diff options
author | lassulus <lass@aidsballs.de> | 2016-08-21 13:16:56 +0200 |
---|---|---|
committer | lassulus <lass@aidsballs.de> | 2016-08-21 13:16:56 +0200 |
commit | d50198d880c4be21413f9bb536b784005204beb9 (patch) | |
tree | 28ea56d3694e7239e532474f677a95f6604c00c5 /makefu | |
parent | 3eb5f58a0ee9778006d4e37fee17e0b3e096a52a (diff) | |
parent | d1c4d12cee228cba1da4da7bba82b6cf6cb708ec (diff) |
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu')
-rw-r--r-- | makefu/1systems/drop.nix | 40 | ||||
-rw-r--r-- | makefu/1systems/gum.nix | 2 | ||||
-rw-r--r-- | makefu/1systems/shoney.nix | 1 | ||||
-rw-r--r-- | makefu/1systems/wry.nix | 5 | ||||
-rw-r--r-- | makefu/1systems/x.nix | 8 | ||||
-rw-r--r-- | makefu/2configs/default.nix | 15 | ||||
-rw-r--r-- | makefu/2configs/hw/bcm4352.nix | 6 | ||||
-rw-r--r-- | makefu/2configs/temp/8812au.nix | 6 | ||||
-rw-r--r-- | makefu/2configs/temp/elkstack.nix | 5 | ||||
-rw-r--r-- | makefu/2configs/temp/sabnzbd.nix | 5 | ||||
-rw-r--r-- | makefu/2configs/torrent.nix | 81 | ||||
-rw-r--r-- | makefu/2configs/udpt.nix | 31 | ||||
-rw-r--r-- | makefu/3modules/default.nix | 3 | ||||
-rw-r--r-- | makefu/3modules/deluge.nix | 185 | ||||
-rw-r--r-- | makefu/3modules/populate.nix | 5 | ||||
-rw-r--r-- | makefu/3modules/udpt.nix | 57 | ||||
-rw-r--r-- | makefu/5pkgs/default.nix | 1 | ||||
-rw-r--r-- | makefu/5pkgs/udpt/default.nix | 29 | ||||
-rw-r--r-- | makefu/6tests/data/secrets/daemon-pw | 1 |
19 files changed, 477 insertions, 9 deletions
diff --git a/makefu/1systems/drop.nix b/makefu/1systems/drop.nix new file mode 100644 index 000000000..4a94c3f61 --- /dev/null +++ b/makefu/1systems/drop.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: +let + external-ip = "45.55.145.62"; + default-gw = "45.55.128.1"; + prefixLength = 18; +in { + imports = [ + ../. + ../2configs/hw/CAC.nix + ../2configs/save-diskspace.nix + ../2configs/torrent.nix + ]; + krebs = { + enable = true; + tinc.retiolum.enable = true; + build.host = config.krebs.hosts.drop; + }; + + boot.loader.grub.device = "/dev/vda"; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ]; + fileSystems."/" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + + networking = { + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ ]; + allowedUDPPorts = [ 655 ]; + }; + interfaces.enp0s3.ip4 = [{ + address = external-ip; + inherit prefixLength; + }]; + defaultGateway = default-gw; + nameservers = [ "8.8.8.8" ]; + }; +} diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index a4e2d1760..0d8ac0053 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -21,9 +21,9 @@ in { ../2configs/exim-retiolum.nix ../2configs/tinc/retiolum.nix ../2configs/urlwatch.nix + ../2configs/torrent.nix ]; - services.smartd.devices = [ { device = "/dev/sda";} ]; ###### stable diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index 7081f6a95..1c5d2352e 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -14,6 +14,7 @@ in { ../2configs/hw/CAC.nix ../2configs/fs/CAC-CentOS-7-64bit.nix ../2configs/tinc/retiolum.nix + ../2configs/torrent.nix ]; diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 3764ab4b5..81cd362e6 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -24,9 +24,10 @@ in { ../2configs/nginx/euer.test.nix # collectd - ../2configs/collectd/collectd-base.nix + # ../2configs/collectd/collectd-base.nix ../2configs/tinc/retiolum.nix + ../2configs/torrent.nix ]; krebs.build.host = config.krebs.hosts.wry; @@ -83,5 +84,5 @@ in { nameservers = [ "8.8.8.8" ]; }; - environment.systemPackages = [ ]; + environment.systemPackages = [ pkgs.screen ]; } diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index d41edfa46..4829aaabd 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -32,6 +32,7 @@ # hardware specifics are in here ../2configs/hw/tp-x220.nix ../2configs/hw/rtl8812au.nix + ../2configs/hw/bcm4352.nix # mount points ../2configs/fs/sda-crypto-root-home.nix # ../2configs/mediawiki.nix @@ -41,10 +42,13 @@ ../2configs/tinc/retiolum.nix # temporary modules ../2configs/temp/share-samba.nix - # ../2configs/temp/elkstack.nix + ../2configs/temp/elkstack.nix # ../2configs/temp/sabnzbd.nix ../2configs/tinc/siem.nix + ../2configs/torrent.nix ]; + makefu.full-populate = true; + makefu.deluge.web.enable = true; krebs.nginx = { default404 = false; servers.default.listen = [ "80 default_server" ]; @@ -57,7 +61,7 @@ # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 80 24800 26061 ]; + networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 ]; networking.firewall.allowedUDPPorts = [ 665 26061 ]; krebs.build.host = config.krebs.hosts.x; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 7e4c87cfb..cdaa38f27 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,10 +22,17 @@ with config.krebs.lib; build = { user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; in { - nixpkgs.git = { - url = https://github.com/nixos/nixpkgs; - ref = "125ffff"; # stable @ 2016-07-20 - }; + nixpkgs = if config.makefu.full-populate or (getEnv "dummy_secrets" == "true") then + { # stable @ 2016-07-20 + git = { url = https://github.com/nixos/nixpkgs; ref = "125ffff"; }; + } + else + # TODO use http, once it is implemented + # right now it is simply extracted revision folder + + ## prepare so we do not have to wait for rsync: + ## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff -L | tar zx && mv NixOS-nixpkgs-125ffff nixpkgs + { file = "/home/makefu/store/125ffff";}; secrets.file = if getEnv "dummy_secrets" == "true" then toString <stockholm/makefu/6tests/data/secrets> diff --git a/makefu/2configs/hw/bcm4352.nix b/makefu/2configs/hw/bcm4352.nix new file mode 100644 index 000000000..516637eb8 --- /dev/null +++ b/makefu/2configs/hw/bcm4352.nix @@ -0,0 +1,6 @@ +{config, ...}: +{ + networking.enableB43Firmware = true; + boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; +} + diff --git a/makefu/2configs/temp/8812au.nix b/makefu/2configs/temp/8812au.nix new file mode 100644 index 000000000..9587171b3 --- /dev/null +++ b/makefu/2configs/temp/8812au.nix @@ -0,0 +1,6 @@ +{config, pkgs, ...}: +{ + #boot.extraModulePackages = [ pkgs.rtl8812au ]; + boot.extraModulePackages = [config.boot.kernelPackages.rtl8812au ]; + boot.kernelModules = [ "rtl8812au" ]; +} diff --git a/makefu/2configs/temp/elkstack.nix b/makefu/2configs/temp/elkstack.nix new file mode 100644 index 000000000..c6bf1c6d8 --- /dev/null +++ b/makefu/2configs/temp/elkstack.nix @@ -0,0 +1,5 @@ +_: +{ + services.elasticsearch.enable = true; + services.kibana.enable = true; +} diff --git a/makefu/2configs/temp/sabnzbd.nix b/makefu/2configs/temp/sabnzbd.nix new file mode 100644 index 000000000..d8eab2732 --- /dev/null +++ b/makefu/2configs/temp/sabnzbd.nix @@ -0,0 +1,5 @@ +{pkgs, ...}: +{ + services.sabnzbd.enable = true; + systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; +} diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix new file mode 100644 index 000000000..c18db9fa3 --- /dev/null +++ b/makefu/2configs/torrent.nix @@ -0,0 +1,81 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +let + daemon-user = "tor"; + daemon-pw = (import <torrent-secrets/daemon-pw>); + peer-port = 51412; + web-port = 8112; + daemon-port = 58846; + dl-dir = "/var/download"; +in { + # prepare secrets + krebs.build.source.torrent-secrets.file = + if getEnv "dummy_secrets" == "true" + then toString <stockholm/makefu/6tests/data/secrets> + else "/home/makefu/secrets/torrent"; + + users.users = { + download = { + name = "download"; + home = dl-dir; + uid = genid "download"; + createHome = true; + useDefaultShell = true; + group = "download"; + openssh.authorizedKeys.keys = [ ]; + }; + }; + # todo: race condition, do this after download user has been created + system.activationScripts."download-dir-chmod" = '' + for i in finished torrents; do + mkdir -p "${dl-dir}/$i" + chown download:download "${dl-dir}/$i" + chmod 770 "${dl-dir}/$i" + done + ''; + + users.extraGroups = { + download = { + gid = genid "download"; + members = [ + config.krebs.build.user.name + "download" + "deluge" + ]; + }; + }; + + makefu.deluge = { + enable = true; + auth = "${daemon-user}:${daemon-pw}:10"; + # web.enable = true; + cfg = { + autoadd_enable = true; + download_location = dl-dir + "/finished"; + torrentfiles_location = dl-dir + "/torrents"; copy_torrent_file = true; + lsd = true; + dht = true; + upnp = true; + natpmp = true; + add_paused = false; + allow_remote = true; + remove_seed_at_ratio = false; + move_completed = false; + daemon_port = daemon-port; + listen_ports = [ peer-port peer-port ]; + outgoing_ports = [ peer-port peer-port ]; + # performance tuning + cache_expiry = 3600; + stop_seed_at_ratio = true; + }; + }; + + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport ${toString daemon-port} -j ACCEPT + ''; + + networking.firewall.allowedTCPPorts = [ peer-port ]; + networking.firewall.allowedUDPPorts = [ peer-port ]; +} diff --git a/makefu/2configs/udpt.nix b/makefu/2configs/udpt.nix new file mode 100644 index 000000000..6d55ffaf8 --- /dev/null +++ b/makefu/2configs/udpt.nix @@ -0,0 +1,31 @@ +{pkgs, ...}: + +let + cfgfile = pkgs.writeText "udpt-config" '' + [db] + driver=sqlite3 + param=:memory: + + [tracker] + is_dynamic=yes + port=6969 + threads=5 + allow_remotes=yes + allow_iana_ips=no + announce_interval=1800 + cleanup_interval=120 + + [apiserver] + enable=yes + + [logging] + filename=- + level=warning + ''; +in { + makefu.udpt = { + enable = true; + inherit cfgfile; + }; + +} diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 7fc095bab..031ef1bc2 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -2,11 +2,14 @@ _: { imports = [ + ./populate.nix ./awesome-extra.nix + ./deluge.nix ./forward-journal.nix ./ps3netsrv.nix ./snapraid.nix ./taskserver.nix + ./udpt.nix ./umts.nix ]; } diff --git a/makefu/3modules/deluge.nix b/makefu/3modules/deluge.nix new file mode 100644 index 000000000..e81f96f85 --- /dev/null +++ b/makefu/3modules/deluge.nix @@ -0,0 +1,185 @@ +{ config, lib, pkgs, ... }: +# based on <nixpkgs>/nixos/modules/services/torrent/deluge.nix +with config.krebs.lib; + +let + cfg_daemon = config.makefu.deluge; + homedir = cfg_daemon.homedir; + delugedir = "${homedir}/.config/deluge"; + cfg_web = config.makefu.deluge.web; + core_conf = pkgs.writeText "deluge-core-cfg" '' + { + "file": 1, + "format": 1 + }${builtins.toJSON (default_core_cfg // cfg_daemon.cfg)} + ''; + + default_core_cfg = { + # ports and networking + daemon_port = 58846; allow_remote = false; + listen_ports = [ 0 0 ]; # from -> to, 0 -> random + outgoing_ports = [ 0 0 ]; + random_port = true; + random_outgoing_ports = true; + listen_interface = ""; + # folders + move_completed_path = homedir +"/complete"; move_completed = false; + autoadd_location = homedir + "/watch"; autoadd_enable = true; + download_location = homedir + "/data"; + torrentfiles_location = homedir + "/torrents"; copy_torrent_file = false; del_copy_torrent_file = false; + plugins_location = homedir + "/.config/deluge/plugins"; enabled_plugins = []; + geoip_db_location = pkgs.geolite-legacy + "/share/GeoIP/GeoIP.dat"; + queue_new_to_top = false; + info_sent = 0; + send_info = false; + compact_allocation = false; + # peer discovery, extras + lsd = true; + natpmp = true; + utpex = false; + dht = false; + upnp = true; + peer_tos = "0x08"; + # active torrents + dont_count_slow_torrents = false; + max_active_limit = -1; + max_active_downloading = -1; + max_active_seeding = -1; + max_upload_slots_global = -1; + # seeding + share_ratio_limit = -1; + seed_time_ratio_limit = -1; + seed_time_limit = 180; + stop_seed_at_ratio = false; + remove_seed_at_ratio = false; + stop_seed_ratio = 2; + # speed and connections + rate_limit_ip_overhead = true; + ignore_limits_on_local_network = true; + max_download_speed = -1; + max_upload_speed = -1; + max_upload_speed_per_torrent = -1; + max_download_speed_per_torrent = -1; + max_half_open_connections = -1; + max_connections_global = -1; + max_connections_per_second = -1; + max_connections_per_torrent = -1; + max_upload_slots_per_torrent = -1; + enc_in_policy = 1; + enc_prefer_rc4 = true; + enc_level = 2; + enc_out_policy = 1; + cache_size = 8192; + cache_expiry = 60; + prioritize_first_last_pieces = false; + auto_managed = true; + proxies = { + peer = { + username = ""; + password = ""; + hostname = ""; + type = 0; + port = 8080; + }; + web_seed = { + username = ""; + password = ""; + hostname = ""; + type = 0; + port = 8080; + }; + tracker = { + username = ""; + password = ""; + hostname = ""; + type = 0; + port = 8080; + }; + dht = { + username = ""; + password = ""; + hostname = ""; + type = 0; + port = 8080; + }; + }; + add_paused = false; + new_release_check = false; + }; + + api = { + enable = mkEnableOption "deluge daemon"; + + cfg = mkOption { + default = default_core_cfg; + type = types.attrsOf types.unspecified; + description = '' + for full configuration see defaults + ''; + example = { + "daemon_port"= 58846; + "download_location"= "/var/download"; + }; + }; + + auth = mkOption { + default = []; + example = ["alice:MyC0mpL3xPass:10"]; + type = types.lines; + }; + + homedir = mkOption { + default = "/var/lib/deluge"; + description = "Home directory of deluge user"; + type = types.str; + }; + + web = { + enable = mkEnableOption "deluge web"; + }; + }; + imp = { + + systemd.services.deluged = { + after = [ "network.target" ]; + description = "Deluge BitTorrent Daemon"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.pythonPackages.deluge}/bin/deluged -d"; + ExecStartPre = let + in pkgs.writeDash "deluged-init" '' + mkdir -p ${delugedir} + echo ${shell.escape cfg_daemon.auth} > ${delugedir}/auth + cp -f ${core_conf} ${delugedir}/core.conf + ''; + Restart = "on-success"; + User = "deluge"; + Group = "deluge"; + }; + }; + + systemd.services.delugeweb = mkIf cfg_web.enable { + after = [ "network.target" ]; + description = "Deluge BitTorrent WebUI"; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${pkgs.pythonPackages.deluge}/bin/deluge --ui web"; + serviceConfig.User = "deluge"; + serviceConfig.Group = "deluge"; + }; + + environment.systemPackages = [ pkgs.pythonPackages.deluge ]; + + users.extraUsers.deluge = { + group = "deluge"; + uid = config.ids.uids.deluge; + home = cfg_daemon.homedir; + createHome = true; + description = "Deluge Daemon user"; + }; + + users.extraGroups.deluge.gid = config.ids.gids.deluge; + }; +in { + options.makefu.deluge = api; + config = lib.mkIf cfg_daemon.enable imp; +} diff --git a/makefu/3modules/populate.nix b/makefu/3modules/populate.nix new file mode 100644 index 000000000..19d3b3690 --- /dev/null +++ b/makefu/3modules/populate.nix @@ -0,0 +1,5 @@ +{config, lib, pkgs, ... }: + +{ + options.makefu.full-populate = lib.mkEnableOption "always do a full clone of nixpkgs"; +} diff --git a/makefu/3modules/udpt.nix b/makefu/3modules/udpt.nix new file mode 100644 index 000000000..2086bd540 --- /dev/null +++ b/makefu/3modules/udpt.nix @@ -0,0 +1,57 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +let + cfg = config.makefu.udpt; + + out = { + options.makefu.udpt = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "udpt"; + + package = mkOption { + type = types.package; + default = pkgs.udpt; + }; + + cfgfile = mkOption { + type = types.path; + default = "${cfg.package}/etc/udpt.conf"; + }; + + user = mkOption { + description = '' + user which will run udpt. if kept default a new user will be created + ''; + type = types.str; + default = "udpt"; + }; + + }; + + imp = { + systemd.services.udpt = { + description = "udpt server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + restartIfChanged = true; + serviceConfig = { + Type = "simple"; + ExecStart = "${cfg.package}/bin/udpt -c ${shell.escape cfg.cfgfile}"; + PrivateTmp = true; + User = "${cfg.user}"; + }; + }; + users = lib.mkIf (cfg.user == "udpt") { + users.udpt = { + uid = genid "udpt"; + }; + groups.udpt.gid = genid "udpt"; + }; + }; +in +out + diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 6598f5d3f..51987c35b 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -21,6 +21,7 @@ in tw-upload-plugin = callPackage ./tw-upload-plugin {}; skytraq-logger = callPackage ./skytraq-logger {}; taskserver = callPackage ./taskserver {}; + udpt = callPackage ./udpt {}; wol = callPackage ./wol {}; }; } diff --git a/makefu/5pkgs/udpt/default.nix b/makefu/5pkgs/udpt/default.nix new file mode 100644 index 000000000..99bcac18b --- /dev/null +++ b/makefu/5pkgs/udpt/default.nix @@ -0,0 +1,29 @@ +{ stdenv, boost, sqlite, fetchFromGitHub }: + +stdenv.mkDerivation rec { + proj = "udpt"; + name = "udpt-${rev}"; + rev = "0790558"; + + enableParallelBuilding = true; + + src = fetchFromGitHub { + owner = "naim94a"; + repo = "udpt"; + inherit rev; + sha256 = "0rgkjwvnqwbnqy7pm3dk176d3plb5lypaf12533yr0yfzcp6gnzk"; + }; + buildInputs = [ boost sqlite ]; + installPhase = '' + mkdir -p $out/bin $out/etc/ + cp udpt $out/bin + cp udpt.conf $out/etc/ + ''; + meta = { + description = "udp tracker"; + homepage = https://github.com/naim94a/udpt; + license = stdenv.lib.licenses.gpl3; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ makefu ]; + }; +} diff --git a/makefu/6tests/data/secrets/daemon-pw b/makefu/6tests/data/secrets/daemon-pw new file mode 100644 index 000000000..e16c76dff --- /dev/null +++ b/makefu/6tests/data/secrets/daemon-pw @@ -0,0 +1 @@ +"" |