summaryrefslogtreecommitdiffstats
path: root/makefu/1systems
diff options
context:
space:
mode:
Diffstat (limited to 'makefu/1systems')
-rw-r--r--makefu/1systems/darth.nix44
-rw-r--r--makefu/1systems/gum.nix13
-rw-r--r--makefu/1systems/omo.nix13
-rw-r--r--makefu/1systems/pornocauster.nix6
-rw-r--r--makefu/1systems/vbob.nix5
5 files changed, 64 insertions, 17 deletions
diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix
index a33744f0b..2f2358ddc 100644
--- a/makefu/1systems/darth.nix
+++ b/makefu/1systems/darth.nix
@@ -1,17 +1,51 @@
{ config, pkgs, lib, ... }:
with config.krebs.lib;
-{
+let
+ byid = dev: "/dev/disk/by-id/" + dev;
+ rootDisk = byid "ata-ADATA_SSD_S599_64GB_10460000000000000039";
+ auxDisk = byid "ata-HGST_HTS721010A9E630_JR10006PH3A02F";
+ dataPartition = auxDisk + "-part1";
+
+ allDisks = [ rootDisk auxDisk ];
+in {
imports = [
- ../2configs/fs/single-partition-ext4.nix
- ../2configs/zsh-user.nix
- ../.
+ ../.
+ ../2configs/fs/single-partition-ext4.nix
+ ../2configs/zsh-user.nix
+ ../2configs/smart-monitor.nix
+ ../2configs/exim-retiolum.nix
+ ../2configs/virtualization.nix
];
+ networking.firewall.allowedUDPPorts = [ 80 655 67 ];
+ networking.firewall.allowedTCPPorts = [ 80 655 ];
+ networking.firewall.checkReversePath = false;
+ #networking.firewall.enable = false;
+ # virtualisation.nova.enableSingleNode = true;
krebs.retiolum.enable = true;
- boot.loader.grub.device = "/dev/disk/by-id/ata-ADATA_SSD_S599_64GB_10460000000000000039";
+ boot.kernelModules = [ "coretemp" "f71882fg" ];
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+ networking.wireless.enable = true;
+
+ # TODO smartd omo darth gum all-in-one
+ services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
+ zramSwap.enable = true;
+
+ fileSystems."/data" = {
+ device = dataPartition;
+ fsType = "ext4";
+ };
+
+ boot.loader.grub.device = rootDisk;
+
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.makefu-omo.pubkey
+ config.krebs.users.makefu-vbob.pubkey
];
+
+ krebs.build.host = config.krebs.hosts.darth;
}
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index e784fdc12..710421659 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -41,9 +41,16 @@ in {
];
};
- krebs.nginx.servers.cgit.server-names = [
- "cgit.euer.krebsco.de"
- ];
+ krebs.nginx.servers.cgit = {
+ server-names = [ "cgit.euer.krebsco.de" ];
+ listen = [ "${external-ip}:80" "${internal-ip}:80" ];
+ };
+
+ # access
+ users.users = {
+ root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ];
+ makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
+ };
# Chat
environment.systemPackages = with pkgs;[
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index bfcd2298a..fbd06a9c7 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -11,7 +11,7 @@ let
# cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
# cryptsetup luksAddKey $dev tmpkey
# cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096
- # mkfs.ext4 /dev/mapper/crypt0 -L crypt0 -T largefile
+ # mkfs.xfs /dev/mapper/crypt0 -L crypt0
# omo Chassis:
# __FRONT_
@@ -30,6 +30,8 @@ let
cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
# cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
# all physical disks
+
+ # TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk2 ];
in {
imports =
@@ -42,16 +44,21 @@ in {
../2configs/smart-monitor.nix
../2configs/mail-client.nix
../2configs/share-user-sftp.nix
+ ../2configs/graphite-standalone.nix
../2configs/omo-share.nix
];
+
krebs.retiolum.enable = true;
networking.firewall.trustedInterfaces = [ "enp3s0" ];
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
# tcp:80 - nginx for sharing files
# tcp:655 udp:655 - tinc
- # tcp:8080 - sabnzbd
+ # tcp:8111 - graphite
+ # tcp:9090 - sabnzbd
+ # tcp:9200 - elasticsearch
+ # tcp:5601 - kibana
networking.firewall.allowedUDPPorts = [ 655 ];
- networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
+ networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ];
# services.openssh.allowSFTP = false;
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 119f0e5e4..88c187758 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -36,7 +36,11 @@
#../2configs/wordpress.nix
../2configs/nginx/public_html.nix
];
-
+ krebs.nginx = {
+ default404 = false;
+ servers.default.listen = [ "80 default_server" ];
+ servers.default.server-names = [ "_" ];
+ };
krebs.retiolum.enable = true;
# steam
hardware.opengl.driSupport32Bit = true;
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index 748b08ef1..5e2382f37 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -15,11 +15,6 @@
];
nixpkgs.config.allowUnfree = true;
- krebs.build.source.upstream-nixpkgs = {
- url = https://github.com/makefu/nixpkgs;
- # HTTP Everywhere + libredir
- rev = "8239ac6";
- };
fileSystems."/nix" = {
device ="/dev/disk/by-label/nixstore";
fsType = "ext4";