From c6b4c7920fd9c0eb11f3bd3c5602980934fafd20 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 4 Apr 2018 14:39:03 +0200
Subject: ma gum.r: handle new domain

---
 makefu/1systems/gum/config.nix | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 40fa233d3..578e4add8 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -64,8 +64,10 @@ in {
       <stockholm/makefu/2configs/nginx/euer.test.nix>
       <stockholm/makefu/2configs/nginx/euer.wiki.nix>
       <stockholm/makefu/2configs/nginx/euer.blog.nix>
+      # <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
       <stockholm/makefu/2configs/nginx/public_html.nix>
       <stockholm/makefu/2configs/nginx/update.connector.one.nix>
+      <stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix>
 
       <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
       <stockholm/makefu/2configs/deployment/graphs.nix>
@@ -222,6 +224,8 @@ in {
           25
           # http
           80 443
+          # httptunnel
+          8080 8443
           # tinc
           655
           # tinc-shack
-- 
cgit v1.2.3


From a2c1afe2a253589bc38380a75c7b156216b40667 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 4 Apr 2018 14:39:44 +0200
Subject: ma x.r: allow automatic mounting by pcmanfm

---
 makefu/1systems/x/config.nix | 38 ++++++++++++++++++++++++++++++++++++--
 1 file changed, 36 insertions(+), 2 deletions(-)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index f72f2a15b..483fc81e5 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -141,14 +141,47 @@ with import <stockholm/lib>;
         # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
         hardware.bluetooth.enable = true;
       }
-      { # auto-mounting
+      { # auto-mounting via polkit
         services.udisks2.enable = true;
-        services.devmon.enable = true;
+        ## automount all disks:
+        # services.devmon.enable = true;
         # services.gnome3.gvfs.enable = true;
+        users.groups.storage = {
+          gid = genid "storage";
+          members = [ "makefu" ];
+        };
         users.users.makefu.packages = with pkgs;[
           gvfs pcmanfm lxmenu-data
         ];
         environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
+
+        ## allow users in group "storage" to mount disk
+        # https://github.com/coldfix/udiskie/wiki/Permissions
+        security.polkit.extraConfig =
+        ''
+        polkit.addRule(function(action, subject) {
+            var YES = polkit.Result.YES;
+            var permission = {
+            "org.freedesktop.udisks.filesystem-mount": YES,
+            "org.freedesktop.udisks.luks-unlock": YES,
+            "org.freedesktop.udisks.drive-eject": YES,
+            "org.freedesktop.udisks.drive-detach": YES,
+            "org.freedesktop.udisks2.filesystem-mount": YES,
+            "org.freedesktop.udisks2.encrypted-unlock": YES,
+            "org.freedesktop.udisks2.eject-media": YES,
+            "org.freedesktop.udisks2.power-off-drive": YES,
+            "org.freedesktop.udisks2.filesystem-mount-other-seat": YES,
+            "org.freedesktop.udisks2.filesystem-unmount-others": YES,
+            "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
+            "org.freedesktop.udisks2.eject-media-other-seat": YES,
+            "org.freedesktop.udisks2.power-off-drive-other-seat": YES
+            };
+            if (subject.isInGroup("storage")) {
+              return permission[action.id];
+            }
+        });
+        '';
+
       }
 
     ];
@@ -170,6 +203,7 @@ with import <stockholm/lib>;
 
   networking.extraHosts = ''
     192.168.1.11  omo.local
+    80.92.65.53 www.wifionice.de wifionice.de
   '';
   # hard dependency because otherwise the device will not be unlocked
   boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
-- 
cgit v1.2.3


From 0d4bb21df59c08eccf5db522242d3cb80f2b9425 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 4 Apr 2018 14:44:06 +0200
Subject: ma automatic-diskmount: put into separate config

---
 makefu/1systems/x/config.nix | 42 ------------------------------------------
 1 file changed, 42 deletions(-)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 483fc81e5..93bb27efe 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -141,48 +141,6 @@ with import <stockholm/lib>;
         # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
         hardware.bluetooth.enable = true;
       }
-      { # auto-mounting via polkit
-        services.udisks2.enable = true;
-        ## automount all disks:
-        # services.devmon.enable = true;
-        # services.gnome3.gvfs.enable = true;
-        users.groups.storage = {
-          gid = genid "storage";
-          members = [ "makefu" ];
-        };
-        users.users.makefu.packages = with pkgs;[
-          gvfs pcmanfm lxmenu-data
-        ];
-        environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
-
-        ## allow users in group "storage" to mount disk
-        # https://github.com/coldfix/udiskie/wiki/Permissions
-        security.polkit.extraConfig =
-        ''
-        polkit.addRule(function(action, subject) {
-            var YES = polkit.Result.YES;
-            var permission = {
-            "org.freedesktop.udisks.filesystem-mount": YES,
-            "org.freedesktop.udisks.luks-unlock": YES,
-            "org.freedesktop.udisks.drive-eject": YES,
-            "org.freedesktop.udisks.drive-detach": YES,
-            "org.freedesktop.udisks2.filesystem-mount": YES,
-            "org.freedesktop.udisks2.encrypted-unlock": YES,
-            "org.freedesktop.udisks2.eject-media": YES,
-            "org.freedesktop.udisks2.power-off-drive": YES,
-            "org.freedesktop.udisks2.filesystem-mount-other-seat": YES,
-            "org.freedesktop.udisks2.filesystem-unmount-others": YES,
-            "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
-            "org.freedesktop.udisks2.eject-media-other-seat": YES,
-            "org.freedesktop.udisks2.power-off-drive-other-seat": YES
-            };
-            if (subject.isInGroup("storage")) {
-              return permission[action.id];
-            }
-        });
-        '';
-
-      }
 
     ];
 
-- 
cgit v1.2.3


From bb41144dc0e18ea704ebea00f5f2da0573a443cc Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 4 Apr 2018 14:44:28 +0200
Subject: ma wbob.r: put self into pulse group

---
 makefu/1systems/wbob/config.nix | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index cfbcf0e9c..42f3bddb1 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -33,6 +33,9 @@ in {
 
       <stockholm/makefu/2configs/share/wbob.nix>
       <stockholm/makefu/2configs/bluetooth-mpd.nix>
+      {
+        users.users.makefu.extraGroups = [ "pulse" ];
+      }
 
       # Sensors
       <stockholm/makefu/2configs/stats/telegraf>
@@ -121,6 +124,7 @@ in {
   networking.firewall.allowedTCPPorts = [
     655
     8081 #smokeping
+    8086 #influx
     49152
   ];
   networking.firewall.trustedInterfaces = [ "enp0s25" ];
-- 
cgit v1.2.3


From 309124175425cb7abd6dad166f485ae832435562 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 25 Apr 2018 14:50:06 +0200
Subject: ma gum.r: expose euer.mon

---
 makefu/1systems/gum/config.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 578e4add8..9b6d9d571 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -62,6 +62,7 @@ in {
       ## Web
       <stockholm/makefu/2configs/nginx/share-download.nix>
       <stockholm/makefu/2configs/nginx/euer.test.nix>
+      <stockholm/makefu/2configs/nginx/euer.mon.nix>
       <stockholm/makefu/2configs/nginx/euer.wiki.nix>
       <stockholm/makefu/2configs/nginx/euer.blog.nix>
       # <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix>
-- 
cgit v1.2.3


From 4f4c06d9f9494e627f67d73e13b3cf5003d4caeb Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 3 May 2018 18:46:46 +0200
Subject: ma gum: deploy kexec

---
 makefu/1systems/gum/source.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix
index b3ce743ca..e3ca472e4 100644
--- a/makefu/1systems/gum/source.nix
+++ b/makefu/1systems/gum/source.nix
@@ -1,4 +1,5 @@
 import <stockholm/makefu/source.nix> {
   name="gum";
   torrent = true;
+  clever_kexec = true;
 }
-- 
cgit v1.2.3


From e26634bb487a37553d12fc4335a8c1f278cbcf93 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 3 May 2018 18:48:31 +0200
Subject: ma wbob.r: allow port 3000

---
 makefu/1systems/wbob/config.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index 42f3bddb1..3cf3274f9 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -52,9 +52,10 @@ in {
           db = "collectd_db";
           logging-interface = "enp0s25";
         in {
+          networking.firewall.allowedTCPPorts = [ 3000 ];
+
           services.grafana.enable = true;
           services.grafana.addr = "0.0.0.0";
-
           services.influxdb.enable = true;
           services.influxdb.extraConfig = {
             meta.hostname = config.krebs.build.host.name;
-- 
cgit v1.2.3


From dd71e3f657fb8680a83a47cc2e9bc7a0478240be Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 3 May 2018 18:49:02 +0200
Subject: ma omo.r: re-enable torrent

---
 makefu/1systems/omo/config.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'makefu/1systems')

diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index bed6ae9fd..a85d5f5ce 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -50,6 +50,7 @@ in {
       <stockholm/makefu/2configs/smart-monitor.nix>
       <stockholm/makefu/2configs/mail-client.nix>
       <stockholm/makefu/2configs/mosh.nix>
+      <stockholm/makefu/2configs/tools/mobility.nix>
       # <stockholm/makefu/2configs/disable_v6.nix>
       #<stockholm/makefu/2configs/graphite-standalone.nix>
       #<stockholm/makefu/2configs/share-user-sftp.nix>
@@ -85,7 +86,7 @@ in {
       <stockholm/makefu/2configs/sshd-totp.nix>
       # <stockholm/makefu/2configs/logging/central-logging-client.nix>
 
-      # <stockholm/makefu/2configs/torrent.nix>
+      <stockholm/makefu/2configs/torrent.nix>
 
       # <stockholm/makefu/2configs/elchos/search.nix>
       # <stockholm/makefu/2configs/elchos/log.nix>
@@ -100,7 +101,7 @@ in {
   makefu.full-populate = true;
   makefu.server.primary-itf = primaryInterface;
   krebs.rtorrent = {
-    downloadDir = lib.mkForce "/media/crypt0/torrent";
+    downloadDir = lib.mkForce "/media/cryptX/torrent";
     extraConfig = ''
       upload_rate = 200
     '';
-- 
cgit v1.2.3