summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
authornin <nin@c-base.org>2018-02-27 22:30:49 +0100
committernin <nin@c-base.org>2018-02-27 22:30:49 +0100
commit01289f333143fa145fe585812d05672efd3f3ebe (patch)
treed6de52e9914cd6489cbad61ae7c6fb60ad472c41 /makefu
parentf20bf1a7ba146b3ffe3f2e470614d12885cbce61 (diff)
parent9e67031cb878c0bcdcde39a7b7b746111de6719a (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu')
-rw-r--r--makefu/1systems/gum/config.nix5
-rw-r--r--makefu/1systems/omo/config.nix13
-rw-r--r--makefu/1systems/sdev/config.nix26
-rw-r--r--makefu/1systems/vbob/config.nix41
-rw-r--r--makefu/1systems/wbob/config.nix6
-rw-r--r--makefu/1systems/x/config.nix72
-rw-r--r--makefu/2configs/git/cgit-retiolum.nix1
-rw-r--r--makefu/2configs/hw/vbox-guest.nix16
-rw-r--r--makefu/2configs/hydra/stockholm.nix34
-rw-r--r--makefu/2configs/tools/mobility.nix2
-rw-r--r--makefu/2configs/tools/studio.nix4
-rw-r--r--makefu/2configs/urlwatch/default.nix4
-rw-r--r--makefu/5pkgs/default.nix2
-rw-r--r--makefu/5pkgs/programs-db/default.nix12
-rw-r--r--makefu/6tests/data/secrets/torrent-secrets/auth.nix1
-rw-r--r--makefu/source.nix3
16 files changed, 169 insertions, 73 deletions
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index a656fdce3..b859efc94 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -148,6 +148,11 @@ in {
allowedIPs = [ "10.244.0.5/32" ];
publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
}
+ {
+ # workr
+ allowedIPs = [ "10.244.0.6/32" ];
+ publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
+ }
];
};
}
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 1e087fef4..01438397e 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -25,16 +25,18 @@ let
# | |
# |* |
# |* d2 |
- # | * r0 |
+ # | * |
+ # | * |
# |_______|
cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
cryptDisk1 = byid "ata-TP02000GB_TPW151006050068";
cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
+ cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4";
# cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
# all physical disks
# TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
- dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ];
+ dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ];
allDisks = [ rootDisk ] ++ dataDisks;
in {
imports =
@@ -69,6 +71,7 @@ in {
<stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/deployment/google-muell.nix>
+ <stockholm/makefu/2configs/virtualisation/docker.nix>
# security
@@ -117,7 +120,6 @@ in {
services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
- virtualisation.docker.enable = true;
makefu.ps3netsrv = {
enable = true;
servedir = "/media/cryptX/emu/ps3";
@@ -127,6 +129,7 @@ in {
makefu.snapraid = {
enable = true;
+ # TODO: 3 is not protected
disks = map toMapper [ 0 1 ];
parity = toMapper 2;
};
@@ -139,7 +142,7 @@ in {
'';
environment.systemPackages = with pkgs;[
mergerfs # hard requirement for mount
- wol # wake up filepimp
+ wol # wake up filepimp
f3
];
fileSystems = let
@@ -151,6 +154,7 @@ in {
in cryptMount "crypt0"
// cryptMount "crypt1"
// cryptMount "crypt2"
+ // cryptMount "crypt3"
// { "/media/cryptX" = {
device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]);
fsType = "mergerfs";
@@ -179,6 +183,7 @@ in {
(usbkey "crypt0" cryptDisk0)
(usbkey "crypt1" cryptDisk1)
(usbkey "crypt2" cryptDisk2)
+ (usbkey "crypt3" cryptDisk3)
];
};
loader.grub.device = lib.mkForce rootDisk;
diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix
index 38c044be4..c2cd23d1e 100644
--- a/makefu/1systems/sdev/config.nix
+++ b/makefu/1systems/sdev/config.nix
@@ -5,32 +5,35 @@
imports =
[ # Include the results of the hardware scan.
<stockholm/makefu>
- (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
- (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
+
+ # <stockholm/makefu/2configs/hw/vbox-guest.nix>
+ { # until virtualbox-image is fixed
+ imports = [
+ <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
+ ];
+ boot.loader.grub.device = "/dev/sda";
+ }
<stockholm/makefu/2configs/main-laptop.nix>
# <secrets/extra-hosts.nix>
# environment
<stockholm/makefu/2configs/tinc/retiolum.nix>
+ <stockholm/makefu/2configs/virtualisation/docker.nix>
];
- # workaround for https://github.com/NixOS/nixpkgs/issues/16641
- services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
-
- nixpkgs.config.allowUnfree = true;
-
# allow sdev to deploy self
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
};
};
+ # corefonts
+ nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs;[
ppp xclip
get
passwdqc-utils
- docker
gnupg
populate
(pkgs.writeScriptBin "tor-browser" ''
@@ -39,18 +42,11 @@
'')
];
- virtualisation.docker.enable = true;
-
networking.firewall.allowedTCPPorts = [
25
80
8010
];
- fileSystems."/media/share" = {
- fsType = "vboxsf";
- device = "share";
- options = [ "rw" "uid=9001" "gid=9001" ];
- };
}
diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix
index ffd9deaee..208dd1ff7 100644
--- a/makefu/1systems/vbob/config.nix
+++ b/makefu/1systems/vbob/config.nix
@@ -8,30 +8,9 @@
{
imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
boot.loader.grub.device = "/dev/sda";
- virtualisation.virtualbox.guest.enable = true;
}
- # {
- # imports = [
- # <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
- # ];
- # virtualbox.baseImageSize = 35 * 1024;
- # fileSystems."/media/share" = {
- # fsType = "vboxsf";
- # device = "share";
- # options = [ "rw" "uid=9001" "gid=9001" ];
- # };
- # }
-
- # {
- # imports = [
- # <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- # ];
- # fileSystems."/nix" = {
- # device ="/dev/disk/by-label/nixstore";
- # fsType = "ext4";
- # };
- # }
-
+ # <stockholm/makefu/2configs/hw/vbox-guest.nix>
+ # <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
# base gui
# <stockholm/makefu/2configs/main-laptop.nix>
@@ -75,14 +54,8 @@
];
networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
- nixpkgs.config.allowUnfree = true;
-
# allow vbob to deploy self
- users.extraUsers = {
- root = {
- openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
- };
- };
+ users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
environment.shellAliases = {
forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
@@ -94,16 +67,18 @@
ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd
ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail
'';
+
+ # for forticlient
+ nixpkgs.config.allowUnfree = true;
+
environment.systemPackages = with pkgs;[
fortclientsslvpn ppp xclip
get
logstash
- # docker
#devpi-web
#devpi-client
ansible
];
- # virtualisation.docker.enable = true;
networking.firewall.allowedTCPPorts = [
@@ -111,6 +86,6 @@
80
8010
];
-
+ # required for qemu
systemd.services."serial-getty@ttyS0".enable = true;
}
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index 6434ba273..637d8e2d8 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -29,7 +29,8 @@ in {
# <stockholm/makefu/2configs/vncserver.nix>
# Services
- <stockholm/makefu/2configs/remote-build/slave.nix>
+ <stockholm/makefu/2configs/hydra/stockholm.nix>
+
<stockholm/makefu/2configs/share/wbob.nix>
(let
musicDirectory = "/data/music";
@@ -83,6 +84,9 @@ in {
load-module module-filter-apply
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
load-module module-switch-on-connect
+ # may be required for "system-wide" pulse to connect to bluetooth
+ #module-bluez5-device
+ #module-bluez5-discover
'';
};
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index d5a9bdcfb..ad2ad8779 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -40,7 +40,7 @@ with import <stockholm/lib>;
# Virtualization
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
- <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
+ # <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
{
networking.firewall.allowedTCPPorts = [ 8080 ];
networking.nat = {
@@ -60,7 +60,7 @@ with import <stockholm/lib>;
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
# <stockholm/makefu/2configs/hw/tpm.nix>
- <stockholm/makefu/2configs/hw/rtl8812au.nix>
+ # <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
<stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/rad1o.nix>
@@ -78,6 +78,74 @@ with import <stockholm/lib>;
# <stockholm/makefu/2configs/lanparty/lancache-dns.nix>
# <stockholm/makefu/2configs/lanparty/samba.nix>
# <stockholm/makefu/2configs/lanparty/mumble-server.nix>
+ # <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
+
+ {
+ networking.wireguard.interfaces.wg0 = {
+ ips = [ "10.244.0.2/24" ];
+ privateKeyFile = (toString <secrets>) + "/wireguard.key";
+ allowedIPsAsRoutes = true;
+ peers = [
+ {
+ # gum
+ endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820";
+ allowedIPs = [ "10.244.0.0/24" ];
+ publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
+ }
+ #{
+ # # vbob
+ # allowedIPs = [ "10.244.0.3/32" ];
+ # publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
+ #}
+ ];
+ };
+ }
+ { # bluetooth+pulse config
+ # for blueman-applet
+ users.users.makefu.packages = [
+ pkgs.blueman
+ ];
+ hardware.pulseaudio = {
+ enable = true;
+ package = pkgs.pulseaudioFull;
+ # systemWide = true;
+ support32Bit = true;
+ configFile = pkgs.writeText "default.pa" ''
+ load-module module-udev-detect
+ load-module module-bluetooth-policy
+ load-module module-bluetooth-discover
+ load-module module-native-protocol-unix
+ load-module module-always-sink
+ load-module module-console-kit
+ load-module module-systemd-login
+ load-module module-intended-roles
+ load-module module-position-event-sounds
+ load-module module-filter-heuristics
+ load-module module-filter-apply
+ load-module module-switch-on-connect
+ '';
+ };
+
+ # presumably a2dp Sink
+ # Enable profile:
+ ## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink
+ hardware.bluetooth.extraConfig = '';
+ [general]
+ Enable=Source,Sink,Media,Socket
+ '';
+
+ # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
+ hardware.bluetooth.enable = true;
+ }
+ { # auto-mounting
+ services.udisks2.enable = true;
+ services.devmon.enable = true;
+ # services.gnome3.gvfs.enable = true;
+ users.users.makefu.packages = with pkgs;[
+ gvfs pcmanfm lxmenu-data
+ ];
+ environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
+ }
];
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index eacbd99cf..1109e2519 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -28,6 +28,7 @@ let
init-stockholm = {
cgit.desc = "Init stuff for stockholm";
};
+ hydra-stockholm = { };
};
priv-repos = mapAttrs make-priv-repo {
diff --git a/makefu/2configs/hw/vbox-guest.nix b/makefu/2configs/hw/vbox-guest.nix
new file mode 100644
index 000000000..65f915a2f
--- /dev/null
+++ b/makefu/2configs/hw/vbox-guest.nix
@@ -0,0 +1,16 @@
+{ lib, ...}:
+{
+ ## Guest Extensions are currently broken
+ imports = [
+ (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
+ ];
+ virtualisation.virtualbox.guest.enable = true;
+ services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
+
+ fileSystems."/media/share" = {
+ fsType = "vboxsf";
+ device = "share";
+ options = [ "rw" "uid=9001" "gid=9001" "nofail" ];
+ };
+ # virtualbox.baseImageSize = 35 * 1024;
+}
diff --git a/makefu/2configs/hydra/stockholm.nix b/makefu/2configs/hydra/stockholm.nix
new file mode 100644
index 000000000..4bdb09213
--- /dev/null
+++ b/makefu/2configs/hydra/stockholm.nix
@@ -0,0 +1,34 @@
+# iterative:
+# $ hydra-create-user krebs --password derp --role admin
+# curl 'http://hydra.wbob.r/project/.new' -X PUT -H 'Host: hydra.wbob.r' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: redirect_to=%252F; hydra_session=abcdefghijklmnopqrstuvwxyz' -H 'Connection: keep-alive' --data 'enabled=on&visible=on&name=stockholm&displayname=Stockholm&description=make+all+systems+into+1systems&homepage=https%3A%2F%2Fkrebsco.de&owner=krebs&declfile=spec.json&decltype=git&declvalue=http%3A%2F%2Fcgit.euer.krebsco.de%2Fhydra-stockholm'
+
+{
+
+ # TODO postgres backup
+ services.postgresql.enable = true;
+
+ services.hydra = {
+ enable = true;
+ hydraURL = "http://hydra.wbob.r"; # externally visible URL
+ notificationSender = "hydra@wbob.r";
+ # you will probably also want, otherwise *everything* will be built from scratch
+ useSubstitutes = true;
+ port = 3030;
+ buildMachinesFiles = [];
+ };
+
+ networking.firewall.allowedTCPPorts = [ 80 ];
+ services.nginx = {
+ enable = true;
+ virtualHosts."hydra.wbob.r" = {
+ locations."/" = {
+ proxyPass = "http://localhost:3030/";
+ extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ '';
+ };
+ };
+ };
+}
diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix
index f2676f11c..1993a5212 100644
--- a/makefu/2configs/tools/mobility.nix
+++ b/makefu/2configs/tools/mobility.nix
@@ -5,5 +5,5 @@
mosh
];
- # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
+ boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
}
diff --git a/makefu/2configs/tools/studio.nix b/makefu/2configs/tools/studio.nix
index 0356ba391..e0c68167f 100644
--- a/makefu/2configs/tools/studio.nix
+++ b/makefu/2configs/tools/studio.nix
@@ -9,8 +9,8 @@
# owncloudclient
(pkgs.writeScriptBin "prepare-pulseaudio" ''
pactl load-module module-null-sink sink_name=stream sink_properties=device.description="Streaming"
- pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream latency_msec=1
- pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream latency_msec=1
+ pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream
+ pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream
darkice -c ~/lol.conf
'')
];
diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix
index 677950f43..d0fb4fe41 100644
--- a/makefu/2configs/urlwatch/default.nix
+++ b/makefu/2configs/urlwatch/default.nix
@@ -34,7 +34,7 @@ in {
http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
- https://git.tasktools.org/TM/taskd/info/refs?service=git-upload-pack
+
http://www.iozone.org/src/current/
{
@@ -51,6 +51,8 @@ in {
"embray/d2to1"
"dorimanx/exfat-nofuse"
"rapid7/metasploit-framework"
+ "GothenburgBitFactory/taskserver"
+ "GothenburgBitFactory/taskwarrior"
];
};
}
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 80a0d33cd..b1d6df67e 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -3,7 +3,7 @@ self: super: let
# This callPackage will try to detect obsolete overrides.
callPackage = path: args: let
- override = super.callPackage path args;
+ override = super.callPackage path args;
upstream = optionalAttrs (override ? "name")
(super.${(parseDrvName override.name).name} or {});
in if upstream ? "name" &&
diff --git a/makefu/5pkgs/programs-db/default.nix b/makefu/5pkgs/programs-db/default.nix
deleted file mode 100644
index f40b1b96e..000000000
--- a/makefu/5pkgs/programs-db/default.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ stdenv }:
-
-stdenv.mkDerivation rec {
- name = "programs-db";
- src = builtins.fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz ;
-
- phases = [ "unpackPhase" "installPhase" ];
- installPhase = ''
- cp programs.sqlite $out
- '';
-
-}
diff --git a/makefu/6tests/data/secrets/torrent-secrets/auth.nix b/makefu/6tests/data/secrets/torrent-secrets/auth.nix
new file mode 100644
index 000000000..0967ef424
--- /dev/null
+++ b/makefu/6tests/data/secrets/torrent-secrets/auth.nix
@@ -0,0 +1 @@
+{}
diff --git a/makefu/source.nix b/makefu/source.nix
index f06c9454f..708f0d20c 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -13,7 +13,8 @@ let
then "buildbot"
else "makefu";
_file = <stockholm> + "/makefu/1systems/${name}/source.nix";
- ref = "cd36b3d"; # nixos-17.09 @ 2018-02-06
+ # TODO: automate updating of this ref + cherry-picks
+ ref = "51810e0"; # nixos-17.09 @ 2018-02-14
# + do_sqlite3 ruby: 55a952be5b5
# + signal: 0f19beef3
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-26 18:16:40 +0000