summaryrefslogtreecommitdiffstats
path: root/makefu/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'makefu/2configs')
-rw-r--r--makefu/2configs/binary-cache/server.nix31
-rw-r--r--makefu/2configs/deployment/events-publisher/default.nix48
-rw-r--r--makefu/2configs/hw/mceusb.nix15
-rw-r--r--makefu/2configs/hw/network-manager.nix14
-rw-r--r--makefu/2configs/hw/stk1160.nix17
-rw-r--r--makefu/2configs/nginx/gold.krebsco.de.nix24
-rw-r--r--makefu/2configs/nur.nix7
-rw-r--r--makefu/2configs/task-client.nix2
-rw-r--r--makefu/2configs/tools/core-gui.nix4
-rw-r--r--makefu/2configs/tools/desktop.nix2
-rw-r--r--makefu/2configs/tools/extra-gui.nix2
-rw-r--r--makefu/2configs/tools/media.nix2
-rw-r--r--makefu/2configs/tools/sec.nix2
-rw-r--r--makefu/2configs/torrent.nix18
14 files changed, 148 insertions, 40 deletions
diff --git a/makefu/2configs/binary-cache/server.nix b/makefu/2configs/binary-cache/server.nix
new file mode 100644
index 000000000..ad6256830
--- /dev/null
+++ b/makefu/2configs/binary-cache/server.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ...}:
+
+{
+ # generate private key with:
+ # nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub
+ services.nix-serve = {
+ enable = true;
+ secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+ };
+
+ systemd.services.nix-serve = {
+ requires = ["secret.service"];
+ after = ["secret.service"];
+ };
+ krebs.secret.files.nix-serve-key = {
+ path = "/run/secret/nix-serve.key";
+ owner.name = "nix-serve";
+ source-path = toString <secrets> + "/nix-serve.key";
+ };
+ services.nginx = {
+ enable = true;
+ virtualHosts.nix-serve = {
+ serverAliases = [ "cache.gum.r"
+ "cache.euer.krebsco.de"
+ "cache.gum.krebsco.de"
+ ];
+ locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";
+ };
+ };
+}
+
diff --git a/makefu/2configs/deployment/events-publisher/default.nix b/makefu/2configs/deployment/events-publisher/default.nix
new file mode 100644
index 000000000..db8502c6e
--- /dev/null
+++ b/makefu/2configs/deployment/events-publisher/default.nix
@@ -0,0 +1,48 @@
+{ pkgs, ... }:
+with import <stockholm/lib>;
+let
+ shack-announce = pkgs.callPackage (builtins.fetchTarball {
+ url = "https://github.com/makefu/events-publisher/archive/15fbe5cc6ac9617a08a042870795f9e879d9952a.tar.gz";
+ sha256 = "1bqp1qdnwx5q1w468zbm57hmpjz3x8if3j29qrqcia0vzks1s37a";
+ }) {} ;
+ home = "/var/lib/shackannounce";
+ user = "shackannounce";
+ creds = (toString <secrets>) + "/shack-announce.json";
+in
+{
+ users.users.${user}= {
+ uid = genid user;
+ inherit home;
+ createHome = true;
+ };
+ systemd.services.shack-announce = {
+ description = "Announce shack events";
+ startAt = "*:0/30";
+ path = [ shack-announce ];
+ serviceConfig = {
+ WorkingDirectory = home;
+ User = user;
+ PermissionsStartOnly = true;
+ ExecStartPre = pkgs.writeDash "shack-announce-pre" ''
+ set -eu
+ cp ${creds} creds.json
+ chown ${user} creds.json
+ '';
+ ExecStart = pkgs.writeDash "shack-announce" ''
+ if test ! -e announce.state; then
+ echo "initializing state"
+ announce-daemon \
+ --lol INFO \
+ --creds creds.json \
+ --state announce.state \
+ --clean --init
+ fi
+ echo "Running announce"
+ announce-daemon \
+ --lol INFO \
+ --creds creds.json \
+ --state announce.state
+ '';
+ };
+ };
+}
diff --git a/makefu/2configs/hw/mceusb.nix b/makefu/2configs/hw/mceusb.nix
index c1d6f5651..069e6e7eb 100644
--- a/makefu/2configs/hw/mceusb.nix
+++ b/makefu/2configs/hw/mceusb.nix
@@ -1,4 +1,4 @@
-{pkgs,...}:{
+{pkgs, lib, ...}:{
# Disable the MCE remote from acting like a keyboard. (We use lirc instead.)
services.xserver.inputClassSections = [''
Identifier "MCE USB Keyboard mimic blacklist"
@@ -6,13 +6,12 @@
MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)"
Option "Ignore" "on"
''];
- boot.kernelPackages = builtins.trace "Using linux kernel 4.16, not latest" pkgs.linuxPackages_4_16;
- nixpkgs.config.packageOverrides = pkgs: {
- linux_4_16 = pkgs.linux_4_16.override {
- extraConfig = ''
- LIRC y
- '';
- };
+ boot.kernelPatches = lib.singleton {
+ name = "enable-lirc";
+ patch = null;
+ extraConfig = ''
+ LIRC y
+ '';
};
}
diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix
index d322c683d..ffc32e0cb 100644
--- a/makefu/2configs/hw/network-manager.nix
+++ b/makefu/2configs/hw/network-manager.nix
@@ -22,15 +22,9 @@
};
networking.networkmanager.enable = true;
- # TODO: put somewhere else
- services.xserver.displayManager.sessionCommands = ''
- ${pkgs.clipit}/bin/clipit &
- ${pkgs.networkmanagerapplet}/bin/nm-applet &
- '';
-
# nixOSUnstable
-# networking.networkmanager.wifi = {
-# powersave = true;
-# scanRandMacAddress = true;
-# };
+ networking.networkmanager.wifi = {
+ powersave = true;
+ scanRandMacAddress = true;
+ };
}
diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix
index 4ac639a25..735cb4c17 100644
--- a/makefu/2configs/hw/stk1160.nix
+++ b/makefu/2configs/hw/stk1160.nix
@@ -1,13 +1,12 @@
{ pkgs, lib, ... }:
{
- # TODO: un-pin linuxPackages somehow
- nixpkgs.config.packageOverrides = pkgs: {
- linux_4_14 = pkgs.linux_4_14.override {
- extraConfig = ''
- MEDIA_ANALOG_TV_SUPPORT y
- VIDEO_STK1160_COMMON m
- VIDEO_STK1160 m
- '';
- };
+ boot.kernelPatches = lib.singleton {
+ name = "enable-stk1160";
+ patch = null;
+ extraConfig = ''
+ MEDIA_ANALOG_TV_SUPPORT y
+ VIDEO_STK1160_COMMON m
+ VIDEO_STK1160 m
+ '';
};
}
diff --git a/makefu/2configs/nginx/gold.krebsco.de.nix b/makefu/2configs/nginx/gold.krebsco.de.nix
new file mode 100644
index 000000000..083c0f8d7
--- /dev/null
+++ b/makefu/2configs/nginx/gold.krebsco.de.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ gold = pkgs.fetchFromGitHub {
+ owner = "krebs";
+ repo = "krebsgold";
+ rev = "15f7a74";
+ sha256= "1ya9xgg640k3hbl63022sfm44c1si2mxch8jkxindmwg4pa1y4ly";
+ };
+in {
+
+ services.nginx = {
+ enable = mkDefault true;
+ virtualHosts = {
+ "gold.krebsco.de" = {
+ enableACME = true;
+ forceSSL = true;
+ root = toString gold + "/html";
+ };
+ };
+ };
+}
+
diff --git a/makefu/2configs/nur.nix b/makefu/2configs/nur.nix
new file mode 100644
index 000000000..dda00063a
--- /dev/null
+++ b/makefu/2configs/nur.nix
@@ -0,0 +1,7 @@
+{ pkgs, ... }:{
+ nixpkgs.config.packageOverrides = pkgs: {
+ nur = pkgs.callPackage (import (builtins.fetchGit {
+ url = "https://github.com/nix-community/NUR";
+ })) {};
+ };
+}
diff --git a/makefu/2configs/task-client.nix b/makefu/2configs/task-client.nix
index 330616f4a..470193d6c 100644
--- a/makefu/2configs/task-client.nix
+++ b/makefu/2configs/task-client.nix
@@ -1,6 +1,6 @@
{ pkgs, ... }:
{
- krebs.per-user.makefu.packages = [
+ users.users.makefu.packages = [
pkgs.taskwarrior
];
diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix
index 898bae10d..1e85da53c 100644
--- a/makefu/2configs/tools/core-gui.nix
+++ b/makefu/2configs/tools/core-gui.nix
@@ -1,10 +1,10 @@
{ pkgs, ... }:
{
- krebs.per-user.makefu.packages = with pkgs; [
+ users.users.makefu.packages = with pkgs; [
chromium
- clipit
feh
+ clipit
firefox
keepassx
pcmanfm
diff --git a/makefu/2configs/tools/desktop.nix b/makefu/2configs/tools/desktop.nix
index 1fe03e111..bb14c3eb5 100644
--- a/makefu/2configs/tools/desktop.nix
+++ b/makefu/2configs/tools/desktop.nix
@@ -4,8 +4,10 @@
users.users.makefu.packages = with pkgs; [
taskwarrior
pass
+ gopass
mutt
weechat
tmux
];
+
}
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index e25290297..ae97edd54 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -1,7 +1,7 @@
{ pkgs, ... }:
{
- krebs.per-user.makefu.packages = with pkgs;[
+ users.users.makefu.packages = with pkgs;[
# media
gimp
inkscape
diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix
index 4de2b545e..35faaa29f 100644
--- a/makefu/2configs/tools/media.nix
+++ b/makefu/2configs/tools/media.nix
@@ -1,7 +1,7 @@
{ pkgs, ... }:
{
- krebs.per-user.makefu.packages = with pkgs; [
+ users.users.makefu.packages = with pkgs; [
kodi
streamripper
youtube-dl
diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix
index 3dc02937d..17a980ef7 100644
--- a/makefu/2configs/tools/sec.nix
+++ b/makefu/2configs/tools/sec.nix
@@ -1,7 +1,7 @@
{ pkgs, ... }:
{
- krebs.per-user.makefu.packages = with pkgs; [
+ users.users.makefu.packages = with pkgs; [
aria2
# mitmproxy
pythonPackages.binwalk-full
diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix
index a076479c2..3df0ddbfe 100644
--- a/makefu/2configs/torrent.nix
+++ b/makefu/2configs/torrent.nix
@@ -8,13 +8,13 @@ let
peer-port = 51412;
web-port = 8112;
daemon-port = 58846;
- torrent-dir = config.makefu.dl-dir;
+ base-dir = config.makefu.dl-dir;
in {
users.users = {
download = {
name = "download";
- home = torrent-dir;
+ home = base-dir;
uid = mkDefault (genid "download");
createHome = true;
useDefaultShell = true;
@@ -25,10 +25,12 @@ in {
# todo: race condition, do this after download user has been created
system.activationScripts."download-dir-chmod" = ''
- for i in finished watch torrents; do
- mkdir -p "${torrent-dir}/$i"
- chown download:download "${torrent-dir}/$i"
- chmod 770 "${torrent-dir}/$i"
+ for i in finished watch; do
+ if test ! -d $i;then
+ mkdir -p "${base-dir}/$i"
+ chown rtorrent:download "${base-dir}/$i"
+ chmod 775 "${base-dir}/$i"
+ fi
done
'';
@@ -42,6 +44,7 @@ in {
"nginx"
];
};
+ rtorrent.members = [ "download" ];
};
krebs.rtorrent = {
@@ -54,7 +57,8 @@ in {
rutorrent.enable = true;
enableXMLRPC = true;
listenPort = peer-port;
- workDir = torrent-dir;
+ downloadDir = base-dir + "/finished";
+ watchDir = base-dir + "/watch";
# dump old torrents into watch folder to have them re-added
};
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 11:57:58 +0000