From 905684e02b3e5eb1c4e5fe6200a0e89776bbdf4b Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 14 Sep 2018 15:11:21 +0200 Subject: ma pkgs.esniper: update to 2.35.0 --- makefu/5pkgs/esniper/default.nix | 32 +++++++++++++++++++++++++++++++ makefu/5pkgs/esniper/find-ca-bundle.patch | 26 +++++++++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 makefu/5pkgs/esniper/default.nix create mode 100644 makefu/5pkgs/esniper/find-ca-bundle.patch (limited to 'makefu') diff --git a/makefu/5pkgs/esniper/default.nix b/makefu/5pkgs/esniper/default.nix new file mode 100644 index 000000000..a6aac5748 --- /dev/null +++ b/makefu/5pkgs/esniper/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchurl , openssl, curl, coreutils, gawk, bash, which }: + +stdenv.mkDerivation rec { + name = "${pname}-2-35-0"; + pname = "esniper"; + version = "2.35.0"; + src = fetchurl { + url = "mirror://sourceforge/${pname}/${name}.tgz"; + sha256 = "04iwjb42lw90c03125bjdpnm0fp78dmwf2j35r7mah0nwcrlagd9"; + }; + + + buildInputs = [ openssl curl ]; + + # Add support for CURL_CA_BUNDLE variable. + # Fix . + patches = [ ./find-ca-bundle.patch ]; + + postInstall = '' + sed <"frontends/snipe" >"$out/bin/snipe" \ + -e "2i export PATH=\"$out/bin:${stdenv.lib.makeBinPath [ coreutils gawk bash which ]}:\$PATH\"" + chmod 555 "$out/bin/snipe" + ''; + + meta = with stdenv.lib; { + description = "Simple, lightweight tool for sniping eBay auctions"; + homepage = http://esniper.sourceforge.net; + license = licenses.gpl2; + maintainers = with maintainers; [ lovek323 peti ]; + platforms = platforms.all; + }; +} diff --git a/makefu/5pkgs/esniper/find-ca-bundle.patch b/makefu/5pkgs/esniper/find-ca-bundle.patch new file mode 100644 index 000000000..e4df272a0 --- /dev/null +++ b/makefu/5pkgs/esniper/find-ca-bundle.patch @@ -0,0 +1,26 @@ +diff -ubr '--exclude=*.o' esniper-2-27-0-orig/http.c esniper-2-27-0-patched/http.c +--- esniper-2-27-0-orig/http.c 2012-02-06 22:04:06.000000000 +0100 ++++ esniper-2-27-0-patched/http.c 2012-07-27 10:54:20.893054646 +0200 +@@ -200,6 +200,9 @@ + int + initCurlStuff(void) + { ++ /* Path to OpenSSL bundle file. */ ++ const char *ssl_capath=NULL; ++ + /* list for custom headers */ + struct curl_slist *slist=NULL; + +@@ -241,6 +244,12 @@ + if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_COOKIEFILE, ""))) + return initCurlStuffFailed(); + ++ /* If the environment variable CURL_CA_BUNDLE is set, pass through its ++ * contents to curl. */ ++ if ((ssl_capath = getenv("CURL_CA_BUNDLE"))) ++ if ((curlrc = curl_easy_setopt(easyhandle, CURLOPT_CAINFO, ssl_capath))) ++ return initCurlStuffFailed(); ++ + slist = curl_slist_append(slist, "Accept: text/*"); + slist = curl_slist_append(slist, "Accept-Language: en"); + slist = curl_slist_append(slist, "Accept-Charset: iso-8859-1,*,utf-8"); -- cgit v1.2.3 From a881fe45f18194a32f737703181cdd11c422ec63 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 16 Sep 2018 00:26:42 +0200 Subject: ma secrets: add completion --- makefu/2configs/tools/mobility.nix | 6 +++++- makefu/2configs/tools/secrets.nix | 12 ++++++++++++ makefu/2configs/zsh-user.nix | 2 ++ 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 makefu/2configs/tools/secrets.nix (limited to 'makefu') diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index 1993a5212..8a559dbbd 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -3,7 +3,11 @@ users.users.makefu.packages = with pkgs;[ go-mtpfs mosh + sshfs + rclone + exfat + (pkgs.callPackage ./secrets.nix {}) ]; - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; } diff --git a/makefu/2configs/tools/secrets.nix b/makefu/2configs/tools/secrets.nix new file mode 100644 index 000000000..f88618cbc --- /dev/null +++ b/makefu/2configs/tools/secrets.nix @@ -0,0 +1,12 @@ +{ pass, write, writeDash, ... }: + +write "secrets" { + "/bin/secrets".link = writeDash "brain" '' + PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \ + exec ${pass}/bin/pass $@ + ''; + "/bin/secretsmenu".link = writeDash "secretsmenu" '' + PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \ + exec ${pass}/bin/passmenu $@ + ''; +} diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 6be078f6a..23ae572da 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -68,6 +68,8 @@ in compdef _pass brain zstyle ':completion::complete:brain::' prefix "$HOME/brain" + compdef _pass secrets + zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/" # ctrl-x ctrl-e autoload -U edit-command-line -- cgit v1.2.3 From 98ffcd6fd64adc2773bb1fc6f7f838016b5582f8 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:24:05 +0200 Subject: ma source.nix: rip --- makefu/krops.nix | 4 ++ makefu/source.nix | 122 ------------------------------------------------------ 2 files changed, 4 insertions(+), 122 deletions(-) delete mode 100644 makefu/source.nix (limited to 'makefu') diff --git a/makefu/krops.nix b/makefu/krops.nix index 3838db635..f8ea6f7ef 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -18,6 +18,7 @@ unstable = false; #unstable channel checked out mic92 = false; nms = false; + arm6 = false; clever_kexec = false; } // import (./. + "/1systems/${name}/source.nix"); source = { test }: lib.evalSource [ @@ -29,6 +30,9 @@ nixpkgs = if test || host-src.full then { git.ref = nixpkgs-src.rev; git.url = nixpkgs-src.url; + } else if host-src.arm6 then { + # TODO: we want to track the unstable channel + symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/"; } else { file = "/home/makefu/store/${nixpkgs-src.rev}"; }; diff --git a/makefu/source.nix b/makefu/source.nix deleted file mode 100644 index c350fe72c..000000000 --- a/makefu/source.nix +++ /dev/null @@ -1,122 +0,0 @@ -with import ; -host@{ name, - override ? {} -, secure ? false -, full ? false -, torrent ? false -, hw ? false -, musnix ? false -, python ? false -, unstable ? false #unstable channel checked out -, mic92 ? false -, nms ? false -, clever_kexec ?false -}: -let - builder = if getEnv "dummy_secrets" == "true" - then "buildbot" - else "makefu"; - _file = + "/makefu/1systems/${name}/source.nix"; - pkgs = import { - overlays = map import [ - - - ]; - }; - # TODO: automate updating of this ref + cherry-picks - ref = "8f991294288"; # nixos-18.03 @ 2018-08-06 - # + do_sqlite3 ruby: 55a952be5b5 - # + exfat-nofuse bump: ee6a5296a35 - # + uhub/sqlite: 5dd7610401747 - -in - evalSource (toString _file) [ - { - nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix"; - # always perform a full populate when buildbot - nixpkgs = if full || (builder == "buildbot" ) then { - git = { - url = https://github.com/makefu/nixpkgs; - inherit ref; - }; - } else { - # right now it is simply extracted revision folder - - ## prepare so we do not have to wait for rsync: - ## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff -L | tar zx && mv NixOS-nixpkgs-125ffff nixpkgs - file = "/home/makefu/store/${ref}"; - }; - - secrets = getAttr builder { - buildbot.file = toString ; - makefu.pass = { - inherit name; - dir = "${getEnv "HOME"}/.secrets-pass"; - }; - }; - - - stockholm.file = toString ; - stockholm-version.pipe = "${pkgs.coreutils}/bin/echo derp"; - } - (mkIf ( musnix ) { - musnix.git = { - url = https://github.com/musnix/musnix.git; - ref = "master"; # follow the musnix channel, lets see how this works out - }; - }) - - (mkIf ( hw ) { - nixos-hardware.git = { - url = https://github.com/nixos/nixos-hardware.git; - ref = "30fdd53"; - }; - }) - - (mkIf ( python ) { - python.git = { - url = https://github.com/garbas/nixpkgs-python; - ref = "cac319b7"; - }; - }) - - (mkIf ( torrent ) { - torrent-secrets = getAttr builder { - buildbot.file = toString ; - makefu.pass = { - name = "torrent"; - dir = "${getEnv "HOME"}/.secrets-pass"; - }; - }; - }) - - (mkIf ( unstable ) { - nixpkgs-unstable.git = { - url = https://github.com/nixos/nixpkgs-channels; - ref = "nixos-unstable"; - }; - }) - - (mkIf ( mic92 ) { - mic92.git = { - url = https://github.com/Mic92/dotfiles/; - ref = "48a1f49"; - }; - }) - - (mkIf ( nms ) { - nms.git = { - url = https://github.com/r-raymond/nixos-mailserver; - ref = "v2.1.2"; - }; - }) - - (mkIf ( clever_kexec ) { - clever_kexec.git = { - url = https://github.com/cleverca22/nix-tests; - ref = "5a670de7f2decfaafc95c34ffeb0f1896662f3d7"; - }; - }) - - override - ] -- cgit v1.2.3 From 04ab857228a55ae6627df2bf5714d7ab0b12ebe5 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:26:44 +0200 Subject: ma pkgs.cozy-audiobooks: fix description --- makefu/5pkgs/cozy-audiobooks/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'makefu') diff --git a/makefu/5pkgs/cozy-audiobooks/default.nix b/makefu/5pkgs/cozy-audiobooks/default.nix index f1d655a0a..870fa8ce2 100644 --- a/makefu/5pkgs/cozy-audiobooks/default.nix +++ b/makefu/5pkgs/cozy-audiobooks/default.nix @@ -85,13 +85,9 @@ stdenv.mkDerivation rec { ninja test ''; - #preInstall = '' - # export MESON_INSTALL_PREFIX=$out - #''; - meta = with stdenv.lib; { description = '' - Eval nix code from python. + A modern audio book player for Linux using GTK+ 3 ''; maintainers = [ maintainers.makefu ]; license = licenses.mit; -- cgit v1.2.3 From 1424c4cdb66848005d84b153cc98d2047bbd30b2 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:29:03 +0200 Subject: ma pkgs.quodlibet: add private patches --- .../custom/quodlibet/remove-override-warning.patch | 54 ++++++++++++++++++++++ .../custom/quodlibet/single-digit-discnumber.patch | 13 ++++++ makefu/5pkgs/default.nix | 4 ++ 3 files changed, 71 insertions(+) create mode 100644 makefu/5pkgs/custom/quodlibet/remove-override-warning.patch create mode 100644 makefu/5pkgs/custom/quodlibet/single-digit-discnumber.patch (limited to 'makefu') diff --git a/makefu/5pkgs/custom/quodlibet/remove-override-warning.patch b/makefu/5pkgs/custom/quodlibet/remove-override-warning.patch new file mode 100644 index 000000000..0f9d41024 --- /dev/null +++ b/makefu/5pkgs/custom/quodlibet/remove-override-warning.patch @@ -0,0 +1,54 @@ +diff --git a/quodlibet/qltk/edittags.py b/quodlibet/quodlibet/qltk/edittags.py +index 148866ef7..e741b9c3d 100644 +--- a/quodlibet/qltk/edittags.py ++++ b/quodlibet/qltk/edittags.py +@@ -740,13 +740,6 @@ class EditTags(Gtk.VBox): + win.show() + all_done = False + for song in songs: +- if not song.valid(): +- win.hide() +- dialog = OverwriteWarning(self, song) +- resp = dialog.run() +- win.show() +- if resp != OverwriteWarning.RESPONSE_SAVE: +- break + + changed = False + for key, values in iteritems(updated): +diff --git a/quodlibet/qltk/tagsfrompath.py b/quodlibet/quodlibet/qltk/tagsfrompath.py +index fd3f0709c..cb5b44f20 100644 +--- a/quodlibet/qltk/tagsfrompath.py ++++ b/quodlibet/qltk/tagsfrompath.py +@@ -284,13 +284,6 @@ class TagsFromPath(Gtk.VBox): + for entry in ((model and itervalues(model)) or []): + song = entry.song + changed = False +- if not song.valid(): +- win.hide() +- dialog = OverwriteWarning(self, song) +- resp = dialog.run() +- win.show() +- if resp != OverwriteWarning.RESPONSE_SAVE: +- break + + for i, h in enumerate(pattern.headers): + text = entry.get_match(h) +diff --git a/quodlibet/qltk/tracknumbers.py b/quodlibet/quodlibet/qltk/tracknumbers.py +index 1ab4d0b9a..52f087db4 100644 +--- a/quodlibet/qltk/tracknumbers.py ++++ b/quodlibet/qltk/tracknumbers.py +@@ -160,13 +160,6 @@ class TrackNumbers(Gtk.VBox): + if song.get("tracknumber") == track: + win.step() + continue +- if not song.valid(): +- win.hide() +- dialog = OverwriteWarning(self, song) +- resp = dialog.run() +- win.show() +- if resp != OverwriteWarning.RESPONSE_SAVE: +- break + song["tracknumber"] = track + try: + song.write() diff --git a/makefu/5pkgs/custom/quodlibet/single-digit-discnumber.patch b/makefu/5pkgs/custom/quodlibet/single-digit-discnumber.patch new file mode 100644 index 000000000..05778fde7 --- /dev/null +++ b/makefu/5pkgs/custom/quodlibet/single-digit-discnumber.patch @@ -0,0 +1,13 @@ +diff --git a/quodlibet/pattern/_pattern.py b/quodlibet/pattern/_pattern.py +index fc056d07a..8fb559c6e 100644 +--- a/quodlibet/pattern/_pattern.py ++++ b/quodlibet/pattern/_pattern.py +@@ -387,7 +387,7 @@ def _number(key, value): + elif key == "discnumber": + parts = value.split("/") + try: +- return "%02d" % int(parts[0]) ++ return "%d" % int(parts[0]) + except (TypeError, ValueError): + return value + else: diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 390c13ffe..d1aec70cb 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -20,6 +20,10 @@ with super.lib; with builtins; let (filterAttrs (_: eq "directory") (readDir path)); in { + quodlibet = super.pkgs.stdenv.lib.overrideDerivation super.quodlibet (old: { + patches = [ ./custom/quodlibet/single-digit-discnumber.patch + ./custom/quodlibet/remove-override-warning.patch ]; + }); alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";}; -- cgit v1.2.3 From 97012c2e2054e98bf87cb9b480e89317e715f5c7 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:31:21 +0200 Subject: ma retroshare: prepare installation retroshare somewhat sucks though ;) --- makefu/2configs/retroshare.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 makefu/2configs/retroshare.nix (limited to 'makefu') diff --git a/makefu/2configs/retroshare.nix b/makefu/2configs/retroshare.nix new file mode 100644 index 000000000..4d2fc6af9 --- /dev/null +++ b/makefu/2configs/retroshare.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +let + port = 9024; +in { + users.users.makefu.packages = [ + pkgs.retroshare + ]; + networking.firewall.allowedTCPPorts = [ port ]; + networking.firewall.allowedUDPPorts = [ port ]; +} -- cgit v1.2.3 From 6bb1a3318d4951dcb6ed555d816b73bfac368b35 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:32:22 +0200 Subject: ma weather2stats: add WIP --- makefu/2configs/stats/external/weather2stats.nix | 38 ++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 makefu/2configs/stats/external/weather2stats.nix (limited to 'makefu') diff --git a/makefu/2configs/stats/external/weather2stats.nix b/makefu/2configs/stats/external/weather2stats.nix new file mode 100644 index 000000000..870db99a8 --- /dev/null +++ b/makefu/2configs/stats/external/weather2stats.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + pkg = pkgs.stdenv.mkDerivation { + name = "aralast-master"; + src = pkgs.fetchFromGitHub { + owner = "makefu"; + repo = "aralast"; + rev = "7121598"; + sha256 = "0vw027c698h9b69ksid5p3pji9960hd7n9xi4arrax0vfkwryb4m"; + }; + installPhase = '' + install -m755 -D aralast.sh $out/bin/aralast + ''; + }; +in { + systemd.services.aralast = { + description = "periodically fetch aramark"; + path = [ + pkgs.curl + pkgs.gnugrep + pkgs.gnused + ]; + wantedBy = [ "multi-user.target" ]; + environment = { + INFLUX_HOST = "localhost"; + INFLUX_PORT = "8086"; + }; + # every 10 seconds when the cantina is open + startAt = "Mon,Tue,Wed,Thu,Fri *-*-* 6,7,8,9,10,11,12,13,14,15:*:0,15,30,45"; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkg}/bin/aralast"; + PrivateTmp = true; + }; + }; +} -- cgit v1.2.3 From 79ce9eb666182a07a542d9501514093732e5dec5 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:32:44 +0200 Subject: ma share: add time-mashine functionality for omo --- makefu/2configs/share/omo-timemachine.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 makefu/2configs/share/omo-timemachine.nix (limited to 'makefu') diff --git a/makefu/2configs/share/omo-timemachine.nix b/makefu/2configs/share/omo-timemachine.nix new file mode 100644 index 000000000..18cf0328e --- /dev/null +++ b/makefu/2configs/share/omo-timemachine.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: +{ + services.samba = { + # support for timemachine in git + package = pkgs.sambaFull; + shares = { + time_machine = { + path = "/media/crypt3/backup/time_machine"; + "valid users" = "misa"; + public = "no"; + writeable = "yes"; + "force user" = "misa"; + "fruit:aapl" = "yes"; + "fruit:time machine" = "yes"; + "vfs objects" = "catia fruit streams_xattr"; + }; + }; + }; +} -- cgit v1.2.3 From 443b88738aa064dd7f2d88b58d18751f5a2646e7 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:35:36 +0200 Subject: ma mail.euer.krebsco.de: init with SimpleNixosMailServer --- makefu/2configs/mail/mail.euer.nix | 47 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 makefu/2configs/mail/mail.euer.nix (limited to 'makefu') diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix new file mode 100644 index 000000000..f079d7f41 --- /dev/null +++ b/makefu/2configs/mail/mail.euer.nix @@ -0,0 +1,47 @@ +{ config, pkgs, ... }: +{ + imports = [ + (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.1.4/nixos-mailserver-v2.1.4.tar.gz") + ]; + + mailserver = { + enable = true; + fqdn = "euer.eloop.org"; + domains = [ "euer.eloop.org" ]; + loginAccounts = { + "makefu@euer.eloop.org" = { + hashedPassword = "$6$5gFFAPnI/c/EHIx$3aHj64p5SX./C.MPb.eBmyLDRdWS1yaoV0s9r3Yexw4UO9URdUkBDgqT7F0Mjgt6.gyYaJ5E50h0Yg7iHtLWI/"; + aliases = [ "root@euer.eloop.org" ]; + catchAll = [ "euer.eloop.org" ]; + + }; + }; + certificateScheme = 3; + + # Enable IMAP and POP3 + enableImap = true; + enablePop3 = false; + enableImapSsl = true; + enablePop3Ssl = false; + + # Enable the ManageSieve protocol + enableManageSieve = true; + + virusScanning = false; + + }; + + services.dovecot2.extraConfig = '' + ssl_dh = Date: Mon, 17 Sep 2018 00:36:33 +0200 Subject: ma shack-autoinstall: add WIP --- makefu/1systems/shack-autoinstall/config.nix | 49 +++++ .../1systems/shack-autoinstall/grub-partition.sh | 5 + makefu/1systems/shack-autoinstall/shack-config.nix | 231 +++++++++++++++++++++ .../1systems/shack-autoinstall/uefi-partition.sh | 24 +++ 4 files changed, 309 insertions(+) create mode 100644 makefu/1systems/shack-autoinstall/config.nix create mode 100644 makefu/1systems/shack-autoinstall/grub-partition.sh create mode 100644 makefu/1systems/shack-autoinstall/shack-config.nix create mode 100644 makefu/1systems/shack-autoinstall/uefi-partition.sh (limited to 'makefu') diff --git a/makefu/1systems/shack-autoinstall/config.nix b/makefu/1systems/shack-autoinstall/config.nix new file mode 100644 index 000000000..d53c411c0 --- /dev/null +++ b/makefu/1systems/shack-autoinstall/config.nix @@ -0,0 +1,49 @@ +{ config, pkgs, lib, ... }: + +with import ; +let + disk = "/dev/sda"; +in { + imports = [ + + + + + ]; + # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now + # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos + krebs.build.host = config.krebs.hosts.iso; + krebs.hidden-ssh.enable = true; + + environment.extraInit = '' + EDITOR=vim + ''; + # iso-specific + boot.kernelParams = [ "copytoram" ]; + + + environment.systemPackages = [ + pkgs.parted + ( pkgs.writeScriptBin "shack-install" '' + #! /bin/sh + echo "go ahead and try NIX_PATH=/root/.nix-defexpr/channels/ nixos-install" + '') + ]; + + systemd.services.wpa_supplicant.wantedBy = lib.mkForce [ "multi-user.target" ]; + + networking.wireless = { + enable = true; + networks.shack.psk = "welcome2shack"; + }; + + + services.openssh = { + enable = true; + hostKeys = [ + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + # enable ssh in the iso boot process + systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; +} diff --git a/makefu/1systems/shack-autoinstall/grub-partition.sh b/makefu/1systems/shack-autoinstall/grub-partition.sh new file mode 100644 index 000000000..c23c89799 --- /dev/null +++ b/makefu/1systems/shack-autoinstall/grub-partition.sh @@ -0,0 +1,5 @@ +#!/bin/sh +set -euf +parted -s ${disk} mklabel msdos +parted -s ${disk} -- mkpart primary linux-swap 1M 4096M +parted -s ${disk} -- mkpart primary ext2 4096M 100% diff --git a/makefu/1systems/shack-autoinstall/shack-config.nix b/makefu/1systems/shack-autoinstall/shack-config.nix new file mode 100644 index 000000000..9fa54ae32 --- /dev/null +++ b/makefu/1systems/shack-autoinstall/shack-config.nix @@ -0,0 +1,231 @@ +{ config, pkgs, lib, ... }: + +{ + imports = [ + ./hardware-configuration.nix + # TODO: + ]; + + # shacks-specific + networking.wireless = { + enable = true; + networks.shack.psk = "181471eb97eb23f12c6871227bc4a7b13c8f6af56dcc0d0e8b71f4d7a510cb4e"; + }; + networking.hostName = "shackbook"; + + boot.tmpOnTmpfs = true; + + users.users.shack = { + createHome = true; + useDefaultShell = true; + home = "/home/shack"; + uid = 9001; + packages = with pkgs;[ + chromium + firefox + ]; + extraGroups = [ "audio" "wheel" ]; + hashedPassword = "$6$KIxlQTLEnKl7cwC$LrmbwZ64Mlm7zqUUZ0EObPJMES3C0mQ6Sw7ynTuXzUo7d9EWg/k5XCGkDHMFvL/Pz19Awcv0knHB1j3dHT6fh/" ; + }; + + environment.variables = let + ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + in { + EDITOR = lib.mkForce "vim"; + CURL_CA_BUNDLE = ca-bundle; + GIT_SSL_CAINFO = ca-bundle; + SSL_CERT_FILE = ca-bundle; + }; + + services.printing = { + enable = true; + # TODO: shack-printer + }; + + + environment.systemPackages = with pkgs;[ + parted + ddrescue + tmux + jq git gnumake htop rxvt_unicode.terminfo + (pkgs.vim_configurable.customize { + name = "vim"; + vimrcConfig.customRC = '' + set nocompatible + syntax on + set list + set listchars=tab:▸\ + "set list listchars=tab:>-,trail:.,extends:> + + filetype off + filetype plugin indent on + + colorscheme darkblue + set background=dark + + set number + set relativenumber + set mouse=a + set ignorecase + set incsearch + set wildignore=*.o,*.obj,*.bak,*.exe,*.os + set textwidth=79 + set shiftwidth=2 + set expandtab + set softtabstop=2 + set shiftround + set smarttab + set tabstop=2 + set et + set autoindent + set backspace=indent,eol,start + + + inoremap + nnoremap + vnoremap + + nnoremap :UndotreeToggle + set undodir =~/.vim/undo + set undofile + "maximum number of changes that can be undone + set undolevels=1000000 + "maximum number lines to save for undo on a buffer reload + set undoreload=10000000 + + nnoremap :set invpaste paste? + set pastetoggle= + set showmode + + set showmatch + set matchtime=3 + set hlsearch + + autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red + + + " save on focus lost + au FocusLost * :wa + + autocmd BufRead *.json set filetype=json + au BufNewFile,BufRead *.mustache set syntax=mustache + + cnoremap SudoWrite w !sudo tee > /dev/null % + + " create Backup/tmp/undo dirs + set backupdir=~/.vim/backup + set directory=~/.vim/tmp + + function! InitBackupDir() + let l:parent = $HOME . '/.vim/' + let l:backup = l:parent . 'backup/' + let l:tmpdir = l:parent . 'tmp/' + let l:undodir= l:parent . 'undo/' + + + if !isdirectory(l:parent) + call mkdir(l:parent) + endif + if !isdirectory(l:backup) + call mkdir(l:backup) + endif + if !isdirectory(l:tmpdir) + call mkdir(l:tmpdir) + endif + if !isdirectory(l:undodir) + call mkdir(l:undodir) + endif + endfunction + call InitBackupDir() + + augroup Binary + " edit binaries in xxd-output, xxd is part of vim + au! + au BufReadPre *.bin let &bin=1 + au BufReadPost *.bin if &bin | %!xxd + au BufReadPost *.bin set ft=xxd | endif + au BufWritePre *.bin if &bin | %!xxd -r + au BufWritePre *.bin endif + au BufWritePost *.bin if &bin | %!xxd + au BufWritePost *.bin set nomod | endif + augroup END + ''; + vimrcConfig.vam.knownPlugins = pkgs.vimPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { names = [ "undotree" ]; } + # vim-nix handles indentation better but does not perform sanity + { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } + ]; + }) + + ]; + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=900001 + HISTFILESIZE=$HISTSIZE + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + PS1='\[\e[1;32m\]\w\[\e[0m\] ' + ''; + }; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + nix = { + package = pkgs.nixUnstable; + optimise.automatic = true; + useSandbox = true; + gc.automatic = true; + }; + + system.autoUpgrade.enable = true; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; + + + # gui and stuff + i18n = { + consoleFont = "Lat2-Terminus16"; + consoleKeyMap = "us"; + defaultLocale = "en_US.UTF-8"; + }; + + fonts = { + enableFontDir = true; + enableGhostscriptFonts = true; + fonts = [ pkgs.terminus_font ]; + }; + + time.timeZone = "Europe/Berlin"; + services.timesyncd.enable = true; + + + # GUI + hardware.pulseaudio.enable = true; + services.xserver = { + enable = true; + displayManager.auto.enable = true; + displayManager.auto.user = "shack"; + + desktopManager.xfce.enable = true; + + layout = "us"; + xkbVariant = "altgr-intl"; + xkbOptions = "ctrl:nocaps, eurosign:e"; + }; + + services.openssh = { + enable = true; + hostKeys = [ + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; +} diff --git a/makefu/1systems/shack-autoinstall/uefi-partition.sh b/makefu/1systems/shack-autoinstall/uefi-partition.sh new file mode 100644 index 000000000..4566b7dce --- /dev/null +++ b/makefu/1systems/shack-autoinstall/uefi-partition.sh @@ -0,0 +1,24 @@ +#!/bin/sh +set -euf +p(){ + parted -s ${disk} -- $@ +} +p mklabel gpt +p mkpart primary fat32 1M 551M +p set 1 boot on +p mkpart primary linux-swap 51M 4647M +p mkpart primary ext2 4647M 100% +udevadm settle +mkfs.fat -nboot -F32 /dev/sda1 + +udevadm settle +mkswap ${disk}2 -L swap +swapon -L swap +mkfs.ext4 -L nixos ${disk}3 +mount LABEL=nixos /mnt +mkdir /mnt/boot +mount LABEL=boot /mnt/boot + +mkdir -p /mnt/etc/nixos +cp ${./shack-config.nix} /mnt/etc/nixos/configuration.nix +nixos-generate-config --root /mnt -- cgit v1.2.3 From 939fca1d30d182764d811781fac3170c9c348fb5 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:37:31 +0200 Subject: ma crapi.r: init config --- makefu/1systems/crapi/README | 4 ++++ makefu/1systems/crapi/config.nix | 46 ++++++++++++++++++++++++++++++++++++++++ makefu/1systems/crapi/source.nix | 3 +++ 3 files changed, 53 insertions(+) create mode 100644 makefu/1systems/crapi/README create mode 100644 makefu/1systems/crapi/config.nix create mode 100644 makefu/1systems/crapi/source.nix (limited to 'makefu') diff --git a/makefu/1systems/crapi/README b/makefu/1systems/crapi/README new file mode 100644 index 000000000..9278c764a --- /dev/null +++ b/makefu/1systems/crapi/README @@ -0,0 +1,4 @@ +1. flash arm6 image from https://www.cs.helsinki.fi/u/tmtynkky/nixos-arm/installer/ to sdcard +2. passwd; systemctl start sshd; mkdir /var/src ; touch /var/src/.populate +3. "environment.systemPackages = [ pkgs.rsync pkgs.git ];" in /etc/nixos/configuration.nix +5. nixos-rebuild switch --fast --option binary-caches http://nixos-arm.dezgeg.me/channel --option binary-cache-public-keys nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=% diff --git a/makefu/1systems/crapi/config.nix b/makefu/1systems/crapi/config.nix new file mode 100644 index 000000000..d96b872d5 --- /dev/null +++ b/makefu/1systems/crapi/config.nix @@ -0,0 +1,46 @@ +{ config, pkgs, lib, ... }: +{ + # :l + # builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; }) + imports = [ + + + + + + ]; + krebs.build.host = config.krebs.hosts.crapi; + # NixOS wants to enable GRUB by default + boot.loader.grub.enable = false; + + # Enables the generation of /boot/extlinux/extlinux.conf + boot.loader.generic-extlinux-compatible.enable = true; + + boot.kernelPackages = pkgs.linuxPackages_rpi; + + nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ]; + nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ]; + + fileSystems = { + "/boot" = { + device = "/dev/disk/by-label/NIXOS_BOOT"; + fsType = "vfat"; + }; + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + }; + + system.activationScripts.create-swap = '' + if [ ! -e /swapfile ]; then + fallocate -l 2G /swapfile + mkswap /swapfile + fi + ''; + swapDevices = [ { device = "/swapfile"; size = 2048; } ]; + + nix.package = lib.mkForce pkgs.nixStable; + services.openssh.enable = true; + +} diff --git a/makefu/1systems/crapi/source.nix b/makefu/1systems/crapi/source.nix new file mode 100644 index 000000000..4a4359ee6 --- /dev/null +++ b/makefu/1systems/crapi/source.nix @@ -0,0 +1,3 @@ +{ + arm6 = true; +} -- cgit v1.2.3 From e6ba7b3c2e9caee1f5f05561c342153501e4dc8d Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:38:35 +0200 Subject: ma omo.r: needs more tools! --- makefu/1systems/omo/config.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'makefu') diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 47e815e77..8db333481 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -17,7 +17,10 @@ in { # + + + { environment.systemPackages = [ pkgs.esniper ]; } # # # -- cgit v1.2.3 From bbed9690c9b5cece3a51fc6123bfa437f7d0fca9 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:39:01 +0200 Subject: ma omo.r: tsp requires more hardware config --- makefu/1systems/omo/hw/tsp.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/1systems/omo/hw/tsp.nix b/makefu/1systems/omo/hw/tsp.nix index 4af0d73fc..99c558056 100644 --- a/makefu/1systems/omo/hw/tsp.nix +++ b/makefu/1systems/omo/hw/tsp.nix @@ -28,5 +28,13 @@ in { kernelModules = [ "kvm-intel" ]; }; - + networking.wireless.enable = true; + hardware.enableRedistributableFirmware = true; + hardware.cpu.intel.updateMicrocode = true; + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; + services.logind.extraConfig = '' + HandleSuspendKey = ignore + ''; + powerManagement.enable = false; } -- cgit v1.2.3 From a552d304a3682eec05ebf3229e8f79e75ee697a0 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:39:39 +0200 Subject: ma x: syncthing runs as default user --- makefu/1systems/x/config.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'makefu') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 54a16a931..c11454eb8 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -43,6 +43,7 @@ with import ; + # # Virtualization @@ -149,4 +150,6 @@ with import ; "/home/makefu/backup/borgun" "/home/makefu/.mail/" ]; + services.syncthing.user = lib.mkForce "makefu"; + services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/"; } -- cgit v1.2.3 From afe7ae0243b2e69a51933147847d6fdd31f31f11 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:40:34 +0200 Subject: ma bureautomation: re-indent --- makefu/2configs/deployment/bureautomation/hass.nix | 88 +++++++++++----------- 1 file changed, 42 insertions(+), 46 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix index d5793f886..4605e8933 100644 --- a/makefu/2configs/deployment/bureautomation/hass.nix +++ b/makefu/2configs/deployment/bureautomation/hass.nix @@ -1,48 +1,43 @@ { pkgs, lib, ... }: let - tasmota_plug = name: topic: { - platform = "mqtt"; - inherit name; - state_topic = "/bam/${topic}/stat/POWER"; - command_topic = "/bam/${topic}/cmnd/POWER"; - availability_topic = "/bam/${topic}/tele/LWT"; - qos = 1; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - retain= false; - }; + tasmota_plug = name: topic: + { platform = "mqtt"; + inherit name; + state_topic = "/bam/${topic}/stat/POWER1"; + command_topic = "/bam/${topic}/cmnd/POWER1"; + availability_topic = "/bam/${topic}/tele/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + }; espeasy_dht22 = name: [ - { - platform = "mqtt"; - device_class = "temperature"; - state_topic = "/bam/${name}/dht22/Temperature"; - availability_topic = "/bam/${name}/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; - } - { - platform = "mqtt"; - device_class = "humidity"; - state_topic = "/bam/${name}/dht22/Temperature"; - unit_of_measurement = "C"; - availability_topic = "/bam/${name}/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; - }]; - espeasy_ds18 = name: [ - { - platform = "mqtt"; - device_class = "temperature"; - state_topic = "/bam/${name}/ds18/Temperature"; - availability_topic = "/bam/${name}/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; - } - ]; + { platform = "mqtt"; + name = "${name} DHT22 Temperature"; + device_class = "temperature"; + state_topic = "/bam/${name}/dht22/Temperature"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + } + { platform = "mqtt"; + device_class = "humidity"; + name = "${name} DHT22 Humidity"; + state_topic = "/bam/${name}/dht22/Humidity"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }]; + espeasy_ds18 = name: + { platform = "mqtt"; + name = "${name} DS18 Temperature"; + state_topic = "/bam/${name}/ds18/Temperature"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }; in { - + networking.firewall.allowedTCPPorts = [ 8123 ]; nixpkgs.config.permittedInsecurePackages = [ "homeassistant-0.65.5" ]; @@ -81,18 +76,19 @@ in { (tasmota_plug "Pluggy" "plug4") ]; binary_sensor = [ - { # esp_easy - platform = "mqtt"; + { platform = "mqtt"; device_class = "motion"; + name = "Motion"; state_topic = "/bam/easy2/movement/Switch"; payload_on = "1"; payload_off = "0"; - availability_topic = "/bam/easy2/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; + availability_topic = "/bam/easy2/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; } ]; sensor = + (espeasy_dht22 "easy1") ++ (espeasy_dht22 "easy2") ++ [ (espeasy_ds18 "easy3" ) { platform = "luftdaten"; -- cgit v1.2.3 From b54f309eb9ed60a1fe9120a07dc9afda6ee20666 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:41:36 +0200 Subject: ma hw: disable on boot --- makefu/2configs/hw/bluetooth.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/hw/bluetooth.nix b/makefu/2configs/hw/bluetooth.nix index 85c3190ff..313ca0147 100644 --- a/makefu/2configs/hw/bluetooth.nix +++ b/makefu/2configs/hw/bluetooth.nix @@ -29,11 +29,14 @@ # presumably a2dp Sink # Enable profile: ## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink - hardware.bluetooth.extraConfig = ''; - [general] - Enable=Source,Sink,Media,Socket - ''; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio - hardware.bluetooth.enable = true; + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + extraConfig = '' + [general] + Enable=Source,Sink,Media,Socket + ''; + }; } -- cgit v1.2.3 From 9adb8c9825de13b1a911863fd70d733029023042 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:42:16 +0200 Subject: ma euer.mon.krebsco.de: proxy to wbob --- makefu/2configs/nginx/euer.mon.nix | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/2configs/nginx/euer.mon.nix b/makefu/2configs/nginx/euer.mon.nix index c5a7e68af..765fef535 100644 --- a/makefu/2configs/nginx/euer.mon.nix +++ b/makefu/2configs/nginx/euer.mon.nix @@ -10,7 +10,12 @@ let in { services.nginx = { enable = mkDefault true; - virtualHosts."mon.euer.krebsco.de" = { + virtualHosts."mon.euer.krebsco.de" = let + # flesh_wrap + authFile = pkgs.writeText "influx.conf" '' + user:$apr1$ZG9oQCum$FhtIe/cl3jf8Sa4zq/BWd1 + ''; + in { forceSSL = true; enableACME = true; locations."/" = { @@ -21,6 +26,17 @@ in { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ''; }; + locations."/influxdb/" = { + proxyPass = "http://wbob.r:8086/"; + extraConfig = '' + auth_basic "Needs Autherization to visit"; + auth_basic_user_file ${authFile}; + proxy_http_version 1.1; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_redirect off; + ''; + }; }; }; } -- cgit v1.2.3 From 9af31259b8ffe879a471520248e15b4537db94b9 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:45:48 +0200 Subject: ma x: do not import stockholm libs if not required --- makefu/1systems/x/config.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index c11454eb8..97d11fbd3 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -1,9 +1,7 @@ # # # -{ config, pkgs, ... }: -with import ; - +{ config, pkgs, lib, ... }: { imports = [ # base -- cgit v1.2.3 From 25d6a582e55ad540f25c099ce80afe4b14638f03 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:46:26 +0200 Subject: ma google-muell: use new version, update hard-coded ip --- makefu/2configs/deployment/google-muell.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/deployment/google-muell.nix index f23789ee5..235cc1546 100644 --- a/makefu/2configs/deployment/google-muell.nix +++ b/makefu/2configs/deployment/google-muell.nix @@ -5,7 +5,10 @@ let home = "/var/lib/ampel"; sec = "${toString }/google-muell.json"; ampelsec = "${home}/google-muell.json"; - esp = "192.168.1.23"; + cred = "${toString }/google-muell-creds.json"; + # TODO: generate this credential file locally + ampelcred = "${home}/google-muell-creds.json"; + esp = "192.168.8.204"; sleepval = "1800"; in { users.users.ampel = { @@ -21,10 +24,10 @@ in { serviceConfig = { User = "ampel"; ExecStartPre = pkgs.writeDash "copy-ampel-secrets" '' - cp ${sec} ${ampelsec} - chown ampel ${ampelsec} + install -m600 -o ampel ${sec} ${ampelsec} + install -m600 -o ampel ${cred} ${ampelcred} ''; - ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}"; + ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}"; PermissionsStartOnly = true; Restart = "always"; RestartSec = 10; -- cgit v1.2.3 From 30a4002029ac64a3c92007107898fd32154d6e3e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:47:01 +0200 Subject: ma fs/single-partition: add documentation --- makefu/2configs/fs/single-partition-ext4.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'makefu') diff --git a/makefu/2configs/fs/single-partition-ext4.nix b/makefu/2configs/fs/single-partition-ext4.nix index 1970c949f..1655556a5 100644 --- a/makefu/2configs/fs/single-partition-ext4.nix +++ b/makefu/2configs/fs/single-partition-ext4.nix @@ -1,5 +1,7 @@ {config, ...}: { + # fdisk /dev/sda + # mkfs.ext4 -L nixos /dev/sda1 boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true; boot.loader.grub.version = 2; -- cgit v1.2.3 From 2807623ab6efb19f362c39e22a7dd01c389b3f98 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:47:28 +0200 Subject: ma git: add disko --- makefu/2configs/git/cgit-retiolum.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 61182f6c3..1a7f3d987 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -31,6 +31,7 @@ let ampel = { }; europastats = { }; arafetch = { }; + disko = { }; init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; -- cgit v1.2.3 From 767109e6ae8560e17bc1ef6de67ad38559f19d27 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:48:02 +0200 Subject: ma nginx: less alternative hostnames --- makefu/2configs/nginx/misa-felix-hochzeit.ml.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix index d0881a934..752612342 100644 --- a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix +++ b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix @@ -3,7 +3,7 @@ services.nginx = { enable = lib.mkDefault true; virtualHosts."misa-felix-hochzeit.ml" = { - serverAliases = [ "www.misa-felix-hochzeit.ml" "misa-felix.ml" "www.misa-felix.ml" ]; + serverAliases = [ "misa-felix.ml" "www.misa-felix.ml" ]; forceSSL = true; enableACME = true; locations = { -- cgit v1.2.3 From f6b3e7e6ebc15d9acd7bb5ca72034b143f2995ab Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:48:35 +0200 Subject: ma slave: un-hardcode keys --- makefu/2configs/remote-build/slave.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix index b6e000a34..89121ffd6 100644 --- a/makefu/2configs/remote-build/slave.nix +++ b/makefu/2configs/remote-build/slave.nix @@ -1,11 +1,10 @@ -{ +{config,...}:{ nix.trustedUsers = [ "nixBuild" ]; users.users.nixBuild = { name = "nixBuild"; useDefaultShell = true; - # TODO: put this somewhere else openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild" + config.krebs.users.buildbotSlave.pubkey ]; }; } -- cgit v1.2.3 From 14cb17d0ce26f74434e68d2266ed2f3b8a1a3f0b Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 01:08:37 +0200 Subject: ma save-diskspace: use new "documentation" key --- makefu/2configs/save-diskspace.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/save-diskspace.nix b/makefu/2configs/save-diskspace.nix index 4fd569768..b6725e730 100644 --- a/makefu/2configs/save-diskspace.nix +++ b/makefu/2configs/save-diskspace.nix @@ -4,8 +4,8 @@ _: environment.noXlibs = true; nix.gc.automatic = true; nix.gc.dates = "03:10"; - programs.info.enable = false; - programs.man.enable = false; + documentation.info.enable = false; + documentation.man.enable = false; services.journald.extraConfig = "SystemMaxUse=50M"; services.nixosManual.enable = false; } -- cgit v1.2.3 From 80250950625cceb084ed4251082a01fbd8de2bc1 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 01:10:36 +0200 Subject: ma syncthing: track syncthing state --- makefu/2configs/syncthing.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/syncthing.nix b/makefu/2configs/syncthing.nix index 6b758ea2d..bc7413a0a 100644 --- a/makefu/2configs/syncthing.nix +++ b/makefu/2configs/syncthing.nix @@ -1,11 +1,17 @@ -{...}: +{ config, ... }: with import ; { services.syncthing = { enable = true; openDefaultPorts = true; - useInotify = true; group = "download"; }; users.extraGroups.download.gid = genid "download"; + state = map (x: config.services.syncthing.dataDir + "/" + x) [ + "key.pem" + "cert.pem" + "config.xml" + "https-cert.pem" + "https-key.pem" + ]; } -- cgit v1.2.3 From 0823d0cbdc2861defaabc232058d96c8862c0b24 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 01:11:57 +0200 Subject: ma: random cleanup --- makefu/1systems/sdev/config.nix | 14 +++++------ makefu/1systems/tsp/config.nix | 47 +++++++++--------------------------- makefu/2configs/mqtt.nix | 1 + makefu/2configs/share/gum-client.nix | 1 + makefu/2configs/stats/server.nix | 17 +++++++------ makefu/2configs/tinc/retiolum.nix | 3 ++- makefu/2configs/tools/core.nix | 4 ++- makefu/2configs/tools/extra-gui.nix | 1 + makefu/2configs/tools/media.nix | 7 ++++-- makefu/5pkgs/bento4/default.nix | 3 +-- makefu/5pkgs/default.nix | 9 ------- 11 files changed, 41 insertions(+), 66 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index c2cd23d1e..2f289d500 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -6,13 +6,13 @@ [ # Include the results of the hardware scan. - # - { # until virtualbox-image is fixed - imports = [ - - ]; - boot.loader.grub.device = "/dev/sda"; - } + + #{ # until virtualbox-image is fixed + # imports = [ + # + # ]; + # boot.loader.grub.device = lib.mkForce "/dev/sda"; + #} # diff --git a/makefu/1systems/tsp/config.nix b/makefu/1systems/tsp/config.nix index 680fa2cbc..2921e2bcf 100644 --- a/makefu/1systems/tsp/config.nix +++ b/makefu/1systems/tsp/config.nix @@ -8,57 +8,32 @@ [ # Include the results of the hardware scan. - - + # + # hardware specifics are in here # imports tp-x2x0.nix - # + + + # + + + { + programs.adb.enable = true; + } ]; - # not working in vm krebs.build.host = config.krebs.hosts.tsp; - boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; - boot.loader.grub.copyKernels = true; + boot.loader.grub.device = "/dev/sda"; networking.firewall.allowedTCPPorts = [ 25 ]; - # acer aspire - networking.wireless.enable = lib.mkDefault true; - - services.xserver.synaptics.enable = true; - hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; - - hardware.cpu.intel.updateMicrocode = true; - - zramSwap.enable = true; - zramSwap.numDevices = 2; - - services.tlp.enable = true; - services.tlp.extraConfig = '' - # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery - START_CHARGE_THRESH_BAT0=67 - STOP_CHARGE_THRESH_BAT0=100 - - - CPU_SCALING_GOVERNOR_ON_AC=performance - CPU_SCALING_GOVERNOR_ON_BAT=ondemand - CPU_MIN_PERF_ON_AC=0 - CPU_MAX_PERF_ON_AC=100 - CPU_MIN_PERF_ON_BAT=0 - CPU_MAX_PERF_ON_BAT=30 - ''; - - powerManagement.resumeCommands = '' - ${pkgs.rfkill}/bin/rfkill unblock all - ''; - } diff --git a/makefu/2configs/mqtt.nix b/makefu/2configs/mqtt.nix index 39c9fdfdd..c56521812 100644 --- a/makefu/2configs/mqtt.nix +++ b/makefu/2configs/mqtt.nix @@ -4,6 +4,7 @@ enable = true; host = "0.0.0.0"; users = {}; + # TODO: secure that shit allowAnonymous = true; }; } diff --git a/makefu/2configs/share/gum-client.nix b/makefu/2configs/share/gum-client.nix index be9ab026b..db2adfb1c 100644 --- a/makefu/2configs/share/gum-client.nix +++ b/makefu/2configs/share/gum-client.nix @@ -17,6 +17,7 @@ in { "file_mode=0775" "dir_mode=0775" "uid=9001" + "vers=3" ]; }; diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix index 7548c733e..c8e768c99 100644 --- a/makefu/2configs/stats/server.nix +++ b/makefu/2configs/stats/server.nix @@ -2,11 +2,11 @@ with import ; let - irc-server = "rc.r"; + irc-server = "irc.r"; irc-nick = "m-alarm"; collectd-port = 25826; influx-port = 8086; - grafana-port = 3000; # TODO nginx forward + grafana-port = 3000; db = "collectd_db"; logging-interface = config.makefu.server.primary-itf; in { @@ -72,15 +72,16 @@ in { iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT - iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT - iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT - iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT + #iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT + #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT + #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT - ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT - ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT - ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT + #ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT + #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT + #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT ''; + state = [ "/var/lib/grafana/data/grafana.db" ]; } diff --git a/makefu/2configs/tinc/retiolum.nix b/makefu/2configs/tinc/retiolum.nix index c55b94466..98abb2406 100644 --- a/makefu/2configs/tinc/retiolum.nix +++ b/makefu/2configs/tinc/retiolum.nix @@ -1,7 +1,8 @@ -_: +{ pkgs, ... }: { imports = [ ../binary-cache/lass.nix ]; krebs.tinc.retiolum.enable = true; + environment.systemPackages = [ pkgs.tinc ]; } diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix index 604288904..33e896d4c 100644 --- a/makefu/2configs/tools/core.nix +++ b/makefu/2configs/tools/core.nix @@ -3,9 +3,11 @@ # tools i use when actually working with the host. # package version will now be maintained by nix-rebuild # -# essentially `nix-env -q` of the main user { environment.systemPackages = with pkgs; [ + ( pkgs.writeScriptBin "unknow" ''#!/bin/sh +${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts + '') at_spi2_core acpi bc diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 3d26cc574..1c28eeffd 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -6,6 +6,7 @@ gimp inkscape libreoffice + quodlibet # skype synergy tdesktop diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index 35faaa29f..a61b6c88e 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -3,11 +3,14 @@ { users.users.makefu.packages = with pkgs; [ kodi - streamripper - youtube-dl calibre vlc mumble mplayer + quodlibet + + plowshare + streamripper + youtube-dl ]; } diff --git a/makefu/5pkgs/bento4/default.nix b/makefu/5pkgs/bento4/default.nix index 07c64a101..6f5f1deba 100644 --- a/makefu/5pkgs/bento4/default.nix +++ b/makefu/5pkgs/bento4/default.nix @@ -1,5 +1,4 @@ { stdenv, fetchFromGitHub -, pkgconfig , cmake }: stdenv.mkDerivation rec { @@ -13,7 +12,7 @@ stdenv.mkDerivation rec { sha256 = "1cq6vhrq3n3lc1n454slbc66qdyqam2srxgdhfpyfxbq5c4y06nf"; }; - nativeBuildInputs = [ cmake pkgconfig ]; + nativeBuildInputs = [ cmake ]; installPhase = '' mkdir -p $out/{lib,bin} find -iname '*.so' -exec mv --target-directory="$out/lib" {} \; diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index d1aec70cb..390aabd73 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -33,15 +33,6 @@ in { inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: { patches = [ ./custom/inkscape/dxf_fix.patch ]; }); - pwqgen-ger = callPackage { - wordset-file = super.pkgs.fetchurl { - urls = [ - https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c - https://archive.org/download/nixos-stockholm-tarballs/pviar5j1gxiqcf3l34b4n2pil06xc8zf-wordset_4k.c - ]; - sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb"; - }; - }; } // (mapAttrs (_: flip callPackage {}) -- cgit v1.2.3 From e576c3182a8d4bfc85ec0755d3eeae40603183d7 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 01:34:23 +0200 Subject: Revert "ma save-diskspace: use new "documentation" key" This reverts commit 14cb17d0ce26f74434e68d2266ed2f3b8a1a3f0b. --- makefu/2configs/save-diskspace.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/save-diskspace.nix b/makefu/2configs/save-diskspace.nix index b6725e730..4fd569768 100644 --- a/makefu/2configs/save-diskspace.nix +++ b/makefu/2configs/save-diskspace.nix @@ -4,8 +4,8 @@ _: environment.noXlibs = true; nix.gc.automatic = true; nix.gc.dates = "03:10"; - documentation.info.enable = false; - documentation.man.enable = false; + programs.info.enable = false; + programs.man.enable = false; services.journald.extraConfig = "SystemMaxUse=50M"; services.nixosManual.enable = false; } -- cgit v1.2.3 From 20eebf0ca30f7fabf5cd818a81a9e60c487b0962 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 21:52:41 +0200 Subject: ma homeautomation: add mqtt --- makefu/2configs/deployment/homeautomation/default.nix | 3 +++ makefu/2configs/deployment/homeautomation/mqtt.nix | 16 ++++++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 makefu/2configs/deployment/homeautomation/mqtt.nix (limited to 'makefu') diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix index 1f935e2f8..bd87193e3 100644 --- a/makefu/2configs/deployment/homeautomation/default.nix +++ b/makefu/2configs/deployment/homeautomation/default.nix @@ -2,6 +2,9 @@ let firetv = "192.168.1.238"; in { + imports = [ + ./mqtt.nix + ]; systemd.services.firetv = { wantedBy = [ "multi-user.target" ]; serviceConfig = { diff --git a/makefu/2configs/deployment/homeautomation/mqtt.nix b/makefu/2configs/deployment/homeautomation/mqtt.nix new file mode 100644 index 000000000..1d6a6a3a3 --- /dev/null +++ b/makefu/2configs/deployment/homeautomation/mqtt.nix @@ -0,0 +1,16 @@ +{ pkgs, config, ... }: +{ + services.mosquitto = { + enable = true; + host = "0.0.0.0"; + allowAnonymous = false; + checkPasswords = true; + # see /mosquitto + users.sensor = { + hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg=="; + acl = [ "topic readwrite #" ]; + }; + }; + environment.systemPackages = [ pkgs.mosquitto ]; + networking.firewall.allowedTCPPorts = [ config.services.mosquitto.port ]; +} -- cgit v1.2.3 From 884c73d2c0542a303a8af93e522fc17e3578e622 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 18 Sep 2018 02:16:12 +0200 Subject: ma homeautomation: add mqtt broker with acl --- makefu/1systems/omo/config.nix | 8 +-- makefu/1systems/omo/hw/tsp.nix | 3 +- .../2configs/deployment/homeautomation/default.nix | 79 +++++++++++++++++++++- makefu/2configs/deployment/homeautomation/mqtt.nix | 10 ++- 4 files changed, 93 insertions(+), 7 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 8db333481..be49db024 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -36,12 +36,12 @@ in { # logs to influx - + # + # services -