diff options
Diffstat (limited to 'makefu')
68 files changed, 1674 insertions, 541 deletions
diff --git a/makefu/0tests/data/secrets/mqtt/hass b/makefu/0tests/data/secrets/mqtt/hass new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/makefu/0tests/data/secrets/mqtt/hass diff --git a/makefu/0tests/data/secrets/mqtt/sensor b/makefu/0tests/data/secrets/mqtt/sensor new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/makefu/0tests/data/secrets/mqtt/sensor diff --git a/makefu/0tests/data/secrets/mqtt/stats b/makefu/0tests/data/secrets/mqtt/stats new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/makefu/0tests/data/secrets/mqtt/stats diff --git a/makefu/1systems/crapi/README b/makefu/1systems/crapi/README new file mode 100644 index 000000000..9278c764a --- /dev/null +++ b/makefu/1systems/crapi/README @@ -0,0 +1,4 @@ +1. flash arm6 image from https://www.cs.helsinki.fi/u/tmtynkky/nixos-arm/installer/ to sdcard +2. passwd; systemctl start sshd; mkdir /var/src ; touch /var/src/.populate +3. "environment.systemPackages = [ pkgs.rsync pkgs.git ];" in /etc/nixos/configuration.nix +5. nixos-rebuild switch --fast --option binary-caches http://nixos-arm.dezgeg.me/channel --option binary-cache-public-keys nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=% diff --git a/makefu/1systems/crapi/config.nix b/makefu/1systems/crapi/config.nix new file mode 100644 index 000000000..d96b872d5 --- /dev/null +++ b/makefu/1systems/crapi/config.nix @@ -0,0 +1,46 @@ +{ config, pkgs, lib, ... }: +{ + # :l <nixpkgs> + # builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; }) + imports = [ + <stockholm/makefu> + <stockholm/makefu/2configs> + <stockholm/makefu/2configs/tinc/retiolum.nix> + <stockholm/makefu/2configs/save-diskspace.nix> + + ]; + krebs.build.host = config.krebs.hosts.crapi; + # NixOS wants to enable GRUB by default + boot.loader.grub.enable = false; + + # Enables the generation of /boot/extlinux/extlinux.conf + boot.loader.generic-extlinux-compatible.enable = true; + + boot.kernelPackages = pkgs.linuxPackages_rpi; + + nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ]; + nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ]; + + fileSystems = { + "/boot" = { + device = "/dev/disk/by-label/NIXOS_BOOT"; + fsType = "vfat"; + }; + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + }; + + system.activationScripts.create-swap = '' + if [ ! -e /swapfile ]; then + fallocate -l 2G /swapfile + mkswap /swapfile + fi + ''; + swapDevices = [ { device = "/swapfile"; size = 2048; } ]; + + nix.package = lib.mkForce pkgs.nixStable; + services.openssh.enable = true; + +} diff --git a/makefu/1systems/crapi/source.nix b/makefu/1systems/crapi/source.nix new file mode 100644 index 000000000..4a4359ee6 --- /dev/null +++ b/makefu/1systems/crapi/source.nix @@ -0,0 +1,3 @@ +{ + arm6 = true; +} diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 351844482..36af23bb5 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -74,14 +74,8 @@ in { <stockholm/makefu/2configs/syncthing.nix> # <stockholm/makefu/2configs/opentracker.nix> - <stockholm/makefu/2configs/hub.nix> - { # ncdc - environment.systemPackages = [ pkgs.ncdc ]; - networking.firewall = { - allowedUDPPorts = [ 51411 ]; - allowedTCPPorts = [ 51411 ]; - }; - } + <stockholm/makefu/2configs/dcpp/hub.nix> + <stockholm/makefu/2configs/dcpp/client.nix> <stockholm/makefu/2configs/stats/client.nix> # <stockholm/makefu/2configs/logging/client.nix> @@ -103,55 +97,7 @@ in { # locations."/".proxyPass = "http://localhost:5000"; # }; #} - { # wireguard server - - # opkg install wireguard luci-proto-wireguard - - # TODO: networking.nat - - # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - # conf.all.proxy_arp =1 - networking.firewall = { - allowedUDPPorts = [ 51820 ]; - extraCommands = '' - iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE - ''; - }; - - networking.wireguard.interfaces.wg0 = { - ips = [ "10.244.0.1/24" ]; - listenPort = 51820; - privateKeyFile = (toString <secrets>) + "/wireguard.key"; - allowedIPsAsRoutes = true; - peers = [ - { - # x - allowedIPs = [ "10.244.0.2/32" ]; - publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; - } - { - # vbob - allowedIPs = [ "10.244.0.3/32" ]; - publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; - } - { - # x-test - allowedIPs = [ "10.244.0.4/32" ]; - publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; - } - { - # work-router - allowedIPs = [ "10.244.0.5/32" ]; - publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; - } - { - # workr - allowedIPs = [ "10.244.0.6/32" ]; - publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; - } - ]; - }; - } + <stockholm/makefu/2configs/wireguard/server.nix> { # iperf3 networking.firewall.allowedUDPPorts = [ 5201 ]; networking.firewall.allowedTCPPorts = [ 5201 ]; diff --git a/makefu/1systems/hardware/tsp-disk.json b/makefu/1systems/hardware/tsp-disk.json new file mode 100644 index 000000000..5a4bd26ab --- /dev/null +++ b/makefu/1systems/hardware/tsp-disk.json @@ -0,0 +1,23 @@ +{ + "type": "devices", + "content": { + "sda": { + "type": "table", + "format": "msdos", + "partitions": [ + { "type": "partition", + "part-type": "primary", + "start": "1M", + "end": "100%", + "bootable": true, + "content": { + "type": "filesystem", + "format": "ext4", + "mountpoint": "/" + } + } + ] + } + } +} + diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix index f863321bd..34a75dbd3 100644 --- a/makefu/1systems/iso/config.nix +++ b/makefu/1systems/iso/config.nix @@ -11,6 +11,7 @@ with import <stockholm/lib>; # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos krebs.build.host = config.krebs.hosts.iso; + isoImage.isoBaseName = lib.mkForce "stockholm"; krebs.hidden-ssh.enable = true; environment.systemPackages = with pkgs; [ aria2 diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 109877bf1..be49db024 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -4,55 +4,23 @@ { config, pkgs, lib, ... }: let - toMapper = id: "/media/crypt${builtins.toString id}"; - byid = dev: "/dev/disk/by-id/" + dev; - keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; - rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; - rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2"; - primaryInterface = "enp2s0"; - firetv = "192.168.1.238"; - # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 - # cryptsetup luksAddKey $dev tmpkey - # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 - # mkfs.xfs /dev/mapper/crypt0 -L crypt0 - - # omo Chassis: - # __FRONT_ - # |* d0 | - # | | - # |* d1 | - # | | - # |* d3 | - # | | - # |* | - # |* d2 | - # | * | - # | * | - # |_______| - # cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; - cryptDisk0 = byid "ata-ST8000DM004-2CX188_ZCT01PLV"; - cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; - cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; - cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4"; - # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; - # all physical disks - - # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } - dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ]; - allDisks = [ rootDisk ] ++ dataDisks; + primaryInterface = config.makefu.server.primary-itf; in { imports = [ + #./hw/omo.nix + ./hw/tsp.nix <stockholm/makefu> - # TODO: unlock home partition via ssh - <stockholm/makefu/2configs/fs/sda-crypto-root.nix> <stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/backup.nix> <stockholm/makefu/2configs/exim-retiolum.nix> - <stockholm/makefu/2configs/smart-monitor.nix> + # <stockholm/makefu/2configs/smart-monitor.nix> <stockholm/makefu/2configs/mail-client.nix> <stockholm/makefu/2configs/mosh.nix> + <stockholm/makefu/2configs/tools/core.nix> + <stockholm/makefu/2configs/tools/desktop.nix> <stockholm/makefu/2configs/tools/mobility.nix> + { environment.systemPackages = [ pkgs.esniper ]; } # <stockholm/makefu/2configs/disable_v6.nix> #<stockholm/makefu/2configs/graphite-standalone.nix> #<stockholm/makefu/2configs/share-user-sftp.nix> @@ -68,16 +36,17 @@ in { # logs to influx <stockholm/makefu/2configs/stats/external/aralast.nix> <stockholm/makefu/2configs/stats/telegraf> - <stockholm/makefu/2configs/stats/telegraf/europastats.nix> + # <stockholm/makefu/2configs/stats/telegraf/europastats.nix> + <stockholm/makefu/2configs/stats/telegraf/hamstats.nix> <stockholm/makefu/2configs/stats/arafetch.nix> # services <stockholm/makefu/2configs/syncthing.nix> - <stockholm/makefu/2configs/mqtt.nix> <stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/deployment/google-muell.nix> <stockholm/makefu/2configs/virtualisation/docker.nix> <stockholm/makefu/2configs/bluetooth-mpd.nix> + <stockholm/makefu/2configs/deployment/homeautomation> { hardware.pulseaudio.systemWide = true; makefu.mpd.musicDirectory = "/media/cryptX/music"; @@ -99,75 +68,10 @@ in { # Temporary: # <stockholm/makefu/2configs/temp/rst-issue.nix> - { # ncdc - environment.systemPackages = [ pkgs.ncdc ]; - networking.firewall = { - allowedUDPPorts = [ 51411 ]; - allowedTCPPorts = [ 51411 ]; - }; - } - { - systemd.services.firetv = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; - ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; - }; - }; - nixpkgs.config.permittedInsecurePackages = [ - "homeassistant-0.65.5" - ]; - services.home-assistant = { - config = { - homeassistant = { - name = "Home"; time_zone = "Europe/Berlin"; - latitude = "48.7687"; - longitude = "9.2478"; - }; - media_player = [ - { platform = "kodi"; - host = firetv; - } - { platform = "firetv"; - # assumes python-firetv running - } - ]; - sensor = [ - { platform = "luftdaten"; - name = "Ditzingen"; - sensorid = "663"; - monitored_conditions = [ "P1" "P2" ]; - } - # https://www.home-assistant.io/cookbook/automation_for_rainy_days/ - { platform = "darksky"; - api_key = "c73619e6ea79e553a585be06aacf3679"; - language = "de"; - monitored_conditions = [ "summary" "icon" - "nearest_storm_distance" "precip_probability" - "precip_intensity" - "temperature" # "temperature_high" "temperature_low" - "hourly_summary" - "uv_index" ]; - units = "si" ; - update_interval = { - days = 0; - hours = 0; - minutes = 10; - seconds = 0; - }; - } - ]; - frontend = { }; - http = { }; - }; - enable = true; - #configDir = "/var/lib/hass"; - }; - } + ]; - makefu.full-populate = true; - makefu.server.primary-itf = primaryInterface; - krebs.rtorrent = { + makefu.full-populate = true; + krebs.rtorrent = (builtins.trace (builtins.toJSON config.services.telegraf.extraConfig)) { downloadDir = lib.mkForce "/media/cryptX/torrent"; extraConfig = '' upload_rate = 200 @@ -178,18 +82,6 @@ in { members = [ "makefu" "misa" ]; }; networking.firewall.trustedInterfaces = [ primaryInterface ]; - # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net - # tcp:80 - nginx for sharing files - # tcp:655 udp:655 - tinc - # tcp:8111 - graphite - # tcp:8112 - pyload - # tcp:9090 - sabnzbd - # tcp:9200 - elasticsearch - # tcp:5601 - kibana - networking.firewall.allowedUDPPorts = [ 655 ]; - networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 8112 9200 9090 ]; - - # services.openssh.allowSFTP = false; # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/ services.sabnzbd.enable = true; @@ -199,90 +91,11 @@ in { enable = true; servedir = "/media/cryptX/emu/ps3"; }; - # HDD Array stuff - services.smartd.devices = builtins.map (x: { device = x; }) allDisks; - - makefu.snapraid = { - enable = true; - # TODO: 3 is not protected - disks = map toMapper [ 0 1 ]; - parity = toMapper 2; - }; - - # TODO create folders in /media - system.activationScripts.createCryptFolders = '' - ${lib.concatMapStringsSep "\n" - (d: "install -m 755 -d " + (toMapper d) ) - [ 0 1 2 "X" ]} - ''; - environment.systemPackages = with pkgs;[ - mergerfs # hard requirement for mount - wol # wake up filepimp - f3 - ]; - fileSystems = let - cryptMount = name: - { "/media/${name}" = { - device = "/dev/mapper/${name}"; fsType = "xfs"; - options = [ "nofail" ]; - };}; - in cryptMount "crypt0" - // cryptMount "crypt1" - // cryptMount "crypt2" - // cryptMount "crypt3" - // { "/media/cryptX" = { - device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 ]); - fsType = "mergerfs"; - noCheck = true; - options = [ "defaults" "allow_other" "nofail" "nonempty" ]; - }; - }; - - powerManagement.powerUpCommands = lib.concatStrings (map (disk: '' - ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk} - ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} - ${pkgs.hdparm}/sbin/hdparm -y ${disk} - '') allDisks); - # crypto unlocking - boot = { - initrd.luks = { - devices = let - usbkey = name: device: { - inherit name device keyFile; - keyFileSize = 4096; - allowDiscards = true; - }; - in [ - (usbkey "luksroot" rootPartition) - (usbkey "crypt0" cryptDisk0) - (usbkey "crypt1" cryptDisk1) - (usbkey "crypt2" cryptDisk2) - (usbkey "crypt3" cryptDisk3) - ]; - }; - loader.grub.device = lib.mkForce rootDisk; - - initrd.availableKernelModules = [ - "ahci" - "ohci_pci" - "ehci_pci" - "pata_atiixp" - "firewire_ohci" - "usb_storage" - "usbhid" - ]; - - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - }; users.users.misa = { uid = 9002; name = "misa"; }; - # hardware.enableAllFirmware = true; - hardware.enableRedistributableFirmware = true; - hardware.cpu.intel.updateMicrocode = true; zramSwap.enable = true; @@ -290,23 +103,23 @@ in { nickname = "Reaktor|shack"; workdir = "/var/lib/Reaktor/shack"; channels = [ "#shackspace" ]; - plugins = with pkgs.ReaktorPlugins;[ - shack-correct - # stockholm-issue - sed-plugin - random-emoji ]; + plugins = with pkgs.ReaktorPlugins; + [ shack-correct + # stockholm-issue + sed-plugin + random-emoji ]; }; krebs.Reaktor.reaktor-bgt = { nickname = "Reaktor|bgt"; workdir = "/var/lib/Reaktor/bgt"; channels = [ "#binaergewitter" ]; - plugins = with pkgs.ReaktorPlugins;[ - titlebot - # stockholm-issue - nixos-version - shack-correct - sed-plugin - random-emoji ]; + plugins = with pkgs.ReaktorPlugins; + [ titlebot + # stockholm-issue + nixos-version + shack-correct + sed-plugin + random-emoji ]; }; krebs.build.host = config.krebs.hosts.omo; diff --git a/makefu/1systems/omo/hw/omo.nix b/makefu/1systems/omo/hw/omo.nix new file mode 100644 index 000000000..1b618a486 --- /dev/null +++ b/makefu/1systems/omo/hw/omo.nix @@ -0,0 +1,117 @@ +{ config, pkgs, lib, ... }: +let + toMapper = id: "/media/crypt${builtins.toString id}"; + byid = dev: "/dev/disk/by-id/" + dev; + keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; + rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; + rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2"; + primaryInterface = "enp2s0"; + # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 + # cryptsetup luksAddKey $dev tmpkey + # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 + # mkfs.xfs /dev/mapper/crypt0 -L crypt0 + + # omo Chassis: + # __FRONT_ + # |* d0 | + # | | + # |* d1 | + # | | + # |* d3 | + # | | + # |* | + # |* d2 | + # | * | + # | * | + # |_______| + # cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; + cryptDisk0 = byid "ata-ST8000DM004-2CX188_ZCT01PLV"; + cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; + cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; + cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4"; + # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; + # all physical disks + + # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } + dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ]; + allDisks = [ rootDisk ] ++ dataDisks; +in { + imports = + [ # TODO: unlock home partition via ssh + <stockholm/makefu/2configs/fs/sda-crypto-root.nix> ]; + makefu.server.primary-itf = primaryInterface; + system.activationScripts.createCryptFolders = '' + ${lib.concatMapStringsSep "\n" + (d: "install -m 755 -d " + (toMapper d) ) + [ 0 1 2 "X" ]} + ''; + + makefu.snapraid = { + enable = true; + # TODO: 3 is not protected + disks = map toMapper [ 0 1 ]; + parity = toMapper 2; + }; + fileSystems = let + cryptMount = name: + { "/media/${name}" = { + device = "/dev/mapper/${name}"; fsType = "xfs"; + options = [ "nofail" ]; + };}; + in cryptMount "crypt0" + // cryptMount "crypt1" + // cryptMount "crypt2" + // cryptMount "crypt3" + // { "/media/cryptX" = { + device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 ]); + fsType = "mergerfs"; + noCheck = true; + options = [ "defaults" "allow_other" "nofail" "nonempty" ]; + }; + }; + + powerManagement.powerUpCommands = lib.concatStrings (map (disk: '' + ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk} + ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} + ${pkgs.hdparm}/sbin/hdparm -y ${disk} + '') allDisks); + + # crypto unlocking + boot = { + initrd.luks = { + devices = let + usbkey = name: device: { + inherit name device keyFile; + keyFileSize = 4096; + allowDiscards = true; + }; + in [ + (usbkey "luksroot" rootPartition) + (usbkey "crypt0" cryptDisk0) + (usbkey "crypt1" cryptDisk1) + (usbkey "crypt2" cryptDisk2) + (usbkey "crypt3" cryptDisk3) + ]; + }; + loader.grub.device = lib.mkForce rootDisk; + + initrd.availableKernelModules = [ + "ahci" + "ohci_pci" + "ehci_pci" + "pata_atiixp" + "firewire_ohci" + "usb_storage" + "usbhid" + ]; + + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; + environment.systemPackages = with pkgs;[ + mergerfs # hard requirement for mount + ]; + hardware.enableRedistributableFirmware = true; + hardware.cpu.intel.updateMicrocode = true; +} + diff --git a/makefu/1systems/omo/hw/tsp-tools.nix b/makefu/1systems/omo/hw/tsp-tools.nix new file mode 100644 index 000000000..6579edd9d --- /dev/null +++ b/makefu/1systems/omo/hw/tsp-tools.nix @@ -0,0 +1,11 @@ +let + disko = import (builtins.fetchGit { + url = https://cgit.lassul.us/disko/; + rev = "9c9b62e15e4ac11d4379e66b974f1389daf939fe"; + }); + + cfg = builtins.fromJSON (builtins.readFile ../../hardware/tsp-disk.json); +in '' +${disko.create cfg} +${disko.mount cfg} +'' diff --git a/makefu/1systems/omo/hw/tsp.nix b/makefu/1systems/omo/hw/tsp.nix new file mode 100644 index 000000000..a289fadce --- /dev/null +++ b/makefu/1systems/omo/hw/tsp.nix @@ -0,0 +1,41 @@ +{ pkgs, ... }: +with builtins; +let + disko = import (builtins.fetchGit { + url = https://cgit.lassul.us/disko/; + rev = "9c9b62e15e4ac11d4379e66b974f1389daf939fe"; + }); + cfg = fromJSON (readFile ../../hardware/tsp-disk.json); + # primaryInterface = "enp1s0"; + primaryInterface = "wlp2s0"; + rootDisk = "/dev/sda"; # TODO same as disko uses +in { + imports = [ + (disko.config cfg) + ]; + makefu.server.primary-itf = primaryInterface; + boot = { + loader.grub.device = rootDisk; + + initrd.availableKernelModules = [ + "ahci" + "ohci_pci" + "ehci_pci" + "pata_atiixp" + "firewire_ohci" + "usb_storage" + "usbhid" + ]; + + kernelModules = [ "kvm-intel" ]; + }; + networking.wireless.enable = true; + hardware.enableRedistributableFirmware = true; + hardware.cpu.intel.updateMicrocode = true; + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; + services.logind.extraConfig = '' + HandleSuspendKey = ignore + ''; + powerManagement.enable = false; +} diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index c2cd23d1e..2f289d500 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -6,13 +6,13 @@ [ # Include the results of the hardware scan. <stockholm/makefu> - # <stockholm/makefu/2configs/hw/vbox-guest.nix> - { # until virtualbox-image is fixed - imports = [ - <stockholm/makefu/2configs/fs/single-partition-ext4.nix> - ]; - boot.loader.grub.device = "/dev/sda"; - } + <stockholm/makefu/2configs/hw/vbox-guest.nix> + #{ # until virtualbox-image is fixed + # imports = [ + # <stockholm/makefu/2configs/fs/single-partition-ext4.nix> + # ]; + # boot.loader.grub.device = lib.mkForce "/dev/sda"; + #} <stockholm/makefu/2configs/main-laptop.nix> # <secrets/extra-hosts.nix> diff --git a/makefu/1systems/shack-autoinstall/config.nix b/makefu/1systems/shack-autoinstall/config.nix new file mode 100644 index 000000000..d53c411c0 --- /dev/null +++ b/makefu/1systems/shack-autoinstall/config.nix @@ -0,0 +1,49 @@ +{ config, pkgs, lib, ... }: + +with import <stockholm/lib>; +let + disk = "/dev/sda"; +in { + imports = [ + <stockholm/makefu> + <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix> + <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix> + <stockholm/makefu/2configs/tools/core.nix> + ]; + # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now + # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos + krebs.build.host = config.krebs.hosts.iso; + krebs.hidden-ssh.enable = true; + + environment.extraInit = '' + EDITOR=vim + ''; + # iso-specific + boot.kernelParams = [ "copytoram" ]; + + + environment.systemPackages = [ + pkgs.parted + ( pkgs.writeScriptBin "shack-install" '' + #! /bin/sh + echo "go ahead and try NIX_PATH=/root/.nix-defexpr/channels/ nixos-install" + '') + ]; + + systemd.services.wpa_supplicant.wantedBy = lib.mkForce [ "multi-user.target" ]; + + networking.wireless = { + enable = true; + networks.shack.psk = "welcome2shack"; + }; + + + services.openssh = { + enable = true; + hostKeys = [ + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + # enable ssh in the iso boot process + systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; +} diff --git a/makefu/1systems/shack-autoinstall/grub-partition.sh b/makefu/1systems/shack-autoinstall/grub-partition.sh new file mode 100644 index 000000000..c23c89799 --- /dev/null +++ b/makefu/1systems/shack-autoinstall/grub-partition.sh @@ -0,0 +1,5 @@ +#!/bin/sh +set -euf +parted -s ${disk} mklabel msdos +parted -s ${disk} -- mkpart primary linux-swap 1M 4096M +parted -s ${disk} -- mkpart primary ext2 4096M 100% diff --git a/makefu/1systems/shack-autoinstall/shack-config.nix b/makefu/1systems/shack-autoinstall/shack-config.nix new file mode 100644 index 000000000..9fa54ae32 --- /dev/null +++ b/makefu/1systems/shack-autoinstall/shack-config.nix @@ -0,0 +1,231 @@ +{ config, pkgs, lib, ... }: + +{ + imports = [ + ./hardware-configuration.nix + # TODO: + ]; + + # shacks-specific + networking.wireless = { + enable = true; + networks.shack.psk = "181471eb97eb23f12c6871227bc4a7b13c8f6af56dcc0d0e8b71f4d7a510cb4e"; + }; + networking.hostName = "shackbook"; + + boot.tmpOnTmpfs = true; + + users.users.shack = { + createHome = true; + useDefaultShell = true; + home = "/home/shack"; + uid = 9001; + packages = with pkgs;[ + chromium + firefox + ]; + extraGroups = [ "audio" "wheel" ]; + hashedPassword = "$6$KIxlQTLEnKl7cwC$LrmbwZ64Mlm7zqUUZ0EObPJMES3C0mQ6Sw7ynTuXzUo7d9EWg/k5XCGkDHMFvL/Pz19Awcv0knHB1j3dHT6fh/" ; + }; + + environment.variables = let + ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + in { + EDITOR = lib.mkForce "vim"; + CURL_CA_BUNDLE = ca-bundle; + GIT_SSL_CAINFO = ca-bundle; + SSL_CERT_FILE = ca-bundle; + }; + + services.printing = { + enable = true; + # TODO: shack-printer + }; + + + environment.systemPackages = with pkgs;[ + parted + ddrescue + tmux + jq git gnumake htop rxvt_unicode.terminfo + (pkgs.vim_configurable.customize { + name = "vim"; + vimrcConfig.customRC = '' + set nocompatible + syntax on + set list + set listchars=tab:▸\ + "set list listchars=tab:>-,trail:.,extends:> + + filetype off + filetype plugin indent on + + colorscheme darkblue + set background=dark + + set number + set relativenumber + set mouse=a + set ignorecase + set incsearch + set wildignore=*.o,*.obj,*.bak,*.exe,*.os + set textwidth=79 + set shiftwidth=2 + set expandtab + set softtabstop=2 + set shiftround + set smarttab + set tabstop=2 + set et + set autoindent + set backspace=indent,eol,start + + + inoremap <F1> <ESC> + nnoremap <F1> <ESC> + vnoremap <F1> <ESC> + + nnoremap <F5> :UndotreeToggle<CR> + set undodir =~/.vim/undo + set undofile + "maximum number of changes that can be undone + set undolevels=1000000 + "maximum number lines to save for undo on a buffer reload + set undoreload=10000000 + + nnoremap <F2> :set invpaste paste?<CR> + set pastetoggle=<F2> + set showmode + + set showmatch + set matchtime=3 + set hlsearch + + autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red + + + " save on focus lost + au FocusLost * :wa + + autocmd BufRead *.json set filetype=json + au BufNewFile,BufRead *.mustache set syntax=mustache + + cnoremap SudoWrite w !sudo tee > /dev/null % + + " create Backup/tmp/undo dirs + set backupdir=~/.vim/backup + set directory=~/.vim/tmp + + function! InitBackupDir() + let l:parent = $HOME . '/.vim/' + let l:backup = l:parent . 'backup/' + let l:tmpdir = l:parent . 'tmp/' + let l:undodir= l:parent . 'undo/' + + + if !isdirectory(l:parent) + call mkdir(l:parent) + endif + if !isdirectory(l:backup) + call mkdir(l:backup) + endif + if !isdirectory(l:tmpdir) + call mkdir(l:tmpdir) + endif + if !isdirectory(l:undodir) + call mkdir(l:undodir) + endif + endfunction + call InitBackupDir() + + augroup Binary + " edit binaries in xxd-output, xxd is part of vim + au! + au BufReadPre *.bin let &bin=1 + au BufReadPost *.bin if &bin | %!xxd + au BufReadPost *.bin set ft=xxd | endif + au BufWritePre *.bin if &bin | %!xxd -r + au BufWritePre *.bin endif + au BufWritePost *.bin if &bin | %!xxd + au BufWritePost *.bin set nomod | endif + augroup END + ''; + vimrcConfig.vam.knownPlugins = pkgs.vimPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { names = [ "undotree" ]; } + # vim-nix handles indentation better but does not perform sanity + { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } + ]; + }) + + ]; + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=900001 + HISTFILESIZE=$HISTSIZE + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + PS1='\[\e[1;32m\]\w\[\e[0m\] ' + ''; + }; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + nix = { + package = pkgs.nixUnstable; + optimise.automatic = true; + useSandbox = true; + gc.automatic = true; + }; + + system.autoUpgrade.enable = true; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; + + + # gui and stuff + i18n = { + consoleFont = "Lat2-Terminus16"; + consoleKeyMap = "us"; + defaultLocale = "en_US.UTF-8"; + }; + + fonts = { + enableFontDir = true; + enableGhostscriptFonts = true; + fonts = [ pkgs.terminus_font ]; + }; + + time.timeZone = "Europe/Berlin"; + services.timesyncd.enable = true; + + + # GUI + hardware.pulseaudio.enable = true; + services.xserver = { + enable = true; + displayManager.auto.enable = true; + displayManager.auto.user = "shack"; + + desktopManager.xfce.enable = true; + + layout = "us"; + xkbVariant = "altgr-intl"; + xkbOptions = "ctrl:nocaps, eurosign:e"; + }; + + services.openssh = { + enable = true; + hostKeys = [ + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; +} diff --git a/makefu/1systems/shack-autoinstall/uefi-partition.sh b/makefu/1systems/shack-autoinstall/uefi-partition.sh new file mode 100644 index 000000000..4566b7dce --- /dev/null +++ b/makefu/1systems/shack-autoinstall/uefi-partition.sh @@ -0,0 +1,24 @@ +#!/bin/sh +set -euf +p(){ + parted -s ${disk} -- $@ +} +p mklabel gpt +p mkpart primary fat32 1M 551M +p set 1 boot on +p mkpart primary linux-swap 51M 4647M +p mkpart primary ext2 4647M 100% +udevadm settle +mkfs.fat -nboot -F32 /dev/sda1 + +udevadm settle +mkswap ${disk}2 -L swap +swapon -L swap +mkfs.ext4 -L nixos ${disk}3 +mount LABEL=nixos /mnt +mkdir /mnt/boot +mount LABEL=boot /mnt/boot + +mkdir -p /mnt/etc/nixos +cp ${./shack-config.nix} /mnt/etc/nixos/configuration.nix +nixos-generate-config --root /mnt diff --git a/makefu/1systems/tsp/config.nix b/makefu/1systems/tsp/config.nix index 680fa2cbc..2921e2bcf 100644 --- a/makefu/1systems/tsp/config.nix +++ b/makefu/1systems/tsp/config.nix @@ -8,57 +8,32 @@ [ # Include the results of the hardware scan. <stockholm/makefu> <stockholm/makefu/2configs/main-laptop.nix> - <stockholm/makefu/2configs/tools/all.nix> - <stockholm/makefu/2configs/fs/sda-crypto-root.nix> + # <stockholm/makefu/2configs/tools/all.nix> + <stockholm/makefu/2configs/fs/single-partition-ext4.nix> # hardware specifics are in here # imports tp-x2x0.nix - # <stockholm/makefu/2configs/hw/tp-x200.nix> + <stockholm/makefu/2configs/hw/tp-x230.nix> + <stockholm/makefu/2configs/hw/bluetooth.nix> + <stockholm/makefu/2configs/hw/network-manager.nix> # <stockholm/makefu/2configs/rad1o.nix> <stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/exim-retiolum.nix> <stockholm/makefu/2configs/tinc/retiolum.nix> + + <stockholm/makefu/2configs/sshd-totp.nix> + { + programs.adb.enable = true; + } ]; - # not working in vm krebs.build.host = config.krebs.hosts.tsp; - boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; - boot.loader.grub.copyKernels = true; + boot.loader.grub.device = "/dev/sda"; networking.firewall.allowedTCPPorts = [ 25 ]; - # acer aspire - networking.wireless.enable = lib.mkDefault true; - - services.xserver.synaptics.enable = true; - hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; - - hardware.cpu.intel.updateMicrocode = true; - - zramSwap.enable = true; - zramSwap.numDevices = 2; - - services.tlp.enable = true; - services.tlp.extraConfig = '' - # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery - START_CHARGE_THRESH_BAT0=67 - STOP_CHARGE_THRESH_BAT0=100 - - - CPU_SCALING_GOVERNOR_ON_AC=performance - CPU_SCALING_GOVERNOR_ON_BAT=ondemand - CPU_MIN_PERF_ON_AC=0 - CPU_MAX_PERF_ON_AC=100 - CPU_MIN_PERF_ON_BAT=0 - CPU_MAX_PERF_ON_BAT=30 - ''; - - powerManagement.resumeCommands = '' - ${pkgs.rfkill}/bin/rfkill unblock all - ''; - } diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 54a16a931..66d904512 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -1,14 +1,16 @@ # # # -{ config, pkgs, ... }: -with import <stockholm/lib>; - +{ config, pkgs, lib, ... }: { imports = [ # base <stockholm/makefu> <stockholm/makefu/2configs/nur.nix> + <stockholm/makefu/2configs/home-manager> + <stockholm/makefu/2configs/home-manager/desktop.nix> + <stockholm/makefu/2configs/home-manager/cli.nix> + <stockholm/makefu/2configs/home-manager/mail.nix> <stockholm/makefu/2configs/main-laptop.nix> <stockholm/makefu/2configs/extra-fonts.nix> <stockholm/makefu/2configs/tools/all.nix> @@ -43,6 +45,7 @@ with import <stockholm/lib>; <stockholm/makefu/2configs/mail-client.nix> <stockholm/makefu/2configs/printer.nix> <stockholm/makefu/2configs/task-client.nix> + # <stockholm/makefu/2configs/syncthing.nix> # Virtualization <stockholm/makefu/2configs/virtualisation/libvirt.nix> @@ -149,4 +152,6 @@ with import <stockholm/lib>; "/home/makefu/backup/borgun" "/home/makefu/.mail/" ]; + services.syncthing.user = lib.mkForce "makefu"; + services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/"; } diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix index 75af3255b..050fd39f7 100644 --- a/makefu/1systems/x/source.nix +++ b/makefu/1systems/x/source.nix @@ -6,5 +6,6 @@ unstable = true; mic92 = true; clever_kexec = true; + home-manager = true; # torrent = true; } diff --git a/makefu/2configs/dcpp/client.nix b/makefu/2configs/dcpp/client.nix new file mode 100644 index 000000000..3b27778e5 --- /dev/null +++ b/makefu/2configs/dcpp/client.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; +} + diff --git a/makefu/2configs/hub.nix b/makefu/2configs/dcpp/hub.nix index a121157d4..92977b4c8 100644 --- a/makefu/2configs/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -30,6 +30,7 @@ let '') dict)} ''; + uhubDir = "/var/lib/uhub"; in { users.extraUsers = singleton { @@ -65,22 +66,31 @@ in { PrivateTmp = true; PermissionsStartOnly = true; ExecStartPre = pkgs.writeDash "uhub-pre" '' - cp ${toString <secrets/wildcard.krebsco.de.crt>} /tmp/uhub.crt - cp ${toString <secrets/wildcard.krebsco.de.key>} /tmp/uhub.key - cp ${toString <secrets/uhub.sql>} /tmp/uhub.sql - chown uhub /tmp/* + cp -f ${toString <secrets/wildcard.krebsco.de.crt>} ${uhubDir}/uhub.crt + cp -f ${toString <secrets/wildcard.krebsco.de.key>} ${uhubDir}/uhub.key + if test -d ${uhubDir};then + echo "Directory ${uhubDir} already exists, skipping db init" + else + echo "Copying sql user db" + cp ${toString <secrets/uhub.sql>} ${uhubDir}/uhub.sql + fi + chown -R uhub ${uhubDir} ''; }; + users.users.uhub = { + home = uhubDir; + createHome = true; + }; services.uhub = { enable = true; port = 1511; enableTLS = true; hubConfig = '' hub_name = "krebshub" - tls_certificate = /tmp/uhub.crt - tls_private_key = /tmp/uhub.key - registered_users_only = true + tls_certificate = ${uhubDir}/uhub.crt + tls_private_key = ${uhubDir}/uhub.key + registered_users_only = true ''; plugins = { welcome = { @@ -93,7 +103,7 @@ in { }; authSqlite = { enable = true; - file = "/tmp/uhub.sql"; + file = "${uhubDir}/uhub.sql"; }; }; diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix index d5793f886..4605e8933 100644 --- a/makefu/2configs/deployment/bureautomation/hass.nix +++ b/makefu/2configs/deployment/bureautomation/hass.nix @@ -1,48 +1,43 @@ { pkgs, lib, ... }: let - tasmota_plug = name: topic: { - platform = "mqtt"; - inherit name; - state_topic = "/bam/${topic}/stat/POWER"; - command_topic = "/bam/${topic}/cmnd/POWER"; - availability_topic = "/bam/${topic}/tele/LWT"; - qos = 1; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - retain= false; - }; + tasmota_plug = name: topic: + { platform = "mqtt"; + inherit name; + state_topic = "/bam/${topic}/stat/POWER1"; + command_topic = "/bam/${topic}/cmnd/POWER1"; + availability_topic = "/bam/${topic}/tele/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + }; espeasy_dht22 = name: [ - { - platform = "mqtt"; - device_class = "temperature"; - state_topic = "/bam/${name}/dht22/Temperature"; - availability_topic = "/bam/${name}/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; - } - { - platform = "mqtt"; - device_class = "humidity"; - state_topic = "/bam/${name}/dht22/Temperature"; - unit_of_measurement = "C"; - availability_topic = "/bam/${name}/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; - }]; - espeasy_ds18 = name: [ - { - platform = "mqtt"; - device_class = "temperature"; - state_topic = "/bam/${name}/ds18/Temperature"; - availability_topic = "/bam/${name}/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; - } - ]; + { platform = "mqtt"; + name = "${name} DHT22 Temperature"; + device_class = "temperature"; + state_topic = "/bam/${name}/dht22/Temperature"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + } + { platform = "mqtt"; + device_class = "humidity"; + name = "${name} DHT22 Humidity"; + state_topic = "/bam/${name}/dht22/Humidity"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }]; + espeasy_ds18 = name: + { platform = "mqtt"; + name = "${name} DS18 Temperature"; + state_topic = "/bam/${name}/ds18/Temperature"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }; in { - + networking.firewall.allowedTCPPorts = [ 8123 ]; nixpkgs.config.permittedInsecurePackages = [ "homeassistant-0.65.5" ]; @@ -81,18 +76,19 @@ in { (tasmota_plug "Pluggy" "plug4") ]; binary_sensor = [ - { # esp_easy - platform = "mqtt"; + { platform = "mqtt"; device_class = "motion"; + name = "Motion"; state_topic = "/bam/easy2/movement/Switch"; payload_on = "1"; payload_off = "0"; - availability_topic = "/bam/easy2/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; + availability_topic = "/bam/easy2/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; } ]; sensor = + (espeasy_dht22 "easy1") ++ (espeasy_dht22 "easy2") ++ [ (espeasy_ds18 "easy3" ) { platform = "luftdaten"; diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/deployment/google-muell.nix index f23789ee5..235cc1546 100644 --- a/makefu/2configs/deployment/google-muell.nix +++ b/makefu/2configs/deployment/google-muell.nix @@ -5,7 +5,10 @@ let home = "/var/lib/ampel"; sec = "${toString <secrets>}/google-muell.json"; ampelsec = "${home}/google-muell.json"; - esp = "192.168.1.23"; + cred = "${toString <secrets>}/google-muell-creds.json"; + # TODO: generate this credential file locally + ampelcred = "${home}/google-muell-creds.json"; + esp = "192.168.8.204"; sleepval = "1800"; in { users.users.ampel = { @@ -21,10 +24,10 @@ in { serviceConfig = { User = "ampel"; ExecStartPre = pkgs.writeDash "copy-ampel-secrets" '' - cp ${sec} ${ampelsec} - chown ampel ${ampelsec} + install -m600 -o ampel ${sec} ${ampelsec} + install -m600 -o ampel ${cred} ${ampelcred} ''; - ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}"; + ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}"; PermissionsStartOnly = true; Restart = "always"; RestartSec = 10; diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix new file mode 100644 index 000000000..f2a3b36e2 --- /dev/null +++ b/makefu/2configs/deployment/homeautomation/default.nix @@ -0,0 +1,141 @@ +{ pkgs, config, ... }: + +# Ideas: +## wake-on-lan server +## +let + firetv = "192.168.1.238"; + tasmota_plug = name: topic: + { platform = "mqtt"; + inherit name; + state_topic = "/ham/${topic}/stat/POWER1"; + command_topic = "/ham/${topic}/cmnd/POWER1"; + availability_topic = "/ham/${topic}/tele/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + }; + tasmota_bme = name: topic: + [ { platform = "mqtt"; + name = "${name} Temperatur"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.BME280.Temperature }}"; + unit_of_measurement = "°C"; + } + { platform = "mqtt"; + name = "${name} Luftfeuchtigkeit"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.BME280.Humidity }}"; + unit_of_measurement = "%"; + } + { platform = "mqtt"; + name = "${name} Luftdruck"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.BME280.Pressure }}"; + unit_of_measurement = "hPa"; + } + ]; +in { + imports = [ + ./mqtt.nix + ]; + systemd.services.firetv = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; + }; + }; + nixpkgs.config.permittedInsecurePackages = [ + "homeassistant-0.65.5" + ]; + services.home-assistant = { + config = { + homeassistant = { + name = "Home"; time_zone = "Europe/Berlin"; + latitude = "48.7687"; + longitude = "9.2478"; + elevation = 247; + }; + discovery = {}; + conversation = {}; + history = {}; + logbook = {}; + tts = [ + { platform = "google";} + ]; + sun.elevation = 247; + recorder = {}; + media_player = [ + { platform = "kodi"; + host = firetv; + } + { platform = "firetv"; + # assumes python-firetv running + } + ]; + mqtt = { + broker = "localhost"; + port = 1883; + client_id = "home-assistant"; + username = "hass"; + password = builtins.readFile <secrets/mqtt/hass>; + keepalive = 60; + protocol = 3.1; + birth_message = { + topic = "/ham/hass/tele/LWT"; + payload = "Online"; + qos = 1; + retain = true; + }; + will_message = { + topic = "/ham/hass/tele/LWT"; + payload = "Offline"; + qos = 1; + retain = true; + }; + }; + sensor = [ + { platform = "speedtest"; + monitored_conditions = [ "ping" "download" "upload" ]; + } + { platform = "luftdaten"; + name = "Ditzingen"; + sensorid = "663"; + monitored_conditions = [ "P1" "P2" ]; + } + # https://www.home-assistant.io/cookbook/automation_for_rainy_days/ + { platform = "darksky"; + api_key = "c73619e6ea79e553a585be06aacf3679"; + language = "de"; + monitored_conditions = [ "summary" "icon" + "nearest_storm_distance" "precip_probability" + "precip_intensity" + "temperature" # "temperature_high" "temperature_low" + "hourly_summary" + "uv_index" ]; + units = "si" ; + update_interval = { + days = 0; + hours = 0; + minutes = 10; + seconds = 0; + }; + } + ] ++ (tasmota_bme "Schlafzimmer" "schlafzimmer"); + frontend = { }; + #group = [ + # { default_view = { view = "yes"; entities = [ + # "sensor.luftdaten" + # ]} + #]; + http = { }; + switch = [ + (tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer") + ]; + }; + enable = true; + #configDir = "/var/lib/hass"; + }; +} diff --git a/makefu/2configs/deployment/homeautomation/mqtt.nix b/makefu/2configs/deployment/homeautomation/mqtt.nix new file mode 100644 index 000000000..cd1c328d7 --- /dev/null +++ b/makefu/2configs/deployment/homeautomation/mqtt.nix @@ -0,0 +1,24 @@ +{ pkgs, config, ... }: +{ + services.mosquitto = { + enable = true; + host = "0.0.0.0"; + allowAnonymous = false; + checkPasswords = true; + # see <host>/mosquitto + users.sensor = { + hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg=="; + acl = [ "topic readwrite #" ]; + }; + users.hass = { + hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA=="; + acl = [ "topic readwrite #" ]; + }; + users.stats = { + hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA=="; + acl = [ "topic read #" ]; + }; + }; + environment.systemPackages = [ pkgs.mosquitto ]; + # port open via trusted interface +} diff --git a/makefu/2configs/fs/single-partition-ext4.nix b/makefu/2configs/fs/single-partition-ext4.nix index 1970c949f..1655556a5 100644 --- a/makefu/2configs/fs/single-partition-ext4.nix +++ b/makefu/2configs/fs/single-partition-ext4.nix @@ -1,5 +1,7 @@ {config, ...}: { + # fdisk /dev/sda + # mkfs.ext4 -L nixos /dev/sda1 boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true; boot.loader.grub.version = 2; diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 61182f6c3..1a7f3d987 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -31,6 +31,7 @@ let ampel = { }; europastats = { }; arafetch = { }; + disko = { }; init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; diff --git a/makefu/2configs/home-manager/cli.nix b/makefu/2configs/home-manager/cli.nix new file mode 100644 index 000000000..1efc4d2bf --- /dev/null +++ b/makefu/2configs/home-manager/cli.nix @@ -0,0 +1,12 @@ +{ + home-manager.users.makefu = { + services.gpg-agent = { + defaultCacheTtl = 900; + maxCacheTtl = 7200; + defaultCacheTtlSsh = 3600; + maxCacheTtlSsh = 86400; + enableSshSupport = true; + }; + programs.fzf.enable = true; # alt-c + }; +} diff --git a/makefu/2configs/home-manager/default.nix b/makefu/2configs/home-manager/default.nix new file mode 100644 index 000000000..e75ee6262 --- /dev/null +++ b/makefu/2configs/home-manager/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + <home-manager/nixos> + ]; + home-manager.users.makefu = { + }; +} diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix new file mode 100644 index 000000000..c2f854d47 --- /dev/null +++ b/makefu/2configs/home-manager/desktop.nix @@ -0,0 +1,31 @@ +{pkgs, ... }: { + home-manager.users.makefu = { + programs.browserpass = { browsers = [ "firefox" ] ; enable = true; }; + services.network-manager-applet.enable = true; + services.blueman-applet.enable = true; + services.pasystray.enable = true; + + systemd.user.services.network-manager-applet.Service.Environment = '' + XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache + ''; + systemd.user.services.clipit = { + Unit = { + Description = "clipboard manager"; + After = [ "graphical-session-pre.target" ]; + PartOf = [ "graphical-session.target" ]; + }; + + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + + Service = { + Environment = '' + XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache + ''; + ExecStart = "${pkgs.clipit}/bin/clipit"; + Restart = "on-abort"; + }; + }; + }; +} diff --git a/makefu/2configs/home-manager/mail.nix b/makefu/2configs/home-manager/mail.nix new file mode 100644 index 000000000..ce7ae4f4d --- /dev/null +++ b/makefu/2configs/home-manager/mail.nix @@ -0,0 +1,46 @@ +{ + home-manager.users.makefu = { + accounts.email.accounts.syntaxfehler = { + address = "felix.richter@syntax-fehler.de"; + userName = "Felix.Richter@syntax-fehler.de"; + imap = { + host = "syntax-fehler.de"; + tls = { + enable = true; + }; + }; + smtp = { + host = "syntax-fehler.de"; + tls = { + enable = true; + }; + }; + msmtp.enable = true; + notmuch.enable = true; + offlineimap = { + enable = true; + postSyncHookCommand = "notmuch new"; + extraConfig.remote = { + holdconnectionopen = true; + idlefolders = "['INBOX']"; + }; + }; + primary = true; + realName = "Felix Richter"; + passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.mail/syntax-fehler.gpg"; + }; + programs.offlineimap.enable = true; + programs.offlineimap.extraConfig = { + mbnames = { + filename = "~/.mutt/muttrc.mailboxes"; + header = "'mailboxes '"; + peritem = "'+%(accountname)s/%(foldername)s'"; + sep = "' '"; + footer = "'\\n'"; + }; + general = { + ui = "TTY.TTYUI"; + }; + }; + }; +} diff --git a/makefu/2configs/hw/bluetooth.nix b/makefu/2configs/hw/bluetooth.nix index 85c3190ff..313ca0147 100644 --- a/makefu/2configs/hw/bluetooth.nix +++ b/makefu/2configs/hw/bluetooth.nix @@ -29,11 +29,14 @@ # presumably a2dp Sink # Enable profile: ## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink - hardware.bluetooth.extraConfig = ''; - [general] - Enable=Source,Sink,Media,Socket - ''; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio - hardware.bluetooth.enable = true; + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + extraConfig = '' + [general] + Enable=Source,Sink,Media,Socket + ''; + }; } diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix new file mode 100644 index 000000000..f079d7f41 --- /dev/null +++ b/makefu/2configs/mail/mail.euer.nix @@ -0,0 +1,47 @@ +{ config, pkgs, ... }: +{ + imports = [ + (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.1.4/nixos-mailserver-v2.1.4.tar.gz") + ]; + + mailserver = { + enable = true; + fqdn = "euer.eloop.org"; + domains = [ "euer.eloop.org" ]; + loginAccounts = { + "makefu@euer.eloop.org" = { + hashedPassword = "$6$5gFFAPnI/c/EHIx$3aHj64p5SX./C.MPb.eBmyLDRdWS1yaoV0s9r3Yexw4UO9URdUkBDgqT7F0Mjgt6.gyYaJ5E50h0Yg7iHtLWI/"; + aliases = [ "root@euer.eloop.org" ]; + catchAll = [ "euer.eloop.org" ]; + + }; + }; + certificateScheme = 3; + + # Enable IMAP and POP3 + enableImap = true; + enablePop3 = false; + enableImapSsl = true; + enablePop3Ssl = false; + + # Enable the ManageSieve protocol + enableManageSieve = true; + + virusScanning = false; + + }; + + services.dovecot2.extraConfig = '' + ssl_dh = </var/lib/dhparams/dovecot.pem + ''; + # workaround for DH creation + # security.dhparams = { + # enable = true; + # params = { + # dovecot = 2048; + # }; + # }; + # systemd.services.dovecot2.requires = [ "dhparams-gen-dovecot.service" ]; + # systemd.services.dovecot2.after = [ "dhparams-gen-dovecot.service" ]; +} + diff --git a/makefu/2configs/mqtt.nix b/makefu/2configs/mqtt.nix index 39c9fdfdd..c56521812 100644 --- a/makefu/2configs/mqtt.nix +++ b/makefu/2configs/mqtt.nix @@ -4,6 +4,7 @@ enable = true; host = "0.0.0.0"; users = {}; + # TODO: secure that shit allowAnonymous = true; }; } diff --git a/makefu/2configs/nginx/euer.mon.nix b/makefu/2configs/nginx/euer.mon.nix index c5a7e68af..765fef535 100644 --- a/makefu/2configs/nginx/euer.mon.nix +++ b/makefu/2configs/nginx/euer.mon.nix @@ -10,7 +10,12 @@ let in { services.nginx = { enable = mkDefault true; - virtualHosts."mon.euer.krebsco.de" = { + virtualHosts."mon.euer.krebsco.de" = let + # flesh_wrap + authFile = pkgs.writeText "influx.conf" '' + user:$apr1$ZG9oQCum$FhtIe/cl3jf8Sa4zq/BWd1 + ''; + in { forceSSL = true; enableACME = true; locations."/" = { @@ -21,6 +26,17 @@ in { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ''; }; + locations."/influxdb/" = { + proxyPass = "http://wbob.r:8086/"; + extraConfig = '' + auth_basic "Needs Autherization to visit"; + auth_basic_user_file ${authFile}; + proxy_http_version 1.1; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_redirect off; + ''; + }; }; }; } diff --git a/makefu/2configs/nginx/iso.euer.nix b/makefu/2configs/nginx/iso.euer.nix new file mode 100644 index 000000000..701609d4b --- /dev/null +++ b/makefu/2configs/nginx/iso.euer.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: +let + system = builtins.currentSystem; #we can also build for other platforms + iso = (import <nixpkgs/nixos/lib/eval-config.nix> + { inherit system; + modules = [ ../../1systems/iso/config.nix ]; } + + ); + image = iso.config.system.build.isoImage; + name = iso.config.isoImage.isoName; + + drivedroid-cfg = builtins.toJSON [{ + id = "stockholm"; + imageUrl = http://krebsco.de/krebs-v2.png; + name = "stockholm"; + tags = [ "hybrid" ]; + url = http://krebsco.de; + releases = [ + { version = iso.config.system.nixos.label; + url = "/stockholm.iso"; + arch = system; } + ]; + # size = TODO; + }]; + web = pkgs.linkFarm "web" [{ + name = "drivedroid.json"; + path = pkgs.writeText "drivedroid.json" drivedroid-cfg; } + { name = "stockholm.iso"; + path = "${image}/iso/${name}"; } + ]; +in +{ + services.nginx = { + virtualHosts = { + "iso.euer.krebsco.de" = { + enableACME = true; + forceSSL = true; + root = web; + locations."/".index = "drivedroid.json"; + }; + }; + }; +} diff --git a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix index d0881a934..752612342 100644 --- a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix +++ b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix @@ -3,7 +3,7 @@ services.nginx = { enable = lib.mkDefault true; virtualHosts."misa-felix-hochzeit.ml" = { - serverAliases = [ "www.misa-felix-hochzeit.ml" "misa-felix.ml" "www.misa-felix.ml" ]; + serverAliases = [ "misa-felix.ml" "www.misa-felix.ml" ]; forceSSL = true; enableACME = true; locations = { diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix index b6e000a34..89121ffd6 100644 --- a/makefu/2configs/remote-build/slave.nix +++ b/makefu/2configs/remote-build/slave.nix @@ -1,11 +1,10 @@ -{ +{config,...}:{ nix.trustedUsers = [ "nixBuild" ]; users.users.nixBuild = { name = "nixBuild"; useDefaultShell = true; - # TODO: put this somewhere else openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild" + config.krebs.users.buildbotSlave.pubkey ]; }; } diff --git a/makefu/2configs/retroshare.nix b/makefu/2configs/retroshare.nix new file mode 100644 index 000000000..4d2fc6af9 --- /dev/null +++ b/makefu/2configs/retroshare.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +let + port = 9024; +in { + users.users.makefu.packages = [ + pkgs.retroshare + ]; + networking.firewall.allowedTCPPorts = [ port ]; + networking.firewall.allowedUDPPorts = [ port ]; +} diff --git a/makefu/2configs/share/gum-client.nix b/makefu/2configs/share/gum-client.nix index be9ab026b..db2adfb1c 100644 --- a/makefu/2configs/share/gum-client.nix +++ b/makefu/2configs/share/gum-client.nix @@ -17,6 +17,7 @@ in { "file_mode=0775" "dir_mode=0775" "uid=9001" + "vers=3" ]; }; diff --git a/makefu/2configs/share/omo-timemachine.nix b/makefu/2configs/share/omo-timemachine.nix new file mode 100644 index 000000000..18cf0328e --- /dev/null +++ b/makefu/2configs/share/omo-timemachine.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: +{ + services.samba = { + # support for timemachine in git + package = pkgs.sambaFull; + shares = { + time_machine = { + path = "/media/crypt3/backup/time_machine"; + "valid users" = "misa"; + public = "no"; + writeable = "yes"; + "force user" = "misa"; + "fruit:aapl" = "yes"; + "fruit:time machine" = "yes"; + "vfs objects" = "catia fruit streams_xattr"; + }; + }; + }; +} diff --git a/makefu/2configs/stats/external/weather2stats.nix b/makefu/2configs/stats/external/weather2stats.nix new file mode 100644 index 000000000..870db99a8 --- /dev/null +++ b/makefu/2configs/stats/external/weather2stats.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + pkg = pkgs.stdenv.mkDerivation { + name = "aralast-master"; + src = pkgs.fetchFromGitHub { + owner = "makefu"; + repo = "aralast"; + rev = "7121598"; + sha256 = "0vw027c698h9b69ksid5p3pji9960hd7n9xi4arrax0vfkwryb4m"; + }; + installPhase = '' + install -m755 -D aralast.sh $out/bin/aralast + ''; + }; +in { + systemd.services.aralast = { + description = "periodically fetch aramark"; + path = [ + pkgs.curl + pkgs.gnugrep + pkgs.gnused + ]; + wantedBy = [ "multi-user.target" ]; + environment = { + INFLUX_HOST = "localhost"; + INFLUX_PORT = "8086"; + }; + # every 10 seconds when the cantina is open + startAt = "Mon,Tue,Wed,Thu,Fri *-*-* 6,7,8,9,10,11,12,13,14,15:*:0,15,30,45"; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkg}/bin/aralast"; + PrivateTmp = true; + }; + }; +} diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix index 7548c733e..c8e768c99 100644 --- a/makefu/2configs/stats/server.nix +++ b/makefu/2configs/stats/server.nix @@ -2,11 +2,11 @@ with import <stockholm/lib>; let - irc-server = "rc.r"; + irc-server = "irc.r"; irc-nick = "m-alarm"; collectd-port = 25826; influx-port = 8086; - grafana-port = 3000; # TODO nginx forward + grafana-port = 3000; db = "collectd_db"; logging-interface = config.makefu.server.primary-itf; in { @@ -72,15 +72,16 @@ in { iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT - iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT - iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT - iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT + #iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT + #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT + #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT - ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT - ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT - ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT + #ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT + #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT + #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT ''; + state = [ "/var/lib/grafana/data/grafana.db" ]; } diff --git a/makefu/2configs/stats/telegraf/hamstats.nix b/makefu/2configs/stats/telegraf/hamstats.nix new file mode 100644 index 000000000..88c1b6d5d --- /dev/null +++ b/makefu/2configs/stats/telegraf/hamstats.nix @@ -0,0 +1,28 @@ +{ pkgs, ...}: + +let + genTopic = name: topic: tags: { + servers = [ "tcp://localhost:1883" ]; + username = "stats"; + password = builtins.readFile <secrets/mqtt/stats>; + qos = 0; + connection_timeout = "30s"; + topics = [ topic ]; + tags = tags; + persistent_session = false; + name_override = name; + data_format = "json"; + # json_query = tags.sensor; #TODO? + }; + hamStat = host: + sensor: + (genTopic sensor + "/ham/${host}/${sensor}/tele/SENSOR" + {"host" = host; + "scope" = "ham"; + "sensor" = sensor; + } ); + bme = host: [(hamStat host "BME280")]; +in { + services.telegraf.extraConfig.inputs.mqtt_consumer = (bme "schlafzimmer"); +} diff --git a/makefu/2configs/syncthing.nix b/makefu/2configs/syncthing.nix index 6b758ea2d..bc7413a0a 100644 --- a/makefu/2configs/syncthing.nix +++ b/makefu/2configs/syncthing.nix @@ -1,11 +1,17 @@ -{...}: +{ config, ... }: with import <stockholm/lib>; { services.syncthing = { enable = true; openDefaultPorts = true; - useInotify = true; group = "download"; }; users.extraGroups.download.gid = genid "download"; + state = map (x: config.services.syncthing.dataDir + "/" + x) [ + "key.pem" + "cert.pem" + "config.xml" + "https-cert.pem" + "https-key.pem" + ]; } diff --git a/makefu/2configs/tinc/retiolum.nix b/makefu/2configs/tinc/retiolum.nix index c55b94466..98abb2406 100644 --- a/makefu/2configs/tinc/retiolum.nix +++ b/makefu/2configs/tinc/retiolum.nix @@ -1,7 +1,8 @@ -_: +{ pkgs, ... }: { imports = [ ../binary-cache/lass.nix ]; krebs.tinc.retiolum.enable = true; + environment.systemPackages = [ pkgs.tinc ]; } diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix index 604288904..33e896d4c 100644 --- a/makefu/2configs/tools/core.nix +++ b/makefu/2configs/tools/core.nix @@ -3,9 +3,11 @@ # tools i use when actually working with the host. # package version will now be maintained by nix-rebuild # -# essentially `nix-env -q` of the main user { environment.systemPackages = with pkgs; [ + ( pkgs.writeScriptBin "unknow" ''#!/bin/sh +${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts + '') at_spi2_core acpi bc diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index b652241bd..09ee63498 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -20,9 +20,7 @@ brain gen-oath-safe cdrtools - stockholm # nix related - nix-repl nix-index # git-related tig diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 3d26cc574..1c28eeffd 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -6,6 +6,7 @@ gimp inkscape libreoffice + quodlibet # skype synergy tdesktop diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index 35faaa29f..a61b6c88e 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -3,11 +3,14 @@ { users.users.makefu.packages = with pkgs; [ kodi - streamripper - youtube-dl calibre vlc mumble mplayer + quodlibet + + plowshare + streamripper + youtube-dl ]; } diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index 1993a5212..8a559dbbd 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -3,7 +3,11 @@ users.users.makefu.packages = with pkgs;[ go-mtpfs mosh + sshfs + rclone + exfat + (pkgs.callPackage ./secrets.nix {}) ]; - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; } diff --git a/makefu/2configs/tools/secrets.nix b/makefu/2configs/tools/secrets.nix new file mode 100644 index 000000000..f88618cbc --- /dev/null +++ b/makefu/2configs/tools/secrets.nix @@ -0,0 +1,12 @@ +{ pass, write, writeDash, ... }: + +write "secrets" { + "/bin/secrets".link = writeDash "brain" '' + PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \ + exec ${pass}/bin/pass $@ + ''; + "/bin/secretsmenu".link = writeDash "secretsmenu" '' + PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \ + exec ${pass}/bin/passmenu $@ + ''; +} diff --git a/makefu/2configs/wireguard/server.nix b/makefu/2configs/wireguard/server.nix new file mode 100644 index 000000000..e38fa05cb --- /dev/null +++ b/makefu/2configs/wireguard/server.nix @@ -0,0 +1,52 @@ +{ config, ... }: +let + ext-if = config.makefu.server.primary-itf; +in { # wireguard server + + # opkg install wireguard luci-proto-wireguard + + # TODO: networking.nat + + # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + # conf.all.proxy_arp =1 + networking.firewall = { + allowedUDPPorts = [ 51820 ]; + extraCommands = '' + iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE + ''; + }; + + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.1/24" ]; + listenPort = 51820; + privateKeyFile = (toString <secrets>) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [ + { + # x + allowedIPs = [ "10.244.0.2/32" ]; + publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + } + { + # vbob + allowedIPs = [ "10.244.0.3/32" ]; + publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; + } + { + # x-test + allowedIPs = [ "10.244.0.4/32" ]; + publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; + } + { + # work-router + allowedIPs = [ "10.244.0.5/32" ]; + publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; + } + { + # workr + allowedIPs = [ "10.244.0.6/32" ]; + publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; + } + ]; + }; +} diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 6be078f6a..23ae572da 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -68,6 +68,8 @@ in compdef _pass brain zstyle ':completion::complete:brain::' prefix "$HOME/brain" + compdef _pass secrets + zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/" # ctrl-x ctrl-e autoload -U edit-command-line diff --git a/makefu/3modules/airdcpp.nix b/makefu/3modules/airdcpp.nix new file mode 100644 index 000000000..5250ee67a --- /dev/null +++ b/makefu/3modules/airdcpp.nix @@ -0,0 +1,210 @@ +{ config, lib, pkgs, ... }: +with import <stockholm/lib>; #genid +let + cfg = config.makefu.airdcpp; + + out = { + options.makefu.airdcpp = api; + config = lib.mkIf cfg.enable imp; + }; + + api = with types;{ + enable = mkEnableOption "airdcpp"; + + package = mkOption { + type = package; + default = pkgs.airdcpp-webclient; + }; + + user = mkOption { + description = '' + user which will run udpt. if kept default a new user will be created + ''; + type = str; + default = "airdcpp"; + }; + extraGroups = mkOption { + description = ''extra groups for the user (only for default user)''; + type = listOf str; + default = []; + example = [ "nginx" ]; + }; + + stateDir = mkOption { + description = '' + directory for storing state (pid,config) + ''; + type = str; + default = "/var/lib/airdcpp"; + }; + dcpp = { + Nick = mkOption { + description = '' + Nick Name for connection + ''; + type = str; + default = "kevin"; + }; + InPort = mkOption { + description = "Input Port"; + type = int; + default = 16849; + }; + UDPPort = mkOption { + description = "UDP open Port"; + type = int; + default = 16849; + }; + TLSPort = mkOption { + description = "TLS open Port"; + type = int; + default = 16869; + }; + DownloadSpeed = mkOption { + description = "Total Download Speed in Mbps/s"; + type = str; + default = "100"; + }; + UploadSpeed = mkOption { + description = "Total Upload Speed in Mbp/s"; + type = str; + default = "100"; + }; + shares = mkOption { + default = {}; + type = attrsOf (submodule ( { config, ... }: { + options = { + path = mkOption { + description = "path to the share"; + type = str; + }; + incoming = mkOption { + description = "incoming"; + type = bool; + default = false; + }; + }; + })); + }; + initialConfigFile = mkOption { + description = '' + path inital DCPlusPlus.xml configuration if none exists + ''; + type = nullOr path; + default = null; + }; + }; + web = { + port = mkOption { + description = ''web-ui port + + NOTE: once the initial config had been written to the state directory it will not be replaced + ''; + type = int; + default = 5600; + }; + initialConfigFile = mkOption { + description = '' + path inital WebServer.xml configuration if none exists + ''; + type = nullOr path; + default = null; + }; + # TODO: tlsPort + users = mkOption { + type = attrsOf (submodule ( { config, ... }: { + options = { + password = mkOption { + description = "password of user"; + type = str; + }; + permissions = mkOption { + description = "user permissions"; + type = str; + default = "admin"; + }; + }; + })); + }; + }; + }; + + imp = let + genUsers = users: concatMapStringsSep "\n" (user: + ''<WebUser Username="${user.name}" Password="${user.password}" LastLogin="0" Permissions="${user.permissions}"/>'' ) + (mapAttrsToList (name: val: val // { inherit name; }) users); + genShares = shares: concatMapStringsSep "\n" (share: + ''<Directory Virtual="stockholm" Incoming="${ + if share.incoming then "1" else "0" + }" LastRefreshTime="0">${share.path}</Directory>'' ) + (mapAttrsToList (name: val: val // { inherit name; }) shares); + webConfigFile = if (cfg.web.initialConfigFile == null) then builtins.trace "warning: airdcpp passwords are stored in plain text" pkgs.writeText "initial-config" '' + <?xml version="1.0" encoding="utf-8" standalone="yes"?> + <WebServer> + <Config> + <Server Port="${toString cfg.web.port}"/> + <TLSServer Port="0" Certificate="" CertificateKey=""/> + </Config> + <WebUsers>${genUsers cfg.web.users} + </WebUsers> + </WebServer> + '' else cfg.web.initialConfigFile; + dcppConfigFile = if (cfg.dcpp.initialConfigFile == null) then pkgs.writeText "initial-config" '' + <?xml version="1.0" encoding="utf-8" standalone="yes"?> + <DCPlusPlus> + <Settings> + <Nick type="string">${cfg.dcpp.Nick}</Nick> + <ConfigVersion type="string">${cfg.package.version}</ConfigVersion> + <InPort type="int">${toString cfg.dcpp.InPort}</InPort> + <UDPPort type="int">${toString cfg.dcpp.UDPPort}</UDPPort> + <TLSPort type="int">${toString cfg.dcpp.TLSPort}</TLSPort> + <ConfigBuildNumber type="int">0</ConfigBuildNumber> + <AutoDetectIncomingConnection type="int">0</AutoDetectIncomingConnection> + <NoIpOverride type="int">1</NoIpOverride> + <WizardRunNew type="int">0</WizardRunNew> + <IPUpdate type="int">0</IPUpdate> + <AlwaysCCPM type="int">1</AlwaysCCPM> + <DownloadSpeed type="string">${cfg.dcpp.DownloadSpeed}</DownloadSpeed> + <UploadSpeed type="string">${cfg.dcpp.UploadSpeed}</UploadSpeed> + </Settings> + <Share Token="0" Name="Default"> + ${genShares cfg.dcpp.shares} + <NoShare/> + </Share> + <ChatFilterItems/> + </DCPlusPlus> + '' else cfg.dcpp.initialConfigFile; + in { + systemd.services.airdcpp = { + description = "airdcpp webui"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + restartIfChanged = true; + serviceConfig = { + Type = "simple"; + ExecStartPre = pkgs.writeDash "prepare-env" '' + d=${cfg.stateDir}/WebServer.xml + test -e $d || install -m700 -o${cfg.user} ${webConfigFile} $d + d=${cfg.stateDir}/DCPlusPlus.xml + test -e $d || install -m700 -o${cfg.user} ${dcppConfigFile} $d + ''; + PermissionsStartOnly = true; + ExecStart = "${cfg.package}/bin/airdcppd -c=${cfg.stateDir} -p=${cfg.stateDir}/airdcpp.pid"; + PrivateTmp = true; + WorkingDirectory = cfg.stateDir; + User = "${cfg.user}"; + }; + }; + users = lib.mkIf (cfg.user == "airdcpp") { + users.airdcpp = { + uid = genid "airdcpp"; + home = cfg.stateDir; + createHome = true; + inherit (cfg) extraGroups; + }; + groups.airdcpp.gid = genid "airdcpp"; + }; + }; +in +out + diff --git a/makefu/5pkgs/airdcpp-webclient/default.nix b/makefu/5pkgs/airdcpp-webclient/default.nix new file mode 100644 index 000000000..361a7da65 --- /dev/null +++ b/makefu/5pkgs/airdcpp-webclient/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchurl +}: +stdenv.mkDerivation rec { + name = "airdcpp-webclient-${version}"; + version = "2.3.0"; + + src = fetchurl { + url = http://web-builds.airdcpp.net/stable/airdcpp_2.3.0_webui-2.3.0_64-bit_portable.tar.gz; + sha256 = "0yvcl0nc70fghc7vfsgvbpryi5q97arld8adql4way4qa0mdnyv1"; + }; + + phases = [ "unpackPhase" "installPhase" ]; + installPhase = '' + mkdir -p $out/{share,bin} + cp -r * $out/share + ln -s $out/share/airdcppd $out/bin/ + ''; + + meta = with stdenv.lib; { + # to start it: airdcpp -p=<pid-file> -c=<config-store-path (must be writeable)> --configure + description = "dcpp client (statically precompiled)"; + homepage = http://fixme; + license = licenses.gpl3; + maintainers = with maintainers; [ makefu ]; + platforms = with platforms; linux; + }; +} diff --git a/makefu/5pkgs/bento4/default.nix b/makefu/5pkgs/bento4/default.nix index 07c64a101..6f5f1deba 100644 --- a/makefu/5pkgs/bento4/default.nix +++ b/makefu/5pkgs/bento4/default.nix @@ -1,5 +1,4 @@ { stdenv, fetchFromGitHub -, pkgconfig , cmake }: stdenv.mkDerivation rec { @@ -13,7 +12,7 @@ stdenv.mkDerivation rec { sha256 = "1cq6vhrq3n3lc1n454slbc66qdyqam2srxgdhfpyfxbq5c4y06nf"; }; - nativeBuildInputs = [ cmake pkgconfig ]; + nativeBuildInputs = [ cmake ]; installPhase = '' mkdir -p $out/{lib,bin} find -iname '*.so' -exec mv --target-directory="$out/lib" {} \; diff --git a/makefu/5pkgs/cozy-audiobooks/default.nix b/makefu/5pkgs/cozy-audiobooks/default.nix index f1d655a0a..870fa8ce2 100644 --- a/makefu/5pkgs/cozy-audiobooks/default.nix +++ b/makefu/5pkgs/cozy-audiobooks/default.nix @@ -85,13 +85,9 @@ stdenv.mkDerivation rec { ninja test ''; - #preInstall = '' - # export MESON_INSTALL_PREFIX=$out - #''; - meta = with stdenv.lib; { description = '' - Eval nix code from python. + A modern audio book player for Linux using GTK+ 3 ''; maintainers = [ maintainers.makefu ]; license = licenses.mit; diff --git a/makefu/5pkgs/custom/quodlibet/remove-override-warning.patch b/makefu/5pkgs/custom/quodlibet/remove-override-warning.patch new file mode 100644 index 000000000..0f9d41024 --- /dev/null +++ b/makefu/5pkgs/custom/quodlibet/remove-override-warning.patch @@ -0,0 +1,54 @@ +diff --git a/quodlibet/qltk/edittags.py b/quodlibet/quodlibet/qltk/edittags.py +index 148866ef7..e741b9c3d 100644 +--- a/quodlibet/qltk/edittags.py ++++ b/quodlibet/qltk/edittags.py +@@ -740,13 +740,6 @@ class EditTags(Gtk.VBox): + win.show() + all_done = False + for song in songs: +- if not song.valid(): +- win.hide() +- dialog = OverwriteWarning(self, song) +- resp = dialog.run() +- win.show() +- if resp != OverwriteWarning.RESPONSE_SAVE: +- break + + changed = False + for key, values in iteritems(updated): +diff --git a/quodlibet/qltk/tagsfrompath.py b/quodlibet/quodlibet/qltk/tagsfrompath.py +index fd3f0709c..cb5b44f20 100644 +--- a/quodlibet/qltk/tagsfrompath.py ++++ b/quodlibet/qltk/tagsfrompath.py +@@ -284,13 +284,6 @@ class TagsFromPath(Gtk.VBox): + for entry in ((model and itervalues(model)) or []): + song = entry.song + changed = False +- if not song.valid(): +- win.hide() +- dialog = OverwriteWarning(self, song) +- resp = dialog.run() +- win.show() +- if resp != OverwriteWarning.RESPONSE_SAVE: +- break + + for i, h in enumerate(pattern.headers): + text = entry.get_match(h) +diff --git a/quodlibet/qltk/tracknumbers.py b/quodlibet/quodlibet/qltk/tracknumbers.py +index 1ab4d0b9a..52f087db4 100644 +--- a/quodlibet/qltk/tracknumbers.py ++++ b/quodlibet/qltk/tracknumbers.py +@@ -160,13 +160,6 @@ class TrackNumbers(Gtk.VBox): + if song.get("tracknumber") == track: + win.step() + continue +- if not song.valid(): +- win.hide() +- dialog = OverwriteWarning(self, song) +- resp = dialog.run() +- win.show() +- if resp != OverwriteWarning.RESPONSE_SAVE: +- break + song["tracknumber"] = track + try: + song.write() diff --git a/makefu/5pkgs/custom/quodlibet/single-digit-discnumber.patch b/makefu/5pkgs/custom/quodlibet/single-digit-discnumber.patch new file mode 100644 index 000000000..05778fde7 --- /dev/null +++ b/makefu/5pkgs/custom/quodlibet/single-digit-discnumber.patch @@ -0,0 +1,13 @@ +diff --git a/quodlibet/pattern/_pattern.py b/quodlibet/pattern/_pattern.py +index fc056d07a..8fb559c6e 100644 +--- a/quodlibet/pattern/_pattern.py ++++ b/quodlibet/pattern/_pattern.py +@@ -387,7 +387,7 @@ def _number(key, value): + elif key == "discnumber": + parts = value.split("/") + try: +- return "%02d" % int(parts[0]) ++ return "%d" % int(parts[0]) + except (TypeError, ValueError): + return value + else: diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 390c13ffe..390aabd73 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -20,6 +20,10 @@ with super.lib; with builtins; let (filterAttrs (_: eq "directory") (readDir path)); in { + quodlibet = super.pkgs.stdenv.lib.overrideDerivation super.quodlibet (old: { + patches = [ ./custom/quodlibet/single-digit-discnumber.patch + ./custom/quodlibet/remove-override-warning.patch ]; + }); alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";}; @@ -29,15 +33,6 @@ in { inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: { patches = [ ./custom/inkscape/dxf_fix.patch ]; }); - pwqgen-ger = callPackage <stockholm/krebs/5pkgs/simple/passwdqc-utils> { - wordset-file = super.pkgs.fetchurl { - urls = [ - https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c - https://archive.org/download/nixos-stockholm-tarballs/pviar5j1gxiqcf3l34b4n2pil06xc8zf-wordset_4k.c - ]; - sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb"; - }; - }; } // (mapAttrs (_: flip callPackage {}) diff --git a/makefu/5pkgs/esniper/default.nix b/makefu/5pkgs/esniper/default.nix new file mode 100644 index 000000000..a6aac5748 --- /dev/null +++ b/makefu/5pkgs/esniper/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchurl , openssl, curl, coreutils, gawk, bash, which }: + +stdenv.mkDerivation rec { + name = "${pname}-2-35-0"; + pname = "esniper"; + version = "2.35.0"; + src = fetchurl { + url = "mirror://sourceforge/${pname}/${name}.tgz"; + sha256 = "04iwjb42lw90c03125bjdpnm0fp78dmwf2j35r7mah0nwcrlagd9"; + }; + + + buildInputs = [ openssl curl ]; + + # Add support for CURL_CA_BUNDLE variable. + # Fix <http://sourceforge.net/p/esniper/bugs/648/>. + patches = [ ./find-ca-bundle.patch ]; + + postInstall = '' + sed <"frontends/snipe" >"$out/bin/snipe" \ + -e "2i export PATH=\"$out/bin:${stdenv.lib.makeBinPath [ coreutils gawk bash which ]}:\$PATH\"" + chmod 555 "$out/bin/snipe" + ''; + + meta = with stdenv.lib; { + description = "Simple, lightweight tool for sniping eBay auctions"; + homepage = http://esniper.sourceforge.net; + license = licenses.gpl2; + maintainers = with maintainers; [ lovek323 peti ]; + platforms = platforms.all; + }; +} diff --git a/makefu/5pkgs/esniper/find-ca-bundle.patch b/makefu/5pkgs/esniper/find-ca-bundle.patch new file mode 100644 index 000000000..e4df272a0 --- /dev/null +++ b/makefu/5pkgs/esniper/find-ca-bundle.patch @@ -0,0 +1,26 @@ +diff -ubr '--exclude=*.o' esniper-2-27-0-orig/http.c esniper-2-27-0-patched/http.c +--- esniper-2-27-0-orig/http.c 2012-02-06 22:04:06.000000000 +0100 ++++ esniper-2-27-0-patched/http.c 2012-07-27 10:54:20.893054646 +0200 +@@ -200,6 +200,9 @@ + int + initCurlStuff(void) + { ++ /* Path to OpenSSL bundle file. */ ++ const char *ssl_capath=NULL; ++ + /* list for custom headers */ + struct curl_slist *slist=NULL; + +@@ -241,6 +244,12 @@ + if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_COOKIEFILE, ""))) + return initCurlStuffFailed(); + ++ /* If the environment variable CURL_CA_BUNDLE is set, pass through its ++ * contents to curl. */ ++ if ((ssl_capath = getenv("CURL_CA_BUNDLE"))) ++ if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_CAINFO, ssl_capath))) ++ return initCurlStuffFailed(); ++ + slist = curl_slist_append(slist, "Accept: text/*"); + slist = curl_slist_append(slist, "Accept-Language: en"); + slist = curl_slist_append(slist, "Accept-Charset: iso-8859-1,*,utf-8"); diff --git a/makefu/5pkgs/pavumeter/default.nix b/makefu/5pkgs/pavumeter/default.nix new file mode 100644 index 000000000..b1822530a --- /dev/null +++ b/makefu/5pkgs/pavumeter/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchurl, libusb, libtool, autoconf, pkgconfig, git, +gettext, automake, libxml2 +, autoreconfHook +, lynx +, gtkmm2 +, libpulseaudio +, gnome2 +, libsigcxx +}: +stdenv.mkDerivation rec { + pname = "pavumeter"; + name = "${pname}-${version}"; + version = "0.9.3"; + + src = fetchurl { + url = "http://0pointer.de/lennart/projects/${pname}/${name}.tar.gz"; + sha256 = "0yq67w8j8l1xsv8pp37bylax22npd6msbavr6pb25yvyq825i3gx"; + }; + + buildInputs = [ gtkmm2 libpulseaudio gnome2.gnome_icon_theme ]; + nativeBuildInputs = [ pkgconfig autoreconfHook lynx ]; + + meta = { + description = "PulseAudio volumene meter"; + homepage = http://0pointer.de/lennart/projects/pavumeter; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ makefu ]; + }; +} diff --git a/makefu/krops.nix b/makefu/krops.nix index 3838db635..ddb4afece 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -18,17 +18,20 @@ unstable = false; #unstable channel checked out mic92 = false; nms = false; + arm6 = false; clever_kexec = false; + home-manager = false; } // import (./. + "/1systems/${name}/source.nix"); source = { test }: lib.evalSource [ { - # nixos-18.03 @ 2018-08-06 - # + do_sqlite3 ruby: 55a952be5b5 - # + exfat-nofuse bump: ee6a5296a35 + # nixos-18.09 @ 2018-09-18 # + uhub/sqlite: 5dd7610401747 nixpkgs = if test || host-src.full then { git.ref = nixpkgs-src.rev; git.url = nixpkgs-src.url; + } else if host-src.arm6 then { + # TODO: we want to track the unstable channel + symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/"; } else { file = "/home/makefu/store/${nixpkgs-src.rev}"; }; @@ -66,6 +69,12 @@ ref = "30fdd53"; }; }) + (lib.mkIf ( host-src.home-manager ) { + home-manager.git = { + url = https://github.com/rycee/home-manager; + ref = "6eea2a4"; + }; + }) ]; in { diff --git a/makefu/source.nix b/makefu/source.nix deleted file mode 100644 index 82a41886b..000000000 --- a/makefu/source.nix +++ /dev/null @@ -1,122 +0,0 @@ -with import <stockholm/lib>; -host@{ name, - override ? {} -, secure ? false -, full ? false -, torrent ? false -, hw ? false -, musnix ? false -, python ? false -, unstable ? false #unstable channel checked out -, mic92 ? false -, nms ? false -, clever_kexec ?false -}: -let - builder = if getEnv "dummy_secrets" == "true" - then "buildbot" - else "makefu"; - _file = <stockholm> + "/makefu/1systems/${name}/source.nix"; - pkgs = import <nixpkgs> { - overlays = map import [ - <stockholm/krebs/5pkgs> - <stockholm/submodules/nix-writers/pkgs> - ]; - }; - # TODO: automate updating of this ref + cherry-picks - ref = "8f991294288"; # nixos-18.03 @ 2018-08-06 - # + do_sqlite3 ruby: 55a952be5b5 - # + exfat-nofuse bump: ee6a5296a35 - # + uhub/sqlite: 5dd7610401747 - -in - evalSource (toString _file) [ - { - nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix"; - # always perform a full populate when buildbot - nixpkgs = if full || (builder == "buildbot" ) then { - git = { - url = https://github.com/makefu/nixpkgs; - inherit ref; - }; - } else { - # right now it is simply extracted revision folder - - ## prepare so we do not have to wait for rsync: - ## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff -L | tar zx && mv NixOS-nixpkgs-125ffff nixpkgs - file = "/home/makefu/store/${ref}"; - }; - - secrets = getAttr builder { - buildbot.file = toString <stockholm/makefu/0tests/data/secrets>; - makefu.pass = { - inherit name; - dir = "${getEnv "HOME"}/.secrets-pass"; - }; - }; - - - stockholm.file = toString <stockholm>; - stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; - } - (mkIf ( musnix ) { - musnix.git = { - url = https://github.com/musnix/musnix.git; - ref = "master"; # follow the musnix channel, lets see how this works out - }; - }) - - (mkIf ( hw ) { - nixos-hardware.git = { - url = https://github.com/nixos/nixos-hardware.git; - ref = "30fdd53"; - }; - }) - - (mkIf ( python ) { - python.git = { - url = https://github.com/garbas/nixpkgs-python; - ref = "cac319b7"; - }; - }) - - (mkIf ( torrent ) { - torrent-secrets = getAttr builder { - buildbot.file = toString <stockholm/makefu/0tests/data/secrets>; - makefu.pass = { - name = "torrent"; - dir = "${getEnv "HOME"}/.secrets-pass"; - }; - }; - }) - - (mkIf ( unstable ) { - nixpkgs-unstable.git = { - url = https://github.com/nixos/nixpkgs-channels; - ref = "nixos-unstable"; - }; - }) - - (mkIf ( mic92 ) { - mic92.git = { - url = https://github.com/Mic92/dotfiles/; - ref = "48a1f49"; - }; - }) - - (mkIf ( nms ) { - nms.git = { - url = https://github.com/r-raymond/nixos-mailserver; - ref = "v2.1.2"; - }; - }) - - (mkIf ( clever_kexec ) { - clever_kexec.git = { - url = https://github.com/cleverca22/nix-tests; - ref = "5a670de7f2decfaafc95c34ffeb0f1896662f3d7"; - }; - }) - - override - ] |