summaryrefslogtreecommitdiffstats
path: root/makefu/1systems/omo.nix
diff options
context:
space:
mode:
Diffstat (limited to 'makefu/1systems/omo.nix')
-rw-r--r--makefu/1systems/omo.nix204
1 files changed, 0 insertions, 204 deletions
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
deleted file mode 100644
index 0f1b8e0da..000000000
--- a/makefu/1systems/omo.nix
+++ /dev/null
@@ -1,204 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, lib, ... }:
-let
- toMapper = id: "/media/crypt${builtins.toString id}";
- byid = dev: "/dev/disk/by-id/" + dev;
- keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0";
- rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904";
- rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2";
- primaryInterface = "enp1s0";
- # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
- # cryptsetup luksAddKey $dev tmpkey
- # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096
- # mkfs.xfs /dev/mapper/crypt0 -L crypt0
-
- # omo Chassis:
- # __FRONT_
- # |* d0 |
- # | |
- # |* d3 |
- # | |
- # |* d3 |
- # | |
- # |* |
- # |* d2 |
- # | * r0 |
- # |_______|
- cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
- cryptDisk1 = byid "ata-TP02000GB_TPW151006050068";
- cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
- # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
- # all physical disks
-
- # TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
- dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ];
- allDisks = [ rootDisk ] ++ dataDisks;
-in {
- imports =
- [
- ../.
- # TODO: unlock home partition via ssh
- ../2configs/fs/sda-crypto-root.nix
- ../2configs/zsh-user.nix
- ../2configs/backup.nix
- ../2configs/exim-retiolum.nix
- ../2configs/smart-monitor.nix
- ../2configs/mail-client.nix
- # ../2configs/disable_v6.nix
- #../2configs/graphite-standalone.nix
- #../2configs/share-user-sftp.nix
- ../2configs/share/omo.nix
- ../2configs/tinc/retiolum.nix
-
- # Logging
- ../2configs/stats/server.nix #influx + grafana
- ../2configs/stats/client.nix
- ../2configs/stats/external/aralast.nix # logs to influx
-
- # services
- ../2configs/syncthing.nix
- ../2configs/mqtt.nix
- # ../2configs/logging/central-logging-client.nix
-
- # ../2configs/torrent.nix
-
- # ../2configs/elchos/search.nix
- # ../2configs/elchos/log.nix
- # ../2configs/elchos/irc-token.nix
-
- ## as long as pyload is not in nixpkgs:
- # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
- ];
- makefu.full-populate = true;
- makefu.server.primary-itf = primaryInterface;
- krebs.rtorrent = {
- downloadDir = lib.mkForce "/media/crypt0/torrent";
- extraConfig = ''
- upload_rate = 200
- '';
- };
- users.groups.share = {
- gid = (import <stockholm/lib>).genid "share";
- members = [ "makefu" "misa" ];
- };
- networking.firewall.trustedInterfaces = [ primaryInterface ];
- # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
- # tcp:80 - nginx for sharing files
- # tcp:655 udp:655 - tinc
- # tcp:8111 - graphite
- # tcp:8112 - pyload
- # tcp:9090 - sabnzbd
- # tcp:9200 - elasticsearch
- # tcp:5601 - kibana
- networking.firewall.allowedUDPPorts = [ 655 ];
- networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 8112 9200 9090 ];
-
- # services.openssh.allowSFTP = false;
-
- # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
- services.sabnzbd.enable = true;
- systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
-
- virtualisation.docker.enable = true;
- makefu.ps3netsrv = {
- enable = true;
- servedir = "/media/cryptX/emu/ps3";
- };
- # HDD Array stuff
- services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
-
- makefu.snapraid = {
- enable = true;
- disks = map toMapper [ 0 1 ];
- parity = toMapper 2;
- };
-
- # TODO create folders in /media
- system.activationScripts.createCryptFolders = ''
- ${lib.concatMapStringsSep "\n"
- (d: "install -m 755 -d " + (toMapper d) )
- [ 0 1 2 "X" ]}
- '';
- environment.systemPackages = with pkgs;[
- mergerfs # hard requirement for mount
- wol # wake up filepimp
- f3
- ];
- fileSystems = let
- cryptMount = name:
- { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
- in cryptMount "crypt0"
- // cryptMount "crypt1"
- // cryptMount "crypt2"
- // { "/media/cryptX" = {
- device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]);
- fsType = "mergerfs";
- noCheck = true;
- options = [ "defaults" "allow_other" "nofail" "nonempty" ];
- };
- };
-
- powerManagement.powerUpCommands = lib.concatStrings (map (disk: ''
- ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk}
- ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
- ${pkgs.hdparm}/sbin/hdparm -y ${disk}
- '') allDisks);
-
- # crypto unlocking
- boot = {
- initrd.luks = {
- devices = let
- usbkey = name: device: {
- inherit name device keyFile;
- keyFileSize = 4096;
- allowDiscards = true;
- };
- in [
- (usbkey "luksroot" rootPartition)
- (usbkey "crypt0" cryptDisk0)
- (usbkey "crypt1" cryptDisk1)
- (usbkey "crypt2" cryptDisk2)
- ];
- };
- loader.grub.device = lib.mkForce rootDisk;
-
- initrd.availableKernelModules = [
- "ahci"
- "ohci_pci"
- "ehci_pci"
- "pata_atiixp"
- "firewire_ohci"
- "usb_storage"
- "usbhid"
- ];
-
- kernelModules = [ "kvm-intel" ];
- extraModulePackages = [ ];
- };
- users.users.misa = {
- uid = 9002;
- name = "misa";
- };
- # hardware.enableAllFirmware = true;
- hardware.enableRedistributableFirmware = true;
- hardware.cpu.intel.updateMicrocode = true;
-
- zramSwap.enable = true;
-
- krebs.Reaktor.reaktor = {
- nickname = "Reaktor|bot";
- channels = [ "#krebs" "#shackspace" "#binaergewitter" ];
- plugins = with pkgs.ReaktorPlugins;[
- titlebot
- # stockholm-issue
- nixos-version
- shack-correct
- sed-plugin
- random-emoji ];
- };
-
- krebs.build.host = config.krebs.hosts.omo;
-}