summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2016-08-21 13:16:56 +0200
committerlassulus <lass@aidsballs.de>2016-08-21 13:16:56 +0200
commitd50198d880c4be21413f9bb536b784005204beb9 (patch)
tree28ea56d3694e7239e532474f677a95f6604c00c5 /makefu
parent3eb5f58a0ee9778006d4e37fee17e0b3e096a52a (diff)
parentd1c4d12cee228cba1da4da7bba82b6cf6cb708ec (diff)
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu')
-rw-r--r--makefu/1systems/drop.nix40
-rw-r--r--makefu/1systems/gum.nix2
-rw-r--r--makefu/1systems/shoney.nix1
-rw-r--r--makefu/1systems/wry.nix5
-rw-r--r--makefu/1systems/x.nix8
-rw-r--r--makefu/2configs/default.nix15
-rw-r--r--makefu/2configs/hw/bcm4352.nix6
-rw-r--r--makefu/2configs/temp/8812au.nix6
-rw-r--r--makefu/2configs/temp/elkstack.nix5
-rw-r--r--makefu/2configs/temp/sabnzbd.nix5
-rw-r--r--makefu/2configs/torrent.nix81
-rw-r--r--makefu/2configs/udpt.nix31
-rw-r--r--makefu/3modules/default.nix3
-rw-r--r--makefu/3modules/deluge.nix185
-rw-r--r--makefu/3modules/populate.nix5
-rw-r--r--makefu/3modules/udpt.nix57
-rw-r--r--makefu/5pkgs/default.nix1
-rw-r--r--makefu/5pkgs/udpt/default.nix29
-rw-r--r--makefu/6tests/data/secrets/daemon-pw1
19 files changed, 477 insertions, 9 deletions
diff --git a/makefu/1systems/drop.nix b/makefu/1systems/drop.nix
new file mode 100644
index 000000000..4a94c3f61
--- /dev/null
+++ b/makefu/1systems/drop.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, ... }:
+let
+ external-ip = "45.55.145.62";
+ default-gw = "45.55.128.1";
+ prefixLength = 18;
+in {
+ imports = [
+ ../.
+ ../2configs/hw/CAC.nix
+ ../2configs/save-diskspace.nix
+ ../2configs/torrent.nix
+ ];
+ krebs = {
+ enable = true;
+ tinc.retiolum.enable = true;
+ build.host = config.krebs.hosts.drop;
+ };
+
+ boot.loader.grub.device = "/dev/vda";
+ boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ];
+ fileSystems."/" = {
+ device = "/dev/vda1";
+ fsType = "ext4";
+ };
+
+ networking = {
+ firewall = {
+ allowPing = true;
+ logRefusedConnections = false;
+ allowedTCPPorts = [ ];
+ allowedUDPPorts = [ 655 ];
+ };
+ interfaces.enp0s3.ip4 = [{
+ address = external-ip;
+ inherit prefixLength;
+ }];
+ defaultGateway = default-gw;
+ nameservers = [ "8.8.8.8" ];
+ };
+}
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index a4e2d1760..0d8ac0053 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -21,9 +21,9 @@ in {
../2configs/exim-retiolum.nix
../2configs/tinc/retiolum.nix
../2configs/urlwatch.nix
+ ../2configs/torrent.nix
];
-
services.smartd.devices = [ { device = "/dev/sda";} ];
###### stable
diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix
index 7081f6a95..1c5d2352e 100644
--- a/makefu/1systems/shoney.nix
+++ b/makefu/1systems/shoney.nix
@@ -14,6 +14,7 @@ in {
../2configs/hw/CAC.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/tinc/retiolum.nix
+ ../2configs/torrent.nix
];
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index 3764ab4b5..81cd362e6 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -24,9 +24,10 @@ in {
../2configs/nginx/euer.test.nix
# collectd
- ../2configs/collectd/collectd-base.nix
+ # ../2configs/collectd/collectd-base.nix
../2configs/tinc/retiolum.nix
+ ../2configs/torrent.nix
];
krebs.build.host = config.krebs.hosts.wry;
@@ -83,5 +84,5 @@ in {
nameservers = [ "8.8.8.8" ];
};
- environment.systemPackages = [ ];
+ environment.systemPackages = [ pkgs.screen ];
}
diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix
index d41edfa46..4829aaabd 100644
--- a/makefu/1systems/x.nix
+++ b/makefu/1systems/x.nix
@@ -32,6 +32,7 @@
# hardware specifics are in here
../2configs/hw/tp-x220.nix
../2configs/hw/rtl8812au.nix
+ ../2configs/hw/bcm4352.nix
# mount points
../2configs/fs/sda-crypto-root-home.nix
# ../2configs/mediawiki.nix
@@ -41,10 +42,13 @@
../2configs/tinc/retiolum.nix
# temporary modules
../2configs/temp/share-samba.nix
- # ../2configs/temp/elkstack.nix
+ ../2configs/temp/elkstack.nix
# ../2configs/temp/sabnzbd.nix
../2configs/tinc/siem.nix
+ ../2configs/torrent.nix
];
+ makefu.full-populate = true;
+ makefu.deluge.web.enable = true;
krebs.nginx = {
default404 = false;
servers.default.listen = [ "80 default_server" ];
@@ -57,7 +61,7 @@
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
- networking.firewall.allowedTCPPorts = [ 80 24800 26061 ];
+ networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 ];
networking.firewall.allowedUDPPorts = [ 665 26061 ];
krebs.build.host = config.krebs.hosts.x;
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 7e4c87cfb..cdaa38f27 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -22,10 +22,17 @@ with config.krebs.lib;
build = {
user = config.krebs.users.makefu;
source = let inherit (config.krebs.build) host user; in {
- nixpkgs.git = {
- url = https://github.com/nixos/nixpkgs;
- ref = "125ffff"; # stable @ 2016-07-20
- };
+ nixpkgs = if config.makefu.full-populate or (getEnv "dummy_secrets" == "true") then
+ { # stable @ 2016-07-20
+ git = { url = https://github.com/nixos/nixpkgs; ref = "125ffff"; };
+ }
+ else
+ # TODO use http, once it is implemented
+ # right now it is simply extracted revision folder
+
+ ## prepare so we do not have to wait for rsync:
+ ## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff -L | tar zx && mv NixOS-nixpkgs-125ffff nixpkgs
+ { file = "/home/makefu/store/125ffff";};
secrets.file =
if getEnv "dummy_secrets" == "true"
then toString <stockholm/makefu/6tests/data/secrets>
diff --git a/makefu/2configs/hw/bcm4352.nix b/makefu/2configs/hw/bcm4352.nix
new file mode 100644
index 000000000..516637eb8
--- /dev/null
+++ b/makefu/2configs/hw/bcm4352.nix
@@ -0,0 +1,6 @@
+{config, ...}:
+{
+ networking.enableB43Firmware = true;
+ boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
+}
+
diff --git a/makefu/2configs/temp/8812au.nix b/makefu/2configs/temp/8812au.nix
new file mode 100644
index 000000000..9587171b3
--- /dev/null
+++ b/makefu/2configs/temp/8812au.nix
@@ -0,0 +1,6 @@
+{config, pkgs, ...}:
+{
+ #boot.extraModulePackages = [ pkgs.rtl8812au ];
+ boot.extraModulePackages = [config.boot.kernelPackages.rtl8812au ];
+ boot.kernelModules = [ "rtl8812au" ];
+}
diff --git a/makefu/2configs/temp/elkstack.nix b/makefu/2configs/temp/elkstack.nix
new file mode 100644
index 000000000..c6bf1c6d8
--- /dev/null
+++ b/makefu/2configs/temp/elkstack.nix
@@ -0,0 +1,5 @@
+_:
+{
+ services.elasticsearch.enable = true;
+ services.kibana.enable = true;
+}
diff --git a/makefu/2configs/temp/sabnzbd.nix b/makefu/2configs/temp/sabnzbd.nix
new file mode 100644
index 000000000..d8eab2732
--- /dev/null
+++ b/makefu/2configs/temp/sabnzbd.nix
@@ -0,0 +1,5 @@
+{pkgs, ...}:
+{
+ services.sabnzbd.enable = true;
+ systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+}
diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix
new file mode 100644
index 000000000..c18db9fa3
--- /dev/null
+++ b/makefu/2configs/torrent.nix
@@ -0,0 +1,81 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+let
+ daemon-user = "tor";
+ daemon-pw = (import <torrent-secrets/daemon-pw>);
+ peer-port = 51412;
+ web-port = 8112;
+ daemon-port = 58846;
+ dl-dir = "/var/download";
+in {
+ # prepare secrets
+ krebs.build.source.torrent-secrets.file =
+ if getEnv "dummy_secrets" == "true"
+ then toString <stockholm/makefu/6tests/data/secrets>
+ else "/home/makefu/secrets/torrent";
+
+ users.users = {
+ download = {
+ name = "download";
+ home = dl-dir;
+ uid = genid "download";
+ createHome = true;
+ useDefaultShell = true;
+ group = "download";
+ openssh.authorizedKeys.keys = [ ];
+ };
+ };
+ # todo: race condition, do this after download user has been created
+ system.activationScripts."download-dir-chmod" = ''
+ for i in finished torrents; do
+ mkdir -p "${dl-dir}/$i"
+ chown download:download "${dl-dir}/$i"
+ chmod 770 "${dl-dir}/$i"
+ done
+ '';
+
+ users.extraGroups = {
+ download = {
+ gid = genid "download";
+ members = [
+ config.krebs.build.user.name
+ "download"
+ "deluge"
+ ];
+ };
+ };
+
+ makefu.deluge = {
+ enable = true;
+ auth = "${daemon-user}:${daemon-pw}:10";
+ # web.enable = true;
+ cfg = {
+ autoadd_enable = true;
+ download_location = dl-dir + "/finished";
+ torrentfiles_location = dl-dir + "/torrents"; copy_torrent_file = true;
+ lsd = true;
+ dht = true;
+ upnp = true;
+ natpmp = true;
+ add_paused = false;
+ allow_remote = true;
+ remove_seed_at_ratio = false;
+ move_completed = false;
+ daemon_port = daemon-port;
+ listen_ports = [ peer-port peer-port ];
+ outgoing_ports = [ peer-port peer-port ];
+ # performance tuning
+ cache_expiry = 3600;
+ stop_seed_at_ratio = true;
+ };
+ };
+
+ networking.firewall.extraCommands = ''
+ iptables -A INPUT -i retiolum -p tcp --dport ${toString daemon-port} -j ACCEPT
+ '';
+
+ networking.firewall.allowedTCPPorts = [ peer-port ];
+ networking.firewall.allowedUDPPorts = [ peer-port ];
+}
diff --git a/makefu/2configs/udpt.nix b/makefu/2configs/udpt.nix
new file mode 100644
index 000000000..6d55ffaf8
--- /dev/null
+++ b/makefu/2configs/udpt.nix
@@ -0,0 +1,31 @@
+{pkgs, ...}:
+
+let
+ cfgfile = pkgs.writeText "udpt-config" ''
+ [db]
+ driver=sqlite3
+ param=:memory:
+
+ [tracker]
+ is_dynamic=yes
+ port=6969
+ threads=5
+ allow_remotes=yes
+ allow_iana_ips=no
+ announce_interval=1800
+ cleanup_interval=120
+
+ [apiserver]
+ enable=yes
+
+ [logging]
+ filename=-
+ level=warning
+ '';
+in {
+ makefu.udpt = {
+ enable = true;
+ inherit cfgfile;
+ };
+
+}
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index 7fc095bab..031ef1bc2 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -2,11 +2,14 @@ _:
{
imports = [
+ ./populate.nix
./awesome-extra.nix
+ ./deluge.nix
./forward-journal.nix
./ps3netsrv.nix
./snapraid.nix
./taskserver.nix
+ ./udpt.nix
./umts.nix
];
}
diff --git a/makefu/3modules/deluge.nix b/makefu/3modules/deluge.nix
new file mode 100644
index 000000000..e81f96f85
--- /dev/null
+++ b/makefu/3modules/deluge.nix
@@ -0,0 +1,185 @@
+{ config, lib, pkgs, ... }:
+# based on <nixpkgs>/nixos/modules/services/torrent/deluge.nix
+with config.krebs.lib;
+
+let
+ cfg_daemon = config.makefu.deluge;
+ homedir = cfg_daemon.homedir;
+ delugedir = "${homedir}/.config/deluge";
+ cfg_web = config.makefu.deluge.web;
+ core_conf = pkgs.writeText "deluge-core-cfg" ''
+ {
+ "file": 1,
+ "format": 1
+ }${builtins.toJSON (default_core_cfg // cfg_daemon.cfg)}
+ '';
+
+ default_core_cfg = {
+ # ports and networking
+ daemon_port = 58846; allow_remote = false;
+ listen_ports = [ 0 0 ]; # from -> to, 0 -> random
+ outgoing_ports = [ 0 0 ];
+ random_port = true;
+ random_outgoing_ports = true;
+ listen_interface = "";
+ # folders
+ move_completed_path = homedir +"/complete"; move_completed = false;
+ autoadd_location = homedir + "/watch"; autoadd_enable = true;
+ download_location = homedir + "/data";
+ torrentfiles_location = homedir + "/torrents"; copy_torrent_file = false; del_copy_torrent_file = false;
+ plugins_location = homedir + "/.config/deluge/plugins"; enabled_plugins = [];
+ geoip_db_location = pkgs.geolite-legacy + "/share/GeoIP/GeoIP.dat";
+ queue_new_to_top = false;
+ info_sent = 0;
+ send_info = false;
+ compact_allocation = false;
+ # peer discovery, extras
+ lsd = true;
+ natpmp = true;
+ utpex = false;
+ dht = false;
+ upnp = true;
+ peer_tos = "0x08";
+ # active torrents
+ dont_count_slow_torrents = false;
+ max_active_limit = -1;
+ max_active_downloading = -1;
+ max_active_seeding = -1;
+ max_upload_slots_global = -1;
+ # seeding
+ share_ratio_limit = -1;
+ seed_time_ratio_limit = -1;
+ seed_time_limit = 180;
+ stop_seed_at_ratio = false;
+ remove_seed_at_ratio = false;
+ stop_seed_ratio = 2;
+ # speed and connections
+ rate_limit_ip_overhead = true;
+ ignore_limits_on_local_network = true;
+ max_download_speed = -1;
+ max_upload_speed = -1;
+ max_upload_speed_per_torrent = -1;
+ max_download_speed_per_torrent = -1;
+ max_half_open_connections = -1;
+ max_connections_global = -1;
+ max_connections_per_second = -1;
+ max_connections_per_torrent = -1;
+ max_upload_slots_per_torrent = -1;
+ enc_in_policy = 1;
+ enc_prefer_rc4 = true;
+ enc_level = 2;
+ enc_out_policy = 1;
+ cache_size = 8192;
+ cache_expiry = 60;
+ prioritize_first_last_pieces = false;
+ auto_managed = true;
+ proxies = {
+ peer = {
+ username = "";
+ password = "";
+ hostname = "";
+ type = 0;
+ port = 8080;
+ };
+ web_seed = {
+ username = "";
+ password = "";
+ hostname = "";
+ type = 0;
+ port = 8080;
+ };
+ tracker = {
+ username = "";
+ password = "";
+ hostname = "";
+ type = 0;
+ port = 8080;
+ };
+ dht = {
+ username = "";
+ password = "";
+ hostname = "";
+ type = 0;
+ port = 8080;
+ };
+ };
+ add_paused = false;
+ new_release_check = false;
+ };
+
+ api = {
+ enable = mkEnableOption "deluge daemon";
+
+ cfg = mkOption {
+ default = default_core_cfg;
+ type = types.attrsOf types.unspecified;
+ description = ''
+ for full configuration see defaults
+ '';
+ example = {
+ "daemon_port"= 58846;
+ "download_location"= "/var/download";
+ };
+ };
+
+ auth = mkOption {
+ default = [];
+ example = ["alice:MyC0mpL3xPass:10"];
+ type = types.lines;
+ };
+
+ homedir = mkOption {
+ default = "/var/lib/deluge";
+ description = "Home directory of deluge user";
+ type = types.str;
+ };
+
+ web = {
+ enable = mkEnableOption "deluge web";
+ };
+ };
+ imp = {
+
+ systemd.services.deluged = {
+ after = [ "network.target" ];
+ description = "Deluge BitTorrent Daemon";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${pkgs.pythonPackages.deluge}/bin/deluged -d";
+ ExecStartPre = let
+ in pkgs.writeDash "deluged-init" ''
+ mkdir -p ${delugedir}
+ echo ${shell.escape cfg_daemon.auth} > ${delugedir}/auth
+ cp -f ${core_conf} ${delugedir}/core.conf
+ '';
+ Restart = "on-success";
+ User = "deluge";
+ Group = "deluge";
+ };
+ };
+
+ systemd.services.delugeweb = mkIf cfg_web.enable {
+ after = [ "network.target" ];
+ description = "Deluge BitTorrent WebUI";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig.ExecStart = "${pkgs.pythonPackages.deluge}/bin/deluge --ui web";
+ serviceConfig.User = "deluge";
+ serviceConfig.Group = "deluge";
+ };
+
+ environment.systemPackages = [ pkgs.pythonPackages.deluge ];
+
+ users.extraUsers.deluge = {
+ group = "deluge";
+ uid = config.ids.uids.deluge;
+ home = cfg_daemon.homedir;
+ createHome = true;
+ description = "Deluge Daemon user";
+ };
+
+ users.extraGroups.deluge.gid = config.ids.gids.deluge;
+ };
+in {
+ options.makefu.deluge = api;
+ config = lib.mkIf cfg_daemon.enable imp;
+}
diff --git a/makefu/3modules/populate.nix b/makefu/3modules/populate.nix
new file mode 100644
index 000000000..19d3b3690
--- /dev/null
+++ b/makefu/3modules/populate.nix
@@ -0,0 +1,5 @@
+{config, lib, pkgs, ... }:
+
+{
+ options.makefu.full-populate = lib.mkEnableOption "always do a full clone of nixpkgs";
+}
diff --git a/makefu/3modules/udpt.nix b/makefu/3modules/udpt.nix
new file mode 100644
index 000000000..2086bd540
--- /dev/null
+++ b/makefu/3modules/udpt.nix
@@ -0,0 +1,57 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+ cfg = config.makefu.udpt;
+
+ out = {
+ options.makefu.udpt = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "udpt";
+
+ package = mkOption {
+ type = types.package;
+ default = pkgs.udpt;
+ };
+
+ cfgfile = mkOption {
+ type = types.path;
+ default = "${cfg.package}/etc/udpt.conf";
+ };
+
+ user = mkOption {
+ description = ''
+ user which will run udpt. if kept default a new user will be created
+ '';
+ type = types.str;
+ default = "udpt";
+ };
+
+ };
+
+ imp = {
+ systemd.services.udpt = {
+ description = "udpt server";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ restartIfChanged = true;
+ serviceConfig = {
+ Type = "simple";
+ ExecStart = "${cfg.package}/bin/udpt -c ${shell.escape cfg.cfgfile}";
+ PrivateTmp = true;
+ User = "${cfg.user}";
+ };
+ };
+ users = lib.mkIf (cfg.user == "udpt") {
+ users.udpt = {
+ uid = genid "udpt";
+ };
+ groups.udpt.gid = genid "udpt";
+ };
+ };
+in
+out
+
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 6598f5d3f..51987c35b 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -21,6 +21,7 @@ in
tw-upload-plugin = callPackage ./tw-upload-plugin {};
skytraq-logger = callPackage ./skytraq-logger {};
taskserver = callPackage ./taskserver {};
+ udpt = callPackage ./udpt {};
wol = callPackage ./wol {};
};
}
diff --git a/makefu/5pkgs/udpt/default.nix b/makefu/5pkgs/udpt/default.nix
new file mode 100644
index 000000000..99bcac18b
--- /dev/null
+++ b/makefu/5pkgs/udpt/default.nix
@@ -0,0 +1,29 @@
+{ stdenv, boost, sqlite, fetchFromGitHub }:
+
+stdenv.mkDerivation rec {
+ proj = "udpt";
+ name = "udpt-${rev}";
+ rev = "0790558";
+
+ enableParallelBuilding = true;
+
+ src = fetchFromGitHub {
+ owner = "naim94a";
+ repo = "udpt";
+ inherit rev;
+ sha256 = "0rgkjwvnqwbnqy7pm3dk176d3plb5lypaf12533yr0yfzcp6gnzk";
+ };
+ buildInputs = [ boost sqlite ];
+ installPhase = ''
+ mkdir -p $out/bin $out/etc/
+ cp udpt $out/bin
+ cp udpt.conf $out/etc/
+ '';
+ meta = {
+ description = "udp tracker";
+ homepage = https://github.com/naim94a/udpt;
+ license = stdenv.lib.licenses.gpl3;
+ platforms = stdenv.lib.platforms.linux;
+ maintainers = with stdenv.lib.maintainers; [ makefu ];
+ };
+}
diff --git a/makefu/6tests/data/secrets/daemon-pw b/makefu/6tests/data/secrets/daemon-pw
new file mode 100644
index 000000000..e16c76dff
--- /dev/null
+++ b/makefu/6tests/data/secrets/daemon-pw
@@ -0,0 +1 @@
+""