diff options
| author | tv <tv@krebsco.de> | 2017-06-04 06:20:54 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2017-06-04 06:20:54 +0200 |
| commit | 811ceaa243bf5241ca1189871c4426240962f04d (patch) | |
| tree | f46006567b5f9279ebd9cb23de3eadb508f83c54 /makefu | |
| parent | 4f58b884dda57db8106768a22a206d6605d6e3e5 (diff) | |
| parent | e50bc4f3eb3dac13bba4ae6158e839a52455c3c3 (diff) | |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu')
23 files changed, 178 insertions, 81 deletions
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 92c446212..519313f57 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -32,7 +32,7 @@ in { ../2configs/tools/sec.nix # services - ../2configs/gum-share.nix + ../2configs/share/gum.nix ../2configs/sabnzbd.nix ../2configs/torrent.nix ../2configs/iodined.nix @@ -48,14 +48,25 @@ in { ../2configs/deployment/mycube.connector.one.nix ../2configs/deployment/graphs.nix ../2configs/deployment/owncloud.nix - ../2configs/deployment/wiki-irc.nix + ../2configs/deployment/wiki-irc-bot ../2configs/deployment/boot-euer.nix + ../2configs/deployment/hound + { + services.taskserver.enable = true; + services.taskserver.fqdn = config.krebs.build.host.name; + services.taskserver.listenHost = "::"; + services.taskserver.organisations.home.users = [ "makefu" ]; + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ''; + } # ../2configs/ipfs.nix ../2configs/syncthing.nix # ../2configs/opentracker.nix - ../2configs/logging/central-stats-client.nix - # ../2configs/logging/central-logging-client.nix + ../2configs/stats/client.nix + # ../2configs/logging/client.nix ]; makefu.dl-dir = "/var/download"; @@ -78,7 +89,6 @@ in { ]; }; - makefu.taskserver.enable = true; # access @@ -122,6 +132,8 @@ in { 21031 # taskserver 53589 + # temp vnc + 18001 ]; allowedUDPPorts = [ # tinc diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 91785a078..0f1b8e0da 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -50,11 +50,13 @@ in { # ../2configs/disable_v6.nix #../2configs/graphite-standalone.nix #../2configs/share-user-sftp.nix - ../2configs/omo-share.nix + ../2configs/share/omo.nix ../2configs/tinc/retiolum.nix - ../2configs/logging/central-stats-server.nix - # ../2configs/logging/central-logging-server.nix - ../2configs/logging/central-stats-client.nix + + # Logging + ../2configs/stats/server.nix #influx + grafana + ../2configs/stats/client.nix + ../2configs/stats/external/aralast.nix # logs to influx # services ../2configs/syncthing.nix @@ -180,7 +182,8 @@ in { uid = 9002; name = "misa"; }; - hardware.enableAllFirmware = true; + # hardware.enableAllFirmware = true; + hardware.enableRedistributableFirmware = true; hardware.cpu.intel.updateMicrocode = true; zramSwap.enable = true; diff --git a/makefu/1systems/studio.nix b/makefu/1systems/studio.nix index 400d9f883..f7d49cac6 100644 --- a/makefu/1systems/studio.nix +++ b/makefu/1systems/studio.nix @@ -5,8 +5,10 @@ ../2configs/vncserver.nix ../2configs/vim.nix ../2configs/disable_v6.nix - ../2configs/jack-on-pulse.nix + ../2configs/audio/jack-on-pulse.nix + ../2configs/audio/realtime-audio.nix ../2configs/gui/studio.nix + ../2configs/binary-cache/lass.nix ]; makefu.gui.user = "user"; # we use an extra user diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix index 7f465ec72..5d0dd4a79 100644 --- a/makefu/1systems/wbob.nix +++ b/makefu/1systems/wbob.nix @@ -18,6 +18,7 @@ in { ../2configs/mqtt.nix ../2configs/deployment/led-fader.nix # ../2configs/gui/wbob-kiosk.nix + ../2configs/stats/client.nix ../2configs/gui/studio.nix ../2configs/audio/jack-on-pulse.nix diff --git a/makefu/2configs/audio/jack-on-pulse.nix b/makefu/2configs/audio/jack-on-pulse.nix index 09d03ea9f..49b61d5a2 100644 --- a/makefu/2configs/audio/jack-on-pulse.nix +++ b/makefu/2configs/audio/jack-on-pulse.nix @@ -2,6 +2,7 @@ let pulse = pkgs.pulseaudioFull; user = config.makefu.gui.user; + wait_time = 30; in { sound.enable = true; @@ -13,16 +14,17 @@ in environment.systemPackages = with pkgs; [ jack2Full ]; # from http://anderspapitto.com/posts/2015-11-26-overtone-on-nixos-with-jack-and-pulseaudio.html - systemd.services = { + systemd.user.services = { jackdbus = { description = "Runs jack, and points pulseaudio at it"; serviceConfig = { - User = user; Type = "oneshot"; ExecStart = pkgs.writeScript "start_jack.sh" '' #! ${pkgs.bash}/bin/bash . ${config.system.build.setEnvironment} - sleep 5 # wait for the gui to load + + # TODO: correctly wait for pulseaudio, cannot use pulseaudio.service + sleep ${toString wait_time} # wait for the gui to load ${pkgs.jack2Full}/bin/jack_control start sleep 3 # give some time for sources/sinks to be created @@ -37,9 +39,11 @@ in ${pkgs.jack2Full}/bin/jack_control stop ''; RemainAfterExit = true; + Restart = "always"; + RestartSec = "5"; }; - after = [ "display-manager.service" "sound.target" ]; - wantedBy = [ "multi-user.target" ]; + # after = [ "display-manager.service" "sound.target" ]; + wantedBy = [ "default.target" ]; }; }; } diff --git a/makefu/2configs/deployment/hound/default.nix b/makefu/2configs/deployment/hound/default.nix new file mode 100644 index 000000000..0cfb5cdeb --- /dev/null +++ b/makefu/2configs/deployment/hound/default.nix @@ -0,0 +1,28 @@ +{ config, pkgs, ... }: +{ + services.nginx.virtualHosts."wikisearch.krebsco.de" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:6080"; + }; + services.hound = { + enable = true; + listen = "127.0.0.1:6080"; + # package = pkgs.hound.overrideDerivation(oldAttrs: { + # patches = [ ./keep-repo.patch ]; + # }); + config = ''{ + "max-concurrent-indexers" : 2, + "dbpath" : "${config.services.hound.home}/data", + "repos" : { + "nixos-users-wiki": { + "url" : "https://github.com/nixos-users/wiki.wiki.git", + "url-pattern" : { + "base-url" : "{url}/{path}" + } + } + } + }''; + }; + +} diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix index a18416497..e4d62ae77 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/deployment/led-fader.nix @@ -29,7 +29,8 @@ in { environment = { NIX_PATH = "/var/src"; }; - wantedBy = [ "multi-user.target" ]; + after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ]; + wantedBy = [ "multi-user.target" ]; serviceConfig = { # User = "nobody"; # need a user with permissions to run nix-shell ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json"; diff --git a/makefu/2configs/deployment/wiki-irc.nix b/makefu/2configs/deployment/wiki-irc-bot/default.nix index dc7c8afe8..7ab31e698 100644 --- a/makefu/2configs/deployment/wiki-irc.nix +++ b/makefu/2configs/deployment/wiki-irc-bot/default.nix @@ -4,6 +4,10 @@ with lib; let port = 18872; in { + nixpkgs.config.packageOverrides = pkgs: with pkgs; { + logstash = pkgs.stdenv.lib.overrideDerivation pkgs.logstash (old: { + patches = [ ./irc-out-notice.patch ]; }); + }; services.logstash = { enable = true; inputConfig = '' @@ -40,10 +44,11 @@ in { file { path => "/tmp/logs.json" codec => "json_lines" } if [output] { irc { - channels => [ "#nixos" , "#krebs" ] + channels => [ "#krebs", "#nixos" ] host => "irc.freenode.net" nick => "nixos-users-wiki" format => "%{output}" + notice => true } } ''; diff --git a/makefu/2configs/deployment/wiki-irc-bot/irc-out-notice.patch b/makefu/2configs/deployment/wiki-irc-bot/irc-out-notice.patch new file mode 100644 index 000000000..040643f81 --- /dev/null +++ b/makefu/2configs/deployment/wiki-irc-bot/irc-out-notice.patch @@ -0,0 +1,26 @@ +index b63339d..8c8c747 100644 +--- a/vendor/bundle/jruby/1.9/gems/logstash-output-irc-2.0.4/lib/logstash/outputs/irc.rb ++++ b/vendor/bundle/jruby/1.9/gems/logstash-output-irc-2.0.4/lib/logstash/outputs/irc.rb +@@ -48,6 +48,9 @@ class LogStash::Outputs::Irc < LogStash::Outputs::Base + # Static string after event + config :post_string, :validate => :string, :required => false + ++ # Set this to true to send messages as notice ++ config :notice, :validate => :boolean, :default => false ++ + public + + def inject_bot(bot) +@@ -90,9 +93,9 @@ class LogStash::Outputs::Irc < LogStash::Outputs::Base + + @bot.channels.each do |channel| + @logger.debug("Sending to...", :channel => channel, :text => text) +- channel.msg(pre_string) if !@pre_string.nil? +- channel.msg(text) +- channel.msg(post_string) if !@post_string.nil? ++ channel.send(pre_string, :notice => @notice) if !@pre_string.nil? ++ channel.send(text, :notice => @notice) ++ channel.send(post_string, :notice => @notice) if !@post_string.nil? + end # channels.each + end # def receive + end # class LogStash::Outputs::Irc diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index bf6bef29d..0247010b1 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -24,7 +24,7 @@ in enable = true; layout = "us"; xkbVariant = "altgr-intl"; - xkbOptions = "ctrl:nocaps"; + xkbOptions = "ctrl:nocaps, eurosign:e"; windowManager = { awesome.enable = true; diff --git a/makefu/2configs/logging/central-logging-client.nix b/makefu/2configs/logging/client.nix index 04d2de0d0..04d2de0d0 100644 --- a/makefu/2configs/logging/central-logging-client.nix +++ b/makefu/2configs/logging/client.nix diff --git a/makefu/2configs/logging/central-logging-server.nix b/makefu/2configs/logging/server.nix index 90f8e6680..90f8e6680 100644 --- a/makefu/2configs/logging/central-logging-server.nix +++ b/makefu/2configs/logging/server.nix diff --git a/makefu/2configs/gum-share.nix b/makefu/2configs/share/gum.nix index e578f43d3..e578f43d3 100644 --- a/makefu/2configs/gum-share.nix +++ b/makefu/2configs/share/gum.nix diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/share/omo.nix index 7d7a4ec57..7d7a4ec57 100644 --- a/makefu/2configs/omo-share.nix +++ b/makefu/2configs/share/omo.nix diff --git a/makefu/2configs/temp-share-samba.nix b/makefu/2configs/share/temp-share-samba.nix index 0907c2dbf..0907c2dbf 100644 --- a/makefu/2configs/temp-share-samba.nix +++ b/makefu/2configs/share/temp-share-samba.nix diff --git a/makefu/2configs/logging/central-stats-client.nix b/makefu/2configs/stats/client.nix index dd6ddddaf..dd6ddddaf 100644 --- a/makefu/2configs/logging/central-stats-client.nix +++ b/makefu/2configs/stats/client.nix diff --git a/makefu/2configs/stats/external/aralast.nix b/makefu/2configs/stats/external/aralast.nix new file mode 100644 index 000000000..870db99a8 --- /dev/null +++ b/makefu/2configs/stats/external/aralast.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + pkg = pkgs.stdenv.mkDerivation { + name = "aralast-master"; + src = pkgs.fetchFromGitHub { + owner = "makefu"; + repo = "aralast"; + rev = "7121598"; + sha256 = "0vw027c698h9b69ksid5p3pji9960hd7n9xi4arrax0vfkwryb4m"; + }; + installPhase = '' + install -m755 -D aralast.sh $out/bin/aralast + ''; + }; +in { + systemd.services.aralast = { + description = "periodically fetch aramark"; + path = [ + pkgs.curl + pkgs.gnugrep + pkgs.gnused + ]; + wantedBy = [ "multi-user.target" ]; + environment = { + INFLUX_HOST = "localhost"; + INFLUX_PORT = "8086"; + }; + # every 10 seconds when the cantina is open + startAt = "Mon,Tue,Wed,Thu,Fri *-*-* 6,7,8,9,10,11,12,13,14,15:*:0,15,30,45"; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkg}/bin/aralast"; + PrivateTmp = true; + }; + }; +} diff --git a/makefu/2configs/logging/central-stats-server.nix b/makefu/2configs/stats/server.nix index 4f7961f32..602fcc6d0 100644 --- a/makefu/2configs/logging/central-stats-server.nix +++ b/makefu/2configs/stats/server.nix @@ -12,7 +12,9 @@ in { services.grafana.addr = "0.0.0.0"; services.influxdb.enable = true; - + # redirect grafana to stats.makefu.r + services.nginx.enable = true; + services.nginx.virtualHosts."stats.makefu.r".locations."/".proxyPass = "http://localhost:3000"; # forward these via nginx services.influxdb.extraConfig = { meta.hostname = config.krebs.build.host.name; diff --git a/makefu/2configs/time-machine.nix b/makefu/2configs/time-machine.nix new file mode 100644 index 000000000..90d44e540 --- /dev/null +++ b/makefu/2configs/time-machine.nix @@ -0,0 +1,31 @@ +let + time-machine-path = "/media/crypt2/backup/time-machine/misa"; +in { + networking.firewall.allowedTCPPorts = [ + 548 # netatalk + ]; + + services = { + netatalk = { + enable = true; + + volumes = { + "misa-time-machine" = { + "time machine" = "yes"; + path = time-machine-path; + "valid users" = "misa"; + }; + }; + }; + + avahi = { + enable = true; + nssmdns = true; + + publish = { + enable = true; + userServices = true; + }; + }; + }; +} diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix index 34c686451..47f06287b 100644 --- a/makefu/2configs/tools/games.nix +++ b/makefu/2configs/tools/games.nix @@ -3,5 +3,6 @@ { krebs.per-user.makefu.packages = with pkgs; [ steam + games-user-env ]; } diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 0f904fe3d..453bfbe80 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -44,4 +44,8 @@ in fi ''; }; + + krebs.per-user.${mainUser}.packages = [ + pkgs.nix-zsh-completions + ]; } diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 546fed109..2981e0fa3 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -11,7 +11,6 @@ _: ./logging-config.nix ./server-config.nix ./snapraid.nix - ./taskserver.nix ./torrent.nix ./udpt.nix ./umts.nix diff --git a/makefu/3modules/taskserver.nix b/makefu/3modules/taskserver.nix deleted file mode 100644 index 40a18fe05..000000000 --- a/makefu/3modules/taskserver.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; -let - cfg = config.makefu.taskserver; - - out = { - options.makefu.taskserver = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "taskserver"; - - workingDir = mkOption { - type = types.str; - default = "/var/lib/taskserver"; - }; - - package = mkOption { - type = types.package; - default = pkgs.taskserver; - }; - - - }; - - imp = { - environment.systemPackages = [ cfg.package ]; - systemd.services.taskserver = { - description = "taskd server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - restartIfChanged = true; - unitConfig = { - Documentation = "http://taskwarrior.org/docs/#taskd" ; - # https://taskwarrior.org/docs/taskserver/configure.html - ConditionPathExists = "${cfg.workingDir}/config"; - }; - serviceConfig = { - Type = "simple"; - ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}"; - WorkingDirectory = cfg.workingDir; - # PrivateTmp = true; - # InaccessibleDirectories = "/home /boot /opt /mnt /media"; - User = "taskd"; - }; - }; - - users.users.taskd = { - uid = genid "taskd"; - home = cfg.workingDir; - createHome = true; - }; - users.groups.taskd.gid = genid "taskd"; - }; - -in -out - |