diff options
Diffstat (limited to 'makefu')
| -rw-r--r-- | makefu/1systems/gum/config.nix | 5 | ||||
| -rw-r--r-- | makefu/1systems/omo/config.nix | 13 | ||||
| -rw-r--r-- | makefu/1systems/sdev/config.nix | 26 | ||||
| -rw-r--r-- | makefu/1systems/vbob/config.nix | 41 | ||||
| -rw-r--r-- | makefu/1systems/wbob/config.nix | 6 | ||||
| -rw-r--r-- | makefu/1systems/x/config.nix | 72 | ||||
| -rw-r--r-- | makefu/2configs/git/cgit-retiolum.nix | 1 | ||||
| -rw-r--r-- | makefu/2configs/hw/vbox-guest.nix | 16 | ||||
| -rw-r--r-- | makefu/2configs/hydra/stockholm.nix | 34 | ||||
| -rw-r--r-- | makefu/2configs/tools/mobility.nix | 2 | ||||
| -rw-r--r-- | makefu/2configs/tools/studio.nix | 4 | ||||
| -rw-r--r-- | makefu/2configs/urlwatch/default.nix | 4 | ||||
| -rw-r--r-- | makefu/5pkgs/default.nix | 2 | ||||
| -rw-r--r-- | makefu/5pkgs/programs-db/default.nix | 12 | ||||
| -rw-r--r-- | makefu/6tests/data/secrets/torrent-secrets/auth.nix | 1 | ||||
| -rw-r--r-- | makefu/source.nix | 3 |
16 files changed, 169 insertions, 73 deletions
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index a656fdce3..b859efc94 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -148,6 +148,11 @@ in { allowedIPs = [ "10.244.0.5/32" ]; publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; } + { + # workr + allowedIPs = [ "10.244.0.6/32" ]; + publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; + } ]; }; } diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 1e087fef4..01438397e 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -25,16 +25,18 @@ let # | | # |* | # |* d2 | - # | * r0 | + # | * | + # | * | # |_______| cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; + cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4"; # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; # all physical disks # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } - dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ]; + dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ]; allDisks = [ rootDisk ] ++ dataDisks; in { imports = @@ -69,6 +71,7 @@ in { <stockholm/makefu/2configs/mqtt.nix> <stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/deployment/google-muell.nix> + <stockholm/makefu/2configs/virtualisation/docker.nix> # security @@ -117,7 +120,6 @@ in { services.sabnzbd.enable = true; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - virtualisation.docker.enable = true; makefu.ps3netsrv = { enable = true; servedir = "/media/cryptX/emu/ps3"; @@ -127,6 +129,7 @@ in { makefu.snapraid = { enable = true; + # TODO: 3 is not protected disks = map toMapper [ 0 1 ]; parity = toMapper 2; }; @@ -139,7 +142,7 @@ in { ''; environment.systemPackages = with pkgs;[ mergerfs # hard requirement for mount - wol # wake up filepimp + wol # wake up filepimp f3 ]; fileSystems = let @@ -151,6 +154,7 @@ in { in cryptMount "crypt0" // cryptMount "crypt1" // cryptMount "crypt2" + // cryptMount "crypt3" // { "/media/cryptX" = { device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]); fsType = "mergerfs"; @@ -179,6 +183,7 @@ in { (usbkey "crypt0" cryptDisk0) (usbkey "crypt1" cryptDisk1) (usbkey "crypt2" cryptDisk2) + (usbkey "crypt3" cryptDisk3) ]; }; loader.grub.device = lib.mkForce rootDisk; diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index 38c044be4..c2cd23d1e 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -5,32 +5,35 @@ imports = [ # Include the results of the hardware scan. <stockholm/makefu> - (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>) - (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>) + + # <stockholm/makefu/2configs/hw/vbox-guest.nix> + { # until virtualbox-image is fixed + imports = [ + <stockholm/makefu/2configs/fs/single-partition-ext4.nix> + ]; + boot.loader.grub.device = "/dev/sda"; + } <stockholm/makefu/2configs/main-laptop.nix> # <secrets/extra-hosts.nix> # environment <stockholm/makefu/2configs/tinc/retiolum.nix> + <stockholm/makefu/2configs/virtualisation/docker.nix> ]; - # workaround for https://github.com/NixOS/nixpkgs/issues/16641 - services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ]; - - nixpkgs.config.allowUnfree = true; - # allow sdev to deploy self users.extraUsers = { root = { openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; }; }; + # corefonts + nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs;[ ppp xclip get passwdqc-utils - docker gnupg populate (pkgs.writeScriptBin "tor-browser" '' @@ -39,18 +42,11 @@ '') ]; - virtualisation.docker.enable = true; - networking.firewall.allowedTCPPorts = [ 25 80 8010 ]; - fileSystems."/media/share" = { - fsType = "vboxsf"; - device = "share"; - options = [ "rw" "uid=9001" "gid=9001" ]; - }; } diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index ffd9deaee..208dd1ff7 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -8,30 +8,9 @@ { imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ]; boot.loader.grub.device = "/dev/sda"; - virtualisation.virtualbox.guest.enable = true; } - # { - # imports = [ - # <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix> - # ]; - # virtualbox.baseImageSize = 35 * 1024; - # fileSystems."/media/share" = { - # fsType = "vboxsf"; - # device = "share"; - # options = [ "rw" "uid=9001" "gid=9001" ]; - # }; - # } - - # { - # imports = [ - # <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> - # ]; - # fileSystems."/nix" = { - # device ="/dev/disk/by-label/nixstore"; - # fsType = "ext4"; - # }; - # } - + # <stockholm/makefu/2configs/hw/vbox-guest.nix> + # <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> # base gui # <stockholm/makefu/2configs/main-laptop.nix> @@ -75,14 +54,8 @@ ]; networking.extraHosts = import (toString <secrets/extra-hosts.nix>); - nixpkgs.config.allowUnfree = true; - # allow vbob to deploy self - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; - }; - }; + users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; environment.shellAliases = { forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn"; @@ -94,16 +67,18 @@ ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail ''; + + # for forticlient + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs;[ fortclientsslvpn ppp xclip get logstash - # docker #devpi-web #devpi-client ansible ]; - # virtualisation.docker.enable = true; networking.firewall.allowedTCPPorts = [ @@ -111,6 +86,6 @@ 80 8010 ]; - + # required for qemu systemd.services."serial-getty@ttyS0".enable = true; } diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 6434ba273..637d8e2d8 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -29,7 +29,8 @@ in { # <stockholm/makefu/2configs/vncserver.nix> # Services - <stockholm/makefu/2configs/remote-build/slave.nix> + <stockholm/makefu/2configs/hydra/stockholm.nix> + <stockholm/makefu/2configs/share/wbob.nix> (let musicDirectory = "/data/music"; @@ -83,6 +84,9 @@ in { load-module module-filter-apply load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 load-module module-switch-on-connect + # may be required for "system-wide" pulse to connect to bluetooth + #module-bluez5-device + #module-bluez5-discover ''; }; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index d5a9bdcfb..ad2ad8779 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -40,7 +40,7 @@ with import <stockholm/lib>; # Virtualization <stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/virtualisation/docker.nix> - <stockholm/makefu/2configs/virtualisation/virtualbox.nix> + # <stockholm/makefu/2configs/virtualisation/virtualbox.nix> { networking.firewall.allowedTCPPorts = [ 8080 ]; networking.nat = { @@ -60,7 +60,7 @@ with import <stockholm/lib>; # Hardware <stockholm/makefu/2configs/hw/tp-x230.nix> # <stockholm/makefu/2configs/hw/tpm.nix> - <stockholm/makefu/2configs/hw/rtl8812au.nix> + # <stockholm/makefu/2configs/hw/rtl8812au.nix> <stockholm/makefu/2configs/hw/network-manager.nix> <stockholm/makefu/2configs/hw/stk1160.nix> # <stockholm/makefu/2configs/rad1o.nix> @@ -78,6 +78,74 @@ with import <stockholm/lib>; # <stockholm/makefu/2configs/lanparty/lancache-dns.nix> # <stockholm/makefu/2configs/lanparty/samba.nix> # <stockholm/makefu/2configs/lanparty/mumble-server.nix> + # <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> + + { + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.2/24" ]; + privateKeyFile = (toString <secrets>) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [ + { + # gum + endpoint = "${config.krebs.hosts.gum.nets.internet.ip4.addr}:51820"; + allowedIPs = [ "10.244.0.0/24" ]; + publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; + } + #{ + # # vbob + # allowedIPs = [ "10.244.0.3/32" ]; + # publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; + #} + ]; + }; + } + { # bluetooth+pulse config + # for blueman-applet + users.users.makefu.packages = [ + pkgs.blueman + ]; + hardware.pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + # systemWide = true; + support32Bit = true; + configFile = pkgs.writeText "default.pa" '' + load-module module-udev-detect + load-module module-bluetooth-policy + load-module module-bluetooth-discover + load-module module-native-protocol-unix + load-module module-always-sink + load-module module-console-kit + load-module module-systemd-login + load-module module-intended-roles + load-module module-position-event-sounds + load-module module-filter-heuristics + load-module module-filter-apply + load-module module-switch-on-connect + ''; + }; + + # presumably a2dp Sink + # Enable profile: + ## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink + hardware.bluetooth.extraConfig = ''; + [general] + Enable=Source,Sink,Media,Socket + ''; + + # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio + hardware.bluetooth.enable = true; + } + { # auto-mounting + services.udisks2.enable = true; + services.devmon.enable = true; + # services.gnome3.gvfs.enable = true; + users.users.makefu.packages = with pkgs;[ + gvfs pcmanfm lxmenu-data + ]; + environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; + } ]; diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index eacbd99cf..1109e2519 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -28,6 +28,7 @@ let init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; + hydra-stockholm = { }; }; priv-repos = mapAttrs make-priv-repo { diff --git a/makefu/2configs/hw/vbox-guest.nix b/makefu/2configs/hw/vbox-guest.nix new file mode 100644 index 000000000..65f915a2f --- /dev/null +++ b/makefu/2configs/hw/vbox-guest.nix @@ -0,0 +1,16 @@ +{ lib, ...}: +{ + ## Guest Extensions are currently broken + imports = [ + (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>) + ]; + virtualisation.virtualbox.guest.enable = true; + services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ]; + + fileSystems."/media/share" = { + fsType = "vboxsf"; + device = "share"; + options = [ "rw" "uid=9001" "gid=9001" "nofail" ]; + }; + # virtualbox.baseImageSize = 35 * 1024; +} diff --git a/makefu/2configs/hydra/stockholm.nix b/makefu/2configs/hydra/stockholm.nix new file mode 100644 index 000000000..4bdb09213 --- /dev/null +++ b/makefu/2configs/hydra/stockholm.nix @@ -0,0 +1,34 @@ +# iterative: +# $ hydra-create-user krebs --password derp --role admin +# curl 'http://hydra.wbob.r/project/.new' -X PUT -H 'Host: hydra.wbob.r' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: redirect_to=%252F; hydra_session=abcdefghijklmnopqrstuvwxyz' -H 'Connection: keep-alive' --data 'enabled=on&visible=on&name=stockholm&displayname=Stockholm&description=make+all+systems+into+1systems&homepage=https%3A%2F%2Fkrebsco.de&owner=krebs&declfile=spec.json&decltype=git&declvalue=http%3A%2F%2Fcgit.euer.krebsco.de%2Fhydra-stockholm' + +{ + + # TODO postgres backup + services.postgresql.enable = true; + + services.hydra = { + enable = true; + hydraURL = "http://hydra.wbob.r"; # externally visible URL + notificationSender = "hydra@wbob.r"; + # you will probably also want, otherwise *everything* will be built from scratch + useSubstitutes = true; + port = 3030; + buildMachinesFiles = []; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + services.nginx = { + enable = true; + virtualHosts."hydra.wbob.r" = { + locations."/" = { + proxyPass = "http://localhost:3030/"; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ''; + }; + }; + }; +} diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index f2676f11c..1993a5212 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -5,5 +5,5 @@ mosh ]; - # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; } diff --git a/makefu/2configs/tools/studio.nix b/makefu/2configs/tools/studio.nix index 0356ba391..e0c68167f 100644 --- a/makefu/2configs/tools/studio.nix +++ b/makefu/2configs/tools/studio.nix @@ -9,8 +9,8 @@ # owncloudclient (pkgs.writeScriptBin "prepare-pulseaudio" '' pactl load-module module-null-sink sink_name=stream sink_properties=device.description="Streaming" - pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream latency_msec=1 - pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream latency_msec=1 + pactl load-module module-loopback source=alsa_output.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo.monitor sink=stream + pactl load-module module-loopback source=alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo sink=stream darkice -c ~/lol.conf '') ]; diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index 677950f43..d0fb4fe41 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -34,7 +34,7 @@ in { http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack - https://git.tasktools.org/TM/taskd/info/refs?service=git-upload-pack + http://www.iozone.org/src/current/ { @@ -51,6 +51,8 @@ in { "embray/d2to1" "dorimanx/exfat-nofuse" "rapid7/metasploit-framework" + "GothenburgBitFactory/taskserver" + "GothenburgBitFactory/taskwarrior" ]; }; } diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 80a0d33cd..b1d6df67e 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -3,7 +3,7 @@ self: super: let # This callPackage will try to detect obsolete overrides. callPackage = path: args: let - override = super.callPackage path args; + override = super.callPackage path args; upstream = optionalAttrs (override ? "name") (super.${(parseDrvName override.name).name} or {}); in if upstream ? "name" && diff --git a/makefu/5pkgs/programs-db/default.nix b/makefu/5pkgs/programs-db/default.nix deleted file mode 100644 index f40b1b96e..000000000 --- a/makefu/5pkgs/programs-db/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ stdenv }: - -stdenv.mkDerivation rec { - name = "programs-db"; - src = builtins.fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz ; - - phases = [ "unpackPhase" "installPhase" ]; - installPhase = '' - cp programs.sqlite $out - ''; - -} diff --git a/makefu/6tests/data/secrets/torrent-secrets/auth.nix b/makefu/6tests/data/secrets/torrent-secrets/auth.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/makefu/6tests/data/secrets/torrent-secrets/auth.nix @@ -0,0 +1 @@ +{} diff --git a/makefu/source.nix b/makefu/source.nix index f06c9454f..708f0d20c 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,7 +13,8 @@ let then "buildbot" else "makefu"; _file = <stockholm> + "/makefu/1systems/${name}/source.nix"; - ref = "cd36b3d"; # nixos-17.09 @ 2018-02-06 + # TODO: automate updating of this ref + cherry-picks + ref = "51810e0"; # nixos-17.09 @ 2018-02-14 # + do_sqlite3 ruby: 55a952be5b5 # + signal: 0f19beef3 |