From b0829854211bc23c98247fb9cd2e22b70616f217 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 21 Apr 2018 20:52:46 +0200 Subject: ma source: use .pass --- makefu/source.nix | 51 +++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 37 insertions(+), 14 deletions(-) (limited to 'makefu') diff --git a/makefu/source.nix b/makefu/source.nix index bcdb66a66..40aeac8b6 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -1,14 +1,16 @@ with import ; host@{ name, override ? {} -, secure ? false -, full ? false -, torrent ? false -, hw ? false -, musnix ? false -, python ? false -, unstable ? false #unstable channel checked out -, mic92 ? false +, secure ? false +, full ? false +, torrent ? false +, hw ? false +, musnix ? false +, python ? false +, unstable ? false #unstable channel checked out +, mic92 ? false +, nms ? false +, clever_kexec ?false }: let builder = if getEnv "dummy_secrets" == "true" @@ -42,11 +44,15 @@ in file = "/home/makefu/store/${ref}"; }; - secrets.file = getAttr builder { - buildbot = toString ; - makefu = "/home/makefu/secrets/${name}"; + secrets = getAttr builder { + buildbot.file = toString ; + makefu.pass = { + inherit name; + dir = "${getEnv "HOME"}/.secrets-pass"; + }; }; + stockholm.file = toString ; stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; } @@ -72,9 +78,12 @@ in }) (mkIf ( torrent ) { - torrent-secrets.file = getAttr builder { - buildbot = toString ; - makefu = "/home/makefu/secrets/torrent" ; + torrent-secrets = getAttr builder { + buildbot.file = toString ; + makefu.pass = { + name = "torrent"; + dir = "${getEnv "HOME"}/.secrets-pass"; + }; }; }) @@ -92,5 +101,19 @@ in }; }) + (mkIf ( nms ) { + nms.git = { + url = https://github.com/r-raymond/nixos-mailserver; + ref = "v2.1.2"; + }; + }) + + (mkIf ( clever_kexec ) { + clever_kexec.git = { + url = https://github.com/cleverca22/nix-tests; + ref = "5a670de7f2decfaafc95c34ffeb0f1896662f3d7"; + }; + }) + override ] -- cgit v1.2.3 From 309124175425cb7abd6dad166f485ae832435562 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 25 Apr 2018 14:50:06 +0200 Subject: ma gum.r: expose euer.mon --- makefu/1systems/gum/config.nix | 1 + makefu/2configs/nginx/euer.mon.nix | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 makefu/2configs/nginx/euer.mon.nix (limited to 'makefu') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 578e4add8..9b6d9d571 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -62,6 +62,7 @@ in { ## Web + # diff --git a/makefu/2configs/nginx/euer.mon.nix b/makefu/2configs/nginx/euer.mon.nix new file mode 100644 index 000000000..c5a7e68af --- /dev/null +++ b/makefu/2configs/nginx/euer.mon.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + hostname = config.krebs.build.host.name; + user = config.services.nginx.user; + group = config.services.nginx.group; + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; +in { + services.nginx = { + enable = mkDefault true; + virtualHosts."mon.euer.krebsco.de" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://wbob.r:3000/"; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ''; + }; + }; + }; +} -- cgit v1.2.3 From 0ea7fd530f5b0b74ebff8b352283a7b399e9a109 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:41:03 +0200 Subject: ma core-gui: rip flash on firefox --- makefu/2configs/tools/core-gui.nix | 4 ---- 1 file changed, 4 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix index 2f80b08c9..898bae10d 100644 --- a/makefu/2configs/tools/core-gui.nix +++ b/makefu/2configs/tools/core-gui.nix @@ -1,10 +1,6 @@ { pkgs, ... }: { - nixpkgs.config.firefox = { - enableAdobeFlash = true; - }; - krebs.per-user.makefu.packages = with pkgs; [ chromium clipit -- cgit v1.2.3 From 49193180cb66b35dc95ab34003c739af575adc77 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:41:54 +0200 Subject: ma network-manager: wanted by multi-user --- makefu/2configs/hw/network-manager.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix index 7e29849b1..d322c683d 100644 --- a/makefu/2configs/hw/network-manager.nix +++ b/makefu/2configs/hw/network-manager.nix @@ -11,9 +11,8 @@ systemd.services.modemmanager = { description = "ModemManager"; - after = [ "network-manager.service" ]; bindsTo = [ "network-manager.service" ]; - wantedBy = [ "network-manager.service" ]; + wantedBy = [ "network-manager.service" "multi-user.target" ]; serviceConfig = { ExecStart = "${pkgs.modemmanager}/bin/ModemManager"; PrivateTmp = true; -- cgit v1.2.3 From 4f4c06d9f9494e627f67d73e13b3cf5003d4caeb Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:46:46 +0200 Subject: ma gum: deploy kexec --- makefu/1systems/gum/source.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix index b3ce743ca..e3ca472e4 100644 --- a/makefu/1systems/gum/source.nix +++ b/makefu/1systems/gum/source.nix @@ -1,4 +1,5 @@ import { name="gum"; torrent = true; + clever_kexec = true; } -- cgit v1.2.3 From e26634bb487a37553d12fc4335a8c1f278cbcf93 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:48:31 +0200 Subject: ma wbob.r: allow port 3000 --- makefu/1systems/wbob/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 42f3bddb1..3cf3274f9 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -52,9 +52,10 @@ in { db = "collectd_db"; logging-interface = "enp0s25"; in { + networking.firewall.allowedTCPPorts = [ 3000 ]; + services.grafana.enable = true; services.grafana.addr = "0.0.0.0"; - services.influxdb.enable = true; services.influxdb.extraConfig = { meta.hostname = config.krebs.build.host.name; -- cgit v1.2.3 From dd71e3f657fb8680a83a47cc2e9bc7a0478240be Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:49:02 +0200 Subject: ma omo.r: re-enable torrent --- makefu/1systems/omo/config.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index bed6ae9fd..a85d5f5ce 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -50,6 +50,7 @@ in { + # # # @@ -85,7 +86,7 @@ in { # - # + # # @@ -100,7 +101,7 @@ in { makefu.full-populate = true; makefu.server.primary-itf = primaryInterface; krebs.rtorrent = { - downloadDir = lib.mkForce "/media/crypt0/torrent"; + downloadDir = lib.mkForce "/media/cryptX/torrent"; extraConfig = '' upload_rate = 200 ''; -- cgit v1.2.3