diff options
Diffstat (limited to 'makefu')
| -rw-r--r-- | makefu/1systems/filepimp.nix | 8 | ||||
| -rw-r--r-- | makefu/1systems/omo.nix | 33 | ||||
| -rw-r--r-- | makefu/1systems/wbob.nix | 2 | ||||
| -rw-r--r-- | makefu/1systems/x.nix (renamed from makefu/1systems/pornocauster.nix) | 16 | ||||
| -rw-r--r-- | makefu/2configs/base-gui.nix | 7 | ||||
| -rw-r--r-- | makefu/2configs/bepasty-dual.nix | 6 | ||||
| -rw-r--r-- | makefu/2configs/fetchWallpaper.nix | 2 | ||||
| -rw-r--r-- | makefu/2configs/hw/tp-x2x0.nix | 7 | ||||
| -rw-r--r-- | makefu/2configs/main-laptop.nix | 51 | ||||
| -rw-r--r-- | makefu/2configs/nginx/euer.wiki.nix | 38 | ||||
| -rw-r--r-- | makefu/2configs/tinc/siem.nix | 12 | ||||
| -rw-r--r-- | makefu/2configs/zsh-user.nix | 2 | ||||
| -rw-r--r-- | makefu/3modules/default.nix | 7 | ||||
| -rw-r--r-- | makefu/3modules/ps3netsrv.nix | 58 | ||||
| -rw-r--r-- | makefu/5pkgs/default.nix | 10 | ||||
| -rw-r--r-- | makefu/5pkgs/f3/default.nix | 26 | ||||
| -rw-r--r-- | makefu/5pkgs/git-xlsx-textconv/default.nix | 6 | ||||
| -rw-r--r-- | makefu/5pkgs/ps3netsrv/default.nix | 2 | ||||
| -rw-r--r-- | makefu/5pkgs/wol/default.nix | 22 |
19 files changed, 264 insertions, 51 deletions
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix index c6966c99c..4037f693d 100644 --- a/makefu/1systems/filepimp.nix +++ b/makefu/1systems/filepimp.nix @@ -3,6 +3,7 @@ let byid = dev: "/dev/disk/by-id/" + dev; part1 = disk: disk + "-part1"; rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890"; + primary-interface = "enp2s0"; # c8:cb:b8:cf:e4:dc # N54L Chassis: # ____________________ # |______FRONT_______| @@ -75,4 +76,11 @@ in { (xfsmount "j2" (part1 jDisk2)) // (xfsmount "par0" (part1 jDisk3)) ; + services.wakeonlan.interfaces = [ + { + interface = primary-interface; + method = "password"; + password = "CA:FE:BA:BE:13:37"; + } + ]; } diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index e11abd40d..3aa5e943e 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -4,6 +4,7 @@ { config, pkgs, lib, ... }: let + toMapper = id: "/media/crypt${builtins.toString id}"; byid = dev: "/dev/disk/by-id/" + dev; keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; @@ -33,7 +34,8 @@ let # all physical disks # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } - allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk2 ]; + dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ]; + allDisks = [ rootDisk ] ++ dataDisks; in { imports = [ @@ -72,26 +74,41 @@ in { systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; virtualisation.docker.enable = true; - - + makefu.ps3netsrv = { + enable = true; + servedir = "/media/cryptX/emu/ps3"; + }; # HDD Array stuff - environment.systemPackages = [ pkgs.mergerfs ]; services.smartd.devices = builtins.map (x: { device = x; }) allDisks; - makefu.snapraid = let - toMapper = id: "/media/crypt${builtins.toString id}"; - in { + makefu.snapraid = { enable = true; disks = map toMapper [ 0 1 ]; parity = toMapper 2; }; + # TODO create folders in /media + system.activationScripts.createCryptFolders = '' + ${lib.concatMapStringsSep "\n" + (d: "install -m 755 -d " + (toMapper d) ) + [ 0 1 2 "X" ]} + ''; + environment.systemPackages = with pkgs;[ + mergerfs # hard requirement for mount + wol # wake up filepimp + ]; fileSystems = let cryptMount = name: { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; in cryptMount "crypt0" // cryptMount "crypt1" - // cryptMount "crypt2"; + // cryptMount "crypt2" + // { "/media/cryptX" = { + device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]); + fsType = "mergerfs"; + options = [ "defaults" "allow_other" ]; + }; + }; powerManagement.powerUpCommands = lib.concatStrings (map (disk: '' ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk} diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix index e8e0b091f..ff593ab35 100644 --- a/makefu/1systems/wbob.nix +++ b/makefu/1systems/wbob.nix @@ -66,7 +66,7 @@ in { client = { enable = true; screenName = "wbob"; - serverAddress = "pornocauster.r"; + serverAddress = "x.r"; }; }; } diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/x.nix index b683e5630..d41edfa46 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/x.nix @@ -43,16 +43,8 @@ ../2configs/temp/share-samba.nix # ../2configs/temp/elkstack.nix # ../2configs/temp/sabnzbd.nix + ../2configs/tinc/siem.nix ]; - - services.tinc.networks.siem = { - name = "makefu"; - extraConfig = '' - ConnectTo = sdarth - ConnectTo = sjump - ''; - }; - krebs.nginx = { default404 = false; servers.default.listen = [ "80 default_server" ]; @@ -65,10 +57,10 @@ # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 80 24800 ]; - networking.firewall.allowedUDPPorts = [ 665 ]; + networking.firewall.allowedTCPPorts = [ 80 24800 26061 ]; + networking.firewall.allowedUDPPorts = [ 665 26061 ]; - krebs.build.host = config.krebs.hosts.pornocauster; + krebs.build.host = config.krebs.hosts.x; krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11"; krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ]; diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index f7d6991c5..b039c12ca 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -55,7 +55,7 @@ in hardware.pulseaudio = { enable = true; - # systemWide = true; + systemWide = true; }; services.xserver.displayManager.sessionCommands = let xdefaultsfile = pkgs.writeText "Xdefaults" '' @@ -87,5 +87,8 @@ in URxvt.url-select.underline: true URxvt.searchable-scrollback: CM-s ''; - in "cat ${xdefaultsfile} | xrdb -merge"; + in '' + cat ${xdefaultsfile} | xrdb -merge + ${pkgs.xorg.xhost}/bin/xhost +local: + ''; } diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix index f675c4ac8..4b5389c32 100644 --- a/makefu/2configs/bepasty-dual.nix +++ b/makefu/2configs/bepasty-dual.nix @@ -45,6 +45,7 @@ in { #certificate = "${sec}/wildcard.krebsco.de.crt"; #certificate_key = "${sec}/wildcard.krebsco.de.key"; ciphers = "RC4:HIGH:!aNULL:!MD5" ; + force_encryption = true; }; locations = singleton ( nameValuePair "/.well-known/acme-challenge" '' root ${acmechall}/${ext-dom}/; @@ -54,10 +55,7 @@ in { ssl_session_timeout 10m; ssl_verify_client off; proxy_ssl_session_reuse off; - - if ($scheme = http){ - return 301 https://$server_name$request_uri; - }''; + ''; }; defaultPermissions = "read"; secretKey = secKey; diff --git a/makefu/2configs/fetchWallpaper.nix b/makefu/2configs/fetchWallpaper.nix index 786df6d40..fb74919c4 100644 --- a/makefu/2configs/fetchWallpaper.nix +++ b/makefu/2configs/fetchWallpaper.nix @@ -3,7 +3,7 @@ { krebs.fetchWallpaper = { enable = true; - display = ":0"; + display = ":0.0"; unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; timerConfig = { OnCalendar = "*:0/30"; diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index c10ec1314..9047cfb66 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -12,6 +12,12 @@ with config.krebs.lib; zramSwap.enable = true; zramSwap.numDevices = 2; + # enable synaptics so we can easily disable the touchpad + # enable the touchpad with `synclient TouchpadOff=0` + services.xserver.synaptics = { + enable = true; + additionalOptions = ''Option "TouchpadOff" "1"''; + }; hardware.trackpoint = { enable = true; sensitivity = 220; @@ -19,7 +25,6 @@ with config.krebs.lib; emulateWheel = true; }; - services.tlp.enable = true; services.tlp.extraConfig = '' # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index 3cc91b630..9d5b06f70 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -6,7 +6,10 @@ # TODO split generic desktop stuff and laptop-specifics like lidswitching with config.krebs.lib; -{ +let + window-manager = "awesome"; + user = config.krebs.build.user.name; +in { imports = [ ./base-gui.nix ./fetchWallpaper.nix @@ -16,6 +19,52 @@ with config.krebs.lib; users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; + krebs.power-action = let + #speak = "XDG_RUNTIME_DIR=/run/user/$(id -u) ${pkgs.espeak}/bin/espeak"; # when run as user + speak = "${pkgs.espeak}/bin/espeak"; # systemwide pulse + whisper = text: ''${speak} -v +whisper -s 110 "${text}"''; + + note = pkgs.writeDash "note-as-user" '' + eval "export $(egrep -z DBUS_SESSION_BUS_ADDRESS /proc/$(${pkgs.procps}/bin/pgrep -u ${user} ${window-manager})/environ)" + ${pkgs.libnotify}/bin/notify-send "$@"; + ''; + in { + enable = true; + inherit user; + plans.low-battery = { + upperLimit = 25; + lowerLimit = 15; + charging = false; + action = pkgs.writeDash "low-speak" '' + ${whisper "power level low, please plug me in"} + ''; + }; + plans.nag-harder = { + upperLimit = 15; + lowerLimit = 5; + charging = false; + action = pkgs.writeDash "crit-speak" '' + ${note} Battery -u critical -t 60000 "Power level critical, do something!" + ${whisper "Power level critical, do something"} + ''; + }; + plans.last-chance = { + upperLimit = 5; + lowerLimit = 3; + charging = false; + action = pkgs.writeDash "suspend-wrapper" '' + ${note} Battery -u crit "You've had your chance, suspend in 5 seconds" + ${concatMapStringsSep "\n" (i: '' + ${note} -u critical -t 1000 ${toString i} + ${speak} ${toString i} & + sleep 1 + '') + [ 5 4 3 2 1 ]} + /var/setuid-wrappers/sudo ${pkgs.systemd}/bin/systemctl suspend + ''; + }; + }; + security.sudo.extraConfig = "${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${pkgs.systemd}/bin/systemctl suspend"; services.redshift = { enable = true; diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 10985c833..655dee7b2 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -3,8 +3,15 @@ with config.krebs.lib; let sec = toString <secrets>; - ssl_cert = "${sec}/wildcard.krebsco.de.crt"; - ssl_key = "${sec}/wildcard.krebsco.de.key"; + ext-dom = "wiki.euer.krebsco.de"; + acmepath = "/var/lib/acme/"; + acmechall = acmepath + "/challenges/"; + + #ssl_cert = "${sec}/wildcard.krebsco.de.crt"; + #ssl_key = "${sec}/wildcard.krebsco.de.key"; + ssl_cert = "${acmepath}/${ext-dom}/fullchain.pem"; + ssl_key = "${acmepath}/${ext-dom}/key.pem"; + user = config.services.nginx.user; group = config.services.nginx.group; fpm-socket = "/var/run/php5-fpm.sock"; @@ -80,22 +87,23 @@ in { listen = [ "${external-ip}:80" "${external-ip}:443 ssl" "${internal-ip}:80" "${internal-ip}:443 ssl" ]; server-names = [ - "wiki.euer.krebsco.de" + ext-dom "wiki.makefu.retiolum" "wiki.makefu" ]; + ssl = { + enable = true; + # these certs will be needed if acme has not yet created certificates: + certificate = ssl_cert; + certificate_key = ssl_key; + force_encryption = true; + }; extraConfig = '' gzip on; gzip_buffers 4 32k; gzip_types text/plain application/x-javascript text/css; - ssl_certificate ${ssl_cert}; - ssl_certificate_key ${ssl_key}; default_type text/plain; - if ($scheme = http){ - return 301 https://$server_name$request_uri; - } - ''; locations = [ (nameValuePair "/" '' @@ -111,8 +119,20 @@ in { include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi.conf; '') + (nameValuePair "/.well-known/acme-challenge" '' + root ${acmechall}/${ext-dom}/; + '') + ]; }; }; }; + security.acme.certs."${ext-dom}" = { + email = "acme@syntax-fehler.de"; + webroot = "${acmechall}/${ext-dom}/"; + group = "nginx"; + allowKeysForGroup = true; + postRun = "systemctl reload nginx.service"; + extraDomains."${ext-dom}" = null ; + }; } diff --git a/makefu/2configs/tinc/siem.nix b/makefu/2configs/tinc/siem.nix new file mode 100644 index 000000000..8f17f1a0a --- /dev/null +++ b/makefu/2configs/tinc/siem.nix @@ -0,0 +1,12 @@ +{lib, config, ... }: +{ + # TODO do not know why we need to force it, port is only set via default to 655 + krebs.build.host.nets.siem.tinc.port = lib.mkForce 1655; + krebs.dns.providers.siem = "hosts"; + networking.firewall.allowedUDPPorts = [ 1665 ]; + networking.firewall.allowedTCPPorts = [ 1655 ]; + krebs.tinc.siem = { + enable = true; + connectTo = [ "shoney" ]; + }; +} diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 99c1315e1..a3286b7fd 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -22,7 +22,7 @@ in bindkey "\e[3~" delete-char zstyle ':completion:*' menu select - gpg-connect-agent updatestartuptty /bye >/dev/null + ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye >/dev/null GPG_TTY=$(tty) export GPG_TTY unset SSH_AGENT_PID diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index febebaa18..7fc095bab 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -2,11 +2,12 @@ _: { imports = [ - ./snapraid.nix - ./umts.nix - ./taskserver.nix ./awesome-extra.nix ./forward-journal.nix + ./ps3netsrv.nix + ./snapraid.nix + ./taskserver.nix + ./umts.nix ]; } diff --git a/makefu/3modules/ps3netsrv.nix b/makefu/3modules/ps3netsrv.nix new file mode 100644 index 000000000..22681637c --- /dev/null +++ b/makefu/3modules/ps3netsrv.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +let + cfg = config.makefu.ps3netsrv; + + out = { + options.makefu.ps3netsrv = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "ps3netsrv"; + + servedir = mkOption { + description = "path to serve, must be set"; + type = types.str; + }; + + package = mkOption { + type = types.package; + default = pkgs.ps3netsrv; + }; + + user = mkOption { + description = ''user which will run ps3netsrv''; + type = types.str; + default = "ps3netsrv"; + }; + }; + + imp = { + systemd.services.ps3netsrv = { + description = "ps3netsrv server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + restartIfChanged = true; + unitConfig = { + Documentation = "https://www.arm-blog.com/playing-ps3-games-from-your-nas/" ; + ConditionPathExists = cfg.servedir; + }; + serviceConfig = { + Type = "simple"; + ExecStart = "${cfg.package}/bin/ps3netsrv++ ${shell.escape cfg.servedir}"; + PrivateTmp = true; + User = "${cfg.user}"; + }; + }; + + # TODO only create if user is ps3netsrv + users.users.ps3netsrv = { + uid = genid "ps3netsrv"; + }; + users.groups.ps3netsrv.gid = genid "ps3netsrv"; + }; +in +out + diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 718b23c9e..6598f5d3f 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -5,20 +5,22 @@ let in { nixpkgs.config.packageOverrides = rec { - alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";}; + alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";}; awesomecfg = callPackage ./awesomecfg {}; bintray-upload = callPackage ./bintray-upload {}; + inherit (callPackage ./devpi {}) devpi-web devpi-server; + f3 = callPackage ./f3 {}; + farpd = callPackage ./farpd {}; git-xlsx-textconv = callPackage ./git-xlsx-textconv {}; mergerfs = callPackage ./mergerfs {}; mycube-flask = callPackage ./mycube-flask {}; nodemcu-uploader = callPackage ./nodemcu-uploader {}; + ps3netsrv = callPackage ./ps3netsrv {}; tw-upload-plugin = callPackage ./tw-upload-plugin {}; - inherit (callPackage ./devpi {}) devpi-web devpi-server; skytraq-logger = callPackage ./skytraq-logger {}; taskserver = callPackage ./taskserver {}; - ps3netsrv = callPackage ./ps3netsrv {}; - farpd = callPackage ./farpd {}; + wol = callPackage ./wol {}; }; } diff --git a/makefu/5pkgs/f3/default.nix b/makefu/5pkgs/f3/default.nix new file mode 100644 index 000000000..e7f20b1e6 --- /dev/null +++ b/makefu/5pkgs/f3/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + name = "f3-${version}"; + version = "6.0"; + + enableParallelBuilding = true; + + src = fetchFromGitHub { + owner = "AltraMayor"; + repo = "f3"; + rev = "v${version}"; + sha256 = "1azi10ba0h9z7m0gmfnyymmfqb8380k9za8hn1rrw1s442hzgnz2"; + }; + + makeFlags = [ "PREFIX=$(out)" ]; + patchPhase = "sed -i 's/-oroot -groot//' Makefile"; + + meta = { + description = "Fight Flash Fraud"; + homepage = http://oss.digirati.com.br/f3/; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ makefu ]; + }; +} diff --git a/makefu/5pkgs/git-xlsx-textconv/default.nix b/makefu/5pkgs/git-xlsx-textconv/default.nix index 1f631f020..66dde76ef 100644 --- a/makefu/5pkgs/git-xlsx-textconv/default.nix +++ b/makefu/5pkgs/git-xlsx-textconv/default.nix @@ -1,6 +1,6 @@ -{ stdenv, lib, goPackages, fetchFromGitHub }: +{ stdenv, lib, buildGoPackage, fetchFromGitHub }: let - go-xlsx = goPackages.buildGoPackage rec { + go-xlsx = buildGoPackage rec { name = "go-xlsx-${version}"; version = "46e6e472d"; @@ -13,7 +13,7 @@ let }; }; in -(goPackages.buildGoPackage rec { +(buildGoPackage rec { name = "git-xlsx-textconv-${version}"; version = "70685e7f8"; diff --git a/makefu/5pkgs/ps3netsrv/default.nix b/makefu/5pkgs/ps3netsrv/default.nix index 904185934..f62ee0c9a 100644 --- a/makefu/5pkgs/ps3netsrv/default.nix +++ b/makefu/5pkgs/ps3netsrv/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { url = "https://github.com/dirkvdb/ps3netsrv--"; fetchSubmodules = true; rev = "e54a66cbf142b86e2cffc1701984b95adb921e81"; # latest @ 2016-05-24 - sha256 = "0l7bp18cs3xr2qgsmcf18diccski49mj9whngxm9isi8wd4r9inj"; + sha256 = "09hvmfzqy2jckpsml0z1gkcnar8sigmgs1q66k718fph2d3g54sa"; }; nativeBuildInputs = [ gnugrep ]; diff --git a/makefu/5pkgs/wol/default.nix b/makefu/5pkgs/wol/default.nix new file mode 100644 index 000000000..a6d54b8a2 --- /dev/null +++ b/makefu/5pkgs/wol/default.nix @@ -0,0 +1,22 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + proj = "wake-on-lan"; + name = "wol-${version}"; + version = "0.7.1"; + + enableParallelBuilding = true; + + src = fetchurl { + url = "mirror://sourceforge/${proj}/${name}.tar.gz"; + sha256 = "08i6l5lr14mh4n3qbmx6kyx7vjqvzdnh3j9yfvgjppqik2dnq270"; + }; + + meta = { + description = "simple wake-on-lan client"; + homepage = https://sourceforge.net/projects/wake-on-lan/; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ makefu ]; + }; +} |