summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
Diffstat (limited to 'makefu')
-rw-r--r--makefu/0tests/data/secrets/mqtt/hass0
-rw-r--r--makefu/0tests/data/secrets/mqtt/sensor0
-rw-r--r--makefu/0tests/data/secrets/mqtt/stats0
-rw-r--r--makefu/1systems/crapi/README4
-rw-r--r--makefu/1systems/crapi/config.nix46
-rw-r--r--makefu/1systems/crapi/source.nix3
-rw-r--r--makefu/1systems/gum/config.nix60
-rw-r--r--makefu/1systems/hardware/tsp-disk.json23
-rw-r--r--makefu/1systems/iso/config.nix1
-rw-r--r--makefu/1systems/omo/config.nix237
-rw-r--r--makefu/1systems/omo/hw/omo.nix117
-rw-r--r--makefu/1systems/omo/hw/tsp-tools.nix11
-rw-r--r--makefu/1systems/omo/hw/tsp.nix41
-rw-r--r--makefu/1systems/sdev/config.nix14
-rw-r--r--makefu/1systems/shack-autoinstall/config.nix49
-rw-r--r--makefu/1systems/shack-autoinstall/grub-partition.sh5
-rw-r--r--makefu/1systems/shack-autoinstall/shack-config.nix231
-rw-r--r--makefu/1systems/shack-autoinstall/uefi-partition.sh24
-rw-r--r--makefu/1systems/tsp/config.nix47
-rw-r--r--makefu/1systems/x/config.nix11
-rw-r--r--makefu/1systems/x/source.nix1
-rw-r--r--makefu/2configs/dcpp/client.nix9
-rw-r--r--makefu/2configs/dcpp/hub.nix (renamed from makefu/2configs/hub.nix)26
-rw-r--r--makefu/2configs/deployment/bureautomation/hass.nix88
-rw-r--r--makefu/2configs/deployment/google-muell.nix11
-rw-r--r--makefu/2configs/deployment/homeautomation/default.nix141
-rw-r--r--makefu/2configs/deployment/homeautomation/mqtt.nix24
-rw-r--r--makefu/2configs/fs/single-partition-ext4.nix2
-rw-r--r--makefu/2configs/git/cgit-retiolum.nix1
-rw-r--r--makefu/2configs/home-manager/cli.nix12
-rw-r--r--makefu/2configs/home-manager/default.nix7
-rw-r--r--makefu/2configs/home-manager/desktop.nix31
-rw-r--r--makefu/2configs/home-manager/mail.nix46
-rw-r--r--makefu/2configs/hw/bluetooth.nix13
-rw-r--r--makefu/2configs/mail/mail.euer.nix47
-rw-r--r--makefu/2configs/mqtt.nix1
-rw-r--r--makefu/2configs/nginx/euer.mon.nix18
-rw-r--r--makefu/2configs/nginx/iso.euer.nix43
-rw-r--r--makefu/2configs/nginx/misa-felix-hochzeit.ml.nix2
-rw-r--r--makefu/2configs/remote-build/slave.nix5
-rw-r--r--makefu/2configs/retroshare.nix10
-rw-r--r--makefu/2configs/share/gum-client.nix1
-rw-r--r--makefu/2configs/share/omo-timemachine.nix19
-rw-r--r--makefu/2configs/stats/external/weather2stats.nix38
-rw-r--r--makefu/2configs/stats/server.nix17
-rw-r--r--makefu/2configs/stats/telegraf/hamstats.nix28
-rw-r--r--makefu/2configs/syncthing.nix10
-rw-r--r--makefu/2configs/tinc/retiolum.nix3
-rw-r--r--makefu/2configs/tools/core.nix4
-rw-r--r--makefu/2configs/tools/dev.nix2
-rw-r--r--makefu/2configs/tools/extra-gui.nix1
-rw-r--r--makefu/2configs/tools/media.nix7
-rw-r--r--makefu/2configs/tools/mobility.nix6
-rw-r--r--makefu/2configs/tools/secrets.nix12
-rw-r--r--makefu/2configs/wireguard/server.nix52
-rw-r--r--makefu/2configs/zsh-user.nix2
-rw-r--r--makefu/3modules/airdcpp.nix210
-rw-r--r--makefu/5pkgs/airdcpp-webclient/default.nix27
-rw-r--r--makefu/5pkgs/bento4/default.nix3
-rw-r--r--makefu/5pkgs/cozy-audiobooks/default.nix6
-rw-r--r--makefu/5pkgs/custom/quodlibet/remove-override-warning.patch54
-rw-r--r--makefu/5pkgs/custom/quodlibet/single-digit-discnumber.patch13
-rw-r--r--makefu/5pkgs/default.nix13
-rw-r--r--makefu/5pkgs/esniper/default.nix32
-rw-r--r--makefu/5pkgs/esniper/find-ca-bundle.patch26
-rw-r--r--makefu/5pkgs/pavumeter/default.nix30
-rw-r--r--makefu/krops.nix15
-rw-r--r--makefu/source.nix122
68 files changed, 1674 insertions, 541 deletions
diff --git a/makefu/0tests/data/secrets/mqtt/hass b/makefu/0tests/data/secrets/mqtt/hass
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/0tests/data/secrets/mqtt/hass
diff --git a/makefu/0tests/data/secrets/mqtt/sensor b/makefu/0tests/data/secrets/mqtt/sensor
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/0tests/data/secrets/mqtt/sensor
diff --git a/makefu/0tests/data/secrets/mqtt/stats b/makefu/0tests/data/secrets/mqtt/stats
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/0tests/data/secrets/mqtt/stats
diff --git a/makefu/1systems/crapi/README b/makefu/1systems/crapi/README
new file mode 100644
index 000000000..9278c764a
--- /dev/null
+++ b/makefu/1systems/crapi/README
@@ -0,0 +1,4 @@
+1. flash arm6 image from https://www.cs.helsinki.fi/u/tmtynkky/nixos-arm/installer/ to sdcard
+2. passwd; systemctl start sshd; mkdir /var/src ; touch /var/src/.populate
+3. "environment.systemPackages = [ pkgs.rsync pkgs.git ];" in /etc/nixos/configuration.nix
+5. nixos-rebuild switch --fast --option binary-caches http://nixos-arm.dezgeg.me/channel --option binary-cache-public-keys nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%
diff --git a/makefu/1systems/crapi/config.nix b/makefu/1systems/crapi/config.nix
new file mode 100644
index 000000000..d96b872d5
--- /dev/null
+++ b/makefu/1systems/crapi/config.nix
@@ -0,0 +1,46 @@
+{ config, pkgs, lib, ... }:
+{
+ # :l <nixpkgs>
+ # builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; })
+ imports = [
+ <stockholm/makefu>
+ <stockholm/makefu/2configs>
+ <stockholm/makefu/2configs/tinc/retiolum.nix>
+ <stockholm/makefu/2configs/save-diskspace.nix>
+
+ ];
+ krebs.build.host = config.krebs.hosts.crapi;
+ # NixOS wants to enable GRUB by default
+ boot.loader.grub.enable = false;
+
+ # Enables the generation of /boot/extlinux/extlinux.conf
+ boot.loader.generic-extlinux-compatible.enable = true;
+
+ boot.kernelPackages = pkgs.linuxPackages_rpi;
+
+ nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
+ nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
+
+ fileSystems = {
+ "/boot" = {
+ device = "/dev/disk/by-label/NIXOS_BOOT";
+ fsType = "vfat";
+ };
+ "/" = {
+ device = "/dev/disk/by-label/NIXOS_SD";
+ fsType = "ext4";
+ };
+ };
+
+ system.activationScripts.create-swap = ''
+ if [ ! -e /swapfile ]; then
+ fallocate -l 2G /swapfile
+ mkswap /swapfile
+ fi
+ '';
+ swapDevices = [ { device = "/swapfile"; size = 2048; } ];
+
+ nix.package = lib.mkForce pkgs.nixStable;
+ services.openssh.enable = true;
+
+}
diff --git a/makefu/1systems/crapi/source.nix b/makefu/1systems/crapi/source.nix
new file mode 100644
index 000000000..4a4359ee6
--- /dev/null
+++ b/makefu/1systems/crapi/source.nix
@@ -0,0 +1,3 @@
+{
+ arm6 = true;
+}
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 351844482..36af23bb5 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -74,14 +74,8 @@ in {
<stockholm/makefu/2configs/syncthing.nix>
# <stockholm/makefu/2configs/opentracker.nix>
- <stockholm/makefu/2configs/hub.nix>
- { # ncdc
- environment.systemPackages = [ pkgs.ncdc ];
- networking.firewall = {
- allowedUDPPorts = [ 51411 ];
- allowedTCPPorts = [ 51411 ];
- };
- }
+ <stockholm/makefu/2configs/dcpp/hub.nix>
+ <stockholm/makefu/2configs/dcpp/client.nix>
<stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/logging/client.nix>
@@ -103,55 +97,7 @@ in {
# locations."/".proxyPass = "http://localhost:5000";
# };
#}
- { # wireguard server
-
- # opkg install wireguard luci-proto-wireguard
-
- # TODO: networking.nat
-
- # boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
- # conf.all.proxy_arp =1
- networking.firewall = {
- allowedUDPPorts = [ 51820 ];
- extraCommands = ''
- iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
- '';
- };
-
- networking.wireguard.interfaces.wg0 = {
- ips = [ "10.244.0.1/24" ];
- listenPort = 51820;
- privateKeyFile = (toString <secrets>) + "/wireguard.key";
- allowedIPsAsRoutes = true;
- peers = [
- {
- # x
- allowedIPs = [ "10.244.0.2/32" ];
- publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
- }
- {
- # vbob
- allowedIPs = [ "10.244.0.3/32" ];
- publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
- }
- {
- # x-test
- allowedIPs = [ "10.244.0.4/32" ];
- publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
- }
- {
- # work-router
- allowedIPs = [ "10.244.0.5/32" ];
- publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
- }
- {
- # workr
- allowedIPs = [ "10.244.0.6/32" ];
- publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
- }
- ];
- };
- }
+ <stockholm/makefu/2configs/wireguard/server.nix>
{ # iperf3
networking.firewall.allowedUDPPorts = [ 5201 ];
networking.firewall.allowedTCPPorts = [ 5201 ];
diff --git a/makefu/1systems/hardware/tsp-disk.json b/makefu/1systems/hardware/tsp-disk.json
new file mode 100644
index 000000000..5a4bd26ab
--- /dev/null
+++ b/makefu/1systems/hardware/tsp-disk.json
@@ -0,0 +1,23 @@
+{
+ "type": "devices",
+ "content": {
+ "sda": {
+ "type": "table",
+ "format": "msdos",
+ "partitions": [
+ { "type": "partition",
+ "part-type": "primary",
+ "start": "1M",
+ "end": "100%",
+ "bootable": true,
+ "content": {
+ "type": "filesystem",
+ "format": "ext4",
+ "mountpoint": "/"
+ }
+ }
+ ]
+ }
+ }
+}
+
diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix
index f863321bd..34a75dbd3 100644
--- a/makefu/1systems/iso/config.nix
+++ b/makefu/1systems/iso/config.nix
@@ -11,6 +11,7 @@ with import <stockholm/lib>;
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
krebs.build.host = config.krebs.hosts.iso;
+ isoImage.isoBaseName = lib.mkForce "stockholm";
krebs.hidden-ssh.enable = true;
environment.systemPackages = with pkgs; [
aria2
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 109877bf1..be49db024 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -4,55 +4,23 @@
{ config, pkgs, lib, ... }:
let
- toMapper = id: "/media/crypt${builtins.toString id}";
- byid = dev: "/dev/disk/by-id/" + dev;
- keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0";
- rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904";
- rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2";
- primaryInterface = "enp2s0";
- firetv = "192.168.1.238";
- # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512
- # cryptsetup luksAddKey $dev tmpkey
- # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096
- # mkfs.xfs /dev/mapper/crypt0 -L crypt0
-
- # omo Chassis:
- # __FRONT_
- # |* d0 |
- # | |
- # |* d1 |
- # | |
- # |* d3 |
- # | |
- # |* |
- # |* d2 |
- # | * |
- # | * |
- # |_______|
- # cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6";
- cryptDisk0 = byid "ata-ST8000DM004-2CX188_ZCT01PLV";
- cryptDisk1 = byid "ata-TP02000GB_TPW151006050068";
- cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
- cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4";
- # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907";
- # all physical disks
-
- # TODO callPackage ../3modules/MonitorDisks { disks = allDisks }
- dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ];
- allDisks = [ rootDisk ] ++ dataDisks;
+ primaryInterface = config.makefu.server.primary-itf;
in {
imports =
[
+ #./hw/omo.nix
+ ./hw/tsp.nix
<stockholm/makefu>
- # TODO: unlock home partition via ssh
- <stockholm/makefu/2configs/fs/sda-crypto-root.nix>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/backup.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>
- <stockholm/makefu/2configs/smart-monitor.nix>
+ # <stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/mail-client.nix>
<stockholm/makefu/2configs/mosh.nix>
+ <stockholm/makefu/2configs/tools/core.nix>
+ <stockholm/makefu/2configs/tools/desktop.nix>
<stockholm/makefu/2configs/tools/mobility.nix>
+ { environment.systemPackages = [ pkgs.esniper ]; }
# <stockholm/makefu/2configs/disable_v6.nix>
#<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix>
@@ -68,16 +36,17 @@ in {
# logs to influx
<stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf>
- <stockholm/makefu/2configs/stats/telegraf/europastats.nix>
+ # <stockholm/makefu/2configs/stats/telegraf/europastats.nix>
+ <stockholm/makefu/2configs/stats/telegraf/hamstats.nix>
<stockholm/makefu/2configs/stats/arafetch.nix>
# services
<stockholm/makefu/2configs/syncthing.nix>
- <stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/deployment/google-muell.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/bluetooth-mpd.nix>
+ <stockholm/makefu/2configs/deployment/homeautomation>
{
hardware.pulseaudio.systemWide = true;
makefu.mpd.musicDirectory = "/media/cryptX/music";
@@ -99,75 +68,10 @@ in {
# Temporary:
# <stockholm/makefu/2configs/temp/rst-issue.nix>
- { # ncdc
- environment.systemPackages = [ pkgs.ncdc ];
- networking.firewall = {
- allowedUDPPorts = [ 51411 ];
- allowedTCPPorts = [ 51411 ];
- };
- }
- {
- systemd.services.firetv = {
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- User = "nobody";
- ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
- };
- };
- nixpkgs.config.permittedInsecurePackages = [
- "homeassistant-0.65.5"
- ];
- services.home-assistant = {
- config = {
- homeassistant = {
- name = "Home"; time_zone = "Europe/Berlin";
- latitude = "48.7687";
- longitude = "9.2478";
- };
- media_player = [
- { platform = "kodi";
- host = firetv;
- }
- { platform = "firetv";
- # assumes python-firetv running
- }
- ];
- sensor = [
- { platform = "luftdaten";
- name = "Ditzingen";
- sensorid = "663";
- monitored_conditions = [ "P1" "P2" ];
- }
- # https://www.home-assistant.io/cookbook/automation_for_rainy_days/
- { platform = "darksky";
- api_key = "c73619e6ea79e553a585be06aacf3679";
- language = "de";
- monitored_conditions = [ "summary" "icon"
- "nearest_storm_distance" "precip_probability"
- "precip_intensity"
- "temperature" # "temperature_high" "temperature_low"
- "hourly_summary"
- "uv_index" ];
- units = "si" ;
- update_interval = {
- days = 0;
- hours = 0;
- minutes = 10;
- seconds = 0;
- };
- }
- ];
- frontend = { };
- http = { };
- };
- enable = true;
- #configDir = "/var/lib/hass";
- };
- }
+
];
- makefu.full-populate = true;
- makefu.server.primary-itf = primaryInterface;
- krebs.rtorrent = {
+ makefu.full-populate = true;
+ krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) {
downloadDir = lib.mkForce "/media/cryptX/torrent";
extraConfig = ''
upload_rate = 200
@@ -178,18 +82,6 @@ in {
members = [ "makefu" "misa" ];
};
networking.firewall.trustedInterfaces = [ primaryInterface ];
- # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
- # tcp:80 - nginx for sharing files
- # tcp:655 udp:655 - tinc
- # tcp:8111 - graphite
- # tcp:8112 - pyload
- # tcp:9090 - sabnzbd
- # tcp:9200 - elasticsearch
- # tcp:5601 - kibana
- networking.firewall.allowedUDPPorts = [ 655 ];
- networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 8112 9200 9090 ];
-
- # services.openssh.allowSFTP = false;
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
services.sabnzbd.enable = true;
@@ -199,90 +91,11 @@ in {
enable = true;
servedir = "/media/cryptX/emu/ps3";
};
- # HDD Array stuff
- services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
-
- makefu.snapraid = {
- enable = true;
- # TODO: 3 is not protected
- disks = map toMapper [ 0 1 ];
- parity = toMapper 2;
- };
-
- # TODO create folders in /media
- system.activationScripts.createCryptFolders = ''
- ${lib.concatMapStringsSep "\n"
- (d: "install -m 755 -d " + (toMapper d) )
- [ 0 1 2 "X" ]}
- '';
- environment.systemPackages = with pkgs;[
- mergerfs # hard requirement for mount
- wol # wake up filepimp
- f3
- ];
- fileSystems = let
- cryptMount = name:
- { "/media/${name}" = {
- device = "/dev/mapper/${name}"; fsType = "xfs";
- options = [ "nofail" ];
- };};
- in cryptMount "crypt0"
- // cryptMount "crypt1"
- // cryptMount "crypt2"
- // cryptMount "crypt3"
- // { "/media/cryptX" = {
- device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 ]);
- fsType = "mergerfs";
- noCheck = true;
- options = [ "defaults" "allow_other" "nofail" "nonempty" ];
- };
- };
-
- powerManagement.powerUpCommands = lib.concatStrings (map (disk: ''
- ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk}
- ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
- ${pkgs.hdparm}/sbin/hdparm -y ${disk}
- '') allDisks);
- # crypto unlocking
- boot = {
- initrd.luks = {
- devices = let
- usbkey = name: device: {
- inherit name device keyFile;
- keyFileSize = 4096;
- allowDiscards = true;
- };
- in [
- (usbkey "luksroot" rootPartition)
- (usbkey "crypt0" cryptDisk0)
- (usbkey "crypt1" cryptDisk1)
- (usbkey "crypt2" cryptDisk2)
- (usbkey "crypt3" cryptDisk3)
- ];
- };
- loader.grub.device = lib.mkForce rootDisk;
-
- initrd.availableKernelModules = [
- "ahci"
- "ohci_pci"
- "ehci_pci"
- "pata_atiixp"
- "firewire_ohci"
- "usb_storage"
- "usbhid"
- ];
-
- kernelModules = [ "kvm-intel" ];
- extraModulePackages = [ ];
- };
users.users.misa = {
uid = 9002;
name = "misa";
};
- # hardware.enableAllFirmware = true;
- hardware.enableRedistributableFirmware = true;
- hardware.cpu.intel.updateMicrocode = true;
zramSwap.enable = true;
@@ -290,23 +103,23 @@ in {
nickname = "Reaktor|shack";
workdir = "/var/lib/Reaktor/shack";
channels = [ "#shackspace" ];
- plugins = with pkgs.ReaktorPlugins;[
- shack-correct
- # stockholm-issue
- sed-plugin
- random-emoji ];
+ plugins = with pkgs.ReaktorPlugins;
+ [ shack-correct
+ # stockholm-issue
+ sed-plugin
+ random-emoji ];
};
krebs.Reaktor.reaktor-bgt = {
nicknam