diff options
-rw-r--r-- | krebs/3modules/makefu/default.nix | 10 | ||||
-rw-r--r-- | makefu/1systems/darth.nix | 19 | ||||
-rw-r--r-- | makefu/1systems/omo.nix | 6 | ||||
-rw-r--r-- | makefu/1systems/shoney.nix | 14 | ||||
-rw-r--r-- | makefu/2configs/binary-cache/lass.nix | 12 | ||||
-rw-r--r-- | makefu/2configs/binary-cache/nixos.nix | 12 | ||||
-rw-r--r-- | makefu/2configs/default.nix | 9 | ||||
-rw-r--r-- | makefu/2configs/temp-share-samba.nix | 5 | ||||
-rw-r--r-- | makefu/2configs/virtualization-virtualbox.nix | 11 | ||||
-rw-r--r-- | makefu/3modules/default.nix | 1 | ||||
-rw-r--r-- | makefu/3modules/forward-journal.nix | 50 | ||||
-rw-r--r-- | makefu/5pkgs/default.nix | 2 | ||||
-rw-r--r-- | makefu/5pkgs/mergerfs/default.nix | 26 |
13 files changed, 161 insertions, 16 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e5cb0e7f6..d5537cf56 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -66,6 +66,16 @@ with config.krebs.lib; }; }; }; + honeydrive = { # vm on darth + nets = { + internet = { # via shoney + ip4.addr = "64.137.234.232"; + aliases = [ + "honeydrive.i" + ]; + }; + }; + }; tsp = { cores = 1; nets = { diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index 5f1d6e121..87029a693 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -16,16 +16,32 @@ in { ../2configs/smart-monitor.nix ../2configs/exim-retiolum.nix ../2configs/virtualization.nix + + ../2configs/temp-share-samba.nix ]; + services.samba.shares = { + isos = { + path = "/data/isos/"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; services.tinc.networks.siem = { name = "sdarth"; extraConfig = "ConnectTo = sjump"; }; + + makefu.forward-journal = { + enable = true; + src = "10.8.10.2"; + dst = "10.8.10.6"; + }; + #networking.firewall.enable = false; krebs.retiolum.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; - hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; networking = { @@ -33,6 +49,7 @@ in { firewall = { allowPing = true; logRefusedConnections = false; + trustedInterfaces = [ "eno1" ]; allowedUDPPorts = [ 80 655 1655 67 ]; allowedTCPPorts = [ 80 655 1655 ]; }; diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index e71055f54..8c24e0ff5 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -75,6 +75,7 @@ in { # HDD Array stuff + environment.systemPackages = [ pkgs.mergerfs ]; services.smartd.devices = builtins.map (x: { device = x; }) allDisks; makefu.snapraid = let @@ -129,7 +130,10 @@ in { kernelModules = [ "kvm-intel" ]; extraModulePackages = [ ]; }; - + users.users.misa = { + uid = 9002; + name = "misa"; + }; hardware.enableAllFirmware = true; hardware.cpu.intel.updateMicrocode = true; diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index 1fe8871d2..3a3ac9c7c 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -3,8 +3,9 @@ let tinc-siem-ip = "10.8.10.1"; ip = "64.137.234.215"; - alt-ip = "64.137.234.210"; - extra-ip = "64.137.234.114"; #currently unused + alt-ip = "64.137.234.210"; # honeydrive honeyd + extra-ip1 = "64.137.234.114"; # floating tinc.siem + extra-ip2 = "64.137.234.232"; # honeydrive gw = "64.137.234.1"; in { imports = [ @@ -15,7 +16,7 @@ in { ]; - + environment.systemPackages = [ pkgs.honeyd ]; services.tinc.networks.siem.name = "sjump"; krebs = { @@ -37,10 +38,15 @@ in { }; }; }; + makefu.forward-journal = { + enable = true; + src = "10.8.10.1"; + dst = "10.8.10.6"; + }; networking = { interfaces.enp2s1.ip4 = [ { address = ip; prefixLength = 24; } - { address = alt-ip; prefixLength = 24; } + # { address = alt-ip; prefixLength = 24; } ]; defaultGateway = gw; diff --git a/makefu/2configs/binary-cache/lass.nix b/makefu/2configs/binary-cache/lass.nix new file mode 100644 index 000000000..4813eeb0f --- /dev/null +++ b/makefu/2configs/binary-cache/lass.nix @@ -0,0 +1,12 @@ +{ config, ... }: + +{ + nix = { + binaryCaches = [ + "http://cache.prism.r" + ]; + binaryCachePublicKeys = [ + "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + ]; + }; +} diff --git a/makefu/2configs/binary-cache/nixos.nix b/makefu/2configs/binary-cache/nixos.nix new file mode 100644 index 000000000..2ff5e1307 --- /dev/null +++ b/makefu/2configs/binary-cache/nixos.nix @@ -0,0 +1,12 @@ +{ config, ... }: + +{ + nix = { + binaryCaches = [ + "https://cache.nixos.org/" + ]; + binaryCachePublicKeys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + ]; + }; +} diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 422927b28..acd34b0d3 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -2,8 +2,6 @@ with config.krebs.lib; { - system.stateVersion = "15.09"; - imports = [ { users.extraUsers = @@ -11,6 +9,8 @@ with config.krebs.lib; (import <secrets/hashedPasswords.nix>); } ./vim.nix + ./binary-cache/nixos.nix + ./binary-cache/lass.nix ]; nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); @@ -24,7 +24,7 @@ with config.krebs.lib; source = mapAttrs (_: mkDefault) { nixpkgs = { url = https://github.com/nixos/nixpkgs; - rev = "63b9785"; # stable @ 2016-06-01 + rev = "0546a4a"; # stable @ 2016-06-11 }; secrets = if getEnv "dummy_secrets" == "true" then toString <stockholm/makefu/6tests/data/secrets> @@ -62,9 +62,6 @@ with config.krebs.lib; programs.ssh = { startAgent = false; - extraConfig = '' - UseRoaming no - ''; }; services.openssh.enable = true; nix.useChroot = true; diff --git a/makefu/2configs/temp-share-samba.nix b/makefu/2configs/temp-share-samba.nix index 5f21e3bf7..0907c2dbf 100644 --- a/makefu/2configs/temp-share-samba.nix +++ b/makefu/2configs/temp-share-samba.nix @@ -1,9 +1,12 @@ {config, ... }:{ + networking.firewall.allowedUDPPorts = [ 137 138 ]; + networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; uid = config.ids.uids.smbguest; description = "smb guest user"; - home = "/var/empty"; + home = "/home/share"; + createHome = true; }; services.samba = { enable = true; diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix index aaabcd50e..2b4e24774 100644 --- a/makefu/2configs/virtualization-virtualbox.nix +++ b/makefu/2configs/virtualization-virtualbox.nix @@ -2,8 +2,8 @@ let mainUser = config.krebs.build.user; - version = "5.0.6"; - rev = "103037"; + version = "5.0.20"; + rev = "106931"; vboxguestpkg = pkgs.fetchurl { url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack"; sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf"; @@ -14,5 +14,10 @@ in { nixpkgs.config.virtualbox.enableExtensionPack = true; users.extraGroups.vboxusers.members = [ "${mainUser.name}" ]; - environment.systemPackages = [ vboxguestpkg ]; + nixpkgs.config.packageOverrides = super: { + boot.kernelPackages = super.boot.kernelPackages.virtualbox.override { + buildInputs = super.boot.kernelPackages.virtualBox.buildInputs + ++ [ vboxguestpkg ]; + }; + }; } diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 853bdca04..febebaa18 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -6,6 +6,7 @@ _: ./umts.nix ./taskserver.nix ./awesome-extra.nix + ./forward-journal.nix ]; } diff --git a/makefu/3modules/forward-journal.nix b/makefu/3modules/forward-journal.nix new file mode 100644 index 000000000..26de3ffdd --- /dev/null +++ b/makefu/3modules/forward-journal.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +let + cfg = config.makefu.forward-journal; + + out = { + options.makefu.forward-journal = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "forward journal via syslog"; + src = mkOption { + type = types.str; + description = "syslog host identifier"; + default = config.networking.hostName; + }; + dst = mkOption { + type = types.str; + description = "syslog host identifier"; + default = ""; + }; + proto = mkOption { + type = types.str; + default = "udp"; + }; + port = mkOption { + type = types.int; + description = "destination port"; + default = 514; + }; + + }; + + imp = { + services.syslog-ng = { + enable = true; + extraConfig = '' + template t_remote { template("<$PRI>$DATE ${cfg.src} $PROGRAM[$PID]: $MSG\n"); }; + source s_all { system(); internal(); }; + destination d_loghost { udp("${cfg.dst}" port(${toString cfg.port}) template(t_remote)); }; + log { source(s_all); destination(d_loghost); }; + ''; + }; + }; + +in +out + diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index f6a6b674b..f94136c0b 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -10,6 +10,8 @@ in alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";}; awesomecfg = callPackage ./awesomecfg {}; bintray-upload = callPackage ./bintray-upload {}; + git-xlsx-textconv = callPackage ./git-xlsx-textconv {}; + mergerfs = callPackage ./mergerfs {}; mycube-flask = callPackage ./mycube-flask {}; nodemcu-uploader = callPackage ./nodemcu-uploader {}; tw-upload-plugin = callPackage ./tw-upload-plugin {}; diff --git a/makefu/5pkgs/mergerfs/default.nix b/makefu/5pkgs/mergerfs/default.nix new file mode 100644 index 000000000..64e8fc671 --- /dev/null +++ b/makefu/5pkgs/mergerfs/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchgit, fuse, pkgconfig, which, attr, pandoc, git }: + +stdenv.mkDerivation rec { + name = "mergerfs-${version}"; + version = "2.14.0"; + + # not using fetchFromGitHub because of changelog being built with git log + src = fetchgit { + url = "https://github.com/trapexit/mergerfs"; + rev = "refs/tags/${version}"; + sha256 = "0j5r96xddlj5gp3n1xhfwjmr6yf861xg3hgby4p078c8zfriq5rm"; + deepClone = true; + }; + + buildInputs = [ fuse pkgconfig which attr pandoc git ]; + + makeFlags = [ "PREFIX=$(out)" "XATTR_AVAILABLE=1" ]; + + + meta = { + homepage = https://github.com/trapexit/mergerfs; + description = "a FUSE based union filesystem"; + license = stdenv.lib.licenses.isc; + maintainers = [ stdenv.lib.maintainers.makefu ]; + }; +} |