summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/2configs/binary-cache/prism.nix2
-rw-r--r--krebs/2configs/cache.nsupdate.info.nix8
-rw-r--r--krebs/3modules/cachecache.nix20
-rw-r--r--krebs/3modules/makefu/ssh/ulrich.pub2
-rw-r--r--makefu/0tests/data/secrets/nsupdate-cache.nix1
-rw-r--r--makefu/1systems/gum/config.nix12
-rw-r--r--makefu/1systems/gum/hardware-config.nix11
-rw-r--r--makefu/1systems/gum/rescue.txt4
-rw-r--r--makefu/1systems/gum/source.nix2
-rw-r--r--makefu/2configs/bgt/auphonic.pub1
-rw-r--r--makefu/2configs/bgt/download.binaergewitter.de.nix (renamed from makefu/2configs/nginx/download.binaergewitter.de.nix)23
-rw-r--r--makefu/2configs/bgt/hidden_service.nix (renamed from makefu/2configs/deployment/bgt/hidden_service.nix)0
-rw-r--r--makefu/2configs/bureautomation/default.nix (renamed from makefu/2configs/deployment/bureautomation/default.nix)0
-rw-r--r--makefu/2configs/bureautomation/hass.nix (renamed from makefu/2configs/deployment/bureautomation/hass.nix)0
-rw-r--r--makefu/2configs/bureautomation/mpd.nix (renamed from makefu/2configs/deployment/bureautomation/mpd.nix)0
-rw-r--r--makefu/2configs/homeautomation/default.nix (renamed from makefu/2configs/deployment/homeautomation/default.nix)0
-rw-r--r--makefu/2configs/homeautomation/google-muell.nix (renamed from makefu/2configs/deployment/google-muell.nix)0
-rw-r--r--makefu/2configs/homeautomation/mqtt.nix (renamed from makefu/2configs/deployment/homeautomation/mqtt.nix)0
-rw-r--r--makefu/krops.nix15
-rwxr-xr-xmakefu/update-channel.sh2
20 files changed, 67 insertions, 36 deletions
diff --git a/krebs/2configs/binary-cache/prism.nix b/krebs/2configs/binary-cache/prism.nix
index 46b386e14..51b4a1afc 100644
--- a/krebs/2configs/binary-cache/prism.nix
+++ b/krebs/2configs/binary-cache/prism.nix
@@ -3,7 +3,7 @@
{
nix = {
binaryCaches = [
- "http://cache.prism.r"
+ "https://cache.krebsco.de"
];
binaryCachePublicKeys = [
"cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix
index 056667d8c..74f345614 100644
--- a/krebs/2configs/cache.nsupdate.info.nix
+++ b/krebs/2configs/cache.nsupdate.info.nix
@@ -1,4 +1,4 @@
-{lib, ... }:
+{ pkgs, lib, ... }:
with lib;
let
domain = "cache.nsupdate.info";
@@ -17,9 +17,13 @@ in {
};
krebs.cachecache = {
enable = true;
- enableSSL = false; # disable letsencrypt for testing
+ enableSSL = true; # disable letsencrypt for testing
cacheDir = "/var/cache/nix-cache-cache";
maxSize = "10g";
+ indexFile = pkgs.fetchurl {
+ url = "https://raw.githubusercontent.com/krebs/35c3-nixos-cache/master/index.html";
+ sha256 = "1vlngzbn0jipigspccgikd7xgixksimdl4wf8ix7d30ljx47p9n0";
+ };
# assumes that the domain is reachable from the internet
virtualHost = domain;
diff --git a/krebs/3modules/cachecache.nix b/krebs/3modules/cachecache.nix
index 989320480..2c2d07ff5 100644
--- a/krebs/3modules/cachecache.nix
+++ b/krebs/3modules/cachecache.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ pkgs, config, lib, ... }:
# fork of https://gist.github.com/rycee/f495fc6cc4130f155e8b670609a1e57b
@@ -59,15 +59,6 @@ in
'';
};
- # webRoot = mkOption {
- # type = types.str;
- # default = "/";
- # description = ''
- # Directory on virtual host that serves the cache. Must end in
- # <literal>/</literal>.
- # '';
- # };
-
resolver = mkOption {
type = types.str;
description = "Address of DNS resolver.";
@@ -82,6 +73,13 @@ in
Where nginx should store cached data.
'';
};
+ indexFile = mkOption {
+ type = types.path;
+ default = pkgs.writeText "myindex" "<html>hello world</html>";
+ description = ''
+ Path to index.html file.
+ '';
+ };
maxSize = mkOption {
type = types.str;
@@ -98,6 +96,7 @@ in
systemd.services.nginx.preStart = ''
mkdir -p ${cfg.cacheDir} /srv/www/nix-cache-cache
chmod 700 ${cfg.cacheDir} /srv/www/nix-cache-cache
+ ln -fs ${cfg.indexFile} /srv/www/nix-cache-cache/index.html
chown ${nginxCfg.user}:${nginxCfg.group} \
${cfg.cacheDir} /srv/www/nix-cache-cache
'';
@@ -143,6 +142,7 @@ in
locations."/" =
{
root = "/srv/www/nix-cache-cache";
+ index = "index.html";
extraConfig = ''
expires max;
add_header Cache-Control $nix_cache_cache_header always;
diff --git a/krebs/3modules/makefu/ssh/ulrich.pub b/krebs/3modules/makefu/ssh/ulrich.pub
index 88313ee7c..8ac69004c 100644
--- a/krebs/3modules/makefu/ssh/ulrich.pub
+++ b/krebs/3modules/makefu/ssh/ulrich.pub
@@ -1 +1 @@
-AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de
diff --git a/makefu/0tests/data/secrets/nsupdate-cache.nix b/makefu/0tests/data/secrets/nsupdate-cache.nix
new file mode 100644
index 000000000..f5e704702
--- /dev/null
+++ b/makefu/0tests/data/secrets/nsupdate-cache.nix
@@ -0,0 +1 @@
+"derp"
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 3d2cbac6f..a1691da3a 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -4,13 +4,14 @@ with import <stockholm/lib>;
let
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
ext-if = config.makefu.server.primary-itf;
+ allDisks = [ "/dev/sda" "/dev/sdb" ];
in {
imports = [
<stockholm/makefu>
./hardware-config.nix
{
users.users.lass = {
- uid = 9002;
+ uid = 19002;
isNormalUser = true;
createHome = true;
useDefaultShell = true;
@@ -21,7 +22,7 @@ in {
};
}
<stockholm/makefu/2configs/headless.nix>
- # <stockholm/makefu/2configs/smart-monitor.nix>
+ <stockholm/makefu/2configs/smart-monitor.nix>
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
@@ -93,13 +94,15 @@ in {
<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
<stockholm/makefu/2configs/nginx/gold.krebsco.de.nix>
<stockholm/makefu/2configs/nginx/iso.euer.nix>
+ <stockholm/krebs/2configs/cache.nsupdate.info.nix>
<stockholm/makefu/2configs/shack/events-publisher>
<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
<stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
- <stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
+ <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
+ <stockholm/makefu/2configs/bgt/hidden_service.nix>
<stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/logging/client.nix>
@@ -132,7 +135,7 @@ in {
ListenAddress = ${external-ip} 21031
'';
connectTo = [
- "prism" "ni" "enklave" "dishfire" "echelon" "hotdog"
+ "prism" "ni" "enklave" "eve" "archprism"
];
};
@@ -189,6 +192,7 @@ in {
nameservers = [ "8.8.8.8" ];
};
users.users.makefu.extraGroups = [ "download" "nginx" ];
+ services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
boot.tmpOnTmpfs = true;
state = [ "/home/makefu/.weechat" ];
}
diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix
index bfe29b46c..e9670a5a4 100644
--- a/makefu/1systems/gum/hardware-config.nix
+++ b/makefu/1systems/gum/hardware-config.nix
@@ -46,7 +46,7 @@ in {
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
];
- boot.kernelModules = [ "kvm-intel" ];
+ boot.kernelModules = [ "dm-thin-pool" "kvm-intel" ];
hardware.enableRedistributableFirmware = true;
fileSystems."/" = {
device = "/dev/mapper/nixos-root";
@@ -56,10 +56,19 @@ in {
device = "/dev/mapper/nixos-lib";
fsType = "ext4";
};
+ fileSystems."/var/log" = {
+ device = "/dev/mapper/nixos-log";
+ fsType = "ext4";
+ };
fileSystems."/var/download" = {
device = "/dev/mapper/nixos-download";
fsType = "ext4";
};
+ fileSystems."/var/www/binaergewitter" = {
+ device = "/dev/mapper/nixos-binaergewitter";
+ fsType = "ext4";
+ options = [ "nofail" ];
+ };
fileSystems."/var/lib/borgbackup" = {
device = "/dev/mapper/nixos-backup";
fsType = "ext4";
diff --git a/makefu/1systems/gum/rescue.txt b/makefu/1systems/gum/rescue.txt
index 30276b7db..0a3ed96ee 100644
--- a/makefu/1systems/gum/rescue.txt
+++ b/makefu/1systems/gum/rescue.txt
@@ -1,10 +1,14 @@
+ssh gum.i -o StrictHostKeyChecking=no
+
mount /dev/mapper/nixos-root /mnt
mount /dev/sda2 /mnt/boot
chroot-prepare /mnt
chroot /mnt /bin/sh
+
journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub)
+# ... activating ...
export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin
/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate
diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix
index 6940498f1..1e36c6e87 100644
--- a/makefu/1systems/gum/source.nix
+++ b/makefu/1systems/gum/source.nix
@@ -1,5 +1,5 @@
{
- name="nextgum";
+ name="gum";
torrent = true;
clever_kexec = true;
}
diff --git a/makefu/2configs/bgt/auphonic.pub b/makefu/2configs/bgt/auphonic.pub
new file mode 100644
index 000000000..37b8e0599
--- /dev/null
+++ b/makefu/2configs/bgt/auphonic.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvP50lgtHhlC3LKzC1/4yzJNxkZFDSIBvEfavNfchNKJUEBPo82oVtfFgJR5XfjI7c2U9dHl+0q4qMl+9ZiZWr2YgDpAr78kpur4gjWKrnBa2eT9GIfXB3Tm1+OpI2HoeOHUKEK1gKqqe9tJfS+CLb7DLCjulW8zdLiiH6KmvyaH78hGjZv+bpx7H4rItAinl8vGe+ceRIk4tZbmkyhphXbQZa3Ov+imiJXIr7fmX3tkOhUp4YwrVlUK8J0MEa1Kf7ZYWRqvGnKYFQ73LwLPz7UIOZ93zPF4d0R7xqvdEEhIx+u1/gToQZSMUczbVqg3dixr3yeBhFA/6h0lTA61mx
diff --git a/makefu/2configs/nginx/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix
index 6b5687e72..6d64848f5 100644
--- a/makefu/2configs/nginx/download.binaergewitter.de.nix
+++ b/makefu/2configs/bgt/download.binaergewitter.de.nix
@@ -1,12 +1,25 @@
{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
let
- ident = (toString <secrets>) + "/mirrorsync.gum.id_ed25519";
+ ident = (builtins.readFile ./auphonic.pub);
in {
- systemd.services.mirrorsync = {
- startAt = "08:00:00";
- path = with pkgs; [ rsync openssh ];
- script = ''rsync -av -e "ssh -i ${ident}" mirrorsync@159.69.132.234:/var/www/html/ /var/www/binaergewitter'';
+ services.openssh = {
+ allowSFTP = true;
+ sftpFlags = [ "-l VERBOSE" ];
+ extraConfig = ''
+ Match User auphonic
+ ForceCommand internal-sftp
+ AllowTcpForwarding no
+ X11Forwarding no
+ PasswordAuthentication no
+ '';
+ };
+ users.users.auphonic = {
+ uid = genid "auphonic";
+ group = "nginx";
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
};
services.nginx = {
enable = lib.mkDefault true;
diff --git a/makefu/2configs/deployment/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix
index c1a31b8dc..c1a31b8dc 100644
--- a/makefu/2configs/deployment/bgt/hidden_service.nix
+++ b/makefu/2configs/bgt/hidden_service.nix
diff --git a/makefu/2configs/deployment/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix
index 3897537ea..3897537ea 100644
--- a/makefu/2configs/deployment/bureautomation/default.nix
+++ b/makefu/2configs/bureautomation/default.nix
diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix
index 443484a34..443484a34 100644
--- a/makefu/2configs/deployment/bureautomation/hass.nix
+++ b/makefu/2configs/bureautomation/hass.nix
diff --git a/makefu/2configs/deployment/bureautomation/mpd.nix b/makefu/2configs/bureautomation/mpd.nix
index 1f5acb357..1f5acb357 100644
--- a/makefu/2configs/deployment/bureautomation/mpd.nix
+++ b/makefu/2configs/bureautomation/mpd.nix
diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/homeautomation/default.nix
index 94799b11d..94799b11d 100644
--- a/makefu/2configs/deployment/homeautomation/default.nix
+++ b/makefu/2configs/homeautomation/default.nix
diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/homeautomation/google-muell.nix
index 235cc1546..235cc1546 100644
--- a/makefu/2configs/deployment/google-muell.nix
+++ b/makefu/2configs/homeautomation/google-muell.nix
diff --git a/makefu/2configs/deployment/homeautomation/mqtt.nix b/makefu/2configs/homeautomation/mqtt.nix
index cd1c328d7..cd1c328d7 100644
--- a/makefu/2configs/deployment/homeautomation/mqtt.nix
+++ b/makefu/2configs/homeautomation/mqtt.nix
diff --git a/makefu/krops.nix b/makefu/krops.nix
index 6c510eba3..2a2f70a05 100644
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@@ -7,7 +7,6 @@
host-src = {
secure = false;
- full = false;
torrent = false;
hw = false;
musnix = false;
@@ -23,7 +22,11 @@
{
# nixos-18.09 @ 2018-09-18
# + uhub/sqlite: 5dd7610401747
- nixpkgs = if test then {
+ # + hovercraft: 7134801b17d72
+ nixpkgs = if host-src.arm6 then {
+ # TODO: we want to track the unstable channel
+ symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
+ } else {
file = {
path = toString (pkgs.fetchFromGitHub {
owner = "makefu";
@@ -33,14 +36,6 @@
});
useChecksum = true;
};
- } else if host-src.full then {
- git.ref = nixpkgs-src.rev;
- git.url = nixpkgs-src.url;
- } else if host-src.arm6 then {
- # TODO: we want to track the unstable channel
- symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";
- } else {
- file = "/home/makefu/store/${nixpkgs-src.rev}";
};
nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix";
diff --git a/makefu/update-channel.sh b/makefu/update-channel.sh
index 59d3c434f..0899581ec 100755
--- a/makefu/update-channel.sh
+++ b/makefu/update-channel.sh
@@ -6,4 +6,4 @@ nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--rev refs/heads/master' \
> $dir/nixpkgs.json
newref=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
-echo git commit $dir/nixpkgs.json -m "nixpkgs: $oldref -> $newref"
+echo "git commit $dir/nixpkgs.json -m 'ma nixpkgs: $oldref -> $newref'"