summaryrefslogtreecommitdiffstats
path: root/makefu/1systems
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2022-03-06 10:43:33 +0100
committertv <tv@krebsco.de>2022-03-06 10:43:33 +0100
commit5182daaaf4cadaba84331a34b5455bf9dff131b6 (patch)
treedeaa480a8ad3a9aaad6176bc14804f2bb6569c30 /makefu/1systems
parent6bcbb9adae290249988c86da35b2b5236df6ce96 (diff)
parent87a44dd1573cbdc8f0fc3553b0896b470bcfa44d (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/1systems')
-rw-r--r--makefu/1systems/gum/config.nix34
-rw-r--r--makefu/1systems/latte/1blu/default.nix50
-rw-r--r--makefu/1systems/latte/1blu/network.nix32
-rw-r--r--makefu/1systems/latte/config.nix90
-rw-r--r--makefu/1systems/latte/source.nix1
-rw-r--r--makefu/1systems/omo/config.nix7
-rw-r--r--makefu/1systems/x/config.nix12
7 files changed, 171 insertions, 55 deletions
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index a9d9b661f..089fc8e9f 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -23,11 +23,12 @@ in {
}
<stockholm/makefu/2configs/nur.nix>
<stockholm/makefu/2configs/support-nixos.nix>
- <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
<stockholm/makefu/2configs/nix-community/supervision.nix>
<stockholm/makefu/2configs/home-manager>
<stockholm/makefu/2configs/home-manager/cli.nix>
# <stockholm/makefu/2configs/stats/client.nix>
+ <stockholm/makefu/2configs/share>
+ <stockholm/makefu/2configs/share/hetzner-client.nix>
# <stockholm/makefu/2configs/stats/netdata-server.nix>
<stockholm/makefu/2configs/headless.nix>
@@ -56,13 +57,13 @@ in {
<stockholm/makefu/2configs/tinc/retiolum.nix>
{ # bonus retiolum config for connecting more hosts
krebs.tinc.retiolum = {
- extraConfig = lib.mkForce ''
- ListenAddress = ${external-ip} 53
- ListenAddress = ${external-ip} 655
- ListenAddress = ${external-ip} 21031
- StrictSubnets = yes
- LocalDiscovery = no
- '';
+ #extraConfig = lib.mkForce ''
+ # ListenAddress = ${external-ip} 53
+ # ListenAddress = ${external-ip} 655
+ # ListenAddress = ${external-ip} 21031
+ # StrictSubnets = yes
+ # LocalDiscovery = no
+ #'';
connectTo = [
"prism" "ni" "enklave" "eve" "dishfire"
];
@@ -106,7 +107,7 @@ in {
# sharing
<stockholm/makefu/2configs/share/gum.nix> # samba sahre
- <stockholm/makefu/2configs/torrent.nix>
+ <stockholm/makefu/2configs/torrent/rtorrent.nix>
# <stockholm/makefu/2configs/sickbeard>
<stockholm/makefu/2configs/bitwarden.nix>
@@ -114,7 +115,7 @@ in {
#<stockholm/makefu/2configs/retroshare.nix>
## <stockholm/makefu/2configs/ipfs.nix>
#<stockholm/makefu/2configs/syncthing.nix>
- <stockholm/makefu/2configs/sync>
+ # <stockholm/makefu/2configs/sync>
# <stockholm/makefu/2configs/opentracker.nix>
@@ -125,9 +126,8 @@ in {
{ makefu.backup.server.repo = "/var/backup/borg"; }
<stockholm/makefu/2configs/backup/server.nix>
<stockholm/makefu/2configs/backup/state.nix>
- <stockholm/makefu/2configs/bitlbee.nix>
<stockholm/makefu/2configs/wireguard/server.nix>
- <stockholm/makefu/2configs/wireguard/wiregrill.nix>
+ # <stockholm/makefu/2configs/wireguard/wiregrill.nix>
{ # recent changes mediawiki bot
networking.firewall.allowedUDPPorts = [ 5005 5006 ];
@@ -150,13 +150,12 @@ in {
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
- <stockholm/makefu/2configs/deployment/owncloud.nix>
+ #<stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix>
- <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix>
#<stockholm/makefu/2configs/deployment/feed.euer.krebsco.de>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
<stockholm/makefu/2configs/deployment/gecloudpad>
- <stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
+ #<stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
<stockholm/makefu/2configs/deployment/mediengewitter.de.nix>
<stockholm/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix>
# <stockholm/makefu/2configs/deployment/systemdultras-rss.nix>
@@ -182,14 +181,15 @@ in {
## Temporary:
# <stockholm/makefu/2configs/temp/rst-issue.nix>
- <stockholm/makefu/2configs/virtualisation/docker.nix>
+ # <stockholm/makefu/2configs/virtualisation/docker.nix>
#<stockholm/makefu/2configs/virtualisation/libvirt.nix>
# krebs infrastructure services
# <stockholm/makefu/2configs/stats/server.nix>
];
- makefu.dl-dir = "/var/download";
+ # makefu.dl-dir = "/var/download";
+ makefu.dl-dir = "/media/cloud/download";
services.openssh.hostKeys = lib.mkForce [
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
diff --git a/makefu/1systems/latte/1blu/default.nix b/makefu/1systems/latte/1blu/default.nix
new file mode 100644
index 000000000..50cd9204d
--- /dev/null
+++ b/makefu/1systems/latte/1blu/default.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+
+ imports =
+ [ ./network.nix
+ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
+
+ # Disk
+ boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "tank/root";
+ fsType = "zfs";
+ };
+
+ fileSystems."/home" =
+ { device = "tank/home";
+ fsType = "zfs";
+ };
+
+ fileSystems."/nix" =
+ { device = "tank/nix";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/AEF3-A486";
+ fsType = "vfat";
+ };
+
+ swapDevices = [ ];
+ boot.loader.grub.device = "/dev/vda";
+
+ networking.hostId = "3150697c"; # required for zfs use
+ boot.tmpOnTmpfs = true;
+ boot.supportedFilesystems = [ "zfs" ];
+
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.copyKernels = true;
+ boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
+ boot.kernelParams = [
+ "boot.shell_on_fail"
+ "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
+ ];
+}
diff --git a/makefu/1systems/latte/1blu/network.nix b/makefu/1systems/latte/1blu/network.nix
new file mode 100644
index 000000000..0a0eac972
--- /dev/null
+++ b/makefu/1systems/latte/1blu/network.nix
@@ -0,0 +1,32 @@
+{ config, lib, pkgs, modulesPath, ... }:
+let
+ external-mac = "c4:37:72:55:4e:1c";
+ external-gw = "178.254.28.1";
+ external-ip = "178.254.30.202";
+ external-ip6 = "2a00:6800:3:18c::2";
+ external-gw6 = "2a00:6800:3::1";
+ external-netmask = 22;
+ external-netmask6 = 64;
+ internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+ ext-if = "et0"; # gets renamed on the fly
+in
+{
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
+ '';
+ networking = {
+ interfaces."${ext-if}" = {
+ ipv4.addresses = [{
+ address = external-ip;
+ prefixLength = external-netmask;
+ }];
+ ipv6.addresses = [{
+ address = external-ip6;
+ prefixLength = external-netmask6;
+ }];
+ };
+ defaultGateway6 = { address = external-gw6; interface = ext-if; };
+ defaultGateway = external-gw;
+ nameservers = [ "1.1.1.1" ];
+ };
+}
diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
index bec778abc..2828aea08 100644
--- a/makefu/1systems/latte/config.nix
+++ b/makefu/1systems/latte/config.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
let
# external-ip = config.krebs.build.host.nets.internet.ip4.addr;
@@ -10,44 +10,66 @@ let
in {
imports = [
- <stockholm/makefu>
- # configure your hw:
- <stockholm/makefu/2configs/hw/CAC.nix>
- <stockholm/makefu/2configs/tinc/retiolum.nix>
- <stockholm/makefu/2configs/save-diskspace.nix>
-
- # Security
- <stockholm/makefu/2configs/sshd-totp.nix>
- # <stockholm/makefu/2configs/stats/client.nix>
-
- # Tools
- <stockholm/makefu/2configs/tools/core.nix>
- <stockholm/makefu/2configs/zsh-user.nix>
- # Services
- <stockholm/makefu/2configs/remote-build/slave.nix>
- <stockholm/makefu/2configs/torrent.nix>
+ ./1blu
+ <stockholm/makefu>
+
+ # common
+ <stockholm/makefu/2configs/nur.nix>
+ <stockholm/makefu/2configs/home-manager>
+ <stockholm/makefu/2configs/home-manager/cli.nix>
+
+ # Security
+ <stockholm/makefu/2configs/sshd-totp.nix>
+
+ # Tools
+ <stockholm/makefu/2configs/tools/core.nix>
+ <stockholm/makefu/2configs/zsh-user.nix>
+
+ # NixOS Build
+ <stockholm/makefu/2configs/remote-build/slave.nix>
+
+ # Storage
+ <stockholm/makefu/2configs/share>
+ <stockholm/makefu/2configs/share/hetzner-client.nix>
+
+ # Services:
+ <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
+ <stockholm/makefu/2configs/torrent/rtorrent.nix>
+ ## Web
+ <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix>
+ <stockholm/makefu/2configs/deployment/owncloud.nix>
+ ### Moving owncloud data dir to /media/cloud/nextcloud-data
+ {
+ users.users.nextcloud.extraGroups = [ "download" ];
+ # nextcloud-setup fails as it cannot set permissions for nextcloud
+ systemd.services.nextcloud-setup.serviceConfig.SuccessExitStatus = "0 1";
+ fileSystems."/var/lib/nextcloud/data" = {
+ device = "/media/cloud/nextcloud-data";
+ options = [ "bind" ];
+ };
+ }
+
+ # local usage:
+ <stockholm/makefu/2configs/mosh.nix>
+ <stockholm/makefu/2configs/bitlbee.nix>
+
+ # Supervision
+ <stockholm/makefu/2configs/nix-community/supervision.nix>
+
+ # Krebs
+ <stockholm/makefu/2configs/tinc/retiolum.nix>
+
+ # backup
+ <stockholm/makefu/2configs/backup/state.nix>
+
];
krebs = {
enable = true;
build.host = config.krebs.hosts.latte;
};
- boot.initrd.availableKernelModules = [ "ata_piix" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ];
- boot.loader.grub.device = "/dev/vda";
- boot.loader.grub.copyKernels = true;
- fileSystems."/" = {
- device = "/dev/vda1";
- fsType = "ext4";
- };
- networking = {
- firewall = {
- allowPing = true;
- logRefusedConnections = false;
- allowedTCPPorts = [ ];
- allowedUDPPorts = [ 655 ];
- };
- # network interface receives dhcp address
- nameservers = [ "8.8.8.8" ];
- };
+ makefu.dl-dir = "/media/cloud/download";
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+
}
diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix
index ab0a454c0..41abecf36 100644
--- a/makefu/1systems/latte/source.nix
+++ b/makefu/1systems/latte/source.nix
@@ -1,4 +1,5 @@
{
name = "latte";
torrent = true;
+ home-manager = true;
}
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 3a216ea76..42f335264 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -43,14 +43,18 @@ in {
<stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/desktop.nix>
<stockholm/makefu/2configs/tools/mobility.nix>
+ <stockholm/makefu/2configs/tools/consoles.nix>
#<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix>
<stockholm/makefu/2configs/urlwatch>
# <stockholm/makefu/2configs/legacy_only.nix>
+ <stockholm/makefu/2configs/share>
<stockholm/makefu/2configs/share/omo.nix>
<stockholm/makefu/2configs/share/gum-client.nix>
+ <stockholm/makefu/2configs/share/hetzner-client.nix>
+ <stockholm/makefu/2configs/sync>
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
{ krebs.airdcpp.dcpp.shares = let
d = path: "/media/cryptX/${path}";
@@ -96,6 +100,8 @@ in {
<stockholm/makefu/2configs/home/music.nix>
<stockholm/makefu/2configs/home/photoprism.nix>
+ <stockholm/makefu/2configs/home/tonie.nix>
+ <stockholm/makefu/2configs/home/ps4srv.nix>
# <stockholm/makefu/2configs/home/metube.nix>
<stockholm/makefu/2configs/home/ham>
<stockholm/makefu/2configs/home/zigbee2mqtt>
@@ -104,6 +110,7 @@ in {
enable = true;
servedir = "/media/cryptX/emu/ps3";
};
+ users.users.makefu.packages = [ pkgs.pkgrename ];
}
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 224277861..3edfcecc1 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -137,6 +137,8 @@
# <stockholm/makefu/2configs/share/anon-ftp.nix>
# <stockholm/makefu/2configs/share/anon-sftp.nix>
<stockholm/makefu/2configs/share/gum-client.nix>
+ <stockholm/makefu/2configs/share/hetzner-client.nix>
+ <stockholm/makefu/2configs/share>
# <stockholm/makefu/2configs/share/temp-share-samba.nix>
@@ -145,6 +147,7 @@
<stockholm/makefu/2configs/mail-client.nix>
<stockholm/makefu/2configs/printer.nix>
# <stockholm/makefu/2configs/syncthing.nix>
+ <stockholm/makefu/2configs/sync>
# Virtualization
# <stockholm/makefu/2configs/virtualisation/libvirt.nix>
@@ -167,7 +170,7 @@
# <stockholm/makefu/2configs/remote-build/gum.nix>
# { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; }
- <stockholm/makefu/2configs/binary-cache/gum.nix>
+ # <stockholm/makefu/2configs/binary-cache/gum.nix>
<stockholm/makefu/2configs/binary-cache/lass.nix>
@@ -223,7 +226,8 @@
krebs.build.host = config.krebs.hosts.x;
- krebs.tinc.retiolum.connectTo = [ "omo" "prism" "nextgum" "wbob" ];
+ #krebs.tinc.retiolum.connectTo = lib.mkForce [ "gum" ];
+ #krebs.tinc.retiolum.extraConfig = "AutoConnect = no";
environment.systemPackages = [ pkgs.passwdqc-utils ];
@@ -245,6 +249,6 @@
"/home/makefu/.config/syncthing"
];
- services.syncthing.user = lib.mkForce "makefu";
- services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
+ # services.syncthing.user = lib.mkForce "makefu";
+ # services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
}