From 01d31cb57ddcb38d64f1eeedc25ca70ad5913e4c Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 24 May 2017 10:51:36 +0200 Subject: m 2 led-fader: wait for mosquitto if defined locally --- makefu/2configs/deployment/led-fader.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'makefu/2configs/deployment') diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix index a18416497..e4d62ae77 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/deployment/led-fader.nix @@ -29,7 +29,8 @@ in { environment = { NIX_PATH = "/var/src"; }; - wantedBy = [ "multi-user.target" ]; + after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ]; + wantedBy = [ "multi-user.target" ]; serviceConfig = { # User = "nobody"; # need a user with permissions to run nix-shell ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json"; -- cgit v1.3.1 From 54ca947fe1f918d1b62d479df308637d60a3143b Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 24 May 2017 10:53:08 +0200 Subject: m 2 wiki-irc-bot: move to subdir, add patch --- .../2configs/deployment/wiki-irc-bot/default.nix | 67 ++++++++++++++++++++++ .../deployment/wiki-irc-bot/irc-out-notice.patch | 26 +++++++++ makefu/2configs/deployment/wiki-irc.nix | 62 -------------------- 3 files changed, 93 insertions(+), 62 deletions(-) create mode 100644 makefu/2configs/deployment/wiki-irc-bot/default.nix create mode 100644 makefu/2configs/deployment/wiki-irc-bot/irc-out-notice.patch delete mode 100644 makefu/2configs/deployment/wiki-irc.nix (limited to 'makefu/2configs/deployment') diff --git a/makefu/2configs/deployment/wiki-irc-bot/default.nix b/makefu/2configs/deployment/wiki-irc-bot/default.nix new file mode 100644 index 000000000..7ab31e698 --- /dev/null +++ b/makefu/2configs/deployment/wiki-irc-bot/default.nix @@ -0,0 +1,67 @@ +{ pkgs, lib, ... }: + +with lib; +let + port = 18872; +in { + nixpkgs.config.packageOverrides = pkgs: with pkgs; { + logstash = pkgs.stdenv.lib.overrideDerivation pkgs.logstash (old: { + patches = [ ./irc-out-notice.patch ]; }); + }; + services.logstash = { + enable = true; + inputConfig = '' + http { + port => ${toString port} + host => "127.0.0.1" + } + ''; + filterConfig = '' + if ([pages]) { + ruby { + code => ' + require "net/http" + require "net/https" + http = Net::HTTP.new("git.io", 443) + http.use_ssl = true + lines = [] + event["pages"].each {|p| + url = "#{p["html_url"]}/_compare/#{p["sha"]}" + short_url = begin + request = Net::HTTP::Post.new "/" + request.set_form_data ({"url" => url }) + response = http.request(request) + response["location"] + end + lines << "\"#{p["title"]}\" #{p["action"]} by #{event["sender"]["login"]} #{short_url}" + } + event["output"] = lines.join("\n") + ' + } + } + ''; + outputConfig = '' + file { path => "/tmp/logs.json" codec => "json_lines" } + if [output] { + irc { + channels => [ "#krebs", "#nixos" ] + host => "irc.freenode.net" + nick => "nixos-users-wiki" + format => "%{output}" + notice => true + } + } + ''; + plugins = [ ]; + }; + + services.nginx = { + enable = lib.mkDefault true; + virtualHosts."ghook.krebsco.de" = { + locations."/".proxyPass = "http://localhost:${toString port}/"; + enableSSL = true; + enableACME = true; + forceSSL = true; + }; + }; +} diff --git a/makefu/2configs/deployment/wiki-irc-bot/irc-out-notice.patch b/makefu/2configs/deployment/wiki-irc-bot/irc-out-notice.patch new file mode 100644 index 000000000..040643f81 --- /dev/null +++ b/makefu/2configs/deployment/wiki-irc-bot/irc-out-notice.patch @@ -0,0 +1,26 @@ +index b63339d..8c8c747 100644 +--- a/vendor/bundle/jruby/1.9/gems/logstash-output-irc-2.0.4/lib/logstash/outputs/irc.rb ++++ b/vendor/bundle/jruby/1.9/gems/logstash-output-irc-2.0.4/lib/logstash/outputs/irc.rb +@@ -48,6 +48,9 @@ class LogStash::Outputs::Irc < LogStash::Outputs::Base + # Static string after event + config :post_string, :validate => :string, :required => false + ++ # Set this to true to send messages as notice ++ config :notice, :validate => :boolean, :default => false ++ + public + + def inject_bot(bot) +@@ -90,9 +93,9 @@ class LogStash::Outputs::Irc < LogStash::Outputs::Base + + @bot.channels.each do |channel| + @logger.debug("Sending to...", :channel => channel, :text => text) +- channel.msg(pre_string) if !@pre_string.nil? +- channel.msg(text) +- channel.msg(post_string) if !@post_string.nil? ++ channel.send(pre_string, :notice => @notice) if !@pre_string.nil? ++ channel.send(text, :notice => @notice) ++ channel.send(post_string, :notice => @notice) if !@post_string.nil? + end # channels.each + end # def receive + end # class LogStash::Outputs::Irc diff --git a/makefu/2configs/deployment/wiki-irc.nix b/makefu/2configs/deployment/wiki-irc.nix deleted file mode 100644 index dc7c8afe8..000000000 --- a/makefu/2configs/deployment/wiki-irc.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ pkgs, lib, ... }: - -with lib; -let - port = 18872; -in { - services.logstash = { - enable = true; - inputConfig = '' - http { - port => ${toString port} - host => "127.0.0.1" - } - ''; - filterConfig = '' - if ([pages]) { - ruby { - code => ' - require "net/http" - require "net/https" - http = Net::HTTP.new("git.io", 443) - http.use_ssl = true - lines = [] - event["pages"].each {|p| - url = "#{p["html_url"]}/_compare/#{p["sha"]}" - short_url = begin - request = Net::HTTP::Post.new "/" - request.set_form_data ({"url" => url }) - response = http.request(request) - response["location"] - end - lines << "\"#{p["title"]}\" #{p["action"]} by #{event["sender"]["login"]} #{short_url}" - } - event["output"] = lines.join("\n") - ' - } - } - ''; - outputConfig = '' - file { path => "/tmp/logs.json" codec => "json_lines" } - if [output] { - irc { - channels => [ "#nixos" , "#krebs" ] - host => "irc.freenode.net" - nick => "nixos-users-wiki" - format => "%{output}" - } - } - ''; - plugins = [ ]; - }; - - services.nginx = { - enable = lib.mkDefault true; - virtualHosts."ghook.krebsco.de" = { - locations."/".proxyPass = "http://localhost:${toString port}/"; - enableSSL = true; - enableACME = true; - forceSSL = true; - }; - }; -} -- cgit v1.3.1 From 90822f64e0bf247c5cca2f035077553cac5ceb79 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 1 Jun 2017 09:21:20 +0200 Subject: shared: move shack config to shack/ --- makefu/2configs/deployment/hound/default.nix | 24 ++++++++++++++ shared/1systems/wolf.nix | 17 ++++++---- shared/2configs/shack-drivedroid.nix | 49 ---------------------------- shared/2configs/shack-nix-cacher.nix | 28 ---------------- shared/2configs/shack/drivedroid.nix | 49 ++++++++++++++++++++++++++++ shared/2configs/shack/mqtt_sub.nix | 34 +++++++++++++++++++ shared/2configs/shack/muell_caller.nix | 41 +++++++++++++++++++++++ shared/2configs/shack/nix-cacher.nix | 28 ++++++++++++++++ shared/2configs/shack/share.nix | 38 +++++++++++++++++++++ shared/2configs/share-shack.nix | 38 --------------------- 10 files changed, 225 insertions(+), 121 deletions(-) create mode 100644 makefu/2configs/deployment/hound/default.nix delete mode 100644 shared/2configs/shack-drivedroid.nix delete mode 100644 shared/2configs/shack-nix-cacher.nix create mode 100644 shared/2configs/shack/drivedroid.nix create mode 100644 shared/2configs/shack/mqtt_sub.nix create mode 100644 shared/2configs/shack/muell_caller.nix create mode 100644 shared/2configs/shack/nix-cacher.nix create mode 100644 shared/2configs/shack/share.nix delete mode 100644 shared/2configs/share-shack.nix (limited to 'makefu/2configs/deployment') diff --git a/makefu/2configs/deployment/hound/default.nix b/makefu/2configs/deployment/hound/default.nix new file mode 100644 index 000000000..9e8f88895 --- /dev/null +++ b/makefu/2configs/deployment/hound/default.nix @@ -0,0 +1,24 @@ +{ config, pkgs, ... }: +{ + services.nginx.virtualHosts."wikisearch.krebsco.de".locations."/".proxyPass = "http://localhost:6080"; + services.hound = { + enable = true; + listen = "127.0.0.1:6080"; + # package = pkgs.hound.overrideDerivation(oldAttrs: { + # patches = [ ./keep-repo.patch ]; + # }); + config = ''{ + "max-concurrent-indexers" : 2, + "dbpath" : "${config.services.hound.home}/data", + "repos" : { + "nixos-users-wiki": { + "url" : "https://github.com/nixos-users/wiki.wiki.git", + "url-pattern" : { + "base-url" : "{url}/{path}" + } + } + } + }''; + }; + +} diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index c6cc2f81c..9acc5894b 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -6,16 +6,21 @@ in imports = [ ../. - ../2configs/cgit-mirror.nix ../2configs/collectd-base.nix + ../2configs/shack/share.nix + ../2configs/central-stats-client.nix + ../2configs/save-diskspace.nix + + ../2configs/cgit-mirror.nix ../2configs/graphite.nix ../2configs/repo-sync.nix - ../2configs/shack-drivedroid.nix - ../2configs/shack-nix-cacher.nix ../2configs/shared-buildbot.nix - ../2configs/share-shack.nix - ../2configs/central-stats-client.nix - ../2configs/save-diskspace.nix + ../2configs/shack/drivedroid.nix + ../2configs/shack/nix-cacher.nix + + ../2configs/shack/mqtt_sub.nix + ../2configs/shack/muell_caller.nix + ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix deleted file mode 100644 index 12e4a39c3..000000000 --- a/shared/2configs/shack-drivedroid.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, pkgs, ... }: -with import ; -let - root = "/var/srv/drivedroid"; -in -{ - environment.systemPackages = [ pkgs.drivedroid-gen-repo ]; - - services.nginx = { - enable = mkDefault true; - virtualHosts.shack-drivedroid = { - serverAliases = [ - "drivedroid.shack" - ]; - # TODO: prepare this somehow - locations."/".extraConfig = '' - root ${root}; - index main.json; - ''; - }; - }; - - systemd.services.drivedroid-gen-repo = { - description = "generates drivedroid repo file"; - path = [ - pkgs.coreutils - pkgs.drivedroid-gen-repo - pkgs.inotify-tools - ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - Type = "simple"; - Restart = "always"; - ExecStartPre = pkgs.writeDash "prepare-drivedroid-gen-repo" '' - mkdir -p ${root}/repos - ''; - ExecStart = pkgs.writeDash "start-drivedroid-gen-repo" '' - set -efu - cd ${root} - while sleep 60; do - if inotifywait -r .; then - drivedroid-gen-repo repos > main.json - fi - done - ''; - }; - }; -} diff --git a/shared/2configs/shack-nix-cacher.nix b/shared/2configs/shack-nix-cacher.nix deleted file mode 100644 index 4fcbf3a4e..000000000 --- a/shared/2configs/shack-nix-cacher.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, pkgs, ... }: -with import ; -let - cfg = config.krebs.apt-cacher-ng; -in -{ - krebs.apt-cacher-ng = { - enable = true; - port = 3142; - bindAddress = "localhost"; - cacheExpiration = 30; - }; - - services.nginx = { - enable = mkDefault true; - virtualHosts.shack-nix-cacher = { - serverAliases = [ - "acng.shack" - ]; - locations."/".extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://localhost:${toString cfg.port}/; - ''; - }; - }; -} diff --git a/shared/2configs/shack/drivedroid.nix b/shared/2configs/shack/drivedroid.nix new file mode 100644 index 000000000..12e4a39c3 --- /dev/null +++ b/shared/2configs/shack/drivedroid.nix @@ -0,0 +1,49 @@ +{ config, pkgs, ... }: +with import ; +let + root = "/var/srv/drivedroid"; +in +{ + environment.systemPackages = [ pkgs.drivedroid-gen-repo ]; + + services.nginx = { + enable = mkDefault true; + virtualHosts.shack-drivedroid = { + serverAliases = [ + "drivedroid.shack" + ]; + # TODO: prepare this somehow + locations."/".extraConfig = '' + root ${root}; + index main.json; + ''; + }; + }; + + systemd.services.drivedroid-gen-repo = { + description = "generates drivedroid repo file"; + path = [ + pkgs.coreutils + pkgs.drivedroid-gen-repo + pkgs.inotify-tools + ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + ExecStartPre = pkgs.writeDash "prepare-drivedroid-gen-repo" '' + mkdir -p ${root}/repos + ''; + ExecStart = pkgs.writeDash "start-drivedroid-gen-repo" '' + set -efu + cd ${root} + while sleep 60; do + if inotifywait -r .; then + drivedroid-gen-repo repos > main.json + fi + done + ''; + }; + }; +} diff --git a/shared/2configs/shack/mqtt_sub.nix b/shared/2configs/shack/mqtt_sub.nix new file mode 100644 index 000000000..dafa06ba9 --- /dev/null +++ b/shared/2configs/shack/mqtt_sub.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + pkg = pkgs.stdenv.mkDerivation { + name = "mqtt2graphite-2017-05-29"; + src = pkgs.fetchgit { + url = "https://github.com/shackspace/mqtt2graphite/"; + rev = "8c060e6"; + sha256 = "06x7a1j6sfyvvdxg0366fcslhn478anqh4m5hljyf0z29knvz7pg"; + }; + buildInputs = [ + (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [ + docopt + paho-mqtt + ])) + ]; + installPhase = '' + install -m755 -D sub.py $out/bin/sub + install -m755 -D sub2.py $out/bin/sub-new + ''; + }; +in { + systemd.services.mqtt_sub = { + description = "subscribe to mqtt, send to graphite"; + # after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkg}/bin/sub-new"; + PrivateTmp = true; + }; + }; +} diff --git a/shared/2configs/shack/muell_caller.nix b/shared/2configs/shack/muell_caller.nix new file mode 100644 index 000000000..613ed2e4f --- /dev/null +++ b/shared/2configs/shack/muell_caller.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + pkg = pkgs.stdenv.mkDerivation { + name = "muell_caller-2017-06-01"; + src = pkgs.fetchgit { + url = "https://github.com/shackspace/muell_caller/"; + rev = "bbd4009"; + sha256 = "06xaa1j6sfyvvdxg0366fcslhn478anqh4m5hljyf0z29knvz7pg"; + }; + buildInputs = [ + (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ + docopt + requests + paramiko + python + ])) + ]; + installPhase = '' + install -m755 -D call.py $out/bin/call-muell + ''; + }; + cfg = "${toString }/tell.json"; +in { + systemd.services.mqtt_sub = { + description = "call muell"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; # TODO separate user + ExecStartPre = writeDash "call-muell-pre" '' + cp ${cfg} /tmp/tell.json + chown nobody /tmp/tell.json + ''; + ExecStart = "${pkg}/bin/call-muell --cfg /tmp/tell.json --mode mpd loop 60"; + Restart = "always"; + PrivateTmp = true; + PermissionsStartOnly = true; + }; + }; +} diff --git a/shared/2configs/shack/nix-cacher.nix b/shared/2configs/shack/nix-cacher.nix new file mode 100644 index 000000000..4fcbf3a4e --- /dev/null +++ b/shared/2configs/shack/nix-cacher.nix @@ -0,0 +1,28 @@ +{ config, pkgs, ... }: +with import ; +let + cfg = config.krebs.apt-cacher-ng; +in +{ + krebs.apt-cacher-ng = { + enable = true; + port = 3142; + bindAddress = "localhost"; + cacheExpiration = 30; + }; + + services.nginx = { + enable = mkDefault true; + virtualHosts.shack-nix-cacher = { + serverAliases = [ + "acng.shack" + ]; + locations."/".extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://localhost:${toString cfg.port}/; + ''; + }; + }; +} diff --git a/shared/2configs/shack/share.nix b/shared/2configs/shack/share.nix new file mode 100644 index 000000000..247b9ee7d --- /dev/null +++ b/shared/2configs/shack/share.nix @@ -0,0 +1,38 @@ +{config, ... }:{ + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + group = "share"; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + + networking.firewall.allowedTCPPorts = [ + 139 445 # samba + ]; + + networking.firewall.allowedUDPPorts = [ + 137 138 + ]; + services.samba = { + enable = true; + shares = { + share-home = { + path = "/home/share/"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} diff --git a/shared/2configs/share-shack.nix b/shared/2configs/share-shack.nix deleted file mode 100644 index 247b9ee7d..000000000 --- a/shared/2configs/share-shack.nix +++ /dev/null @@ -1,38 +0,0 @@ -{config, ... }:{ - users.users.smbguest = { - name = "smbguest"; - uid = config.ids.uids.smbguest; - group = "share"; - description = "smb guest user"; - home = "/home/share"; - createHome = true; - }; - - networking.firewall.allowedTCPPorts = [ - 139 445 # samba - ]; - - networking.firewall.allowedUDPPorts = [ - 137 138 - ]; - services.samba = { - enable = true; - shares = { - share-home = { - path = "/home/share/"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - ''; - }; -} -- cgit v1.3.1 From bb4c3d978a59f6efa5e6084afd55cd3e4f708a56 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 1 Jun 2017 10:12:43 +0200 Subject: m: add hound to omo, wikisearch.krebsco.de --- krebs/3modules/makefu/default.nix | 2 ++ makefu/1systems/gum.nix | 1 + makefu/2configs/deployment/hound/default.nix | 6 +++++- 3 files changed, 8 insertions(+), 1 deletion(-) (limited to 'makefu/2configs/deployment') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 33202d0ab..c95e1761c 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -459,6 +459,7 @@ with import ; share.euer IN A ${nets.internet.ip4.addr} mattermost.euer IN A ${nets.internet.ip4.addr} gum IN A ${nets.internet.ip4.addr} + wikisearch IN A ${nets.internet.ip4.addr} pigstarter IN A ${nets.internet.ip4.addr} cgit.euer IN A ${nets.internet.ip4.addr} euer IN A ${nets.internet.ip4.addr} @@ -490,6 +491,7 @@ with import ; "tracker.makefu.r" "graph.r" + "search.makefu.r" "wiki.makefu.r" "wiki.gum.r" "blog.makefu.r" diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index fb4fac3f7..519313f57 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -50,6 +50,7 @@ in { ../2configs/deployment/owncloud.nix ../2configs/deployment/wiki-irc-bot ../2configs/deployment/boot-euer.nix + ../2configs/deployment/hound { services.taskserver.enable = true; services.taskserver.fqdn = config.krebs.build.host.name; diff --git a/makefu/2configs/deployment/hound/default.nix b/makefu/2configs/deployment/hound/default.nix index 9e8f88895..0cfb5cdeb 100644 --- a/makefu/2configs/deployment/hound/default.nix +++ b/makefu/2configs/deployment/hound/default.nix @@ -1,6 +1,10 @@ { config, pkgs, ... }: { - services.nginx.virtualHosts."wikisearch.krebsco.de".locations."/".proxyPass = "http://localhost:6080"; + services.nginx.virtualHosts."wikisearch.krebsco.de" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:6080"; + }; services.hound = { enable = true; listen = "127.0.0.1:6080"; -- cgit v1.3.1