diff options
Diffstat (limited to 'makefu')
| -rw-r--r-- | makefu/1systems/vbob.nix | 12 | ||||
| -rw-r--r-- | makefu/1systems/x.nix | 50 | ||||
| -rw-r--r-- | makefu/2configs/audio/jack-on-pulse.nix | 5 | ||||
| -rw-r--r-- | makefu/2configs/audio/realtime-audio.nix | 2 | ||||
| -rw-r--r-- | makefu/2configs/deployment/dirctator.nix | 6 | ||||
| -rw-r--r-- | makefu/2configs/deployment/led-fader.nix | 1 | ||||
| -rw-r--r-- | makefu/2configs/docker.nix | 4 | ||||
| -rw-r--r-- | makefu/2configs/hw/exfat-nofuse.nix | 4 | ||||
| -rw-r--r-- | makefu/2configs/hw/stk1160.nix | 3 | ||||
| -rw-r--r-- | makefu/2configs/hw/wwan.nix (renamed from makefu/2configs/wwan.nix) | 0 | ||||
| -rw-r--r-- | makefu/2configs/lanparty/lancache-dns.nix | 55 | ||||
| -rw-r--r-- | makefu/2configs/lanparty/lancache.nix | 73 | ||||
| -rw-r--r-- | makefu/2configs/sources/musnix.nix | 2 | ||||
| -rw-r--r-- | makefu/2configs/task-client.nix | 14 | ||||
| -rw-r--r-- | makefu/2configs/tools/dev.nix | 2 | ||||
| -rw-r--r-- | makefu/2configs/tools/extra-gui.nix | 5 | ||||
| -rw-r--r-- | makefu/5pkgs/arduino-user-env/default.nix | 35 |
17 files changed, 233 insertions, 40 deletions
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 7421125e4..b79ec64c0 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -9,13 +9,21 @@ (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>) ../2configs/main-laptop.nix #< base-gui + # Tools + ../2configs/tools/core.nix + ../2configs/tools/core-gui.nix + ../2configs/tools/dev.nix + ../2configs/tools/extra-gui.nix + ../2configs/tools/sec.nix + # environment ../2configs/tinc/retiolum.nix + ../2configs/audio/jack-on-pulse.nix + ../2configs/audio/realtime-audio.nix + ]; networking.extraHosts = import (toString <secrets/extra-hosts.nix>); - # workaround for https://github.com/NixOS/nixpkgs/issues/16641 - services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ]; nixpkgs.config.allowUnfree = true; fileSystems."/nix" = { diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index ee3a7bb1b..b37c32944 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -13,59 +13,49 @@ with import <stockholm/lib>; ../2configs/tools/all.nix ../2configs/laptop-backup.nix ../2configs/dnscrypt.nix + ../2configs/avahi.nix - # testing - # ../2configs/openvpn/vpngate.nix - #../2configs/temp/share-samba.nix - # ../2configs/mediawiki.nix - # ../2configs/wordpress.nix - # ../2configs/nginx/public_html.nix - # ../2configs/nginx/icecult.nix - - # ../2configs/elchos/irc-token.nix - # ../2configs/elchos/log.nix - - #../2configs/elchos/search.nix - #../2configs/elchos/stats.nix - #../2configs/elchos/test/ftpservers.nix - - # ../2configs/tinc/siem.nix - #../2configs/torrent.nix - # temporary modules - - # ../2configs/torrent.nix - #../2configs/temp/elkstack.nix - # ../2configs/temp/sabnzbd.nix + # Debugging + # ../2configs/disable_v6.nix + # Testing + # ../2configs/deployment/dirctator.nix + # ../2configs/vncserver.nix + # ../2configs/deployment/led-fader + # ../2configs/deployment/hound # development ../2configs/sources # Krebs - # ../2configs/disable_v6.nix ../2configs/tinc/retiolum.nix # applications ../2configs/exim-retiolum.nix ../2configs/mail-client.nix ../2configs/printer.nix + ../2configs/task-client.nix + + # Virtualization ../2configs/virtualization.nix + ../2configs/docker.nix ../2configs/virtualization-virtualbox.nix - ../2configs/wwan.nix - ../2configs/rad1o.nix - # services + # Services ../2configs/git/brain-retiolum.nix ../2configs/tor.nix ../2configs/steam.nix # ../2configs/buildbot-standalone.nix - # hardware specifics are in here + # Hardware ../2configs/hw/tp-x230.nix ../2configs/hw/rtl8812au.nix - ../2configs/hw/stk1160.nix + ../2configs/hw/exfat-nofuse.nix + ../2configs/hw/wwan.nix + # ../2configs/hw/stk1160.nix + # ../2configs/rad1o.nix - # mount points + # Filesystem ../2configs/fs/sda-crypto-root-home.nix ]; @@ -76,10 +66,8 @@ with import <stockholm/lib>; nixpkgs.config.allowUnfree = true; - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; environment.systemPackages = [ pkgs.passwdqc-utils ]; - virtualisation.docker.enable = true; # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; diff --git a/makefu/2configs/audio/jack-on-pulse.nix b/makefu/2configs/audio/jack-on-pulse.nix index 49b61d5a2..a8ee05c7d 100644 --- a/makefu/2configs/audio/jack-on-pulse.nix +++ b/makefu/2configs/audio/jack-on-pulse.nix @@ -11,7 +11,10 @@ in package = pulse; }; - environment.systemPackages = with pkgs; [ jack2Full ]; + environment.systemPackages = with pkgs; [ + jack2Full + jack_capture + ]; # from http://anderspapitto.com/posts/2015-11-26-overtone-on-nixos-with-jack-and-pulseaudio.html systemd.user.services = { diff --git a/makefu/2configs/audio/realtime-audio.nix b/makefu/2configs/audio/realtime-audio.nix index fbeacd025..6cb18c45c 100644 --- a/makefu/2configs/audio/realtime-audio.nix +++ b/makefu/2configs/audio/realtime-audio.nix @@ -10,7 +10,7 @@ in musnix.enable = true; musnix.kernel.optimize = true; musnix.kernel.realtime = true; - # TODO: musnix.kernel.packages = pkgs.linuxPackages_latest_rt; + musnix.kernel.packages = pkgs.linuxPackages_latest_rt; users.users."${user}".extraGroups = [ "audio" ]; } diff --git a/makefu/2configs/deployment/dirctator.nix b/makefu/2configs/deployment/dirctator.nix index b8e61955d..4f2f8818d 100644 --- a/makefu/2configs/deployment/dirctator.nix +++ b/makefu/2configs/deployment/dirctator.nix @@ -25,6 +25,10 @@ in { stdout { codec => rubydebug } exec { command => "${runit} '%{message}" } ''; - plugins = [ ]; + extraSettings = '' + path.plugins: [ "${pkgs.logstash-output-exec}" ] + ''; + ## NameError: `@path.plugins' is not allowable as an instance variable name + # plugins = [ pkgs.logstash-output-exec ]; }; } diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix index 50023693d..678370c69 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/deployment/led-fader.nix @@ -31,6 +31,7 @@ in { }; # after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ]; wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; serviceConfig = { # User = "nobody"; # need a user with permissions to run nix-shell ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json"; diff --git a/makefu/2configs/docker.nix b/makefu/2configs/docker.nix new file mode 100644 index 000000000..98fd980cc --- /dev/null +++ b/makefu/2configs/docker.nix @@ -0,0 +1,4 @@ +{...}: +{ + virtualisation.docker.enable = true; +} diff --git a/makefu/2configs/hw/exfat-nofuse.nix b/makefu/2configs/hw/exfat-nofuse.nix new file mode 100644 index 000000000..ca3485e9f --- /dev/null +++ b/makefu/2configs/hw/exfat-nofuse.nix @@ -0,0 +1,4 @@ +{ config, ... }: +{ + boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; +} diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix index b4d033d76..e73741e26 100644 --- a/makefu/2configs/hw/stk1160.nix +++ b/makefu/2configs/hw/stk1160.nix @@ -1,9 +1,8 @@ { pkgs, ... }: { # TODO: un-pin linuxPackages somehow - boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages_4_9; nixpkgs.config.packageOverrides = pkgs: { - linux_4_9 = pkgs.linux_4_9.override { + linux_latest = pkgs.linux_latest.override { extraConfig = '' MEDIA_ANALOG_TV_SUPPORT y VIDEO_STK1160_COMMON m diff --git a/makefu/2configs/wwan.nix b/makefu/2configs/hw/wwan.nix index 0eb0c97d7..0eb0c97d7 100644 --- a/makefu/2configs/wwan.nix +++ b/makefu/2configs/hw/wwan.nix diff --git a/makefu/2configs/lanparty/lancache-dns.nix b/makefu/2configs/lanparty/lancache-dns.nix new file mode 100644 index 000000000..4b4ebf0a0 --- /dev/null +++ b/makefu/2configs/lanparty/lancache-dns.nix @@ -0,0 +1,55 @@ +{ pkgs, lib, config, ... }: +with import <stockholm/lib>; +let + # see https://github.com/zeropingheroes/lancache for full docs + lancache-dns = pkgs.stdenv.mkDerivation rec { + name = "lancache-dns-2017-06-28"; + src = pkgs.fetchFromGitHub { + # forked: https://github.com/zeropingheroes/lancache-dns + repo = "lancache-dns"; + owner = "zeropingheroes"; + rev = "420aa62"; + sha256 = "0ik7by7ripdv2avyy5kk9jp1i7rz9ksc8xmg7n9iik365q9pv94m"; + }; + phases = [ "unpackPhase" "installPhase" ]; + # here we can chance to edit `includes/proxy-cache-paths.conf` + installPhase = '' + mkdir -p $out + cp -r * $out/ + ''; + }; + stateDir = "/var/lib/unbound"; + user = "unbound"; + upstream-server = "8.8.8.8"; +in { + services.unbound = { + enable = true; + allowedAccess = [ "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" ]; + interfaces = ["0.0.0.0" "::" ]; + forwardAddresses = [ upstream-server ]; + extraConfig = '' + include: "${stateDir}/lancache/*.conf" + ''; + }; + services.dnscrypt-proxy.enable = lib.mkForce false; + virtualisation.libvirtd.enable = lib.mkForce false; + systemd.services.dns-lancache-prepare = { + wantedBy = [ "unbound.service" ]; + before = [ "unbound.service" ]; + after = [ "network-online.target" ]; + partOf= [ "unbound.service" ]; + + path = [ pkgs.gawk pkgs.iproute pkgs.gnused ]; + script = '' + set -xeu + current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}') + old_ip=10.1.1.250 + mkdir -p ${stateDir} + rm -rvf ${stateDir}/lancache + cp -r ${lancache-dns}/upstreams-available ${stateDir}/lancache + sed -i "s/$old_ip/$current_ip/g" ${stateDir}/lancache/*.conf + chown -R unbound ${stateDir} + ''; + }; + networking.firewall.allowedUDPPorts = [ 53 ]; +} diff --git a/makefu/2configs/lanparty/lancache.nix b/makefu/2configs/lanparty/lancache.nix new file mode 100644 index 000000000..ff5b0d788 --- /dev/null +++ b/makefu/2configs/lanparty/lancache.nix @@ -0,0 +1,73 @@ +{ pkgs, lib, config, ... }: +with import <stockholm/lib>; +let + # see https://github.com/zeropingheroes/lancache for full docs + lancache= pkgs.stdenv.mkDerivation rec { + name = "lancache-2017-06-26"; + src = pkgs.fetchFromGitHub { + # origin: https://github.com/multiplay/lancache + # forked: https://github.com/zeropingheroes/lancache + repo = "lancache"; + owner = "zeropingheroes"; + rev = "143f7bb"; + sha256 = "1ra4l7qz3k231j5wabr89s5hh80n1kk8vgd3dsh0xx5mdpjhvdl6"; + }; + phases = [ "unpackPhase" "installPhase" ]; + # here we can chance to edit `includes/proxy-cache-paths.conf` + installPhase = '' + mkdir -p $out + cp -r * $out/ + sed -i -e 's/^\(user\).*/\1 ${cfg.user} ${cfg.group};/' \ + -e '1 idaemon off;' \ + $out/nginx.conf + ''; + }; + cfg = { + group = "nginx-lancache"; + user = "nginx-lancache"; + statedir = "/var/lancache"; + package = pkgs.stdenv.lib.overrideDerivation pkgs.nginx (old:{ + configureFlags = old.configureFlags ++ [ + "--with-http_slice_module" + "--with-stream" + "--with-pcre" + ]; + }); + }; +in { + systemd.services.nginx-lancache = { + description = "Nginx lancache Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + restartIfChanged = true; + + preStart = '' + mkdir -p ${cfg.statedir} && cd ${cfg.statedir} + PATH_CACHE=$PATH_BASE/cache + PATH_LOGS=$PATH_BASE/logs + + mkdir -p cache/{installers,tmp} logs + rm -f conf; ln -s ${lancache} conf + chown -R ${cfg.user}:${cfg.group} . + ''; + serviceConfig = { + ExecStart = "${cfg.package}/bin/nginx -p ${cfg.statedir}"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + Restart = "always"; + RestartSec = "10s"; + StartLimitInterval = "1min"; + }; + }; + environment.etc.nginx.source = lancache; + users.extraUsers = (singleton + { name = cfg.user; + group = cfg.group; + uid = genid cfg.group; + }); + + users.extraGroups = (singleton + { name = "${cfg.group}"; + gid = genid cfg.group; + }); + +} diff --git a/makefu/2configs/sources/musnix.nix b/makefu/2configs/sources/musnix.nix index d02dd4a48..a5be303e9 100644 --- a/makefu/2configs/sources/musnix.nix +++ b/makefu/2configs/sources/musnix.nix @@ -1,6 +1,6 @@ { krebs.build.source.musnix.git = { url = https://github.com/musnix/musnix.git; - ref = "37a8378"; + ref = "f0ec1f3"; }; } diff --git a/makefu/2configs/task-client.nix b/makefu/2configs/task-client.nix new file mode 100644 index 000000000..330616f4a --- /dev/null +++ b/makefu/2configs/task-client.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: +{ + krebs.per-user.makefu.packages = [ + pkgs.taskwarrior + ]; + + environment.shellAliases = { + tshack = "task project:shack"; + twork = "task project:soc"; + tpki = "task project:pki"; + tkrebs = "task project:krebs"; + t = "task project: "; + }; +} diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 4fe7f8bf4..e40f5b36f 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -12,5 +12,7 @@ cac-api cac-panel ovh-zone + whatsupnix + brain ]; } diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 56cdccd1f..1e68e935c 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -2,13 +2,16 @@ { krebs.per-user.makefu.packages = with pkgs;[ + # media gimp inkscape libreoffice - saleae-logic skype synergy tdesktop virtmanager + # Dev + saleae-logic + arduino-user-env ]; } diff --git a/makefu/5pkgs/arduino-user-env/default.nix b/makefu/5pkgs/arduino-user-env/default.nix new file mode 100644 index 000000000..7339c50a2 --- /dev/null +++ b/makefu/5pkgs/arduino-user-env/default.nix @@ -0,0 +1,35 @@ +{ lib, pkgs, ... }: let + +#TODO: make sure env exists prior to running +env_nix = pkgs.writeText "env.nix" '' + { pkgs ? import <nixpkgs> {} }: + + (pkgs.buildFHSUserEnv { + name = "arduino-user-env"; + targetPkgs = pkgs: with pkgs; [ + coreutils + ]; + multiPkgs = pkgs: with pkgs; [ + arduino + alsaLib + zlib + xorg.libXxf86vm + curl + openal + openssl_1_0_2 + xorg.libXext + xorg.libX11 + xorg.libXrandr + xorg.libXcursor + xorg.libXinerama + xorg.libXi + mesa_glu + ]; + runScript = "zsh"; + }).env +''; + + +in pkgs.writeDashBin "arduino-user-env" '' + nix-shell ${env_nix} +'' |