summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2018-04-24 19:28:09 +0200
committertv <tv@krebsco.de>2018-04-24 19:28:09 +0200
commit21053de317e838c06a20425bdb3e81b7ac132d83 (patch)
treed722f9c2a525d6d66310da5e86dbcff73c79672a /makefu
parent0fe9b28302c905523f2ecefadfd167e1547785f9 (diff)
parentc99e8256b223761eb50cf5d6841ab64f989851c3 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu')
-rw-r--r--makefu/1systems/gum/config.nix4
-rw-r--r--makefu/1systems/wbob/config.nix4
-rw-r--r--makefu/1systems/x/config.nix10
-rw-r--r--makefu/2configs/bluetooth-mpd.nix17
-rw-r--r--makefu/2configs/git/cgit-retiolum.nix1
-rw-r--r--makefu/2configs/gui/automatic-diskmount.nix44
-rw-r--r--makefu/2configs/hydra/stockholm.nix1
-rw-r--r--makefu/2configs/main-laptop.nix1
-rw-r--r--makefu/2configs/nginx/misa-felix-hochzeit.ml.nix17
-rw-r--r--makefu/2configs/remote-build/master.nix14
-rw-r--r--makefu/2configs/stats/arafetch.nix19
-rw-r--r--makefu/2configs/urlwatch/default.nix1
-rw-r--r--makefu/5pkgs/ampel/default.nix6
-rw-r--r--makefu/5pkgs/awesomecfg/full.cfg3
-rw-r--r--makefu/5pkgs/devpi/default.nix13
-rw-r--r--makefu/source.nix7
16 files changed, 112 insertions, 50 deletions
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 40fa233d3..578e4add8 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -64,8 +64,10 @@ in {
<stockholm/makefu/2configs/nginx/euer.test.nix>
<stockholm/makefu/2configs/nginx/euer.wiki.nix>
<stockholm/makefu/2configs/nginx/euer.blog.nix>
+ # <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
<stockholm/makefu/2configs/nginx/public_html.nix>
<stockholm/makefu/2configs/nginx/update.connector.one.nix>
+ <stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
@@ -222,6 +224,8 @@ in {
25
# http
80 443
+ # httptunnel
+ 8080 8443
# tinc
655
# tinc-shack
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index cfbcf0e9c..42f3bddb1 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -33,6 +33,9 @@ in {
<stockholm/makefu/2configs/share/wbob.nix>
<stockholm/makefu/2configs/bluetooth-mpd.nix>
+ {
+ users.users.makefu.extraGroups = [ "pulse" ];
+ }
# Sensors
<stockholm/makefu/2configs/stats/telegraf>
@@ -121,6 +124,7 @@ in {
networking.firewall.allowedTCPPorts = [
655
8081 #smokeping
+ 8086 #influx
49152
];
networking.firewall.trustedInterfaces = [ "enp0s25" ];
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index f72f2a15b..93bb27efe 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -141,15 +141,6 @@ with import <stockholm/lib>;
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true;
}
- { # auto-mounting
- services.udisks2.enable = true;
- services.devmon.enable = true;
- # services.gnome3.gvfs.enable = true;
- users.users.makefu.packages = with pkgs;[
- gvfs pcmanfm lxmenu-data
- ];
- environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
- }
];
@@ -170,6 +161,7 @@ with import <stockholm/lib>;
networking.extraHosts = ''
192.168.1.11 omo.local
+ 80.92.65.53 www.wifionice.de wifionice.de
'';
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
diff --git a/makefu/2configs/bluetooth-mpd.nix b/makefu/2configs/bluetooth-mpd.nix
index 226f5cf1f..b59d3ce10 100644
--- a/makefu/2configs/bluetooth-mpd.nix
+++ b/makefu/2configs/bluetooth-mpd.nix
@@ -34,7 +34,7 @@ in {
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
- # systemWide = true;
+ # systemWide = true;
support32Bit = true;
zeroconf.discovery.enable = true;
zeroconf.publish.enable = true;
@@ -42,12 +42,13 @@ in {
enable = true;
# PULSE_SERVER=192.168.1.11 pavucontrol
anonymousClients.allowAll = true;
+ anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.0.0/16" ];
};
configFile = pkgs.writeText "default.pa" ''
load-module module-udev-detect
load-module module-bluetooth-policy
load-module module-bluetooth-discover
- load-module module-native-protocol-unix
+ load-module module-native-protocol-unix auth-anonymous=1
load-module module-always-sink
load-module module-console-kit
load-module module-systemd-login
@@ -56,13 +57,15 @@ in {
load-module module-filter-heuristics
load-module module-filter-apply
load-module module-switch-on-connect
+ #load-module module-bluez5-device
+ #load-module module-bluez5-discover
'';
};
- # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
+ # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true;
- #hardware.bluetooth.extraConfig = ''
- # [general]
- # Enable=Source,Sink,Media,Socket
- #'';
+ # environment.etc."bluetooth/audio.conf".text = ''
+ # [General]
+ # Enable = Source,Sink,Media,Socket
+ # '';
};
}
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 30d90f9e3..c209b83f6 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -30,6 +30,7 @@ let
euer_blog = { };
ampel = { };
europastats = { };
+ arafetch = { };
init-stockholm = {
cgit.desc = "Init stuff for stockholm";
};
diff --git a/makefu/2configs/gui/automatic-diskmount.nix b/makefu/2configs/gui/automatic-diskmount.nix
new file mode 100644
index 000000000..19933111a
--- /dev/null
+++ b/makefu/2configs/gui/automatic-diskmount.nix
@@ -0,0 +1,44 @@
+{ pkgs, ... }:
+with import <stockholm/lib>; #genid
+{ # auto-mounting via polkit
+ services.udisks2.enable = true;
+## automount all disks:
+# services.devmon.enable = true;
+# services.gnome3.gvfs.enable = true;
+ users.groups.storage = {
+ gid = genid "storage";
+ members = [ "makefu" ];
+ };
+ users.users.makefu.packages = with pkgs;[
+ gvfs pcmanfm lxmenu-data
+ ];
+ environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
+
+## allow users in group "storage" to mount disk
+# https://github.com/coldfix/udiskie/wiki/Permissions
+ security.polkit.extraConfig =
+ ''
+ polkit.addRule(function(action, subject) {
+ var YES = polkit.Result.YES;
+ var permission = {
+ "org.freedesktop.udisks.filesystem-mount": YES,
+ "org.freedesktop.udisks.luks-unlock": YES,
+ "org.freedesktop.udisks.drive-eject": YES,
+ "org.freedesktop.udisks.drive-detach": YES,
+ "org.freedesktop.udisks2.filesystem-mount": YES,
+ "org.freedesktop.udisks2.encrypted-unlock": YES,
+ "org.freedesktop.udisks2.eject-media": YES,
+ "org.freedesktop.udisks2.power-off-drive": YES,
+ "org.freedesktop.udisks2.filesystem-mount-other-seat": YES,
+ "org.freedesktop.udisks2.filesystem-unmount-others": YES,
+ "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
+ "org.freedesktop.udisks2.eject-media-other-seat": YES,
+ "org.freedesktop.udisks2.power-off-drive-other-seat": YES
+ };
+ if (subject.isInGroup("storage")) {
+ return permission[action.id];
+ }
+ });
+ '';
+
+}
diff --git a/makefu/2configs/hydra/stockholm.nix b/makefu/2configs/hydra/stockholm.nix
index 4bdb09213..35999ae57 100644
--- a/makefu/2configs/hydra/stockholm.nix
+++ b/makefu/2configs/hydra/stockholm.nix
@@ -5,7 +5,6 @@
{
# TODO postgres backup
- services.postgresql.enable = true;
services.hydra = {
enable = true;
diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix
index 827da0c8d..315fc4706 100644
--- a/makefu/2configs/main-laptop.nix
+++ b/makefu/2configs/main-laptop.nix
@@ -16,6 +16,7 @@ in {
./zsh-user.nix
./tools/core.nix
./tools/core-gui.nix
+ ./gui/automatic-diskmount.nix
];
users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ];
diff --git a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix
new file mode 100644
index 000000000..d0881a934
--- /dev/null
+++ b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix
@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+{
+ services.nginx = {
+ enable = lib.mkDefault true;
+ virtualHosts."misa-felix-hochzeit.ml" = {
+ serverAliases = [ "www.misa-felix-hochzeit.ml" "misa-felix.ml" "www.misa-felix.ml" ];
+ forceSSL = true;
+ enableACME = true;
+ locations = {
+ "/" = {
+ index = "index.html";
+ root = "/var/www/misa-felix-hochzeit.ml";
+ };
+ };
+ };
+ };
+}
diff --git a/makefu/2configs/remote-build/master.nix b/makefu/2configs/remote-build/master.nix
deleted file mode 100644
index 2a2c68119..000000000
--- a/makefu/2configs/remote-build/master.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ pkgs, ...}:
-let
- sshKey = (toString <secrets>) + "/id_nixBuild";
-in {
- nix.distributedBuilds = true;
- # TODO: iterate over krebs.hosts
- nix.buildMachines = map ( hostName:
- { inherit hostName sshKey;
- sshUser = "nixBuild";
- system = "x86_64-linux";
- maxJobs = 8;
- }) [ "hotdog.r" ];
- # puyak.r "wbob.r" "omo.r" "gum.r" "latte.r"
-}
diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix
index e04b12f9c..422676b24 100644
--- a/makefu/2configs/stats/arafetch.nix
+++ b/makefu/2configs/stats/arafetch.nix
@@ -3,7 +3,7 @@ with import <stockholm/lib>;
let
pkg = with pkgs.python3Packages;buildPythonPackage rec {
rev = "762d747";
- name = "europastats-${rev}";
+ name = "arafetch-${rev}";
propagatedBuildInputs = [
requests
docopt
@@ -25,12 +25,25 @@ in {
};
systemd.services.arafetch = {
- startAt = "Mon 09:15:00";
+ startAt = "Mon,Wed,Fri 09:15:00";
wantedBy = [ "multi-user.target" ];
environment = {
OUTDIR = home;
};
path = [ pkg pkgs.git pkgs.wget ];
- script = "${pkg}/bin/weekrun";
+ serviceConfig = {
+ User = "arafetch";
+ WorkingDirectory = home;
+ PrivateTmp = true;
+ ExecStart = pkgs.writeDash "start-weekrun" ''
+ set -x
+ weekrun || echo "weekrun failed!"
+ find $OUTDIR/db -name \*.json | while read path;do
+ file=''${path##*/}
+ cantine=''${file%%.json}
+ ara2influx $path --cantine $cantine --host wbob.r
+ done
+ '';
+ };
};
}
diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix
index d0fb4fe41..f93d47caa 100644
--- a/makefu/2configs/urlwatch/default.nix
+++ b/makefu/2configs/urlwatch/default.nix
@@ -25,7 +25,6 @@ in {
# pypi
https://pypi.python.org/simple/bepasty/
https://pypi.python.org/simple/devpi-client/
- https://pypi.python.org/simple/oslo.config/
https://pypi.python.org/simple/sqlalchemy_migrate/
https://pypi.python.org/simple/xstatic/
https://pypi.python.org/simple/pyserial/
diff --git a/makefu/5pkgs/ampel/default.nix b/makefu/5pkgs/ampel/default.nix
index 86518b9b8..9792c2c59 100644
--- a/makefu/5pkgs/ampel/default.nix
+++ b/makefu/5pkgs/ampel/default.nix
@@ -2,7 +2,7 @@
with pkgs.python3Packages;buildPythonPackage rec {
name = "ampel-${version}";
- version = "0.2";
+ version = "0.2.1";
propagatedBuildInputs = [
docopt
@@ -16,8 +16,8 @@ with pkgs.python3Packages;buildPythonPackage rec {
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel";
- rev = "d8a0250";
- sha256 = "0n36lc17ca5db6pl6dswdqd5w9f881rfqck9yc4w33a5qpsxj85f";
+ rev = "92321d7";
+ sha256 = "0mvpbpf1rx8sc589qjb73gl8z6fir2zs3gl3br1pbhg5jgn0ij4n";
};
meta = {
homepage = http://cgit.euer.krebsco.de/ampel;
diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg
index e748981c6..e49a88697 100644
--- a/makefu/5pkgs/awesomecfg/full.cfg
+++ b/makefu/5pkgs/awesomecfg/full.cfg
@@ -412,8 +412,7 @@ clientkeys = awful.util.table.join(
end),
awful.key({ modkey, }, "m",
function (c)
- c.maximized_horizontal = not c.maximized_horizontal
- c.maximized_vertical = not c.maximized_vertical
+ c.maximized = not c.maximized
end)
)
diff --git a/makefu/5pkgs/devpi/default.nix b/makefu/5pkgs/devpi/default.nix
index 3ddcd9641..6515ea3d1 100644
--- a/makefu/5pkgs/devpi/default.nix
+++ b/makefu/5pkgs/devpi/default.nix
@@ -16,16 +16,17 @@ let
};
devpi-web = pkgs.python3Packages.buildPythonPackage rec {
name = "devpi-web";
- version = "3.1.1";
+ version = "3.2.2";
src = pkgs.fetchurl {
url = "mirror://pypi/d/devpi-web/devpi-web-${version}.tar.gz";
- sha256 = "0bvqv52jmasfm4sdyccwsgvk9a663d3grj7zjw8r9x7xm7l3svqv";
+ sha256 = "1mwg2fcw88rn47ypnhg5f4s1r066129z922113shyinwrwfddhay";
};
- propagatedBuildInputs = with pkgs.python3Packages;
- [ pkgs.devpi-server pyramid_chameleon beautifulsoup4 defusedxml readme-renderer ];
+ propagatedBuildInputs = with pkgs.python3Packages; builtins.trace pkgs.devpi-server.version
+ [ pkgs.devpi-server pyramid_chameleon pygments docutils devpi-common
+ whoosh beautifulsoup4 defusedxml readme-renderer ];
meta = {
homepage = https://bitbucket.org/hpk42/devpi;
@@ -37,6 +38,6 @@ let
in {
devpi-web = pkgs.python3.buildEnv.override {
- extraLibs = [ devpi-web devpi-server ];
- };
+ extraLibs = [ devpi-web pkgs.devpi-server ];
+ };
}
diff --git a/makefu/source.nix b/makefu/source.nix
index d25fe5528..bcdb66a66 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -21,9 +21,8 @@ let
];
};
# TODO: automate updating of this ref + cherry-picks
- ref = "6583793"; # nixos-17.09 @ 2018-03-07
- # + do_sqlite3 ruby: 55a952be5b5
- # + signal: 0f19beef3, 50ad913, 9449782, b7046ab2
+ ref = "a09afbfb8a4"; # nixos-18.03 @ 2018-04-04
+ # + do_sqlite3 ruby: 55a952be5b5
in
evalSource (toString _file) [
@@ -54,7 +53,7 @@ in
(mkIf ( musnix ) {
musnix.git = {
url = https://github.com/musnix/musnix.git;
- ref = "d8b989f";
+ ref = "master"; # follow the musnix channel, lets see how this works out
};
})