From 4feafd70204f9c13500bd427d250fac60ca595ef Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 14 Dec 2017 11:18:14 +0100 Subject: ma pkgs.vpn-ws: init at 0.2 --- makefu/5pkgs/vpn-ws/default.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 makefu/5pkgs/vpn-ws/default.nix (limited to 'makefu') diff --git a/makefu/5pkgs/vpn-ws/default.nix b/makefu/5pkgs/vpn-ws/default.nix new file mode 100644 index 000000000..71573384d --- /dev/null +++ b/makefu/5pkgs/vpn-ws/default.nix @@ -0,0 +1,30 @@ +{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, openssl }: +stdenv.mkDerivation rec { + pname = "vpn-ws"; + version = "9d0e866"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "unbit"; + repo = "vpn-ws"; + rev = version; + sha256 = "068vzrpzgksadb31khancnpkgzhdcr6kh6k9wgm77q68skwl3w0k"; + }; + + patchPhase = '' + sed -i 's/-Werror//' Makefile + ''; + + installPhase = '' + mkdir -p $out/bin + cp vpn-ws vpn-ws-client $out/bin + ''; + + buildInputs = [ openssl.dev ]; + + meta = { + homepage = https://github.com/unbit/vpn-ws; + description = "A VPN system over websockets"; + license = lib.licenses.mit; + }; +} -- cgit v1.2.3 From 1fff5ae3724a811c6205e1e7abf5052e05412757 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 18 Dec 2017 21:26:45 +0100 Subject: ma nginx: add vpn-ws prototype --- makefu/2configs/nginx/euer.blog.vpn.nix | 35 +++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 makefu/2configs/nginx/euer.blog.vpn.nix (limited to 'makefu') diff --git a/makefu/2configs/nginx/euer.blog.vpn.nix b/makefu/2configs/nginx/euer.blog.vpn.nix new file mode 100644 index 000000000..b3db0bc60 --- /dev/null +++ b/makefu/2configs/nginx/euer.blog.vpn.nix @@ -0,0 +1,35 @@ +{pkgs, options, ... }: +let + pkg = pkgs.vpn-ws; + uid = "nginx"; + gid = "nginx"; + ip = "${pkgs.iproute}/bin/ip"; +in { + services.nginx.virtualHosts."euer.krebsco.de".locations."/vpn" = { + # TODO client auth + extraConfig = '' + uwsgi_pass unix:/run/vpn.sock; + include ${pkgs.nginx}/conf/uwsgi_params; + ''; + }; + + networking.interfaces.vpnws = { + virtual = true; + virtualType = "tap"; + }; + systemd.services.vpnws = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Restart = "always"; + PrivateTmp = true; + ExecStartPre = pkgs.writeDash "vpnws-pre" '' + ${ip} link set vpnws up + ${ip} addr add 10.244.1.1/24 dev vpnws || : + ''; + ExecStart = pkgs.writeDash "vpnws-start" '' + ${pkg}/bin/vpn-ws --tuntap vpnws /run/vpn.sock + ''; + }; + }; +} -- cgit v1.2.3 From 4d4d11a76501246e485ed73f33277ce470d32dfd Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 18 Dec 2017 21:26:59 +0100 Subject: ma stats: add bamstats --- makefu/2configs/stats/telegraf/bamstats.nix | 35 +++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 makefu/2configs/stats/telegraf/bamstats.nix (limited to 'makefu') diff --git a/makefu/2configs/stats/telegraf/bamstats.nix b/makefu/2configs/stats/telegraf/bamstats.nix new file mode 100644 index 000000000..ae5301204 --- /dev/null +++ b/makefu/2configs/stats/telegraf/bamstats.nix @@ -0,0 +1,35 @@ +{ pkgs, ...}: + +let + genTopic = name: topic: tags: { + servers = [ "tcp://localhost:1883" ]; + qos = 0; + connection_timeout = "30s"; + topics = [ topic ]; + tags = tags; + persistent_session = false; + name_override = name; + data_format = "value"; + data_type = "float"; + }; + bamStat = stat: # Temperature or Humidity + host: # easy{1-4} + sensor: # dht11, dht22, ds18 + (genTopic stat + "/bam/${host}/${sensor}/${stat}" + {"host" = host; + "scope" = "bam"; + "sensor" = sensor; + } ); + dht22 = host: [(bamStat "Temperature" host "dht22") + (bamStat "Humidity" host "dht22")]; + dht11 = host: [(bamStat "Temperature" host "dht11") + (bamStat "Humidity" host "dht11")]; + ds18 = host: [(bamStat "Temperature" host "ds18")]; +in { + services.telegraf.extraConfig.inputs.mqtt_consumer = + (dht22 "easy1") + ++ (dht22 "easy2") + ++ (dht11 "easy3") + ++ (ds18 "easy3"); +} -- cgit v1.2.3 From e2369d551e211c0eeb360868c2bba30564e33ca0 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 18 Dec 2017 21:27:26 +0100 Subject: ma vpn: add vpnws client and server --- makefu/2configs/nginx/euer.blog.vpn.nix | 35 --------------------------- makefu/2configs/vpn/vpnws/client.nix | 9 +++++++ makefu/2configs/vpn/vpnws/server.nix | 42 +++++++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 35 deletions(-) delete mode 100644 makefu/2configs/nginx/euer.blog.vpn.nix create mode 100644 makefu/2configs/vpn/vpnws/client.nix create mode 100644 makefu/2configs/vpn/vpnws/server.nix (limited to 'makefu') diff --git a/makefu/2configs/nginx/euer.blog.vpn.nix b/makefu/2configs/nginx/euer.blog.vpn.nix deleted file mode 100644 index b3db0bc60..000000000 --- a/makefu/2configs/nginx/euer.blog.vpn.nix +++ /dev/null @@ -1,35 +0,0 @@ -{pkgs, options, ... }: -let - pkg = pkgs.vpn-ws; - uid = "nginx"; - gid = "nginx"; - ip = "${pkgs.iproute}/bin/ip"; -in { - services.nginx.virtualHosts."euer.krebsco.de".locations."/vpn" = { - # TODO client auth - extraConfig = '' - uwsgi_pass unix:/run/vpn.sock; - include ${pkgs.nginx}/conf/uwsgi_params; - ''; - }; - - networking.interfaces.vpnws = { - virtual = true; - virtualType = "tap"; - }; - systemd.services.vpnws = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - Restart = "always"; - PrivateTmp = true; - ExecStartPre = pkgs.writeDash "vpnws-pre" '' - ${ip} link set vpnws up - ${ip} addr add 10.244.1.1/24 dev vpnws || : - ''; - ExecStart = pkgs.writeDash "vpnws-start" '' - ${pkg}/bin/vpn-ws --tuntap vpnws /run/vpn.sock - ''; - }; - }; -} diff --git a/makefu/2configs/vpn/vpnws/client.nix b/makefu/2configs/vpn/vpnws/client.nix new file mode 100644 index 000000000..d06bc27db --- /dev/null +++ b/makefu/2configs/vpn/vpnws/client.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ + users.users.makefu.packages = with pkgs; [ iproute vpn-ws ]; + # vpn-ws-client vpnws wss://localhost/vpn --no-verify --exec "ip link set vpnws up;ip addr add 10.244.1.2/24 dev vpnws" + networking.interfaces.vpnws = { + virtual = true; + virtualType = "tap"; + }; +} diff --git a/makefu/2configs/vpn/vpnws/server.nix b/makefu/2configs/vpn/vpnws/server.nix new file mode 100644 index 000000000..6baa5ff11 --- /dev/null +++ b/makefu/2configs/vpn/vpnws/server.nix @@ -0,0 +1,42 @@ +{pkgs, options, ... }: +let + pkg = pkgs.vpn-ws; + uid = "nginx"; + gid = "nginx"; + ip = "${pkgs.iproute}/bin/ip"; + socket = "/run/vpn.sock"; + htpasswd = (toString ) + "/vpn-ws-auth"; + nginx-prepared-secrets = "/var/spool/nginx/vpn-ws-auth"; +in { + systemd.services.vpn-ws-auth-prepare = { + wantedBy = [ "multi-user.target" ]; + before = [ "nginx.service" ]; + script = "install -m700 -o${uid} -g${gid} ${htpasswd} ${nginx-prepared-secrets}"; + }; + services.nginx.virtualHosts."euer.krebsco.de".locations."/vpn" = { + extraConfig = '' + auth_basic "please stand by..."; + auth_basic_user_file ${nginx-prepared-secrets}; + uwsgi_pass unix:${socket}; + include ${pkgs.nginx}/conf/uwsgi_params; + ''; + }; + + networking.interfaces.vpnws = { + virtual = true; + virtualType = "tap"; + }; + systemd.services.vpnws = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Restart = "always"; + PrivateTmp = true; + ExecStartPre = pkgs.writeDash "vpnws-pre" '' + ${ip} link set vpnws up + ${ip} addr add 10.244.1.1/24 dev vpnws || : + ''; + ExecStart = "${pkg}/bin/vpn-ws --uid ${uid} --gid ${gid} --tuntap vpnws ${socket}"; + }; + }; +} -- cgit v1.2.3 From 96c7074c08e914a230124073ef6209bb9b888108 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 18 Dec 2017 21:29:13 +0100 Subject: ma remote-build: update to only use hotdog --- makefu/2configs/remote-build/master.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/remote-build/master.nix b/makefu/2configs/remote-build/master.nix index 4ad2c5ed8..2a2c68119 100644 --- a/makefu/2configs/remote-build/master.nix +++ b/makefu/2configs/remote-build/master.nix @@ -8,7 +8,7 @@ in { { inherit hostName sshKey; sshUser = "nixBuild"; system = "x86_64-linux"; - maxJobs = 1; - }) [ "omo.r" "gum.r" "latte.r" ]; - # puyak.r "wbob.r" + maxJobs = 8; + }) [ "hotdog.r" ]; + # puyak.r "wbob.r" "omo.r" "gum.r" "latte.r" } -- cgit v1.2.3 From 2589f81f9a9f53ccfc40d946ca693a83f2c81900 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 26 Dec 2017 23:20:56 +0100 Subject: x: use nixos-hardware --- makefu/1systems/x/source.nix | 2 ++ makefu/2configs/hw/tp-x230.nix | 30 +++--------------------------- makefu/2configs/hw/tp-x2x0.nix | 2 ++ makefu/source.nix | 18 +++++++++++++++++- 4 files changed, 24 insertions(+), 28 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix index 6dc17b656..6278877c3 100644 --- a/makefu/1systems/x/source.nix +++ b/makefu/1systems/x/source.nix @@ -1,5 +1,7 @@ import { name="x"; full = true; + python = true; + hw = true; # torrent = true; } diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix index 14572b35c..ec4e05d1b 100644 --- a/makefu/2configs/hw/tp-x230.nix +++ b/makefu/2configs/hw/tp-x230.nix @@ -3,38 +3,14 @@ with import ; { - imports = [ ./tp-x2x0.nix ]; - boot = { - # tp-smapi is not supported bt x230 anymore - kernelModules = [ - "kvm-intel" - "thinkpad_ec" - "acpi_call" - # "thinkpad_acpi" - # "tpm-rng" - ]; - extraModulePackages = [ - config.boot.kernelPackages.acpi_call - ]; - # support backlight adjustment - kernelParams = [ "acpi_osi=Linux" "acpi_backlight=vendor" ]; - }; + imports = [ ./tp-x2x0.nix ]; # configured media keys inside awesomerc # sound.mediaKeys.enable = true; hardware.bluetooth.enable = true; - services.acpid.enable = true; - hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; - services.xserver = { - videoDriver = "intel"; - deviceSection = '' - Option "AccelMethod" "sna" - Option "Backlight" "intel_backlight" - ''; - }; - - security.rngd.enable = true; + # possible i915 powersave options: + # options i915 enable_rc6=1 enable_fbc=1 semaphores=1 services.xserver.displayManager.sessionCommands ='' xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1 diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 81c4bf4c8..680545c99 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -17,6 +17,8 @@ with import ; # enable synaptics so we can easily disable the touchpad # enable the touchpad with `synclient TouchpadOff=0` + + services.xserver.libinput.enable = false; services.xserver.synaptics = { enable = true; additionalOptions = ''Option "TouchpadOff" "1"''; diff --git a/makefu/source.nix b/makefu/source.nix index ce5855430..2456dc76e 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -4,7 +4,9 @@ host@{ name, secure ? false, full ? false, torrent ? false, - musnix ? false + hw ? false, + musnix ? false, + python ? false }: let builder = if getEnv "dummy_secrets" == "true" @@ -45,6 +47,20 @@ in ref = "d8b989f"; }; }) + + (mkIf ( hw ) { + nixos-hardware.git = { + url = https://github.com/makefu/nixos-hardware.git; + ref = "1fef1c1"; + }; + }) + + (mkIf ( python ) { + python.git = { + url = https://github.com/garbas/nixpkgs-python; + ref = "cac319b"; + }; + }) (mkIf ( torrent ) { torrent-secrets.file = getAttr builder { buildbot = toString ; -- cgit v1.2.3 From 6124dfffcf321c52a7a83880ec8a1ce0183009ba Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 27 Dec 2017 06:12:07 +0100 Subject: hw/exfat-nofuse -> tools/mobility --- makefu/2configs/hw/exfat-nofuse.nix | 4 ---- makefu/2configs/tools/all.nix | 1 + makefu/2configs/tools/dev.nix | 3 ++- makefu/2configs/tools/mobility.nix | 8 ++++++++ 4 files changed, 11 insertions(+), 5 deletions(-) delete mode 100644 makefu/2configs/hw/exfat-nofuse.nix create mode 100644 makefu/2configs/tools/mobility.nix (limited to 'makefu') diff --git a/makefu/2configs/hw/exfat-nofuse.nix b/makefu/2configs/hw/exfat-nofuse.nix deleted file mode 100644 index ca3485e9f..000000000 --- a/makefu/2configs/hw/exfat-nofuse.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ config, ... }: -{ - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; -} diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix index 7755e2872..1ac22e34c 100644 --- a/makefu/2configs/tools/all.nix +++ b/makefu/2configs/tools/all.nix @@ -7,6 +7,7 @@ ./extra-gui.nix ./games.nix ./media.nix + ./mobility.nix ./scanner-tools.nix ./sec.nix ./sec-gui.nix diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 26e9808b2..0f8a76c29 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -2,8 +2,9 @@ { users.users.makefu.packages = with pkgs;[ - python3Packages.virtualenv + python3 python3Packages.pyserial + python3Packages.virtualenv # embedded gi flashrom diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix new file mode 100644 index 000000000..70d376608 --- /dev/null +++ b/makefu/2configs/tools/mobility.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: +{ + users.users.makefu.packages = with pkgs;[ + go-mtpfs + ]; + + boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; +} -- cgit v1.2.3 From 9d4436644115c2cc5c130d9c210c201bb506c789 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 15:10:22 +0100 Subject: ma source: use official nixos-hardware --- makefu/source.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/source.nix b/makefu/source.nix index 2456dc76e..fde1d9680 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -50,8 +50,8 @@ in (mkIf ( hw ) { nixos-hardware.git = { - url = https://github.com/makefu/nixos-hardware.git; - ref = "1fef1c1"; + url = https://github.com/nixos/nixos-hardware.git; + ref = "8a05dc9"; }; }) -- cgit v1.2.3 From 4cc193cffd02ca5352d47ab4772f468acb3973b6 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:00:14 +0100 Subject: ma hw: add kvm-intel --- makefu/2configs/hw/tp-x2x0.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'makefu') diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 680545c99..f33c12a8f 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -5,6 +5,11 @@ with import ; imports = [ ./tpm.nix ]; + + boot.kernelModules = [ + "kvm-intel" + ]; + networking.wireless.enable = lib.mkDefault true; hardware.enableAllFirmware = true; -- cgit v1.2.3 From 4414e50bb84c307627e5c9ec71510ab907d87c62 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:00:40 +0100 Subject: ma vpn-ws: fix sha256 --- makefu/5pkgs/vpn-ws/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/5pkgs/vpn-ws/default.nix b/makefu/5pkgs/vpn-ws/default.nix index 71573384d..1f2e45fe4 100644 --- a/makefu/5pkgs/vpn-ws/default.nix +++ b/makefu/5pkgs/vpn-ws/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { owner = "unbit"; repo = "vpn-ws"; rev = version; - sha256 = "068vzrpzgksadb31khancnpkgzhdcr6kh6k9wgm77q68skwl3w0k"; + sha256 = "0k7338xxvg1k988zz3nb681nsqmfiik9bnkk7jmxjz7j0wfwq8nj"; }; patchPhase = '' -- cgit v1.2.3 From 14634592a67b874d3fe9b47efd0d06aca72f5e5e Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:03:05 +0100 Subject: ma fileleech: retab, use torrent --- makefu/1systems/fileleech/config.nix | 75 +++++++++++++++++++----------------- 1 file changed, 40 insertions(+), 35 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/fileleech/config.nix b/makefu/1systems/fileleech/config.nix index b5ec370a5..e36afecd5 100644 --- a/makefu/1systems/fileleech/config.nix +++ b/makefu/1systems/fileleech/config.nix @@ -6,18 +6,18 @@ let rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; rootPartition = rootDisk + "-part3"; - dataDisks = let - idpart = dev: byid dev + "-part1"; - in [ - { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";} - { name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";} - { name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";} - { name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";} - { name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";} - { name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";} - { name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";} - { name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity - ]; + dataDisks = let + idpart = dev: byid dev + "-part1"; + in [ + { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";} + { name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";} + { name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";} + { name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";} + { name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";} + { name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";} + { name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";} + { name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity + ]; disks = [ { name = "luksroot"; device = rootPartition; } ] ++ dataDisks; in { @@ -25,13 +25,13 @@ in { - # + # - - - + # + # + # ]; systemd.services.grafana.serviceConfig.LimitNOFILE=10032; @@ -42,8 +42,8 @@ in { enable = true; build.host = config.krebs.hosts.fileleech; }; - # git clone https://github.com/makefu/docker-pyload - # docker build . + # git clone https://github.com/makefu/docker-pyload + # docker build . # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P docker-pyload virtualisation.docker.enable = true; # for pyload @@ -60,7 +60,7 @@ in { ]; services.nginx.virtualHosts._download = { default = true; - root = "/media/cryptX"; + root = config.makefu.dl-dir; extraConfig = '' autoindex on; ''; @@ -80,10 +80,11 @@ in { services.sabnzbd.enable = true; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + # TODO use users.motd and pam.services.sshd.showMotd services.openssh.extraConfig = let banner = pkgs.writeText "openssh-banner" '' Services: - ssh://download@fileleech - ssh via filebitch.shack - ftp://download@fileleech - access to /media/cryptX + ssh://download@fileleech - ssh via filebitch + ftp://download@fileleech - access to ${config.makefu.dl-dir} http://fileleech:8112 - rutorrent http://fileleech:8113 - pyload https://fileleech:9090 - sabnzb @@ -104,13 +105,13 @@ in { cryptMount = name: { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; in cryptMount "crypt0" - // cryptMount "crypt1" - // cryptMount "crypt2" - // cryptMount "crypt3" - // cryptMount "crypt4" - // cryptMount "crypt5" - // cryptMount "crypt6" - // cryptMount "crypt7" + // cryptMount "crypt1" + // cryptMount "crypt2" + // cryptMount "crypt3" + // cryptMount "crypt4" + // cryptMount "crypt5" + // cryptMount "crypt6" + // cryptMount "crypt7" # this entry sometimes creates issues // { "/media/cryptX" = { @@ -121,10 +122,10 @@ in { } ; + makefu.dl-dir = "/media/cryptX"; users.users.download = { useDefaultShell = true; # name = "download"; - home = "/media/cryptX/"; # createHome = true; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey @@ -132,7 +133,7 @@ in { "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClaVl9Fwp4wdGLeTZdfy5MpJf+hM6fpL1k6UmtYXWgVYU7tgmStdlpLlbyMQspoFRtT7/76n4kPwCmM0c82xNXaJJMuWa98pwMp+bAwSSdOGAP/vjfzL/TUAX+Xtrw6ehF7r1O+zqw/E/bWt6UezKj08wDLWjByzdDQwslJV6lrGek4mmYRdgmHHeZ1oG89ePEZJZOM6jcZqv0AfIj0NID3ir9Z0kz9uSSXb1279Qt4953mfjs5xwhtc1B7vrxJ3qtTZUsBoAkUkLeulUEIjkfn60wvDGu/66GP5ZClXyk2gck/ZNmtFYrQoqx9EtF1KK02cC17A0nfRySQy5BnfWn root@filebitch" ]; }; @@ -142,15 +143,19 @@ in { parity = toMapper 7; }; networking.nameservers = [ "8.8.8.8" ]; - #networking.interfaces.enp6s0f0.ip4 = [{ - # address = "151.217.173.20"; - # prefixLength = 22; - #}]; - #networking.defaultGateway = "151.217.172.1"; + # SPF + networking.defaultGateway = "151.217.176.1"; + networking.interfaces.enp6s0f0.ip4 = [{ + address = "151.217.178.63"; + prefixLength = 22; + }]; + + # Gigabit networking.interfaces.enp8s0f1.ip4 = [{ address = "192.168.126.1"; prefixLength = 24; }]; + #interfaces.enp6s0f1.ip4 = [{ # address = external-ip; # prefixLength = 22; -- cgit v1.2.3 From 6f150a4ab47f037c1b8ec5e8d1675d86b0738155 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:03:38 +0100 Subject: ma gum.r: use wireguard, vpnws --- makefu/1systems/gum/config.nix | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index b66ef1ab8..4981872c0 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -48,9 +48,14 @@ in { # - + + # network + + + + # buildbot ## Web @@ -103,15 +108,16 @@ in { #} { # wireguard server networking.firewall.allowedUDPPorts = [ 51820 ]; - #networking.wireguard.interfaces.wg0 = { - # ips = [ "10.244.0.1/24" ]; - # privateKeyFile = (toString ) + "/wireguard.key"; - # allowedIPsAsRoutes = true; - # peers = [{ - # allowedIPs = [ "0.0.0.0/0" "::/0" ]; - # publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; - # }]; - #}; + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.1/24" ]; + privateKeyFile = (toString ) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [{ + # allowedIPs = [ "0.0.0.0/0" "::/0" ]; + allowedIPs = [ "10.244.0.2/32" ]; + publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + }]; + }; } ]; -- cgit v1.2.3 From 040f6f9f5c7808ea188444f15a704818f94624f7 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:04:47 +0100 Subject: ma vbob.r: prepare pppd --- makefu/1systems/vbob/config.nix | 64 ++++++++++++++++++++++++++--------------- 1 file changed, 41 insertions(+), 23 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index f71634501..f318c0e61 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -3,37 +3,57 @@ krebs.build.host = config.krebs.hosts.vbob; makefu.awesome.modkey = "Mod1"; imports = - [ # Include the results of the hardware scan. + [ - (toString ) - (toString ) + { + imports = [ ]; + boot.loader.grub.device = "/dev/vda"; + } + # { + # imports = [ + # + # ]; + # virtualbox.baseImageSize = 35 * 1024; + # fileSystems."/media/share" = { + # fsType = "vboxsf"; + # device = "share"; + # options = [ "rw" "uid=9001" "gid=9001" ]; + # }; + # } + + # { + # imports = [ + # + # ]; + # fileSystems."/nix" = { + # device ="/dev/disk/by-label/nixstore"; + # fsType = "ext4"; + # }; + # } + + # base gui - + # + # + + # security # Tools - - - + # + # # environment - - - ]; networking.extraHosts = import (toString ); nixpkgs.config.allowUnfree = true; - fileSystems."/nix" = { - device ="/dev/disk/by-label/nixstore"; - fsType = "ext4"; - }; # allow vbob to deploy self users.extraUsers = { @@ -45,9 +65,13 @@ environment.shellAliases = { forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn"; }; - # TODO: for forticleintsslpn - # ln -s /r/current-system/sw/bin/pppd /usr/sbin/pppd - # ln -s /r/current-system/sw/bin/tail /usr/bin/tail + + system.activationScripts.prepare-fortclientvpnssl = '' + # TODO: for forticlientsslpn + mkdir -p /usr/{s,}bin + ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd + ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail + ''; environment.systemPackages = with pkgs;[ fortclientsslvpn ppp xclip get @@ -55,7 +79,6 @@ # docker #devpi-web #devpi-client - debmirror ansible ]; # virtualisation.docker.enable = true; @@ -67,10 +90,5 @@ 8010 ]; - fileSystems."/media/share" = { - fsType = "vboxsf"; - device = "share"; - options = [ "rw" "uid=9001" "gid=9001" ]; - }; } -- cgit v1.2.3 From a7e031c91c65928452b2ba426bfcb22be238262d Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:05:12 +0100 Subject: ma vbob.source: do not deploy musnix --- makefu/1systems/vbob/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/1systems/vbob/source.nix b/makefu/1systems/vbob/source.nix index 5b726e40b..5419215e2 100644 --- a/makefu/1systems/vbob/source.nix +++ b/makefu/1systems/vbob/source.nix @@ -1,4 +1,4 @@ import { name="vbob"; - musnix = true; + # musnix = true; } -- cgit v1.2.3 From 555a0ec0f368b5b594446096c7e9b93f6926f7a6 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:05:39 +0100 Subject: ma wbob.r: receive bamstats --- makefu/1systems/wbob/config.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'makefu') diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index c30ee4c58..f44211b93 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -32,10 +32,13 @@ in { + # Sensors + # + (let collectd-port = 25826; -- cgit v1.2.3 From 5af2f438441c46bc508a038303b6e36946f7f5d4 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:06:49 +0100 Subject: ma stats.airsensor: generate Topic receiver --- makefu/2configs/stats/telegraf/airsensor.nix | 36 +++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/stats/telegraf/airsensor.nix b/makefu/2configs/stats/telegraf/airsensor.nix index 09d23e7d4..9d481000f 100644 --- a/makefu/2configs/stats/telegraf/airsensor.nix +++ b/makefu/2configs/stats/telegraf/airsensor.nix @@ -1,11 +1,36 @@ { pkgs, ...}: - -{ +let + genTopic = name: topic: tags: { + servers = [ "tcp://localhost:1883" ]; + qos = 0; + connection_timeout = "30s"; + topics = [ topic ]; + tags = tags; + persistent_session = false; + name_override = name; + data_format = "value"; + data_type = "float"; + }; + bamStat = stat: # Temperature or Humidity + host: # easy{1-4} + sensor: # dht11, dht22, ds18 + (genTopic stat + "/bam/${host}/${sensor}/${stat}" + {"host" = host; + "scope" = "bam"; + "sensor" = sensor; + } ); + dht22 = host: [(bamStat "Temperature" host "dht22") + (bamStat "Humidity" host "dht22")]; + dht11 = host: [(bamStat "Temperature" host "dht11") + (bamStat "Humidity" host "dht11")]; + ds18 = host: [(bamStat "Temperature" host "ds18")]; +in { services.udev.extraRules = '' SUBSYSTEMS=="usb", ATTRS{product}=="iAQ Stick", GROUP="input" ''; users.users.telegraf.extraGroups = [ "input" ]; - services.telegraf.extraConfig.inputs.exec = [ + services.telegraf.extraConfig.inputs.exec = [ { commands = [ "${pkgs.airsensor-py}/bin/airsensor-py"]; timeout = "10s"; @@ -16,4 +41,9 @@ tags.unit="VOC"; } ]; + services.telegraf.extraConfig.inputs.mqtt_consumer = + (dht22 "easy1") + ++ (dht22 "easy2") + ++ (dht11 "easy3") + ++ (ds18 "easy3"); } -- cgit v1.2.3 From ce8efbc80bc05f27f55ea87be2d826134afec6fd Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Dec 2017 16:10:07 +0100 Subject: ma torrent: set workDir instead of downloadDir --- makefu/2configs/torrent.nix | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix index d063ad3e3..a076479c2 100644 --- a/makefu/2configs/torrent.nix +++ b/makefu/2configs/torrent.nix @@ -8,13 +8,13 @@ let peer-port = 51412; web-port = 8112; daemon-port = 58846; - dl-dir = config.makefu.dl-dir; + torrent-dir = config.makefu.dl-dir; in { users.users = { download = { name = "download"; - home = dl-dir; + home = torrent-dir; uid = mkDefault (genid "download"); createHome = true; useDefaultShell = true; @@ -26,9 +26,9 @@ in { # todo: race condition, do this after download user has been created system.activationScripts."download-dir-chmod" = '' for i in finished watch torrents; do - mkdir -p "${dl-dir}/$i" - chown download:download "${dl-dir}/$i" - chmod 770 "${dl-dir}/$i" + mkdir -p "${torrent-dir}/$i" + chown download:download "${torrent-dir}/$i" + chmod 770 "${torrent-dir}/$i" done ''; @@ -54,9 +54,8 @@ in { rutorrent.enable = true; enableXMLRPC = true; listenPort = peer-port; - downloadDir = dl-dir + "/finished"; + workDir = torrent-dir; # dump old torrents into watch folder to have them re-added - watchDir = dl-dir +"/watch"; }; networking.firewall.extraCommands = '' -- cgit v1.2.3 From b7954ebe00060a93191253d40ad5869e65b50966 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Dec 2017 00:12:37 +0100 Subject: ma mosh: init --- makefu/1systems/gum/config.nix | 1 + makefu/1systems/omo/config.nix | 1 + makefu/2configs/mosh.nix | 3 +++ makefu/2configs/tools/mobility.nix | 1 + 4 files changed, 6 insertions(+) create mode 100644 makefu/2configs/mosh.nix (limited to 'makefu') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 4981872c0..1fe0b62f9 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -48,6 +48,7 @@ in { # + # network diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 4af87dc10..aaecebadc 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -47,6 +47,7 @@ in { + # # # diff --git a/makefu/2configs/mosh.nix b/makefu/2configs/mosh.nix new file mode 100644 index 000000000..1c2e34e0b --- /dev/null +++ b/makefu/2configs/mosh.nix @@ -0,0 +1,3 @@ +{ + programs.mosh.enable = true; +} diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index 70d376608..1993a5212 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -2,6 +2,7 @@ { users.users.makefu.packages = with pkgs;[ go-mtpfs + mosh ]; boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; -- cgit v1.2.3 From a6891271f1bfd3b130dedec51961288f37853420 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Dec 2017 02:44:11 +0100 Subject: ma tools: add tig --- makefu/2configs/tools/dev.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'makefu') diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 0f8a76c29..04a65df26 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -21,5 +21,7 @@ gen-oath-safe cdrtools stockholm + # git-related + tig ]; } -- cgit v1.2.3 From 181bd547f370848df1a49f886355e6fe8853c02f Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 30 Dec 2017 14:11:43 +0100 Subject: ma x.r: remove exfat-nofuse --- makefu/1systems/x/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'makefu') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 1dd1a070f..3686acb6e 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -60,7 +60,6 @@ with import ; # Hardware - # # -- cgit v1.2.3