, ... }:
 {
+  # :l <nixpkgs>
+  # builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; })
   imports = [
     <stockholm/krebs>
     <stockholm/krebs/2configs>
-    { # minimal disk usage
-      environment.noXlibs = true;
+    { # flag to rebuild everything yourself:
+      # environment.noXlibs = true;
+
+      # minimal disk usage
       nix.gc.automatic = true;
       nix.gc.dates = "03:10";
-      programs.info.enable = false;
-      programs.man.enable = false;
-      services.journald.extraConfig = "SystemMaxUse=50M";
+      documentation.man.enable = false;
+      documentation.info.enable = false;
       services.nixosManual.enable = false;
+      services.journald.extraConfig = "SystemMaxUse=50M";
     }
   ];
   krebs.build.host = config.krebs.hosts.onebutton;
   # NixOS wants to enable GRUB by default
   boot.loader.grub.enable = false;
+
   # Enables the generation of /boot/extlinux/extlinux.conf
   boot.loader.generic-extlinux-compatible.enable = true;
 
-  # !!! If your board is a Raspberry Pi 1, select this:
   boot.kernelPackages = pkgs.linuxPackages_rpi;
 
   nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
   nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
 
-  # !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
-  # boot.kernelParams = ["cma=32M"];
-
   fileSystems = {
     "/boot" = {
       device = "/dev/disk/by-label/NIXOS_BOOT";
@@ -41,4 +42,7 @@
 
   swapDevices = [ { device = "/swapfile"; size = 1024; } ];
   services.openssh.enable = true;
+
+  networking.wireless.enable = true;
+  hardware.enableRedistributableFirmware = true;
 }
diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix
index 838c1958e..44176a341 100644
--- a/krebs/2configs/shack/worlddomination.nix
+++ b/krebs/2configs/shack/worlddomination.nix
@@ -75,6 +75,7 @@ let
   };
   wdpath = "/usr/worlddomination/wd.lst";
   esphost = "10.42.24.7"; # esp8266
+  afrihost = "10.42.25.201"; # africa
   timeout = 10; # minutes
 in {
   systemd.services.worlddomination = {
@@ -88,4 +89,16 @@ in {
       PermissionsStartOnly = true;
     };
   };
+
+  systemd.services.worlddomination-africa = {
+    description = "run worlddomination africa";
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      User = "nobody"; # TODO separate user
+      ExecStart = "${pkg}/bin/push-led ${afrihost} ${pkg}/${wdpath} loop ${toString timeout}";
+      Restart = "always";
+      PrivateTmp = true;
+      PermissionsStartOnly = true;
+    };
+  };
 }
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 578e4add8..9b6d9d571 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -62,6 +62,7 @@ in {
       ## Web
       <stockholm/makefu/2configs/nginx/share-download.nix>
       <stockholm/makefu/2configs/nginx/euer.test.nix>
+      <stockholm/makefu/2configs/nginx/euer.mon.nix>
       <stockholm/makefu/2configs/nginx/euer.wiki.nix>
       <stockholm/makefu/2configs/nginx/euer.blog.nix>
       # <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix
index b3ce743ca..e3ca472e4 100644
--- a/makefu/1systems/gum/source.nix
+++ b/makefu/1systems/gum/source.nix
@@ -1,4 +1,5 @@
 import <stockholm/makefu/source.nix> {
   name="gum";
   torrent = true;
+  clever_kexec = true;
 }
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index bed6ae9fd..a85d5f5ce 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -50,6 +50,7 @@ in {
       <stockholm/makefu/2configs/smart-monitor.nix>
       <stockholm/makefu/2configs/mail-client.nix>
       <stockholm/makefu/2configs/mosh.nix>
+      <stockholm/makefu/2configs/tools/mobility.nix>
       # <stockholm/makefu/2configs/disable_v6.nix>
       #<stockholm/makefu/2configs/graphite-standalone.nix>
       #<stockholm/makefu/2configs/share-user-sftp.nix>
@@ -85,7 +86,7 @@ in {
       <stockholm/makefu/2configs/sshd-totp.nix>
       # <stockholm/makefu/2configs/logging/central-logging-client.nix>
 
-      # <stockholm/makefu/2configs/torrent.nix>
+      <stockholm/makefu/2configs/torrent.nix>
 
       # <stockholm/makefu/2configs/elchos/search.nix>
       # <stockholm/makefu/2configs/elchos/log.nix>
@@ -100,7 +101,7 @@ in {
   makefu.full-populate = true;
   makefu.server.primary-itf = primaryInterface;
   krebs.rtorrent = {
-    downloadDir = lib.mkForce "/media/crypt0/torrent";
+    downloadDir = lib.mkForce "/media/cryptX/torrent";
     extraConfig = ''
       upload_rate = 200
     '';
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index 42f3bddb1..3cf3274f9 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -52,9 +52,10 @@ in {
           db = "collectd_db";
           logging-interface = "enp0s25";
         in {
+          networking.firewall.allowedTCPPorts = [ 3000 ];
+
           services.grafana.enable = true;
           services.grafana.addr = "0.0.0.0";
-
           services.influxdb.enable = true;
           services.influxdb.extraConfig = {
             meta.hostname = config.krebs.build.host.name;
diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix
index 7e29849b1..d322c683d 100644
--- a/makefu/2configs/hw/network-manager.nix
+++ b/makefu/2configs/hw/network-manager.nix
@@ -11,9 +11,8 @@
 
   systemd.services.modemmanager = {
     description = "ModemManager";
-    after = [ "network-manager.service" ];
     bindsTo = [ "network-manager.service" ];
-    wantedBy = [ "network-manager.service" ];
+    wantedBy = [ "network-manager.service" "multi-user.target" ];
     serviceConfig = {
       ExecStart = "${pkgs.modemmanager}/bin/ModemManager";
       PrivateTmp = true;
diff --git a/makefu/2configs/nginx/euer.mon.nix b/makefu/2configs/nginx/euer.mon.nix
new file mode 100644
index 000000000..c5a7e68af
--- /dev/null
+++ b/makefu/2configs/nginx/euer.mon.nix
@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+  hostname = config.krebs.build.host.name;
+  user = config.services.nginx.user;
+  group = config.services.nginx.group;
+  external-ip = config.krebs.build.host.nets.internet.ip4.addr;
+  internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+in {
+  services.nginx = {
+    enable = mkDefault true;
+    virtualHosts."mon.euer.krebsco.de" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" =  {
+        proxyPass = "http://wbob.r:3000/";
+        extraConfig = ''
+          proxy_set_header   Host $host;
+          proxy_set_header   X-Real-IP          $remote_addr;
+          proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+        '';
+      };
+    };
+  };
+}
diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix
index 2f80b08c9..898bae10d 100644
--- a/makefu/2configs/tools/core-gui.nix
+++ b/makefu/2configs/tools/core-gui.nix
@@ -1,10 +1,6 @@
 { pkgs, ... }:
 
 {
-  nixpkgs.config.firefox = {
-    enableAdobeFlash = true;
-  };
-
   krebs.per-user.makefu.packages = with pkgs; [
     chromium
     clipit
diff --git a/makefu/source.nix b/makefu/source.nix
index bcdb66a66..40aeac8b6 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -1,14 +1,16 @@
 with import <stockholm/lib>;
 host@{ name,
   override ? {}
-,  secure ? false
-,  full ? false
-,  torrent ? false
-,  hw ? false
-,  musnix ? false
-,  python ? false
-,  unstable ? false #unstable channel checked out
-,  mic92 ? false
+, secure ? false
+, full ? false
+, torrent ? false
+, hw ? false
+, musnix ? false
+, python ? false
+, unstable ? false #unstable channel checked out
+, mic92 ? false
+, nms ? false
+, clever_kexec ?false
 }:
 let
   builder = if getEnv "dummy_secrets" == "true"
@@ -42,11 +44,15 @@ in
           file = "/home/makefu/store/${ref}";
         };
 
-      secrets.file = getAttr builder {
-        buildbot = toString <stockholm/makefu/6tests/data/secrets>;
-        makefu = "/home/makefu/secrets/${name}";
+      secrets = getAttr builder {
+        buildbot.file = toString <stockholm/makefu/6tests/data/secrets>;
+        makefu.pass = {
+          inherit name;
+          dir = "${getEnv "HOME"}/.secrets-pass";
+        };
       };
 
+
       stockholm.file = toString <stockholm>;
       stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
     }
@@ -72,9 +78,12 @@ in
     })
 
     (mkIf ( torrent ) {
-      torrent-secrets.file = getAttr builder {
-        buildbot = toString <stockholm/makefu/6tests/data/secrets>;
-        makefu = "/home/makefu/secrets/torrent" ;
+      torrent-secrets = getAttr builder {
+        buildbot.file = toString <stockholm/makefu/6tests/data/secrets>;
+        makefu.pass = {
+          name = "torrent";
+          dir = "${getEnv "HOME"}/.secrets-pass";
+        };
       };
     })
 
@@ -92,5 +101,19 @@ in
       };
     })
 
+    (mkIf ( nms ) {
+      nms.git = {
+        url = https://github.com/r-raymond/nixos-mailserver;
+        ref = "v2.1.2";
+      };
+    })
+
+    (mkIf ( clever_kexec ) {
+      clever_kexec.git = {
+        url = https://github.com/cleverca22/nix-tests;
+        ref = "5a670de7f2decfaafc95c34ffeb0f1896662f3d7";
+      };
+    })
+
     override
   ]