diff options
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 4 | ||||
| -rw-r--r-- | krebs/source.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/wine.nix | 15 | ||||
| -rw-r--r-- | makefu/1systems/gum/config.nix | 5 | ||||
| -rw-r--r-- | makefu/1systems/omo/config.nix | 13 | ||||
| -rw-r--r-- | makefu/1systems/sdev/config.nix | 26 | ||||
| -rw-r--r-- | makefu/1systems/vbob/config.nix | 41 | ||||
| -rw-r--r-- | makefu/1systems/x/config.nix | 36 | ||||
| -rw-r--r-- | makefu/2configs/hw/vbox-guest.nix | 16 | ||||
| -rw-r--r-- | makefu/2configs/tools/mobility.nix | 2 | ||||
| -rw-r--r-- | makefu/2configs/tools/studio.nix | 4 | ||||
| -rw-r--r-- | makefu/source.nix | 3 |
12 files changed, 93 insertions, 74 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 56e5c6b82..0bed4d6da 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -1038,6 +1038,10 @@ with import <stockholm/lib>; inherit (makefu) mail pgp; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x"; }; + makefu-remote-builder = { + inherit (makefu) mail pgp; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild"; + }; makefu-bob = { inherit (makefu) mail pgp; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD"; diff --git a/krebs/source.nix b/krebs/source.nix index 27450c2a3..73ebf135d 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -18,7 +18,7 @@ in stockholm.file = toString <stockholm>; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "2062ac5aa2dc0770322272e3d2b647cf431dd893"; # nixos-17.09 @ 2018-02-09 + ref = "c831224528cd6bfd49bfc2c18b9c5d9015651077"; # nixos-17.09 @ 2018-02-15 }; } override diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index d60b1feea..dd82b34eb 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -19,23 +19,8 @@ in { pkgs.wine ]; }; - wine64 = { - name = "wine64"; - description = "user for running wine in 64bit"; - home = "/home/wine64"; - useDefaultShell = true; - extraGroups = [ - "audio" - "video" - ]; - createHome = true; - packages = [ - (pkgs.wine.override { wineBuild = "wineWow"; }) - ]; - }; }; security.sudo.extraConfig = '' ${mainUser.name} ALL=(wine) NOPASSWD: ALL - ${mainUser.name} ALL=(wine64) NOPASSWD: ALL ''; } diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index a656fdce3..b859efc94 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -148,6 +148,11 @@ in { allowedIPs = [ "10.244.0.5/32" ]; publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; } + { + # workr + allowedIPs = [ "10.244.0.6/32" ]; + publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; + } ]; }; } diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 1e087fef4..01438397e 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -25,16 +25,18 @@ let # | | # |* | # |* d2 | - # | * r0 | + # | * | + # | * | # |_______| cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; + cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4"; # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; # all physical disks # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } - dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ]; + dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ]; allDisks = [ rootDisk ] ++ dataDisks; in { imports = @@ -69,6 +71,7 @@ in { <stockholm/makefu/2configs/mqtt.nix> <stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/deployment/google-muell.nix> + <stockholm/makefu/2configs/virtualisation/docker.nix> # security @@ -117,7 +120,6 @@ in { services.sabnzbd.enable = true; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - virtualisation.docker.enable = true; makefu.ps3netsrv = { enable = true; servedir = "/media/cryptX/emu/ps3"; @@ -127,6 +129,7 @@ in { makefu.snapraid = { enable = true; + # TODO: 3 is not protected disks = map toMapper [ 0 1 ]; parity = toMapper 2; }; @@ -139,7 +142,7 @@ in { ''; environment.systemPackages = with pkgs;[ mergerfs # hard requirement for mount - wol # wake up filepimp + wol # wake up filepimp f3 ]; fileSystems = let @@ -151,6 +154,7 @@ in { in cryptMount "crypt0" // cryptMount "crypt1" // cryptMount "crypt2" + // cryptMount "crypt3" // { "/media/cryptX" = { device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]); fsType = "mergerfs"; @@ -179,6 +183,7 @@ in { (usbkey "crypt0" cryptDisk0) (usbkey "crypt1" cryptDisk1) (usbkey "crypt2" cryptDisk2) + (usbkey "crypt3" cryptDisk3) ]; }; loader.grub.device = lib.mkForce rootDisk; diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index 38c044be4..c2cd23d1e 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -5,32 +5,35 @@ imports = [ # Include the results of the hardware scan. <stockholm/makefu> - (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>) - (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>) + + # <stockholm/makefu/2configs/hw/vbox-guest.nix> + { # until virtualbox-image is fixed + imports = [ + <stockholm/makefu/2configs/fs/single-partition-ext4.nix> + ]; + boot.loader.grub.device = "/dev/sda"; + } <stockholm/makefu/2configs/main-laptop.nix> # <secrets/extra-hosts.nix> # environment <stockholm/makefu/2configs/tinc/retiolum.nix> + <stockholm/makefu/2configs/virtualisation/docker.nix> ]; - # workaround for https://github.com/NixOS/nixpkgs/issues/16641 - services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ]; - - nixpkgs.config.allowUnfree = true; - # allow sdev to deploy self users.extraUsers = { root = { openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; }; }; + # corefonts + nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs;[ ppp xclip get passwdqc-utils - docker gnupg populate (pkgs.writeScriptBin "tor-browser" '' @@ -39,18 +42,11 @@ '') ]; - virtualisation.docker.enable = true; - networking.firewall.allowedTCPPorts = [ 25 80 8010 ]; - fileSystems."/media/share" = { - fsType = "vboxsf"; - device = "share"; - options = [ "rw" "uid=9001" "gid=9001" ]; - }; } diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index ffd9deaee..208dd1ff7 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -8,30 +8,9 @@ { imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ]; boot.loader.grub.device = "/dev/sda"; - virtualisation.virtualbox.guest.enable = true; } - # { - # imports = [ - # <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix> - # ]; - # virtualbox.baseImageSize = 35 * 1024; - # fileSystems."/media/share" = { - # fsType = "vboxsf"; - # device = "share"; - # options = [ "rw" "uid=9001" "gid=9001" ]; - # }; - # } - - # { - # imports = [ - # <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> - # ]; - # fileSystems."/nix" = { - # device ="/dev/disk/by-label/nixstore"; - # fsType = "ext4"; - # }; - # } - + # <stockholm/makefu/2configs/hw/vbox-guest.nix> + # <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> # base gui # <stockholm/makefu/2configs/main-laptop.nix> @@ -75,14 +54,8 @@ ]; networking.extraHosts = import (toString <secrets/extra-hosts.nix>); - nixpkgs.config.allowUnfree = true; - # allow vbob to deploy self - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; - }; - }; + users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; environment.shellAliases = { forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn"; @@ -94,16 +67,18 @@ ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail ''; + + # for forticlient + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs;[ fortclientsslvpn ppp xclip get logstash - # docker #devpi-web #devpi-client ansible ]; - # virtualisation.docker.enable = true; networking.firewall.allowedTCPPorts = [ @@ -111,6 +86,6 @@ 80 8010 ]; - + # required for qemu systemd.services."serial-getty@ttyS0".enable = true; } diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index d5a9bdcfb..b4d4aa66e 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -40,7 +40,7 @@ with import <stockholm/lib>; # Virtualization <stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/virtualisation/docker.nix> - <stockholm/makefu/2configs/virtualisation/virtualbox.nix> + # <stockholm/makefu/2configs/virtualisation/virtualbox.nix> { networking.firewall.allowedTCPPorts = [ 8080 ]; networking.nat = { @@ -60,7 +60,7 @@ with import <stockholm/lib>; # Hardware <stockholm/makefu/2configs/hw/tp-x230.nix> # <stockholm/makefu/2configs/hw/tpm.nix> - <stockholm/makefu/2configs/hw/rtl8812au.nix> + # <stockholm/makefu/2configs/hw/rtl8812au.nix> <stockholm/makefu/2configs/hw/network-manager.nix> <stockholm/makefu/2configs/hw/stk1160.nix> # <stockholm/makefu/2configs/rad1o.nix> @@ -78,6 +78,38 @@ with import <stockholm/lib>; # <stockholm/makefu/2configs/lanparty/lancache-dns.nix> # <stockholm/makefu/2configs/lanparty/samba.nix> # <stockholm/makefu/2configs/lanparty/mumble-server.nix> + # <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> + + { + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.2/24" ]; + privateKeyFile = (toString <secrets>) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [ + { + # gum + endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820"; + allowedIPs = [ "10.244.0.0/24" ]; + publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; + } + #{ + # # vbob + # allowedIPs = [ "10.244.0.3/32" ]; + # publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; + #} + ]; + }; + } + + { # auto-mounting + services.udisks2.enable = true; + services.devmon.enable = true; + # services.gnome3.gvfs.enable = true; + users.users.makefu.packages = with pkgs;[ + gvfs pcmanfm lxmenu-data + ]; + environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; + } ]; diff --git a/makefu/2configs/hw/vbox-guest.nix b/makefu/2configs/hw/vbox-guest.nix new file mode 100644 index 000000000..65f915a2f --- /dev/null +++ b/makefu/2configs/hw/vbox-guest.nix @@ -0,0 +1,16 @@ +{ lib, ...}: +{ + ## Guest Extensions are currently broken + imports = [ + (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>) + ]; + virtualisation.virtualbox.guest.enable = true; + services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ]; + + fileSystems."/media/share" = { + fsType = "vboxsf"; + device = "share"; + options = [ "rw" "uid=9001" "gid=9001" "nofail" ]; + }; + # virtualbox.baseImageSize = 35 * 1024; +} diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index f2676f11c..1993a5212 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -5,5 +5,5 @@ mosh ]; - # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; } diff --git a/makefu/2configs/tools/studio.nix b/makefu/2configs/tools/studio.nix index 0356ba391..e0c68167f 100644 --- a/makefu/2configs/tools/studio.nix +++ b/makefu/2configs/tools/studio.nix @@ -9,8 +9,8 @@ # owncloudclient (pkgs.writeScriptBin "prepare-pulseaudio" '' pactl load-module module-null-sink sink_name=stream sink_properties=device.description="Streaming" - pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream latency_msec=1 - pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream latency_msec=1 + pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream + pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream darkice -c ~/lol.conf '') ]; diff --git a/makefu/source.nix b/makefu/source.nix index f06c9454f..708f0d20c 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,7 +13,8 @@ let then "buildbot" else "makefu"; _file = <stockholm> + "/makefu/1systems/${name}/source.nix"; - ref = "cd36b3d"; # nixos-17.09 @ 2018-02-06 + # TODO: automate updating of this ref + cherry-picks + ref = "51810e0"; # nixos-17.09 @ 2018-02-14 # + do_sqlite3 ruby: 55a952be5b5 # + signal: 0f19beef3 |