diff options
Diffstat (limited to 'makefu')
| -rw-r--r-- | makefu/1systems/gum.nix | 1 | ||||
| -rw-r--r-- | makefu/1systems/x.nix | 6 | ||||
| -rw-r--r-- | makefu/2configs/default.nix | 8 | ||||
| -rw-r--r-- | makefu/2configs/deployment/mycube.connector.one.nix | 6 | ||||
| -rw-r--r-- | makefu/2configs/gum-share.nix | 39 | ||||
| -rw-r--r-- | makefu/2configs/hw/bcm4352.nix | 1 | ||||
| -rw-r--r-- | makefu/2configs/hw/tp-x230.nix (renamed from makefu/2configs/hw/tp-x220.nix) | 18 | ||||
| -rw-r--r-- | makefu/2configs/hw/tp-x2x0.nix | 7 | ||||
| -rw-r--r-- | makefu/2configs/nginx/euer.wiki.nix | 1 | ||||
| -rw-r--r-- | makefu/2configs/tinc/retiolum.nix | 3 | ||||
| -rw-r--r-- | makefu/2configs/urlwatch.nix | 2 |
11 files changed, 77 insertions, 15 deletions
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index bfd880b88..8a43d25ff 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -24,6 +24,7 @@ in { ../2configs/torrent.nix ../2configs/graphite-standalone.nix ../2configs/sabnzbd.nix + ../2configs/gum-share.nix ../2configs/opentracker.nix diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index e7f5d0dae..e1aec360d 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -32,7 +32,7 @@ # ../2configs/buildbot-standalone.nix # hardware specifics are in here - ../2configs/hw/tp-x220.nix + ../2configs/hw/tp-x230.nix ../2configs/hw/rtl8812au.nix ../2configs/hw/bcm4352.nix # mount points @@ -46,7 +46,7 @@ # temporary modules ../2configs/temp/share-samba.nix ../2configs/laptop-backup.nix - ../2configs/temp/elkstack.nix + #../2configs/temp/elkstack.nix # ../2configs/temp/sabnzbd.nix ../2configs/tinc/siem.nix #../2configs/torrent.nix @@ -62,7 +62,7 @@ environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ]; - # virtualisation.docker.enable = true; + virtualisation.docker.enable = true; # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index cb6fe55b8..db69be2fa 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -10,7 +10,6 @@ with import <stockholm/lib>; } ./vim.nix ./binary-cache/nixos.nix - ./binary-cache/lass.nix ]; nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); @@ -90,9 +89,14 @@ with import <stockholm/lib>; "d /tmp 1777 root root - -" ]; nix.nixPath = [ "/var/src" ]; - environment.variables = { + environment.variables = let + ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + in { NIX_PATH = mkForce "/var/src"; EDITOR = mkForce "vim"; + CURL_CA_BUNDLE = ca-bundle; + GIT_SSL_CAINFO = ca-bundle; + SSL_CERT_FILE = ca-bundle; }; environment.systemPackages = with pkgs; [ diff --git a/makefu/2configs/deployment/mycube.connector.one.nix b/makefu/2configs/deployment/mycube.connector.one.nix index 2877d2227..091b7f21b 100644 --- a/makefu/2configs/deployment/mycube.connector.one.nix +++ b/makefu/2configs/deployment/mycube.connector.one.nix @@ -6,7 +6,11 @@ let external-ip = config.krebs.build.host.nets.internet.ip4.addr; wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock"; in { - services.redis.enable = true; + services.redis = { + enable = true; + }; + systemd.services.redis.serviceConfig.LimitNOFILE=10032; + services.uwsgi = { enable = true; user = "nginx"; diff --git a/makefu/2configs/gum-share.nix b/makefu/2configs/gum-share.nix new file mode 100644 index 000000000..e578f43d3 --- /dev/null +++ b/makefu/2configs/gum-share.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +let + hostname = config.krebs.build.host.name; +in { + # users.users.smbguest = { + # name = "smbguest"; + # uid = config.ids.uids.smbguest; + # description = "smb guest user"; + # home = "/var/empty"; + # }; + + users.users.download = { }; + services.samba = { + enable = true; + shares = { + download = { + path = "/var/download"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "no"; + "valid users" = "download"; + }; + }; + extraConfig = '' + # guest account = smbguest + # map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport 445 -j ACCEPT + ''; +} diff --git a/makefu/2configs/hw/bcm4352.nix b/makefu/2configs/hw/bcm4352.nix index 516637eb8..5dc8a1449 100644 --- a/makefu/2configs/hw/bcm4352.nix +++ b/makefu/2configs/hw/bcm4352.nix @@ -1,6 +1,7 @@ {config, ...}: { networking.enableB43Firmware = true; + boot.kernelModules = [ "wl" ]; boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; } diff --git a/makefu/2configs/hw/tp-x220.nix b/makefu/2configs/hw/tp-x230.nix index ce3e34ad3..99563a771 100644 --- a/makefu/2configs/hw/tp-x220.nix +++ b/makefu/2configs/hw/tp-x230.nix @@ -5,9 +5,19 @@ with import <stockholm/lib>; imports = [ ./tp-x2x0.nix ]; boot = { - kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" "tp_smapi" ]; - extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; + # tp-smapi is not supported bt x230 anymore + kernelModules = [ + "kvm-intel" + "thinkpad_ec" + # "acpi_call" + # "thinkpad_acpi" + # "tpm-rng" + ]; + extraModulePackages = [ + # config.boot.kernelPackages.acpi_call + ]; }; + services.acpid.enable = true; hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; services.xserver = { videoDriver = "intel"; @@ -15,8 +25,8 @@ with import <stockholm/lib>; Option "AccelMethod" "sna" ''; }; - - security.rngd.enable = true; + # no entropy source working + # security.rngd.enable = true; services.xserver.displayManager.sessionCommands ='' xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1 diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 2b615ecfa..02bd8bb01 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -28,8 +28,9 @@ with import <stockholm/lib>; services.tlp.enable = true; services.tlp.extraConfig = '' # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery - #START_CHARGE_THRESH_BAT0=80 - STOP_CHARGE_THRESH_BAT0=95 + START_CHARGE_THRESH_BAT0=67 + STOP_CHARGE_THRESH_BAT0=100 + CPU_SCALING_GOVERNOR_ON_AC=performance CPU_SCALING_GOVERNOR_ON_BAT=ondemand @@ -40,6 +41,6 @@ with import <stockholm/lib>; ''; powerManagement.resumeCommands = '' - {pkgs.rfkill}/bin/rfkill unblock all + ${pkgs.rfkill}/bin/rfkill unblock all ''; } diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 22cf9c9b7..9d0b74871 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -44,7 +44,6 @@ in { pm.min_spare_servers = 1 pm.max_spare_servers = 3 chdir = / - # errors to journal php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on catch_workers_output = yes diff --git a/makefu/2configs/tinc/retiolum.nix b/makefu/2configs/tinc/retiolum.nix index dcb072461..c55b94466 100644 --- a/makefu/2configs/tinc/retiolum.nix +++ b/makefu/2configs/tinc/retiolum.nix @@ -1,4 +1,7 @@ _: { + imports = [ + ../binary-cache/lass.nix + ]; krebs.tinc.retiolum.enable = true; } diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix index 0d8f888fa..d575d18bc 100644 --- a/makefu/2configs/urlwatch.nix +++ b/makefu/2configs/urlwatch.nix @@ -15,7 +15,7 @@ http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ https://github.com/amadvance/snapraid/releases.atom - https://erdgeist.org/gitweb/opentracker/commit/ + https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack ]; }; } |