summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/makefu/default.nix10
-rw-r--r--makefu/1systems/darth.nix19
-rw-r--r--makefu/1systems/omo.nix6
-rw-r--r--makefu/1systems/shoney.nix14
-rw-r--r--makefu/2configs/binary-cache/lass.nix12
-rw-r--r--makefu/2configs/binary-cache/nixos.nix12
-rw-r--r--makefu/2configs/default.nix9
-rw-r--r--makefu/2configs/temp-share-samba.nix5
-rw-r--r--makefu/2configs/virtualization-virtualbox.nix11
-rw-r--r--makefu/3modules/default.nix1
-rw-r--r--makefu/3modules/forward-journal.nix50
-rw-r--r--makefu/5pkgs/default.nix2
-rw-r--r--makefu/5pkgs/mergerfs/default.nix26
13 files changed, 161 insertions, 16 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index e5cb0e7f6..d5537cf56 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -66,6 +66,16 @@ with config.krebs.lib;
};
};
};
+ honeydrive = { # vm on darth
+ nets = {
+ internet = { # via shoney
+ ip4.addr = "64.137.234.232";
+ aliases = [
+ "honeydrive.i"
+ ];
+ };
+ };
+ };
tsp = {
cores = 1;
nets = {
diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix
index 5f1d6e121..87029a693 100644
--- a/makefu/1systems/darth.nix
+++ b/makefu/1systems/darth.nix
@@ -16,16 +16,32 @@ in {
../2configs/smart-monitor.nix
../2configs/exim-retiolum.nix
../2configs/virtualization.nix
+
+ ../2configs/temp-share-samba.nix
];
+ services.samba.shares = {
+ isos = {
+ path = "/data/isos/";
+ "read only" = "yes";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
+ };
services.tinc.networks.siem = {
name = "sdarth";
extraConfig = "ConnectTo = sjump";
};
+
+ makefu.forward-journal = {
+ enable = true;
+ src = "10.8.10.2";
+ dst = "10.8.10.6";
+ };
+
#networking.firewall.enable = false;
krebs.retiolum.enable = true;
boot.kernelModules = [ "coretemp" "f71882fg" ];
-
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
networking = {
@@ -33,6 +49,7 @@ in {
firewall = {
allowPing = true;
logRefusedConnections = false;
+ trustedInterfaces = [ "eno1" ];
allowedUDPPorts = [ 80 655 1655 67 ];
allowedTCPPorts = [ 80 655 1655 ];
};
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index e71055f54..8c24e0ff5 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -75,6 +75,7 @@ in {
# HDD Array stuff
+ environment.systemPackages = [ pkgs.mergerfs ];
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
makefu.snapraid = let
@@ -129,7 +130,10 @@ in {
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
-
+ users.users.misa = {
+ uid = 9002;
+ name = "misa";
+ };
hardware.enableAllFirmware = true;
hardware.cpu.intel.updateMicrocode = true;
diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix
index 1fe8871d2..3a3ac9c7c 100644
--- a/makefu/1systems/shoney.nix
+++ b/makefu/1systems/shoney.nix
@@ -3,8 +3,9 @@ let
tinc-siem-ip = "10.8.10.1";
ip = "64.137.234.215";
- alt-ip = "64.137.234.210";
- extra-ip = "64.137.234.114"; #currently unused
+ alt-ip = "64.137.234.210"; # honeydrive honeyd
+ extra-ip1 = "64.137.234.114"; # floating tinc.siem
+ extra-ip2 = "64.137.234.232"; # honeydrive
gw = "64.137.234.1";
in {
imports = [
@@ -15,7 +16,7 @@ in {
];
-
+ environment.systemPackages = [ pkgs.honeyd ];
services.tinc.networks.siem.name = "sjump";
krebs = {
@@ -37,10 +38,15 @@ in {
};
};
};
+ makefu.forward-journal = {
+ enable = true;
+ src = "10.8.10.1";
+ dst = "10.8.10.6";
+ };
networking = {
interfaces.enp2s1.ip4 = [
{ address = ip; prefixLength = 24; }
- { address = alt-ip; prefixLength = 24; }
+ # { address = alt-ip; prefixLength = 24; }
];
defaultGateway = gw;
diff --git a/makefu/2configs/binary-cache/lass.nix b/makefu/2configs/binary-cache/lass.nix
new file mode 100644
index 000000000..4813eeb0f
--- /dev/null
+++ b/makefu/2configs/binary-cache/lass.nix
@@ -0,0 +1,12 @@
+{ config, ... }:
+
+{
+ nix = {
+ binaryCaches = [
+ "http://cache.prism.r"
+ ];
+ binaryCachePublicKeys = [
+ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+ ];
+ };
+}
diff --git a/makefu/2configs/binary-cache/nixos.nix b/makefu/2configs/binary-cache/nixos.nix
new file mode 100644
index 000000000..2ff5e1307
--- /dev/null
+++ b/makefu/2configs/binary-cache/nixos.nix
@@ -0,0 +1,12 @@
+{ config, ... }:
+
+{
+ nix = {
+ binaryCaches = [
+ "https://cache.nixos.org/"
+ ];
+ binaryCachePublicKeys = [
+ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+ ];
+ };
+}
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 422927b28..acd34b0d3 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -2,8 +2,6 @@
with config.krebs.lib;
{
- system.stateVersion = "15.09";
-
imports = [
{
users.extraUsers =
@@ -11,6 +9,8 @@ with config.krebs.lib;
(import <secrets/hashedPasswords.nix>);
}
./vim.nix
+ ./binary-cache/nixos.nix
+ ./binary-cache/lass.nix
];
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
@@ -24,7 +24,7 @@ with config.krebs.lib;
source = mapAttrs (_: mkDefault) {
nixpkgs = {
url = https://github.com/nixos/nixpkgs;
- rev = "63b9785"; # stable @ 2016-06-01
+ rev = "0546a4a"; # stable @ 2016-06-11
};
secrets = if getEnv "dummy_secrets" == "true"
then toString <stockholm/makefu/6tests/data/secrets>
@@ -62,9 +62,6 @@ with config.krebs.lib;
programs.ssh = {
startAgent = false;
- extraConfig = ''
- UseRoaming no
- '';
};
services.openssh.enable = true;
nix.useChroot = true;
diff --git a/makefu/2configs/temp-share-samba.nix b/makefu/2configs/temp-share-samba.nix
index 5f21e3bf7..0907c2dbf 100644
--- a/makefu/2configs/temp-share-samba.nix
+++ b/makefu/2configs/temp-share-samba.nix
@@ -1,9 +1,12 @@
{config, ... }:{
+ networking.firewall.allowedUDPPorts = [ 137 138 ];
+ networking.firewall.allowedTCPPorts = [ 139 445 ];
users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
description = "smb guest user";
- home = "/var/empty";
+ home = "/home/share";
+ createHome = true;
};
services.samba = {
enable = true;
diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix
index aaabcd50e..2b4e24774 100644
--- a/makefu/2configs/virtualization-virtualbox.nix
+++ b/makefu/2configs/virtualization-virtualbox.nix
@@ -2,8 +2,8 @@
let
mainUser = config.krebs.build.user;
- version = "5.0.6";
- rev = "103037";
+ version = "5.0.20";
+ rev = "106931";
vboxguestpkg = pkgs.fetchurl {
url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf";
@@ -14,5 +14,10 @@ in {
nixpkgs.config.virtualbox.enableExtensionPack = true;
users.extraGroups.vboxusers.members = [ "${mainUser.name}" ];
- environment.systemPackages = [ vboxguestpkg ];
+ nixpkgs.config.packageOverrides = super: {
+ boot.kernelPackages = super.boot.kernelPackages.virtualbox.override {
+ buildInputs = super.boot.kernelPackages.virtualBox.buildInputs
+ ++ [ vboxguestpkg ];
+ };
+ };
}
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index 853bdca04..febebaa18 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -6,6 +6,7 @@ _:
./umts.nix
./taskserver.nix
./awesome-extra.nix
+ ./forward-journal.nix
];
}
diff --git a/makefu/3modules/forward-journal.nix b/makefu/3modules/forward-journal.nix
new file mode 100644
index 000000000..26de3ffdd
--- /dev/null
+++ b/makefu/3modules/forward-journal.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+ cfg = config.makefu.forward-journal;
+
+ out = {
+ options.makefu.forward-journal = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "forward journal via syslog";
+ src = mkOption {
+ type = types.str;
+ description = "syslog host identifier";
+ default = config.networking.hostName;
+ };
+ dst = mkOption {
+ type = types.str;
+ description = "syslog host identifier";
+ default = "";
+ };
+ proto = mkOption {
+ type = types.str;
+ default = "udp";
+ };
+ port = mkOption {
+ type = types.int;
+ description = "destination port";
+ default = 514;
+ };
+
+ };
+
+ imp = {
+ services.syslog-ng = {
+ enable = true;
+ extraConfig = ''
+ template t_remote { template("<$PRI>$DATE ${cfg.src} $PROGRAM[$PID]: $MSG\n"); };
+ source s_all { system(); internal(); };
+ destination d_loghost { udp("${cfg.dst}" port(${toString cfg.port}) template(t_remote)); };
+ log { source(s_all); destination(d_loghost); };
+ '';
+ };
+ };
+
+in
+out
+
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index f6a6b674b..f94136c0b 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -10,6 +10,8 @@ in
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
awesomecfg = callPackage ./awesomecfg {};
bintray-upload = callPackage ./bintray-upload {};
+ git-xlsx-textconv = callPackage ./git-xlsx-textconv {};
+ mergerfs = callPackage ./mergerfs {};
mycube-flask = callPackage ./mycube-flask {};
nodemcu-uploader = callPackage ./nodemcu-uploader {};
tw-upload-plugin = callPackage ./tw-upload-plugin {};
diff --git a/makefu/5pkgs/mergerfs/default.nix b/makefu/5pkgs/mergerfs/default.nix
new file mode 100644
index 000000000..64e8fc671
--- /dev/null
+++ b/makefu/5pkgs/mergerfs/default.nix
@@ -0,0 +1,26 @@
+{ stdenv, fetchgit, fuse, pkgconfig, which, attr, pandoc, git }:
+
+stdenv.mkDerivation rec {
+ name = "mergerfs-${version}";
+ version = "2.14.0";
+
+ # not using fetchFromGitHub because of changelog being built with git log
+ src = fetchgit {
+ url = "https://github.com/trapexit/mergerfs";
+ rev = "refs/tags/${version}";
+ sha256 = "0j5r96xddlj5gp3n1xhfwjmr6yf861xg3hgby4p078c8zfriq5rm";
+ deepClone = true;
+ };
+
+ buildInputs = [ fuse pkgconfig which attr pandoc git ];
+
+ makeFlags = [ "PREFIX=$(out)" "XATTR_AVAILABLE=1" ];
+
+
+ meta = {
+ homepage = https://github.com/trapexit/mergerfs;
+ description = "a FUSE based union filesystem";
+ license = stdenv.lib.licenses.isc;
+ maintainers = [ stdenv.lib.maintainers.makefu ];
+ };
+}