From c6b4c7920fd9c0eb11f3bd3c5602980934fafd20 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:39:03 +0200 Subject: ma gum.r: handle new domain --- makefu/1systems/gum/config.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'makefu/1systems') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 40fa233d3..578e4add8 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -64,8 +64,10 @@ in { + # + @@ -222,6 +224,8 @@ in { 25 # http 80 443 + # httptunnel + 8080 8443 # tinc 655 # tinc-shack -- cgit v1.2.3 From a2c1afe2a253589bc38380a75c7b156216b40667 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:39:44 +0200 Subject: ma x.r: allow automatic mounting by pcmanfm --- makefu/1systems/x/config.nix | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index f72f2a15b..483fc81e5 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -141,14 +141,47 @@ with import ; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio hardware.bluetooth.enable = true; } - { # auto-mounting + { # auto-mounting via polkit services.udisks2.enable = true; - services.devmon.enable = true; + ## automount all disks: + # services.devmon.enable = true; # services.gnome3.gvfs.enable = true; + users.groups.storage = { + gid = genid "storage"; + members = [ "makefu" ]; + }; users.users.makefu.packages = with pkgs;[ gvfs pcmanfm lxmenu-data ]; environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; + + ## allow users in group "storage" to mount disk + # https://github.com/coldfix/udiskie/wiki/Permissions + security.polkit.extraConfig = + '' + polkit.addRule(function(action, subject) { + var YES = polkit.Result.YES; + var permission = { + "org.freedesktop.udisks.filesystem-mount": YES, + "org.freedesktop.udisks.luks-unlock": YES, + "org.freedesktop.udisks.drive-eject": YES, + "org.freedesktop.udisks.drive-detach": YES, + "org.freedesktop.udisks2.filesystem-mount": YES, + "org.freedesktop.udisks2.encrypted-unlock": YES, + "org.freedesktop.udisks2.eject-media": YES, + "org.freedesktop.udisks2.power-off-drive": YES, + "org.freedesktop.udisks2.filesystem-mount-other-seat": YES, + "org.freedesktop.udisks2.filesystem-unmount-others": YES, + "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES, + "org.freedesktop.udisks2.eject-media-other-seat": YES, + "org.freedesktop.udisks2.power-off-drive-other-seat": YES + }; + if (subject.isInGroup("storage")) { + return permission[action.id]; + } + }); + ''; + } ]; @@ -170,6 +203,7 @@ with import ; networking.extraHosts = '' 192.168.1.11 omo.local + 80.92.65.53 www.wifionice.de wifionice.de ''; # hard dependency because otherwise the device will not be unlocked boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; -- cgit v1.2.3 From 0d4bb21df59c08eccf5db522242d3cb80f2b9425 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:44:06 +0200 Subject: ma automatic-diskmount: put into separate config --- makefu/1systems/x/config.nix | 42 ------------------------------------------ 1 file changed, 42 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 483fc81e5..93bb27efe 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -141,48 +141,6 @@ with import ; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio hardware.bluetooth.enable = true; } - { # auto-mounting via polkit - services.udisks2.enable = true; - ## automount all disks: - # services.devmon.enable = true; - # services.gnome3.gvfs.enable = true; - users.groups.storage = { - gid = genid "storage"; - members = [ "makefu" ]; - }; - users.users.makefu.packages = with pkgs;[ - gvfs pcmanfm lxmenu-data - ]; - environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; - - ## allow users in group "storage" to mount disk - # https://github.com/coldfix/udiskie/wiki/Permissions - security.polkit.extraConfig = - '' - polkit.addRule(function(action, subject) { - var YES = polkit.Result.YES; - var permission = { - "org.freedesktop.udisks.filesystem-mount": YES, - "org.freedesktop.udisks.luks-unlock": YES, - "org.freedesktop.udisks.drive-eject": YES, - "org.freedesktop.udisks.drive-detach": YES, - "org.freedesktop.udisks2.filesystem-mount": YES, - "org.freedesktop.udisks2.encrypted-unlock": YES, - "org.freedesktop.udisks2.eject-media": YES, - "org.freedesktop.udisks2.power-off-drive": YES, - "org.freedesktop.udisks2.filesystem-mount-other-seat": YES, - "org.freedesktop.udisks2.filesystem-unmount-others": YES, - "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES, - "org.freedesktop.udisks2.eject-media-other-seat": YES, - "org.freedesktop.udisks2.power-off-drive-other-seat": YES - }; - if (subject.isInGroup("storage")) { - return permission[action.id]; - } - }); - ''; - - } ]; -- cgit v1.2.3 From bb41144dc0e18ea704ebea00f5f2da0573a443cc Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 4 Apr 2018 14:44:28 +0200 Subject: ma wbob.r: put self into pulse group --- makefu/1systems/wbob/config.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'makefu/1systems') diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index cfbcf0e9c..42f3bddb1 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -33,6 +33,9 @@ in { + { + users.users.makefu.extraGroups = [ "pulse" ]; + } # Sensors @@ -121,6 +124,7 @@ in { networking.firewall.allowedTCPPorts = [ 655 8081 #smokeping + 8086 #influx 49152 ]; networking.firewall.trustedInterfaces = [ "enp0s25" ]; -- cgit v1.2.3 From 309124175425cb7abd6dad166f485ae832435562 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 25 Apr 2018 14:50:06 +0200 Subject: ma gum.r: expose euer.mon --- makefu/1systems/gum/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu/1systems') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 578e4add8..9b6d9d571 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -62,6 +62,7 @@ in { ## Web + # -- cgit v1.2.3 From 4f4c06d9f9494e627f67d73e13b3cf5003d4caeb Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:46:46 +0200 Subject: ma gum: deploy kexec --- makefu/1systems/gum/source.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu/1systems') diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix index b3ce743ca..e3ca472e4 100644 --- a/makefu/1systems/gum/source.nix +++ b/makefu/1systems/gum/source.nix @@ -1,4 +1,5 @@ import { name="gum"; torrent = true; + clever_kexec = true; } -- cgit v1.2.3 From e26634bb487a37553d12fc4335a8c1f278cbcf93 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:48:31 +0200 Subject: ma wbob.r: allow port 3000 --- makefu/1systems/wbob/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 42f3bddb1..3cf3274f9 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -52,9 +52,10 @@ in { db = "collectd_db"; logging-interface = "enp0s25"; in { + networking.firewall.allowedTCPPorts = [ 3000 ]; + services.grafana.enable = true; services.grafana.addr = "0.0.0.0"; - services.influxdb.enable = true; services.influxdb.extraConfig = { meta.hostname = config.krebs.build.host.name; -- cgit v1.2.3 From dd71e3f657fb8680a83a47cc2e9bc7a0478240be Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:49:02 +0200 Subject: ma omo.r: re-enable torrent --- makefu/1systems/omo/config.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index bed6ae9fd..a85d5f5ce 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -50,6 +50,7 @@ in { + # # # @@ -85,7 +86,7 @@ in { # - # + # # @@ -100,7 +101,7 @@ in { makefu.full-populate = true; makefu.server.primary-itf = primaryInterface; krebs.rtorrent = { - downloadDir = lib.mkForce "/media/crypt0/torrent"; + downloadDir = lib.mkForce "/media/cryptX/torrent"; extraConfig = '' upload_rate = 200 ''; -- cgit v1.2.3