Merge remote-tracking branch 'gum/master'

5 files changed, 64 insertions, 17 deletions

diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix
index a33744f0b..2f2358ddc 100644
--- a/makefu/1systems/darth.nix
+++ b/makefu/1systems/darth.nix
@@ -1,17 +1,51 @@
 { config, pkgs, lib, ... }:
 
 with config.krebs.lib;
-{
+let
+  byid = dev: "/dev/disk/by-id/" + dev;
+  rootDisk = byid "ata-ADATA_SSD_S599_64GB_10460000000000000039";
+  auxDisk = byid "ata-HGST_HTS721010A9E630_JR10006PH3A02F";
+  dataPartition = auxDisk + "-part1";
+
+  allDisks = [ rootDisk auxDisk ];
+in {
   imports = [
-        ../2configs/fs/single-partition-ext4.nix
-        ../2configs/zsh-user.nix
-        ../.
+      ../.
+      ../2configs/fs/single-partition-ext4.nix
+      ../2configs/zsh-user.nix
+      ../2configs/smart-monitor.nix
+      ../2configs/exim-retiolum.nix
+      ../2configs/virtualization.nix
   ];
 
+  networking.firewall.allowedUDPPorts = [ 80 655 67 ];
+  networking.firewall.allowedTCPPorts = [ 80 655 ];
+  networking.firewall.checkReversePath = false;
+  #networking.firewall.enable = false;
+  # virtualisation.nova.enableSingleNode = true;
   krebs.retiolum.enable = true;
 
-  boot.loader.grub.device = "/dev/disk/by-id/ata-ADATA_SSD_S599_64GB_10460000000000000039";
+  boot.kernelModules = [ "coretemp" "f71882fg" ];
+
+  hardware.enableAllFirmware = true;
+  nixpkgs.config.allowUnfree = true;
+  networking.wireless.enable = true;
+
+  # TODO smartd omo darth gum all-in-one
+  services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
+  zramSwap.enable = true;
+
+  fileSystems."/data" = {
+    device = dataPartition;
+    fsType = "ext4";
+  };
+
+  boot.loader.grub.device = rootDisk;
+
   users.users.root.openssh.authorizedKeys.keys = [
     config.krebs.users.makefu-omo.pubkey
+    config.krebs.users.makefu-vbob.pubkey
   ];
+
+  krebs.build.host = config.krebs.hosts.darth;
 }
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index e784fdc12..710421659 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -41,9 +41,16 @@ in {
     ];
   };
 
-  krebs.nginx.servers.cgit.server-names = [
-    "cgit.euer.krebsco.de"
-  ];
+  krebs.nginx.servers.cgit = {
+    server-names = [ "cgit.euer.krebsco.de" ];
+    listen = [ "${external-ip}:80" "${internal-ip}:80" ];
+  };
+
+  # access
+  users.users = {
+    root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
+    makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
+  };
 
   # Chat
   environment.systemPackages = with pkgs;[
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index bfcd2298a..fbd06a9c7 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -11,7 +11,7 @@ let
   # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
   # cryptsetup luksAddKey $dev tmpkey
   # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096
-  # mkfs.ext4 /dev/mapper/crypt0 -L crypt0 -T largefile
+  # mkfs.xfs /dev/mapper/crypt0 -L crypt0
 
   # omo Chassis:
   # __FRONT_
@@ -30,6 +30,8 @@ let
   cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
   # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
   # all physical disks
+
+  # TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
   allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk2 ];
 in {
   imports =
@@ -42,16 +44,21 @@ in {
       ../2configs/smart-monitor.nix
       ../2configs/mail-client.nix
       ../2configs/share-user-sftp.nix
+      ../2configs/graphite-standalone.nix
       ../2configs/omo-share.nix
     ];
+
   krebs.retiolum.enable = true;
   networking.firewall.trustedInterfaces = [ "enp3s0" ];
   # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
   # tcp:80          - nginx for sharing files
   # tcp:655 udp:655 - tinc
-  # tcp:8080        - sabnzbd
+  # tcp:8111        - graphite
+  # tcp:9090        - sabnzbd
+  # tcp:9200        - elasticsearch
+  # tcp:5601        - kibana
   networking.firewall.allowedUDPPorts = [ 655 ];
-  networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
+  networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ];
 
   # services.openssh.allowSFTP = false;
 
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 119f0e5e4..88c187758 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -36,7 +36,11 @@
       #../2configs/wordpress.nix
       ../2configs/nginx/public_html.nix
     ];
-
+  krebs.nginx = {
+    default404 = false;
+    servers.default.listen = [ "80 default_server" ];
+    servers.default.server-names = [ "_" ];
+  };
   krebs.retiolum.enable = true;
   # steam
   hardware.opengl.driSupport32Bit = true;
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index 748b08ef1..5e2382f37 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -15,11 +15,6 @@
     ];
   nixpkgs.config.allowUnfree = true;
 
-  krebs.build.source.upstream-nixpkgs = {
-    url = https://github.com/makefu/nixpkgs;
-    # HTTP Everywhere + libredir
-    rev = "8239ac6";
-  };
   fileSystems."/nix" = {
     device ="/dev/disk/by-label/nixstore";
     fsType = "ext4";