diff options
Diffstat (limited to 'makefu')
-rw-r--r-- | makefu/0tests/data/secrets/airdcpp-makefu.pw | 0 | ||||
-rw-r--r-- | makefu/0tests/data/secrets/krebshub.pw | 0 | ||||
-rw-r--r-- | makefu/1systems/nextgum/config.nix | 5 | ||||
-rw-r--r-- | makefu/1systems/nextgum/hardware-config.nix | 13 | ||||
-rw-r--r-- | makefu/1systems/x/config.nix | 4 | ||||
-rw-r--r-- | makefu/1systems/x/source.nix | 1 | ||||
-rw-r--r-- | makefu/2configs/dcpp/airdcpp.nix | 48 | ||||
-rw-r--r-- | makefu/2configs/default.nix | 107 | ||||
-rw-r--r-- | makefu/2configs/home-manager/cli.nix | 12 | ||||
-rw-r--r-- | makefu/2configs/home-manager/default.nix | 7 | ||||
-rw-r--r-- | makefu/2configs/home-manager/desktop.nix | 31 | ||||
-rw-r--r-- | makefu/2configs/home-manager/mail.nix | 46 | ||||
-rw-r--r-- | makefu/2configs/minimal.nix | 88 | ||||
-rw-r--r-- | makefu/3modules/default.nix | 4 | ||||
-rw-r--r-- | makefu/3modules/state.nix | 7 | ||||
-rw-r--r-- | makefu/5pkgs/pavumeter/default.nix | 30 | ||||
-rw-r--r-- | makefu/krops.nix | 16 |
17 files changed, 313 insertions, 106 deletions
diff --git a/makefu/0tests/data/secrets/airdcpp-makefu.pw b/makefu/0tests/data/secrets/airdcpp-makefu.pw new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/makefu/0tests/data/secrets/airdcpp-makefu.pw diff --git a/makefu/0tests/data/secrets/krebshub.pw b/makefu/0tests/data/secrets/krebshub.pw new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/makefu/0tests/data/secrets/krebshub.pw diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix index db22cf9b8..64516fa98 100644 --- a/makefu/1systems/nextgum/config.nix +++ b/makefu/1systems/nextgum/config.nix @@ -25,11 +25,12 @@ in { <stockholm/makefu/2configs/git/cgit-retiolum.nix> <stockholm/makefu/2configs/backup.nix> - <stockholm/makefu/2configs/exim-retiolum.nix> + # <stockholm/makefu/2configs/exim-retiolum.nix> <stockholm/makefu/2configs/tinc/retiolum.nix> # services <stockholm/makefu/2configs/sabnzbd.nix> + <stockholm/makefu/2configs/mail/mail.euer.nix> # sharing <stockholm/makefu/2configs/share/gum.nix> @@ -73,6 +74,7 @@ in { #<stockholm/makefu/2configs/nginx/update.connector.one.nix> #<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix> <stockholm/makefu/2configs/nginx/gold.krebsco.de.nix> + <stockholm/makefu/2configs/nginx/iso.euer.nix> <stockholm/makefu/2configs/deployment/events-publisher> #<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> @@ -94,6 +96,7 @@ in { <stockholm/makefu/2configs/stats/client.nix> + <stockholm/makefu/2configs/dcpp/airdcpp.nix> # <stockholm/makefu/2configs/logging/client.nix> ## Temporary: diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix index 944210701..bfe29b46c 100644 --- a/makefu/1systems/nextgum/hardware-config.nix +++ b/makefu/1systems/nextgum/hardware-config.nix @@ -41,11 +41,12 @@ in { boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.devices = [ main-disk ]; + boot.initrd.kernelModules = [ "dm-raid" ]; boot.initrd.availableKernelModules = [ "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" "xhci_pci" "ehci_pci" "ahci" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" "dm-raid" "dm_thin_pool" ]; + boot.kernelModules = [ "kvm-intel" ]; hardware.enableRedistributableFirmware = true; fileSystems."/" = { device = "/dev/mapper/nixos-root"; @@ -59,6 +60,10 @@ in { device = "/dev/mapper/nixos-download"; fsType = "ext4"; }; + fileSystems."/var/lib/borgbackup" = { + device = "/dev/mapper/nixos-backup"; + fsType = "ext4"; + }; fileSystems."/boot" = { device = "/dev/sda2"; fsType = "vfat"; @@ -79,8 +84,12 @@ in { #vgcreate nixos /dev/sda3 /dev/sdb1 #lvcreate -L 120G -m 1 -n root nixos #lvcreate -L 50G -m 1 -n lib nixos - #lvcreate -L 50G -n download nixos + #lvcreate -L 100G -n download nixos + #lvcreate -L 100G -n backup nixos #mkfs.ext4 /dev/mapper/nixos-root + #mkfs.ext4 /dev/mapper/nixos-lib + #mkfs.ext4 /dev/mapper/nixos-download + #mkfs.ext4 /dev/mapper/nixos-borgbackup #mount /dev/mapper/nixos-root /mnt #mkdir /mnt/boot #mount /dev/sda2 /mnt/boot diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 97d11fbd3..66d904512 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -7,6 +7,10 @@ [ # base <stockholm/makefu> <stockholm/makefu/2configs/nur.nix> + <stockholm/makefu/2configs/home-manager> + <stockholm/makefu/2configs/home-manager/desktop.nix> + <stockholm/makefu/2configs/home-manager/cli.nix> + <stockholm/makefu/2configs/home-manager/mail.nix> <stockholm/makefu/2configs/main-laptop.nix> <stockholm/makefu/2configs/extra-fonts.nix> <stockholm/makefu/2configs/tools/all.nix> diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix index 75af3255b..050fd39f7 100644 --- a/makefu/1systems/x/source.nix +++ b/makefu/1systems/x/source.nix @@ -6,5 +6,6 @@ unstable = true; mic92 = true; clever_kexec = true; + home-manager = true; # torrent = true; } diff --git a/makefu/2configs/dcpp/airdcpp.nix b/makefu/2configs/dcpp/airdcpp.nix new file mode 100644 index 000000000..fe05effd9 --- /dev/null +++ b/makefu/2configs/dcpp/airdcpp.nix @@ -0,0 +1,48 @@ +{ config, ... }: +{ + krebs.airdcpp = { + enable = true; + extraGroups = [ "download" ]; + web.port = 5600; + web.users.makefu.password = builtins.readFile <secrets/airdcpp-makefu.pw>; # watch out for newline! + hubs."krebshub" = + { Nick = "makefu-${config.krebs.build.host.name}"; + Password = builtins.readFile <secrets/krebshub.pw>; + Server = "adcs://hub.nsupdate.info:411"; + AutoConnect = true; + }; + dcpp = { + shares = { + # Incoming must be writeable! + incoming = { path = config.makefu.dl-dir + "/finished/dcpp"; incoming = true; }; + audiobooks.path = config.makefu.dl-dir + "/finished/audiobooks"; + }; + Nick = "makefu"; + DownloadSpeed = "1000"; + UploadSpeed = "1000"; + }; + }; + networking.firewall.allowedTCPPorts = + [ config.krebs.airdcpp.dcpp.InPort + config.krebs.airdcpp.dcpp.TLSPort + ]; + networking.firewall.allowedUDPPorts = [ config.krebs.airdcpp.dcpp.UDPPort ]; + + services.nginx.virtualHosts."dcpp.${config.krebs.build.host.name}.r".locations."/" = + { proxyPass = "http://localhost:${toString config.krebs.airdcpp.web.port}/"; + + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + gzip_types text/plain application/javascript; + + # Proxy websockets + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + ''; + }; + +} diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 6192a92a5..61cba86d9 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -10,24 +10,11 @@ with import <stockholm/lib>; } ./editor/vim.nix ./binary-cache/nixos.nix + ./minimal.nix ]; - boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - - programs.command-not-found.enable = false; - - nix.package = pkgs.nixUnstable; - - nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); - krebs = { - enable = true; - - dns.providers.lan = "hosts"; - search-domain = "r"; - build.user = config.krebs.users.makefu; - }; - - users.extraUsers = { + # users are super important + users.users = { root = { openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; }; @@ -37,80 +24,39 @@ with import <stockholm/lib>; home = "/home/makefu"; createHome = true; useDefaultShell = true; - extraGroups = [ - "wheel" - ]; + extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; }; }; - networking.hostName = config.krebs.build.host.name; - nix.maxJobs = 2; - nix.buildCores = config.krebs.build.host.cores; + boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - time.timeZone = "Europe/Berlin"; + nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); + krebs = { + enable = true; - programs.ssh = { - startAgent = false; + dns.providers.lan = "hosts"; + search-domain = "r"; + build.user = config.krebs.users.makefu; }; - services.openssh.enable = true; - nix.useSandbox = true; - users.mutableUsers = false; - boot.tmpOnTmpfs = true; - networking.firewall.rejectPackets = true; - networking.firewall.allowPing = true; + boot.tmpOnTmpfs = true; systemd.tmpfiles.rules = [ "d /tmp 1777 root root - -" ]; - nix.nixPath = [ "/var/src" ]; - environment.variables = let - ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - in { - NIX_PATH = mkForce "/var/src"; - EDITOR = mkForce "vim"; - CURL_CA_BUNDLE = ca-bundle; - GIT_SSL_CAINFO = ca-bundle; - SSL_CERT_FILE = ca-bundle; - }; environment.systemPackages = with pkgs; [ jq git - get gnumake rxvt_unicode.terminfo htop ]; - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE - - PYTHONSTARTUP="~/.pythonrc"; - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - ''; - - promptInit = '' - case $UID in - 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;; - 9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;; - *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;; - esac - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - fi - ''; - }; + programs.bash.enableCompletion = true; environment.shellAliases = { # TODO: see .aliases @@ -126,12 +72,6 @@ with import <stockholm/lib>; tinc = pkgs.tinc_pre; }; - networking.timeServers = [ - "pool.ntp.org" - "time.windows.com" - "time.apple.com" - "time.nist.gov" - ]; nix.extraOptions = '' auto-optimise-store = true @@ -145,26 +85,5 @@ with import <stockholm/lib>; SystemMaxUse=1G RuntimeMaxUse=128M ''; - # Enable IPv6 Privacy Extensions - boot.kernel.sysctl = { - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; - }; - i18n = { - consoleKeyMap = "us"; - defaultLocale = "en_US.UTF-8"; - }; - # suppress chrome autit event messages - security.audit = { - rules = [ - "-a task,never" - ]; - }; - system.activationScripts.state = optionalString (config.state != []) '' - cat << EOF - This machine is burdened with state: - ${concatMapStringsSep "\n" (d: "* ${d}") config.state} - EOF - ''; } diff --git a/makefu/2configs/home-manager/cli.nix b/makefu/2configs/home-manager/cli.nix new file mode 100644 index 000000000..1efc4d2bf --- /dev/null +++ b/makefu/2configs/home-manager/cli.nix @@ -0,0 +1,12 @@ +{ + home-manager.users.makefu = { + services.gpg-agent = { + defaultCacheTtl = 900; + maxCacheTtl = 7200; + defaultCacheTtlSsh = 3600; + maxCacheTtlSsh = 86400; + enableSshSupport = true; + }; + programs.fzf.enable = true; # alt-c + }; +} diff --git a/makefu/2configs/home-manager/default.nix b/makefu/2configs/home-manager/default.nix new file mode 100644 index 000000000..e75ee6262 --- /dev/null +++ b/makefu/2configs/home-manager/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + <home-manager/nixos> + ]; + home-manager.users.makefu = { + }; +} diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix new file mode 100644 index 000000000..c2f854d47 --- /dev/null +++ b/makefu/2configs/home-manager/desktop.nix @@ -0,0 +1,31 @@ +{pkgs, ... }: { + home-manager.users.makefu = { + programs.browserpass = { browsers = [ "firefox" ] ; enable = true; }; + services.network-manager-applet.enable = true; + services.blueman-applet.enable = true; + services.pasystray.enable = true; + + systemd.user.services.network-manager-applet.Service.Environment = '' + XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache + ''; + systemd.user.services.clipit = { + Unit = { + Description = "clipboard manager"; + After = [ "graphical-session-pre.target" ]; + PartOf = [ "graphical-session.target" ]; + }; + + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + + Service = { + Environment = '' + XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache + ''; + ExecStart = "${pkgs.clipit}/bin/clipit"; + Restart = "on-abort"; + }; + }; + }; +} diff --git a/makefu/2configs/home-manager/mail.nix b/makefu/2configs/home-manager/mail.nix new file mode 100644 index 000000000..ce7ae4f4d --- /dev/null +++ b/makefu/2configs/home-manager/mail.nix @@ -0,0 +1,46 @@ +{ + home-manager.users.makefu = { + accounts.email.accounts.syntaxfehler = { + address = "felix.richter@syntax-fehler.de"; + userName = "Felix.Richter@syntax-fehler.de"; + imap = { + host = "syntax-fehler.de"; + tls = { + enable = true; + }; + }; + smtp = { + host = "syntax-fehler.de"; + tls = { + enable = true; + }; + }; + msmtp.enable = true; + notmuch.enable = true; + offlineimap = { + enable = true; + postSyncHookCommand = "notmuch new"; + extraConfig.remote = { + holdconnectionopen = true; + idlefolders = "['INBOX']"; + }; + }; + primary = true; + realName = "Felix Richter"; + passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.mail/syntax-fehler.gpg"; + }; + programs.offlineimap.enable = true; + programs.offlineimap.extraConfig = { + mbnames = { + filename = "~/.mutt/muttrc.mailboxes"; + header = "'mailboxes '"; + peritem = "'+%(accountname)s/%(foldername)s'"; + sep = "' '"; + footer = "'\\n'"; + }; + general = { + ui = "TTY.TTYUI"; + }; + }; + }; +} diff --git a/makefu/2configs/minimal.nix b/makefu/2configs/minimal.nix new file mode 100644 index 000000000..d764e5624 --- /dev/null +++ b/makefu/2configs/minimal.nix @@ -0,0 +1,88 @@ +{ lib, pkgs, config, ... }: +# minimal subset of sane configuration for stockholm +{ + # nobody needs this + programs.command-not-found.enable = false; + + # the only true timezone (even after the the removal of DST) + time.timeZone = "Europe/Berlin"; + + networking.hostName = config.krebs.build.host.name; + nix.buildCores = config.krebs.build.host.cores; + + # we use gpg if necessary (or nothing at all) + programs.ssh.startAgent = false; + + # all boxes look the same + nix.useSandbox = true; + # we configure users via nix + users.mutableUsers = false; + + # sane firewalling + networking.firewall.rejectPackets = true; + networking.firewall.allowPing = true; + + # openssh all the way down + services.openssh.enable = true; + + # we use stockholm via populate + nix.nixPath = [ "/var/src" ]; + + environment.variables = let + ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + in { + NIX_PATH = lib.mkForce "/var/src"; + EDITOR = lib.mkForce "vim"; + CURL_CA_BUNDLE = ca-bundle; + GIT_SSL_CAINFO = ca-bundle; + SSL_CERT_FILE = ca-bundle; + }; + + programs.bash = { + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=900001 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + ''; + + promptInit = '' + case $UID in + 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;; + 9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;; + *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;; + esac + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + fi + ''; + }; + + # trust the cool guys + networking.timeServers = [ + "pool.ntp.org" + "time.nist.gov" + ]; + + # the only locale you will ever need + i18n = { + consoleKeyMap = "us"; + defaultLocale = "en_US.UTF-8"; + }; + + # suppress chrome autit event messages + security.audit = { + rules = [ + "-a task,never" + ]; + }; + + # Enable IPv6 Privacy Extensions + boot.kernel.sysctl = { + "net.ipv6.conf.all.use_tempaddr" = 2; + "net.ipv6.conf.default.use_tempaddr" = 2; + }; +} diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index f06ce3d53..7146174fb 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -2,17 +2,17 @@ _: { imports = [ - ./state.nix - ./populate.nix ./awesome-extra.nix ./deluge.nix ./forward-journal.nix ./opentracker.nix ./ps3netsrv.nix ./logging-config.nix + ./populate.nix ./sane-extra.nix ./server-config.nix ./snapraid.nix + ./state.nix ./torrent.nix ./udpt.nix ]; diff --git a/makefu/3modules/state.nix b/makefu/3modules/state.nix index 461b90152..a87f438fe 100644 --- a/makefu/3modules/state.nix +++ b/makefu/3modules/state.nix @@ -6,4 +6,11 @@ description = "state which is currently scattered on the machine"; default = []; }; + + config.system.activationScripts.state = lib.optionalString (config.state != []) '' + cat << EOF + This machine is burdened with state: + ${lib.concatMapStringsSep "\n" (d: "* ${d}") config.state} + EOF + ''; } diff --git a/makefu/5pkgs/pavumeter/default.nix b/makefu/5pkgs/pavumeter/default.nix new file mode 100644 index 000000000..b1822530a --- /dev/null +++ b/makefu/5pkgs/pavumeter/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchurl, libusb, libtool, autoconf, pkgconfig, git, +gettext, automake, libxml2 +, autoreconfHook +, lynx +, gtkmm2 +, libpulseaudio +, gnome2 +, libsigcxx +}: +stdenv.mkDerivation rec { + pname = "pavumeter"; + name = "${pname}-${version}"; + version = "0.9.3"; + + src = fetchurl { + url = "http://0pointer.de/lennart/projects/${pname}/${name}.tar.gz"; + sha256 = "0yq67w8j8l1xsv8pp37bylax22npd6msbavr6pb25yvyq825i3gx"; + }; + + buildInputs = [ gtkmm2 libpulseaudio gnome2.gnome_icon_theme ]; + nativeBuildInputs = [ pkgconfig autoreconfHook lynx ]; + + meta = { + description = "PulseAudio volumene meter"; + homepage = http://0pointer.de/lennart/projects/pavumeter; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ makefu ]; + }; +} diff --git a/makefu/krops.nix b/makefu/krops.nix index f8ea6f7ef..4f55915af 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -1,8 +1,5 @@ { config ? config, name, target ? name }: let - krops = builtins.fetchGit { - url = https://cgit.krebsco.de/krops/; - rev = "4e466eaf05861b47365c5ef46a31a188b70f3615"; - }; + krops = ../submodules/krops; nixpkgs-src = lib.importJSON ./nixpkgs.json; lib = import "${krops}/lib"; @@ -20,12 +17,11 @@ nms = false; arm6 = false; clever_kexec = false; + home-manager = false; } // import (./. + "/1systems/${name}/source.nix"); source = { test }: lib.evalSource [ { - # nixos-18.03 @ 2018-08-06 - # + do_sqlite3 ruby: 55a952be5b5 - # + exfat-nofuse bump: ee6a5296a35 + # nixos-18.09 @ 2018-09-18 # + uhub/sqlite: 5dd7610401747 nixpkgs = if test || host-src.full then { git.ref = nixpkgs-src.rev; @@ -70,6 +66,12 @@ ref = "30fdd53"; }; }) + (lib.mkIf ( host-src.home-manager ) { + home-manager.git = { + url = https://github.com/rycee/home-manager; + ref = "6eea2a4"; + }; + }) ]; in { |